Installation and configuration Objectives Install all required OpenNMS Meridian components including PostgreSQL on a single node Run Meridian Core and PostgreSQL with the default configuration (which is not optimized to run in production and monitor large networks) By default your time series storage is RRDtool, which persists RRD files on the local file system Log in to the web UI and change the default admin password Requirements Credentials to access the Meridian repositories Linux physical server or a virtual machine running a supported Linux operating system Internet access to download the installation packages DNS works and localhost and your server’s host name resolve properly System user with administrative permissions (sudo) to perform installation Time synchronization is a critical part of operating a monitoring system. Ensure you have a functional time synchronization process running with your operating system. If you are not familiar with this topic, the knowledgebase article Ensure time synchronization for your OpenNMS components is a good starting point. Set up PostgreSQL CentOS/RHEL 8 CentOS/RHEL 7 Install PostgreSQL client and server sudo dnf -y install postgresql-server postgresql Initialize the PostgreSQL database sudo postgresql-setup --initdb --unit postgresql Enable PostgreSQL on system boot and start immediately sudo systemctl enable --now postgresql Create an opennms database user and password sudo -i -u postgres createuser -P opennms You must provide a password for the opennms database user. This guide uses YOUR-OPENNMS-PASSWORD as a placeholder. Please set a secure password. Create an empty database and set the owner to the opennms user sudo -i -u postgres createdb -O opennms opennms Set a password for PostgreSQL superuser sudo -i -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'YOUR-POSTGRES-PASSWORD';" Change YOUR-POSTGRES-PASSWORD to a secure one. The superuser is required to be able to initialize and change the database schema for installation and updates. Change the access policy for PostgreSQL sudo vi /var/lib/pgsql/data/pg_hba.conf Allow Meridian to access the database over the local network with an MD5 hashed password host all all 127.0.0.1/32 md5(1) host all all ::1/128 md5(1) 1 Change method from ident to md5 for IPv4 and IPv6 on localhost. Apply configuration changes for PostgreSQL sudo systemctl reload postgresql Add PostgreSQL 12 package repository sudo yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm Install PostgreSQL 12 client and server sudo yum -y install postgresql12-server postgresql12 Initialize PostgreSQL database sudo /usr/pgsql-12/bin/postgresql-12-setup initdb Enable PostgreSQL on system boot and start immediately sudo systemctl enable --now postgresql-12 Create an opennms database user and password sudo -i -u postgres createuser -P opennms You must provide a password for the opennms database user. This guide uses YOUR-OPENNMS-PASSWORD as a placeholder. Please set a secure password. Create an empty database and set the owner to the opennms user sudo -i -u postgres createdb -O opennms opennms Set a password for PostgreSQL superuser sudo -i -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'YOUR-POSTGRES-PASSWORD';" Change YOUR-POSTGRES-PASSWORD to a secure one. The superuser is required to initialize and change the database schema for installation and updates. Change the access policy for PostgreSQL sudo vi /var/lib/pgsql/12/data/pg_hba.conf Allow Meridian to access the database over the local network with an MD5 hashed password host all all 127.0.0.1/32 md5(1) host all all ::1/128 md5(1) 1 Change method from ident to md5 for IPv4 and IPv6 on localhost. Apply configuration changes for PostgreSQL sudo systemctl reload postgresql-12 Install the Core instance For security reasons, Meridian is designed to run within an organization’s protected intranet. Do not expose the web console and login pages directly to the Internet without appropriate isolation controls (for example, a VPN with multi-factor authentication). CentOS/RHEL 8 CentOS/RHEL 7 Add repository and import GPG key cat << EOF | sudo tee /etc/yum.repos.d/opennms-meridian.repo [meridian] name=Meridian for Red Hat Enterprise Linux and CentOS baseurl=https://REPO_USER:REPO_PASS@meridian.opennms.com/packages/2021/stable/rhel8(1) gpgcheck=1 gpgkey=http://yum.opennms.org/OPENNMS-GPG-KEY EOF sudo rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY 1 Replace the REPO_USER and REPO_PASS with your Meridian subscription credentials. Install Meridian with all built-in dependencies sudo dnf -y install meridian If you want time series trending and forecast functions you must install the R project packages. The additional download size for packages is ~390 MB. Install R-core packages for time series trending and forecasting (optional) sudo dnf -y install epel-release sudo dnf -y install R-core Disable the OpenNMS Meridian repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Meridian requires manual steps to upgrade