Skip to main content

開源網路裝置管理系統 LibreNMS - Debian 10

這是一套從 Jason Cheng大看到文章發現到還不錯用監控軟體。

109.09.14 因新公司要安裝 LibreNMS 服務,之前的安裝方式是 CentOS 7 版本使用,那剛剛去查看官方網站已經修改為 CentOS 8,因此本篇會重新修改為官方所提供的版本流程。

110.03.16 新增 Debain 10 安裝方式記錄

安裝環境


環境都是在 「Proxmox VE 」 虛擬系統上架設,都是以 「 LXC 」模式為主,除非有特殊狀況會告知使用 「 VM 」 模式

  • 系統環境: Debain 10
  • Web 服務: Nginx 1.20
  • PHP 服務: PHP 7.4
  • 資料庫服務: MariaDB 10.6

安裝 web 服務


因預設的 Nginx 服務版本比較的舊,看有想要用官方所提供的版本或者預設都可以

  • 安裝 Nginx
apt install nginx -y
  • 官方版本的 Nginx
# 安裝必要套件
apt install curl gnupg2 ca-certificates lsb-release

# 想要使用的版本請自己選擇
# 來源庫新增加穩定版 nginx 服務
echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

# 來源庫新增加主線 nginx 服務
echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

# 導入官方金鑰來確認該套件安全性
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -

# 驗證現在的金鑰是否正確
apt-key fingerprint ABF5BD827BD9BF62

# 輸出的指紋如下 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
uid   [ unknown] nginx signing key <[email protected]>

# 安裝 nginx 服務
apt update
apt install nginx
  • 啟動服務
systemctl start nginx ; systemctl enable nginx

MairaDB 安裝


apt-get install software-properties-common dirmngr
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://mirror.vpsfree.cz/mariadb/repo/10.6/debian buster main'
  • 安裝 MariaDB 服務
apt update
apt install mariadb-server
  • 啟動服務
systemctl enable mariadb ; systemctl start mariadb 
  • 資料庫安裝及設定
mysql_secure_installation   # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n]
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]
New password:               <------ 填入 root 的密碼
Re-enter new password:      <------ 再次填入 root 的密碼
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

mysql -u root -p   # 登入資料庫裡設定資表及權限

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password'; #密碼修改成要登入的密碼
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
  • server.cnf 檔手動增加以下內容
vim /etc/mysql/mariadb.conf.d/50-server.cnf

[mysqld]
innodb_file_per_table=1
lower_case_table_names=0
  • 重啟資料庫
systemctl restart mariadb

安裝 PHP 服務


  • 安裝 epel-release 套件服務
  • 下載 GPG 密鑰
apt install apt-transport-https lsb-release ca-certificates wget -y
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg 
  • 新增 PHP 來源庫
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
  • 更新系統並且安裝 php
apt update
sudo apt install php7.4 php7.4-fpm php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline
  • 啟動服務
 sudo systemctl start php7.4-fpm ; sudo systemctl enable php7.4-fpm

安裝必要套件


apt install acl curl fping git graphviz imagemagick mtr-tiny nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip python-memcache python-mysqldb rrdtool snmp snmpd whois python3-pymysql python3-dotenv python3-redis python3-setuptools
  • 安裝 Composer 作曲家
# 將dirs更改為我們希望將composer安裝到的位置
cd /usr/local/bin   

# 安裝 composer
curl -sS https://getcomposer.org/installer | php   

# 重新命名 composer
mv composer.phar composer
新增加 librenms 使用者

useradd librenms -d /opt/librenms -M -r -s "$(which bash)"
下載 Librenms 服務

cd /opt
git clone https://github.com/librenms/librenms.git
設定權限

chown -R librenms:librenms /opt/librenms
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
安裝 PHP 依賴套件
su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

有發現到在切換使用 su - librenms 會出現錯誤訊息,如下

su: failed to execute /usr/bin/bash: No such file or directory

nms-err-user-01.png

如出現以上的訊息解決方式如下

# 到 passwd 檔修改路徑
vim  /etc/passwd

要修改的是我們剛剛幫 librenms 有建一個帳號,要修改此帳號
修改前
librenms:x:100:100::/opt/librenms:/usr/bin/bash
修改後
librenms:x:100:100::/opt/librenms:/bin/bash
設定 php 服務
  • 安裝好 PHP 要去修改設定檔時區
vim /etc/php/7.4/fpm/php.ini
vim /etc/php/7.4/cli/php.ini
修改時區
[Date]
修改前
;date.timezone = 
修改後
date.timezone = Asia/Taipei
存檔
:wq
  • 修改 PHP-FPM 設定檔
cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/librenms.conf
vim /etc/php/7.4/fpm/pool.d/librenms.conf

