1、安装mariadb
#安装mariadb-server mariadb
yum install -y mariadb-server mariadb
#启动mariadb
systemctl start mariadb.service
#把mariadb加入开机启动
systemctl enable mariadb.service
#初始化安装
mysql_secure_installation[root@Zabbix]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y #输入Y设置新密码
New password: #设置新密码
Re-enter new password: #确认新密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #删除匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] #回车
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] #回车
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] #回车
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
2、创建zabbix_proxy数据库
[root@Zabbix ~]# mysql -uroot -p #登录数据库
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database zabbix_proxy character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on zabbix_proxy.* to zabbix@localhost identified by 'zabbix';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit;
Bye
语句解释:
命令:mysql -uroot -p
mysql -uroot -p 是一个命令行参数,用于通过 MySQL 客户端以 root 用户身份登录到 MySQL 数据库。让我们逐步解释这个命令的各个部分:
这是 MySQL 客户端的命令,用于与 MySQL 服务器进行交互。
-u root:这是指定要使用的用户名的参数。在这个命令中,root 是用户名,表示要使用 root 用户登录。
-p:这是指示客户端提示您输入密码的参数。当您运行这个命令时,MySQL 客户端会提示您输入 root 用户的密码。
命令:create database zabbix_proxy character set utf8 collate utf8_bin;
这是一个 SQL 命令,用于在 MySQL 数据库中创建名为 "zabbix_proxy" 的数据库,并指定字符集为 UTF-8,排序规则为 utf8_bin。
CREATE DATABASE: 这是 SQL 语句的关键字,用于创建数据库。
zabbix_proxy: 这是指定要创建的数据库的名称,即 "zabbix_proxy"。
CHARACTER SET utf8: 这是指定数据库的字符集为 UTF-8。UTF-8 是一种常用的字符编码,支持广泛的字符范围,包括多语言字符。
COLLATE utf8_bin: 这是指定数据库的排序规则为 utf8_bin。排序规则定义了字符在比较和排序时的顺序和规则。utf8_bin 表示以二进制方式进行排序,区分大小写。
综上所述,这个命令的作用是在 MySQL 数据库中创建一个名为 "zabbix_proxy" 的数据库,并将其字符集设置为 UTF-8,排序规则设置为 utf8_bin。这样的设置可以确保数据库支持多语言字符,并且在排序和比较字符时以二进制方式进行处理。
命令:grant all privileges on zabbix_proxy.* to zabbix@localhost identified
这条 SQL 命令是用于在数据库中授予特定用户权限的语句。
GRANT: 这是 SQL 语句的关键字,用于授予权限。
ALL PRIVILEGES: 这是权限类型的部分,表示授予所有权限。
ON zabbix_proxy.*: 这是指定数据库和表的部分。它表示将权限授予名为 zabbix_proxy 的数据库中的所有表。
TO zabbix@localhost: 这是指定用户和访问主机的部分。它表示将权限授予用户名为 zabbix,仅能通过本地连接 (localhost) 访问数据库。
IDENTIFIED BY 'zabbix': 这是指定用户密码的部分。它表示用户的密码是 zabbix。
综上所述,这个 SQL 命令的作用是在数据库中创建一个名为 zabbix 的用户,并赋予该用户对名为 zabbix_proxy 数据库中所有表的所有权限。该用户只能通过本地连接 (localhost) 进行访问,并使用密码 zabbix 进行身份验证。
这条 SQL 命令是用于在数据库中授予特定用户权限的语句。让我们逐步解释这个命令:
GRANT: 这是 SQL 语句的关键字,用于授予权限。
ALL PRIVILEGES: 这是权限类型的部分,表示授予所有权限。
ON zabbix_proxy.*: 这是指定数据库和表的部分。它表示将权限授予名为 zabbix_proxy 的数据库中的所有表。
TO zabbix@localhost: 这是指定用户和访问主机的部分。它表示将权限授予用户名为 zabbix,仅能通过本地连接 (localhost) 访问数据库。
IDENTIFIED BY 'zabbix': 这是指定用户密码的部分。它表示用户的密码是 zabbix。
综上所述,这个 SQL 命令的作用是在数据库中创建一个名为 zabbix 的用户,并赋予该用户对名为 zabbix_proxy 数据库中所有表的所有权限。该用户只能通过本地连接 (localhost) 进行访问,并使用密码 zabbix 进行身份验证。3、安装zabbix-proxy-mysql并导入数据库
#下载安装Zabbix
[root@Zabbix ~]# yum install https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
#安装zabbix-proxy数据库
[root@Zabbix ~]# yum install -y zabbix-proxy-mysql
[root@Zabbix ~]# zcat /usr/share/doc/zabbix-proxy-mysql*/schema.sql.gz | mysql -uzabbix -p zabbix_proxy
解释:
zabbix_proxy 是一个命令行命令,用于将 Zabbix Proxy 的数据库架构文件解压并导入到名为 "zabbix_proxy" 的 MySQL 数据库中。
zcat: 这是一个用于解压缩 gzip 压缩文件并将其内容输出到标准输出的命令。在这个命令中,它被用于解压缩 schema.sql.gz 文件。
