|
|
前言
感谢王印老师、朱嘉盛老师的无私分享,用自己的热情团结了一群不甘平庸的网工朋友,感谢你们的鼓励让我开启了分享与写作。
一个有志青年更需要认真思考自己做怎样的事情能够让世界变得更好,同时也能成就自己,
之后脚踏实地,一步一个脚印前进!
我们努力前行,慢慢来,很多东西(如钱,如情)可能就都是努力途中靠运气顺手捡到的!
祝努力的你我,有好运!
勇敢说再见!
感恩相遇!后会有期!
——朱嘉盛 2022年5月21日 于【网工手气】Python基础学习小组以下转两个朱老师的专题
【网工手艺】专栏入口(总目录)
读者再次创作梳理及友情链接(分支目录,专注实战)
IPAM介绍
IP地址管理(IPAM,IP Address Management的缩写)工具能够帮助网络工程师快速识别企业网络中某个IP地址当前是否可用。
IPAM工具能定期扫描子网,提供子网中IP地址的可用性状态。通过SNMP抓取设备的MAC、ARP等相关信息
传统网管软件Solarwinds Orion、ManageEngine OpUtils(卓豪)都有成熟IPAM模块,而且能与网管平台更好结合,实现IP地址与网管采集信息的关联与展示,但收费不菲,需要在Windows Server系统上部署,系统资源占用较大,如果仅仅只是为IPAM功能,部署、维护一套并不合算。我部署一套IPAM仅想解决Excel记录IP地址不灵活,希望能实现IP、MAC、使用人、部门、使用地点等这类信息的记录,自动化扫描(监控)地址使用情况,同时不希望占用太大系统资源(基于Linux系统),全部容器化部署(包括IPAM和扫描代理),查到开源IPAM有以下几个。
借BlueCat IPAM价值矩阵图
 IPAM-ValueMap_CHI1.pdf
829.3K
· 百度网盘
以下开源IPAM仅phpIPAM在Dockerhub有官方下载,且更新比较活跃,所以我选择了phpIPAM
OpenNetAdmin https://opennetadmin.com/
GestióIP https://www.gestioip.net/ip-address-management-software.html
TeemIp https://www.teemip.com/
phpIPAM https://phpipam.net/
其他IPAM
Infoblox https://www.infoblox.com/products/ipam-dhcp/
BlueCat Networks https://bluecatnetworks.com/dns-dhcp-and-ipam/
Combodo https://www.combodo.com/teemip-194 【Bing能搜到,但打不开】
BT Diamond IP https://www.globalservices.bt.com/en/solutions/products/diamond-ip
LightMesh https://ipam.lightmesh.com/ipam
Device42 https://docs.device42.com/ipam/
本文仅以开源的phpIPAM简单介绍容器化部署
https://phpipam.net/
https://hub.docker.com/r/phpipam/phpipam-cron
https://hub.docker.com/r/phpipam/phpipam-www
phpIPAM documents
本文参考了以下资料
DOCKER部署PHPIPAM官方镜像 - 掘金
安装与初步配置IP地址管理工具phpipam | NGX Project | NGX.HK (2022/10/16发现打不开了)
phpIPAM - 免费开源的IP地址管理工具,重量级
jbowdre / phpipam-agent-docker
MySQL授权命令grant的使用方法 - crxis - 博客园
phpIPAM 官方在线演示网站 phpIPAM demo site (v1.5.0)
Solarwinds IPAM官方在线演示网站 Solarwinds Online Demo
ManageEngine IPAM 官方在线演示网站 ManageEngine OpUtils Demo
环境简介
操作系统使用Rocky-8.6-x86_64-minimal.iso安装Linux操作系统,minimal安装。
| 名称 | IP地址 | 用途 | 设备类型与配置 | | IPAM | 192.168.18.221 | phpIPAM核心(包括www、cron)、数据库(mriadb) | Rocky8 Linux,2核2GB | | IPAM-Agent | 192.168.228.222 | phpIPAM-Agent、snmp | Rocky8 Linux,1核0.5GB | | IPAM-Agent-Win | 192.168.229.223 | snmp | WinServer2019,1核2GB | | L3-Switch | 192.168.18.254 | 三层交换机(各网段网关) | WS-C3560G-48TS-S |
Rocky8 Linux系统安装使用dnf命令,早期版本将dnf替换为yum即可。
IPAM-Agent Rocky8 Linux系统安装时建议先将内存配置为2GB,512MB内存安装会报错。 安装前准备
关闭不需要的服务,节约资源
systemctl disable auditd
systemctl disable chronyd
systemctl disable lvm2-monitor
