這是本文件的舊版!

Indexmenu Plugin: If you use the 'js'-option of the indexmenu plugin, you have to disable the 'defer_js'-setting. This setting is temporary, in the future the indexmenu plugin will be improved.

CentOS7 安裝 LibreNMS

  • CentOS Linux release 7.5.1804 (Core)

安裝程序

  1. 安裝需要的套件 
    yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr python36 MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
  2. 建立 librenms 用戶
    useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms nginx
  3. 設定 /etc/php.ini 
    :
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Taipei
:
  4. 重新開機
    sync;sync;sync;reboot
  5. 下載 LibreNMS 
    cd /opt
composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
  6. 出現異常與警告訊息, 重新開機後再執行
    cd /opt/librenms
./scripts/composer_wrapper.php install --no-dev
  7. 建立 DB Server
    systemctl start mariadb
mysql -u root

    password 要依照自己需要設定 

    CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY '**password**';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
    vi /etc/my.cnf
    [mysqld]
datadir=/var/lib/mysql
:
:
# instructions in http://fedoraproject.org/wiki/Systemd
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
:
    systemctl enable mariadb
systemctl restart mariadb
  8. 建立 Web Server 
    vi /etc/php-fpm.d/www.conf
    :
;user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = apache

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php7.2-fpm.sock

; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
:
    systemctl enable php-fpm
systemctl restart php-fpm
  9. 設定 nginx 
    vi /etc/nginx/conf.d/librenms.conf
    server {
 listen      80;
 server_name librenms.example.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location /api/v0 {
  try_files $uri $uri/ /api_v0.php?$query_string;
 }
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
 }
 location ~ /\.ht {
  deny all;
 }
}
    systemctl enable nginx
systemctl restart nginx
  10. 建立 SELinux 與 Allow fping
    yum install policycoreutils-python
 
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
restorecon -RFvv /opt/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /opt/librenms/bootstrap/cache/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
    vi /tmp/http_fping.tt
    module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
    checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
semodule_package -o /tmp/http_fping.pp -m http_fping.mod
semodule -i /tmp/http_fping.pp
  11. 設定 firewall
    firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
<code>
  - 設定 snmpd <code sh>
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
 
vi /etc/snmp/snmpd.conf

    將 RANDOMSTRINGGOESHERE 改成你要的 community 字串 

    # Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
#com2sec readonly  default         RANDOMSTRINGGOESHERE
com2sec readonly  default         **community_string**
:
#syslocation Rack, Room, Building, City, Country [GPSX,Y]
syslocation Taipei, Taiwan
#syscontact Your Name <[email protected]>
syscontact Jonathan Tsai <[email protected]>
:
    curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
  12. 定義 cron table 
    cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
  13. 設定定時清 log 
    cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
  14. 設定權限 
    chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
  15. 至網頁介面進行安裝 網址 Exp. http://192.168.11.200/install.php
    1. 如果這時候無法出現安裝畫面, 表示 nginx default 設定沒有移除 
      vi /etc/nginx/nginx.conf
      :
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

# Settings for a TLS enabled server.
#
#    server {
:
      systemctl restart nginx
    2. 依照網頁出現的 6 個 Stage 執行
    3. Stage 5 將產生的設定參數資料手動寫入 /opt/librenms/config.php 
      vi /opt/librenms/config.php
    4. 調整參數檔案權限
      chown librenms:librenms /opt/librenms/config.php
  16. 再來應該就可以透過網頁依照上一步驟建立的帳號登入

設定自動找尋區域網路內可納管設備

  • 假設區網為 192.168.1.0/24 (192.168.1.1 - 192.168.1.254)
  • SNMP 都是設定為 v1 / v2c , Community 設定為 public 或 ichiayi_snmp
  1. 先安裝 python-ipaddress 模組 yum install python-ipaddress
  2. 先手動加入一個設備進行監管 Exp. 192.168.1.1
  3. vi /opt/librenms/config.php 
    :
# Auto-Discovery
// v1 or v2c
$config['snmp']['community'][] = "public";
$config['snmp']['community'][] = "ichiayi_snmp";
 
$config['nets'][] = '192.168.1.0/24';
 
$config['autodiscovery']['nets-exclude'][] = '192.168.1.1/32';
 
$config['discovery_by_ip'] = true;
  4. 第一次可以手動執行一次 
    cd /opt/librenms
./snmp-scan.py

    結果: 

    [root@ct-librenms librenms]# ./snmp-scan.py
Scanning IPs:
..............................................................................................................................................................................................................................................++++++++++-----

Scanned 253 IPs: 0 known devices, added 10 devices, failed to add 5 devices, 1 ips excluded by config
Runtime: 104.31 seconds
  5. 之後在區域網路內的新設備如果有啟用 snmp v1 / v2c communty 符合設定的值, 可以在五分鐘內被自動加入

設定告警通知

  • 設定 E-Mail 通知
    • Global Settings → Alerting Settings
      • General alert settings : Default contact ← 填上要接收通知的 E-Mail
        • Exp.
      • Email options 依照實際寄送的 Mail Server 方式設定
        • Exp.
  • 設定告警通知規則
    • Alerts → Alert Rules
      • 當監控的設備無法連線就通知

設定 Device Dependencies 設備依存關係

  • Device Dependencies 可以減少不必要的告警通知, 例如 Firewall 故障, Firewall 內所有的主機當然無法使用, 此時可以設定裡面所有的主機的 Parents 是 Firewall 減少不必要的告警通知
  • Exp. 192.168.1.254 是 Firewall, 192.168.1.222 是內部 Wifi 設備, 外部監控的 LibreNMS 可以設定 192.168.1.222 有個 Parents 是 192.168.1.254 可點下參考相關設定畫面

