From 9dc28a1cf63b6498308509482103e9014f0e9106 Mon Sep 17 00:00:00 2001
From: Tristan Ancelet <tristanancelet@yahoo.com>
Date: Sat, 11 Nov 2023 15:03:41 -0600
Subject: [PATCH] Just mocked up a script to install LibreNMS, my coworker
 want's us to use this for network monitoring instead of zabbix. So I thought
 I might give it a try

---
 install-librenms.sh | 212 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 212 insertions(+)
 create mode 100755 install-librenms.sh

diff --git a/install-librenms.sh b/install-librenms.sh
new file mode 100755
index 0000000..6fd7605
--- /dev/null
+++ b/install-librenms.sh
@@ -0,0 +1,212 @@
+#!/usr/bin/bash
+
+: "
+install-librenms.sh
+
+This is just a script I created to handle automating the installation of LibreNMS on a CentOS8 (any rhel v8 base distro will work) host
+
+I will update it after getting my own instance setup in my lab, as my coworkers are wanting to use this for work. Will design it to actually handle settings already being set (so it will skip the un-necessary steps)
+
+"
+
+# BEGIN: Variables
+
+## These are variables that will be used often throughout the script. So Putting them here to easily change for your deployment.
+
+## Settings or values
+TIMEZONE=America/Chicago
+SQL_PASSWORD="testpass"
+FQDN=librenms.example.com
+LIBRENMS_ROOT=/opt/librenms
+SNMP_COMMUNITY=lab
+
+## Config Files that need to be interacte with throughout the script
+SELINUX_CONFIG=/etc/selinux/config
+PHP_ini=/etc/php.ini
+MARIADB_CONF=/etc/my.cnf.d/mariadb-server.cnf
+PHP_FPM_LIBRENMS=/etc/php-fpm.d/librenms.conf
+LIBRENMS_HTTPD_CONF=/etc/httpd/conf.d/librenms.conf
+DEFAULT_PHP_FPM_CONF=/etc/php-fpm.d/www.conf
+LIBRENMS_SNMP_CONF=$LIBRENMS_ROOT/snmpd.conf.example
+SNMP_CONF=/etc/snmp/snmpd.conf
+LIBRENMS_CRON=$LIBRENMS_ROOT/librenms.cron
+LIBRENMS_CRON_DEST=/etc/cron.d/librenms
+LIBRENMS_LOGROTATE_CONF=/opt/librenms/misc/librenms.logrotate 
+LIBRENMS_LOGROTATE_DEST=/etc/logrotate.d/librenms
+
+
+## For socket changes in PHP_FPM_LIBRENMS
+NEW_SOCKET=/run/php-fpm-librenms.sock
+OLD_SOCKET=/run/php-fpm/www.sock
+
+# END: Variables
+
+
+# BEGIN: Work
+
+## Install Dependencies
+dnf -y install epel-release
+dnf -y install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
+dnf module reset php
+dnf module enable php:remi-8.1
+dnf install bash-completion cronie fping gcc git httpd ImageMagick mariadb-server mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-gmp php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-devel python3-PyMySQL python3-redis python3-memcached python3-pip python3-systemd rrdtool unzip
+
+## Add librenms user
+useradd librenms -d $LIBRENMS_ROOT -M -r -s "$(which bash)"
+
+## Download LibreNMS
+cd `dirname $LIBRENMS_ROOT`
+git clone https://github.com/librenms/librenms.git
+
+## Set Permissions
+chown -R librenms:librenms $LIBRENMS_ROOT
+chmod 771 $LIBRENMS_ROOT
+setfacl -d -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/
+setfacl -R -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/
+
+## Install php deps
+su - librenms <<< "
+./scripts/composer_wrapper.php install --no-dev
+exit
+"
+
+## Set timezones
+### Have to change the / in America/Chicago to \/ (America\/Chicago) so that it doesn't cause problems with sed
+TIMEZONE_CLEANED="${TIMEZONE/\//\\/}"
+
+### Make backup
+cp $PHP_ini{,.bak}
+sed -i s"/\#date.timezone=/date.timezone=$TIMEZONE_CLEANED/" $PHP_ini
+
+### Configure timezone with system
+timedatectl set-timezone $TIMEZONE
+
+## Configure MariaDB
+### Make backup of file
