差異處
這裏顯示兩個版本的差異處。
兩邊的前次修訂版 前次修改 | 下次修改兩邊的下次修訂版 | ||
tech:librenms [2020/11/05 15:09] – [升級 php 至 7.4] jonathan_tsai | tech:librenms [2020/11/05 15:13] – [升級 php 至 7.4] jonathan_tsai | ||
---|---|---|---|
行 1: | 行 1: | ||
+ | ====== CentOS7 安裝 LibreNMS ====== | ||
+ | * CentOS Linux release 7.5.1804 (Core) | ||
+ | |||
+ | ===== 安裝程序 ===== | ||
+ | - 安裝需要的套件 <code sh> | ||
+ | yum install epel-release | ||
+ | rpm -Uvh https:// | ||
+ | yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr python36 MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool | ||
+ | </ | ||
+ | - 建立 librenms 用戶< | ||
+ | useradd librenms -d / | ||
+ | usermod -a -G librenms nginx | ||
+ | </ | ||
+ | - 設定 / | ||
+ | : | ||
+ | [Date] | ||
+ | ; Defines the default timezone used by the date functions | ||
+ | ; http:// | ||
+ | date.timezone = Asia/Taipei | ||
+ | : | ||
+ | </ | ||
+ | - 重新開機< | ||
+ | sync; | ||
+ | </ | ||
+ | - 下載 LibreNMS <code sh> | ||
+ | cd /opt | ||
+ | composer create-project --no-dev --keep-vcs librenms/ | ||
+ | </ | ||
+ | - 出現異常與警告訊息, | ||
+ | cd / | ||
+ | ./ | ||
+ | </ | ||
+ | - 建立 DB Server< | ||
+ | systemctl start mariadb | ||
+ | mysql -u root | ||
+ | </ | ||
+ | CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; | ||
+ | CREATE USER ' | ||
+ | GRANT ALL PRIVILEGES ON librenms.* TO ' | ||
+ | FLUSH PRIVILEGES; | ||
+ | exit | ||
+ | </ | ||
+ | vi /etc/my.cnf | ||
+ | </ | ||
+ | [mysqld] | ||
+ | datadir=/ | ||
+ | : | ||
+ | : | ||
+ | # instructions in http:// | ||
+ | innodb_file_per_table=1 | ||
+ | sql-mode="" | ||
+ | lower_case_table_names=0 | ||
+ | : | ||
+ | </ | ||
+ | systemctl enable mariadb | ||
+ | systemctl restart mariadb | ||
+ | </ | ||
+ | - 建立 Web Server <code sh> | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | ;user = apache | ||
+ | user = nginx | ||
+ | ; RPM: Keep a group allowed to write in log dir. | ||
+ | group = apache | ||
+ | |||
+ | ; The address on which to accept FastCGI requests. | ||
+ | ; Valid syntaxes are: | ||
+ | ; ' | ||
+ | ; a specific port; | ||
+ | ; ' | ||
+ | ; a specific port; | ||
+ | ; ' | ||
+ | ; (IPv6 and IPv4-mapped) on a specific port; | ||
+ | ; '/ | ||
+ | ; Note: This value is mandatory. | ||
+ | ;listen = 127.0.0.1: | ||
+ | listen = / | ||
+ | |||
+ | ; Set listen(2) backlog. | ||
+ | ; Default Value: 511 (-1 on FreeBSD and OpenBSD) | ||
+ | ; | ||
+ | |||
+ | ; Set permissions for unix socket, if one is used. In Linux, read/write | ||
+ | ; permissions must be set in order to allow connections from a web server. Many | ||
+ | ; BSD-derived systems allow connections regardless of permissions. | ||
+ | ; Default Values: user and group are set as the running user | ||
+ | ; mode is set to 0660 | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | listen.owner = nginx | ||