systemctl disable lvm2-lvmetad
systemctl disable lvm2-lvmpolld
systemctl disable microcode
systemctl disable postfix
systemctl disable rhel-dmesg
systemctl disable rhel-domainname
systemctl disable tuned
systemctl disable vgauthd
systemctl disable dm-event
systemctl disable firewalld关闭selinux
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
more /etc/selinux/config |grep SELINUX= 切换到阿里云Rcoky8源
参考 https://developer.aliyun.com/mirror/rockylinux?spm=a2c6h.13651102.0.0.6bd71b11nOTEQD
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
dnf makecache安装epel并切换源为阿里云
参考 https://developer.aliyun.com/mirror/epel?spm=a2c6h.13651102.0.0.3e221b11cehY75
dnf install -y epel-release
替换epel源配置
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*安装常用软件(以下仅是个人习惯,不影响IPAM安装)
dnf install -y bash-completion wget net-tools telnet tree sysstat lrzsz dos2unix bind-utils sshpass htop更新系统
dnf -y update安装SNMP
dnf install -y net-snmp net-snmp-utils配置SNMP
vi /etc/snmp/snmpd.conf
# sec.name source community
#com2sec notConfigUser default public 【注释掉本行】
#配置SNMP 只读Community为“phpIPAM”仅允许IP:192.168.18.221访问
rocommunity php@IPAM 172.18.0.0/16 IPAM节点中snmp监控是从容器中发起到宿主机,所以上述配置中的“172.16.0.0/16”应为容器网络地址端。
查询IPAM容器使用网段可在容器运行后,使用下述命令
[root@IPAM ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
23e2f93269a9 bridge bridge local
be9f6e9e0a5c host host local
3c511773b483 none null local
63619feb6cb8 phpipam_default bridge local
[root@IPAM ~]# docker network inspect phpipam_default | grep Subnet
"Subnet": "172.18.0.0/16",启动SNMP服务
systemctl enable snmpd --now安装Docker环境
安装Docker-ce(IPAM、IPAM-Agent需要)
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker --now
systemctl status docker
docker --version安装Docker-Compose(IPAM、IPAM-Agent需要)
cd /usr/local/bin/
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version
ll /usr/local/bin/ |grep docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
ll /usr/bin/ |grep docker-compose修改docker镜像保存路径至/opt/images(个人习惯,不是必须)
创建docker 镜像存放目录
mkdir /opt/images
vi /etc/docker/daemon.json
添加以下内容
{
"data-root": "/opt/images/"
}缺省容器镜像路径为/var/lib/docker/
重启docker服务
systemctl restart docker
查看镜像存放位置已经更新
# docker info | grep Root
Docker Root Dir: /opt/images下载phpIPAM安装所需镜像(IPAM需要)
docker pull phpipam/phpipam-www
docker pull phpipam/phpipam-cron
docker pull mariadb查看已下载镜像
[root@IPAM bin]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest 14f1097913ec 6 days ago 384MB
