Installation And Configuration LibreNMS On CentOS 8 With Apache Web Server

 


LibreNMS is PHP / MySQL / SNMP based open source network monitoring autodiscovering software that includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many others.

CHARACTERISTICS OF LIBRENMS

  • Automatic discovery: Automatically discover the entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP.
  • Customizable alerts: highly flexible alert system, notification by email, irc, slack and more.
  • API Access: A comprehensive API to manage, graph, and retrieve data from the installation.
  • Billing System: Generates bandwidth bills for ports on the network based on usage or transfer.
  • Automatic Updates: Stay up to date automatically with bug fixes, new features and more.
  • Distributed Polling: Horizontal scaling to grow with the network.
  • IPhone App: The native iPhone app is available which provides basic functionality.
  • Android App: Native Android app is available which provides basic functionality.

AUTHENTICATION METHODS

  • MySQL
  • HTTP
  • LDAP
  • Active Directory


In this tutorial, I will show you how to install and configure LibreNMS on a CentOS 8.2.2004 server with Apache as the web server and MariaDB as the database.


PRE-REQUIREMENTS

  • A CentOS 8.2.2004 server with a non-root user with sudo privileges

PACKAGE INSTALLATION


Let's start by installing the dependencies required by the application. Add the EPEL repository to RHEL / CentOS 8 with the commands listed below:

sudo dnf -y install epel-release
sudo dnf install bash-completion composer cronie fping git ImageMagick mariadb-server mtr net-snmp net-snmp-utils nginx nmap php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-PyMySQL python3-redis python3-memcached python3-pip rrdtool unzip


INSTALLING PHP AND APACHE
To install PHP and Apache run the command:

sudo yum install @httpd @php php-{cli,common,curl,gd,mbstring,mysqlnd,process,snmp,xml,zip}

We start the Apache and PHP services with the command:

sudo systemctl enable --now php-fpm httpd

 

If everything is correct we should see a screen as shown in the image above.

Now let's verify that the services are up with the command:

sudo systemctl status php-fpm httpd

 

If everything is correct we should see a screen as shown in the image above.
So let's check the PHP version installed with the command:

php -v

At the time of writing this guide, the PHP version installed is 7.2.24 as you can see in the image above.
We proceed as the configuration of the gtimezone in the php.ini file with the command:

sudo nano /etc/php.ini

Find the date.timezone parameter and enter the Europe/Rome value
Save and close the php.ini file

FIREWALL CONFIGURATION

For convenience, since the server will only be reachable from the internal network, I have disabled the firewall.

If you want to use the firewall, remember to activate the http and https servers with the following commands:

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

INSTALLING THE DATABASE SERVER (MARIADB)
Proceed to install MariaDB using the following commands:
First of all let's update the system with the command:

sudo dnf -y update
 

Install MariaDB with the command:

sudo dnf module install mariadb

 

Check the MariaDB version installed with the command:

rpm -qi mariadb-server

At the time of writing this guide the version of MariaDb installed is 10.3.17 as can be seen in the image above.
Activate the MariaDB service with the command:

sudo systemctl enable --now mariadb


Proceed with the safety mesa of MariaDB with the command:

mysql_secure_installation


Press ENTER

Press Y to enter the root password

Enter the password twice

Press Y to remove anonymous users

Press Y to disallow remote root login

Press Y to remove the test databases

Press Y to reload the privileges of the tables

If we have done everything correctly we should see a message like in the image above
Do a database access test to verify that everything is ok with the command:

mysql -u root -p
 

Enter the root password configured earlier

If everything is OK we should see a message like in the image above

CONFIGURING THE SERVER DATABASE (MARIADB)
Proceed to configure the database server by logging in with the root user with the command:

mysql -u root -p


Enter the root user password

Execute the commands in sequence:

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'PasswordUtente';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit

PLEASE NOTE: instead of PasswordUser enter the password of the librenms user that we will use later

If we have done everything correctly we should see a screen like in the image above
Edit the my.cnf file with the command:

sudo nano /etc/my.cnf.d/mariadb-server.cnf


In the [mysqld] section add the following lines:

innodb_file_per_table=1
lower_case_table_names=0

If everything is correct we should see a screen like in the image above
Save and close the configuration file
Enable MariaDB with the command:

sudo systemctl enable mariadb
 

Then restart the service with the command:

sudo systemctl restart mariadb


verify that MariaDb is running with the command:

systemctl status mariadb

If everything is correct we should see a screen like in the image above

GIT INSTALLATION AND CONFIGURATION
First, use the DNF package management tools to update the local package index by running the command:

sudo dnf update -y


Proceed to install GIT with the command:

sudo dnf install git -y


To check the version of GIT installed, execute the command

git --version

At the time of writing this guide the version of GIT installed is 2.18.4 as you can see in the image above

LIBRENMS INSTALLATION AND CONFIGURATION
First of all we add the librenms user with the command:

sudo useradd librenms -d /opt/librenms -M -r


So for apache we run the command:

sudo usermod -a -G librenms apache


Clone LibreNMS from GitHub with the following commands:

cd /opt
sudo git clone https://github.com/librenms/librenms.git
sudo chown librenms:librenms -R /opt/librenms