+ | listen.group = nginx | ||
+ | listen.mode = 0660 | ||
+ | |||
+ | ; When POSIX Access Control Lists are supported you can set them using | ||
+ | ; these options, value is a comma separated list of user/group names. | ||
+ | : | ||
+ | </ | ||
+ | systemctl enable php-fpm | ||
+ | systemctl restart php-fpm | ||
+ | </ | ||
+ | - 設定 nginx <code sh> | ||
+ | vi / | ||
+ | </ | ||
+ | server { | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | gzip on; | ||
+ | | ||
+ | | ||
+ | try_files $uri $uri/ / | ||
+ | } | ||
+ | | ||
+ | try_files $uri $uri/ / | ||
+ | } | ||
+ | | ||
+ | include fastcgi.conf; | ||
+ | fastcgi_split_path_info ^(.+\.php)(/ | ||
+ | fastcgi_pass unix:/ | ||
+ | } | ||
+ | | ||
+ | deny all; | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | systemctl enable nginx | ||
+ | systemctl restart nginx | ||
+ | </ | ||
+ | - 建立 SELinux 與 Allow fping< | ||
+ | yum install policycoreutils-python | ||
+ | |||
+ | semanage fcontext -a -t httpd_sys_content_t '/ | ||
+ | semanage fcontext -a -t httpd_sys_rw_content_t '/ | ||
+ | restorecon -RFvv / | ||
+ | semanage fcontext -a -t httpd_sys_content_t '/ | ||
+ | semanage fcontext -a -t httpd_sys_rw_content_t '/ | ||
+ | restorecon -RFvv / | ||
+ | semanage fcontext -a -t httpd_sys_content_t '/ | ||
+ | semanage fcontext -a -t httpd_sys_rw_content_t '/ | ||
+ | restorecon -RFvv / | ||
+ | semanage fcontext -a -t httpd_sys_content_t '/ | ||
+ | semanage fcontext -a -t httpd_sys_rw_content_t '/ | ||
+ | restorecon -RFvv / | ||
+ | setsebool -P httpd_can_sendmail=1 | ||
+ | setsebool -P httpd_execmem 1 | ||
+ | </ | ||
+ | vi / | ||
+ | </ | ||
+ | module http_fping 1.0; | ||
+ | |||
+ | require { | ||
+ | type httpd_t; | ||
+ | class capability net_raw; | ||
+ | class rawip_socket { getopt create setopt write read }; | ||
+ | } | ||
+ | |||
+ | # | ||
+ | allow httpd_t self: | ||
+ | allow httpd_t self: | ||
+ | </ | ||
+ | checkmodule -M -m -o http_fping.mod / | ||
+ | semodule_package -o / | ||
+ | semodule -i / | ||
+ | </ | ||
+ | - 設定 firewall< | ||
+ | firewall-cmd --zone public --add-service http | ||
+ | firewall-cmd --permanent --zone public --add-service http | ||
+ | firewall-cmd --zone public --add-service https | ||
+ | firewall-cmd --permanent --zone public --add-service https | ||
+ | < | ||
+ | - 設定 snmpd <code sh> | ||
+ | cp / | ||
+ | |||
+ | vi / | ||
+ | </ | ||
+ | # Change RANDOMSTRINGGOESHERE to your preferred SNMP community string | ||
+ | #com2sec readonly | ||
+ | com2sec readonly | ||
+ | : | ||
+ | # | ||
+ | syslocation Taipei, Taiwan | ||
+ | #syscontact Your Name < | ||
+ | syscontact Jonathan Tsai < | ||
+ | : | ||
+ | </ | ||
+ | curl -o / | ||
+ | chmod +x / | ||
+ | systemctl enable snmpd | ||
+ | systemctl restart snmpd | ||
+ | </ | ||
+ | - 定義 cron table <code sh> | ||
+ | cp / | ||
+ | </ | ||
