差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

Both sides previous revision 前次修改
tech:librenms [2020/11/05 15:09]
jonathan_tsai [升級 php 至 7.4]
tech:librenms [2020/11/05 15:13] (目前版本)
jonathan_tsai [升級 php 至 7.4]
行 1: 行 1:
 +====== CentOS7 安裝 LibreNMS ======
 +  * CentOS Linux release 7.5.1804 (Core)
 +
 +===== 安裝程序 =====
 +  - 安裝需要的套件 <code sh>
 +yum install epel-release
 +rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
 +yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr python36 MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
 +</code>
 +  - 建立 librenms 用戶<code sh>
 +useradd librenms -d /opt/librenms -M -r
 +usermod -a -G librenms nginx
 +</code>
 +  - 設定 /etc/php.ini <file>
 +:
 +[Date]
 +; Defines the default timezone used by the date functions
 +; http://php.net/date.timezone
 +date.timezone = Asia/Taipei
 +:
 +</file>
 +  - 重新開機<code sh>
 +sync;sync;sync;reboot
 +</code>
 +  - 下載 LibreNMS <code sh>
 +cd /opt
 +composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
 +</code>
 +  - 出現異常與警告訊息, 重新開機後再執行<code sh>
 +cd /opt/librenms
 +./scripts/composer_wrapper.php install --no-dev
 +</code>
 +  - 建立 DB Server<code sh>
 +systemctl start mariadb
 +mysql -u root
 +</code>**password** 要依照自己需要設定<code sql>
 +CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
 +CREATE USER 'librenms'@'localhost' IDENTIFIED BY '**password**';
 +GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
 +FLUSH PRIVILEGES;
 +exit
 +</code><code sh>
 +vi /etc/my.cnf
 +</code><file>
 +[mysqld]
 +datadir=/var/lib/mysql
 +:
 +:
 +# instructions in http://fedoraproject.org/wiki/Systemd
 +innodb_file_per_table=1
 +sql-mode=""
 +lower_case_table_names=0
 +:
 +</file><code sh>
 +systemctl enable mariadb
 +systemctl restart mariadb
 +</code>
 +  - 建立 Web Server <code sh>
 +vi /etc/php-fpm.d/www.conf
 +</code><file>
 +:
 +;user = apache
 +user = nginx
 +; RPM: Keep a group allowed to write in log dir.
 +group = apache
 +
 +; The address on which to accept FastCGI requests.
 +; Valid syntaxes are:
 +;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
 +;                            a specific port;
 +;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
 +;                            a specific port;
 +;   'port'                 - to listen on a TCP socket to all addresses
 +;                            (IPv6 and IPv4-mapped) on a specific port;
 +;   '/path/to/unix/socket' - to listen on a unix socket.
 +; Note: This value is mandatory.
 +;listen = 127.0.0.1:9000
 +listen = /var/run/php-fpm/php7.2-fpm.sock
 +
 +; Set listen(2) backlog.
 +; Default Value: 511 (-1 on FreeBSD and OpenBSD)
 +;listen.backlog = 511
 +
 +; Set permissions for unix socket, if one is used. In Linux, read/write
 +; permissions must be set in order to allow connections from a web server. Many
 +; BSD-derived systems allow connections regardless of permissions.
 +; Default Values: user and group are set as the running user
 +;                 mode is set to 0660
 +;listen.owner = nobody
 +;listen.group = nobody
 +;listen.mode = 0660
 +listen.owner = nginx
 +listen.group = nginx
 +listen.mode = 0660
 +
 +; When POSIX Access Control Lists are supported you can set them using
 +; these options, value is a comma separated list of user/group names.
