环境准备
利用样板机克隆一台监控服务器,并进行初始化工作:
[root@zabbix ~]# vi skel_refine.sh
[root@zabbix ~]# cat skel_refine.sh
#!/bin/bash
hostname=zabbix
ens160Ipv4="10.0.0.71/24"
ens192Ipv4="192.168.1.71/24"
hostnamectl set-hostname $hostname
nmcli c modify ens160 ipv4.addresses $ens160Ipv4
nmcli c modify ens192 ipv4.addresses $ens192Ipv4
# Generate new UUIDs for interfaces
sed -i "s/^UUID.*/UUID=`uuidgen ens160`/g" /etc/sysconfig/network-scripts/ifcfg-ens160
sed -i "s/^UUID.*/UUID=`uuidgen ens192`/g" /etc/sysconfig/network-scripts/ifcfg-ens192
nmcli c reload
nmcli c up ens160
nmcli c up ens192
[root@zabbix ~]# sh skel_refine.sh
参照官方https://www.zabbix.com/download下载镜像源:
[root@zabbix ~]# rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
Retrieving https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
warning: /var/tmp/rpm-tmp.cB3i24: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-release-5.0-1.el8 ################################# [100%]
[root@zabbix ~]# cat /etc/yum.repos.d/zabbix.repo
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://repo.zabbix.com/zabbix/5.0/rhel/8/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://repo.zabbix.com/non-supported/rhel/8/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=1
[root@zabbix ~]#
下载zabbix:
[root@zabbix ~]# dnf clean all
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
45 files removed
[root@zabbix ~]# dnf install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-agent
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
CentOS-8 - AppStream 765 kB/s | 5.8 MB 00:07
CentOS-8 - Base - mirrors.aliyun.com 4.3 MB/s | 2.2 MB 00:00
CentOS-8 - Extras - mirrors.aliyun.com 35 kB/s | 7.5 kB 00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 383 kB/s | 117 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 7.9 MB/s | 8.0 MB 00:01
Zabbix Official Repository - x86_64 30 kB/s | 46 kB 00:01
Zabbix Official Repository non-supported - x86_64 482 B/s | 1.2 kB 00:02
Dependencies resolved.
=============================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================
Installing:
zabbix-agent x86_64 5.0.3-1.el8 zabbix 459 k
zabbix-apache-conf noarch 5.0.3-1.el8 zabbix 17 k
zabbix-server-mysql x86_64 5.0.3-1.el8 zabbix 2.7 M
zabbix-web-mysql noarch 5.0.3-1.el8 zabbix 16 k
........ omitted for brevity
=============================================================================================================================================================================
编写Zabbix Server配置文件:
[root@zabbix ~]# cd /etc/zabbix/
[root@zabbix zabbix]# ls
web zabbix_agentd.conf zabbix_agentd.d zabbix_server.conf
[root@zabbix zabbix]# cp zabbix_server.conf{,.bak}
[root@zabbix zabbix]# vi zabbix_server.conf
[root@zabbix zabbix]# grep '^DB' zabbix_server.conf
DBHost=db01
DBName=zabbix
DBUser=zabbix
DBPassword=abcd1234..