+ | - 設定定時清 log <code sh> | ||
+ | cp / | ||
+ | </ | ||
+ | - 設定權限 <code sh> | ||
+ | chown -R librenms: | ||
+ | setfacl -d -m g::rwx / | ||
+ | setfacl -R -m g::rwx / | ||
+ | </ | ||
+ | - 至網頁介面進行安裝 網址 Exp. http:// | ||
+ | - 如果這時候無法出現安裝畫面, | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | include | ||
+ | default_type | ||
+ | |||
+ | # Load modular configuration files from the / | ||
+ | # See http:// | ||
+ | # for more information. | ||
+ | include / | ||
+ | |||
+ | # server { | ||
+ | # listen | ||
+ | # listen | ||
+ | # server_name | ||
+ | # root / | ||
+ | # | ||
+ | # # Load configuration files for the default server block. | ||
+ | # include / | ||
+ | # | ||
+ | # location / { | ||
+ | # } | ||
+ | # | ||
+ | # error_page 404 /404.html; | ||
+ | # location = /40x.html { | ||
+ | # } | ||
+ | # | ||
+ | # error_page 500 502 503 504 /50x.html; | ||
+ | # location = /50x.html { | ||
+ | # } | ||
+ | # } | ||
+ | |||
+ | # Settings for a TLS enabled server. | ||
+ | # | ||
+ | # server { | ||
+ | : | ||
+ | </ | ||
+ | systemctl restart nginx | ||
+ | </ | ||
+ | - 依照網頁出現的 6 個 Stage 執行 | ||
+ | - Stage 5 將產生的設定參數資料手動寫入 / | ||
+ | vi / | ||
+ | </ | ||
+ | - 調整參數檔案權限< | ||
+ | chown librenms: | ||
+ | </ | ||
+ | - 再來應該就可以透過網頁依照上一步驟建立的帳號登入 | ||
+ | |||
+ | ===== 設定自動找尋區域網路內可納管設備 ===== | ||
+ | * 假設區網為 192.168.1.0/ | ||
+ | * SNMP 都是設定為 v1 / v2c , Community 設定為 public 或 ichiayi_snmp | ||
+ | | ||
+ | - 先安裝 python-ipaddress 模組 yum install python-ipaddress | ||
+ | - 先手動加入一個設備進行監管 Exp. 192.168.1.1 | ||
+ | - vi / | ||
+ | : | ||
+ | # Auto-Discovery | ||
+ | // v1 or v2c | ||
+ | $config[' | ||
+ | $config[' | ||
+ | |||
+ | $config[' | ||
+ | |||
+ | $config[' | ||
+ | |||
+ | $config[' | ||
+ | |||
+ | </ | ||
+ | - 第一次可以手動執行一次 <code sh> | ||
+ | cd / | ||
+ | ./ | ||
+ | </ | ||
+ | [root@ct-librenms librenms]# ./ | ||
+ | Scanning IPs: | ||
+ | ..............................................................................................................................................................................................................................................++++++++++----- | ||
+ | |||
+ | Scanned 253 IPs: 0 known devices, added 10 devices, failed to add 5 devices, 1 ips excluded by config | ||
+ | Runtime: 104.31 seconds | ||
+ | </ | ||
+ | - 之後在區域網路內的新設備如果有啟用 snmp v1 / v2c communty 符合設定的值, | ||
+ | |||
+ | ===== 設定告警通知 ===== | ||
+ | * 設定 E-Mail 通知 | ||
+ | * Global Settings -> Alerting Settings | ||
+ | * General alert settings : Default contact <- 填上要接收通知的 E-Mail | ||
+ | * Exp. {{: | ||
+ | * Email options 依照實際寄送的 Mail Server 方式設定 | ||
+ | * Exp. {{: | ||
+ | * 設定告警通知規則 | ||
+ | * Alerts -> Alert Rules | ||
+ | * 當監控的設備無法連線就通知 | ||
+ | * {{: | ||
+ | * {{: | ||
+ | |||
+ | |||
+ | ===== 設定 Device Dependencies 設備依存關係 ===== | ||
