Install LibreNMS Monitoring Tool on CentOS/RHEL 8

LibreNMS is a community supported fork of Observium. In this article, you will learn how to install this network monitoring tool on CentOS / RHEL 8.

 

Table of Contents:

• What is LibreNMS?
• LibreNMS Features
• Environment Specification
• Updating your Linux Operating System
• Installing EPEL yum Repository on CentOS 8
• Installing Prerequisite Software
• Create Linux User and Directory
• Downloading LibreNMS Network Monitoring Tool
• Installing Composer on CentOS 8 Server
• Set Linux Server Timezone
• Configure MySQL Database Server
• Configure PHP-FPM Service
• Configure Nginx Web Server
• Configure SELinux Policies
• Configure Linux Firewall
• Configure Bash Completion for LNMS Command
• Configure SNMPD on your Linux Server
• Setup LibreNMS Cron Jobs
• Configure Logrotate
• Starting LibreNMS Web Installer
• Validate LibreNMS Installation
• Conclusion

 

What is LibreNMS?:

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring software, which includes support for a wide range of network hardware and operating systems including Cisco, Linux, Juniper, Foundry, and many more.

LibreNMS is free, open source and community supported software, that was originally forked from the last GPL-licensed version of Observium.

LibreNMS Features:

Here's a brief list of LibreNMS supported features.

• Auto discovery
• Alerting
• Multiple environment sensors support
• Multiple protocols data collection (STP, OSPF, BGP etc)
• VLAN, ARP and FDB table collection
• Customizable Dashboards
• Device Backup integration (Oxidized, RANCID)
• Distributed Polling
• Multiple Authentication Methods (MySQL, LDAP, Active Directory, HTTP)
• NetFlow, sFlow, IPFIX (NfSen)
• Service monitoring (Nagios Plugins)
• Syslog (Integrated, Graylog)
• Traffic Billing (Quota, 95th Percentile)
• Two Factor Authentication
• API
• Auto Updating

 

Environment Specification:

We are using a minimal CentOS 8 virtual machine with following specifications.

• CPU - 3.4 Ghz (2 cores)
• Memory - 2 GB
• Storage - 20 GB
• Operating System - CentOS Stream 8.0
• Hostname – librenms-01.centlinux.com
• IP Address - 192.168.116.230 /24

 

Updating your Linux Operating System:

You can use PuTTY (or another SSH tool) for connecting with librenms-01.centlinux.com as root user.

Build cache for installed yum repositories by using following Linux command.

# dnf makecache
CentOS Stream 8 - AppStream                     2.6 kB/s | 4.4 kB     00:01
CentOS Stream 8 - BaseOS                        4.1 kB/s | 3.9 kB     00:00
CentOS Stream 8 - Extras                        938  B/s | 1.5 kB     00:01
Metadata cache created.

After updating yum cache, you can now update your Linux operating system as follows.

# dnf update -y

Verify the Linux Kernel and Linux distro that we are using in this installation guide.

# uname -r
4.18.0-269.el8.x86_64

# cat /etc/redhat-release
CentOS Stream release 8

 

Installing EPEL yum Repository on CentOS 8:

Some of the required software packages are not available in default yum repositories. Therefore you must add EPEL (Extra Packages for Enterprise Linux) yum repository before installing LibreNMS software.

# dnf -y install epel-release

 

Installing Prerequisite Software:

Reset PHP module in yum repository to default stream.

# dnf module reset php
Extra Packages for Enterprise Linux Modular 8 -  65 kB/s | 537 kB     00:08
Extra Packages for Enterprise Linux 8 - x86_64  263 kB/s | 8.8 MB     00:34
Last metadata expiration check: 0:00:02 ago on Sun 31 Jan 2021 11:03:58 AM PKT.
Dependencies resolved.
Nothing to do.
Complete!

LibreNMS requires PHP 7.3, therefore, you should enable PHP 7.3 stream by using dnf command.

# dnf module enable -y php:7.3
Last metadata expiration check: 0:01:13 ago on Sun 31 Jan 2021 11:03:58 AM PKT.
Dependencies resolved.
================================================================================
 Package           Architecture     Version             Repository         Size
================================================================================
Enabling module streams:
 httpd                              2.4
 nginx                              1.14
 php                                7.3

Transaction Summary
================================================================================

Complete!

Now, execute the following dnf command to install all the prerequisite software packages, as required by LibreNMS networking monitoring tool.

# dnf install -y bash-completion \
> cronie fping git ImageMagick \
> mariadb-server mtr net-snmp \
> net-snmp-utils nginx nmap \
> php-fpm php-cli php-common \
> php-curl php-gd php-json \
> php-mbstring php-process \
> php-snmp php-xml php-zip \
> php-mysqlnd python3 \
> python3-PyMySQL python3-redis \
> python3-memcached python3-pip \
> rrdtool unzip

 

Create Linux User and Directory:

Create a Linux user to own LibreNMS software files and processes.

