Install LibreNMS Network Monitoring Tool on CentOS / RHEL 8 - CentLinux

Latest

Tuesday, 9 February 2021

Install LibreNMS Network Monitoring Tool on CentOS / RHEL 8

Install LibreNMS Network Monitoring Tool on CentOS 8

LibreNMS is a community supported fork of Observium. In this article, you will learn how to install this network monitoring tool on CentOS / RHEL 8.

 

Table of Contents:

 

What is LibreNMS?:

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring software, which includes support for a wide range of network hardware and operating systems including Cisco, Linux, Juniper, Foundry, and many more.

LibreNMS is free, open source and community supported software, that was originally forked from the last GPL-licensed version of Observium.

 

LibreNMS Features:

Here's a brief list of LibreNMS supported features.

  • Auto discovery
  • Alerting
  • Multiple environment sensors support
  • Multiple protocols data collection (STP, OSPF, BGP etc)
  • VLAN, ARP and FDB table collection
  • Customizable Dashboards
  • Device Backup integration (Oxidized, RANCID)
  • Distributed Polling
  • Multiple Authentication Methods (MySQL, LDAP, Active Directory, HTTP)
  • NetFlow, sFlow, IPFIX (NfSen)
  • Service monitoring (Nagios Plugins)
  • Syslog (Integrated, Graylog)
  • Traffic Billing (Quota, 95th Percentile)
  • Two Factor Authentication
  • API
  • Auto Updating

 

Environment Specification:

We are using a minimal CentOS 8 virtual machine with following specifications.

  • CPU - 3.4 Ghz (2 cores)
  • Memory - 2 GB
  • Storage - 20 GB
  • Operating System - CentOS Stream 8.0
  • Hostname – librenms-01.centlinux.com
  • IP Address - 192.168.116.230 /24

 

Updating your Linux Operating System:

You can use PuTTY (or another SSH tool) for connecting with librenms-01.centlinux.com as root user.

Build cache for installed yum repositories by using following Linux command.

# dnf makecache CentOS Stream 8 - AppStream 2.6 kB/s | 4.4 kB 00:01 CentOS Stream 8 - BaseOS 4.1 kB/s | 3.9 kB 00:00 CentOS Stream 8 - Extras 938 B/s | 1.5 kB 00:01 Metadata cache created.

After updating yum cache, you can now update your Linux operating system as follows.

# dnf update -y

Verify the Linux Kernel and Linux distro that we are using in this installation guide.

# uname -r 4.18.0-269.el8.x86_64 # cat /etc/redhat-release CentOS Stream release 8

 

Installing EPEL yum Repository on CentOS 8:

Some of the required software packages are not available in default yum repositories. Therefore you must add EPEL (Extra Packages for Enterprise Linux) yum repository before installing LibreNMS software.

# dnf -y install epel-release

 

Installing Prerequisite Software:

Reset PHP module in yum repository to default stream.

# dnf module reset php Extra Packages for Enterprise Linux Modular 8 - 65 kB/s | 537 kB 00:08 Extra Packages for Enterprise Linux 8 - x86_64 263 kB/s | 8.8 MB 00:34 Last metadata expiration check: 0:00:02 ago on Sun 31 Jan 2021 11:03:58 AM PKT. Dependencies resolved. Nothing to do. Complete!

LibreNMS requires PHP 7.3, therefore, you should enable PHP 7.3 stream by using dnf command.

# dnf module enable -y php:7.3 Last metadata expiration check: 0:01:13 ago on Sun 31 Jan 2021 11:03:58 AM PKT. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Enabling module streams: httpd 2.4 nginx 1.14 php 7.3 Transaction Summary ================================================================================ Complete!

Now, execute the following dnf command to install all the prerequisite software packages, as required by LibreNMS networking monitoring tool.

