Ubuntu 20.04 Update - Base system working

Base system works, rrdcached works, oxidized not working, nginx config needs tweaks, librenms config needs tweaks

files/ubuntu/librenms.conf

@@ -10,15 +10,12 @@ server {
  location / {
   try_files $uri $uri/ /index.php?$query_string;
  }
- location /api/v0 {
-  try_files $uri $uri/ /api_v0.php?$query_string;
- }
- location ~ \.php {
-  include fastcgi.conf;
+ location ~ [^/]\.php(/|$) {
+  fastcgi_pass unix:/run/php-fpm-librenms.sock;
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
-  fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
+  include fastcgi.conf;
  }
- location ~ /\.ht {
+ location ~ /\.(?!well-known).* {
   deny all;
  }
 }

http/ubuntu-20.04/user-data

@@ -0,0 +1,14 @@
+#cloud-config
+autoinstall:
+  version: 1
+  identity:
+    hostname: librenms
+    password: $6$p7TmlCd1WIljlXVE$B8Yr1f6eVvQrlE5qsk3dp6heo1YveUdXBzXwYY5bhMlbcyl9rvZtH0AkW1ntiE2jgYA8GEQ4vx/lsjxYNwHuK.
+    username: vagrant
+  storage:
+    layout:
+      name: lvm
+  update: true
+  ssh:
+    install-server: true
+    allow-pw: true

scripts/ubuntu/cleanup.sh

@@ -6,20 +6,6 @@ SSH_USER=${SSH_USERNAME:-vagrant}
 echo "==> Cleaning up udev rules"
 rm -rf /dev/.udev/
 rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
-
-echo "==> Cleaning up leftover dhcp leases"
-# Ubuntu 10.04
-if [ -d "/var/lib/dhcp3" ]; then
-    rm /var/lib/dhcp3/*
-fi
-# Ubuntu 12.04 & 14.04
-if [ -d "/var/lib/dhcp" ]; then
-    rm /var/lib/dhcp/*
-fi
-
-# Add delay to prevent "vagrant reload" from failing
-echo "pre-up sleep 2" >> /etc/network/interfaces
-
 echo "==> Cleaning up tmp"
 rm -rf /tmp/*
 

scripts/ubuntu/librenms.sh

@@ -4,98 +4,109 @@ if [[ -z "$LIBRENMS_VERSION" ]]; then
   LIBRENMS_VERSION="master"
 fi
 
-sudo add-apt-repository universe
-sudo apt update -y
-sudo apt install -y curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.2-cli php7.2-curl php7.2-fpm php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-snmp php7.2-xml php7.2-zip python-memcache python-mysqldb rrdtool snmp snmpd whois acl python-mysqldb
-
-sudo sh -c "cd /opt; composer create-project --no-dev --keep-vcs librenms/librenms=$LIBRENMS_VERSION librenms"
+apt -y install software-properties-common
+add-apt-repository universe
+apt -y update
+apt -y install acl curl composer fping git graphviz imagemagick mariadb-client mariadb-server mtr-tiny nginx-full nmap php7.4-cli php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mbstring php7.4-mysql php7.4-snmp php7.4-xml php7.4-zip rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools
 
 sudo useradd librenms -d /opt/librenms -M -s /bin/bash
 echo "librenms:CDne3fwdfds" | sudo chpasswd
 sudo usermod -a -G librenms www-data
-sudo cp -r /etc/skel/. /opt/librenms
-
 sudo bash -c 'cat <<EOF > /etc/sudoers.d/librenms
 Defaults:librenms !requiretty
 librenms ALL=(ALL) NOPASSWD: ALL
 EOF'
-
 sudo chmod 440 /etc/sudoers.d/librenms
 
-# Change php to UTC TZ
-sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.2/fpm/php.ini
-sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.2/cli/php.ini
+cd /opt
+git clone https://github.com/librenms/librenms.git
+chown -R librenms:librenms /opt/librenms
+chmod 771 /opt/librenms
+setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
+setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
+cd /opt/librenms
+sudo -u librenms ./scripts/composer_wrapper.php install --no-dev
 
