Installation And Configuration LibreNMS On CentOS 8 With Apache Web Server
LibreNMS is PHP / MySQL / SNMP based open source network monitoring autodiscovering software that includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many others.
CHARACTERISTICS OF LIBRENMS
- Automatic discovery: Automatically discover the entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP.
- Customizable alerts: highly flexible alert system, notification by email, irc, slack and more.
- API Access: A comprehensive API to manage, graph, and retrieve data from the installation.
- Billing System: Generates bandwidth bills for ports on the network based on usage or transfer.
- Automatic Updates: Stay up to date automatically with bug fixes, new features and more.
- Distributed Polling: Horizontal scaling to grow with the network.
- IPhone App: The native iPhone app is available which provides basic functionality.
- Android App: Native Android app is available which provides basic functionality.
AUTHENTICATION METHODS
- MySQL
- HTTP
- LDAP
- Active Directory
In this tutorial, I will show you how to install and configure LibreNMS on a CentOS 8.2.2004 server with Apache as the web server and MariaDB as the database.
PRE-REQUIREMENTS
- A CentOS 8.2.2004 server with a non-root user with sudo privileges
PACKAGE INSTALLATION
Let's start by installing the dependencies required by the application. Add the EPEL repository to RHEL / CentOS 8 with the commands listed below:
sudo dnf -y install epel-release
sudo dnf install bash-completion composer cronie fping git ImageMagick mariadb-server mtr net-snmp net-snmp-utils nginx nmap php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-PyMySQL python3-redis python3-memcached python3-pip rrdtool unzip
INSTALLING PHP AND APACHE
To install PHP and Apache run the command:
sudo yum install @httpd @php php-{cli,common,curl,gd,mbstring,mysqlnd,process,snmp,xml,zip}
We start the Apache and PHP services with the command:
sudo systemctl enable --now php-fpm httpd
If everything is correct we should see a screen as shown in the image above.
Now let's verify that the services are up with the command:
sudo systemctl status php-fpm httpd
If everything is correct we should see a screen as shown in the image above.
So let's check the PHP version installed with the command:
php -v
At the time of writing this guide, the PHP version installed is 7.2.24 as you can see in the image above.
We proceed as the configuration of the gtimezone in the php.ini file with the command:
sudo nano /etc/php.ini
Find the date.timezone parameter and enter the Europe/Rome value
Save and close the php.ini file
FIREWALL CONFIGURATION
For convenience, since the server will only be reachable from the internal network, I have disabled the firewall.
If you want to use the firewall, remember to activate the http and https servers with the following commands:
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload
INSTALLING THE DATABASE SERVER (MARIADB)
Proceed to install MariaDB using the following commands:
First of all let's update the system with the command:
sudo dnf -y update
Install MariaDB with the command:
sudo dnf module install mariadb
Check the MariaDB version installed with the command:
rpm -qi mariadb-server
At the time of writing this guide the version of MariaDb installed is 10.3.17 as can be seen in the image above.
Activate the MariaDB service with the command:
sudo systemctl enable --now mariadb
Proceed with the safety mesa of MariaDB with the command:
mysql_secure_installation
Press ENTER
Press Y to enter the root password
Enter the password twice
Press Y to remove anonymous users
Press Y to disallow remote root login
Press Y to remove the test databases
Press Y to reload the privileges of the tables
If we have done everything correctly we should see a message like in the image above
Do a database access test to verify that everything is ok with the command:
mysql -u root -p
Enter the root password configured earlier
If everything is OK we should see a message like in the image above
CONFIGURING THE SERVER DATABASE (MARIADB)
Proceed to configure the database server by logging in with the root user with the command:
mysql -u root -p
Enter the root user password
Execute the commands in sequence:
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'PasswordUtente';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit
PLEASE NOTE: instead of PasswordUser enter the password of the librenms user that we will use later
If we have done everything correctly we should see a screen like in the image above
Edit the my.cnf file with the command:
sudo nano /etc/my.cnf.d/mariadb-server.cnf
In the [mysqld] section add the following lines:
innodb_file_per_table=1
lower_case_table_names=0
If everything is correct we should see a screen like in the image above
Save and close the configuration file
Enable MariaDB with the command:
sudo systemctl enable mariadb
Then restart the service with the command:
sudo systemctl restart mariadb
verify that MariaDb is running with the command:
systemctl status mariadb
If everything is correct we should see a screen like in the image above
GIT INSTALLATION AND CONFIGURATION
First, use the DNF package management tools to update the local package index by running the command:
sudo dnf update -y
Proceed to install GIT with the command:
sudo dnf install git -y
To check the version of GIT installed, execute the command
git --version
At the time of writing this guide the version of GIT installed is 2.18.4 as you can see in the image above
LIBRENMS INSTALLATION AND CONFIGURATION
First of all we add the librenms user with the command:
sudo useradd librenms -d /opt/librenms -M -r
So for apache we run the command:
sudo usermod -a -G librenms apache
Clone LibreNMS from GitHub with the following commands:
cd /opt
sudo git clone https://github.com/librenms/librenms.git
sudo chown librenms:librenms -R /opt/librenms
If everything went well we should see a screen like in the image above
Then install the PHP dependencies with the command:
cd /opt/librenms
sudo ./scripts/composer_wrapper.php install --no-dev
If everything went well at the bottom of the scripts we should read Application key set successfully
INSTALLATION CONFIGURATION OF THE SNMPD DEMON
First of all proceed with the installation of the SNMP and related utilities with the command:
yum install net-snmp net-snmp-utils
Copy and configure the SNMP with the following commands:
sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo nano /etc/snmp/snmpd.conf
Insert our community string in place of RANDOMSTRINGGOESHERE
Save and close the configuration file
Download the deployment version identification script with the following commands:
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro
Start and enable the SNMPD daemon with the following commands:
sudo systemctl enable snmpd
sudo systemctl restart snmpd
Then check the status of the services with the command:
sudo systemctl status snmpd
If the service is active we should see a screen like in the image above
ENABLING THE COMPLETION OF THE INMS COMMAND
This feature gives you the opportunity to use tab completion on lnms commands as you would for normal linux commands.