# dnf install -y bash-completion \ > cronie fping git ImageMagick \ > mariadb-server mtr net-snmp \ > net-snmp-utils nginx nmap \ > php-fpm php-cli php-common \ > php-curl php-gd php-json \ > php-mbstring php-process \ > php-snmp php-xml php-zip \ > php-mysqlnd python3 \ > python3-PyMySQL python3-redis \ > python3-memcached python3-pip \ > rrdtool unzip

 

Create Linux User and Directory:

Create a Linux user to own LibreNMS software files and processes.

# useradd librenms -d /opt/librenms -M -r -s /bin/bash

 

Downloading LibreNMS Network Monitoring Tool:

Now, clone the LibreNMS GitHub repository by using git command.

# cd /opt # git clone https://github.com/librenms/librenms.git Cloning into 'librenms'... remote: Enumerating objects: 7, done. remote: Counting objects: 100% (7/7), done. remote: Compressing objects: 100% (7/7), done. remote: Total 174397 (delta 0), reused 0 (delta 0), pack-reused 174390 Receiving objects: 100% (174397/174397), 183.77 MiB | 175.00 KiB/s, done. Resolving deltas: 100% (122858/122858), done. Updating files: 100% (11584/11584), done.

Adjust permissions on the cloned directory by executing following commands at Linux Bash prompt.

# chown -R librenms:librenms /opt/librenms # chmod 771 /opt/librenms # setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ # setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Connect as librenms user and install PHP libraries as required by LibreNMS network monitoring software.

# su - librenms Last login: Sun Jan 31 11:16:07 PKT 2021 on pts/0 $ ./scripts/composer_wrapper.php install --no-dev ... Discovered Package: darkghosthunter/larapoke Discovered Package: fideloper/proxy Discovered Package: fruitcake/laravel-cors Discovered Package: laravel/tinker Discovered Package: laravel/ui Discovered Package: librenms/laravel-vue-i18n-generator Discovered Package: nesbot/carbon Discovered Package: oriceon/toastr-5-laravel Discovered Package: tightenco/ziggy Discovered Package: wpb/string-blade-compiler Package manifest generated successfully. 55 packages you are using are looking for funding. Use the `composer fund` command to find out more! > LibreNMS\ComposerHelper::postInstall setfacl -R -m g::rwx rrd/ logs/ storage/ bootstrap/cache/ setfacl -d -m g::rwx rrd/ logs/ storage/ bootstrap/cache/ > Illuminate\Foundation\ComposerScripts::postInstall > @php artisan vue-i18n:generate --multi-locales --format=umd > @php artisan view:cache Compiled views cleared! Blade templates cached successfully! > @php artisan optimize Configuration cache cleared! Configuration cached successfully! Route cache cleared! Routes cached successfully! Files cached successfully! > @php artisan config:clear Configuration cache cleared! > scripts/check_requirements.py || pip3 install --user -r requirements.txt || : $ exit logout

 

Installing Composer on CentOS 8 Server:

Install latest stable version of Composer on your Linux server.

# wget https://getcomposer.org/composer-stable.phar --2021-01-31 12:42:00-- https://getcomposer.org/composer-stable.phar Resolving getcomposer.org (getcomposer.org)... 54.36.53.46, 2001:41d0:302:1100::8:104f Connecting to getcomposer.org (getcomposer.org)|54.36.53.46|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2205196 (2.1M) [application/octet-stream] Saving to: âcomposer-stable.pharâ composer-stable.pha 100%[===================>] 2.10M 196KB/s in 9.6s 2021-01-31 12:42:11 (224 KB/s) - âcomposer-stable.pharâ saved [2205196/2205196]

Rename the downloaded file and grant execution permissions on it.

# mv composer-stable.phar /usr/bin/composer # chmod +x /usr/bin/composer

 

Set Linux Server Timezone:

You need to set a common timezone in PHP and Linux operating system.

First edit PHP configuration file.

# vi /etc/php.ini

Find and set following variable in PHP configuration file.

date.timezone = America/New_York

Now, set the same timezone in Linux operating system. You can use the following Linux command for this purpose.