phpipam/phpipam-cron latest 5f2f35d7499a 11 days ago 133MB
phpipam/phpipam-www latest 37826c52643d 11 days ago 133MB
phpIPAM安装
IPAM节点安装
mkdir -p /opt/phpipam/
cd /opt/phpipam/
vi docker-compose.ymlphpIPAM Docker-Compose配置文件。
# WARNING: Replace the example passwords with secure secrets.
# WARNING: 'my_secret_phpipam_pass' and 'my_secret_mysql_root_pass'
version: '3'
services:
phpipam-web:
privileged: true
image: phpipam/phpipam-www:latest
ports:
- "64080:80"
environment:
- TZ=Asia/Shanghai
- IPAM_DATABASE_HOST=phpipam-mariadb
- IPAM_DATABASE_PASS=Cisco
- IPAM_DATABASE_WEBHOST=%
restart: unless-stopped
volumes:
- phpipam-logo:/phpipam/css/images/logo
depends_on:
- phpipam-mariadb
phpipam-cron:
privileged: true
image: phpipam/phpipam-cron:latest
environment:
- TZ=Asia/Shanghai
- IPAM_DATABASE_HOST=phpipam-mariadb
- IPAM_DATABASE_PASS=Cisco
- SCAN_INTERVAL=1h
restart: unless-stopped
depends_on:
- phpipam-mariadb
phpipam-mariadb:
privileged: true
image: mariadb:latest
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=Cisco
restart: unless-stopped
command:
- mysqld
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumes:
- phpipam-db-data:/var/lib/mysql
volumes:
phpipam-db-data:
phpipam-logo:| 配置注释 | # WARNING: Replace the example passwords with secure secrets.
# WARNING: 'my_secret_phpipam_pass' and 'my_secret_mysql_root_pass' 这里提示了,下面这三个密码部分要用自己的密码替换
version: '3'
services:
phpipam-web:
privileged: true #这里添加一条,给它一个特级权限,下面相同
image: phpipam/phpipam-www:latest
ports: #添加一条映射到本地端口,这里我映射了64088
- "64080:80"
environment:
- TZ=Asia/Shanghai
- IPAM_DATABASE_HOST=phpipam-mariadb
- IPAM_DATABASE_PASS=my_secret_phpipam_pass #这里的my_secret_phpipam_pass要修改任意其他密码
- IPAM_DATABASE_WEBHOST=%
restart: unless-stopped
volumes:
- phpipam-logo:/phpipam/css/images/logo
depends_on:
- phpipam-mariadb
phpipam-cron:
privileged: true
image: phpipam/phpipam-cron:latest
environment:
- TZ=Asia/Shanghai #这里设置成上海
- IPAM_DATABASE_HOST=phpipam-mariadb
- IPAM_DATABASE_PASS=my_secret_phpipam_pass #这里的my_secret_phpipam_pass要修改任意其他密码
- SCAN_INTERVAL=1h
restart: unless-stopped
depends_on:
- phpipam-mariadb
phpipam-mariadb:
privileged: true #这里添加一条,给它一个特级权限,
image: mariadb:latest
ports:
- "3306:3306" #这里映射端口到3306,如果本地已有数据库,可以映射为其他端口,不冲突
environment:
- MYSQL_ROOT_PASSWORD=my_secret_mysql_root_pass #这里密码要修改成任意密码,在搭建完成后,新登录的时候会提示输入root用户和root用户的密码,输的就是这个密码
restart: unless-stopped
command: #这里添加command 设置拉取的mysql镜像支持中文
- mysqld
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumes:
- phpipam-db-data:/var/lib/mysql #这里是容器内数据文件存放路径
volumes: #通过卷标将数据持久化
phpipam-db-data:
phpipam-logo: |
MySQL数据文件存放在宿主机的位置通过以下命令查看,实际在/opt/images/volumes/phpipam_phpipam-db-data/_data
参考: docker-compose-volumes的说明 此处数据持久化使用了方法2.卷标
# docker inspect phpipam_phpipam-mariadb_1
... ...