 +:
 +</file><code sh>
 +systemctl enable php-fpm
 +systemctl restart php-fpm
 +</code>
 +  - 設定 nginx <code sh>
 +vi /etc/nginx/conf.d/librenms.conf
 +</code><file>
 +server {
 + listen      80;
 + server_name librenms.example.com;
 + root        /opt/librenms/html;
 + index       index.php;
 +
 + charset utf-8;
 + gzip on;
 + gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 + location / {
 +  try_files $uri $uri/ /index.php?$query_string;
 + }
 + location /api/v0 {
 +  try_files $uri $uri/ /api_v0.php?$query_string;
 + }
 + location ~ \.php {
 +  include fastcgi.conf;
 +  fastcgi_split_path_info ^(.+\.php)(/.+)$;
 +  fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
 + }
 + location ~ /\.ht {
 +  deny all;
 + }
 +}
 +</file><code sh>
 +systemctl enable nginx
 +systemctl restart nginx
 +</code>
 +  - 建立 SELinux 與 Allow fping<code sh>
 +yum install policycoreutils-python
 +
 +semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
 +semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
 +restorecon -RFvv /opt/librenms/logs/
 +semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
 +semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
 +restorecon -RFvv /opt/librenms/rrd/
 +semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
 +semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
 +restorecon -RFvv /opt/librenms/storage/
 +semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
 +semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
 +restorecon -RFvv /opt/librenms/bootstrap/cache/
 +setsebool -P httpd_can_sendmail=1
 +setsebool -P httpd_execmem 1
 +</code><code sh>
 +vi /tmp/http_fping.tt
 +</code><file>
 +module http_fping 1.0;
 +
 +require {
 +type httpd_t;
 +class capability net_raw;
 +class rawip_socket { getopt create setopt write read };
 +}
 +
 +#============= httpd_t ==============
 +allow httpd_t self:capability net_raw;
 +allow httpd_t self:rawip_socket { getopt create setopt write read };
 +</file><code sh>
 +checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
 +semodule_package -o /tmp/http_fping.pp -m http_fping.mod
 +semodule -i /tmp/http_fping.pp
 +</code>
 +  - 設定 firewall<code sh>
 +firewall-cmd --zone public --add-service http
 +firewall-cmd --permanent --zone public --add-service http
 +firewall-cmd --zone public --add-service https
 +firewall-cmd --permanent --zone public --add-service https
 +<code>
 +  - 設定 snmpd <code sh>
 +cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
 +
 +vi /etc/snmp/snmpd.conf
 +</code>將 RANDOMSTRINGGOESHERE 改成你要的 community 字串<file>
 +# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
 +#com2sec readonly  default         RANDOMSTRINGGOESHERE
 +com2sec readonly  default         **community_string**
 +:
 +#syslocation Rack, Room, Building, City, Country [GPSX,Y]
 +syslocation Taipei, Taiwan
 +#syscontact Your Name <[email protected]>
 +syscontact Jonathan Tsai <[email protected]>
 +:
 +</file><code sh>
 +curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
 +chmod +x /usr/bin/distro
 +systemctl enable snmpd
 +systemctl restart snmpd
 +</code>
 +  - 定義 cron table <code sh>
 +cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
 +</code>
 +  - 設定定時清 log <code sh>
 +cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
 +</code>
 +  - 設定權限 <code sh>
 +chown -R librenms:librenms /opt/librenms
 +setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
 +setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
 +</code>
 +  - 至網頁介面進行安裝 網址 Exp. http://192.168.11.200/install.php 
 +    - 如果這時候無法出現安裝畫面, 表示 nginx default 設定沒有移除 <code sh>
 +vi /etc/nginx/nginx.conf
 +</code><file>
 +:
 +    include             /etc/nginx/mime.types;
 +    default_type        application/octet-stream;
 +
 +    # Load modular configuration files from the /etc/nginx/conf.d directory.
 +    # See http://nginx.org/en/docs/ngx_core_module.html#include
 +    # for more information.
 +    include /etc/nginx/conf.d/*.conf;
 +
 +#    server {
 +#        listen       80 default_server;
 +#        listen       [::]:80 default_server;
 +#        server_name  _;
 +#        root         /usr/share/nginx/html;
 +#
 +#        # Load configuration files for the default server block.
 +#        include /etc/nginx/default.d/*.conf;
 +#
 +#        location / {
 +#        }
 +#
 +#        error_page 404 /404.html;
 +#            location = /40x.html {
 +#        }
 +#
 +#        error_page 500 502 503 504 /50x.html;
 +#            location = /50x.html {
 +#        }
 +#    }
 +
 +# Settings for a TLS enabled server.
