How to Install LibreNMS on CentOS 7

LibreNMS is an auto discovering PHP/MySQL/SNMP based network monitoring tool using CDP, FDP, LLDP, OSPF, BGP, SNMP, and ARP. It includes large range of network hardware and operating systems including Cisco, Juniper, Palo Alto, Windows & Linux Servers, APC and lot more.

In this tutorial, we will explain how to install and configure LibreNMS on CentOS 7

Requirement

  • HTTP server running Apache
  • PHP version 7.4
  • PHP Basic Extensions - mysqlnd, gd, mod_php, cli, curl, snmp, zip, process, memcached, mbstring, xml,
  • MariaDB database 10.4
Update System

sudo yum update

Install EPEL and Remi repositories

Install and Enable EPEL and Remi repository.

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Install yum-utils, it is a collection of tools and programs for managing yum repositories, installing debug packages, source packages, extended information from repositories and administration.

sudo yum install yum-utils

Install Required Packages

sudo yum install vim git unzip cronie fping jwhois ImageMagick mtr MySQL-python net-snmp net-snmp-utils nmap rrdtool python3 python-memcached policycoreutils-python python3-pip python3-PyMySQL python3-redis

Install PHP

Use the yum-config-manager program to enable Remi repository as the default repository for installing PHP 7.4 version.

sudo yum-config-manager --enable remi-php74

Install PHP and the required extensions.

sudo yum install php mod_php php-cli php-common php-curl php-gd php-mbstring php-process php-snmp php-xml php-zip php-memcached php-mysqlnd

Configure PHP timezone to your preferred time zone in php.ini file.

sudo vim /etc/php.ini

Uncomment date.timezone =
date.timezone = Asia/Kolkata

Install Apache

sudo yum install httpd

Start and enable the Apache service at boot time.

sudo systemctl start httpd
sudo systemctl enable httpd

Configure librenms apache configuration file.

vim /etc/httpd/conf.d/librenms.conf

<VirtualHost *:80>
DocumentRoot /var/www/html/librenms/html/
ServerName localhost


AllowEncodedSlashes NoDecode
<Directory "/var/www/html/librenms/html/">

Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
</VirtualHost>

Reboot apache service

systemctl restart httpd

Install MariaDB Database

By default CentOS 7 base repository comes with MariaDB 5.5 version, but we will install the latest version of MariaDB 10.4

Create repo for MariaDB 10.4

sudo vim /etc/yum.repos.d/MariaDB.repo

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Install MariaDB and its dependencies

sudo yum install MariaDB-server

Start and enable the MariaDB Server service at boot time.

sudo systemctl start mariadb
sudo systemctl enable mariadb

Configure MariaDB

sudo mysql_secure_installation

Create Database for osTicket Server

sudo mysql -u root -p

CREATE DATABASE librenmsdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenmsuser'@'localhost' IDENTIFIED BY 'Linuxyogi@123';
GRANT ALL PRIVILEGES ON librenmsdb.* TO 'librenmsuser'@'localhost';
FLUSH PRIVILEGES;

Add below within the [mysqld] section in /etc/my.cnf.d/server.cnf file.

vim /etc/my.cnf.d/server.cnf

[mysqld]
innodb_file_per_table=1
lower_case_table_names=0

Reboot MariaDB service

sudo systemctl restart mariadb

Download LibreNMS

Download the LibreNMS packages at document root directory.

cd /var/www/html/
git clone https://github.com/librenms/librenms.git

Add librenms user

Add librenms user and add it to "apache" group.

useradd librenms -d /var/www/html/librenms -M -r
usermod -a -G librenms apache

Reboot apache service

systemctl restart httpd

Configure SELinux

Change SELinux mode to Permissive (recommended). Edit the /etc/selinux/config file as follows and reboot the system.

sudo vim /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.

SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.

