作業系統: Centos 7 + nginx
啟動 sshd 服務 這樣不用一個一個打字,剪貼比較方便。
|
#啟動 service start sshd #查看是否啟動 ps -e | grep sshd |
1. 更新軟體
2. 安裝軟體
|
yum install epel-release rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum install composer cronie fping git ImageMagick jwhois mariadb mariadb-server mtr MySQL-python net-snmp net-snmp-utils nginx nmap php72w php72w-cli php72w-common php72w-curl php72w-fpm php72w-gd php72w-mbstring php72w-mysqlnd php72w-process php72w-snmp php72w-xml php72w-zip python-memcached rrdtool |
新增librenms user
|
useradd librenms -d /opt/librenms -M -r usermod -a -G librenms nginx |
下載librenms
|
cd /opt composer create-project --no-dev --keep-vcs librenms/librenms librenms dev-master |
可透過下面指令啟動/停止相關服務、查看服務狀態
|
systemctl start nginx php-fpm mariadb snmpd systemctl enable nginx php-fpm mariadb snmpd systemctl status nginx |
3. DB server
開啟並進入mariadb
|
systemctl start mariadb mysql -u root |
進入後會先問你root密碼的問題,後面的問題一律打 y
進入DB裡並開始創建DB和USER
|
mysql -u root -p MariaDB [(none)]> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; MariaDB [(none)]> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit |
編輯 my.cnf
|
vi /etc/my.cnf |
打開my.cnf後找 [mysqld] 然後在下方新增
|
innodb_file_per_table=1 sql-mode="" lower_case_table_names=0 |
重新啟動mariadb
|
systemctl enable mariadb systemctl restart mariadb |
4. Web server
編輯php.ini
|
vi /etc/php.ini |
|
|
找到 [Date] 將date.timezone註解拿掉並設定時區
|
date.timezone = Asia/Taipei |
編輯 www.conf,將文字做下列更改
|
vi /etc/php-fpm.d/www.conf |
|
;user = apache user = nginx
group = apache ; keep group as apache
;listen = 127.0.0.1:9000 listen = /var/run/php-fpm/php7.2-fpm.sock
listen.owner = nginx listen.group = nginx listen.mode = 0660
|
php-fpm
|
systemctl enable php-fpm systemctl restart php-fpm |
5. Configure Nginx
編輯 librenms.congf,新增下列文字
如果沒有domain name,也可以直接用ip (紅字的部分請修正成本機ip)
|
vi /etc/nginx/conf.d/librenms.conf |
|
server { listen 80; server_name librenms.tecmint.lan; root /opt/librenms/html; index index.php;
charset utf-8; gzip on; gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; location / { try_files $uri $uri/ /index.php?$query_string; } location /api/v0 { try_files $uri $uri/ /api_v0.php?$query_string; } location ~ \.php { include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm/php7.2-fpm.sock; } location ~ /\.ht { deny all; } } |
nginx
|
systemctl enable nginx systemctl restart nginx |
6. SELinux
安裝 policy tool for SELinux
|
yum install policycoreutils-python |
驗證
|
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?' restorecon -RFvv /opt/librenms/logs/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?' restorecon -RFvv /opt/librenms/rrd/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/storage(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/storage(/.*)?' restorecon -RFvv /opt/librenms/storage/ semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/bootstrap/cache(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/bootstrap/cache(/.*)?' restorecon -RFvv /opt/librenms/bootstrap/cache/ setsebool -P httpd_can_sendmail=1 setsebool -P httpd_execmem 1 |
允許 fping
隨便在一個地方新增 http_fping.tt 檔案,並新增以下內容
|
vi http_fping.tt |
|
module http_fping 1.0;
require { type httpd_t; class capability net_raw; class rawip_socket { getopt create setopt write read }; }
#============= httpd_t ============== allow httpd_t self:capability net_raw; allow httpd_t self:rawip_socket { getopt create setopt write read }; |
執行
|
checkmodule -M -m -o http_fping.mod http_fping.tt semodule_package -o http_fping.pp -m http_fping.mod semodule -i http_fping.pp |
7. 防火牆設定
執行
|
firewall-cmd --zone public --add-service http firewall-cmd --permanent --zone public --add-service http firewall-cmd --zone public --add-service https firewall-cmd --permanent --zone public --add-service https |
8. snmpd
執行並編輯 snmpd.conf,找 RANDOMSTRINGGOESHERE 並先改成圖片那樣
|
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf vi /etc/snmp/snmpd.conf |
|
|
再執行
|
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro chmod +x /usr/bin/distro systemctl enable snmpd systemctl restart snmpd |
9. Cron job
|
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms chown -R librenms:librenms /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ |
10. Web installer
如果有domain name可以先在 hosts 裡加入所需的DNS位置
|
vi /etc/hosts |
|
|
查自己的 ip
|
ifconfig |
到 http://librenms.tecmint.lan/install.php 進行安裝
如果無法進到安裝畫面,表示nginx default 設定沒有移除,做下面動作
| vi /etc/nginx/nginx.conf |
 |
| systemctl restart nginx |
然後繼續完成安裝
 |
 |
|
|
 |
 |
 |
 |
到這邊時要新增 config.php,並新增以下內容(網頁上會顯示,以網頁上的為主)
|
vi /opt/librenms/config.php |
|
<?php ## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php! ### Database config $config['db_host'] = 'localhost'; $config['db_port'] = '3306'; $config['db_user'] = 'librenms'; $config['db_pass'] = '=@!#@%$libre'; $config['db_name'] = 'librenms'; $config['db_socket'] = ''; // This is the user LibreNMS will run as //Please ensure this user is created and has the correct permissions to your install $config['user'] = 'librenms'; ### Locations - it is recommended to keep the default #$config['install_dir'] = "/opt/librenms"; ### This should *only* be set if you want to *force* a particular hostname/port ### It will prevent the web interface being usable form any other hostname #$config['base_url'] = "http://librenms.company.com"; ### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir ### and that your web server has permission to talk to rrdcached. #$config['rrdcached'] = "unix:/var/run/rrdcached.sock"; ### Default community $config['snmp']['community'] = array("public"); ### Authentication Model $config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth #$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth ### List of RFC1918 networks to allow scanning-based discovery #$config['nets'][] = "10.0.0.0/8"; #$config['nets'][] = "172.16.0.0/12"; #$config['nets'][] = "192.168.0.0/16"; # Update configuration #$config['update_channel'] = 'release'; # uncomment to follow the monthly release channel #$config['update'] = 0;# uncomment to completely disable updates |
按 Finish install 完成安裝
 |
 |
最後執行
|
chown -R librenms:librenms /opt/librenms/config.php |
留言列表