/usr/share/doc/zabbix-proxy-mysql*/schema.sql.gz: 这是指定要解压缩的文件路径和文件名的部分。* 是通配符,用于匹配路径中的任意字符。这个文件是 Zabbix Proxy 的数据库架构文件的压缩版本。
|: 这是管道操作符,用于将前一个命令的输出作为后一个命令的输入。
mysql: 这是 MySQL 客户端的命令,用于与 MySQL 服务器进行交互。
-uzabbix: 这是指定要使用的用户名的参数。在这个命令中,zabbix 是用户名,表示要使用 zabbix 用户登录。
-p: 这是指示客户端提示您输入密码的参数。当您运行这个命令时,MySQL 客户端会提示您输入 zabbix 用户的密码。
zabbix_proxy: 这是指定要将数据导入的目标数据库的名称。
综上所述,这个命令的作用是将 Zabbix Proxy 的数据库架构文件解压缩,并将其内容导入到名为 "zabbix_proxy" 的 MySQL 数据库中,使用用户名为 zabbix 的用户进行身份验证。通过执行这个命令,您可以设置和配置 Zabbix Proxy 所需的数据库结构。4、配置/etc/zabbix/zabbix_proxy.conf
配置以下信息:
Server=************ #在第30行
Hostname=zabbix_proxy #在第49行
DBName=zabbix_proxy #在第173行
DBUser=zabbix #在第188行
DBPassword=zabbix #在第196行完整配置文件:
# This is a configuration file for Zabbix proxy daemon
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ProxyMode
# Proxy operating mode.
# 0 - proxy in the active mode
# 1 - proxy in the passive mode
#
# Mandatory: no
# Default:
# ProxyMode=0
### Option: Server
# If ProxyMode is set to active mode:
# IP address or DNS name of Zabbix server to get configuration data from and send data to.
# If ProxyMode is set to passive mode:
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
# Incoming connections will be accepted only from the addresses listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes
# Default:
# Server=
Server=你的zabbix服务器IP
### Option: ServerPort
# Port of Zabbix trapper on Zabbix server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ServerPort=10051
### Option: Hostname
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=Zabbix proxy
### Option: HostnameItem
# Item used for generating Hostname if it is undefined.
# Ignored if Hostname is defined.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_proxy.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_proxy.pid
PidFile=/var/run/zabbix/zabbix_proxy.pid
### Option: SocketDir
# IPC socket directory.
# Directory to store IPC sockets used by internal Zabbix services.
#
# Mandatory: no
# Default:
# SocketDir=/tmp
SocketDir=/var/run/zabbix
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# Warning: do not attempt to use the same database Zabbix server is using.
#
# Mandatory: yes
# Default:
# DBName=
DBName=zabbix_proxy
### Option: DBSchema
# Schema name. Used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Default:
# DBUser=
DBUser=zabbix
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=zabbix
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=
# Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Default:
# DBPort=
######### PROXY SPECIFIC PARAMETERS #############
### Option: ProxyLocalBuffer
# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
# This parameter may be used if local data will be used by third party applications.
#
# Mandatory: no
# Range: 0-720
# Default:
# ProxyLocalBuffer=0
### Option: ProxyOfflineBuffer
# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
# Older data will be lost.
#
# Mandatory: no
# Range: 1-720
# Default:
# ProxyOfflineBuffer=1
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of Proxy on server side.
