Set Up LibreNMS on Ubuntu 20.04

LibreNMS is an open source auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

This tutorial will walk you through the steps to set up LibreNMS on and Ubuntu 19 or 20.04.

Prerequisites

You will need one (physical or virtual) machine installed with Ubuntu having sudo non-root user privileges.

Set Timezone

Since this is your fresh installation of Ubuntu, you will need to correct timezone of your server and make sure you replace highlighted text to reflect yours:
sudo timedatectl set-timezone Asia/Karachi

Installing PHP

You will need to install PHP and few of its extensions commonly used with librenms:
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install acl curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools

Configuring PHP

You also need to make few changes in PHP configuration file like below:
sudo nano /etc/php/7.4/cli/php.ini
Search for cgi.fix_pathinfo parameter, uncomment and change its value like below:
cgi.fix_pathinfo=0
Save and close file.

Now edit /etc/php/7.4/fpm/php.ini file:
sudo nano /etc/php/7.4/fpm/php.ini
Uncomment and update its value with your timezone:
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone

date.timezone = Asia/Karachi
Save and close.

Edit the /etc/php/7.4/cli/php.ini file:
sudo nano /etc/php/7.4/cli/php.ini
Uncomment date.time parameter and update its value with your timezone:
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone

date.timezone = Asia/Karachi
Save and close.

Restart PHP service to take changes into effect:
sudo systemctl restart php7.4-fpm

Installing Database

We will install and use MariaDB as our database server:
sudo apt-get -y install mariadb-client mariadb-server

Securing Database

You will need to run following script and follow on screen instruction to secure your database like below:
sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Installing Web Server

We will install and use Nginx as our web server:
sudo apt-get -y install nginx-full

Adding LibreNMS User

Type the following commands to add a librenms user:
sudo useradd librenms -d /opt/librenms -M -r

sudo usermod -a -G librenms www-data

Creating Database

You need to create a database to use with librenms like below:
sudo mysql -u root -p
Type the following at mysql prompt to create a database, user and password:
CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;

CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'librenms';

GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';

FLUSH PRIVILEGES;

exit
Now edit 50-server.cnf file:
sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
Within the [mysqld] section, add below parameters:
innodb_file_per_table=1
sql-mode=""
lower_case_table_names=0
Save and close file when you finished.

Restart MariaDB service to take changes into effect:
sudo systemctl restart mariadb

Downloading LibreNMS

Now you need to download librenms on your Ubuntu server like below:
cd /opt

sudo git clone https://github.com/librenms/librenms.git librenms

Configuring Nginx

Create a librenms configuration file within nginx to make its web interface accessible:
sudo nano /etc/nginx/sites-available/librenms.conf
Add the below parameters and make sure you replace your_server_name_or_ip with yours:
server {
 listen      80;
 server_name your_server_name_or_ip;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location /api/v0 {
  try_files $uri $uri/ /api_v0.php?$query_string;
 }
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 }
 location ~ /\.ht {
  deny all;
 }
}
Save and close file when you are finished.

Now you need to create a symbolic link to librenms.conf file like below:
sudo ln -s /etc/nginx/sites-available/librenms.conf /etc/nginx/sites-enabled/

sudo unlink /etc/nginx/sites-enabled/default
Restart the service to take changes into effect:
sudo systemctl restart nginx

sudo systemctl restart php7.4-fpm

Configuring SNMPD

Type the following commands to configure snmp to use with librenms:
sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo nano /etc/snmp/snmpd.conf
Replace the text which says RANDOMSTRINGGOESHERE and set your own community string like below:
com2sec readonly  default         public
Save and close when you are finished
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro

sudo chmod +x /usr/bin/distro

sudo systemctl restart snmpd

Adding CronJob

sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. You can rotate out the old logs using the below logrotate config file:
sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Applying Permissions

sudo chown -R librenms:librenms /opt/librenms

sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs

sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs

Run Composer Wrapper

You will need to run composer wrapper script from /opt/librenms directory like below:
sudo su - librenms
/opt/librenms/scripts/composer_wrapper.php install --no-dev
You will see the output similar to the below while running composer wrapper script and it will take few minutes to complete.