# useradd librenms -d /opt/librenms -M -r -s /bin/bash

 

Downloading LibreNMS Network Monitoring Tool:

Now, clone the LibreNMS GitHub repository by using git command.

# cd /opt
# git clone https://github.com/librenms/librenms.git
Cloning into 'librenms'...
remote: Enumerating objects: 7, done.
remote: Counting objects: 100% (7/7), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 174397 (delta 0), reused 0 (delta 0), pack-reused 174390
Receiving objects: 100% (174397/174397), 183.77 MiB | 175.00 KiB/s, done.
Resolving deltas: 100% (122858/122858), done.
Updating files: 100% (11584/11584), done.

Adjust permissions on the cloned directory by executing following commands at Linux Bash prompt.

# chown -R librenms:librenms /opt/librenms
# chmod 771 /opt/librenms
# setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
# setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Connect as librenms user and install PHP libraries as required by LibreNMS network monitoring software.

# su - librenms
Last login: Sun Jan 31 11:16:07 PKT 2021 on pts/0
$ ./scripts/composer_wrapper.php install --no-dev
...
Discovered Package: darkghosthunter/larapoke
Discovered Package: fideloper/proxy
Discovered Package: fruitcake/laravel-cors
Discovered Package: laravel/tinker
Discovered Package: laravel/ui
Discovered Package: librenms/laravel-vue-i18n-generator
Discovered Package: nesbot/carbon
Discovered Package: oriceon/toastr-5-laravel
Discovered Package: tightenco/ziggy
Discovered Package: wpb/string-blade-compiler
Package manifest generated successfully.
55 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> LibreNMS\ComposerHelper::postInstall
setfacl -R -m g::rwx rrd/ logs/ storage/ bootstrap/cache/
setfacl -d -m g::rwx rrd/ logs/ storage/ bootstrap/cache/
> Illuminate\Foundation\ComposerScripts::postInstall
> @php artisan vue-i18n:generate --multi-locales --format=umd
> @php artisan view:cache
Compiled views cleared!
Blade templates cached successfully!
> @php artisan optimize
Configuration cache cleared!
Configuration cached successfully!
Route cache cleared!
Routes cached successfully!
Files cached successfully!
> @php artisan config:clear
Configuration cache cleared!
> scripts/check_requirements.py || pip3 install --user -r requirements.txt || :

$ exit
logout

 

Installing Composer on CentOS 8 Server:

Install latest stable version of Composer on your Linux server.

# wget https://getcomposer.org/composer-stable.phar
--2021-01-31 12:42:00--  https://getcomposer.org/composer-stable.phar
Resolving getcomposer.org (getcomposer.org)... 54.36.53.46, 2001:41d0:302:1100::8:104f
Connecting to getcomposer.org (getcomposer.org)|54.36.53.46|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2205196 (2.1M) [application/octet-stream]
Saving to: âcomposer-stable.pharâ

composer-stable.pha 100%[===================>]   2.10M   196KB/s    in 9.6s

2021-01-31 12:42:11 (224 KB/s) - âcomposer-stable.pharâ saved [2205196/2205196]

Rename the downloaded file and grant execution permissions on it.

# mv composer-stable.phar /usr/bin/composer
# chmod +x /usr/bin/composer

 

Set Linux Server Timezone:

You need to set a common timezone in PHP and Linux operating system.

First edit PHP configuration file.

# vi /etc/php.ini

Find and set following variable in PHP configuration file.

date.timezone = America/New_York

Now, set the same timezone in Linux operating system. You can use the following Linux command for this purpose.

# timedatectl set-timezone America/New_York

 

Configure MySQL Database Server:

Open MySQL configuration file in vim editor.

# vi /etc/my.cnf.d/mariadb-server.cnf

Add following directives under [mysqld] section.

innodb_file_per_table=1
lower_case_table_names=0

Enable and start MySQL database service.

# systemctl enable --now mariadb.service
Created symlink /etc/systemd/system/mysql.service â /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service â /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service â /usr/lib/systemd/system/mariadb.service.

Configure MySQL database server for the first time by executing following command at Linux bash prompt.

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Login to MySQL shell as root user.

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Create a MySQL database for LibreNMS software. This database will be used by the network monitoring application as it's backend repository.

MariaDB [(none)]> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.001 sec)

Create a MySQL database user.

MariaDB [(none)]> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'Str0ngPa55w0rd';
Query OK, 0 rows affected (0.001 sec)

Grant complete permissions on librenms database to librenms user.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
Query OK, 0 rows affected (0.000 sec)

Reload privileges tables and exit from MySQL shell.

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit
Bye

 

Configure PHP-FPM Service:

To configure php-fpm service for your network monitoring tool, create a copy of default configuration file and rename it as librenms.conf.

# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf

Edit this file in Linux vim editor.

# vi /etc/php-fpm.d/librenms.conf

Locate and Change [www] to [librenms]

Also set following directives therein.

user = librenms
group = librenms
listen = /run/php-fpm-librenms.sock

 

Configure Nginx Web Server:

Create a Nginx configuration file for LibreNMS and edit it in vim text editor.