[root@zabbix zabbix]# grep StatsAllowedIP zabbix_server.conf
### Option: StatsAllowedIP
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
# StatsAllowedIP=
StatsAllowedIP=127.0.0.1
[root@zabbix zabbix]# sed -i 's#^StatsAllowedIP=127.0.0.1#StatsAllowedIP=192.168.1.0/24#' zabbix_server.conf
[root@zabbix zabbix]# grep StatsAllowedIP zabbix_server.conf
### Option: StatsAllowedIP
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
# StatsAllowedIP=
StatsAllowedIP=192.168.1.0/24
[root@zabbix zabbix]#
修改PHP-FPM中Zabbix的时区设置:
[root@zabbix zabbix]# cd /etc/php-fpm.d/
[root@zabbix php-fpm.d]# cp zabbix.conf{,.bak}
[root@zabbix php-fpm.d]# grep timezone zabbix.conf
; php_value[date.timezone] = Europe/Riga
[root@zabbix php-fpm.d]# sed -i '$a php_value[date.timezone] = Asia/Shanghai' zabbix.conf
[root@zabbix php-fpm.d]# grep timezone zabbix.conf
; php_value[date.timezone] = Europe/Riga
php_value[date.timezone] = Asia/Shanghai
[root@zabbix php-fpm.d]#
在数据库服务器上创建数据库:
[root@db01 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.17-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> grant all privileges on zabbix.* to zabbix@'192.168.1.71' identified by 'abcd1234..';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]>
导入初始化数据库SQL文件:
[root@zabbix ~]# zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -uzabbix -hdb01 -D zabbix -p
Enter password:
[root@zabbix ~]#
启动服务:
[root@zabbix ~]# systemctl enable zabbix-server.service zabbix-agent.service httpd php-fpm.service
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-server.service → /usr/lib/systemd/system/zabbix-server.service.
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-agent.service → /usr/lib/systemd/system/zabbix-agent.service.
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
[root@zabbix ~]# systemctl start zabbix-server zabbix-agent httpd php-fpm
[root@zabbix ~]# journalctl -xe
Sep 10 15:15:53 zabbix setroubleshoot[15535]: SELinux is preventing zabbix_server from using the dac_override capability. For complete SELinux messages run: sealert -l 56af4a04-6d0c-41ea-8920-2049837bd648
Sep 10 15:15:53 zabbix platform-python[15535]: SELinux is preventing zabbix_server from using the dac_override capability.
***** Plugin dac_override (91.4 confidence) suggests **********************
If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and generate the error again.
Do
Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.
***** Plugin catchall (9.59 confidence) suggests **************************
If you believe that zabbix_server should have the dac_override capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
# semodule -X 300 -i my-zabbixserver.pp
按照指示配置SELinxu:
[root@zabbix ~]# ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-zabbixserver.pp
[root@zabbix ~]# semodule -i my-zabbixserver.pp
[root@zabbix ~]#
重新启动服务:
[root@zabbix ~]# systemctl start zabbix-server
[root@zabbix ~]# systemctl status zabbix-server.service
● zabbix-server.service - Zabbix Server
Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-09-10 15:28:24 CST; 23s ago
Process: 16344 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 16346 (zabbix_server)
Tasks: 1 (limit: 4852)
Memory: 18.8M
CGroup: /system.slice/zabbix-server.service
└─16346 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
Sep 10 15:28:24 zabbix systemd[1]: zabbix-server.service: Service RestartSec=10s expired, scheduling restart.
Sep 10 15:28:24 zabbix systemd[1]: zabbix-server.service: Scheduled restart job, restart counter is at 96.
Sep 10 15:28:24 zabbix systemd[1]: Stopped Zabbix Server.
Sep 10 15:28:24 zabbix systemd[1]: Starting Zabbix Server...
Sep 10 15:28:24 zabbix systemd[1]: zabbix-server.service: Can't open PID file /run/zabbix/zabbix_server.pid (yet?) after start: No such file or directory
Sep 10 15:28:24 zabbix systemd[1]: Started Zabbix Server.
