Install LibreNMS Monitoring Tool on CentOS with Letsencrypt and Nginx | Computin...
source link: https://computingforgeeks.com/install-librenms-monitoring-tool-on-centos-with-letsencrypt-and-nginx/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
In this guide, we will cover the installation and configuration of LibreNMS on CentOS 7 server with Nginx and optional Letsencrypt SSL certificate for security.
What is LibreNMS?
LibreNMS is a community-based GPL-licensed auto-discovering network monitoring tool based on PHP, MySQL, and SNMP. LibreNMS includes support for a wide range of network hardware and operating systems including Juniper, Cisco, Linux, Foundry, FreeBSD, Brocade, HP, Windows and many more. It is a fork of “Observium” monitoring tool.
Features of LibreNMS
Below are the top features of LibreNMS networking monitoring tool
- Has Automatic discovery – It will automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP, and ARP
- API Access – LibreNMS provides a full API to manage, graph and retrieve data from your install.
- Automatic Updates – With LibreNMS you get to stay up to date automatically with new features and bug fixes.
- Customisable alerting – Highly flexible alerting system, notify via email, IRC, slack and more.
- Support for Distributed Polling through horizontal scaling which grows with your network
- Billing system – Easily generate bandwidth bills for ports on your network based on usage or transfer.
- Android and iOS application – There is a native iPhone/Android App is available which provides core functionality.
- Multiple authentication methods: MySQL, HTTP, LDAP, Radius, Active Directory
- Integration support for NfSen, collectd, SmokePing, RANCID, Oxidized
How to Install LibreNMS Monitoring Tool on CentOS with Letsencrypt and Nginx
Follow steps provided here to have a running an operation LibreNMS monitoring tool on your CentOS 7 server.
Put SELinux into permissive mode
sudo setenforce 0
To persist the change, edit SELinux configuration file
$ sudo vim /etc/selinux/config SELINUX=permissive
Add EPEL repository to the system
sudo yum install epel-release sudo yum install yum-utils
Install required dependencies
sudo yum -y install zip unzip git cronie wget fping net-snmp net-snmp-utils ImageMagick jwhois mtr rrdtool MySQL-python nmap python-memcached
Install PHP and Nginx
PHP will be installed from REMI repository, add it to the system like below:
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
Disable remi-php54 repo which is enabled by default, and enable repository for PHP 7.2
sudo yum-config-manager --disable remi-php54 sudo yum-config-manager --enable remi-php72
Then finally install required php modules
sudo yum -y install php php-{cli,mbstring,process,fpm,mysqlnd,zip,snmp,devel,gd,mcrypt,mbstring,curl,xml,pear,bcmath}Configure PHP
sudo vim /etc/php-fpm.d/www.conf
Set below variables
user = nginx group = nginx listen = /var/run/php-fpm/php-fpm.sock listen.owner = nginx listen.group = nginx listen.mode = 0660
Set PHP timezone
$ sudo vim /etc/php.ini date.timezone = America/New_York
Install nginx web server
sudo yum install nginx
Start nginx and php-fpm service
for i in nginx php-fpm; do sudo systemctl enable $i sudo systemctl start $i done
Install and Configure Database Server
Use the guide below to Install MariaDB database on your CentOS 7 server.
Install MariaDB 10.x on Ubuntu 18.04 and CentOS 7
Edit my.cnf file and add below lines within the [mysqld] section:
$ sudo vim /etc/my.cnf [mysql] innodb_file_per_table=1 lower_case_table_names=0
Restart the MariaDB server after making the changes
sudo systemctl enable mariadb sudo systemctl restart mariadb
Once the database server has been installed and running, login as root user:
$ mysql -u root -p
Create a database and user:
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms_user'@'localhost' IDENTIFIED BY "Password1234!"; FLUSH PRIVILEGES; EXIT;
Install and Configure LibreNMS on CentOS 7
If you want to use Letsencrypt SSL certificate, you need to first request for it. Run below commands as root user
wget https://dl.eff.org/certbot-auto -P /usr/local/bin chmod a+x /usr/local/bin/certbot-auto
Enable http port on the firewall if you have firewalld service running
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reloadNow obtain the certificate to use
export DOMAIN='librenms.example.com' export EMAIL="[email protected]" certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring
The certificate will be placed under /etc/letsencrypt/live/librenms.example.com/ directory
Clone LibreNMS project from Github
cd /opt sudo git clone https://github.com/librenms/librenms.git sudo chown librenms:librenms -R /opt/librenms
Install PHP dependencies
cd /opt/librenms ./scripts/composer_wrapper.php install --no-dev
A successful install should have output similar to below:
.... Generating autoload files > LibreNMS\ComposerHelper::postInstall setfacl -R -m g::rwx rrd/ logs/ storage/ bootstrap/cache/ setfacl -d -m g::rwx rrd/ logs/ storage/ bootstrap/cache/ php artisan key:generate Application key [base64:/m3TCBxHJ5lFYdsCda+o9oxLTmmH1/3jXjLipmcIp+4=] set successfully. > Illuminate\Foundation\ComposerScripts::postInstall > php artisan optimize Generating optimized class loader The compiled services file has been removed.