-sudo systemctl enable php7.2-fpm
-sudo systemctl restart php7.2-fpm
+# Change php to UTC TZ
+sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.4/fpm/php.ini
+sudo sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php/7.4/cli/php.ini
+mv /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/librenms.conf
+sed -i "s/user = .*/user = librenms/" /etc/php/7.4/fpm/pool.d/librenms.conf
+sed -i "s/group = .*/group = librenms/" /etc/php/7.4/fpm/pool.d/librenms.conf
+sed -i "s|listen = .*|listen = /run/php-fpm-librenms.sock|" /etc/php/7.4/fpm/pool.d/librenms.conf
+systemctl restart php7.4-fpm.service
+systemctl enable php7.4-fpm.service
+
+ln -s /opt/librenms/lnms /usr/bin/lnms
+cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/
 
 sudo cp /tmp/librenms.conf /etc/nginx/conf.d/librenms.conf
-
 sudo rm -f /etc/nginx/sites-enabled/default
-
 sudo systemctl enable nginx
 sudo systemctl restart nginx
 
 sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms
 
-sudo firewall-cmd --zone public --add-service http
-sudo firewall-cmd --permanent --zone public --add-service http
-sudo firewall-cmd --zone public --add-service https
-sudo firewall-cmd --permanent --zone public --add-service https
-
 sudo apt install -y rrdcached
 sudo mkdir /var/run/rrdcached
 sudo chown librenms:librenms /var/run/rrdcached
 sudo chmod 755 /var/run/rrdcached
 
-sudo bash -c 'cat << EOF > /etc/systemd/system/rrdcached.service
-[Unit]
-Description=Data caching daemon for rrdtool
-After=network.service
-
-[Service]
-Type=forking
-PIDFile=/run/rrdcached.pid
-ExecStart=/usr/bin/rrdcached -w 1800 -z 1800 -f 3600 -s librenms -U librenms -G librenms -B -R -j /var/tmp -l unix:/var/run/rrdcached/rrdcached.sock -t 4 -F -b /opt/librenms/rrd/
-
-[Install]
-WantedBy=default.target
+bash -c 'cat << EOF > /etc/default/rrdcached
+DAEMON=/usr/bin/rrdcached
+DAEMON_USER=librenms
+DAEMON_GROUP=librenms
+WRITE_THREADS=4
+WRITE_TIMEOUT=1800
+WRITE_JITTER=1800
+BASE_PATH=/opt/librenms/rrd/
+JOURNAL_PATH=/var/lib/rrdcached/journal/
+PIDFILE=/run/rrdcached.pid
+SOCKFILE=/run/rrdcached.sock
+SOCKGROUP=librenms
+BASE_OPTIONS="-B -F -R"
 EOF'
+chown librenms:librenms /var/lib/rrdcached/journal/
+systemctl restart rrdcached.service
 
-sudo systemctl daemon-reload
-sudo systemctl enable --now rrdcached.service
 
-sudo bash -c 'cat << EOF > /etc/mysql/mariadb.conf.d/50-server.cnf
-#
-# These groups are read by MariaDB server.
-# Use it for options that only the server (but not clients) should see
-#
-# See the examples of server my.cnf files in /usr/share/mysql/
-#
-
-# this is read by the standalone daemon and embedded servers
+sudo bash -c 'cat << EOF > /etc/mysql/mariadb.conf.d/99-librenms.cnf
 [server]
 innodb_file_per_table=1
 lower_case_table_names=0
+innodb_flush_log_at_trx_commit = 2
 EOF'
 
 sudo systemctl enable mysql
 sudo systemctl restart mysql
 
 mysql_pass="D42nf23rewD";
 
-echo "CREATE DATABASE librenms;
+echo "CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
             GRANT ALL PRIVILEGES ON librenms.*
             TO 'librenms'@'localhost'
             IDENTIFIED BY '$mysql_pass';
             FLUSH PRIVILEGES;" | mysql -u root
 
 sudo cp /opt/librenms/config.php.default /opt/librenms/config.php
+echo \$config[\'db_host\'] = \'localhost\'\; | tee -a /opt/librenms/config.php
+echo \$config[\'db_user\'] = \'librenms\'\; | tee -a /opt/librenms/config.php
+echo \$config[\'db_pass\'] = \'$mysql_pass\'\; | tee -a /opt/librenms/config.php
+echo \$config[\'db_name\'] = \'librenms\'\; | tee -a /opt/librenms/config.php
+echo \$config[\'rrdcached\'] = \'unix:/var/run/rrdcached.sock\'\; | tee -a /opt/librenms/config.php
+
+echo "DB_HOST=localhost" | tee -a /opt/librenms/.env
+echo "DB_DATABASE=librenms" | tee -a /opt/librenms/.env
+echo "DB_USER=localhost" | tee -a /opt/librenms/.env
+echo "DB_PASSWORD=$mysql_pass" | tee -a /opt/librenms/.env
+echo "LIBRENMS_USER=librenms" | tee -a /opt/librenms/.env
+echo "APP_URL=/" | tee -a /opt/librenms/.env
+sed -i '/INSTALL=true/d' /opt/librenms/.env
+
+# This does all the heavy lifting for the DB!
+sudo -u librenms /usr/bin/lnms --force -n migrate
 
