Classes
librenms: Manages the whole LibreNMS installation, on a single nodelibrenms::cron: Manages the cron servicelibrenms::librenms: Manages all LibreNMS resourceslibrenms::mysql: Manages all MySQL resourceslibrenms::oxidized: Manages all Oxidized resourceslibrenms::rrdcached: Manages all RRD and RRDCache resourceslibrenms::snmp: Manages all SNMP resourceslibrenms::testssl: Manages the TestSSL plugin for LibreNMSlibrenms::weathermap: Manages the Weathermap plugin for LibreNMSlibrenms::web_services: Manages all Web related resources (NGINX, PHP and FPM)
Functions
Manages the whole LibreNMS installation, on a single node
# LibreNMS with Oxidized + Weathermap plugins, active Netscaler poller, AD logins, and sample TLS config
class { '::librenms':
config_admin_email => $admin_email,
config_poller_threads => 32,
mysql_librenms_password => $mysql_librenms_password,
mysql_root_password => $mysql_root_password,
oxidized_auth_token => $oxidized_api_token,
oxidized_enabled => true,
oxidized_manage_repo => true,
snmp_location => 'Null Island',
snmp_ro_community => $snmp_ro_community,
weathermap_enabled => true,
config_override_pollers => {
'netscaler-vsvr' => 1,
},
config_raw_input => {
'active_directory.users_purge' => 14, # days
'auth_ad_base_dn' => 'DC=domain,DC=com',
'auth_ad_bindpassword' => $ad_bind_password,
'auth_ad_binduser' => $ad_bind_username,
'auth_ad_check_certificates' => 0,
'auth_ad_domain' => 'domain.com',
'auth_ad_groups.LibreNMS_Admins.level' => 10,
'auth_ad_groups.LibreNMS_Users.level' => 5,
'auth_ad_require_groupmembership' => 1,
'auth_ad_url' => 'ldaps://domain.com',
'auth_mechanism' => 'active_directory',
'authlog_purge' => 15, # days
'oxidized.enabled' => true,
'oxidized.url' => 'http://127.0.0.1:8888',
'oxidized.group_support' => true,
'oxidized.features.versioning' => true,
'oxidized.reload_nodes' => false,
'oxidized.group.os' => [
{ 'match' => 'asa', 'group' => 'cisco-asa-device' },
{ 'match' => 'ios', 'group' => 'cisco-device' },
{ 'match' => 'iosxe', 'group' => 'cisco-device' },
{ 'match' => 'netscaler', 'group' => 'netscaler-device' },
{ 'match' => 'procurve', 'group' => 'procurve-device' },
],
'oxidized.group.hostname' => [
{ 'regex' => '/^switch\d.*/', 'group' => 'switches' },
{ 'regex' => '/^router\d.*/', 'group' => 'routers' },
],
}
# TLS settings are primary taken from these:
# https://ssl-config.mozilla.org/#server=nginx&config=intermediate&ocsp=false
# https://cipherli.st/
nginx_ssl_enable => true,
nginx_ssl_protocols => 'TLSv1.2 TLSv1.3',
nginx_ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', #lint:ignore:140chars
nginx_ssl_cert => "${cert_root_path}/full_cert.pem",
nginx_ssl_key => "${cert_root_path}/cert.key",
nginx_ssl_prefer_server_ciphers => 'on',
nginx_ssl_cache => 'shared:ssl_cache:10m',
nginx_ssl_session_tickets => 'off',
nginx_ssl_session_timeout => '1d',
nginx_ssl_dhparam => "${cert_root_path}/dhparam.pem",
nginx_ssl_headers => {
'Strict-Transport-Security' => 'max-age=31557600',
'X-Frame-Options' => 'DENY',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
},
oxidized_configuration => {
'groups' => $oxidized_config_groups,
'input' => {
'ssh' => {
'secure' => false, # Disable hostkey verification
},
},
'model_map' => {
'procurve' => 'procurve',
'cisco' => 'ios',
'asa' => 'asa',
'ciscowlc' => 'aireos',
'arista' => 'eos'
},
},
}The following parameters are available in the librenms class.