# vi /etc/nginx/conf.d/librenms.conf

Add following lines in this file.

server {
 listen      80;
 server_name librenms-01.centlinux.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  include fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

Edit Nginx default configuration file in Linux vim editor.

# vi /etc/nginx/nginx.conf

Find and comment complete 'Server' section in this file.

Enable and start php-fpm and nginx services.

# systemctl enable --now nginx.service php-fpm.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service â /usr/lib/systemd/system/nginx.service.
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service â /usr/lib/systemd/system/php-fpm.service.

 

Configure SELinux Policies:

Since, we are using a minimal CentOS 8 Linux server. Therefore, to configure SELinux, you have to install SELinux tools as follows.

# dnf install -y policycoreutils-python-utils

Now execute following command at Linux bash prompt to configure SELinux for LibreNMS network monitoring tool.

# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?'
# semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?'
# restorecon -RF /opt/librenms
# setsebool -P httpd_can_sendmail=1
# setsebool -P httpd_execmem 1
# chcon -t httpd_sys_rw_content_t /opt/librenms/.env

Create a SELinux policy to allow fping by httpd_t context types.

# cd
# vi http_fping.tt

Add following lines therein.

module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

Load and apply this SELinux policy on your Linux server.

# checkmodule -M -m -o http_fping.mod http_fping.tt
# semodule_package -o http_fping.pp -m http_fping.mod
# semodule -i http_fping.pp

 

Configure Linux Firewall:

LibreNMS uses default HTTP ports for its web service. Therefore, execute following commands to allow these ports in Linux Firewall.

# firewall-cmd --zone public --add-service http --add-service https
success
# firewall-cmd --permanent --zone public --add-service http --add-service https
success

 

Configure Bash Completion for LNMS Command:

You can enable bash completion for lnms command, just as you would with other Linux commands.

Execute following commands to configure bash completion for lnms command.

# ln -s /opt/librenms/lnms /usr/bin/lnms
# cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

 

Configure SNMPD on your Linux Server:

An snmp sample configuration is provided with LibreNMS networking monitoring software. Create a copy of this sample file and then edit it in a Linux text editor.

# cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf

Edit the text which says RANDOMSTRINGGOESHERE and set your own community string.

Download snmp configuration script and place it in /usr/bin directory.

# curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4637  100  4637    0     0   3233      0  0:00:01  0:00:01 --:--:--  3231

Grant execution privileges to download file.

# chmod +x /usr/bin/distro

Enable and start SNMPD service.

# systemctl enable --now snmpd.service
Created symlink /etc/systemd/system/multi-user.target.wants/snmpd.service â /usr/lib/systemd/system/snmpd.service.

If snmp is new for you then, we recommend that you should buy and read Essential SNMP, Second Edition by Douglas Mauro and Kevin Schmidt.

 

Setup LibreNMS Cron Jobs:

LibreNMS network monitoring software also provides a crontab file. Just copy it in crontab directory to setup required cron jobs.

# cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

 

Configure Logrotate for LibreNMS:

Similarly copy the logrotate configuration file at logrotate directory. This file is also provide in LibreNMS software.

# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

 

Starting LibreNMS Web Installer:

Open URL http://librenms-01.centlinux.com/install in Google chrome (or another web browser).

The web installer might prompt you to create a config.php file in your LibreNMS install location manually, copying the content displayed on-screen to the file. You are also required to set the ownership of this file.

# vi /opt/librenms/config.php
# chown librenms:librenms /opt/librenms/config.php

The web installer perform a prerequisite check. It won't show any warning if you have followed the above steps correctly.

Provide MySQL server connection details and build a database for LibreNMS network monitoring software.

Create an admin user for LibreNMS software.

LibreNMS installation is completed successfully.

Use admin user to login to LibreNMS web UI.

 

Validate LibreNMS Installation:

After installation and configuration of LibreNMS network monitoring software, you can execute validate.php script to check for any issues therein.

# su - librenms
Last login: Sun Jan 31 07:07:41 UTC 2021 on pts/0
$ ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.70.1-70-g17f5a3f23
DB Schema | 2020_11_02_164331_add_powerstate_enum_to_vminfo (191)
PHP       | 7.3.20
Python    | 3.6.8
MySQL     | 10.3.27-MariaDB
RRDTool   | 1.7.0
SNMP      | NET-SNMP 5.8
====================================

[OK]    Composer Version: 2.0.9
[OK]    Dependencies up-to-date.
[WARN]  You have no devices.
        [FIX]:
        Consider adding a device such as localhost: /addhost
[OK]    Database connection successful
[OK]    Database schema correct

Our LibreNMS network monitoring server has no issues at all.

 

Conclusion:

We have successfully installed and configured LibreNMS network monitoring tool on CentOS 8. If you faced difficulty understanding the Linux commands and configurations in this article, then you should buy and read The Linux Command Line, 2nd Edition: A Complete Introduction by William Shotts.