2018年9月19日 星期三

LibreNMS on CentOS 7 安裝與設定


LibreNMS on CentOS 7 安裝與設定

LibreNMS是一個基於PHP的開源網路監控系統,透過SNMP協定,收集網路設備資訊,如CPURAMHDDNetwork等。

LibreNMS的安裝可參考官網提供的文件進行安裝。

請注意,LibreNMS僅支援PHP 5.6.4以上版本。

l   安裝需要的套件
1.          先安裝 epel-release,再安裝所有需要套件
# yum install epel-release
# rpm –Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool

2.          新增 librenms 使用者帳號
# useradd librenms -d /opt/librenms -M -r
# usermod -a -G librenms nginx

3.          下載 LiberNMS
# cd /opt
# composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master


l   DB Server設定
1.          設定 MySQLpassword更改為自己的密碼
# systemctl start mariadb
# mysql –u root

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit

2.          關閉 MySQL strict mode
# vi /etc/my.cnf

Within the [mysqld] section please add:
########################
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
########################

3.          設定開機啟動 mariadb
# systemctl enable mariadb
# systemctl restart mariadb


l   Web Server設定
1.          設定 PHP-FPM
##### 設定時區為 Asia/Taipei #####
# vi /etc/php.ini
Data.timezone = “Asia/Taipei”

2.          設定站台
# vi /etc/php-fpm.d/www.conf
…….
;user = apache
user = nginx

group = apache   ; keep group as apache

;listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php7.2-fpm.sock

listen.owner = nginx
listen.group = nginx
listen.mode = 0660

啟動 PHP-FPM
# systemctl enable php-fpm
# systemctl restart php-fpm

3.          設定 Nginxserver_name修改為自己的網址
# vi /etc/nginx/conf.d/librenms.conf
### 加入以下內容 ###
server {
listen      80;
server_name librenms.example.com;
root        /opt/librenms/html;
index       index.php;

charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}

設定開機啟動nginx
# systemctl enable nginx
# systemctl restart nginx


l   SELinux設定
1.          關閉SELinux
# vi /etc/sysconfig/selinux
SELINUX=disabled

# reboot

2.          或安裝 policy tool for SELinux
# yum install policycoreutils-python

設定LibreNMS
# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
# restorecon -RFvv /opt/librenms/logs/
# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
# restorecon -RFvv /opt/librenms/rrd/
# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
# restorecon -RFvv /opt/librenms/storage/
# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
# restorecon -RFvv /opt/librenms/bootstrap/cache/
# setsebool -P httpd_can_sendmail=1
# setsebool -P httpd_execmem 1

Allow fping
建立一檔案 http_fping.tt,檔案內容如下---
module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

建立完成後,執行以下指令
# checkmodule -M -m -o http_fping.mod http_fping.tt
# semodule_package -o http_fping.pp -m http_fping.mod
# semodule -i http_fping.pp


l   Firewall設定
# firewall-cmd --zone public --add-service http
# firewall-cmd --permanent --zone public --add-service http
# firewall-cmd --zone public --add-service https
# firewall-cmd --permanent --zone public --add-service https


l   snmpd設定
# cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

設定snmp community string
# vi /etc/snmp/snmpd.conf

### RANDOMSTRINGGOESHERE 改為自家環境使用的community string (ex: public)
# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
com2sec readonly  default         public

啟動 snmpd
# curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
# chmod +x /usr/bin/distro
# systemctl enable snmpd
# systemctl restart snmpd


l   Cron job設定
# cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

複製 logrotate 設定檔
LibreNMS log路徑在 /opt/libernms/logs,可使用以下rotate設定檔定期清除過期資料。
# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms


l   權限設定
# chown -R librenms:librenms /opt/librenms

### 若沒有關閉SELinux,則需設定以下SELinux權限設定 ###
# setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/


l   Web installer
開啟瀏覽器,依照螢幕上指示進行LiberNMS系統設定。
並請注意,系統預設使用HPPT而非HTTPS,故請不要將LibreNMS暴露在公開網路上。
http://libernms.example.com/install.php


l   最後步驟
恭喜!! 安裝設定完成後,您要做的就是從 Device \ Add Device 頁面,將要監控的網路設備加入監控即可。





l   Troubleshooting
# cd /opt/librenms
# ./validate.php


以上內容參考自 LibreNMS官方文件
張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)