"Mounts": [
{
"Type": "volume",
"Name": "phpipam_phpipam-db-data",
"Source": "/opt/images/volumes/phpipam_phpipam-db-data/_data",
"Destination": "/var/lib/mysql",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
],
... ...本链接中有Dockerfile可用参数列表:GitHub - phpipam-docker/phpipam-docker
在phpIPAM宿主机上看到的MySQL文件
# ll /opt/images/volumes/phpipam_phpipam-db-data/_data
total 139280
-rw-rw---- 1 systemd-coredump input 16760832 Oct 13 22:38 aria_log.00000001
-rw-rw---- 1 systemd-coredump input 52 Oct 13 22:38 aria_log_control
-rw-rw---- 1 systemd-coredump input 9 Oct 13 22:38 ddl_recovery.log
-rw-rw---- 1 systemd-coredump input 868 Oct 13 22:38 ib_buffer_pool
-rw-rw---- 1 systemd-coredump input 12582912 Oct 13 22:38 ibdata1
-rw-rw---- 1 systemd-coredump input 100663296 Oct 13 22:40 ib_logfile0
-rw-rw---- 1 systemd-coredump input 12582912 Oct 13 22:38 ibtmp1
-rw-rw---- 1 systemd-coredump input 0 Oct 13 22:37 multi-master.info
drwx------ 2 systemd-coredump input 4096 Oct 13 22:38 mysql
-rw-r--r-- 1 systemd-coredump input 14 Oct 13 22:37 mysql_upgrade_info
drwx------ 2 systemd-coredump input 20 Oct 13 22:37 performance_schema
drwx------ 2 systemd-coredump input 8192 Oct 13 22:37 sys官方docker-compose文件
https://hub.docker.com/r/phpipam/phpipam-www
第一次启动phpIPAM
# cd /opt/phpipam/
# chmod 777 docker-compose.yml
# docker-compose -p phpIPAM up -d
Creating network "phpipam_default" with the default driver
Creating volume "phpipam_phpipam-db-data" with default driver
Creating volume "phpipam_phpipam-logo" with default driver
Creating phpipam_phpipam-mariadb_1 ... done
Creating phpipam_phpipam-cron_1 ... done
Creating phpipam_phpipam-web_1 ... done停止容器操作(此处不需要)
# docker-compose stop
Stopping phpipam_phpipam-cron_1 ... done
Stopping phpipam_phpipam-web_1 ... done
Stopping phpipam_phpipam-mariadb_1 ... done删除容器操作(此处不需要)
# docker-compose rm
Going to remove phpipam_phpipam-cron_1, phpipam_phpipam-web_1, phpipam_phpipam-mariadb_1
Are you sure? [yN] y
Removing phpipam_phpipam-cron_1 ... done
Removing phpipam_phpipam-web_1 ... done
Removing phpipam_phpipam-mariadb_1 ... done
[root@IPAM phpIPAM]#
[root@IPAM phpipam]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------------
phpipam_phpipam-cron_1 /sbin/tini -- /bin/sh -c / ... Up 80/tcp
phpipam_phpipam-mariadb_1 docker-entrypoint.sh mysql ... Up 0.0.0.0:3306->3306/tcp,:::3306->3306/tcp
phpipam_phpipam-web_1 /sbin/tini -- /bin/sh -c / ... Up 0.0.0.0:64080->80/tcp,:::64080->80/tcp检查启动状态,3个容器都up,对外发布端口64080、3306
[root@IPAM opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
