這是本文件的舊版!
Indexmenu Plugin: If you use the 'js'-option of the indexmenu plugin, you have to disable the 'defer_js'-setting. This setting is temporary, in the future the indexmenu plugin will be improved.
CentOS7 安裝 LibreNMS
- CentOS Linux release 7.5.1804 (Core)
安裝程序
- 安裝需要的套件
yum install epel-release rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr python36 MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
- 建立 librenms 用戶
useradd librenms -d /opt/librenms -M -r usermod -a -G librenms nginx
- 設定 /etc/php.ini
: [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Asia/Taipei :
- 重新開機
sync;sync;sync;reboot
- 下載 LibreNMS
cd /opt composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
- 出現異常與警告訊息, 重新開機後再執行
cd /opt/librenms ./scripts/composer_wrapper.php install --no-dev
- 建立 DB Server
systemctl start mariadb mysql -u root
password 要依照自己需要設定
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; CREATE USER 'librenms'@'localhost' IDENTIFIED BY '**password**'; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; FLUSH PRIVILEGES; exit
vi /etc/my.cnf
[mysqld] datadir=/var/lib/mysql : : # instructions in http://fedoraproject.org/wiki/Systemd innodb_file_per_table=1 sql-mode="" lower_case_table_names=0 :
systemctl enable mariadb systemctl restart mariadb
- 建立 Web Server
vi /etc/php-fpm.d/www.conf
: ;user = apache user = nginx ; RPM: Keep a group allowed to write in log dir. group = apache ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on ; a specific port; ; 'port' - to listen on a TCP socket to all addresses ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. ;listen = 127.0.0.1:9000 listen = /var/run/php-fpm/php7.2-fpm.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) ;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 ;listen.owner = nobody ;listen.group = nobody ;listen.mode = 0660 listen.owner = nginx listen.group = nginx listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. :
systemctl enable php-fpm systemctl restart php-fpm
- 設定 nginx
vi /etc/nginx/conf.d/librenms.conf
server { listen 80; server_name librenms.example.com; root /opt/librenms/html; index index.php; charset utf-8; gzip on; gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; location / { try_files $uri $uri/ /index.php?$query_string; } location /api/v0 { try_files $uri $uri/ /api_v0.php?$query_string; } location ~ \.php { include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock; } location ~ /\.ht { deny all; } }
systemctl enable nginx systemctl restart nginx
- 建立 SELinux 與 Allow fping
yum install policycoreutils-python semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?' restorecon -RFvv /opt/librenms/logs/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?' restorecon -RFvv /opt/librenms/rrd/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?' restorecon -RFvv /opt/librenms/storage/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?' restorecon -RFvv /opt/librenms/bootstrap/cache/ setsebool -P httpd_can_sendmail=1 setsebool -P httpd_execmem 1
vi /tmp/http_fping.tt
module http_fping 1.0; require { type httpd_t; class capability net_raw; class rawip_socket { getopt create setopt write read }; } #============= httpd_t ============== allow httpd_t self:capability net_raw; allow httpd_t self:rawip_socket { getopt create setopt write read };
checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt semodule_package -o /tmp/http_fping.pp -m http_fping.mod semodule -i /tmp/http_fping.pp
- 設定 firewall
firewall-cmd --zone public --add-service http firewall-cmd --permanent --zone public --add-service http firewall-cmd --zone public --add-service https firewall-cmd --permanent --zone public --add-service https <code> - 設定 snmpd <code sh> cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf vi /etc/snmp/snmpd.conf