安裝 Agent 監看應用程式

常見 LibreNMS 異常問題排除

每日自動更版失敗處理

  • 先透過執行 daily.sh 看錯誤訊息 
    su - librenms
./daily.sh
  • 看錯誤訊息進行處理, Exp. git 檔案被更改, 就移除這些檔案後, 在執行 daily.sh
  • 如果無法解決, 可以透過 validate.php 來檢查 
    ./vaildate.php
    :
[FAIL]  Some folders have incorrect file permissions, this may cause issues.
        [FIX]:
        sudo chown -R librenms:librenms /opt/librenms
        sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/libr                                              enms/bootstrap/cache/ /opt/librenms/storage/
        sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/                                              bootstrap/cache/ /opt/librenms/storage/
        Files:
         /opt/librenms/storage/framework/views/cdca770a337e07f2364ec770e7b408621                                              95170d7.php

    就依照內容說明去修正 

    su - root
chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
  • 其他實用的修復 script:
    • 修復 git 目錄檔案 ./scripts/github-remove
  • 自動更新失敗, 出現很多套件依存議題, Exp,. Carbon 1 is deprecated, see how to migrate to Carbon 2
  • 可重新完整安裝的程序如下: 
    su - librenms
./scripts/github-remove -d -v
git pull
./daily.sh
./validate.php

更新 python3

PHP 7.1 and Python 2 no longer supported 
LibreNMS will soon require Python 3.5+ and PHP 7.2.5+. For more details check https://t.libren.ms/uo84c

2020-05-11 00:00:00 | Source: http://www.librenms.org/notifications.rss

修改連線 DB

  • 因為資料庫變大, 改用 Percona XtraDB Cluster 來取代本機 MySQL/MariaDB, 修改 /opt/librenms/config.php 內的 ### Database config 卻完全沒用, 看了 LibreNMS 文件才發現已經變成要改 /opt/librenms/.env 才對
  • 以下是 /opt/librenms/.env 大概的內容
    APP_KEY=base64:LvIYs6Gauexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5/c=

DB_HOST=192.168.11.202
DB_DATABASE=librenms
DB_USERNAME=**dbuser**
DB_PASSWORD=**dbpasswd**

#APP_URL=
NODE_ID=5cxxxxxxxxxde
DB_PORT=3306
LIBRENMS_USER=librenms
  • 原本 mariadb 的設定要關閉
    systemctl stop mariadb
systemctl disable mariadb

升級 php 至 7.4

  • 2020/11/04 收到訊息會 2020/11 起, LibreNMS 必須使用 php 7.3 以上(建議 7.4)版本才會自動更新
  • 先移除原本 PHP 7.2 

    systemctl stop php-fpm
yum remove php72w*
mv /etc/yum.repos.d/webtatic* /tmp/

  • 將安裝 REMI 的 PHP 7.4 來因應 

    yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
vi /etc/yum.repos.d/remi-php74.repo

    :
[remi-php74]
:
enabled=1
:
    yum install composer php php-cli php-common php-curl php-fpm php-gd php-mbstring php-mysqlnd php-process php-snmp php-xml php-zip
  • 因為這方式是重新安裝 php 與相關套件, 所以 php.ini 與 nginx 的一些設定必須再次執行
  • 修改 php.ini 

    vi /etc/php.ini

    :
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Taipei
:
  • 修改 php-fpm 設定 

    vi /etc/php-fpm.d/www.conf

    :
;user = apache
user = nginx
:
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
:
    systemctl enable php-fpm
systemctl restart php-fpm
  • 修改 nginx 設定

    vi /etc/nginx/conf.d/librenms.conf

    :
:
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  #fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
  fastcgi_pass 127.0.0.1:9000;
 }
:
    systemctl restart nginx
  • 設定 ping 的執行權限 

    setcap cap_net_raw+ep /usr/sbin/fping
setcap cap_net_raw+ep /usr/sbin/fping6

  • 驗證一下是否可以正常運作 

    su - librenms
./validate.php 
./daily.sh

    可能會出現一些 Call to undefined method … 訊息, 不過第二次執行 ./daily.sh 應該就不會再出現, 執行畫面如下

    [root@ct-librenms ~]# su - librenms
-bash-4.2$ ./validate.php 
====================================
Component | Version
--------- | -------
LibreNMS  | 1.69-5-g240edd2
DB Schema | 2020_07_27_00522_alter_devices_snmp_algo_columns (188)
PHP       | 7.4.12
Python    | 3.6.8
MySQL     | 5.6.42-84.2-56-log
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
OpenSSL   | 
====================================

[OK]    Composer Version: 1.10.17
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
-bash-4.2$ ./daily.sh
Supported PHP and Python version, switched back to master branch. OK
Updating to latest codebase                        OK

In AppServiceProvider.php line 43:
                                                                            
  Call to undefined method Illuminate\Pagination\Paginator::useBootstrap()  

In AppServiceProvider.php line 43:
                                                                            
  Call to undefined method Illuminate\Pagination\Paginator::useBootstrap()  

Updating Composer packages                         OK
Updated from bc02ab3 to 240edd2                    OK
Updating SQL-Schema                                OK
Updating submodules                                OK
Cleaning up DB                                     OK
Fetching notifications                             OK
Caching PeeringDB data                             OK
-bash-4.2$ ./daily.sh
Updating to latest codebase                        OK
Updating Composer packages                         OK
Updating SQL-Schema                                OK
Updating submodules                                OK
Cleaning up DB                                     OK
Fetching notifications                             OK
Caching PeeringDB data                             OK

參考網址

, ,
  • tech/librenms.1604560424.txt.gz
  • 上一次變更: 2020/11/05 15:13
  • jonathan_tsai