本文更新時間為2020年,資訊可能有所改變
Centos 8 於 2021/12/31 EOL ,建議使用Ubuntu or Docker 來建置。
前言
該文章會說明如何在Centos8 搭配Nginx來建置librenms這套監控軟體。
librenms這套軟體在增加大量主機的時候很方便還可以安裝另外的套件進行擴充,
個人覺得比另外一套監控軟體Cacti還符合現況的監控軟體。
安裝教學
WEB服務-Nginx
1
| dnf install yum-utils -y
|
安裝 yum-utils 軟體包
1
2
3
4
5
| [nginx-stable]
name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
|
設定 yum 存儲庫
在此目錄(/etc/yum.repos.d/)下新增(vi/vim) nginx.repo檔案
該儲存庫為官方提供
1
| yum-config-manager — enable nginx-stable
|
安裝其他依賴套件
查看要安裝的 NGINX 版本資訊
安裝 nginx 服務
查看安裝的 NGINX 版本
資料庫服務-MariaDB
1
| vim /etc/yum.repos.d/MariaDB.repo
|
設定 yum 存儲庫
1
2
3
4
5
6
| [mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos8-amd64
module_hotfixes=1
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
|
MariaDB.repo 填入以上內容
1
2
3
| dnf makecache
dnf install boost-program-options
dnf install MariaDB-server MariaDB-client --disablerepo=AppStream
|
安裝其他依賴套件
1
2
| systemctl start mariadb
systemctl enable mariadb
|
啟動資料庫服務&開啟自動啟動資料庫服務
1
| mysql_secure_installation
|
設定資料庫的安全性
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
| NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we
password for the root user. If you
you haven
so you should just press enter here.
Enter current password for root (enter for none): 第一次設定,直接按 Enter 鍵即可
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] 按 Y 設定資料庫 root 密碼
New password: 輸入新密碼
Re-enter new password: 再次輸入新密碼
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] 按 Y 移除anonymous users
... Success!
Normally, root should only be allowed to connect from
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] 按 Y 關閉 root 遠端登入
... Success!
By default, MariaDB comes with a database named
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] 按 Y 移除資料表 test
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] 按 Y 重新載入資料表權限
... Success!
Cleaning up...
All done! If you
installation should now be secure.
Thanks for using MariaDB!
|
上方這串為設定資料庫的安全性資訊
1
2
3
4
5
6
7
8
9
10
11
12
| mysql -u root -p
.
.
.
.
.
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
#密碼修改成要登入的密碼
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
|
登入資料庫設定表及權限
1
2
3
| [mysqld]
innodb_file_per_table=1
lower_case_table_names=0
|
新增設定在此檔案 /etc/my.cnf.d/server.cnf
1
| systemctl restart mariadb
|
重啟資料庫
PHP 服務-PHP
1
| dnf install -y epel-release
|
安裝 epel-release 套件服務
1
| dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
|
安裝官方所提供來源庫版本
查詢目前可安裝的版本 [備註:目前支援最低的PHP版本為7.2.5]
1
2
| dnf module reset php
dnf module enable php:remi-7.4 -y
|
使用 PHP 7.4 版本
1
2
| dnf -y install epel-release
dnf install -y bash-completion cronie fping git ImageMagick mariadb-server mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-PyMySQL python3-redis python3-memcached python3-pip rrdtool unzip
|
安裝必要套件
檢查php版本
PHP 服務-composer
移動到想安裝的位置
1
| curl -sS https://getcomposer.org/installer | php
|
安裝 composer
1
| mv composer.phar composer
|
重新命名 composer
安裝librenms
1
2
| useradd librenms -d /opt/librenms -M -r -s /usr/bin/bash
usermod -a -G librenms nginx
|
新增加 librenms 使用者
1
2
| cd /opt
git clone https://github.com/librenms/librenms.git
|
下載 Librenms 服務
1
2
3
4
| chown -R librenms:librenms /opt/librenms
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
|
設定權限
1
2
3
| su - librenms
./scripts/composer_wrapper.php install --no-dev
exit
|
安裝 PHP 依賴套件
1
2
3
4
5
| [Date]
修改前
;date.timezone =
修改後
date.timezone = Asia/Taipei
|
修改時區 檔案位置 /etc/php.ini
位置約923行附近
1
2
3
4
5
6
7
8
| ;user = apache
user = nginx
group = apache ; keep group as apache
;listen = 127.0.0.1:9000
listen = /run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
|
設定php-fpm
檔案位置 /etc/php-fpm.d/www.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| server {
listen 80;
server_name librenms.example.com;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
|
新增 NGINX 服務設定檔
/etc/nginx/conf.d/librenms.conf
設定方式如上
備註:librenms.example.com 要改成IP
重啟服務
1
2
| ln -s /opt/librenms/lnms /usr/local/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
|
啟用 lnms
1
2
3
4
5
6
| cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vim /etc/snmp/snmpd.conf
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
|
針對 Librenms snmp設定
備註:將 「RANDOMSTRINGGOESHERE」 修改或預設 public
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| vi /tmp/http_fping.tt
.
.
.
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
checkmodule -M -m -o http_fping.mod /tmp/http_fping.tt semodule_package -o /tmp/http_fping.pp -m http_fping.mod semodule -i /tmp/http_fping.pp
|
fping安裝
設定排程
1
| cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
|
從 Librenms 目錄下檔案複製到 cron.d 資料夾
1
| cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
|
複製預設的設定檔
1
2
3
4
| - -- ---
- -- -- ---
- -- ---
- -- -- ---
|
SELinux安裝設定
備註:SELinux沒開啟可以跳過此步驟
1
2
3
4
5
6
7
8
9
10
| dnf install policycoreutils-python-utils
.
.
.
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?'
restorecon -RFvv /opt/librenms
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1
chcon -t httpd_sys_rw_content_t /opt/librenms/.env
|
現在就可以再WEB上進行後續的安裝步驟,進行安裝。
設定 config.php 權限
1
| chown librenms:librenms /opt/librenms/config.php
|
備註 :預設有可能沒有這個檔案 只有config.php.default
問題排除
到網頁介面進行安裝沒顯示安裝畫面
表示nginx default 設定沒有移除
1
| vi /etc/nginx/nginx.conf
|
安裝有問題無法排除
使用root帳號再librenms目錄下執行 validate.php
1
2
| cd /opt/librenms
./validate.php
|