[root@zabbix ~]# systemctl restart zabbix-agent.service httpd php-fpm.service
[root@zabbix ~]#
配置防火墙:
[root@zabbix ~]# firewall-cmd --zone=public --permanent --add-service=zabbix-server
success
[root@zabbix ~]# firewall-cmd --reload
success
[root@zabbix ~]#
初始化
浏览器访问前首先配置防火墙:
[root@zabbix ~]# firewall-cmd --zone=public --permanent --add-service=http
success
[root@zabbix ~]# firewall-cmd --zone=public --permanent --add-service=https
success
[root@zabbix ~]# firewall-cmd --reload
success
[root@zabbix ~]#
初始化Zabbix:
报错:
报错不能识别主机名:
[root@zabbix ~]# cat /var/log/zabbix/zabbix_server.log
16346:20200910:152824.536 [Z3001] connection to database 'zabbix' failed: [2005] Unknown MySQL server host 'db01' (-2)
16346:20200910:152824.536 database is down: reconnecting in 10 seconds
16346:20200910:152834.568 [Z3001] connection to database 'zabbix' failed: [2005] Unknown MySQL server host 'db01' (-2)
16346:20200910:152834.568 database is down: reconnecting in 10 seconds
16346:20200910:152844.600 [Z3001] connection to database 'zabbix' failed: [2005] Unknown MySQL server host 'db01' (-2)
/etc/hosts文件的文件类型错误:
样板机是在/root目录下新建并编写好hosts文件mv到/etc目录下的。
[root@zabbix ~]# journalctl -xe
Sep 10 15:39:47 zabbix setroubleshoot[17378]: SELinux is preventing /usr/sbin/zabbix_server_mysql from read access on the file /etc/hosts. For complete SELinux messages run: sealert -l bc00f97d-228f-412a-86d3-43>
Sep 10 15:39:47 zabbix platform-python[17378]: SELinux is preventing /usr/sbin/zabbix_server_mysql from read access on the file /etc/hosts.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/etc/hosts default label should be net_conf_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the f>
Do
# /sbin/restorecon -v /etc/hosts
修复hosts的文件类型:
[root@zabbix ~]# /sbin/restorecon -v /etc/hosts
Relabeled /etc/hosts from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:net_conf_t:s0
[root@zabbix ~]#
继续报错HTTPD不能联网:
[root@zabbix ~]# journalctl -xe
Sep 10 15:41:17 zabbix setroubleshoot[17422]: SELinux is preventing php-fpm from name_connect access on the tcp_socket port 3306. For complete SELinux messages run: sealert -l afb7961c-76bf-444d-95bb-6560aabc7587
Sep 10 15:41:17 zabbix platform-python[17422]: SELinux is preventing php-fpm from name_connect access on the tcp_socket port 3306.
***** Plugin catchall_boolean (47.5 confidence) suggests ******************
If you want to allow httpd to can network connect
Then you must tell SELinux about this by enabling the 'httpd_can_network_connect' boolean.
Do
setsebool -P httpd_can_network_connect 1
继续修复:
[root@zabbix ~]# setsebool -P httpd_can_network_connect 1
[root@zabbix ~]#
Zabbix页面初始化成功,但显示Zabbix Server未运行:
查看日志:
[root@zabbix ~]# journalctl -xe
Sep 10 15:57:10 zabbix setroubleshoot[17861]: SELinux is preventing zabbix_server from name_connect access on the tcp_socket port 3306. For complete SELinux messages run: sealert -l 3000f9ff-2322-41ef-8144-c7752>
Sep 10 15:57:10 zabbix platform-python[17861]: SELinux is preventing zabbix_server from name_connect access on the tcp_socket port 3306.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow zabbix to can network
Then you must tell SELinux about this by enabling the 'zabbix_can_network' boolean.
Do
setsebool -P zabbix_can_network 1
配置BOOL变量:
[root@zabbix ~]# setsebool -P zabbix_can_network 1
[root@zabbix ~]#
仍旧报错:
[root@zabbix ~]# journalctl -xe
Sep 10 16:02:59 zabbix setroubleshoot[18766]: failed to retrieve rpm info for /run/zabbix/zabbix_server_preprocessing.sock
Sep 10 16:02:59 zabbix setroubleshoot[18766]: SELinux is preventing /usr/sbin/zabbix_server_mysql from connectto access on the unix_stream_socket /run/zabbix/zabbix_server_preprocessing.sock. For complete SELinu>
Sep 10 16:02:59 zabbix platform-python[18766]: SELinux is preventing /usr/sbin/zabbix_server_mysql from connectto access on the unix_stream_socket /run/zabbix/zabbix_server_preprocessing.sock.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow daemons to enable cluster mode
Then you must tell SELinux about this by enabling the 'daemons_enable_cluster_mode' boolean.
