電腦-Linux-Librenms 安裝(Centos+Nginx)
CentOS7 安裝 LibreNMS
安裝環境
CentOS 7
DB使用 MariaDB/MySQL Galera Cluster + Haproxy
安裝套件(epel、webtatic、php72)
yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install composer cronie fping git ImageMagick jwhois mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool
建立 librenms 用戶,加入 nginx 群組
useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms nginx
下載 LibreNMS
cd /opt
composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master
設定 DB Server
登入MariaDB/MySQL Galera Cluster 第一台主機,建立librenms資料庫。
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'librenms';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
登入MariaDB/MySQL Galera Cluster 所有主機,修改設定檔。
vim /etc/my.cnf.d/server.cnf
==
[mysqld]
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
==
systemctl enable mariadb
systemctl restart mariadb
建立 Web Server (PHP-FPM+Nginx)
設定PHP
vim /etc/php.ini
==
[Date]
date.timezone = Asia/Taipei
==
設定 PHP-FPM
vim /etc/php-fpm.d/www.conf
==
user = nginx
group = apache
listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
==
systemctl enable php-fpm
systemctl restart php-fpm
設定 nginx
停用nginx default 設定
vi /etc/nginx/nginx.conf
==
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
==
新增librenms 設定檔
vim /etc/nginx/conf.d/librenms.conf
==
server {
listen 80;
server_name 192.168.11.201;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
==
systemctl enable nginx
systemctl restart nginx
修改 SELinux 與 Allow fping
安裝SELinux policy tool
yum install policycoreutils-python
設定權限
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?'
restorecon -RFvv /opt/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /opt/librenms/bootstrap/cache/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
新增http_fping.tt
vim /tmp/http_fping.tt
==
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
==
checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt
semodule_package -o /tmp/http_fping.pp -m http_fping.mod
semodule -i /tmp/http_fping.pp
設定 firewall
firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https
設定 snmpd
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vim /etc/snmp/snmpd.conf
==
將 RANDOMSTRINGGOESHERE 改成你要的 community 字串
com2sec readonly default public
更改位置及個人資料
syslocation Taipei, Taiwan
syscontact Your Name <your@email.address>
==
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
設定 cron table
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
設定定時清除 log
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
設定權限
chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
網頁安裝 http://192.168.11.201/install.php
依照網頁出現的 6 個步驟執行
步驟5將產生的設定參數,新增/opt/librenms/config.php 手動寫入
vim /opt/librenms/config.php
調整參數檔案權限
chown librenms:librenms /opt/librenms/config.php
再來應該就可以透過網頁依照上一步驟建立的帳號登入
參考資料
原廠 Installation-CentOS-7-Nginx
Librenms 安裝於 Centos7
CentOS7 安裝 LibreNMS
在 CentOS 7 / RHEL 7上,安裝 LibreNMS 服務
沒有留言:
張貼留言
注意:只有此網誌的成員可以留言。