A personal snippets to run distributed LibreNMS poller on low-end server resources to monitor hundreds of devices and sensors.
A normal LibreNMS install contains all parts of LibreNMS: - Poller/Discovery workers - RRD (Time series data store) - Database - Webserver (Web UI/API)
Devices monitored with LibreNMS can be grouped together into a poller_group
to pin these devices to a single or a group of designated pollers.
Distributed Polling allows the workers to be spread across additional servers for horizontal scaling. All pollers need to write to the same set of RRD files, shared NFS storage can be used, but I prefer using RRDcached.
It is a required that all pollers can access the central memcached to communicate with each other.
Topology
Actually, the distributed poller setup is very dynamic and can be configured to fit your need. Below are my current setup on what you need to consider both from the software layer but also connectivity.
Node | OS | RAM - CPU | Services | Devices |
---|---|---|---|---|
nms82 | Ubuntu 18.4 | 4GB - 4 Core | Web/API, MariaDB, RRDcached, Redis, Memcached, Syslog | < 9 |
nms83 | Ubuntu 18.4 | 4GB - 4 Core | Poller, Oxidized Config Backup | 62 |
nms84 | Ubuntu 18.4 | 4GB - 4 Core | Poller, Discovery Module | 19 |
bsd-007-c7 | CentOS 7 | 2GB - 4 Core | Poller | 128 |
All machines above is run under Proxmox Linux Container across different location.
For now, this resource (4 core Xeon and 4GB RAM each node) seem to be overkill to monitor about 200 devices, 1800 ports and 1000 sensors including processor, storages, applications, and disk I/O. The master host (nms82) only use about 1.5% of CPU resource and 600 - 1.200 MiB of RAM.
But you may be need to switch from 7,000 RPM HDD to 15,000 RPM SAS drive or SSD for better performance since disk write is pretty high.
Requirements
All this setup need a working LibreNMS install, plus:
rrdtool
version1.7.0
abovephp-memcached
module- a
memcached
server (nms82) - a
rrdcached
server (nms82) - a
redis
server (nms82)
Python Modules:
- Python 3
python-memcached
PyMySQL
python-dotenv
.env loaderredis-py
>3.0
psutil
These can be obtained from OS package manager, or from PyPI with command below (under librenms root directory):
1pip3 install -r requirements.txt
Master Host (Web UI, API, MariaDB, Redis, RRDcached, Memcached) (nms82)
This node become one of most important part which contain additional required server running on this node: Web UI / API, Memcached, RRDcached and Redis server.
Web / API Layer
Based on topology above, the web / API layer will respond to Nginx reverse proxy. This is typically Apache but I prefer using Nginx, here some Nginx backend configuration example for LibreNMS.
1server {
2 listen 80;
3 listen 443 ssl http2;
4 server_name nmshostname.ditatompel.com;
5 error_log /var/log/nginx/nmshostname.ditatompel.com;
6 if ($scheme = http) {
7 return 301 https://$server_name$request_uri;
8 }
9
10 # set your ssl certificates
11 ssl_certificate /path/to/ssl/cert/nmshostname.ditatompel.com/fullchain.pem;
12 ssl_certificate_key /path/to/ssl/cert/nmshostname.ditatompel.com/privkey.pem;
13
14 # This SSL config below that can be included in separaded file
15 ssl_dhparam /path/to/ssl/dhparam.pem;
16 ssl_session_timeout 1d;
17 ssl_session_cache shared:SSL:10m;
18 ssl_session_tickets off;
19 ssl_protocols TLSv1.2 TLSv1.3;
20 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
21 ssl_prefer_server_ciphers off;
22
23 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
24 add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
25
26 add_header X-Frame-Options "SAMEORIGIN";
27 add_header X-Permitted-Cross-Domain-Policies none;
28 add_header X-Content-Type-Options nosniff;
29 add_header X-XSS-Protection "1; mode=block";
30 add_header X-Download-Options noopen;
31 # End of SSL config that can be included in separaded file
32
33 root /opt/librenms/html;
34 index index.php;
35
36 charset utf-8;
37 gzip on;
38 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
39 location / {
40 try_files $uri $uri/ /index.php?$query_string;
41 }
42 location /api/v0 {
43 try_files $uri $uri/ /api_v0.php?$query_string;
44 }
45 location ~ \.php {
46 include fastcgi.conf;
47 fastcgi_split_path_info ^(.+\.php)(/.+)$;
48 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
49 }
50 location ~ /\.ht {
51 deny all;
52 }
53}
Database Server
The pollers, web and API layers should all be able to access the database server directly. Make sure that MariaDB listen to server IP address that can be accessed from other nodes instead of unix socket.
Additionally, you can use stable version of official MariaDB repo instead of distribution repo.
RRD Storage (via RRDCached)
It is advisable to run RRDCached within this setup so that you don’t need to share the rrd folder via a remote file share such as NFS. The web service can then generate rrd graphs via RRDCached.
For this example, I’m running RRDCached to allow all pollers and web/api servers to read/write to the rrd files with the rrd directory.
1apt install rrdcached
Edit /etc/default/rrdcached
:
1DAEMON=/usr/bin/rrdcached
2WRITE_THREADS=4
3BASE_PATH=/opt/librenms/rrd/
4JOURNAL_PATH=/var/lib/rrdcached/journal/
5PIDFILE=/var/run/rrdcached.pid
6SOCKFILE=/var/run/rrdcached.sock
7SOCKGROUP=librenms
8DAEMON_GROUP=librenms
9DAEMON_USER=librenms
10NETWORK_OPTIONS="-L"
11BASE_OPTIONS="-B -F -R"
Change ownership of journal path to librenms
user:
1chown librenms:librenms /var/lib/rrdcached/journal/
Memcached
Memcache is required for the distributed pollers to be able to register to a central location and record what devices are polled. Memcache can run from any of the servers so long as it is accessible by all pollers.
