Zabbix安装记录

发表于 更新于 分类于
本文字数: 6.5k 阅读时长 ≈ 6 分钟
记录安装Zabbix过程中踩过的坑

开始

按照官方网站的流程选择合适的版本。当前使用的是Zabbix Packages途径安装。

ZABBIX VERSION OS DISTRIBUTION OS VERSION DATABASE WEB SERVER
5.0 LTS CentOS 7 MySQL NGINX

安装Zabbix仓库

1
2
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
yum clean all

安装Zabbix服务与代理

1
yum -y install zabbix-server-mysql zabbix-agent

安装Zabbix前端界面

安装红帽软件包

1
yum -y install centos-release-scl

编辑/etc/yum.repos.d/zabbix.repo开启前端仓库

1
2
3
4
[zabbix-frontend]
...
enabled=1
...

安装前端包

1
yum -y install zabbix-web-mysql-scl zabbix-nginx-conf-scl

安装数据库

数据库版本5.5.68-MariaDB

1
2
3
yum -y install mariadb-server
systemctl start mariadb
systemctl enable mariadb

数据库初始配置

1
mysql_secure_installation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

初始化数据库及Zabbix脚本

1
mysql -uroot -p
1
2
3
4
5
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'zabbix';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> flush privileges;
mysql> quit;
1
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

配置Zabbix数据库信息/etc/zabbix/zabbix_server.conf

1
2
3
...
DBPassword=password
...

配置Zabbix前端PHP信息

编辑/etc/opt/rh/rh-nginx116/nginx/conf.d/zabbix.conf,配置自定义域名或IP

1
2
3
4
...
listen 80;
server_name example.com;
...

编辑/etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf及设置正确的时区

1
2
3
4
...
listen.acl_users = apache,nginx
php_value[date.timezone] = Europe/Riga
...

配置防火墙

HTTP端口放行

1
2
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

临时设置SELinux工作模式设置

1
setenforce 0

启动服务

1
2
systemctl restart zabbix-server zabbix-agent rh-nginx116-nginx rh-php72-php-fpm
systemctl enable zabbix-server zabbix-agent rh-nginx116-nginx rh-php72-php-fpm

登录Zabbix

通过 http://server_ip_or_name 访问并配置Zabbix

在Zabbix上启用和配置SELinux

允许http守护程序连接到Zabbix

1
setsebool -P httpd_can_connect_zabbix 1

允许Zabbix连接到所有TCP端口

1
setsebool -P zabbix_can_network 1

设置SELinux在强制模式下工作

开启强制模式

1
setenforce 1 && sed -i 's/^SELINUX=.*/SELINUX=enforcing/g' /etc/selinux/config

检查SELinux状态(Current mode: enforcing)

1
sestatus
1
2
3
4
5
6
7
8
9
10
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

为Zabbix创建SELinux补充策略

为审核日志中的每个错误创建SELinux补充策略。可能需要如下工具,如果没有先安装

1
2
3
4
# CentOS8
dnf -y install policycoreutils-python-utils
# Centos7
yum -y install policycoreutils-python-utils

创建自定义策略包

1
grep "denied.*zabbix" /var/log/audit/audit.log | audit2allow -M zabbix_policy

安装自定义SELinux策略包

1
semodule -i zabbix_policy.pp

现在已经完成了为Zabbix配置SELinux工作

备注

安装过程中碰到坑特此记录:在安装数据库环节一开始使用lnmp脚本进行数据库安装。各种规格和版本数据库全部安装过。在登录web界面配置Zabbix时候各种数据库连接不上的问题。例如:

找不到目录。zabbix5 + mysql 5.7时出现这个情况

没有权限。zabbix5 + mysql 5.7时出现这个情况

无法连接数据库

上述问题使用的组合为zabbix5 + centos7 + mysql 5.7 + nginx

几个解决方法

最终改用5.5.68-MariaDB数据库并以yum安装的方式进行安装数据库。lnmp是以编译方式安装。整体花费时间主要还是数据库这块,安装的方式不同导致的差异使安装Zabbix过程中踩坑不断。有时间的话再更详细的研究一下。

设置软连接(目录不存在则创建)

1
mkdir -p /var/lib/mysql
1
ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock

安装完成后可以修改Zabbix GUI configuration file进行调整

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[root@zabbix ~]# cat /etc/zabbix/web/zabbix.conf.php
<?php
// Zabbix GUI configuration file.

$DB['TYPE']				= 'MYSQL';
$DB['SERVER']			= 'localhost';
$DB['PORT']				= '0';
$DB['DATABASE']			= 'zabbix';
$DB['USER']				= 'zabbix';
$DB['PASSWORD']			= 'zabbix';

// Schema name. Used for PostgreSQL.
$DB['SCHEMA']			= '';

// Used for TLS connection.
$DB['ENCRYPTION']		= false;
$DB['KEY_FILE']			= '';
$DB['CERT_FILE']		= '';
$DB['CA_FILE']			= '';
$DB['VERIFY_HOST']		= false;
$DB['CIPHER_LIST']		= '';

// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754']	= true;

$ZBX_SERVER				= 'localhost';
$ZBX_SERVER_PORT		= '10051';
$ZBX_SERVER_NAME		= 'ZABBIX SERVER';

$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;

// Uncomment this block only if you are using Elasticsearch.
// Elasticsearch url (can be string if same url is used for all types).
//$HISTORY['url'] = [
//	'uint' => 'http://localhost:9200',
//	'text' => 'http://localhost:9200'
//];
// Value types stored in Elasticsearch.
//$HISTORY['types'] = ['uint', 'text'];

// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
//$SSO['SP_KEY']			= 'conf/certs/sp.key';
//$SSO['SP_CERT']			= 'conf/certs/sp.crt';
//$SSO['IDP_CERT']		= 'conf/certs/idp.crt';
//$SSO['SETTINGS']		= [];

参考文章