36868ab987be phpipam/phpipam-www:latest "/sbin/tini -- /bin/…" About a minute ago Up About a minute 0.0.0.0:64080->80/tcp, :::64080->80/tcp phpipam_phpipam-web_1
b0ef41e38204 phpipam/phpipam-cron:latest "/sbin/tini -- /bin/…" About a minute ago Up About a minute 80/tcp phpipam_phpipam-cron_1
fb33809f820f mariadb:latest "docker-entrypoint.s…" About a minute ago Up About a minute 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp phpipam_phpipam-mariadb_1phpipam-www: 前端Apache PHP容器
phpipam-cron: 用于计划任务网络发现作业的cron容器
mariadb: MySQL数据库
phpIPAM初始化
通过浏览器第一次访问phpIPAM
http://192.168.18.221:64080
选择 1.new phpipam installatio 进行初始化配置
选择1.Automatic database installation
输入docker-compose.yml中配置MySQL密码;单击"install phpipam database"。
看到Database installed successfully 安装完成。点 Continue。
设置phpIPAM管理员密码,完成后点Save setting
看到Settings updated, installation complete!,点Proceed to login。首次登陆phpIPAM,首次登陆会有点慢。
phpIPAM常用设置
切换全局默认语言为中文
切换为Chinese(zh_CN.UTF-8) ,save,然后修改admin用户配置
Save changes,刷新页面。
目前使用的phpIPAM 1.5.0版本中文支持正常, 无需手工添加ttf字体。
开启 解析DNS名称、SNMP模块、路由模块
关闭 机柜、链路、位置和访客模块
配置网站URL
隐藏捐赠按钮
编辑说明
配置标签
配置域名服务器
添加内部DNS服务器
添加SNMP设备
此处通过SNMPv2c 只读 团体值添加一台作为网关的三层交换机
通过SNMP添加三层交换机,点测试,本环节中三层交换机没有使用vrf功能,所以“get_vrf_table”无法显示。
此处通过SNMP团体值添加一台Linux服务器,后面用于Vlan718网段监控代理
此处通过SNMP团体值添加一台Windosw Server2019服务器,后面用于Vlan229网段监控代理
首先添加设备 IPAM-Agent-Win
扫描Vlan
通过三层交换机S13调用SNMP扫描Vlan
添加子网
在NJ-CL-OA下添加子网
此时还未扫描,地址使用情况为空
扫描子网
扫描MAC与交换机端口并添加到IP信息表中
配置邮箱
添加组与用户
添加用户
收到用户创建邮件
初次登录强制修改密码
修改密码后重新登录
登录后发现net-admin用户没有子网权限
使用admin管理员为net-admin增加权限
net-admin用户已具有读取权限
IPAM-Agent安装
某些网络环境下可能没有路由或者安全限制,难以通过IPAM直接扫描目标网段、网络设备不能通过SNMP被IPAM管理,也有可能需要跨机房部署时,可以通过部署专用或复用已有服务器部署IPAM-Agent自动检测扫描网段。
本例中IPAM-Agent采用容器化安装,需要IPAM-Agent所在宿主机(192.168.228.222)能够访问IPAM节点(192.168.18.221)的MySQL TCP:3306端口。
IPAM-Agent安装前准备
首先IPAM中添加扫描代理(即Agent),生成密钥,用于IPAM-Agent与IPAM的通讯。
把上图红框中的字符串复制出来。作为后续Agent配置文件中的Key。
配置phpIPAM-Agent 的MySQL访问权限
进入IPAM上的MySQL容器内部操作,mysql 需要进入phpipam_phpipam-mariadb_1容器内部执行,mysql -u root -pCisco表示,使用root用户连接localhost服务器的MySQL,通过通过密码方式认证,密码为Cisco。
docker exec -it phpipam_phpipam-mariadb_1 /bin/bash
mysql -u root -pCisco第一个phpipam表述数据库名称,第二个phpipam表示用户名,192.168.228.222为IPAM-Agent宿主机IP,phpipamadmin为phpipam用户的密码
GRANT SELECT on `phpipam`.* TO 'phpipam'@'192.168.228.222' identified by "phpipamadmin";
GRANT INSERT on `phpipam`.* TO 'phpipam'@'192.168.228.222' identified by "phpipamadmin";
GRANT UPDATE on `phpipam`.* TO 'phpipam'@'192.168.228.222' identified by "phpipamadmin";
GRANT DELETE on `phpipam`.* TO 'phpipam'@'192.168.228.222' identified by "phpipamadmin";查看查看所有用户权限
看到User: 'phpipam'@'192.168.228.222'; 表示配置新增成功