# 0 - heartbeat messages disabled.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 0-3600
# Default:
# HeartbeatFrequency=60
### Option: ConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ConfigFrequency=3600
### Option: DataSenderFrequency
# Proxy will send collected data to the Server every N seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600
# Default:
# DataSenderFrequency=1
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
# The IPMI manager process is automatically started when at least one IPMI poller is started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPreprocessors
# Number of pre-forked instances of preprocessing workers.
# The preprocessing manager process is automatically started when preprocessor worker is started.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartPreprocessors=3
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender and active agents.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the proxy.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle.
# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
#
# Mandatory: no
# Range: 0-24
# Default:
# HousekeepingFrequency=1
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size, for storing hosts and items data.
#
# Mandatory: no
# Range: 128K-64G
# Default:
# CacheSize=8M
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=16M
### Option: HistoryIndexCacheSize
# Size of history index cache, in bytes.
# Shared memory size for indexing history cache.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryIndexCacheSize=4M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
Timeout=4
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
LogSlowQueries=3000
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: AllowRoot
# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_proxy.general.conf
# Include=/usr/local/etc/zabbix_proxy.conf.d/
# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of proxy modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
### Option: StatsAllowedIP
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
# will be accepted.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Default:
# StatsAllowedIP=
StatsAllowedIP=127.0.0.1
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the proxy certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the proxy private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
### Option: DBTLSConnect
# Setting this option enforces to use TLS connection to database.
# required - connect using TLS
# verify_ca - connect using TLS and verify certificate
# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
# matches its certificate
# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
# "verify_full".
# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
# Default is not to set any option and behavior depends on database configuration
#
# Mandatory: no
# Default:
# DBTLSConnect=
### Option: DBTLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
# Default:
# DBTLSCAFile=
### Option: DBTLSCertFile
# Full pathname of file containing Zabbix proxy certificate for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSCertFile=
### Option: DBTLSKeyFile
# Full pathname of file containing the private key for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSKeyFile=
### Option: DBTLSCipher
# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
# Supported only for MySQL
#
# Mandatory no
# Default:
# DBTLSCipher=
### Option: DBTLSCipher13
# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
# Supported only for MySQL, starting from version 8.0.16
#
# Mandatory no
# Default:
# DBTLSCipher13=
####### For advanced users - TCP-related fine-tuning parameters #######
## Option: ListenBacklog
# The maximum number of pending connections in the queue. This parameter is passed to
# listen() function as argument 'backlog' (see "man listen").
#
# Mandatory: no
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
# Default: SOMAXCONN (hard-coded constant, depends on system)
# ListenBacklog=
启动Zabbix-proxy
systemctl start zabbix-proxy其他管理命令
#启动zabbix-proxy
systemctl start zabbix-proxy
#开机启动zabbix-proxy
systemctl enable zabbix-proxy
#重启zabbix-proxy
systemctl restart zabbix-proxy
#停止zabbix-proxy
systemctl stop zabbix-proxy启动异常处理:
报错提示:
5月 19 19:18:10 Zabbix systemd[1]: Starting Zabbix Proxy...
-- Subject: Unit zabbix-proxy.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-proxy.service has begun starting up.
5月 19 19:18:12 Zabbix systemd[1]: Can't open PID file /run/zabbix/zabbix_proxy.pid (yet?) after start: No such file or directory
5月 19 19:18:12 Zabbix systemd[1]: Failed to start Zabbix Proxy.
-- Subject: Unit zabbix-proxy.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-proxy.service has failed.
--
-- The result is failed.
5月 19 19:18:12 Zabbix systemd[1]: Unit zabbix-proxy.service entered failed state.
5月 19 19:18:12 Zabbix systemd[1]: zabbix-proxy.service failed.
处理方法:
关闭 selinux
vim /etc/selinux/config
selinux=disabled
#重启
reboot
1564
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