SELINUXTYPE=targeted

The "semanage fcontext" command is used to configure the contexts needed by LibreNMS. (File context contains additional information (such as SELinux user, role, type and level) to make access control decisions).

semanage fcontext -a -t httpd_sys_content_t '/var/www/html/librenms/logs(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/librenms/logs(/.*)?'
restorecon -RFvv /var/www/html/librenms/logs/
semanage fcontext -a -t httpd_sys_content_t '/var/www/html/librenms/rrd(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/librenms/rrd(/.*)?'
restorecon -RFvv /var/www/html/librenms/rrd/
semanage fcontext -a -t httpd_sys_content_t '/var/www/html/librenms/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/librenms/storage(/.*)?'
restorecon -RFvv /var/www/html/librenms/storage/
semanage fcontext -a -t httpd_sys_content_t '/var/www/html/librenms/bootstrap/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/librenms/bootstrap/cache(/.*)?'
restorecon -RFvv /var/www/html/librenms/bootstrap/cache/
semanage fcontext -a -t httpd_sys_content_t '/var/www/html/librenms/cache(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/librenms/cache(/.*)?'
restorecon -RFvv /var/www/html/librenms/cache/
setsebool -P httpd_can_sendmail=1

restorecon -RFv /var/www/html/librenms

To proceed further temporarily disable the SELinux mode with the following command. This change is valid for the current runtime session only.

sudo setenforce 0

Allow fping

fping is a program to send ICMP echo probes to network hosts, similar to ping, but much better performing when pinging multiple hosts.

cd /var/www/html/librenms

vim http_fping.tt

module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}


#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

Run below commands

checkmodule -M -m -o http_fping.mod http_fping.tt
semodule_package -o http_fping.pp -m http_fping.mod
semodule -i http_fping.pp

Set Permissions

Assign permissions to "librenms" user account on "librenms" directory at root directory.

chown -R librenms:librenms /var/www/html/librenms
chmod 770 /var/www/html/librenms
setfacl -d -m g::rwx /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/ /var/www/html/librenms/cache
setfacl -R -m g::rwx /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/ /var/www/html/librenms/cache

Install PHP dependencies

Install required PHP dependencies with "librenms" user. (It is recommended to user non root user to install PHP dependencies)

su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

Allow access from Firewall

Allow TCP ports 80 or 443 from Firewall for LibreNMS web installer and Dashboard access.

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Configure Snmpd

Copy the example snmpd.conf from the LibreNMS install.

cp /var/www/html/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

Configure snmpd file. Replace "RANDOMSTRINGGOESHERE" and set your own community string. In below example it is replaced with "linuxyogisnmp".

vim /etc/snmp/snmpd.conf

#Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
com2sec readonly default linuxyogisnmp

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro

Start and enable the snmpd service at boot time.

sudo systemctl start snmpd
sudo systemctl enable snmpd

Configure Cron Job

cp /var/www/html/librenms/librenms.nonroot.cron /etc/cron.d/librenms

Configure logrotate

LibreNMS keeps logs in /var/www/html/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs use the provided logrotate config file.

cp /var/www/html/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Additional configuration

sudo ln -s /var/www/html/librenms/lnms /usr/bin/lnms
sudo cp /var/www/html/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

Set permission again

sudo chown -R librenms:librenms /var/www/html/librenms
sudo setfacl -d -m g::rwx /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/
sudo chmod -R ug=rwX /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/

Delete all modified and untracked files

cd /var/www/html/librenms
sudo ./scripts/github-remove -d

Web Installation to Setup LibreNMS

Open browser and navigate to http://<server-ip>/librenms and make sure all prerequisites are marked green. Click Continue.

example- http://10.0.0.10/librenms

Fill the Database details, like Database host, Database port, Database name, Database username and Database password for Database connection. Click Check Credentials.

Click "Build Database" to configure sql database schema.

Configure admin user account.

Click (✔ ) icon to validate configuration.

Click on "validate your install" or open new tab on browser and navigate to http://<server-ip>/librenms for Admin panel access.

example: http://10.0.0.10/librenms

Validation Page

*Note: There might be possibility to get validation error for different fields, most probably under "Users" section. To fix that you can use below commands.

sudo chown -R librenms:librenms /var/www/html/librenms
sudo setfacl -d -m g::rwx /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/
sudo chmod -R ug=rwX /var/www/html/librenms/rrd /var/www/html/librenms/logs /var/www/html/librenms/bootstrap/cache/ /var/www/html/librenms/storage/