 +#
 +#    server {
 +:
 +</file><code sh>
 +systemctl restart nginx
 +</code>
 +    - 依照網頁出現的 6 個 Stage 執行
 +    - Stage 5 將產生的設定參數資料手動寫入 /opt/librenms/config.php <code sh>
 +vi /opt/librenms/config.php
 +</code>
 +    - 調整參數檔案權限<code sh>
 +chown librenms:librenms /opt/librenms/config.php
 +</code> 
 +  - 再來應該就可以透過網頁依照上一步驟建立的帳號登入 
 +
 +===== 設定自動找尋區域網路內可納管設備 =====
 +  * 假設區網為 192.168.1.0/24 (192.168.1.1 - 192.168.1.254)
 +  * SNMP 都是設定為 v1 / v2c , Community 設定為 public 或 ichiayi_snmp
 +  
 +  - 先安裝 python-ipaddress 模組 yum install python-ipaddress
 +  - 先手動加入一個設備進行監管 Exp. 192.168.1.1
 +  - vi /opt/librenms/config.php <code sh>
 +:
 +# Auto-Discovery
 +// v1 or v2c
 +$config['snmp']['community'][] = "public";
 +$config['snmp']['community'][] = "ichiayi_snmp";
 +
 +$config['nets'][] = '192.168.1.0/24';
 +
 +$config['autodiscovery']['nets-exclude'][] = '192.168.1.1/32';
 +
 +$config['discovery_by_ip'] = true;
 +
 +</code>
 +  - 第一次可以手動執行一次 <code sh>
 +cd /opt/librenms
 +./snmp-scan.py
 +</code> 結果:<file>
 +[[email protected] librenms]# ./snmp-scan.py
 +Scanning IPs:
 +..............................................................................................................................................................................................................................................++++++++++-----
 +
 +Scanned 253 IPs: 0 known devices, added 10 devices, failed to add 5 devices, 1 ips excluded by config
 +Runtime: 104.31 seconds
 +</file>
 +  - 之後在區域網路內的新設備如果有啟用 snmp v1 / v2c communty 符合設定的值, 可以在五分鐘內被自動加入
 +
 +===== 設定告警通知 =====
 +  * 設定 E-Mail 通知
 +    * Global Settings -> Alerting Settings 
 +      * General alert settings : Default contact <- 填上要接收通知的 E-Mail
 +        * Exp. {{:tech:2018121001.png?600}}
 +      * Email options 依照實際寄送的 Mail Server 方式設定
 +        * Exp. {{:tech:2018121002.png?800}}
 +  * 設定告警通知規則 
 +    * Alerts -> Alert Rules
 +      * 當監控的設備無法連線就通知
 +      * {{:tech:2018121003.png?600}}
 +      * {{:tech:2018121004.png?800}}
 +
 +
 +===== 設定 Device Dependencies 設備依存關係 =====
 +  * Device Dependencies 可以減少不必要的告警通知, 例如 Firewall 故障, Firewall 內所有的主機當然無法使用, 此時可以設定裡面所有的主機的 Parents 是 Firewall 減少不必要的告警通知
 +  * Exp. 192.168.1.254 是 Firewall, 192.168.1.222 是內部 Wifi 設備, 外部監控的 LibreNMS 可以設定 192.168.1.222 有個 Parents 是 192.168.1.254 ++可點下參考相關設定畫面|
 +  * 選單 Devices->Device Dependncies 進入設定功能 \\ {{:tech:2019061501.png}}
 +  * 搜尋要設定的 Device IP Exp. 192.168.1.222 \\ {{:tech:2019061502.png}}   
 +  * 編輯該設備的 Parent Exp. 192.168.1.254 \\ {{:tech:2019061503.png}}
 +  * 當完成設定後, 192.168.1.254(Firewall) 出現異常, 192.168.1.222(WiFi) 的異常就不會通知
 +  * 192.168.1.254(Firewall) 出現異常紀錄(告警會通知) \\ {{:tech:2019061504.png}}
 +  * 192.168.1.222(Wifi) 出現異常紀錄(告警會跳過) \\ {{:tech:2019061505.png}}
 +++
 +
 +===== 安裝 Agent 監看應用程式 =====
 +  * {{indexmenu>:tech:librenms#1|js navbar nsort}}
 +
 +
 +===== 常見 LibreNMS 異常問題排除 =====
 +==== 每日自動更版失敗處理 ====
 +  * 先透過執行 daily.sh 看錯誤訊息 <code sh>
 +su - librenms
 +./daily.sh
 +</code>
 +  * 看錯誤訊息進行處理, Exp. git 檔案被更改, 就移除這些檔案後, 在執行 daily.sh
 +  * 如果無法解決, 可以透過 validate.php 來檢查 <code sh>
 +./vaildate.php</code><file>
 +:
 +[FAIL]  Some folders have incorrect file permissions, this may cause issues.