+ | * Device Dependencies 可以減少不必要的告警通知, | ||
+ | * Exp. 192.168.1.254 是 Firewall, 192.168.1.222 是內部 Wifi 設備, 外部監控的 LibreNMS 可以設定 192.168.1.222 有個 Parents 是 192.168.1.254 ++可點下參考相關設定畫面| | ||
+ | * 選單 Devices-> | ||
+ | * 搜尋要設定的 Device IP Exp. 192.168.1.222 \\ {{: | ||
+ | * 編輯該設備的 Parent Exp. 192.168.1.254 \\ {{: | ||
+ | * 當完成設定後, | ||
+ | * 192.168.1.254(Firewall) 出現異常紀錄(告警會通知) \\ {{: | ||
+ | * 192.168.1.222(Wifi) 出現異常紀錄(告警會跳過) \\ {{: | ||
+ | ++ | ||
+ | |||
+ | ===== 安裝 Agent 監看應用程式 ===== | ||
+ | * {{indexmenu>: | ||
+ | |||
+ | |||
+ | ===== 常見 LibreNMS 異常問題排除 ===== | ||
+ | ==== 每日自動更版失敗處理 ==== | ||
+ | * 先透過執行 daily.sh 看錯誤訊息 <code sh> | ||
+ | su - librenms | ||
+ | ./daily.sh | ||
+ | </ | ||
+ | * 看錯誤訊息進行處理, | ||
+ | * 如果無法解決, | ||
+ | ./ | ||
+ | : | ||
+ | [FAIL] | ||
+ | [FIX]: | ||
+ | sudo chown -R librenms: | ||
+ | sudo setfacl -d -m g::rwx / | ||
+ | sudo chmod -R ug=rwX / | ||
+ | Files: | ||
+ | / | ||
+ | </ | ||
+ | su - root | ||
+ | chown -R librenms: | ||
+ | setfacl -d -m g::rwx / | ||
+ | chmod -R ug=rwX / | ||
+ | </ | ||
+ | * 其他實用的修復 script: | ||
+ | * 修復 git 目錄檔案 ./ | ||
+ | |||
+ | < | ||
+ | * 自動更新失敗, | ||
+ | * 可重新完整安裝的程序如下: | ||
+ | su - librenms | ||
+ | ./ | ||
+ | git pull | ||
+ | ./daily.sh | ||
+ | ./ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== 更新 python3 ==== | ||
+ | <note warning> | ||
+ | < | ||
+ | PHP 7.1 and Python 2 no longer supported | ||
+ | LibreNMS will soon require Python 3.5+ and PHP 7.2.5+. For more details check https:// | ||
+ | |||
+ | 2020-05-11 00:00:00 | Source: http:// | ||
+ | </ | ||
+ | </ | ||
+ | * <code sh> | ||
+ | yum install python36 | ||
+ | </ | ||
+ | * 參考 - https:// | ||
+ | |||
+ | ==== 修改連線 DB ==== | ||
+ | * 因為資料庫變大, | ||
+ | * 以下是 / | ||
+ | APP_KEY=base64: | ||
+ | |||
+ | DB_HOST=192.168.11.202 | ||
+ | DB_DATABASE=librenms | ||
+ | DB_USERNAME=**dbuser** | ||
+ | DB_PASSWORD=**dbpasswd** | ||
+ | |||
+ | #APP_URL= | ||
+ | NODE_ID=5cxxxxxxxxxde | ||
+ | DB_PORT=3306 | ||
+ | LIBRENMS_USER=librenms | ||
+ | |||
+ | </ | ||
+ | * 原本 mariadb 的設定要關閉< | ||
+ | systemctl stop mariadb | ||
+ | systemctl disable mariadb | ||
+ | </ | ||
+ | |||
+ | * 參考 - https:// | ||
+ | |||
+ | ===== 升級 php 至 7.4 ===== | ||
+ | * 2020/11/04 收到訊息會 2020/11 起, LibreNMS 必須使用 php 7.3 以上(建議 7.4)版本才會自動更新 | ||
+ | * 先移除原本 PHP 7.2 <cli> | ||
+ | systemctl stop php-fpm | ||
+ | yum remove php72w* | ||
+ | mv / | ||
+ | </ | ||
+ | * 將安裝 REMI 的 PHP 7.4 來因應 <cli> | ||
+ | yum install https:// | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | [remi-php74] | ||
+ | : | ||
+ | enabled=1 | ||
+ | : | ||
+ | </ | ||
+ | yum install composer php php-cli php-common php-curl php-fpm php-gd php-mbstring php-mysqlnd php-process php-snmp php-xml php-zip | ||
+ | </ | ||
+ | <note warning> | ||
+ | * 因為這方式是重新安裝 php 與相關套件, | ||