Example memcached config on ubuntu /etc/memcached.conf
:
1# memcached default config file
2# 2003 - Jay Bonci <[email protected]>
3# This configuration file is read by the start-memcached script provided as
4# part of the Debian GNU/Linux distribution.
5
6# Run memcached as a daemon. This command is implied, and is not needed for the
7# daemon to run. See the README.Debian that comes with this package for more
8# information.
9-d
10
11# Log memcached's output to /var/log/memcached
12logfile /var/log/memcached.log
13
14# Be verbose
15# -v
16
17# Be even more verbose (print client commands as well)
18# -vv
19
20# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
21# Note that the daemon will grow to this size, but does not start out holding this much
22# memory
23-m 64
24
25# Default connection port is 11211
26-p 11211
27
28# Run the daemon as root. The start-memcached will default to running as root if no
29# -u command is present in this config file
30-u memcache
31
32# Specify which IP address to listen on. The default is to listen on all IP addresses
33# This parameter is one of the only security measures that memcached has, so make sure
34# it's listening on a firewalled interface.
35#-l 127.0.0.1
36-l 0.0.0.0
37
38# Limit the number of simultaneous incoming connections. The daemon default is 1024
39# -c 1024
40
41# Lock down all paged memory. Consult with the README and homepage before you do this
42# -k
43
44# Return error when memory is exhausted (rather than removing items)
45# -M
46
47# Maximize core file limit
48# -r
49
50# Use a pidfile
51-P /var/run/memcached/memcached.pid
Note: You also need php-memcached
module.
Don’t forget to configure server firewall so, only selecred server and poller can access the memcached server.
Redis
Redis instance needed to coordinate the nodes. It’s recommended that you do not share the Redis database with any other system. By default, Redis supports up to 16 databases (numbered 0-15). On this topic, I use database number 4 for LibreNMS and use chris-lea
PPA for Redis 3+ on Ubuntu:
1add-apt-repository ppa:chris-lea/redis-server
2apt install redis-server
Edit Ubuntu Redis configuration example: (/etc/redis/redis.conf
)
1bind 0.0.0.0
2requirepass YOURSCRETREDISPASSWORD
It’s strongly recommended that you deploy a resilient cluster of redis systems, and use redis-sentinel
.
Poller Hosts (nms83, nms84, bsd-006-c7)
All poller host need working LibreNMS install. All you need to do after that is reconfigure all poller host config connection (Redis, Database, RRDCached, Memcached) to connect to Master Host (nms82).
Connection Configuration on All Nodes
Once all required dependency is installed and running on master hosts, reconfigure it in the .env and config.php file on each node.
Connection settings are required in .env
. The .env
file is generated after composer install
and APP_KEY
and NODE_ID
are set. Remember that the APP_KEY
value must be the same on all pollers and leave NODE_ID
as it.
1#APP_KEY= #Required, generated by composer install
2
3DB_HOST=[YOUR_DATABASE_HOST]
4DB_DATABASE=[YOUR_DATABASE_NAME]
5DB_USERNAME=[YOUR_DATABASE_USER]
6DB_PASSWORD=[YOUR_DATABASE_PASS]
7
8#NODE_ID= #Required, generated by composer install
9LIBRENMS_USER=librenms
10
11# Distributed Polling
12REDIS_HOST=[YOUR_REDIS_HOST_IP]
13REDIS_PORT=6379
14REDIS_PASSWORD=[YOURSCRETREDISPASSWORD]
15REDIS_DB=4
16CACHE_DRIVER=redis
config.php
under LibreNMS directory :
1<?php
2
3$config['distributed_poller'] = true;
4$config['distributed_poller_name'] = php_uname('n');
5$config['distributed_poller_group'] = '0'; # Set this to your prefered group for each node
6
7$config['distributed_poller_memcached_host'] = "[IP_ADDR_OF_MEMCACHED_SERVER]";
8$config['distributed_poller_memcached_port'] = 11211;
9
10
11$config['service_poller_workers'] = 24; # Processes spawned for polling
12$config['service_services_workers'] = 8; # Processes spawned for service polling
13$config['service_discovery_workers'] = 16; # Processes spawned for discovery
14
15
16//Optional Settings
17#$config['service_poller_frequency'] = 300; # Seconds between polling attempts
18#$config['service_services_frequency'] = 300; # Seconds between service polling attempts
19#$config['service_discovery_frequency'] = 21600; # Seconds between discovery runs
20#$config['service_billing_frequency'] = 300; # Seconds between billing calculations
21#$config['service_billing_calculate_frequency'] = 60; # Billing interval
22#$config['service_poller_down_retry'] = 60; # Seconds between failed polling attempts
23#$config['service_loglevel'] = 'WARNING'; # Must be one of 'DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'
24#$config['service_update_frequency'] = 86400; # Seconds between LibreNMS update checks
25
26$config['service_watchdog_enabled'] = true;
A systemd unit file is provided - the sysv and upstart init scripts could also be used with a little modification.
A systemd unit file can be found in misc/librenms.service
. To install run cp /opt/librenms/misc/librenms.service /etc/systemd/system/librenms.service && systemctl enable --now librenms.service
.