 +        [FIX]:
 +        sudo chown -R librenms:librenms /opt/librenms
 +        sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/libr                                              enms/bootstrap/cache/ /opt/librenms/storage/
 +        sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/                                              bootstrap/cache/ /opt/librenms/storage/
 +        Files:
 +         /opt/librenms/storage/framework/views/cdca770a337e07f2364ec770e7b408621                                              95170d7.php
 +</file>就依照內容說明去修正<code sh>
 +su - root
 +chown -R librenms:librenms /opt/librenms
 +setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
 +chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
 +</code>
 +  * 其他實用的修復 script:
 +    * 修復 git 目錄檔案 ./scripts/github-remove
 +
 +<note>
 +  * 自動更新失敗, 出現很多套件依存議題, Exp,. Carbon 1 is deprecated, see how to migrate to Carbon 2
 +  * 可重新完整安裝的程序如下: <code sh>
 +su - librenms
 +./scripts/github-remove -d -v
 +git pull
 +./daily.sh
 +./validate.php
 +</code>
 +</note>
 +
 +==== 更新 python3 ====
 +<note warning>
 +<code>
 +PHP 7.1 and Python 2 no longer supported 
 +LibreNMS will soon require Python 3.5+ and PHP 7.2.5+. For more details check https://t.libren.ms/uo84c
 +
 +2020-05-11 00:00:00 | Source: http://www.librenms.org/notifications.rss
 +</code>
 +</note>
 +  * <code sh>
 +yum install python36
 +</code>
 +  * 參考 - https://kirin.idv.tw/python-install-python3-in-centos7/
 +
 +==== 修改連線 DB ====
 +  * 因為資料庫變大, 改用 [[tech/perconaxc|Percona XtraDB Cluster]] 來取代本機 MySQL/MariaDB, 修改 /opt/librenms/config.php 內的 ### Database config 卻完全沒用, 看了 LibreNMS 文件才發現已經變成要改 /opt/librenms/.env 才對
 +  * 以下是 /opt/librenms/.env 大概的內容<file>
 +APP_KEY=base64:LvIYs6Gauexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5/c=
 +
 +DB_HOST=192.168.11.202
 +DB_DATABASE=librenms
 +DB_USERNAME=**dbuser**
 +DB_PASSWORD=**dbpasswd**
 +
 +#APP_URL=
 +NODE_ID=5cxxxxxxxxxde
 +DB_PORT=3306
 +LIBRENMS_USER=librenms
 +
 +</file>
 +  * 原本 mariadb 的設定要關閉<code sh>
 +systemctl stop mariadb
 +systemctl disable mariadb
 +</code>
 +
 +  * 參考 - https://docs.librenms.org/Support/Configuration/
 +
 +===== 升級 php 至 7.4 =====
 +  * 2020/11/04 收到訊息會 2020/11 起, LibreNMS 必須使用 php 7.3 以上(建議 7.4)版本才會自動更新
 +  * 先移除原本 PHP 7.2 <cli>
 +systemctl stop php-fpm
 +yum remove php72w*
 +mv /etc/yum.repos.d/webtatic* /tmp/ 
 +</cli>
 +  * 將安裝 REMI 的 PHP 7.4 來因應 <cli>
 +yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
 +vi /etc/yum.repos.d/remi-php74.repo
 +</cli><file>
 +:
 +[remi-php74]
 +:
 +enabled=1
 +:
 +</file><cli>
 +yum install composer php php-cli php-common php-curl php-fpm php-gd php-mbstring php-mysqlnd php-process php-snmp php-xml php-zip
 +</cli>
 +<note warning>
 +  * 因為這方式是重新安裝 php 與相關套件, 所以 php.ini 與 nginx 的一些設定必須再次執行
 +</note>
 +  * 修改 php.ini <cli>
 +vi /etc/php.ini
 +</cli><file>
 +:
 +[Date]
 +; Defines the default timezone used by the date functions
 +; http://php.net/date.timezone
 +date.timezone = Asia/Taipei
 +:
 +</file>
 +  * 修改 php-fpm 設定 <cli>
 +vi /etc/php-fpm.d/www.conf
 +</cli><file>
 +:
 +;user = apache
 +user = nginx
 +:
 +;listen.owner = nobody
 +;listen.group = nobody
 +;listen.mode = 0660
 +listen.owner = nginx
 +listen.group = nginx
 +listen.mode = 0660
 +:
