#!/usr/bin/bash : " install-librenms.sh This is just a script I created to handle automating the installation of LibreNMS on a CentOS8 (any rhel v8 base distro will work) host I will update it after getting my own instance setup in my lab, as my coworkers are wanting to use this for work. Will design it to actually handle settings already being set (so it will skip the un-necessary steps) " # BEGIN: Variables ## These are variables that will be used often throughout the script. So Putting them here to easily change for your deployment. ## Settings or values TIMEZONE=America/Chicago SQL_PASSWORD="testpass" FQDN=librenms.example.com LIBRENMS_ROOT=/opt/librenms SNMP_COMMUNITY=lab ## Config Files that need to be interacte with throughout the script SELINUX_CONFIG=/etc/selinux/config PHP_ini=/etc/php.ini MARIADB_CONF=/etc/my.cnf.d/mariadb-server.cnf PHP_FPM_LIBRENMS=/etc/php-fpm.d/librenms.conf LIBRENMS_HTTPD_CONF=/etc/httpd/conf.d/librenms.conf DEFAULT_PHP_FPM_CONF=/etc/php-fpm.d/www.conf LIBRENMS_SNMP_CONF=$LIBRENMS_ROOT/snmpd.conf.example SNMP_CONF=/etc/snmp/snmpd.conf LIBRENMS_CRON=$LIBRENMS_ROOT/dist/librenms.cron LIBRENMS_CRON_DEST=/etc/cron.d/librenms LIBRENMS_LOGROTATE_CONF=/opt/librenms/misc/librenms.logrotate LIBRENMS_LOGROTATE_DEST=/etc/logrotate.d/librenms ## For socket changes in PHP_FPM_LIBRENMS NEW_SOCKET=/run/php-fpm-librenms.sock OLD_SOCKET=/run/php-fpm/www.sock # END: Variables # BEGIN: Work ## Install Dependencies dnf -y install epel-release dnf -y install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf module reset php dnf module enable php:remi-8.1 dnf install bash-completion cronie fping gcc git httpd ImageMagick mariadb-server mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-gmp php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-devel python3-PyMySQL python3-redis python3-memcached python3-pip python3-systemd rrdtool unzip ## Add librenms user useradd librenms -d $LIBRENMS_ROOT -M -r -s "$(which bash)" ## Download LibreNMS cd `dirname $LIBRENMS_ROOT` git clone https://github.com/librenms/librenms.git ## Set Permissions chown -R librenms:librenms $LIBRENMS_ROOT chmod 771 $LIBRENMS_ROOT setfacl -d -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/ setfacl -R -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/ ## Install php deps su - librenms <<< " ./scripts/composer_wrapper.php install --no-dev exit " ## Set timezones ### Have to change the / in America/Chicago to \/ (America\/Chicago) so that it doesn't cause problems with sed TIMEZONE_CLEANED="${TIMEZONE/\//\\/}" ### Make backup cp $PHP_ini{,.bak} sed -i s"/\#date.timezone=/date.timezone=$TIMEZONE_CLEANED/" $PHP_ini ### Configure timezone with system timedatectl set-timezone $TIMEZONE ## Configure MariaDB ### Make backup of file cp $MARIADB_CONF{,.bak} ### Configure options in mariadb-server.cnf sed -i s'/\[mysqld\]/\[mysqld\]\ninnodb_file_per_table=1\nlower_case_table_names=0/' $MARIADB_CONF #systemctl enable --now mariadb systemctl enable mariadb systemctl restart mariadb ## Create the librenms user in mysql/mariadb-server mysql -u root < $LIBRENMS_HTTPD_CONF < DocumentRoot $LIBRENMS_ROOT/html/ ServerName $FQDN AllowEncodedSlashes NoDecode Require all granted AllowOverride All Options FollowSymLinks MultiViews # Enable http authorization headers SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetHandler "proxy:unix:$NEW_SOCKET|fcgi://localhost" EOF ## Enable webserver and php-fpm systemctl enable --now httpd systemctl enable --now php-fpm # Disable Selinux SELINUX_STATE=` grep -Eo 'SELINUX=\S+' $SELINUX_CONFIG | cut -d \= -f 2` if [[ "${SELINUX_STATE,,}" =~ ^enforcing|permissive$ ]]; then cp $SELINUX_CONFIG{,.bak} sed -i s"/SELINUX=$SELINUX_STATE/SELINUX=disabled/" $SELINUX_CONFIG fi ## If the running selinux is still set to enforcing, set it to permissive (will be diabled next boot) if [[ `genenforce` == 'Enforcing' ]]; then setenforce 0 fi ## Allow connections through firewall ### By default Rocky (and most other RedHat family of distros) use firewalld if [[ `firewall-cmd --state` == 'running' ]]; then ### Using bash expansion firewall-cmd --zone=public --add-service={http,https} firewall-cmd --zone=public --add-service={http,https} --perm fi ## Setup lnms command completion (via bash-completion) ln -s /opt/librenms/lnms /usr/bin/lnms cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/ ## Configure SNMP cp -f $SNMP_CONF{,.bak} cat $LIBRENMS_SNMP_CONF > $SNMP_CONF ### Backup ### Replace RANDOMSTRINGGOESHERE with SNMP_COMMUNITY sed -i s"/RANDOMSTRINGGOESHERE/$SNMP_COMMUNITY/" $SNMP_CONF ### Setup librenms agent curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro chmod +x /usr/bin/distro ### Restart snmpd to load new settings systemctl enable snmpd systemctl restart snmpd ### Setup librenms crontab cp $LIBRENMS_CRON $LIBRENMS_CRON_DEST ## Enable systemd schedulers cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/ systemctl enable librenms-scheduler.timer systemctl start librenms-scheduler.timer ## Configure logrotate cp $LIBRENMS_LOGROTATE_CONF $LIBRENMS_LOGROTATE_DEST # END: Work