LibreNMS 1.49已規定PHP最小的版本為7.1.3,下列文章做部分修改(2019/03/15)
作業系統:CentOS 7
PHP版本:PHP 7.1.3以上
安裝需要的套件
yum install epel-release新增LiberNMS使用者帳戶
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install composer cronie fping git ImageMagick jwhois mtr nginx MySQL-python net-snmp net-snmp-utils nmap python-memcached unzip php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip php72w-ldap rrdtool mariadb mariadb-server
備註:如要用最新的MariaDB及RRDTool版本取代原有Repository提供的舊版本,可以參考這裡(MariaDB)及這裡(RRDTool)
備註:如果已經手動安裝RRDTool及MariaDB,可以把上述套件從安裝的套件中移除(橘色部分)不要安裝
備註:不要將PHP 7.2升級到PHP 7.3,因為現有composer套件需要PHP 7.2
useradd librenms -d /opt/librenms -M -r下載LiberNMS
usermod -a -G librenms nginx
cd /opt設定MySQL
composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
備註:因為是使用root帳號,所以在安裝過程中會遇到警告不要使用root帳號的訊息,但不影響後續安裝
systemctl start mariadb設定並啟動PHP-FPM
mysql -u root
執行SQL指令建立使用者帳號及密碼
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY '設定密碼';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; FLUSH PRIVILEGES;
exit
編輯MySQL設定檔
vi /etc/my.cnf
備註:MariaDB 10.x版本是編輯 /etc/my.cnf.d/server.cnf
在[mysqld]區塊中新增
innodb_file_per_table=1
lower_case_table_names=0
重新啟動MySQL
systemctl enable mariadb
systemctl restart mariadb
修改時區設定NGINX
vi /etc/php.ini
找到[Date]新增
date.timezone = Asia/Taipei
設定網頁設定檔
vi /etc/php-fpm.d/www.conf
變更內容為
;user = apache
user = nginx
group = apache ; keep group as apache
;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
重新啟動php-fpm服務
systemctl enable php-fpm
systemctl restart php-fpm
新增設定檔librenms.conf設定SELinux
vi /etc/nginx/conf.d/librenms.conf
新增內容
server {
listen 80;
server_name <輸入伺服器名稱>;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
重新啟動NGINX服務
systemctl enable nginx
systemctl restart nginx
安裝SELinux的Policy Tool
yum install policycoreutils-python
執行下列指令配置LibreNMS需要的內容新增fping模組
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
restorecon -RFvv /opt/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /opt/librenms/bootstrap/cache/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
在任何一個路徑的資料夾下新增http_fping.tt檔案,並新增下列內容設定防火牆規則
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
產生檔案後執行下列指令
checkmodule -M -m -o http_fping.mod http_fping.tt
semodule_package -o http_fping.pp -m http_fping.mod
semodule -i http_fping.pp
firewall-cmd --zone public --add-service http設定SNMP
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
將librenms的snmp範例取代原有的snmp設定檔複製建立Cron job
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
編輯snmpd.conf,並將RANDOMSTRINGGOESHERE改為自己的community string
vi /etc/snmp/snmpd.conf
下載librenms-agent,並重新啟動snmpd
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms設置logrotate
LibreNMS會將log保存在/opt/librenms/logs中,隨著時間推移,不必要的log會一直佔據磁碟空間,所以需要設定logrotate清除過期不再需要的log
複製logrotate設定檔
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms設定資料夾權限
chown -R librenms:librenms /opt/librenms將電腦名稱及IP加入到/etc/hosts
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
chgrp apache /var/lib/php/session/
透過瀏覽器安裝LibreNMS
http://<librenms.example.com>/install.php
Pre-Install Checks如果沒問題就點選Next Stage
DB Pass處輸入之前設定的MySQL密碼
如果沒任何錯誤訊息就點選Goto Add User
建立LibreNMS的管理者帳號、密碼及Email
點選Generate Config
這裡出現一個錯誤,因為沒有權限在/opt/librenms/下建立config.php檔案,所以要請我們複製下方內容,並手動建立config.php檔案
(備註:每個人的config.php有可能不同,請依照當下LibreNMS的建議將內文複製貼上)
(備註:測試過,config.php檔案不能先建立,並新增檔案的權限,不然會跳過LibreNMS的安裝步驟)
vi /opt/librenms/config.php
檔案建立後執行下列指令新增檔案的權限
chown librenms:librenms /opt/librenms/config.php
完畢後點選Finish
安裝結束後,點選”validate your install and fix any issues.”
輸入剛才在安裝步驟中建立的管理者帳號及密碼登入
登入LibreNMS管理頁面後,可能會有需要修正的錯誤,或是警告訊息,只要依照LibreNMS的步驟做修正就行了
全部錯誤修正完之後,就可以把系統或設備加入到LibreNMS中
備註:非常重要
當發生問題時,可以執行下列指令做Troubleshooting,LibreNMS會提供方法及解決步驟(真是太感恩了,居然可以遇到這麼人性化的系統,只要照著做就能解決問題)
cd /opt/librenms
./validate.php
參考資料:
LibreNMS官網
沒有留言:
張貼留言