If everything went well we should see a screen like in the image above
Then install the PHP dependencies with the command:

cd /opt/librenms
sudo ./scripts/composer_wrapper.php install --no-dev


If everything went well at the bottom of the scripts we should read Application key set successfully

INSTALLATION CONFIGURATION OF THE SNMPD DEMON

First of all proceed with the installation of the SNMP and related utilities with the command:

yum install net-snmp net-snmp-utils


Copy and configure the SNMP with the following commands:

sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo nano /etc/snmp/snmpd.conf

Insert our community string in place of RANDOMSTRINGGOESHERE

Save and close the configuration file

Download the deployment version identification script with the following commands:

sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro

 

Start and enable the SNMPD daemon with the following commands:

sudo systemctl enable snmpd
sudo systemctl restart snmpd


Then check the status of the services with the command:

sudo systemctl status snmpd

If the service is active we should see a screen like in the image above

ENABLING THE COMPLETION OF THE INMS COMMAND
This feature gives you the opportunity to use tab completion on lnms commands as you would for normal linux commands.

To activate this feature, execute the following two commands:

ln -s /opt/librenms/lnms /usr/local/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/


PHP-PFM CONFIGURATION
To configure PHP-PFM run the commands listed below:

sudo cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf
sudo nano /etc/php-fpm.d/librenms.conf

 

Within the file, make the following changes:

Instead of

[www]
enter [librenms]
In place of user = apache enter user = librenms
In place of group = apache enter group = librenms
At the listen parameter enter listen = /run/php-fpm-librenms.sock

APACHE CONFIGURATION
Create a new Apache configuration file with the command:

sudo nano /etc/httpd/conf.d/librenms.conf


Inside the file paste the following lines of code:

<VirtualHost *:80>
DocumentRoot /opt/librenms/html/
ServerName librenms.server.com
 
AllowEncodedSlashes NoDecode
<Directory "/opt/librenms/html/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
 
# Enable http authorization headers
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
 
<FilesMatch ".+\.php$">
SetHandler "proxy:unix:/run/php-fpm-librenms.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>

PLEASE NOTE: instead of librenms.server.com insert the DNS name of our server

Save and close the configuration file

Restart the services with the following commands:

sudo systemctl enable --now httpd
sudo systemctl enable --now php-fpm

CONFIGURATION OF THE SELINUX POLICY
To allow Apache to serve files in the / opt / librenms / html / folder run the commands listed below:

sudo dnf install policycoreutils-python-utils


then run:

sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?'
sudo restorecon -RFvv /opt/librenms
sudo setsebool -P httpd_can_sendmail=1
sudo setsebool -P httpd_execmem 1
sudo chcon -t httpd_sys_rw_content_t /opt/librenms/.env

ATTENTION: It could happen that many commands return the message Already defined , do not worry and go on with the execution of the commands

FPING INSTALLATION AND CONFIGURATION
Proceed to install fping with the command:

sudo yum install fping


Navigate to the /etc folder with the command

cd /opt/librenms


Create the http_fping.tt file with the following command:

sudo nano http_fping.tt


Then insert the following lines of code

module http_fping 1.0;
 
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
 
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
Save and close the file

Run the commands listed below:

sudo checkmodule -M -m -o http_fping.mod http_fping.tt
sudo semodule_package -o http_fping.pp -m http_fping.mod
sudo semodule -i http_fping.pp

 
Restart the httpd service with the command:

sudo systemctl restart httpd

INSTALLING THE RRDTOOL UTILITY
To install the RRDTool utility run the command:

sudo yum install rrdtool

 

CONFIGURATION OF CRON JOBS AND LOGROTATE
Run the command:

sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
 

LibreNMS keeps logs in the /opt/librenms/logs directory .
Over time these logs can grow and become large and therefore it is time to rotate them.

To rotate old logs you can use the logrotate configuration file provided with the command:

sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
 

Then set the ACLs with the following commands:

sudo chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/logs
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storag

WEB INSTALLATION OF LIBRENMS
Open any browser and recall the name of the server registered during the configuration phase

http://librenms-server-name/install


In the Pre-Install Checks phase we should see everything green as in the image above

Click on the database icon then enter all the required parameters

When finished, click on Check Credentials
Click on Build Database
After a few seconds, if everything went well, we should see a screen like the one above
Click on the key icon

Enter the administrative credentials to access the web page then click on Add User
If everything went well we should see a screen like the one above

Click on the last icon to write the changes into the config.php and .env files

ATTENTION: As in my case if it fails to write the changes no problem, just edit the file from the SSH console

To edit the .env file run the command:

sudo nano /opt/librenms/.env
We should see file content similar to the one shown in the image above

At this point we just have to copy the lines of code that we see on the web page inside the .env file

Save and close the configuration file

If we try to click again on the last icon on the web page, a redirect should start which takes us to the login page of our LibreNMS.

No comments

Powered by Blogger.