將 RANDOMSTRINGGOESHERE 改成你要的 community 字串
# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string #com2sec readonly default RANDOMSTRINGGOESHERE com2sec readonly default **community_string** : #syslocation Rack, Room, Building, City, Country [GPSX,Y] syslocation Taipei, Taiwan #syscontact Your Name <[email protected]> syscontact Jonathan Tsai <[email protected]> :
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro chmod +x /usr/bin/distro systemctl enable snmpd systemctl restart snmpd
- 定義 cron table
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
- 設定定時清 log
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
- 設定權限
chown -R librenms:librenms /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
- 至網頁介面進行安裝 網址 Exp. http://192.168.11.200/install.php
- 如果這時候無法出現安裝畫面, 表示 nginx default 設定沒有移除
vi /etc/nginx/nginx.conf
: include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; # server { # listen 80 default_server; # listen [::]:80 default_server; # server_name _; # root /usr/share/nginx/html; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } # Settings for a TLS enabled server. # # server { :
systemctl restart nginx
- 依照網頁出現的 6 個 Stage 執行
- Stage 5 將產生的設定參數資料手動寫入 /opt/librenms/config.php
vi /opt/librenms/config.php
- 調整參數檔案權限
chown librenms:librenms /opt/librenms/config.php
- 再來應該就可以透過網頁依照上一步驟建立的帳號登入
設定自動找尋區域網路內可納管設備
- 假設區網為 192.168.1.0/24 (192.168.1.1 - 192.168.1.254)
- SNMP 都是設定為 v1 / v2c , Community 設定為 public 或 ichiayi_snmp
- 先安裝 python-ipaddress 模組 yum install python-ipaddress
- 先手動加入一個設備進行監管 Exp. 192.168.1.1
- vi /opt/librenms/config.php
: # Auto-Discovery // v1 or v2c $config['snmp']['community'][] = "public"; $config['snmp']['community'][] = "ichiayi_snmp"; $config['nets'][] = '192.168.1.0/24'; $config['autodiscovery']['nets-exclude'][] = '192.168.1.1/32'; $config['discovery_by_ip'] = true;
- 第一次可以手動執行一次
cd /opt/librenms ./snmp-scan.py
結果:
[root@ct-librenms librenms]# ./snmp-scan.py Scanning IPs: ..............................................................................................................................................................................................................................................++++++++++----- Scanned 253 IPs: 0 known devices, added 10 devices, failed to add 5 devices, 1 ips excluded by config Runtime: 104.31 seconds
- 之後在區域網路內的新設備如果有啟用 snmp v1 / v2c communty 符合設定的值, 可以在五分鐘內被自動加入
設定告警通知
- 設定 E-Mail 通知
- Global Settings → Alerting Settings
- General alert settings : Default contact ← 填上要接收通知的 E-Mail
- Email options 依照實際寄送的 Mail Server 方式設定
- 設定告警通知規則
- Alerts → Alert Rules
- 當監控的設備無法連線就通知
設定 Device Dependencies 設備依存關係
- Device Dependencies 可以減少不必要的告警通知, 例如 Firewall 故障, Firewall 內所有的主機當然無法使用, 此時可以設定裡面所有的主機的 Parents 是 Firewall 減少不必要的告警通知
- Exp. 192.168.1.254 是 Firewall, 192.168.1.222 是內部 Wifi 設備, 外部監控的 LibreNMS 可以設定 192.168.1.222 有個 Parents 是 192.168.1.254 可點下參考相關設定畫面
安裝 Agent 監看應用程式
常見 LibreNMS 異常問題排除
每日自動更版失敗處理
- 先透過執行 daily.sh 看錯誤訊息
su - librenms ./daily.sh
- 看錯誤訊息進行處理, Exp. git 檔案被更改, 就移除這些檔案後, 在執行 daily.sh
- 如果無法解決, 可以透過 validate.php 來檢查
./vaildate.php
: [FAIL] Some folders have incorrect file permissions, this may cause issues. [FIX]: sudo chown -R librenms:librenms /opt/librenms sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/libr enms/bootstrap/cache/ /opt/librenms/storage/ sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/ bootstrap/cache/ /opt/librenms/storage/ Files: /opt/librenms/storage/framework/views/cdca770a337e07f2364ec770e7b408621 95170d7.php
就依照內容說明去修正
su - root chown -R librenms:librenms /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