# timedatectl set-timezone America/New_York

 

Configure MySQL Database Server:

Open MySQL configuration file in vim editor.

# vi /etc/my.cnf.d/mariadb-server.cnf

Add following directives under [mysqld] section.

innodb_file_per_table=1 lower_case_table_names=0

Enable and start MySQL database service.

# systemctl enable --now mariadb.service Created symlink /etc/systemd/system/mysql.service â /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/mysqld.service â /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service â /usr/lib/systemd/system/mariadb.service.

Configure MySQL database server for the first time by executing following command at Linux bash prompt.

# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

Login to MySQL shell as root user.

# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 16 Server version: 10.3.27-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>

Create a MySQL database for LibreNMS software. This database will be used by the network monitoring application as it's backend repository.

MariaDB [(none)]> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; Query OK, 1 row affected (0.001 sec)

Create a MySQL database user.

MariaDB [(none)]> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'Str0ngPa55w0rd'; Query OK, 0 rows affected (0.001 sec)

Grant complete permissions on librenms database to librenms user.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; Query OK, 0 rows affected (0.000 sec)

Reload privileges tables and exit from MySQL shell.

MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit Bye

 

Configure PHP-FPM Service:

To configure php-fpm service for your network monitoring tool, create a copy of default configuration file and rename it as librenms.conf.

# cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf

Edit this file in Linux vim editor.

# vi /etc/php-fpm.d/librenms.conf

Locate and Change [www] to [librenms]

Also set following directives therein.

user = librenms group = librenms listen = /run/php-fpm-librenms.sock

 

Configure Nginx Web Server:

Create a Nginx configuration file for LibreNMS and edit it in vim text editor.

# vi /etc/nginx/conf.d/librenms.conf

Add following lines in this file.

server { listen 80; server_name librenms-01.centlinux.com; root /opt/librenms/html; index index.php; charset utf-8; gzip on; gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ [^/]\.php(/|$) { fastcgi_pass unix:/run/php-fpm-librenms.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi.conf; } location ~ /\.(?!well-known).* { deny all; } }

Edit Nginx default configuration file in Linux vim editor.

# vi /etc/nginx/nginx.conf

Find and comment complete 'Server' section in this file.

Enable and start php-fpm and nginx services.

# systemctl enable --now nginx.service php-fpm.service Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service â /usr/lib/systemd/system/nginx.service. Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service â /usr/lib/systemd/system/php-fpm.service.

 

Configure SELinux Policies:

Since, we are using a minimal CentOS 8 Linux server. Therefore, to configure SELinux, you have to install SELinux tools as follows.

# dnf install -y policycoreutils-python-utils

Now execute following command at Linux bash prompt to configure SELinux for LibreNMS network monitoring tool.

# semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/html(/.*)?' # semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/(logs|rrd|storage)(/.*)?' # restorecon -RF /opt/librenms # setsebool -P httpd_can_sendmail=1 # setsebool -P httpd_execmem 1 # chcon -t httpd_sys_rw_content_t /opt/librenms/.env

Create a SELinux policy to allow fping by httpd_t context types.

# cd # vi http_fping.tt

Add following lines therein.

module http_fping 1.0; require { type httpd_t; class capability net_raw; class rawip_socket { getopt create setopt write read }; } #============= httpd_t ============== allow httpd_t self:capability net_raw; allow httpd_t self:rawip_socket { getopt create setopt write read };

Load and apply this SELinux policy on your Linux server.

# checkmodule -M -m -o http_fping.mod http_fping.tt # semodule_package -o http_fping.pp -m http_fping.mod # semodule -i http_fping.pp

 

Configure Linux Firewall:

LibreNMS uses default HTTP ports for its web service. Therefore, execute following commands to allow these ports in Linux Firewall.

