zabbix的server的安装

zabbix的server的安装

环境准备

• 操作系统：centos7.4
• nginx版本：nginx/1.12.2
• php版本：php-7.1.11
• mysql版本：5.5.56-MariaDB
  

  ---

初始化操作系统

1. 执行下面的交互脚本，输入主机名，ip，mask，gate

#!/bin/bash
#creat by xiaojinsong

release=`cat /etc/redhat-release`
control=`echo $release | grep -q  'release 7' && echo "True" || echo "False"`

if [[ $control == False ]];then echo 'Sorry! This script just for 7';exit 1;fi

read -p 'Enter hostname: ' Hostname
read -p 'Enter your ip: '  IP
read -p 'Enter your Gateway' GATEWAY
read -p 'Enter your Netmast' Netmask

Hwaddr=`ifconfig | grep -P -A 3 '10\.\d+\.\d+\.\d+' | grep -oP '(\w+:){5}\w+'`

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
DEVICE=eth0
HWADDR=$Hwaddr
ONBOOT=yes
IPADDR=$IP
NETMASK=$Netmask
GATEWAY=$GATEWAY
EOF

hostnamectl set-hostname $Hostname

cat > /etc/hosts <<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1   $Hostname
EOF


##########alter kernel
cat > /etc/sysctl.conf <<EOF
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#DB需求
fs.aio-max-nr = 1048576
fs.file-max = 6815744
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
#开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
#开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#关闭sysrq功能
kernel.sysrq = 0
#core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1
#开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 1
#修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#允许系统打开的端口范围
net.ipv4.ip_local_port_range = 1024    65000
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
#socket缓冲区设置(解决缓冲区问题)
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
#每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 262144

####需要确认参数
#timewait开启回收重用
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
#表示SYN队列的长度，默认为1024，加大队列长度为8192，可以容纳更多等待连接的网络连接数
net.ipv4.tcp_max_syn_backlog = 8192
#表示系统同时保持TIME_WAIT的最大数量，如果超过这个数字，TIME_WAIT将立刻被清除并打印警告信息
net.ipv4.tcp_max_tw_buckets = 7000
EOF

sysctl -p

####alter limit of file
sed -i -e '/\*[[:space:]]*soft/s/[0-9]\+/100000/' /etc/security/limits.d/20-nproc.conf
sed -i 's/^#DefaultLimitCORE=.*/DefaultLimitCORE=infinity/g' /etc/systemd/system.conf
sed -i 's/^#DefaultLimitNOFILE=.*/DefaultLimitNOFILE=100000/g' /etc/systemd/system.conf
sed -i 's/^#DefaultLimitNPROC=.*/DefaultLimitNPROC=100000/g' /etc/systemd/system.conf

cat > /var/spool/cron/root << EOF
*/5 * * * * (/usr/sbin/ntpdate 10.1.88.121 && /usr/sbin/hwclock -w ) >> /root/ntpdate.out 2>&1
EOF

#############setting of HISTORY
cat >> /etc/profile << \EOF
export HISTSIZE=4000  
DT=`date +%Y%m%d`
export HISTFILE1="$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT"
export HISTTIMEFORMAT="[%Y.%m.%d %H:%M:%S]" 
export PROMPT_COMMAND='{ thisHistID=`history 1|awk "{print \\$1}"`;lastCommand=`history 1| awk "{\\$1=\"\" ;print}"`;user=`id -un`;whoStr=(`who -u am i`);realUser=${whoStr[0]};logMonth=${whoStr[2]};logDay=${whoStr[3]};logTime=${whoStr[4]};pid=${whoStr[6]};ip=${whoStr[7]};if [ ${thisHistID}x != ${lastHistID}x ];then echo -E `date "+%Y/%m/%d %H:%M:%S"` $user\($realUser\)@$ip[PID:$pid][LOGIN:$logMonth $logDay $logTime] --- $lastCommand ;lastHistID=$thisHistID;fi; } >> $HISTFILE1'
chmod 600 $HISTDIR/${LOGNAME}/*.history* 2>/dev/null 