MariaDB [phpipam]> SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
+------------------------------------+
| query |
+------------------------------------+
| User: 'phpipam'@'%'; |
| User: 'root'@'%'; |
| User: 'phpipam'@'192.168.228.222'; |
| User: 'mariadb.sys'@'localhost'; |
| User: 'root'@'localhost'; |
+------------------------------------+
5 rows in set (0.052 sec)查看'phpipam'@'192.168.228.222'具体授权
MariaDB [phpipam]> SHOW GRANTS FOR 'phpipam'@'192.168.228.222';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for phpipam@192.168.228.222 |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `phpipam`@`192.168.228.222` IDENTIFIED BY PASSWORD '*978ABDDDF66089C48E3ADE19D1B6D7FD39C3B2D5' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `phpipam`.* TO `phpipam`@`192.168.228.222` |
+----------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)其他可能会用到的MySQL语句(给自己留个笔记)
查看所有数据库
show databases;
切换到phpipam库
use phpipam;
查看phpipam库下所有表
show tables;
MySQL查看所有用户
use mysql;
SELECT user FROM user;
select * from mysql.user;修改子网扫描代理
编辑192.168.228.0/24,192.168.31.0/24两个子网,代理为IPAM-Agent
IPAM-Agent 容器安装
切换到IPAM-Agent由于没有phpipam官方agent容器镜像,使用phpipam/phpipam-cron测试的扫描计划有问题,转而使用非官方mc303/phpipam-agent镜像成功。
mkdir -p /opt/phpipam-agent/
chmod -R 777 /opt/phpipam-agent/
docker pull mc303/phpipam-agentIPAM_AGENT_KEY填IPAM添加扫描代理时的代码
cd /opt/phpipam-agent/
vi docker-compose.ymlphpIPAM-Agent的Dcoker-Compose
version: '3'
services:
phpipam-agent:
container_name: phpipam-agent
restart: unless-stopped
image: mc303/phpipam-agent:latest
environment:
- MYSQL_ENV_MYSQL_HOST=192.168.18.221
- MYSQL_ENV_MYSQL_DATABASE=phpipam
- MYSQL_ENV_MYSQL_USER=phpipam
- MYSQL_ENV_MYSQL_PASSWORD=phpipamadmin
- MYSQL_ENV_MYSQL_PORT=3306
- PHPIPAM_AGENT_KEY=1OQsThNGJwxBxYIqrsydoPDBbDNR1gFw
- CRON_SCHEDULE=1/60 * * * *
- TZ=TZ=Asia/Shangha
ports:
- "3306:3306"
| Docker启动参数 | Description | default | | IPAM_DATABASE_HOST | MySQL地址或FQDN | | IPAM_DATABASE_NAME | 连接MySQL的数据库名 | phpipam | | IPAM_DATABASE_USER | 连接MySQL数据库使用的用户名 | phpipam | | IPAM_DATABASE_PASS | 连接MySQL数据库使用的密码 | | IPAM_DATABASE_PORT | MySQL侦听端口 | 3306 | | IPAM_AGENT_KEY | phpIPAM为每一个扫描代理生成的唯一密钥 | | IPAM_SCAN_INTERVAL | “状态”和“发现”扫描运行的频率 | 15m (参考可配置值: 5m,10m,15m,30m,1h,2h,4h,6h,12h) | | IPAM_RESET_AUTODISCOVER | 允许代理删除离线的自动发现ip | false | | IPAM_REMOVE_DHCP | 启用代理删除未激活的DHCP地址 | false | | IPAM_DEBUG | 启用php/application debuging |
第一次启动IPAM-Agent
cd /opt/phpipam-agent/
docker-compose -p phpIPAM up -d检查phpipam-agent启动状态