- 其他實用的修復 script:
- 修復 git 目錄檔案 ./scripts/github-remove
- 自動更新失敗, 出現很多套件依存議題, Exp,. Carbon 1 is deprecated, see how to migrate to Carbon 2
- 可重新完整安裝的程序如下:
su - librenms ./scripts/github-remove -d -v git pull ./daily.sh ./validate.php
更新 python3
PHP 7.1 and Python 2 no longer supported LibreNMS will soon require Python 3.5+ and PHP 7.2.5+. For more details check https://t.libren.ms/uo84c 2020-05-11 00:00:00 | Source: http://www.librenms.org/notifications.rss
yum install python36
修改連線 DB
- 因為資料庫變大, 改用 Percona XtraDB Cluster 來取代本機 MySQL/MariaDB, 修改 /opt/librenms/config.php 內的 ### Database config 卻完全沒用, 看了 LibreNMS 文件才發現已經變成要改 /opt/librenms/.env 才對
- 以下是 /opt/librenms/.env 大概的內容
APP_KEY=base64:LvIYs6Gauexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5/c= DB_HOST=192.168.11.202 DB_DATABASE=librenms DB_USERNAME=**dbuser** DB_PASSWORD=**dbpasswd** #APP_URL= NODE_ID=5cxxxxxxxxxde DB_PORT=3306 LIBRENMS_USER=librenms
- 原本 mariadb 的設定要關閉
systemctl stop mariadb systemctl disable mariadb
升級 php 至 7.4
- 2020/11/04 收到訊息會 2020/11 起, LibreNMS 必須使用 php 7.3 以上(建議 7.4)版本才會自動更新
- 先移除原本 PHP 7.2
systemctl stop php-fpm yum remove php72w* mv /etc/yum.repos.d/webtatic* /tmp/
- 將安裝 REMI 的 PHP 7.4 來因應
yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm vi /etc/yum.repos.d/remi-php74.repo
: [remi-php74] : enabled=1 :
yum install composer php php-cli php-common php-curl php-fpm php-gd php-mbstring php-mysqlnd php-process php-snmp php-xml php-zip
- 因為這方式是重新安裝 php 與相關套件, 所以 php.ini 與 nginx 的一些設定必須再次執行
- 修改 php.ini
vi /etc/php.ini
: [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone date.timezone = Asia/Taipei :
- 修改 php-fpm 設定
vi /etc/php-fpm.d/www.conf
: ;user = apache user = nginx : ;listen.owner = nobody ;listen.group = nobody ;listen.mode = 0660 listen.owner = nginx listen.group = nginx listen.mode = 0660 :
systemctl enable php-fpm systemctl restart php-fpm
- 修改 nginx 設定
vi /etc/nginx/conf.d/librenms.conf
: : location ~ \.php { include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; #fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock; fastcgi_pass 127.0.0.1:9000; } :
systemctl restart nginx
- 設定 ping 的執行權限
setcap cap_net_raw+ep /usr/sbin/fping setcap cap_net_raw+ep /usr/sbin/fping6
- 驗證一下是否可以正常運作
su - librenms ./validate.php ./daily.sh
可能會出現一些 Call to undefined method … 訊息, 不過第二次執行 ./daily.sh 應該就不會再出現, 執行畫面如下
[root@ct-librenms ~]# su - librenms -bash-4.2$ ./validate.php ==================================== Component | Version --------- | ------- LibreNMS | 1.69-5-g240edd2 DB Schema | 2020_07_27_00522_alter_devices_snmp_algo_columns (188) PHP | 7.4.12 Python | 3.6.8 MySQL | 5.6.42-84.2-56-log RRDTool | 1.4.8 SNMP | NET-SNMP 5.7.2 OpenSSL | ==================================== [OK] Composer Version: 1.10.17 [OK] Dependencies up-to-date. [OK] Database connection successful [OK] Database schema correct -bash-4.2$ ./daily.sh Supported PHP and Python version, switched back to master branch. OK Updating to latest codebase OK In AppServiceProvider.php line 43: Call to undefined method Illuminate\Pagination\Paginator::useBootstrap() In AppServiceProvider.php line 43: Call to undefined method Illuminate\Pagination\Paginator::useBootstrap() Updating Composer packages OK Updated from bc02ab3 to 240edd2 OK Updating SQL-Schema OK Updating submodules OK Cleaning up DB OK Fetching notifications OK Caching PeeringDB data OK -bash-4.2$ ./daily.sh Updating to latest codebase OK Updating Composer packages OK Updating SQL-Schema OK Updating submodules OK Cleaning up DB OK Fetching notifications OK Caching PeeringDB data OK
- 移轉 LibreNMS 程序可參考 https://docs.librenms.org/Support/FAQ/ 內
How do I move my LibreNMS install to another server?