本日重點與方向 (TAG): SNMP、Simple Network Management Protocol、LibreNMS、MySQL、Apache2、開源網管系統、NMS、Network Management System
今天將會介紹使用 Bare Metal 進行 LibreNMS 設備監控,因為使用 SNMP 協定進行通訊,SNMP 設定部分請依照各家廠商配置(Ubuntu、Windows 也有軟體跟設定可用),SNMP V1、V2c、V3 在於 LibreNMS 皆可以設定,這邊就是介紹 LibreNMS 安裝與添加設備,還有稍微看一下納管的狀態,詳細的其他設定就不做贅述了,配合一下計算節點算是我們軟體業手上的小劍劍,節點一關機等同於你的武器掉在路上,準備等死或是客戶的電話塞爆你了(老闆海 K 揍爆你),安裝 LibreNMS 進行監控的話,我們就比較可以馬上知道小劍劍掉在路上,掉了馬上撿起來www,並透過告警功能與網頁監控方式,解決設備掉線而你在狀況外的問題了,此外 LibreNMS 感謝 台中軟體開源社群 節省哥 Jason 推薦使用!,詳細的配置與神奇功能與同步機制等等的,可以到 節省哥的Blog 參考 。
參考網站:https://docs.librenms.org/Installation/Installation-Ubuntu-1804-Apache/
LibreNMS 版本更新列表:https://docs.librenms.org/General/Changelog/
timedatectl set-timezone Asia/Taipei
add-apt-repository ppa:ondrej/php
apt-get update
apt-get install php7.2
apt-get install software-properties-common
add-apt-repository universe
apt-get update
apt-get install curl apache2 composer fping git graphviz imagemagick libapache2-mod-php7.2 mariadb-client mariadb-server mtr-tiny nmap php7.2-cli php7.2-curl php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-snmp php7.2-xml php7.2-zip python-memcache python-mysqldb rrdtool snmp snmpd whois
cd /opt
git clone https://github.com/librenms/librenms.git
useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms www-data
chown -R librenms:librenms /opt/librenms
chmod 770 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
su - librenms
./scripts/composer_wrapper.php install --no-dev
exit
apt-get install mariadb-server mariadb-client
apt-get install mysql-server mysql-client
systemctl restart mysql
mysql -uroot -p
CREATE DATABASE ${db-name} CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER '${user-name}'@'localhost' IDENTIFIED BY '${user-passwd}';
GRANT ALL PRIVILEGES ON ${db-name}.* TO '${user-name}'@'localhost';
FLUSH PRIVILEGES;
exit
nano /etc/mysql/mariadb.conf.d/50-server.cnf
nano /etc/mysql/mysql.conf.d/mysqld.cnf
innodb_file_per_table=1
lower_case_table_names=0
systemctl restart mysql
nano /etc/php/7.2/apache2/php.ini
nano /etc/php/7.2/cli/php.ini
# date.timezone
date.timezone = Asia/Taipei
a2enmod php7.2
a2dismod mpm_event
a2enmod mpm_prefork
phpenmod mcrypt
nano /etc/apache2/sites-available/librenms.conf
<VirtualHost *:80>
DocumentRoot /opt/librenms/html/
ServerName librenms.example.com
AllowEncodedSlashes NoDecode
<Directory "/opt/librenms/html/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
</VirtualHost>
a2dissite 000-default
a2ensite librenms.conf
參考功能:https://medium.com/@awonwon/htaccess-with-rewrite-3dba066aff11
a2enmod rewrite
systemctl restart apache2
http://${host-ip}:${host-port}/install.php
nano /opt/librenms/config.php
<?php
## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php!
### Database config
$config['db_host'] = '${mysql-ip}';
$config['db_port'] = '${mysql-port}';
$config['db_user'] = '${db-user}';
$config['db_pass'] = '${db-passwd}';
$config['db_name'] = '${db-name}';
$config['db_socket'] = '';
// This is the user LibreNMS will run as
//Please ensure this user is created and has the correct permissions to your install
$config['user'] = 'librenms';
### Locations - it is recommended to keep the default
#$config['install_dir'] = "/opt/librenms";
### This should *only* be set if you want to *force* a particular hostname/port
### It will prevent the web interface being usable form any other hostname
#$config['base_url'] = "http://librenms.company.com";
### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
### and that your web server has permission to talk to rrdcached.
#$config['rrdcached'] = "unix:/var/run/rrdcached.sock";
### Default community
$config['snmp']['community'] = array("public");
### Authentication Model
$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth
### List of RFC1918 networks to allow scanning-based discovery
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";
# Update configuration
#$config['update_channel'] = 'release'; # uncomment to follow the monthly release channel
#$config['update'] = 0; # uncomment to completely disable updates
http://${host-ip}:${host-port}/login
需要知道設備的區域網路 IP, SNMP Community
這邊會用官方的 snmp-scan.py 腳本進行區網設備抓取,SNMP Community 會依照先前的 confug.php 中的配置進行使用,需要修改的話就是往這邊去調整,因為自動添加的資料會塞在 RAM ,因此需要的 RAM 空間較大的主機,如果使用樹莓派開搞的,建議還是手動用網頁添加為主。
~~
$config['snmp']['community'][] = "your-community";
~~
~~
### List of RFC1918 networks to allow scanning-based discovery
$config['nets'][] = "10.0.0.0/8";
$config['nets'][] = "172.16.0.0/12";
$config['nets'][] = "192.168.0.0/16";
~~
python3 snmp-scan.py
python3 snmp-scan.py 10.0.0.0/24
python3 snmp-scan.py 10.0.0.165
這邊是觀看目前託管的設備,LibreNMS 會自動協助分類,有種類錯誤的下一小節進行設定,我們這邊只要能看到即可,另外抓取時間需要等 5 分鐘才會有穩定的資料,所以需要等待一陣子。
LibreNMS 會有給予設備分類的作法,提供使用者快速找到您社設備,但是如果你有自己的設備種類,或是需要修改 LibreNMS 判斷錯誤的設備種類,這邊可以用此方法進行配置。