# firewall-cmd --zone public --add-service http --add-service https success # firewall-cmd --permanent --zone public --add-service http --add-service https success

 

Configure Bash Completion for LNMS Command:

You can enable bash completion for lnms command, just as you would with other Linux commands.

Execute following commands to configure bash completion for lnms command.

# ln -s /opt/librenms/lnms /usr/bin/lnms # cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

 

Configure SNMPD on your Linux Server:

An snmp sample configuration is provided with LibreNMS networking monitoring software. Create a copy of this sample file and then edit it in a Linux text editor.

# cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf # vi /etc/snmp/snmpd.conf

Edit the text which says RANDOMSTRINGGOESHERE and set your own community string.

Download snmp configuration script and place it in /usr/bin directory.

# curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4637 100 4637 0 0 3233 0 0:00:01 0:00:01 --:--:-- 3231

Grant execution privileges to download file.

# chmod +x /usr/bin/distro

Enable and start SNMPD service.

# systemctl enable --now snmpd.service Created symlink /etc/systemd/system/multi-user.target.wants/snmpd.service â /usr/lib/systemd/system/snmpd.service.

If snmp is new for you then, we recommend that you should buy and read Essential SNMP, Second Edition by Douglas Mauro and Kevin Schmidt.

 

Setup LibreNMS Cron Jobs:

LibreNMS network monitoring software also provides a crontab file. Just copy it in crontab directory to setup required cron jobs.

# cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

 

Configure Logrotate for LibreNMS:

Similarly copy the logrotate configuration file at logrotate directory. This file is also provide in LibreNMS software.

# cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

 

Starting LibreNMS Web Installer:

Open URL http://librenms-01.centlinux.com/install in Google chrome (or another web browser).

The web installer might prompt you to create a config.php file in your LibreNMS install location manually, copying the content displayed on-screen to the file. You are also required to set the ownership of this file.

# vi /opt/librenms/config.php # chown librenms:librenms /opt/librenms/config.php

The web installer perform a prerequisite check. It won't show any warning if you have followed the above steps correctly.

01-install-librenms-network-monitoring-tool-centos-prerequisites

Provide MySQL server connection details and build a database for LibreNMS network monitoring software.

02-install-librenms-network-monitoring-tool-centos-database

03-install-librenms-network-monitoring-tool-centos-database

04-install-librenms-network-monitoring-tool-centos-database

Create an admin user for LibreNMS software.

05-install-librenms-network-monitoring-tool-centos-admin-user

06-install-librenms-network-monitoring-tool-centos-admin-user

LibreNMS installation is completed successfully.

07-install-librenms-network-monitoring-tool-centos-finish

Use admin user to login to LibreNMS web UI.

08-install-librenms-network-monitoring-tool-centos-login

 

Validate LibreNMS Installation:

After installation and configuration of LibreNMS network monitoring software, you can execute validate.php script to check for any issues therein.

# su - librenms Last login: Sun Jan 31 07:07:41 UTC 2021 on pts/0 $ ./validate.php ==================================== Component | Version --------- | ------- LibreNMS | 1.70.1-70-g17f5a3f23 DB Schema | 2020_11_02_164331_add_powerstate_enum_to_vminfo (191) PHP | 7.3.20 Python | 3.6.8 MySQL | 10.3.27-MariaDB RRDTool | 1.7.0 SNMP | NET-SNMP 5.8 ==================================== [OK] Composer Version: 2.0.9 [OK] Dependencies up-to-date. [WARN] You have no devices. [FIX]: Consider adding a device such as localhost: /addhost [OK] Database connection successful [OK] Database schema correct

Our LibreNMS network monitoring server has no issues at all.

 

Conclusion:

We have successfully installed and configured LibreNMS network monitoring tool on CentOS 8. If you faced difficulty understanding the Linux commands and configurations in this article, then you should buy and read The Linux Command Line, 2nd Edition: A Complete Introduction by William Shotts.

No comments:

Post a Comment