Automating User permissions

David_Brierley · 17 August 2019 11:53

Hi Guy’s,

First post on here.
I am looking at using LibreNMS for SNMP monitoring where each customer server would be added automatically.

Is there any way using any of the scripts availiable or by directly accessing SQL that I could amend a users permissions.

My flow is as follows:

User registers with our site.
They are provided a management range of 10.x.x.x/24

I will use the usercreate script to create a user on LibreNMS as a normal user forst of all.
However when they create a server I dynamically add a startup script which will inject their snmp community along with the IP of the LibreNMS server to their SNMPd config meaning it should be ready to add.

Can I manually add a device in the CLI / shell?
Can I then add this device to the users allowed device via CLI also. Permissions

This way each time the user add’s a new server it will be added to monitoring and they can access LibreNMS and view the stats for their servers only.

Just wondering if this functionality is supported / has been done before and any pointers to where this data is held so I can modify would be appreciatd.

I checked out the API but seems the endpoints are all GET so nothing for actually adding new users / permissions

David_Brierley · 20 August 2019 20:12

Sussed this out eventually in case anyone else wants to automate adding devices:or create users etc. manually, this way when a new device is deployed it is automatically added to the users permissions list

SSH to NMS
Run the add device with device IP and community string, update SQL device permissions

$z4 I pull from the VM I deploy seperately

set_include_path(get_include_path() . PATH_SEPARATOR . ‘/var/includes/ssh’);
include ‘/var/includes/ssh/Net/SSH2.php’;
include ‘/var/includes/pdo-nms.php’;
// create a new NMS user
// NMS IP address
$nms=“1.1.1.1”;
// SSH to NMS and run adduser script
$ssh = new Net_SSH2($nms);
if (!$ssh->login(‘root’, ‘PASSWORDOFSOMESORT’)) {
exit(‘Login Failed’);
} else {
$resp= $ssh->exec(“php /opt/librenms/addhost.php -g 0 -f -p ifName " . $z4 . " ‘SNMPCOUMUNITY’ v2c 161 udp”);
// Amend user permissions in LibreNMS SQl to allow them access to this device

// get the device ID from SQL
$stmtnms1 = $pdonms->prepare(“SELECT device_id FROM devices WHERE hostname = ?”);
$stmtnms1->execute([$z4]);
$rownms1=$stmtnms1->fetch();
$d=$rownms1[‘device_id’];
$stmtnms1=NULL;

// Update permissions for the user
$stmtnms1 = $pdonms->prepare(“INSERT INTO devices_perms (user_id, device_id) VALUES (?,?)”);
$stmtnms1->execute([$nmsId,$d]);
$stmtnms1=NULL;

For setting up a user

set_include_path(get_include_path() . PATH_SEPARATOR . ‘/var/includes/ssh’);
include ‘/var/includes/ssh/Net/SSH2.php’;
include ‘/var/includes/pdo-nms.php’;

// create a new NMS user
// NMS IP address
$nms=“1.1.1.1”;
// SSH to NMS and run adduser script
$ssh = new Net_SSH2($nms);
if (!$ssh->login(‘root’, ‘PASSWORD’)) {
exit(‘Login Failed’);
} else {
$resp= $ssh->exec(‘php /opt/librenms/adduser.php ’ . $email . ’ ’ . $pass . ’ 1’ );
// update SQL
$stmtnms1 = $pdonms->prepare(“SELECT user_id FROM users WHERE username = ?”);
$stmtnms1->execute([$email]);
$rownms1=$stmtnms1->fetch();
$i=$rownms1[‘user_id’];
$stmtnms1=NULL;
// Now update
$stmtnms2 = $pdo->prepare(“UPDATE users SET nmsId = ? WHERE userEmail = ?”);
$stmtnms2->execute([(int)$i,$email]);
$stmtnms2=NULL;
}

This then updates my sites SQL with the NMS ID which I pull and use when adding the device.

For each device I run the following startup script on firstboot

Script

apt-get update
echo ‘retrieving Distro agent LibreNMS\n’
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo wget -P /etc/one-context.d/ http://1.1.1.1/scripts/snmpcentos.sh
sudo chmod +x /etc/one-context.d/snmpcentos.sh
sudo bash /etc/one-context.d/snmpcentos.sh
sudo service snmpd restart
rm -f /etc/one-context.d/snmpcentos.sh
chmod 444 /sys/devices/virtual/dmi/id/product_serial
chmod +x /usr/bin/distro

Script from NMS server

create a directory so servers can pull these scripts
echo “Installing SNMPD\n”
sudo apt-get install snmpd -y
## Script for OS on boot, install snmpd and set community
echo “Creating SNMP config for Piggybank NMS\n”
cat > /etc/snmp/snmpd.conf << EOF
# Allow SNMP only from Piggybank Cloud NMS
rocommunity COMMUNITY 1.1.1.1/32

group MyROGroup v2c readonly
view all included .1 80
access MyROGroup “” any noauth exact all none none

sysLocation Piggybank Cloud - Leeds UK
sysContact Piggybank Cloud [email protected]

#Distro Detection
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

#SNMP Extends
extend .1.3.6.1.4.1.2021.7890.2 hardware ‘/bin/cat /sys/devices/virtual/dmi/id/product_name’
extend .1.3.6.1.4.1.2021.7890.3 manufacturer ‘/bin/cat /sys/devices/virtual/dmi/id/sys_vendor’
extend .1.3.6.1.4.1.2021.7890.4 serial ‘/bin/cat /sys/devices/virtual/dmi/id/product_serial’
EOF
echo “Restarting snmpd\n”
service snmpd restart