部署環境
- OS: Debian12
- CPU: 2 Sockets, 2 Cores
- RAM: 6G
- Database: MariaDB: 11.4
System Requirement
- LibreNMS
- CPU: 2 Sockets, 4 Cores
- Memory: 2G
- Disk Type: Raid 1, SSD
- Disk Space: 18GB
- Devices: 20
- Ports: 133
- Health sensors: 47
- Load: < 0.1
- MySQL
- CPU: 1 Socket, 2 Cores
- Memory: 2G
- Disk Type: Raid 1, SSD
- Disk Space: 30GB
- Load: < 0.1
安裝前準被
- librenms Domain : moniter.home.pollochang.work
- librenms web server
- Admin User 帳號: polloadmin
- Admin User 密碼: password
- Admin User Email: [email protected]
- 資料庫
- 資料庫名稱: librenms
- 帳號: librenms
- 密碼: password
安裝步驟
安裝資料庫
- MariaDB Server
sudo apt -y install apt-transport-https curl gnupg gnupg2
sudo mkdir -p /etc/apt/keyrings
sudo curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'
- 設定文件: /etc/apt/sources.list.d/mariadb.sources
# MariaDB 11.4 repository list - created 2023-11-20 07:47 UTC
# https://mariadb.org/download/
X-Repolib-Name: MariaDB
Types: deb
# deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# URIs: https://deb.mariadb.org/11.4/debian
URIs: https://mirrors.aliyun.com/mariadb/repo/11.4/debian
Suites: bookworm
Components: main
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp
apt update
# 檢查一下確實可以安裝到指定版本
apt list mariadb-server
# mariadb-server/unknown 1:11.4.4+maria~deb12 amd64
apt install mariadb-server mariadb-client
安裝 librenms
apt install -y lsb-release ca-certificates wget acl curl fping git graphviz imagemagick mariadb-client mtr-tiny nginx-full nmap php-cli php-curl php-fpm php-gd php-gmp php-mbstring php-mysql php-snmp php-xml php-zip python3-dotenv python3-pymysql python3-redis python3-setuptools python3-systemd python3-pip rrdtool snmp snmpd unzip whois python3.11-venv
cd /tmp
wget https://github.com/librenms/librenms/archive/refs/tags/25.1.0.tar.gz
tar -zxf 25.1.0.tar.gz -C /opt/
cd /opt/
ln -s librenms-25.1.0 librenms
新增服務帳號: librenms
useradd librenms -d /opt/librenms -M -r -s "$(which bash)"
chown -R librenms:librenms /opt/librenms*
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
Install PHP dependencies
使用 Python 虛擬環境,因為在 Debian12 引入了 PEP 668,限制了對系統 Python 環境的直接修改。這樣所有的 Python 依賴都會安裝在 ~/librenms-venv 內,而不影響系統環境。
su - librenms
python3 -m venv ~/librenms-venv
source ~/librenms-venv/bin/activate
pip install -r requirements.txt
./scripts/composer_wrapper.php install --no-dev
exit
su - librenms
pip3 install command_runner --break-system-packages
timedatectl set-timezone Asia/Taipei
- /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
innodb_file_per_table=1
lower_case_table_names=0
systemctl enable mariadb
systemctl restart mariadb
mysql -u root
CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit
cp /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/librenms.conf
vim /etc/php/8.2/fpm/pool.d/librenms.conf
- 編輯文件: /etc/php/8.2/fpm/pool.d/librenms.conf
內容如如下:
Change [www] to [librenms]:
; [www]
[librenms]
Change user and group to “librenms”:
user = librenms
