LibreNMS Rocky Linux 9.5 安裝 設定 教學

參考：https://wiki.freedomstu.com/books/librenms/page/librenms-rocky-linux-8

開啟cockpit  IP:9090

[root@localhost ~]# systemctl enable --now cockpit.socket

$ sudo dnf install epel-release -y

$ sudo dnf install neofetch –y

Webmin：好用的web介面作業系統管理工具

Webmin 官方網站：http://www.webmin.com

先安裝相依檔案

[root@mail2 ~]# dnf install perl-lib perl-open perl-Encode-Detect

先抓到P上

https://sourceforge.net/projects/webadmin/files/webmin/2.000/webmin-2.000-1.noarch.rpm/download?use_mirror=altushost-swe&use_mirror=altushost-swe&r=

然後透過WINSCP上傳到LINUX

安裝WEBMIN RPM

rpm -ivh webmin-2.000-1.noarch.rpm

防火牆開啟WEBMIN 10000 PORT

到GUI安裝防火牆APP

新增10000 PORT

停用ipv6

sysctl net.ipv6.conf.all.disable_ipv6=1

sysctl net.ipv6.conf.default.disable_ipv6=1

關閉SELinux 不關閉FTP等服務會異常

[root@www2 ~]# vi /etc/selinux/config

SELINUX=disabled

重新開機

安裝SENDMAIL

[root@librenms ~]# dnf install sendmail*

開機啟動SENDMAIL

[root@librenms ~]# systemctl enable sendmail.service

設定root收信人

[root@librenms ~]# vim /etc/aliases

root: roger.lin@t3ex-techiview.com

在家目錄新增 .vimrc

set nu

set tabstop=4

· 安裝 Nginx 先決條件

1

dnf install yum-utils -y

· 設定 yum 存儲庫，在此目錄下新增一個 vim /etc/yum.repos.d/nginx.repo 屬於 官方提供載點

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=0

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

· 會建議使用 stable 穩定版本，如果想使用比較最新的版本請使用 nginx-mailine 會以當時官方釋出的版本為主，目前 BUBU 是使用官方比較新版為主

yum-config-manager –enable nginx-mainline

· 安裝 nginx 服務

dnf install MariaDB-server –y

· 啟動服務

systemctl start nginx ; systemctl enable nginx

安裝資料庫

· 在來源庫目錄下新增加 MariaDB.repo 增加上去，先到 MariaDB 來源庫查看

# 新增加MariaDB安裝檔

vim /etc/yum.repos.d/MariaDB.repo

# MariaDB 10.11 RedHat repository list – created 2025-01-10 14:22 UTC

# https://mariadb.org/download/

[mariadb]

name = MariaDB

baseurl = https://ftp.ubuntu-tw.org/mirror/mariadb/yum/10.11/rocky9-amd64/

module_hotfixes=1

gpgkey=https://ftp.ubuntu-tw.org/mirror/mariadb/yum/RPM-GPG-KEY-MariaDB

gpgcheck=1

· 增加完畢後在下命令安裝

dnf install MariaDB-server –y

· 啟動 mariadb 服務

systemctl start mariadb ; systemctl enable mariadb

· 資料庫安裝及設定

mariadb-secure-installation # 設定資料庫的root密碼

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current

password for the root user. If you’ve just installed MariaDB, and

haven’t set the root password yet, you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on…

Setting the root password or using the unix_socket ensures that nobody

can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer ‘n’.

Switch to unix_socket authentication [Y/n] <—– 直接按下 enter 鍵

Enabled successfully!

Reloading privilege tables..

… Success!

You already have your root account protected, so you can safely answer ‘n’.

Change the root password? [Y/n] <—– 直接按下 enter 鍵

New password: <—– 輸入 root 密碼

Re-enter new password: <—– 再次輸入 root 密碼

Password updated successfully!

Reloading privilege tables..

… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n]

… Success!

Normally, root should only be allowed to connect from ‘localhost’. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

… Success!

By default, MariaDB comes with a database named ‘test’ that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n]

– Dropping test database…

… Success!

– Removing privileges on test database…

… Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n]

… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

· 在 server.cnf 檔手動增加以下內容 vim /etc/my.cnf.d/server.cnf

[mysqld]

innodb_file_per_table=1

lower_case_table_names=0

· 新增加 LibreNMS 表單 mariadb -u root -p

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

CREATE USER ‘librenms’@’localhost’ IDENTIFIED BY ‘password’; <—– 這裡的 password 修改成您自己記的住密碼 使用winpex@29 這組

GRANT ALL PRIVILEGES ON librenms.* TO ‘librenms’@’localhost’;

FLUSH PRIVILEGES;

Exit

· 重啟資料庫

systemctl restart mariadb

· 設定資料庫 root 免密碼就可以登入，請參考本篇進行修改 MariaDB root 可空白登入

安裝 php 服務

· Rocky Linux 8 預設版本是 PHP 7.2 版，那如果想要使用比較新的版本的話需要新增加來源庫安裝

· 安裝 epel-release 套件服務

dnf install -y epel-release

· 安裝官方所提供來源庫版本

dnf install https://rpms.remirepo.net/enterprise/remi-release-9.5.rpm -y

· 查詢目前可安裝的版本

dnf module list php –y

· 將 PHP 安裝版本預設成 8.4 版本

dnf module reset php -y

dnf module enable php:remi-8.4 –y

· 安裝 php 及其他必要套件

dnf install -y bash-completion cronie fping git ImageMagick mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-gmp php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-PyMySQL python3-redis python3-memcached python3-pip python3-systemd gcc python3-devel rrdtool unzip

