Hi All,
Started to integrate Oxidized with Librenms, but I am stuck in half-way. This is what I have done so far:
1 - Installed oxidized:
2 - Created user for oxidize, run oxidized to create default config.
3 - Added new source to the config
4- Configured external/oxidized in Librenms global config
./validate.php
===========================================
Component | Version
--------- | -------
LibreNMS | 23.10.0-70-g3768e5944 (2023-11-14T23:20:23+01:00)
DB Schema | 2023_11_04_125846_packages_increase_name_column_length (273)
PHP | 8.2.12
Python | 3.9.2
Database | MariaDB 10.5.21-MariaDB-0+deb11u1
RRDTool | 1.7.2
SNMP | 5.9
===========================================
[OK] Composer Version: 2.6.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service not detected
[OK] Locks are functional
[OK] Python poller wrapper is polling
[OK] Redis is unavailable
[OK] rrd_dir is writable
[OK] rrdtool version ok
CONFIG FILES:
nginx config:
server {
listen 443 ssl http2;
server_name netmon.example.com;
root /opt/librenms/html;
index index.php;
charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
ssl_certificate /etc/nginx/ssl/netmon.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/netmon.example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /api/v0 {
try_files $uri $uri/ /api_v0.php?$query_string;
}
location ~ \.php {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm-librenms.sock;
}
location ~ /\.ht {
deny all;
}
#--------------> smokeping start / 2023-11-14
# Browsing to `http://yourlibrenms/smokeping/` should bring up the smokeping web interface
location = /smokeping/ {
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/smokeping.cgi;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location ^~ /smokeping/ {
alias /usr/share/smokeping/www/;
index smokeping.cgi;
gzip off;
}
#--------------> smokeping end
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
# Redirect http requests to https
server {
listen 80;
server_name netmon.example.com;
return 301 https://netmon.example.com$request_uri;
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
Oxidized config:
---
username: test
password: test
model: junos
resolve_dns: true
interval: 3600
use_syslog: true
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: netmon.example.com:8888
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/home/oxidized/.config/oxidized/pid"
crash:
directory: "/home/oxidized/.config/oxidized/crashes"
hostnames: false
stats:
history_size: 10
input:
default: ssh
debug: false
ssh:
secure: false
ftp:
passive: true
utf8_encoded: true
output:
default: git
git:
user: Oxidized
email: [email protected]
repo: "~/.config/oxidized/oxidized.git"
source:
default: http
debug: true
http:
url: https://netmon.example.com/api/v0/oxidized
scheme: https
secure: false
map:
name: hostname
model: os
group: group
headers:
X-Auth-Token: xxx
model_map:
juniper: junos
cisco: ios
Librenms config:
VERIFICATION:
Oxidized starts:
oxidized
Puma starting in single mode...
* Version 3.11.4 (ruby 2.7.4-p191), codename: Love Song
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://netmon.example.com:8888
Use Ctrl-C to stop
Oxidized able to save config:
git ls-files -s
100644 b797a8c2a231b6eaa1522d5f1125ec85b50a677d 0 10.1.69.10
API is working:
curl -k -X GET -H 'X-Auth-Token:xxx' -i https://netmon.example.com/api/v0/oxidized
HTTP/2 200
server: nginx/1.18.0
content-type: application/json
cache-control: no-cache, private
date: Wed, 15 Nov 2023 10:49:35 GMT
strict-transport-security: max-age=15768000
[
{
"hostname": "localhost",
"os": "linux",
"ip": "127.0.0.1"
},
{
"hostname": "10.1.69.10",
"os": "routeros",
"ip": "10.1.69.10"
},
{
ISSUES:
- Cannot see any config in Librenms (under Device > Config, nor under Tools > Oxidized) When I hit “Refresh” got this error:
(No error logs in librenms.log)
- When I try connect to oxidized Rest webpage (https://netmon.exaple.com:8888) I got this error log from oxidized:
HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
and firefox:
2.1 When I try with curl:
curl -v https://netmon.example.com:8888
* Trying 10.1.22.12:8888...
* Connected to netmon.example.com (10.1.22.12) port 8888 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
It looks like for me that oxidize able to connect to Librenms and get the list of devices, however I do not see groups collected…
What do I missing here?
Any advise welcome, thanks a lot!