Data type: String
The admin email used for Oxidized and SNMP contact (required)
Data type: Integer
The number of discover pollers should be running at a time
Default value: 1
Data type: Hash
A hash of pollers to enable (1) or disable (0)
Default value: {}
Data type: Integer
The number of pollers should be running at a time
Default value: 16
Data type: Hash
A hash of configuration options for LibreNMS
Default value: {}
Data type: Boolean
Whether to manage the Cron service or not
Default value: false
Data type: Optional[String]
An optional mysqldump to import
Default value: undef
Data type: String
The LibreNMS Linux group name
Default value: 'librenms'
Data type: String
The LibreNMS Linux owner name
Default value: 'librenms'
Data type: Integer
The number of mysql backup revisions to keep on disk
Default value: 5
Data type: String
The ensure value for MySQL client
Default value: 'latest'
Data type: String
The package name for MySQL client
Default value: 'mariadb-client'
Data type: Hash
A hash of configuration options for MySQL
Default value: {}
Data type: String
The password for the LibreNMS database user (required)
Data type: String
The username for the LibreNMS database user
Default value: 'librenms'
Data type: String
The password for the root database user (required)
Data type: String
The ensure value for MySQL server
Default value: 'latest'
Data type: String
The package name for MySQL server
Default value: 'mariadb-server-10.1'
Data type: Boolean
Whether to enable monitoring pages for NGINX and PHP-FPM
Default value: false
Data type: Integer
The number of seconds before the timeout error in NGINX occurs
Default value: 600
Data type: Enum['on','off']
Whether to enable http2 or not
Default value: 'on'
Data type: Integer
The NGINX listen port (http)
Default value: 80
Data type: Boolean
Whether to manage the NGINX repo or not
Default value: false
Data type: Variant[String,Array]
The NGINX server name
Default value: $facts['networking']['fqdn']
Data type: Optional[String]
The size of the buffer used for sending data
Default value: undef
Data type: Optional[String]
The cache string to use (e.g. 'shared:ssl_cache:10m')
Default value: undef
Data type: Optional[Variant[String, Boolean]]
Path to the certificate
Default value: undef
Data type: Optional[String]
Colon seperated string of ciphers to use
Default value: undef
Data type: Optional[String]
Path to a client reference certificate
Default value: undef
Data type: Optional[String]
Path to a file of revoked certificates
Default value: undef
Data type: Optional[String]
Path to the DHPARAM file
Default value: undef
Data type: Optional[String]
Which ECDH curve to use
Default value: undef
Data type: Boolean
Whether to enable SSL/TLS or not
Default value: false
Data type: Optional[Hash]
A hash of SSL/TLS headers to use
Default value: undef
Data type: Optional[Variant[String, Boolean]]
Path to the certificate key
Default value: undef
Data type: Optional[Boolean]
Whether to listen for SSL/TLS traffic or not
Default value: undef
Data type: Integer
The NGINX listen port (https)
Default value: 443
Data type: Optional[Enum['on', 'off']]
Whether to prefer SSL/TLS ciphers or not
Default value: undef
Data type: Optional[String]
Space seperated string of SSL/TLS protocols to use
Default value: undef
Data type: Optional[Integer]
Override $nginx_ssl_port for redirects (generally not needed)
Default value: undef
Data type: Optional[String]
A file containing the secret key used to encrypt and decrypt SSL/TLS session tickets
Default value: undef
Data type: Optional[String]
Whether to use session tickets or not
Default value: undef
Data type: Optional[String]
How long before ssl session times out (e.g. '1d')
Default value: undef
Data type: Optional[Boolean]
Whether to enable OCSP responses or not
Default value: undef
Data type: Optional[String]
When set, the stapled OCSP response will be taken from the specified file instead of querying the OCSP responder specified in the server certificate
Default value: undef
Data type: Optional[String]
Overrides the URL of the OCSP responder specified in the Authority Information Access certificate extension
Default value: undef
Data type: Optional[Boolean]
Whether to enable OCSP verification or not
Default value: undef
Data type: Optional[String]
Path to a file of trusted certificates
Default value: undef
Data type: Optional[String]
Whether to verify clients certificates or not
Default value: undef
Data type: Optional[Integer]
How deep in the client certificates chain to verify
Default value: undef
Data type: Optional[String]
An API token for the Oxidized user (create on in LibreNMS)
Default value: 'SetThisToYourAuthToken!'