[root@IPAM-Agent phpipam-agent]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b861e900bd37 mc303/phpipam-agent:latest "/entrypoint.sh sh -…" 3 minutes ago Up 3 minutes 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp phpipam-agent由于phpipam-cron容器镜像使用了busybox作为操作系统,此处使用sh(而非/bin/bash)进入命令行
docker exec -it phpipam-agent sh测试phpipam-Agent手动 IP发现、更新是否正常
/opt/phpipam-agent # /usr/local/bin/php /opt/phpipam-agent/index.php update
ICMP Unreachable (Communication Administratively Prohibited) from 192.168.228.254 for ICMP Echo sent to 192.168.31.2
ICMP Unreachable (Communication Administratively Prohibited) from 192.168.228.254 for ICMP Echo sent to 192.168.31.211
ICMP Host Unreachable from 192.168.228.222 for ICMP Echo sent to 192.168.228.3
... ...【省略】
192.168.228.252 : xmt/rcv/%loss = 1/0/100%
192.168.228.253 : xmt/rcv/%loss = 1/0/100%
192.168.228.254 : xmt/rcv/%loss = 1/1/0%, min/avg/max = 0.63/0.63/0.63
/opt/phpipam-agent #
/opt/phpipam-agent # /usr/local/bin/php /opt/phpipam-agent/index.php discover
ICMP Unreachable (Communication Administratively Prohibited) from 192.168.228.254 for ICMP Echo sent to 192.168.31.2
ICMP Unreachable (Communication Administratively Prohibited) from 192.168.228.254 for ICMP Echo sent to 192.168.31.211
ICMP Host Unreachable from 192.168.228.222 for ICMP Echo sent to 192.168.228.5
ICMP Host Unreachable from 192.168.228.222 for ICMP Echo sent to 192.168.228.4
... ...【省略】
192.168.228.252 : xmt/rcv/%loss = 1/0/100%
192.168.228.253 : xmt/rcv/%loss = 1/0/100%
192.168.228.254 : xmt/rcv/%loss = 1/1/0%, min/avg/max = 3.52/3.52/3.52
/opt/phpipam-agent # 查看IPAM-Agent自动扫描计划任务,每60分钟一次
/opt/phpipam-agent # more /etc/crontabs/root
1/60 * * * * /usr/local/bin/php /opt/phpipam-agent/index.php update > /proc/self/fd/1 2>/proc/self/fd/2
1/60 * * * * /usr/local/bin/php /opt/phpipam-agent/index.php discover > /proc/self/fd/1 2>/proc/self/fd/2在IPAM-Agent宿主机上执行,显示phpipam-agent容器实时日志
docker logs -f phpipam-agent如果IPAM-Agent扫描正常能在子网页面下看到“
”,鼠标在下图箭头所指处悬停会显示此IP最近日志。
Windows安装
由于前面的内容消耗了太多热情,Windows 系统安装phpIPAM Agent我也没想好是直接安装还是套一层Docker,Linux容器化就挺好的,我暂时妥协了。有需要Windows安装IPAM的朋友参考下面这个链接吧。谷歌家的Y视频网站上也有i12bretro发的名为“Install phpIPAM on Windows ”的视频教程,是直接在Windows系统上安装的,与下面这个链接可配套使用。
Install phpIPAM on Windows [Open-source IP Address Management System]
另外i12bretro还有一篇直接在Linux上安装IPAM的文章,一并留在这里供大家参考。
Install phpIPAM on Linux [Open-source IP Address Management System]
位置与地图
首先打开位置模块功能
添加位置
以114.114.114.114和http://www.google.com为例,phpIPAM会自动根据IP地址查询并添加经纬度。
点位置地图能在地图中显示位置,但是这个差的有点大。
备注两个查询经纬度相关网址,感觉对于已知明确地理位置的,建议用下面第二个链接查出来之后手工填到phpIPAM中,会有一定偏差,简单测试可以把纬度 -0.0043,经度-0.0116能稍微校准下。(这个我只是简单测了几个地址,不保证都有效。)
IP定位-chaipip.com
地图经纬度-yanue.net
有了位置信息后,可以把子网与位置版定
 |
|
发表于 2022-11-27 18:20:19