+cp $MARIADB_CONF{,.bak}
+### Configure options in mariadb-server.cnf
+sed -i s'/\[mysqld\]/\[mysqld\]\ninnodb_file_per_table=1\nlower_case_table_names=0/' $MARIADB_CONF
+
+#systemctl enable --now mariadb
+systemctl enable mariadb
+systemctl restart mariadb
+
+## Create the librenms user in mysql/mariadb-server
+mysql -u root <<EOF
+CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+CREATE USER 'librenms'@'localhost' IDENTIFIED BY '$SQL_PASSWORD';
+GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
+exit
+EOF
+
+# Configure PHP-FPM
+cp $DEFAULT_PHP_FPM_CONF $PHP_FPM_LIBRENMS
+## Make Backup
+cp $PHP_FPM_LIBRENMS{,.bak}
+## Replace [www] with [librenms]
+sed -i s'/\[www\]/\[librenms\]/' $PHP_FPM_LIBRENMS
+
+## Change user
+sed -i s'/user = apache/user = librenms/' $PHP_FPM_LIBRENMS
+
+## Change group
+sed -i s'/group = apache/group = librenms/' $PHP_FPM_LIBRENMS
+
+## Change socket
+FROM_SOCKET="${OLD_SOCKET//\//\\/}" # Cleaning
+TO_SOCKET="${NEW_SOCKET//\//\\/}" # Cleaning
+
+### Doing the change
+sed -i s"/listen = $FROM_SOCKET/listen = $TO_SOCKET/" $PHP_FPM_LIBRENMS
+
+## Configure WebServer
+### Remove default config
+rm -f /etc/httpd/conf.d/welcome.conf
+
+cat > $LIBRENMS_HTTPD_CONF <<EOF
+<VirtualHost *:80>
+  DocumentRoot $LIBRENMS_ROOT/html/
+  ServerName $FQDN 
+
+  AllowEncodedSlashes NoDecode
+  <Directory "$LIBRENMS_ROOT/html/">
+    Require all granted
+    AllowOverride All
+    Options FollowSymLinks MultiViews
+  </Directory>
+
+  # Enable http authorization headers
+  <IfModule setenvif_module>
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+  </IfModule>
+
+  <FilesMatch ".+\.php$">
+    SetHandler "proxy:unix:$NEW_SOCKET|fcgi://localhost"
+  </FilesMatch>
+</VirtualHost>
+EOF
+
+
+## Enable webserver and php-fpm
+systemctl enable --now httpd
+systemctl enable --now php-fpm
+
+# Disable Selinux
+SELINUX_STATE=` grep -Eo 'SELINUX=\S+' $SELINUX_CONFIG | cut -d \= -f 2`
+if [[ "${SELINUX_STATE,,}" =~ ^enforcing|permissive$ ]]; then
+	cp $SELINUX_CONFIG{,.bak}
+	sed -i s"/SELINUX=$SELINUX_STATE/SELINUX=disabled/" $SELINUX_CONFIG
+fi
+
+## If the running selinux is still set to enforcing, set it to permissive (will be diabled next boot)
+if [[ `genenforce` == 'Enforcing' ]]; then
+	setenforce 0
+fi
+
+
+## Allow connections through firewall
+### By default Rocky (and most other RedHat family of distros) use firewalld 
+
+if [[ `firewall-cmd --state` == 'running' ]]; then
+	### Using bash expansion 
+	firewall-cmd --zone=public --add-service={http,https}
+	firewall-cmd --zone=public --add-service={http,https} --perm
+fi
+
+
+
+## Setup lnms command completion (via bash-completion)
+ln -s /opt/librenms/lnms /usr/bin/lnms
+cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
+
+
+## Configure SNMP
+cp $LIBRENMS_SNMP_CONF $SNMP_CONF
+### Backup
+cp $SNMP_CONF{,.bak}
+### Replace RANDOMSTRINGGOESHERE with SNMP_COMMUNITY
+sed -i s"/RANDOMSTRINGGOESHERE/$SNMP_COMMUNITY/" $SNMP_CONF
+
+### Setup librenms agent
+curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
+chmod +x /usr/bin/distro
+
+### Restart snmpd to load new settings
+systemctl enable snmpd
+systemctl restart snmpd
+
+### Setup librenms crontab
+cp $LIBRENMS_CRON $LIBRENMS_CRON_DEST
+
+
+## Enable systemd schedulers
+cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/
+
+systemctl enable librenms-scheduler.timer
+systemctl start librenms-scheduler.timer
+
+## Configure logrotate
+cp $LIBRENMS_LOGROTATE_CONF $LIBRENMS_LOGROTATE_DEST
+
+
+# END: Work