When its done, type the exit command to return back to sudo non-root user terminal:
exit

Adding Firewall Rules

If you have activated firewall on your Ubuntu, you need to allow few ports from the firewall like below:
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 161/udp
sudo ufw enable
Run the 'ufw status' command to see the firewall status.
sudo ufw status

LibreNMS Web Installer

In this step, you will run LibreNMS web installer by navigating to http://your_server_name or http://your_server_ip in the web browser address bar and press Enter.

You will see the below install.php page showing the result of pre-install checks. Make sure all status are installedyes as shown in the screenshot below.

Click 'Next Stage' to continue.


Provide database credentials you created earlier and click Next Stage.


This will import librenms database schema and when you see Success click Goto Add User


Add a user, this will be your librenms administrative user:


Click Generate Config


Now stop here and copy this entire script:


Go back to Ubuntu terminal and create config.php file like below:
sudo nano /opt/librenms/config.php
Paste entire script into it, save and close the file when you are finished.

Update the permission
sudo chown -R librenms:librenms /opt/librenms
Now run the validation check
sudo /opt/librenms/validate.php
and you will see the output like below:


If you see any warning other than the adding host you got to fix it first before moving to next step:

Now go back to your browser you left unfinished and click Finish:

As you have already done with validation check so you just need to click on validate your install and fix any issues:


This will bring you to the below login page of librenms. You can log in with the user and password you created just a moment ago.


Once log in, you will see the below validation page says all well.


Start adding your devices:


Provide the below info and click Add Device


Device added successfully


Librenms will start collecting data from the added devices to monitor


See below memory utilization graph


Wrapping up

You have successfully completed librenms installation and added localhost as an example of adding device. Now you can start adding your devices like network switches, routers, firewalls, Windows, Linux and Unix servers to monitor their utilization.

3 comments:

  1. 502 Bad Gateway
    after reboot getting this error

    ReplyDelete
    Replies
    1. I would like to see /etc/nginx/conf.d/librenms.conf before proposing you a solution to your problem....For a quick fix, correct below directive if you miss-typed anything:

      server_name your_server_name;

      When accessing your_server_name from a web browser, make sure it is resolving against the ip address of the server you are running librenms on. Also you can access your your_server_ip instead of your_server_name.

      Delete
    2. I'm a newbie: I get this error when i try to restart nginx and appache

      siri@trektech:/$ systemctl status nginx.service
      ● nginx.service - A high performance web server and a reverse proxy server
      Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
      Active: failed (Result: exit-code) since Wed 2020-09-02 19:46:05 CDT; 56s ago
      Docs: man:nginx(8)
      Process: 87975 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

      Sep 02 19:46:05 trektech systemd[1]: Starting A high performance web server and a reverse proxy server...
      Sep 02 19:46:05 trektech nginx[87975]: nginx: [emerg] open() "/etc/nginx/sites-enabled/example.com" failed (2: No such file or directory) in /etc/ngi>
      Sep 02 19:46:05 trektech nginx[87975]: nginx: configuration file /etc/nginx/nginx.conf test failed
      Sep 02 19:46:05 trektech systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
      Sep 02 19:46:05 trektech systemd[1]: nginx.service: Failed with result 'exit-code'.
      Sep 02 19:46:05 trektech systemd[1]: Failed to start A high performance web server and a reverse proxy server.

      [5]+ Stopped systemctl status nginx.service
      siri@trektech:/$ systemctl status apache2.service
      ● apache2.service - The Apache HTTP Server
      Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
      Active: failed (Result: exit-code) since Wed 2020-09-02 19:40:48 CDT; 7min ago
      Docs: https://httpd.apache.org/docs/2.4/

      Sep 02 19:40:48 trektech systemd[1]: Starting The Apache HTTP Server...
      Sep 02 19:40:48 trektech apachectl[87037]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/sit>
      Sep 02 19:40:48 trektech apachectl[87025]: Action 'start' failed.
      Sep 02 19:40:48 trektech apachectl[87025]: The Apache error log may have more information.
      Sep 02 19:40:48 trektech systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
      Sep 02 19:40:48 trektech systemd[1]: apache2.service: Failed with result 'exit-code'.
      Sep 02 19:40:48 trektech systemd[1]: Failed to start The Apache HTTP Server.

      [6]+ Stopped systemctl status apache2.service
      siri@trektech:/$

      Delete

Powered by Blogger.