-sudo sed -i 's/USERNAME/librenms/g' /opt/librenms/config.php
-sudo sed -i "s/PASSWORD/${mysql_pass}/g" /opt/librenms/config.php
-sudo bash -c "echo '\$config[\"rrdcached\"] = \"unix:/var/run/rrdcached/rrdcached.sock\";' >> /opt/librenms/config.php"
-sudo bash -c "echo '\$config[\"update_channel\"] = \"release\";' >> /opt/librenms/config.php"
+sudo -u librenms /usr/bin/lsnm -n config:set update_channel release
 
 sudo bash -c 'cat <<EOF > /etc/snmp/snmpd.conf
 rocommunity public 127.0.0.1
@@ -108,20 +119,20 @@ sudo chmod +x /usr/bin/distro
 sudo systemctl restart snmpd
 sudo systemctl enable snmpd
 
-sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms
-sudo sed -i "s/16/4/g" /etc/cron.d/librenms
+sudo -u librenms python3 -m pip install --user -r /opt/librenms/requirements.txt
+cp /opt/librenms/misc/librenms.service /etc/systemd/system/librenms.service
+systemctl enable librenms.service
 
-sudo /usr/bin/php /opt/librenms/build-base.php
-sudo /usr/bin/php /opt/librenms/addhost.php localhost public v2c
-sudo /usr/bin/php /opt/librenms/adduser.php librenms D32fwefwef 10
+sudo -u librenms /usr/bin/lnms -n user:add -p D32fwefwef -r admin -n librenms
+sudo -u librenms /usr/bin/lnms -n --v2c device:add localhost
 
 sudo git clone https://github.com/librenms-plugins/Weathermap.git /opt/librenms/html/plugins/Weathermap/
 echo "INSERT INTO plugins SET plugin_name = 'Weathermap', plugin_active = 1;" | mysql -u root librenms
 sudo bash -c "echo '*/5 * * * * librenms /opt/librenms/html/plugins/Weathermap/map-poller.php >> /dev/null 2>&1' >> /etc/cron.d/librenms"
-sudo chmod -R g+w /opt/librenms/html/plugins/Weathermap/configs/
+chown -R librenms:librenms /opt/librenms/html/plugins/Weathermap/
+chmod -R 775 /opt/librenms/html/plugins/Weathermap/configs/
 
 
 sudo chown -R librenms:librenms /opt/librenms
 sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
 sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
-sudo su - librenms -c "git checkout ."

scripts/ubuntu/oxidized.sh

@@ -4,7 +4,8 @@ if [[ "$OXIDIZED" == false ]]; then
     echo "Oxidized support disabled"
     exit 0
 fi
-
+#TODO
+exit 0
 sudo add-apt-repository universe
 sudo apt install -y ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev libicu-dev zlib1g-dev
 sudo gem install oxidized

scripts/ubuntu/syslog-ng.sh

@@ -63,4 +63,4 @@ EOF'
 
 sudo systemctl enable syslog-ng
 sudo systemctl restart syslog-ng
-sudo bash -c "echo '\$config[\"enable_syslog\"] = 1;' >> /opt/librenms/config.php"
+echo \$config[\'enable_syslog\'] = 1\; | tee -a /opt/librenms/config.php

scripts/ubuntu/update.sh

@@ -2,7 +2,6 @@
 
 # locale
 echo "==> Configuring locales"
-apt-get -y purge language-pack-en language-pack-gnome-en
 sed -i -e '/^[^# ]/s/^/# /' /etc/locale.gen
 LANG=en_US.UTF-8
 LC_ALL=$LANG
@@ -16,27 +15,23 @@ sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades
 echo "==> Disabling apt.daily.service"
 systemctl stop apt-daily.timer
 systemctl disable apt-daily.timer
-systemctl mask apt-daily.service
 systemctl daemon-reload
 
 # install packages and upgrade
 echo "==> Updating list of repositories"
-apt-get -y update
+apt -y update
 if [[ $UPDATE  =~ true || $UPDATE =~ 1 || $UPDATE =~ yes ]]; then
-    apt-get -y dist-upgrade
-    apt-get -y autoremove --purge
+    apt -y dist-upgrade
+    apt -y autoremove --purge
 fi
-apt-get -y install build-essential linux-headers-generic
-apt-get -y install ssh nfs-common vim curl perl git
-apt-get -y autoclean
-apt-get -y clean
+apt -y install build-essential linux-headers-generic
+apt -y install ssh nfs-common vim curl perl git
+apt -y autoclean
+apt -y clean
 
 # Remove 5s grub timeout to speed up booting
 sed -i -e 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=0/' \
     -e 's/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="quiet nosplash"/' \
     /etc/default/grub
 update-grub
-# SSH tweaks
-echo "UseDNS no" >> /etc/ssh/sshd_config
-
 exit 0