############setting of java
export JAVA_HOME=/apps/svr/jdk
export PATH=$JAVA_HOME/bin:$PATH:.
EOF

#####define dir
if [ ! -d /apps ];then mkdir -p /apps/{data,svr,src,logs,sh};fi

#####reboot
read -p 'Because the script must reboot and some config can effective, REBOOT it now (yes|no)' ensure
if [ ${ensure} == Y -o ${ensure} == y ];then reboot;else echo 'Please confirm it';fi

关闭selinux和iptables，以及安装一些常用的软件

###关闭iptables+selinux
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i 's/#SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0

###更换yum源以及安装软件
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum -y install epel-release
yum -y install psmisc
yum install -y iptables-services
cd /usr/local/src
wget http://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.12.2-1.el7_4.ngx.x86_64.rpm
rpm -ivh nginx-1.12.2-1.el7_4.ngx.x86_64.rpm

#开启启动
systemctl enable nginx

#启动
systemctl start nginx

#修改配置文件
cat /etc/nginx.conf
user  nginx;
worker_processes  4;
worker_cpu_affinity 0001 0010 0100 1000;

error_log  /etc/nginx/logs/error.log error;
pid        /var/run/nginx.pid;


events {
        use epoll;
        worker_connections  65535;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;


   log_format  log_access '$remote_addr - $remote_user [$time_local] "$request" $http_host '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for" '
    '"$upstream_addr" "$upstream_status" $upstream_cache_status "$upstream_http_content_type" "$upstream_response_time" > $request_time '
    '"$uid_got" "$http_cookie" ';

    sendfile        on;
    tcp_nopush     on;
    server_tokens off;

    client_body_timeout  20;
    client_header_timeout 20;
    client_max_body_size 20m;
    keepalive_timeout  20;
    send_timeout       10;
    proxy_connect_timeout    200ms;


    tcp_nodelay on;

    #fastcgi_intercept_errors on;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    client_body_buffer_size  512k;
    proxy_read_timeout       60;
    proxy_send_timeout       50;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;
    proxy_intercept_errors on;
    #proxy_ignore_client_abort on;
    recursive_error_pages on;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml application/javascript;
    gzip_vary on;

    include /etc/nginx/conf.d/*.conf;
}

cat /etc/nginx/conf.d/zabbix.conf
server {
            listen       80;
        server_name xx.xx.xx.xx;

        index index.html index.php index.html;

        root /apps/data/zabbix/;


        location /
        {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ ^(.+.php)(.*)$ {
                fastcgi_split_path_info ^(.+.php)(.*)$;

                if ($arg_profileidx2 ~ '[^0-9]') {
                        return 403;
                }

                include fastcgi.conf;
                fastcgi_pass  127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param  PATH_INFO          $fastcgi_path_info;
                }

                access_log  /etc/nginx/logs/zabbix.access.log  log_access;
        }
##重启nginx
systemctl restart nginx

#安装mysql
yum -y install mariadb mariadb-server

#开启启动mysql
systemctl enable mariadb.service

#启动mysql
systemctl start mariadb.service

#初始化mysql
mysql_secure_installation

#安装php依赖库
yum install -y libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel libmcrypt libmcrypt-devel gcc