+ | </ | ||
+ | * 修改 php.ini <cli> | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | [Date] | ||
+ | ; Defines the default timezone used by the date functions | ||
+ | ; http:// | ||
+ | date.timezone = Asia/Taipei | ||
+ | : | ||
+ | </ | ||
+ | * 修改 php-fpm 設定 <cli> | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | ;user = apache | ||
+ | user = nginx | ||
+ | : | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | listen.owner = nginx | ||
+ | listen.group = nginx | ||
+ | listen.mode = 0660 | ||
+ | : | ||
+ | </ | ||
+ | systemctl enable php-fpm | ||
+ | systemctl restart php-fpm</ | ||
+ | * 修改 nginx 設定< | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | : | ||
+ | | ||
+ | include fastcgi.conf; | ||
+ | fastcgi_split_path_info ^(.+\.php)(/ | ||
+ | # | ||
+ | fastcgi_pass 127.0.0.1: | ||
+ | } | ||
+ | : | ||
+ | </ | ||
+ | systemctl restart nginx | ||
+ | </ | ||
+ | * 設定 ping 的執行權限 <cli> | ||
+ | setcap cap_net_raw+ep / | ||
+ | setcap cap_net_raw+ep / | ||
+ | </ | ||
+ | * 驗證一下是否可以正常運作 <cli> | ||
+ | su - librenms | ||
+ | ./ | ||
+ | ./daily.sh | ||
+ | </ | ||
+ | [root@ct-librenms ~]# su - librenms | ||
+ | -bash-4.2$ ./ | ||
+ | ==================================== | ||
+ | Component | Version | ||
+ | --------- | ------- | ||
+ | LibreNMS | ||
+ | DB Schema | 2020_07_27_00522_alter_devices_snmp_algo_columns (188) | ||
+ | PHP | 7.4.12 | ||
+ | Python | ||
+ | MySQL | 5.6.42-84.2-56-log | ||
+ | RRDTool | ||
+ | SNMP | NET-SNMP 5.7.2 | ||
+ | OpenSSL | ||
+ | ==================================== | ||
+ | |||
+ | [OK] Composer Version: 1.10.17 | ||
+ | [OK] Dependencies up-to-date. | ||
+ | [OK] Database connection successful | ||
+ | [OK] Database schema correct | ||
+ | -bash-4.2$ ./daily.sh | ||
+ | Supported PHP and Python version, switched back to master branch. OK | ||
+ | Updating to latest codebase | ||
+ | |||
+ | In AppServiceProvider.php line 43: | ||
+ | | ||
+ | Call to undefined method Illuminate\Pagination\Paginator:: | ||
+ | |||
+ | In AppServiceProvider.php line 43: | ||
+ | | ||
+ | Call to undefined method Illuminate\Pagination\Paginator:: | ||
+ | |||
+ | Updating Composer packages | ||
+ | Updated from bc02ab3 to 240edd2 | ||
+ | Updating SQL-Schema | ||
+ | Updating submodules | ||
+ | Cleaning up DB OK | ||
+ | Fetching notifications | ||
+ | Caching PeeringDB data OK | ||
+ | -bash-4.2$ ./daily.sh | ||
+ | Updating to latest codebase | ||
+ | Updating Composer packages | ||
+ | Updating SQL-Schema | ||
+ | Updating submodules | ||
+ | Cleaning up DB OK | ||
+ | Fetching notifications | ||
+ | Caching PeeringDB data OK | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | * 移轉 LibreNMS 程序可參考 https:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== 參考網址 ==== | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | {{tag> | ||