group = librenms
Change listen to a unique path that must match your webserver’s config (fastcgi_pass for NGINX and SetHandler for Apache) :
listen = /run/php-fpm-librenms.sock
- 編輯文件: /etc/nginx/sites-enabled/librenms.vhost
server {
listen 80;
server_name moniter.home.pollochang.work;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/run/php-fpm-librenms.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi.conf;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
檢查php時間與資料庫時間是否一致
php -r 'echo date("Y-m-d H:i:s");'
如果錯誤要修正要編輯文件: /etc/php/8.2/fpm/php.ini
date.timezone = "Asia/Taipei"
- /etc/php/8.2/cli/php.ini
date.timezone = "Asia/Taipei"
設定 .env
- /opt/librenms/.env
APP_URL=http://moniter.home.pollochang.work
- /opt/librenms/config.php
$config['base_url'] = 'http://moniter.home.pollochang.work/';
啟動網頁服務
rm /etc/nginx/sites-enabled/default
systemctl reload nginx
systemctl restart php8.2-fpm
Enable lnms command completion
ln -s /opt/librenms/lnms /usr/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
Configure snmpd
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
- /etc/snmp/snmpd.conf
# RANDOMSTRINGGOESHERE
com2sec readonly default polloservermonitor
設定 SNMP 服務
- /etc/snmp/snmpd.conf
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl enable snmpd
systemctl restart snmpd
cp /opt/librenms/dist/librenms.cron /etc/cron.d/librenms
啟用調度程式
cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/
systemctl enable librenms-scheduler.timer
systemctl start librenms-scheduler.timer
設定 logrotate
Copy logrotate config
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
Web installer
- 開啟瀏覽器進行安裝: http://moniter.home.pollochang.work/install
安裝完成之後確保設定文件權限
chown librenms:librenms /opt/librenms/config.php
搬移資料到指定目錄
systemctl stop php8.2-fpm nginx
mkdir -p /data/librenms/
chown librenms:librenms /data/librenms/
sudo mv /opt/librenms/rrd /data/librenms/
sudo mv /opt/librenms/logs /var/log/librenms
sudo mv /opt/librenms/storage /data/librenms/
ln -s /data/librenms/rrd /opt/librenms/rrd
ln -s /var/log/librenms /opt/librenms/logs
ln -s /data/librenms/storage /opt/librenms/storage
LDAP 登入驗證設定
-
準備資訊
- 群組DN資訊:
- 系統管理員: cn=admins,ou=group,dc=home,dc=pollochang,dc=work
- 一般使用者: cn=login,ou=group,dc=home,dc=pollochang,dc=work
- 群組DN資訊:
-
設定文件: /opt/librenms/config.php
# 使用 LDAP 驗證
$config['auth_mechanism'] = "ldap";
### MySQL 驗證(預設已啟用)
$config['auth_mechanism_mysql'] = true;
### LDAP 驗證設定
$config['auth_mechanism_ldap'] = true;
$config['auth_ldap_server'] = 'ldaps://ldap.home.pollochang.work';
# LDAPS 使用 636 端口
$config['auth_ldap_port'] = 636;
$config['auth_ldap_starttls'] = false;
$config['auth_ldap_prefix'] = 'uid=';
$config['auth_ldap_suffix'] = ',ou=People,dc=home,dc=pollochang,dc=work';
### LDAP 綁定帳號
$config['auth_ldap_binddn'] = 'cn=admin,dc=home,dc=pollochang,dc=work';
$config['auth_ldap_bindpassword'] = 'bindpassword';
### LDAP 使用者屬性對應
$config['auth_ldap_uid_attribute'] = 'uid';