To activate this feature, execute the following two commands:
ln -s /opt/librenms/lnms /usr/local/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
PHP-PFM CONFIGURATION
To configure PHP-PFM run the commands listed below:
sudo cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf
sudo nano /etc/php-fpm.d/librenms.conf
Within the file, make the following changes:
Instead of
[www]
enter [librenms]
In place of user = apache enter user = librenms
In place of group = apache enter group = librenms
At the listen parameter enter listen = /run/php-fpm-librenms.sock
APACHE CONFIGURATION
Create a new Apache configuration file with the command:
sudo nano /etc/httpd/conf.d/librenms.conf
Inside the file paste the following lines of code:
<VirtualHost *:80>
DocumentRoot /opt/librenms/html/
ServerName librenms.server.com
AllowEncodedSlashes NoDecode
<Directory "/opt/librenms/html/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
# Enable http authorization headers
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
<FilesMatch ".+\.php$">
SetHandler "proxy:unix:/run/php-fpm-librenms.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
PLEASE NOTE: instead of librenms.server.com insert the DNS name of our server
Save and close the configuration file
Restart the services with the following commands:
sudo systemctl enable --now httpd
sudo systemctl enable --now php-fpm
CONFIGURATION OF THE SELINUX POLICY
To allow Apache to serve files in the / opt / librenms / html / folder run the commands listed below:
sudo dnf install policycoreutils-python-utils
then run:
sudo semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?'
sudo restorecon -RFvv /opt/librenms
sudo setsebool -P httpd_can_sendmail=1
sudo setsebool -P httpd_execmem 1
sudo chcon -t httpd_sys_rw_content_t /opt/librenms/.env
ATTENTION: It could happen that many commands return the message Already defined , do not worry and go on with the execution of the commands
FPING INSTALLATION AND CONFIGURATION
Proceed to install fping with the command:
sudo yum install fping
Navigate to the /etc folder with the command
cd /opt/librenms
Create the http_fping.tt file with the following command:
sudo nano http_fping.tt
Then insert the following lines of code
module http_fping 1.0;
require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}
#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
Save and close the file
Run the commands listed below:
sudo checkmodule -M -m -o http_fping.mod http_fping.tt
sudo semodule_package -o http_fping.pp -m http_fping.mod
sudo semodule -i http_fping.pp
Restart the httpd service with the command:
sudo systemctl restart httpd
INSTALLING THE RRDTOOL UTILITY
To install the RRDTool utility run the command:
sudo yum install rrdtool
CONFIGURATION OF CRON JOBS AND LOGROTATE
Run the command:
sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
LibreNMS keeps logs in the /opt/librenms/logs directory .
Over time these logs can grow and become large and therefore it is time to rotate them.
To rotate old logs you can use the logrotate configuration file provided with the command:
sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
Then set the ACLs with the following commands:
sudo chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/logs
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storag
WEB INSTALLATION OF LIBRENMS
Open any browser and recall the name of the server registered during the configuration phase
http://librenms-server-name/install
In the Pre-Install Checks phase we should see everything green as in the image above
When finished, click on Check Credentials
Click on Build Database
After a few seconds, if everything went well, we should see a screen like the one above
Click on the key icon
Enter the administrative credentials to access the web page then click on Add User
If everything went well we should see a screen like the one above
ATTENTION: As in my case if it fails to write the changes no problem, just edit the file from the SSH console
To edit the .env file run the command:
sudo nano /opt/librenms/.env
We should see file content similar to the one shown in the image above
At this point we just have to copy the lines of code that we see on the web page inside the .env file
Save and close the configuration file
If we try to click again on the last icon on the web page, a redirect should start which takes us to the login page of our LibreNMS.
Post a Comment