Data type: Hash
A hash of configuration options for Oxidized
Default value: {}
Data type: Boolean
Whether to enable Oxidized or not
Default value: false
Data type: Optional[Array]
An array of packages to install before Oxidized
Default value: undef
Data type: String
The path to the Oxidized log
Default value: '/home/oxidized/.config/oxidized/log'
Data type: Boolean
Whether to manage the Oxidized repo or not
Default value: false
Data type: Optional[Array]
An array of gems to install before Oxidized
Default value: undef
Data type: Hash
A hash of configuration options for PHP
Default value: {}
Data type: Enum['dynamic', 'static']
The process management state (dynamic or static)
Default value: 'dynamic'
Data type: Optional[String]
The maximum number of child processes to run
Default value: undef
Data type: Optional[String]
The maximum amount of idle child processes to run
Default value: undef
Data type: Optional[String]
The minimum amount of idle child processes to run
Default value: undef
Data type: Optional[String]
The amount of child processes to run on start-up
Default value: undef
Data type: Boolean
Whether to manage the PHP repo or not
Default value: false
Data type: String
The ensure value for PHP
Default value: 'latest'
Data type: Integer
The number of RRD backup revisions to keep on disk
Default value: 0
Data type: String
The path to the PID file for RRDCached
Default value: '/run/rrdcached.pid'
Data type: String
The path to the socket file for RRDCached
Default value: '/run/rrdcached.sock'
Data type: Optional[String]
The SNMP contact to be listed (overrides $config_admin_email)
Default value: undef
Data type: String
The SNMP location value
Default value: 'Unknown'
Data type: String
The ensure value for SNMP
Default value: 'present'
Data type: String
The readonly SNMP community name (required)
Data type: Boolean
Whether the snmp trap daemon should be enabled or not
Default value: false
Data type: String
The ensure value for the snmp trap daemon
Default value: 'stopped'
Data type: Array
An array of directories to load mibs from (if empty, ${librenms::vcs_root_dir}/mibs will be selected)
Default value: []
Data type: Array
An array of mibs to load (has to be loaded in $snmp_trap_mib_dirs)
Default value: ['IF-MIB']
Data type: Boolean
Whether to enable the TestSSL plugin for LibreNMS or not
Default value: false
Data type: String
The LibreNMS branch to follow
Default value: 'master'
Data type: String
The ensure value for the LibreNMS vcsrepo
Default value: 'latest'
Data type: String
The local path to the LibreNMS installation
Default value: '/opt/librenms'
Data type: Boolean
Whether to enable the Weathermap plugin for LibreNMS or not
Default value: false
Manages the cron service
use main classManages all LibreNMS resources
use main classManages all MySQL resources
use main classManages all Oxidized resources
use main classManages all RRD and RRDCache resources
use main classManages all SNMP resources
use main classManages the TestSSL plugin for LibreNMS
use main classManages the Weathermap plugin for LibreNMS
use main classManages all Web related resources (NGINX, PHP and FPM)
use main classType: Ruby 4.x API
The to_phpconfig function.
The to_phpconfig function.
Returns: Hash
Data type: Hash