· 安裝 Composer 作曲家

# 將dirs更改為我們希望將composer安裝到的位置

cd /usr/local/bin

# 安裝 composer

curl -sS https://getcomposer.org/installer | php

# 重新命名 composer

mv composer.phar composer

安裝 Librenms 服務

· 新增加 librenms 使用者

useradd librenms -d /opt/librenms -M -r -s “$(which bash)”

· 下載 Librenms 服務

cd /opt

git clone https://github.com/librenms/librenms.git

· 設定權限

chown -R librenms:librenms /opt/librenms

chmod 771 /opt/librenms

setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

· 安裝 LibreNMS 及 php 相關套件

su – librenms

./scripts/composer_wrapper.php install –no-dev

Exit

設定 php 服務

· 安裝好 PHP 要去修改 「vim /etc/php.ini」 設定檔

修改時區

[Date]

修改前

;date.timezone =

修改後

date.timezone = Asia/Taipei

存檔

:wq

# 指令修改

sed -i “s|^;date.timezone =.*$|date.timezone = Asia/Taipei|” /etc/php.ini

· 新增加 librenms PHP-FPM 設定檔

cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf

vim /etc/php-fpm.d/librenms.conf

· 設定 librenms PHP-FPM vim /etc/php-fpm.d/librenms.conf

將原是 [www] 修改為 [librenms]

user = librenms

group = librenms

listen = /run/php-fpm-librenms.sock

# 指令修改

sed -i ‘s/\[www\]/\[librenms\]/g’ /etc/php-fpm.d/librenms.conf

sed -i “s|^user = apache.*$|user = librenms|” /etc/php-fpm.d/librenms.conf

sed -i “s|^group = apache.*$|group = librenms|” /etc/php-fpm.d/librenms.conf

sed -i “s|^listen = /run/php-fpm/www.sock.*$|listen = /run/php-fpm-librenms.sock|” /etc/php-fpm.d/librenms.conf

· 設定開機自動啟動及重啟服務

systemctl enable php-fpm ; systemctl restart php-fpm

設定 Web 服務

· 新增加 LibreNMS 設定檔

vim /etc/nginx/conf.d/librenms.conf

· 將以下內容貼到 librenms.conf 編輯 server_name 修改成站台位置

server {

listen 80;

server_name librenms.winpex-gl.com;

root /opt/librenms/html;

index index.php;

charset utf-8;

gzip on;

gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

location / {

try_files $uri $uri/ /index.php?$query_string;

}

location ~ [^/]\.php(/|$) {

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_pass unix:/run/php-fpm-librenms.sock;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

include fastcgi_params;

}

location ~ /\.(?!well-known).* {

deny all;

}

}

· 重啟服務

systemctl restart nginx

設定 lnms 服務

· 啟用 lnms

ln -s /opt/librenms/lnms /usr/bin/lnms

cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

設定 SNMP 服務

· 從樣版複製一份

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

· 編輯設定檔將 「RANDOMSTRINGGOESHERE」 修改或預設 public

vim /etc/snmp/snmpd.conf

# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string

com2sec readonly default public

group MyROGroup v2c readonly

view all included .1 80

access MyROGroup “” any noauth exact all none non

syslocation Rack, Room, Building, City, Country [Lat, Lon]

syscontact Your Name <roger.lin@t3ex-techiview.com>

#OS Distribution Detection

extend distro /usr/bin/distro

#Hardware Detection

# (uncomment for x86 platforms)

#extend manufacturer ‘/bin/cat /sys/devices/virtual/dmi/id/sys_vendor

#extend hardware ‘/bin/cat /sys/devices/virtual/dmi/id/product_name’

#extend serial ‘/bin/cat /sys/devices/virtual/dmi/id/product_serial’

# (uncomment for ARM platforms)

#extend hardware ‘/bin/cat /sys/firmware/devicetree/base/model’

#extend serial ‘/bin/cat /sys/firmware/devicetree/base/serial-number’

· 下載 librenms-agent 套件

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro

chmod +x /usr/bin/distro

systemctl enable snmpd && systemctl restart snmpd

設定排程

· 從 Librenms 目錄下複製到 cron.d 裡面

#cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

cp /opt/librenms/dist/librenms.cron /etc/cron.d/librenms

cp /opt/librenms/dist/librenms-scheduler.cron /etc/cron.d/librenms

設定 logrotate

· 複製 logrotate 設定檔

#cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

設定hosts

[root@librenms opt]# vim /etc/hosts

127.0.0.1 localhost librenms librenms.XXX.com librenms.XXX.com

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

設定內部DNS解析

IP 對應 librenms.XXX.com

開始安裝 LibreNMS

· 開啟瀏灠器輸入 http://librenms.XXX.com/ (站台位置)

1. 檢測安裝環境是否有正常，如果出現異常要把缺的套件都安裝起來才能正常運行

2. 填入要連接的資料庫名稱及登入帳號及密碼

3. 會自動建立資料庫裡面表單

4. 確認完成的畫面，直接按下下一個圖示繼續

5. 填入要建立的系統管理員的帳號、密碼及電子郵件 admin Hiview這組密碼

7. 安裝完成了的畫面，可以點選 Finish Install 這個選項確認說服務是否有正確安裝完成

最後確認 Final steps

· 如果安裝有問題，請在「librenms」目錄下以「root」身份運行「 validate.php 」

cd /opt/librenms

./validate.php

· 以 librenms 權限來執行確認

sudo su – librenms

./validate.php

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php

php -r "unlink('composer-setup.php');"

mv composer.phar /usr/local/bin/composer