$config['auth_ldap_user_dn'] = 'ou=People,dc=home,dc=pollochang,dc=work';
# $config['auth_ldap_user_attr'] = ['uid'];
### LDAP 群組屬性
$config['auth_ldap_groupbase'] = 'ou=group,dc=home,dc=pollochang,dc=work';
$config['auth_ldap_group'] = 'cn';
$config['auth_ldap_groupmemberattr'] = 'memberUid';
$config['auth_ldap_groupobjectclass'] = "posixGroup";
$config['auth_ldap_groups']['admins']['level'] = 10;
$config['auth_ldap_groups']['login']['level'] = 5;
### 啟用 LDAP 除錯(如遇問題可打開)
$config['auth_ldap_debug'] = false;
$config['auth_debug'] = false;
cd /opt/librenms/
systemctl restart php8.2-fpm nginx && php artisan config:clear && php artisan cache:clear
tail -f /opt/librenms/logs/librenms.log
監控設定
設定: /opt/librenms/config.php
監控 proxmox
# 監控 proxmox
$config['enable_proxmox'] = 1;
SNMP
被監控的 pve 主機
apt install libpve-apiclient-perl sudo -y
wget https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox -O /usr/local/bin/proxmox
chmod +x /usr/local/bin/proxmox
- 設定文件: /etc/sudoers.d/snmp
Debian-snmp ALL=(ALL) NOPASSWD: /usr/local/bin/proxmox
被監控的 Linux 主機
在被監控的 Linux 主機上設定 SNMPv3(Simple Network Management Protocol version 3)通常使用 Net-SNMP,並且需要進行加密和驗證設定,以確保安全性。
步驟 1:安裝 SNMP 相關套件
在 Debian/Ubuntu:
sudo apt install snmpd
snmpd vs snmp
- snmpd: 提供本機 snmp 監控資訊
- snmp: 用戶工具端,可以用他來取得其他主機 snmp 監控資訊
在 RHEL/CentOS/Rocky Linux:
sudo dnf install net-snmp net-snmp-utils
步驟 2:建立 SNMPv3 使用者
SNMPv3 需要使用者驗證,因此需要手動建立使用者。
-
停止 SNMP 服務(新增帳戶前必要動作):
sudo systemctl stop snmpd -
使用
net-snmp-create-v3-user工具來建立 SNMPv3 使用者:sudo net-snmp-create-v3-user -ro -A "auth_password" -X "priv_password" -a SHA -x AES snmpuser-ro:建立唯讀(Read-Only)使用者-A "auth_password":設定驗證密碼-X "priv_password":設定加密密碼-a SHA:指定驗證方式為 SHA,值可以設定如下- SHA
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- MD5
-x AES:指定加密方式為 AES- AES
- AES-192
- AES-256
- AES-256-C
- DES
snmpuser:SNMP 使用者名稱
⚠️ 注意:
auth_password和priv_password需至少 8 個字元。- 可選擇
-rw來建立具備讀寫權限的使用者。
步驟 3:修改 SNMP 配置
開啟 SNMP 配置檔案:
sudo nano /etc/snmp/snmpd.conf
確保以下內容存在:
# 僅監聽本機與特定網卡 (例如 eth0)
agentAddress udp:161
# 啟用 SNMPv3 使用者
createUser snmpuser SHA "auth_password" AES "priv_password"
rouser snmpuser authPriv
如果要讓 SNMP 監聽在所有介面:
agentAddress udp:161,udp6:[::1]:161
/etc/snmp/snmpd.conf.d/lab.conf
agentaddress 192.168.1.100
chown root:Debian-snmp /etc/snmp/snmpd.conf.d/pollohome.conf
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.101" port protocol="udp" port="161" accept' --permanent
步驟 4:啟動並啟用 SNMP 服務
sudo systemctl enable snmpd
sudo systemctl restart snmpd
步驟 5:測試 SNMPv3 連線
在本機測試:
snmpwalk -v3 -u snmpuser -l authPriv -a SHA -A "auth_password" -x AES -X "priv_password" localhost sysDescr
在遠端機器測試:
snmpwalk -OQne -v 3 -t 10 -l authPriv -u snmpuser -a SHA -A auth_password -x AES -X priv_password 192.168.1.100 -Os 1.3.6.1.2.1.2.2.1
步驟 6:開放防火牆
如果系統有啟用防火牆,則開放 UDP 161 端口:
sudo firewall-cmd --add-port=161/udp --permanent
sudo firewall-cmd --reload
這樣就成功配置了一台支援 SNMPv3 的 Linux 伺服器,可用於 LibreNMS、Zabbix、Nagios 等監控系統。