configuration files or migrate database schemas to a new version. We recommend that you exclude the Meridian packages from update except when you plan to perform an upgrade. Disable auto updates for OpenNMS Meridian sudo dnf config-manager --disable meridian Verify directory structure with the tree command sudo dnf -y install tree tree /opt/opennms -L 1 Directory structure after successful installation /opt/opennms ├── bin ├── contrib ├── data ├── deploy ├── etc ├── jetty-webapps ├── lib ├── logs -> /var/log/opennms ├── share -> /var/opennms └── system Add repository and import GPG key cat << EOF | sudo tee /etc/yum.repos.d/opennms-meridian.repo [meridian] name=Meridian for Red Hat Enterprise Linux and CentOS baseurl=https://REPO_USER:REPO_PASS@meridian.opennms.com/packages/2021/stable/rhel7(1) gpgcheck=1 gpgkey=http://yum.opennms.org/OPENNMS-GPG-KEY EOF sudo rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY 1 Replace the REPO_USER and REPO_PASS with your Meridian subscription credentials. Install Meridian with all built-in dependencies sudo yum -y install meridian If you want time series trending and forecast functions you must install the R project packages. The additional download size for packages is ~390 MB. Install R-core packages for time series trending and forecasting (optional) sudo yum -y install epel-release sudo yum -y install R-core Disable the OpenNMS Meridian repository after installation to prevent unwanted upgrades when upgrading other packages on the server. After upgrade, Meridian requires manual steps to upgrade configuration files or migrate database schemas to a new version. We recommend that you exclude the Meridian packages from update except when you plan to perform an upgrade. Disable auto updates for OpenNMS Meridian sudo yum -y install yum-utils sudo yum-config-manager --disable meridian Verify directory structure with the tree command sudo yum -y install tree tree /opt/opennms -L 1 Directory structure after successful installation /opt/opennms ├── bin ├── contrib ├── data ├── deploy ├── etc ├── jetty-webapps ├── lib ├── logs -> /var/log/opennms ├── share -> /var/opennms └── system Set up the Core instance CentOS/RHEL 7/8 Configure PostgreSQL database access sudo vi /opt/opennms/etc/opennms-datasources.xml Set credentials to access the PostgreSQL database <jdbc-data-source name="opennms" database-name="opennms"(1) class-name="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/opennms" user-name="** YOUR-OPENNMS-USERNAME **"(2) password="** YOUR-OPENNMS-PASSWORD **" />(3) <jdbc-data-source name="opennms-admin" database-name="template1" class-name="org.postgresql.Driver" url="jdbc:postgresql://localhost:5432/template1" user-name="postgres"(4) password="** YOUR-POSTGRES-PASSWORD **" />(5) 1 Set the database name Meridian should use. 2 Set the user name to access the opennms database table. 3 Set the password to access the opennms database table. 4 Set the postgres user for administrative access to PostgreSQL. 5 Set the password for administrative access to PostgreSQL. Detect and assign Java environment and persist in /opt/opennms/etc/java.conf sudo /opt/opennms/bin/runjava -s Initialize the database and detect system libraries persisted in /opt/opennms/etc/libraries.properties sudo /opt/opennms/bin/install -dis Assign CAP_NET_RAW capabilities Meridian runs as a non-root user, which requires having a Linux kernel greater than 3.10. If you run on an older kernel, and are unable to upgrade your OS, you need to assign CAP_NET_RAW capabilities: Run systemctl edit --full opennms.service and add the following lines to the [Service] section: CapabilityBoundingSet=CAP_NET_RAW AmbientCapabilities=CAP_NET_RAW Reload the sytemd unit with systemctl daemon-reload and restart the service with systemctl restart opennms. (For more background on this issue, see H29+ won’t start with permission error to open ICMP socket on Discourse.) Enable Meridian core instance on system boot and start immediately sudo systemctl enable --now opennms Allow connection to the web UI from your network sudo firewall-cmd --permanent --add-port=8980/tcp sudo systemctl reload firewalld To receive SNMP Traps or Syslog messages you must allow incoming traffic on your host firewall as well. By default, the OpenNMS Meridian SNMP trap daemon listens on 162/udp and the Syslog daemon listens on 10514/udp. The SNMP Trap daemon is enabled by default, the OpenNMS Syslog daemon is disabled. First login After you start the Meridian Core services, access the web application at http://core-instance-ip:8980/opennms. The default login and password is admin. Immediately change the password to a secure one. Open http://core-instance-ip:8980/opennms in your web browser. Log in with with admin/admin. Click admin → Change Password in the navigation bar. Use admin as the current password then type and confirm a new password in the appropriate boxes. Click Submit. Log out, then log in with your new password. Minimum system requirements Set up Message Broker