 +</file><cli>
 +systemctl enable php-fpm
 +systemctl restart php-fpm</cli>
 +  * 修改 nginx 設定<cli>
 +vi /etc/nginx/conf.d/librenms.conf
 +</cli><file>
 +:
 +:
 + location ~ \.php {
 +  include fastcgi.conf;
 +  fastcgi_split_path_info ^(.+\.php)(/.+)$;
 +  #fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
 +  fastcgi_pass 127.0.0.1:9000;
 + }
 +:
 +</file><cli>
 +systemctl restart nginx
 +</cli>
 +  * 設定 ping 的執行權限 <cli>
 +setcap cap_net_raw+ep /usr/sbin/fping
 +setcap cap_net_raw+ep /usr/sbin/fping6
 +</cli>
 +  * 驗證一下是否可以正常運作 <cli>
 +su - librenms
 +./validate.php 
 +./daily.sh
 +</cli>可能會出現一些 Call to undefined method ... 訊息, 不過第二次執行 ./daily.sh 應該就不會再出現, 執行畫面如下<cli>
 +[[email protected] ~]# su - librenms
 +-bash-4.2$ ./validate.php 
 +====================================
 +Component | Version
 +--------- | -------
 +LibreNMS  | 1.69-5-g240edd2
 +DB Schema | 2020_07_27_00522_alter_devices_snmp_algo_columns (188)
 +PHP       | 7.4.12
 +Python    | 3.6.8
 +MySQL     | 5.6.42-84.2-56-log
 +RRDTool   | 1.4.8
 +SNMP      | NET-SNMP 5.7.2
 +OpenSSL   
 +====================================
 +
 +[OK]    Composer Version: 1.10.17
 +[OK]    Dependencies up-to-date.
 +[OK]    Database connection successful
 +[OK]    Database schema correct
 +-bash-4.2$ ./daily.sh
 +Supported PHP and Python version, switched back to master branch. OK
 +Updating to latest codebase                        OK
 +
 +In AppServiceProvider.php line 43:
 +                                                                            
 +  Call to undefined method Illuminate\Pagination\Paginator::useBootstrap()  
 +
 +In AppServiceProvider.php line 43:
 +                                                                            
 +  Call to undefined method Illuminate\Pagination\Paginator::useBootstrap()  
 +
 +Updating Composer packages                         OK
 +Updated from bc02ab3 to 240edd2                    OK
 +Updating SQL-Schema                                OK
 +Updating submodules                                OK
 +Cleaning up DB                                     OK
 +Fetching notifications                             OK
 +Caching PeeringDB data                             OK
 +-bash-4.2$ ./daily.sh
 +Updating to latest codebase                        OK
 +Updating Composer packages                         OK
 +Updating SQL-Schema                                OK
 +Updating submodules                                OK
 +Cleaning up DB                                     OK
 +Fetching notifications                             OK
 +Caching PeeringDB data                             OK
 +</cli>
 +
 +<note>
 +  * 移轉 LibreNMS 程序可參考 https://docs.librenms.org/Support/FAQ/ 內 \\ **How do I move my LibreNMS install to another server?** 
 +</note>
 +
 +
 +===== 參考網址 ====
 +  * https://docs.librenms.org/#Installation/Installation-CentOS-7-Nginx/
 +  * https://docs.librenms.org/Extensions/Auto-Discovery/
 +  * https://community.librenms.org/t/email-alert-settings-help/4600
 +  * https://docs.librenms.org/Extensions/Services/
 +  * https://support.nagios.com/forum/viewtopic.php?f=7&t=36193&start=0#_ga=1.99004318.1602829684.1486395689
 +
 +{{tag>nms librenms centos7}}
  
  • tech/librenms.txt
  • 上一次變更: 2020/11/05 15:13
  • jonathan_tsai