#安装mysql
wget http://cn2.php.net/distributions/php-7.1.11.tar.gz
tar zxvf php-7.1.11.tar.gz && cd ./php-7.1.11
./configure --prefix=/usr/local/php --with-config-file-path=/etc --enable-fpm --with-fpm-user=nginx  --with-fpm-group=nginx --enable-inline-optimization --disable-debug --disable-rpath --enable-shared  --enable-soap --with-libxml-dir --with-xmlrpc --with-openssl --with-mcrypt --with-mhash --with-pcre-regex --with-sqlite3 --with-zlib --enable-bcmath  --with-iconv --with-bz2 --enable-calendar --with-curl --with-cdb --enable-dom --enable-exif --enable-fileinfo --enable-filter --with-pcre-dir --enable-ftp --with-gd --with-openssl-dir  --with-jpeg-dir --with-png-dir --with-zlib-dir --with-freetype-dir --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --enable-json --enable-mbstring --enable-mbregex --enable-mbregex-backtrack --with-libmbfl --with-onig --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-zlib-dir --with-pdo-sqlite --with-readline --enable-session --enable-shmop --enable-simplexml --enable-sockets  --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx --with-libxml-dir --with-xsl --enable-zip --enable-mysqlnd-compression-support --with-pear --enable-opcache
make && make install

##修改配置
cd /usr/local/src/php-7.1.11
cp ./php.ini-production /etc/php.ini  
mv /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
mv /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm && chmod +x /etc/init.d/php-fpm

cat >> /etc/profile <<\EOF
PATH=$PATH:/usr/local/php/bin:/usr/local/zabbix/sbin:/usr/local/zabbix/bin
export PATH
EOF
source /etc/profile

#调整/etc/php.ini (zabbix所需最小配置)
max_execution_time = 300
max_input_time = 300
memory_limit = 128M
post_max_size = 16M
date.timezone = Asia/Shanghai

#参数优化调整php-fpm,这里不做介绍
#启动php-fpm
 /etc/init.d/php-fpm start

#检测php安装成功否
cd /apps/data/zabbix/
cat >> info.php <<EOF
<?php phpinfo(); ?>
EOF

访问：xx:xx:xx:xx/info.php

zabbix_server的安装

####安装zabbix server
cd /usr/local/src
tar zxvf zabbix-3.4.6.tar.gz 
./configure --prefix=/usr/local/zabbix-3.4.6 --enable-server --enable-agent --enable-java --with-mysql --with-net-snmp --with-libcurl --with-openipmi --with-unixodbc --with-libxml
make && make install
cp /usr/local/src/zabbix-3.4.6/misc/init.d/fedora/core/zabbix* /etc/init.d/
chmod +x /etc/init.d/zabbix*

###创建用户和组
groupadd zabbix
useradd -r -g zabbix zabbix
chown zabbix.zabbix /usr/local/zabbix/

###创建数据库zabbix并导入表结构
create database zabbix character set utf8;
grant all on zabbix.* to zabbix@localhost identified by 'zabbix123';
flush privileges;

cd /usr/local/src/zabbix-3.4.6/database/mysql
mysql -uzabbix -pzabbix123 zabbix < data.sql
mysql -uzabbix -pzabbix123 zabbix < images.sql
mysql -uzabbix -pzabbix123 zabbix < schema.sql

#把zabbix的页面移到nginx的制定目录，我这里是如下
cp -rf /usr/local/src/zabbix-3.4.6/frontends/php/* /apps/data/zabbix/
chown -R nginx:nginx /apps/data/zabbix

#修改配置文件，并启动
[root@zabbix-master zabbix]# sed -n '/^[^# ]/p' /usr/local/zabbix/etc/zabbix_server.conf
LogFile=/usr/local/zabbix/logs/zabbix_server.log
DBName=zabbix
DBUser=zabbix
DBPassword= xxxxxx
DBSocket=/var/lib/mysql/mysql.sock
DBPort=3306
Timeout=4
LogSlowQueries=3000
AlertScriptsPath=/usr/local/zabbix/alertscripts
StartPollers=60
StartTrappers=10
StartPingers=20
StartDiscoverers=50
MaxHousekeeperDelete=50
CacheSize=1500M
StartDBSyncers=15
HistoryCacheSize=1500M
TrendCacheSize=1000M
LogSlowQueries=3000
FpingLocation=/usr/sbin/fping

##启动zabbix_server
systemctl start zabbix_server

配置zabbix_server

按照下面的图直接配置即可

至此，server的配置就已经完成，比较简单，重点在于agent的持续更新和监控项的设定，后续会继续更新