Add LibreNMS user to the system
sudo useradd librenms -d /opt/librenms -M -r sudo usermod -a -G librenms nginx
Copy and configure SNMP configuration template:
sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf sudo vim /etc/snmp/snmpd.conf
Set your community string by replacing RANDOMSTRINGGOESHERE
com2sec readonly default MyInternalNetwork
Download distribution version identifier script
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro sudo chmod +x /usr/bin/distro
Then start and enable snmpd service
sudo systemctl enable snmpd sudo systemctl restart snmpd
When all is done, create nginx configuration file for LibreNMS
Nginx configuration without SSL
This is placed under /etc/nginx/conf.d/librenms.conf
server {
listen 80;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}Nginx Configuration with SSL
server {
listen 80;
root /opt/librenms/html;
server_name librenms.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;
# Set Logs path
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Configure SSL
ssl_certificate /etc/letsencrypt/live/librenms.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/librenms.example.com/privkey.pem;
# Enabling Gzip compression on Nginx
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
# PHP-FPM handle all .php files requests
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Confirm nginx syntax:
# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
If all looks good, restart the service
sudo systemctl restart nginx
Configure cron jobs
sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
Copy logrotate config
LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out.
To rotate out the old logs you can use the provided logrotate config file:
sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
Set proper permissions
sudo chown -R librenms:librenms /opt/librenms setfacl -d -m g::rwx /opt/librenms/logs sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
Start LibreNMS Web Installer
Open http://librenms.example.com/install.php on your web browser to finish the installation.
Confirm that all Pre-Install Checks passes and click “Next Stage”
Configure Database credentials as created earlier. It will start to import database schema and populate data.
On the next page, you’ll be asked to configure admin user account.
Username: admin Password: StrongPassword
Next is the generation of the configuration file, you may have to create the file manually with the contents given if it fails to create. The file path should be /opt/librenms/config.php
<?php
## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php!
### Database config
$config['db_host'] = 'localhost';
$config['db_port'] = '3306';
$config['db_user'] = 'librenms';
$config['db_pass'] = 'StrongPassword';
$config['db_name'] = 'librenms';
$config['db_socket'] = '';
// This is the user LibreNMS will run as
//Please ensure this user is created and has the correct permissions to your install
$config['user'] = 'librenms';
### Locations - it is recommended to keep the default
#$config['install_dir'] = "/opt/librenms";
### This should *only* be set if you want to *force* a particular hostname/port
### It will prevent the web interface being usable form any other hostname
#$config['base_url'] = "http://librenms.company.com";
### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
### and that your web server has permission to talk to rrdcached.
#$config['rrdcached'] = "unix:/var/run/rrdcached.sock";
### Default community
$config['snmp']['community'] = array("public");
### Authentication Model
$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth
### List of RFC1918 networks to allow scanning-based discovery
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";
# Update configuration
#$config['update_channel'] = 'release'; # uncomment to follow the monthly release channel
#$config['update'] = 0; # uncomment to completely disable updatesChange ownership of the file to a librenms user:
sudo chown librenms:librenms /opt/librenms/config.php
Click “Finish Install” button to complete LibreNMS installation on CentOS 7
You should be greeted with an admin login page. Login and select Validate Installation
We also have other monitoring tutorials around Zabbix, Grafana, Prometheus, and InfluxDB.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK