mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove tabs from yaml (#14437)

Browse Source 
* Remove tabs from yaml

* Remove tabs from random files
This commit is contained in:
Jellyfrog
2022-10-10 18:13:10 +02:00
committed by GitHub
parent 9d00b0c12c
commit 071173ffb9
18 changed files with 269 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
doc/Extensions/Galera-Cluster.md
View File

@@ -4,7 +4,7 @@ This is currently being tested, use at your own risk.
LibreNMS can be used with a MariaDB Galera Cluster. This is a Multi Master cluster, meaning each
node in the cluster can read and write to the database. They all have the same ability. LibreNMS will
randomly choose a working node to read and write requests to.
randomly choose a working node to read and write requests to.
For more information see
@@ -14,7 +14,7 @@ For more information see
## Getting Started
* It is best practice to have a minimum of 3 nodes in the cluster, A odd number of nodes is recommended in the event nodes have a disagreement on data, they will have a tie breaker.
* It's recommended that all servers be similar in hardware performance, cluster performance can be affected by the slowest server in the cluster.
* It's recommended that all servers be similar in hardware performance, cluster performance can be affected by the slowest server in the cluster.
* Backup the database before starting, and backing up the database regularly is still recommended even in a working cluster environment.
## Install and Configure Galera
@@ -52,7 +52,7 @@ wsrep_sst_method=rsync
wsrep_node_address="192.168.1.35"
wsrep_node_name="librenms1.35"
```
Change the following values for your environment.
Change the following values for your environment.
* wsrep_cluster_address - All the IP address's of your nodes.
* wsrep_cluster_name - Name of cluster, should be the same for all nodes
* wsrep_node_address - IP address of this node.
@@ -60,12 +60,12 @@ Change the following values for your environment.
### Edit LibreNMS .env
LibreNMS supports up to 9 galera nodes, you define these nodes in the .env file. For each node we have the ability to define if this librenms installation/poller is able to write, read or both to that node.
The galera nodes you define here can be the same or differnt for each librenms poller. If you have a poller you only want to write/read to one galera node, you would simply add one DB_HOST, and omit all the rest. This allows you to precisely control what galera nodes a librenms poller is reading and or writing too.
LibreNMS supports up to 9 galera nodes, you define these nodes in the .env file. For each node we have the ability to define if this librenms installation/poller is able to write, read or both to that node.
The galera nodes you define here can be the same or differnt for each librenms poller. If you have a poller you only want to write/read to one galera node, you would simply add one DB_HOST, and omit all the rest. This allows you to precisely control what galera nodes a librenms poller is reading and or writing too.
* DB_HOST is always set to read/write.
* DB_HOST must be set, however, it does not have to be the same on each poller, it can be different as long as it's part of the same galera cluster.
* If the node that is set to DB_HOST is down, things like ```lnms db``` command no longer work, as they only use DB_HOST and don't failover to other nodes.
* If the node that is set to DB_HOST is down, things like ```lnms db``` command no longer work, as they only use DB_HOST and don't failover to other nodes.
* Set DB_CONNECTION=mysql_cluster to enable
* DB_STICKY can be used if you are pulling out of sync data form the database in a read request. For more information see
<https://laravel.com/docs/database#the-sticky-option>
@@ -88,7 +88,7 @@ DB_USERNAME=librenms
DB_PASSWORD=password
```
The above .env on a librenms installation/poller would communicate to each galera node as follows.
* 192.168.1.35 - Read/Write
* 192.168.1.36 - Read/Write
* 192.168.1.37 - Read/Write
@@ -98,17 +98,17 @@ The above .env on a librenms installation/poller would communicate to each galer
### Starting Galera Cluster for the first time.
1) Shutdown MariaDB server on ALL nodes.
```bash
sudo systemctl stop mariadb-server
```
```bash
sudo systemctl stop mariadb-server
```
2) On the server with your existing database or any mariadb server if you are starting without existing data, run the following command
```bash
sudo galera_new_cluster
```
```bash
sudo galera_new_cluster
```
3) Start the rest of the nodes normally.
```bash
sudo systemctl start mariadb-server
```
```bash
sudo systemctl start mariadb-server
```
### Galera Cluster Status
@@ -122,7 +122,7 @@ In the database run following mysql query
SHOW GLOBAL STATUS LIKE 'wsrep_%';
```
| Variable Name | Value | Notes |
| Variable Name | Value | Notes |
| :----: | :----: | :----: |
| ----------------------------------- | ----------------------------------------------------------------|---------------------------------------------------------|
| wsrep_cluster_size | 2 | Current number of nodes in Cluster |
@@ -150,6 +150,6 @@ seqno: -1
safe_to_bootstrap: 1
```
If the safe_to_bootstrap = 1, then Galera determined that this node has the most up-to-date database and can be safeley used to start the cluster.
If the safe_to_bootstrap = 1, then Galera determined that this node has the most up-to-date database and can be safeley used to start the cluster.
Once you have found a node that can be used for starting the cluster, follow the steps in starting for the first time.

380
doc/Extensions/OAuth-SAML.md
View File

@@ -6,14 +6,14 @@ LibreNMS has support for [Laravel Socialite](https://github.com/laravel/socialit
[Socialite Providers](https://socialiteproviders.com) supports more than 100+ 3rd parties so you will most likely find support for the SAML or OAuth provider you need without too much trouble.
Please do note however, these providers are not maintained by LibreNMS so we cannot add support for new ones and we can only provide you basic help with general configuration.
Please do note however, these providers are not maintained by LibreNMS so we cannot add support for new ones and we can only provide you basic help with general configuration.
See the Socialite Providers website for more information on adding a new OAuth provider.
Below we will guide you on how to install SAML or some of these OAth providers, you should be able to use these as a guide on how to install any others you may need but **please, please, ensure you read the Socialite Providers documentation carefully**.
[GitHub Provider](https://socialiteproviders.com/GitHub/)
[Microsoft Provider](https://socialiteproviders.com/Microsoft/)
[Okta Provider](https://socialiteproviders.com/Okta)
[GitHub Provider](https://socialiteproviders.com/GitHub/)
[Microsoft Provider](https://socialiteproviders.com/Microsoft/)
[Okta Provider](https://socialiteproviders.com/Okta)
[SAML2](https://socialiteproviders.com/Saml2/)
## Requirements
@@ -34,61 +34,61 @@ Please ensure you set `APP_URL` within your `.env` file so that callback URLs wo
=== "GitHub"
`lnms plugin:add socialiteproviders/github`
`lnms plugin:add socialiteproviders/github`
=== "Microsoft"
`lnms plugin:add socialiteproviders/microsoft`
`lnms plugin:add socialiteproviders/microsoft`
=== "Okta"
`lnms plugin:add socialiteproviders/okta'
`lnms plugin:add socialiteproviders/okta'
### Find the provider name
Next we need to find the provider name and writing it down
!!! note
It's almost always the name of the provider in lowercase but can be different so check the Socialite Providers documentation and look for this line, `github => [` which will give you the name you need for the above command: `github`.
It's almost always the name of the provider in lowercase but can be different so check the Socialite Providers documentation and look for this line, `github => [` which will give you the name you need for the above command: `github`.
=== "GitHub"
For GitHub we can find the line:
```php
'github' => [
'client_id' => env('GITHUB_CLIENT_ID'),
'client_secret' => env('GITHUB_CLIENT_SECRET'),
'redirect' => env('GITHUB_REDIRECT_URI')
],
```
So our provider name is `github`, write this down.
For GitHub we can find the line:
```php
'github' => [
'client_id' => env('GITHUB_CLIENT_ID'),
'client_secret' => env('GITHUB_CLIENT_SECRET'),
'redirect' => env('GITHUB_REDIRECT_URI')
],
```
So our provider name is `github`, write this down.
=== "Microsoft"
For Microsoft we can find the line:
```php
'microsoft' => [
'client_id' => env('MICROSOFT_CLIENT_ID'),
'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
'redirect' => env('MICROSOFT_REDIRECT_URI')
],
```
So our provider name is `microsoft`, write this down.
For Microsoft we can find the line:
```php
'microsoft' => [
'client_id' => env('MICROSOFT_CLIENT_ID'),
'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
'redirect' => env('MICROSOFT_REDIRECT_URI')
],
```
So our provider name is `microsoft`, write this down.
=== "Okta"
For Okta we can find the line:
```php
'okta' => [
'base_url' => env('OKTA_BASE_URL'),
'client_id' => env('OKTA_CLIENT_ID'),
'client_secret' => env('OKTA_CLIENT_SECRET'),
'redirect' => env('OKTA_REDIRECT_URI')
],
```
So our provider name is `okta`, write this down.
For Okta we can find the line:
```php
'okta' => [
'base_url' => env('OKTA_BASE_URL'),
'client_id' => env('OKTA_CLIENT_ID'),
'client_secret' => env('OKTA_CLIENT_SECRET'),
'redirect' => env('OKTA_REDIRECT_URI')
],
```
So our provider name is `okta`, write this down.
### Register OAuth application
@@ -98,72 +98,72 @@ Next we need to find the provider name and writing it down
Now we need some values from the OAuth provider itself, in most cases you need to register a new "OAuth application" at the providers site. This will vary from provider to provider but the process itself should be similar to the examples below.
!!! note
The callback URL is always: https://*your-librenms-url*/auth/*provider*/callback
It doesn't need to be a public available site, but it almost always needs to support TLS (https)!
The callback URL is always: https://*your-librenms-url*/auth/*provider*/callback
It doesn't need to be a public available site, but it almost always needs to support TLS (https)!
=== "GitHub"
For our example with GitHub we go to [GitHub Developer Settings](https://github.com/settings/developers) and press "Register a new application":
For our example with GitHub we go to [GitHub Developer Settings](https://github.com/settings/developers) and press "Register a new application":
![socialite-github-1](/img/socialite-github-1.png)
![socialite-github-1](/img/socialite-github-1.png)
Fill out the form accordingly (with your own values):
![socialite-github-2](/img/socialite-github-2.png)
Fill out the form accordingly (with your own values):
![socialite-github-2](/img/socialite-github-2.png)
=== "Microsoft"
For our example with Microsoft we go to ["Azure Active Directory" > "App registrations"](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) and press "New registration"
For our example with Microsoft we go to ["Azure Active Directory" > "App registrations"](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) and press "New registration"
![socialite-1](/img/socialite-microsoft-1.png)
![socialite-1](/img/socialite-microsoft-1.png)
Fill out the form accordingly using your own values):
![socialite-2](/img/socialite-microsoft-2.png)
Fill out the form accordingly using your own values):
![socialite-2](/img/socialite-microsoft-2.png)
Copy the value of the **Application (client) ID** and **Directory (tenant) ID** and save them, you will need them in the next step.
![socialite-2](/img/socialite-microsoft-3.png)
Copy the value of the **Application (client) ID** and **Directory (tenant) ID** and save them, you will need them in the next step.
![socialite-2](/img/socialite-microsoft-3.png)
=== "Okta"
For our example with Okta, we go to `Applications>Create App Integration`, Select `OIDC - OpenID Connect`, then `Web Application`.
For our example with Okta, we go to `Applications>Create App Integration`, Select `OIDC - OpenID Connect`, then `Web Application`.
! [socialite-okta-1](/img/socialite-okta-1.png)
! [socialite-okta-1](/img/socialite-okta-1.png)
Fill in the Name, Logo, and Assignments based on your preferred settings. Leave the `Sign-In Redirect URI` field, this is where you will edit this later:
![socialite-okta-2](/img/socialite-okta-2.png)
Fill in the Name, Logo, and Assignments based on your preferred settings. Leave the `Sign-In Redirect URI` field, this is where you will edit this later:
![socialite-okta-2](/img/socialite-okta-2.png)
Note your Okta domain or login url. Sometimes this can be a vanity url like `login.company.com`, or sometimes just `company.okta.com`.
Note your Okta domain or login url. Sometimes this can be a vanity url like `login.company.com`, or sometimes just `company.okta.com`.
Click save.
Click save.
#### Generate a new client secret
=== "GitHub"
Press 'Generate a new client secret' to get a new client secret.
Press 'Generate a new client secret' to get a new client secret.
![socialite-github-3](/img/socialite-github-3.png)
![socialite-github-3](/img/socialite-github-3.png)
Copy the **Client ID** and **Client secret**
In the example above it is:
Copy the **Client ID** and **Client secret**
**Client ID**: 7a41f1d8215640ca6b00
**Client secret**: ea03957288edd0e590be202b239e4f0ff26b8047
In the example above it is:
**Client ID**: 7a41f1d8215640ca6b00
**Client secret**: ea03957288edd0e590be202b239e4f0ff26b8047
=== "Microsoft"
Select Certificates & secrets under Manage.
Select the 'New client secret' button.
Enter a value in Description and select one of the options for Expires and select 'Add'.
Select Certificates & secrets under Manage.
Select the 'New client secret' button.
Enter a value in Description and select one of the options for Expires and select 'Add'.
![socialite-2](/img/socialite-microsoft-6.png)
![socialite-2](/img/socialite-microsoft-6.png)
Copy the client secret **Value** (not Secret ID!) before you leave this page. You will need it in the next step.
Copy the client secret **Value** (not Secret ID!) before you leave this page. You will need it in the next step.
![socialite-2](/img/socialite-microsoft-5.png)
![socialite-2](/img/socialite-microsoft-5.png)
=== "Okta"
This step is done for you when creating the app. All you have to do is copy down the client secret. You will need it in the next step.
This step is done for you when creating the app. All you have to do is copy down the client secret. You will need it in the next step.
![socialite-okta-3](/img/socialite-okta-3.png)
![socialite-okta-3](/img/socialite-okta-3.png)
### Saving configuration
@@ -174,102 +174,102 @@ The format of the configuration string is `auth.socialite.configs.*provider name
=== "GitHub"
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.github.client_id 7a41f1d8215640ca6b00
lnms config:set auth.socialite.configs.github.client_secret ea03957288edd0e590be202b239e4f0ff26b8047
```
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.github.client_id 7a41f1d8215640ca6b00
lnms config:set auth.socialite.configs.github.client_secret ea03957288edd0e590be202b239e4f0ff26b8047
```
=== "Microsoft"
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.microsoft.client_id 7983ac13-c955-40e9-9b85-5ba27be52a52
lnms config:set auth.socialite.configs.microsoft.client_secret J9P7Q~K2F5C.L243sqzbGj.cOOcjTBgAPak_l
lnms config:set auth.socialite.configs.microsoft.tenant a15edc05-152d-4eb4-973c-14f1fdc57d8b
```
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.microsoft.client_id 7983ac13-c955-40e9-9b85-5ba27be52a52
lnms config:set auth.socialite.configs.microsoft.client_secret J9P7Q~K2F5C.L243sqzbGj.cOOcjTBgAPak_l
lnms config:set auth.socialite.configs.microsoft.tenant a15edc05-152d-4eb4-973c-14f1fdc57d8b
```
=== "Okta"
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.okta.client_id 0oa1c08tti8D7xgXb697
lnms config:set auth.socialite.configs.okta.client_secret sWew90IKqKDmURj1XLsCPjXjre0U3zmJuFR6SzsG
lnms config:set auth.socialite.configs.okta.base_url "https://<okta_login_url>"
```
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.okta.client_id 0oa1c08tti8D7xgXb697
lnms config:set auth.socialite.configs.okta.client_secret sWew90IKqKDmURj1XLsCPjXjre0U3zmJuFR6SzsG
lnms config:set auth.socialite.configs.okta.base_url "https://<okta_login_url>"
```
### Add provider event listener
The final step is to now add an event listener.
!!! note
It's important to copy exactly the right value here,
It should begin with a `\` and end before the `::class.'@handle'`
It's important to copy exactly the right value here,
It should begin with a `\` and end before the `::class.'@handle'`
=== "GitHub"
Find the section looking like:
```php
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\GitHub\GitHubExtendSocialite::class.'@handle',
],
];
```
Find the section looking like:
```php
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\GitHub\GitHubExtendSocialite::class.'@handle',
],
];
```
Copy the part: `\SocialiteProviders\GitHub\GitHubExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.github.listener "\SocialiteProviders\GitHub\GitHubExtendSocialite"
```
Don't forget the initial backslash (\\) !
Copy the part: `\SocialiteProviders\GitHub\GitHubExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.github.listener "\SocialiteProviders\GitHub\GitHubExtendSocialite"
```
Don't forget the initial backslash (\\) !
=== "Microsoft"
Find the section looking like:
```php
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\Microsoft\MicrosoftExtendSocialite::class.'@handle',
],
];
```
Find the section looking like:
```php
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\Microsoft\MicrosoftExtendSocialite::class.'@handle',
],
];
```
Copy the part: `\SocialiteProviders\Microsoft\MicrosoftExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.microsoft.listener "\SocialiteProviders\Microsoft\MicrosoftExtendSocialite"
```
Don't forget the initial backslash (\\) !
Copy the part: `\SocialiteProviders\Microsoft\MicrosoftExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.microsoft.listener "\SocialiteProviders\Microsoft\MicrosoftExtendSocialite"
```
Don't forget the initial backslash (\\) !
=== "Okta"
Find the section looking like:
```php
protected $listen = [
Find the section looking like:
```php
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
// ... other providers
\SocialiteProviders\Okta\OktaExtendSocialite::class.'@handle',
],
];
```
];
```
Copy the part: `\SocialiteProviders\Okta\OktaExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.okta.listener "\SocialiteProviders\Okta\OktaExtendSocialite"
```
Don't forget the initial backslack (\\) !
Copy the part: `\SocialiteProviders\Okta\OktaExtendSocialite` and run;
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.okta.listener "\SocialiteProviders\Okta\OktaExtendSocialite"
```
Don't forget the initial backslack (\\) !
Now you are done with setting up the OAuth provider!
Now you are done with setting up the OAuth provider!
If it doesn't work, please double check your configuration values by using the `config:get` command below.
!!! setting "auth/socialite"
```bash
lnms config:get auth.socialite
```
```bash
lnms config:get auth.socialite
```
## SAML2 Example
@@ -283,109 +283,109 @@ lnms plugin:add socialiteproviders/saml2
### Add configuration
Depending on what your identity provider (Google, Azure, ...) supports, the configuration could look different from what you see next so please use this as a rough guide.
Depending on what your identity provider (Google, Azure, ...) supports, the configuration could look different from what you see next so please use this as a rough guide.
It is up the IdP to provide the relevant details that you will need for configuration.
=== "Google"
Go to [https://admin.google.com/ac/apps/unified](https://admin.google.com/ac/apps/unified)
Go to [https://admin.google.com/ac/apps/unified](https://admin.google.com/ac/apps/unified)
![socialite-saml-google-1](/img/socialite-saml-google-1.png)
![socialite-saml-google-2](/img/socialite-saml-google-2.png)
![socialite-saml-google-1](/img/socialite-saml-google-1.png)
![socialite-saml-google-2](/img/socialite-saml-google-2.png)
Press "DOWNLOAD METADATA" and save the file somewhere accessible by your LibreNMS server
Press "DOWNLOAD METADATA" and save the file somewhere accessible by your LibreNMS server
![socialite-saml-google-3](/img/socialite-saml-google-3.png)
![socialite-saml-google-3](/img/socialite-saml-google-3.png)
ACS URL = https://*your-librenms-url*/auth/saml2/callback
Entity ID = https://*your-librenms-url*/auth/saml2
Name ID format = PERSISTANT
Name ID = Basic Information > Primary email
ACS URL = https://*your-librenms-url*/auth/saml2/callback
Entity ID = https://*your-librenms-url*/auth/saml2
Name ID format = PERSISTANT
Name ID = Basic Information > Primary email
![socialite-saml-google-4](/img/socialite-saml-google-4.png)
![socialite-saml-google-4](/img/socialite-saml-google-4.png)
First name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Primary email = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
First name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Primary email = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
![socialite-saml-google-5](/img/socialite-saml-google-5.png)
![socialite-saml-google-5](/img/socialite-saml-google-5.png)
![socialite-saml-google-6](/img/socialite-saml-google-6.png)
![socialite-saml-google-6](/img/socialite-saml-google-6.png)
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata "$(cat /tmp/GoogleIDPMetadata.xml)"
```
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata "$(cat /tmp/GoogleIDPMetadata.xml)"
```
Alternatively, you can copy the content of the file and run it like so, this will result in the exact same result as above.
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata '''<?xml version="1.0" encoding
...
...
</md:EntityDescriptor>'''
```
Alternatively, you can copy the content of the file and run it like so, this will result in the exact same result as above.
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata '''<?xml version="1.0" encoding
...
...
</md:EntityDescriptor>'''
```
#### Using an Identity Provider metadata URL
!!! note
This is the prefered and easiest way, if your IdP supports it!
This is the prefered and easiest way, if your IdP supports it!
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata https://idp.co/metadata/xml
```
```bash
lnms config:set auth.socialite.configs.saml2.metadata https://idp.co/metadata/xml
```
#### Using an Identity Provider metadata XML file
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.metadata "$(cat GoogleIDPMetadata.xml)"
```
```bash
lnms config:set auth.socialite.configs.saml2.metadata "$(cat GoogleIDPMetadata.xml)"
```
#### Manually configuring the Identity Provider with a certificate string
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.acs https://idp.co/auth/acs
lnms config:set auth.socialite.configs.saml2.entityid http://saml.to/trust
lnms config:set auth.socialite.configs.saml2.certificate MIIC4jCCAcqgAwIBAgIQbDO5YO....
```
```bash
lnms config:set auth.socialite.configs.saml2.acs https://idp.co/auth/acs
lnms config:set auth.socialite.configs.saml2.entityid http://saml.to/trust
lnms config:set auth.socialite.configs.saml2.certificate MIIC4jCCAcqgAwIBAgIQbDO5YO....
```
#### Manually configuring the Identity Provider with a certificate file
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.acs https://idp.co/auth/acs
lnms config:set auth.socialite.configs.saml2.entityid http://saml.to/trust
lnms config:set auth.socialite.configs.saml2.certificate "$(cat /path/to/certificate.pem)"
```
```bash
lnms config:set auth.socialite.configs.saml2.acs https://idp.co/auth/acs
lnms config:set auth.socialite.configs.saml2.entityid http://saml.to/trust
lnms config:set auth.socialite.configs.saml2.certificate "$(cat /path/to/certificate.pem)"
```
### Add provider event listener
Now we just need to define the listener service within LibreNMS:
!!! setting "auth/socialite"
```bash
lnms config:set auth.socialite.configs.saml2.listener "\SocialiteProviders\Saml2\Saml2ExtendSocialite"
```
```bash
lnms config:set auth.socialite.configs.saml2.listener "\SocialiteProviders\Saml2\Saml2ExtendSocialite"
```
### SESSION_SAME_SITE_COOKIE
You most likely will need to set `SESSION_SAME_SITE_COOKIE=none` in `.env` if you use SAML2!
!!! note
Don't forget to run `lnms config:clear` after you modify `.env` to flush the config cache
Don't forget to run `lnms config:clear` after you modify `.env` to flush the config cache
### Service provider metadata
Your identify provider might ask you for your Service Provider (SP) metadata.
Your identify provider might ask you for your Service Provider (SP) metadata.
LibreNMS exposes all of this information from your [LibreNMS install](https://*your-librenms-url*/auth/saml2/metadata)
@@ -393,9 +393,9 @@ LibreNMS exposes all of this information from your [LibreNMS install](https://*y
If it doesn't work, please double check your configuration values by using the `config:get` command below.
!!! setting "auth/socialite"
```bash
lnms config:get auth.socialite
```
```bash
lnms config:get auth.socialite
```
### Redirect URL
If you have a need to, then you can override redirect url with the following commands:
@@ -411,7 +411,7 @@ If you have a need to, then you can override redirect url with the following com
!!! setting "auth/socialite"
From here you can configure the settings for any identity providers you have configured along with some bespoke options.
Redirect Login page: This setting will skip your LibreNMS login and take the end user straight to the first idP you configured.
Allow registration via provider: If this setting is disabled, new users signing in via the idP will not be authenticated. This setting allows a local user to be automatically created which permits their login.

10
doc/Extensions/Plugin-System.md
View File

@@ -57,11 +57,11 @@ class in 'app/Plugins/PluginName' and overload the hook methods.
<div class="row">
<div class="col-sm-12">
{{ $device->hostname }}
<!-- Do you stuff here -->
<!-- Do you stuff here -->
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
```
@@ -71,7 +71,7 @@ class in 'app/Plugins/PluginName' and overload the hook methods.
enabled. In this blade, you can do your work and display your
results in a frame.
- menu.blade.php :: For a menu entry
- menu.blade.php :: For a menu entry
- page.blade.pho :: Here is a good place to add a own LibreNMS page without dependence with a device. A good place to create your own lists with special requirements and behavior.

10
doc/Extensions/SNMP-Trap-Handler.md
View File

@@ -110,16 +110,16 @@ On SELinux, you need to configure SELinux for SNMPd to communicate to LibreNMS:
```
cat > snmptrap.te << EOF
module snmptrap 1.0;
require {
type httpd_sys_rw_content_t;
type snmpd_t;
class file { append getattr open read };
class capability dac_override;
}
#============= snmpd_t ==============
allow snmpd_t httpd_sys_rw_content_t:file { append getattr open read };
allow snmpd_t self:capability dac_override;
EOF
@@ -161,13 +161,13 @@ If you have configured logging of traps to ```/var/log/snmptrap/traps.log``` the
```
2020-03-09 16:22:59 localhost [UDP: [127.0.0.1]:58942->[127.0.0.1]:162]:
SNMPv2-MIB::sysUpTime.0 = Timeticks: (149721964) 17 days, 7:53:39.64 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.8072.2.3.0.1 SNMPv2-SMI::enterprises.8072.2.3.2.1 = INTEGER: 123456
SNMPv2-MIB::sysUpTime.0 = Timeticks: (149721964) 17 days, 7:53:39.64 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.8072.2.3.0.1 SNMPv2-SMI::enterprises.8072.2.3.2.1 = INTEGER: 123456
```
and in LibreNMS your localhost device eventlog like:
```
2020-03-09 16:22:59 SNMP trap received: SNMPv2-SMI::enterprises.8072.2.3.0.1
2020-03-09 16:22:59 SNMP trap received: SNMPv2-SMI::enterprises.8072.2.3.0.1
```
### Why we need Uptime

12
doc/General/Updating.md
View File

@@ -28,14 +28,14 @@ php includes/sql-schema/update.php
## Disabling automatic updates
LibreNMS by default performs updates on a daily basis.
LibreNMS by default performs updates on a daily basis.
This can be disabled in the WebUI Global Settings under System -> Updates, or using lnms
!!! warning
You should never remove daily.sh from the cronjob!
This does database cleanup and other processes in addition to updating.
You should never remove daily.sh from the cronjob!
This does database cleanup and other processes in addition to updating.
!!! setting "settings/system/updates"
```bash
lnms config:set update false
```
```bash
lnms config:set update false
```

8
doc/Support/Device-Notes/Carel-pCOweb-Devices.md
View File

@@ -50,10 +50,10 @@ In the table below you can find the values needed for devices which are already
LibreNMS is ready for the devices listed in this table. You only need
to configure your pCOweb card with the accorded System OID and Enterprise OID:
| Manufacturer | Description | System OID | Enterprise OID |
|-------------- |------------- |---------------------------- |---------------- |
| Rittal | IT Chiller | 1.3.6.1.4.1.9839.2606.1 | 9839 |
| Rittal | LCP DX 3311 | 1.3.6.1.4.1.9839.2606.3311 | 9839.2606 |
| Manufacturer | Description | System OID | Enterprise OID |
|-------------- |------------- |---------------------------- |---------------- |
| Rittal | IT Chiller | 1.3.6.1.4.1.9839.2606.1 | 9839 |
| Rittal | LCP DX 3311 | 1.3.6.1.4.1.9839.2606.3311 | 9839.2606 |
## Unsupported devices
After constructing the correct System OID for your SNMP card, you can