myscripts/install-librenms.sh

213 lines
6.3 KiB
Bash
Executable File

#!/usr/bin/bash
: "
install-librenms.sh
This is just a script I created to handle automating the installation of LibreNMS on a Rocky 8 machine (any distro will do)
I will update it after getting my own instance setup in my lab, as my coworkers are wanting to use this for work. Will design it to actually handle settings already being set (so it will skip the un-necessary steps)
"
# BEGIN: Variables
## These are variables that will be used often throughout the script. So Putting them here to easily change for your deployment.
## Settings or values
TIMEZONE=America/Chicago
SQL_PASSWORD="testpass"
FQDN=librenms.example.com
LIBRENMS_ROOT=/opt/librenms
SNMP_COMMUNITY=lab
## Config Files that need to be interacted with throughout the script
SELINUX_CONFIG=/etc/selinux/config
PHP_ini=/etc/php.ini
MARIADB_CONF=/etc/my.cnf.d/mariadb-server.cnf
PHP_FPM_LIBRENMS=/etc/php-fpm.d/librenms.conf
LIBRENMS_HTTPD_CONF=/etc/httpd/conf.d/librenms.conf
DEFAULT_PHP_FPM_CONF=/etc/php-fpm.d/www.conf
LIBRENMS_SNMP_CONF=$LIBRENMS_ROOT/snmpd.conf.example
SNMP_CONF=/etc/snmp/snmpd.conf
LIBRENMS_CRON=$LIBRENMS_ROOT/dist/librenms.cron
LIBRENMS_CRON_DEST=/etc/cron.d/librenms
LIBRENMS_LOGROTATE_CONF=/opt/librenms/misc/librenms.logrotate
LIBRENMS_LOGROTATE_DEST=/etc/logrotate.d/librenms
## For socket changes in PHP_FPM_LIBRENMS
NEW_SOCKET=/run/php-fpm-librenms.sock
OLD_SOCKET=/run/php-fpm/www.sock
# END: Variables
# BEGIN: Work
## Install Dependencies
dnf -y install epel-release
dnf -y install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module reset php
dnf module enable php:remi-8.1
dnf install bash-completion cronie fping gcc git httpd ImageMagick mariadb-server mtr net-snmp net-snmp-utils nmap php-fpm php-cli php-common php-curl php-gd php-gmp php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd python3 python3-devel python3-PyMySQL python3-redis python3-memcached python3-pip python3-systemd rrdtool unzip
## Add librenms user
useradd librenms -d $LIBRENMS_ROOT -M -r -s "$(which bash)"
## Download LibreNMS
cd `dirname $LIBRENMS_ROOT`
git clone https://github.com/librenms/librenms.git
## Set Permissions
chown -R librenms:librenms $LIBRENMS_ROOT
chmod 771 $LIBRENMS_ROOT
setfacl -d -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/
setfacl -R -m g::rwx $LIBRENMS_ROOT/rrd $LIBRENMS_ROOT/logs $LIBRENMS_ROOT/bootstrap/cache/ $LIBRENMS_ROOT/storage/
## Install php deps
su - librenms <<< "
./scripts/composer_wrapper.php install --no-dev
exit
"
## Set timezones
### Have to change the / in America/Chicago to \/ (America\/Chicago) so that it doesn't cause problems with sed
TIMEZONE_CLEANED="${TIMEZONE/\//\\/}"
### Make backup
cp $PHP_ini{,.bak}
sed -i s"/\;date.timezone=/date.timezone=$TIMEZONE_CLEANED/" $PHP_ini
### Configure timezone with system
timedatectl set-timezone $TIMEZONE
## Configure MariaDB
### Make backup of file
cp $MARIADB_CONF{,.bak}
### Configure options in mariadb-server.cnf
sed -i s'/\[mysqld\]/\[mysqld\]\ninnodb_file_per_table=1\nlower_case_table_names=0/' $MARIADB_CONF
#systemctl enable --now mariadb
systemctl enable mariadb
systemctl restart mariadb
## Create the librenms user in mysql/mariadb-server
mysql -u root <<EOF
CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY '$SQL_PASSWORD';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit
EOF
# Configure PHP-FPM
cp $DEFAULT_PHP_FPM_CONF $PHP_FPM_LIBRENMS
## Make Backup
cp $PHP_FPM_LIBRENMS{,.bak}
## Replace [www] with [librenms]
sed -i s'/\[www\]/\[librenms\]/' $PHP_FPM_LIBRENMS
## Change user
sed -i s'/user = apache/user = librenms/' $PHP_FPM_LIBRENMS
## Change group
sed -i s'/group = apache/group = librenms/' $PHP_FPM_LIBRENMS
## Change socket
FROM_SOCKET="${OLD_SOCKET//\//\\/}" # Cleaning
TO_SOCKET="${NEW_SOCKET//\//\\/}" # Cleaning
### Doing the change
sed -i s"/listen = $FROM_SOCKET/listen = $TO_SOCKET/" $PHP_FPM_LIBRENMS
## Configure WebServer
### Remove default config
rm -f /etc/httpd/conf.d/welcome.conf
cat > $LIBRENMS_HTTPD_CONF <<EOF
<VirtualHost *:80>
DocumentRoot $LIBRENMS_ROOT/html/
ServerName $FQDN
AllowEncodedSlashes NoDecode
<Directory "$LIBRENMS_ROOT/html/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
# Enable http authorization headers
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
<FilesMatch ".+\.php$">
SetHandler "proxy:unix:$NEW_SOCKET|fcgi://localhost"
</FilesMatch>
</VirtualHost>
EOF
## Enable webserver and php-fpm
systemctl enable --now httpd
systemctl enable --now php-fpm
# Disable Selinux
SELINUX_STATE=` grep -Eo 'SELINUX=\S+' $SELINUX_CONFIG | cut -d \= -f 2`
if [[ "${SELINUX_STATE,,}" =~ ^enforcing|permissive$ ]]; then
cp $SELINUX_CONFIG{,.bak}
sed -i s"/SELINUX=$SELINUX_STATE/SELINUX=disabled/" $SELINUX_CONFIG
fi
## If the running selinux is still set to enforcing, set it to permissive (will be diabled next boot)
if [[ `getenforce` == 'Enforcing' ]]; then
setenforce 0
fi
## Allow connections through firewall
### By default Rocky (and most other RedHat family of distros) use firewalld
if [[ `firewall-cmd --state` == 'running' ]]; then
### Using bash expansion
firewall-cmd --zone=public --add-service={http,https}
firewall-cmd --zone=public --add-service={http,https} --perm
fi
## Setup lnms command completion (via bash-completion)
ln -s /opt/librenms/lnms /usr/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
## Configure SNMP
cp -f $SNMP_CONF{,.bak}
cat $LIBRENMS_SNMP_CONF > $SNMP_CONF
### Backup
### Replace RANDOMSTRINGGOESHERE with SNMP_COMMUNITY
sed -i s"/RANDOMSTRINGGOESHERE/$SNMP_COMMUNITY/" $SNMP_CONF
### Setup librenms agent
curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
### Restart snmpd to load new settings
systemctl enable snmpd
systemctl restart snmpd
### Setup librenms crontab
cp $LIBRENMS_CRON $LIBRENMS_CRON_DEST
## Enable systemd schedulers
cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/
systemctl enable librenms-scheduler.timer
systemctl start librenms-scheduler.timer
## Configure logrotate
cp $LIBRENMS_LOGROTATE_CONF $LIBRENMS_LOGROTATE_DEST
# END: Work