2018年1月29日 星期一

LNMP + Librenms + phpMyAdmin

官方說明文件

主要軟體版本

phpMyAdmin        4.7.7
Librenms Version  1.35-142-g2755763
Web Server  nginx/1.12.2
PHP                       7.1.11
MySQL                 5.5.56-MariaDB
RRDtool               1.4.8

安裝需要軟體
yum install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm



yum install cronie fping git ImageMagick jwhois mariadb mariadb-server mtr
MySQL-python net-snmp net-snmp-utils nginx nmap php71w php71w-cli php71w-common
php71w-curl php71w-fpm php71w-gd php71w-mcrypt php71w-mysql php71w-process
php71w-snmp php71w-xml php71w-zip python-memcached rrdtool wget

cd /opt
git clone https://github.com/librenms/librenms.git librenms
wget https://files.phpmyadmin.net/phpMyAdmin/4.7.7/phpMyAdmin-4.7.7-all-languages.tar.gz

tar -xvf phpMyAdmin-4.7.7-all-languages.tar.gz
mv phpMyAdmin-4.7.7-all-languages phpMyAdmin
ln -s /opt/phpMyAdmin/ /opt/Librenms/html

更改權限+建立使用者
useradd librenms -d /opt/librenms -M -r 
usermod -a -G librenms nginx

更改一下資料庫設定,這個現在不改,以後要改只能砍掉重來
vi/etc/my.cnf.d/server.cnf

[mysqld]
innodb_file_per_table=1 sql-mode="" lower_case_table_names=0
更改時區
vi /etc/php.ini
date.timezone = Asia/Taipei

設定php-fpm
vi /etc/php-fpm.d/www.conf
;user = apache 
user = nginx 
group = nginx ;
listen = 127.0.0.1:9000 
listen = /var/run/php-fpm/php7.1-fpm.sock 
listen.owner = nginx 
listen.group = nginx 
listen.mode = 0660

新增Librenms伺服器
vi /etc/nginx/conf.d/librenms.conf
server { listen 80; server_name librenms.example.com; 建議輸入IP root /opt/librenms/html; index index.php; charset utf-8; gzip on; gzip_types text/css application/javascript text/javascript
application/x-javascript image/svg+xml text/plain
text/xsd text/xsl text/xml image/x-icon;

location / { try_files $uri $uri/ /index.php?$query_string; } location /api/v0 { try_files $uri $uri/ /api_v0.php?$query_string; } location ~ \.php { include fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php-fpm/php7.1-fpm.sock; } location ~ /\.ht { deny all; } }

然後
vi /etc/nginx/nginx.conf 裡面有預設的server 整段砍掉 (我註解會失敗,只能移除)

設定資料夾權限
chown nginx:nginx /var/lib/php/session
chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs

設定開機啟動
systemctl enable mariadb nginx php-fpm snmpd
systemctl restart mariadb nginx php-fpm snmpd

防火牆設定
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

設定排程以及定時清理log
cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

初始設定Mariadb root
mysql_secure_installation

進入IP\phpmyadmin 新增使用者並建立資料庫
直接建立librenms使用者 以及同名資料庫 並給予該資料庫所有權

如果你沒有用SElinux的話 到這裡就結束了,在設定SNMP即可
cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vi /etc/snmp/snmpd.conf
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro

用瀏覽器輸入ip 就會開始進行Librenms安裝
最後會產生一個設定檔
手動建立vi /opt/librenms/config.php 
把設定貼進去,別忘了給與權限
chown librenms:librenms config.php

SELinux 設定
yum install policycoreutils-python

semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/logs(/.*)?'
restorecon -RFvv /opt/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/opt/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/opt/librenms/rrd(/.*)?'
restorecon -RFvv /opt/librenms/rrd/
setsebool -P httpd_can_sendmail=1
setsebool -P httpd_execmem 1

建立一個執行檔
vi http_fping.tt

module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

執行
checkmodule -M -m -o http_fping.mod http_fping.tt
semodule_package -o http_fping.pp -m http_fping.mod
semodule -i http_fping.pp

大功告成
on
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)