修改內容如下

將原是 [www] 修改為 [librenms]

user = librenms
group = librenms

listen = /run/php-fpm-librenms.sock

listen.owner = librenms
listen.group = librenms
listen.mode = 0660
  • 設定開機自動啟動及重啟服務
systemctl enable php7.4-fpm ; systemctl restart php7.4-fpm
Web服務設定

預設 Nginx 版本

  • 設定 NGINX 服務設定檔
rm /etc/nginx/sites-enabled/default
vim /etc/nginx/sites-available/librenms.vhost
  • 新增一個設定檔, 編輯 server_name 設定檔
server {
 listen      80;
 server_name librenms.example.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

 proxy_read_timeout 300;
 proxy_connect_timeout 300;
 proxy_send_timeout 300;

 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location /api/v0 {
  try_files $uri $uri/ /api_v0.php?$query_string;
 }
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 }
 location ~ /\.ht {
  deny all;
 }
}
官方 Nginx 版本

  • 設定 Nginx 服務設定檔
vim /etc/nginx/conf.d/librenms.conf
server {
  listen 80;
  server_name librenms.example.com;
  root /opt/librenms/html;
  index index.php;

  charset utf-8;
  gzip on;
  gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  location ~ [^/]\.php(/|$) {
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #  fastcgi_pass unix:/run/php-fpm-librenms.sock;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #  include fastcgi.conf;
    include fastcgi_params;
  }
  location ~ /\.(?!well-known).* {
    deny all;
  }
}
  • 重啟服務
ln -s /etc/nginx/sites-available/librenms.vhost /etc/nginx/sites-enabled/librenms.vhost
service nginx reload

啟用 lnms 指令


ln -s /opt/librenms/lnms /usr/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

設定SNMP


  • 針對 Librenms 設定如下
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vim /etc/snmp/snmpd.conf
  • 編輯將 「RANDOMSTRINGGOESHERE」 修改或預設 public
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd

設定排程


  • 從 Librenms 目錄下複製到 cron.d 裡面
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
  • 複製預設的設定檔
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

開始安裝 LibreNMS


  • 先到 /opt/librenms 下的 config.php.default 複制出來
cp /opt/librenms/config.php.default /opt/librenms/config.php
  • 設定該檔的權限
chown librenms:librenms /opt/librenms/config.php
  • 開啟瀏灠器照著下面輸入
http://該服務的ip/
  1. 檢測安裝環境是否有正常,如果出現異常要把缺的套件都安裝起來才能正常運行

libreNMS-01.png

  1. 填入要連接的資料庫名稱及登入帳號及密碼

libreNMS-02.png

  1. 會自動建立資料庫裡面表單

libreNMS-04.png

  1. 確認完成的畫面,直接按下下一個圖示繼續

libreNMS-05.png

  1. 填入要登入的系統管理員的帳號、密碼及電子郵件

libreNMS-06.png

  1. 已產生管理者的帳號

libreNMS-07.png

  1. 安裝完成了的畫面,可以點選 Validate 這個選項確認說服務是否有正確安裝完成

libreNMS-08.png

  1. 設定 config.php 權限
chown librenms:librenms /opt/librenms/config.php
最後確認 Final steps

  • 如果安裝有問題,請在「librenms」目錄下以「root」身份運行「 validate.php 」
cd /opt/librenms
./validate.php
  • librenms 權限來執行確認
sudo su - librenms
./validate.php

備註


  • BUBU 在設定時候有出現幾個問題,遇到資料庫時區問題

librenms-date-01.png

會出現這樣子的問題是資料庫抓取時間方式是以系統上給予的時間,那由於我採用 LXC 模式才會有這樣子問題,如果是使用 VM 模式這樣子狀況是不會發生才對

修改 vim /etc/mysql/mariadb.conf.d/50-server.cnf ,在 [mysqld] 下面增加一行

default_time_zone = '+8:00'

重啟 MariaDB 服務

systemctl restart mariadb

MariaDB 沒有時區的資料表,需要手動匯入之後才能正常運行

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p

匯入成功後

mysql -u root -p

SET GLOBAL time_zone = 'Asia/Taipei';

如果不想要用時區的話,可以用

SET GLOBAL time_zone = '+8:00';

librenms-date-02.png

修改完之後再用 linbrenms 帳號登入到資料庫裡面選擇 librenms 資料庫

USE librenms;

ALTER TABLE `notifications` CHANGE `datetime` `datetime` timesta mp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp N OT NULL DEFAULT '1970-01-02 00:00:01' ;



參考相關網頁