Do
setsebool -P daemons_enable_cluster_mode 1
继续配置:
[root@zabbix ~]# setsebool -P daemons_enable_cluster_mode 1
[root@zabbix ~]#
页面显示正常:
添加监控主机
在网站服务器上安装Zabbix客户端:
[root@web01 ~]# rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
Retrieving https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
warning: /var/tmp/rpm-tmp.aNnzDj: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-release-5.0-1.el8 ################################# [100%]
[root@web01 ~]# dnf install zabbix-agent
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Zabbix Official Repository - x86_64 27 kB/s | 46 kB 00:01
Zabbix Official Repository non-supported - x86_64 430 B/s | 1.2 kB 00:02
Last metadata expiration check: 0:00:01 ago on Thu 10 Sep 2020 04:19:28 PM CST.
Dependencies resolved.
=============================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================
Installing:
zabbix-agent x86_64 5.0.3-1.el8 zabbix 459 k
Transaction Summary
=============================================================================================================================================================================
修改配置文件:
[root@web01 ~]# cd /etc/zabbix/
[root@web01 zabbix]# ls
zabbix_agentd.conf zabbix_agentd.d
[root@web01 zabbix]# cp zabbix_agentd.conf{,.bak}
[root@web01 zabbix]# grep '^Server' zabbix_agentd.conf
Server=127.0.0.1
ServerActive=127.0.0.1
[root@web01 zabbix]# sed -i 's#^Server=127.0.0.1#Server=zabbix#g' zabbix_agentd.conf
[root@web01 zabbix]# sed -i 's#^ServerActive=127.0.0.1#ServerActive=zabbix#g' zabbix_agentd.conf
[root@web01 zabbix]# grep '^Server' zabbix_agentd.conf
Server=zabbix
ServerActive=zabbix
[root@web01 zabbix]# systemctl restart zabbix-agent.service
[root@web01 zabbix]#
配置防火墙:
[root@web01 ~]# firewall-cmd --zone=public --permanent --add-service=zabbix-agent
success
[root@web01 ~]# firewall-cmd --reload
success
[root@web01 ~]#
启动服务:
[root@web01 ~]# systemctl start zabbix-agent.service
[root@web01 ~]# systemctl enable zabbix-agent.service
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-agent.service → /usr/lib/systemd/system/zabbix-agent.service.
[root@web01 ~]#
新增监听主机:
配置监听主机:
查看面板:
自定义监听项
目标:当网站服务器Nginx进程不存在时,在页面上报警。
在客户端编写监听项的配置文件:
[root@web01 ~]# cd /etc/zabbix/zabbix_agentd.d/
[root@web01 zabbix_agentd.d]# vi web_server.conf
[root@web01 zabbix_agentd.d]# cat web_server.conf
UserParameter=web_state,ps -ef | grep -c [n]ginx:
[root@web01 zabbix_agentd.d]# systemctl restart zabbix-agent.service
[root@web01 zabbix_agentd.d]#
现在服务端做一下测试(安装zabbix-get软件):
[root@zabbix ~]# dnf install zabbix-get
Repository AppStream is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository PowerTools is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Last metadata expiration check: 5:03:24 ago on Thu 10 Sep 2020 05:50:34 PM CST.
Dependencies resolved.
====================================================================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================================================================
Installing:
zabbix-get x86_64 5.0.3-1.el8 zabbix 322 k
Transaction Summary
====================================================================================================================================================================================================================
Install 1 Package
Total download size: 322 k
Installed size: 1.4 M
Is this ok [y/N]:
[root@zabbix ~]# zabbix_get -s web01 -k 'web_state'
2
[root@zabbix ~]#
在页面上添加新的监控项:
填写监控项详细信息:
做一下测试:
添加触发器:
定义触发器报警条件:
测验(关闭网站服务器的Nginx服务):
[root@web01 ~]# systemctl stop nginx
[root@web01 ~]# ps -ef | grep -c [n]ginx:
0
[root@web01 ~]#
页面报警:
在用户设置里还可以开启报警声音:
2609
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
