1 安装Nginx
当然,你也可以使用 yum 或者 apt 安装,亦或是单独编译安装
此处我有以前写过的 ansible roles,所以就省略了
2 安装MariaDB
[root@Router ~]# yum -y install mariadb-server
# 移除默认的数据目录,自定义数据目录
[root@Router ~]# rm -rf /var/lib/mysql
创建新的数据目录
[root@Router ~]# mkdir -p /data/mysql/data /data/mysql/logs
[root@Router ~]# chown -R mysql.mysql /data/mysql/
修改配置文件/etc/my.cnf.d/mysql-clients.cnf,重点是[client],其他的可以参考
[@bjsjs_115_94 ~]# grep -Ev "#|^$" /etc/my.cnf.d/mysql-clients.cnf
[client]
port = 3306
socket = /data/mysql/logs/mysql.sock
[mysql]
no-auto-rehash
[mysql_upgrade]
[mysqladmin]
[mysqlbinlog]
[mysqlcheck]
[mysqldump]
quick
max_allowed_packet = 64M
[mysqlimport]
[mysqlshow]
[mysqlslap]
[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
修改配置文件/etc/my.cnf.d/server.cnf,这里的性能参数来自my-large.ini文件
[@bjsjs_112_56 mariadb]# grep -Ev "#|^$" /etc/my.cnf.d/server.cnf
[server]
[mysqld]
port = 3306
datadir = /data/mysql/data
socket = /data/mysql/logs/mysql.sock
skip-external-locking
key_buffer_size = 1024M
max_allowed_packet = 64M
table_open_cache = 256
sort_buffer_size = 128M
read_buffer_size = 128M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 1024M
thread_concurrency = 8
expire_logs_days = 3
binlog_format=ROW
log-bin=master-bin
server-id = 11
character-set-server=utf8
collation-server=utf8_general_ci
max_connections = 3000
innodb_buffer_pool_size = 512M
innodb_log_buffer_size = 512M
innodb_file_per_table = 1
#创建连接的时候 MySQL 需要反查 IP、域名,这里比较耗时,通过配置参数 skip-name-resolve 跳过去就好了。
skip_name_resolve = 1
log_error=/data/mysql/logs/mysql.err
log_warnings=1
sync_binlog = 1
innodb_flush_log_at_trx_commit = 1
sync_master_info=1
relay-log = relay-bin
[client]
default-character-set=utf8
socket = /data/mysql/logs/mysql.sock
[mysql]
default-character-set=utf8
socket = /data/mysql/logs/mysql.sock
[@bjsjs_112_56 mariadb]#
初始化数据并启动服务
[root@Router ~]# mysql_install_db --defaults-file=/etc/my.cnf --datadir=/data/mysql/data/ --user=mysql
Installing MariaDB/MySQL system tables in '/data/mysql/data/' ...
2022-10-07 3:09:02 0 [Warning] 'THREAD_CONCURRENCY' is deprecated and will be removed in a future release.
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following commands:
'/usr/bin/mysqladmin' -u root password 'new-password'
'/usr/bin/mysqladmin' -u root -h Router password 'new-password'
Alternatively you can run:
'/usr/bin/mysql_secure_installation'
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.
You can start the MariaDB daemon with:
cd '/usr' ; /usr/bin/mysqld_safe --datadir='/data/mysql/data/'
You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/mysql-test' ; perl mysql-test-run.pl
Please report any problems at http://mariadb.org/jira
The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
# 启动服务
[root@Router ~]# systemctl enable --now mariadb
3 PHP环境部署
注:Zabbix2.2需要PHP5.3+,zabbix3.0+需要php5.4+
# 安装依赖软件包
yum install -y zlib-devel libxml2 libxml2-devel libjpeg-devel readline readline-devel \
freetype freetype-devel libpng-devel gd gd-devel libxslt-devel mysql-devel \
openldap openldap-devel nss_ldap openldap-clients libmcrypt libmcrypt-devel libzip libzip-devel \
ncurses ncurses-devel openssl-devel bzip2 bzip2-devel curl curl-devel gmp-devel sqlite-devel libcurl-devel --nogpgcheck
# 安装libiconv
tar zxvf libiconv-1.16.tar.gz && cd libiconv-1.16 && ./configure --prefix=/usr/local/libiconv && make && make install && cd ../
# 安装mhash
tar zxvf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9 && ./configure --prefix=/usr/local/mhash && make && make install && cd ../
# PHP7 编译错误 Package requirements (oniguruma) were not met
# 编译安装 oniguruma
wget https://github.com/kkos/oniguruma/archive/refs/tags/v6.9.7.1.tar.gz
tar zxvf oniguruma-6.9.7.1.tar.gz && cd oniguruma-6.9.7.1
./autogen.sh && ./configure --prefix=/usr && make && make install && cd ../
# 安装新版PEAR
wget http://download.pear.php.net/package/PEAR-1.10.12.tgz
tar zxvf PEAR-1.10.12.tgz -C /root/software/
安装php
cp -frp /usr/lib64/libldap* /usr/lib/
tar zxvf php-7.4.20.tar.gz && cd php-7.4.20
./configure \
--prefix=/apps/php \
--with-config-file-path=/apps/php/etc \
--enable-fpm \
--with-fpm-user=nginx \
--with-fpm-group=nginx \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-pdo-sqlite \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-xmlrpc \
--with-mhash \
--with-sqlite3 \
--with-zlib \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-openssl \
--with-openssl-dir \
--with-curl \
--with-cdb \
--enable-dom \
--enable-exif \
--enable-filter \
--enable-fileinfo \
--enable-ftp \
--enable-gd-jis-conv \
--with-zlib-dir \
--with-gettext \
--with-gmp \
--with-mhash \
--enable-json \
--enable-mbstring \
--enable-mbregex \
--with-zlib-dir \
--with-readline \
--enable-session \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-xsl \
--enable-mysqlnd-compression-support \
--with-pear=/root/software/PEAR-1.10.12 \
--enable-opcache \
--with-iconv-dir=/usr/local/libiconv \
--enable-pcntl \
--enable-static \
--enable-gd \
--with-external-gd \
--with-webp \
--with-jpeg \
--with-xpm \
--with-freetype
make -j 2 && make install
configure 成功提示信息
+--------------------------------------------------------------------+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+--------------------------------------------------------------------+
Thank you for using PHP.
make -j 2 && make install 成功提示信息
[root@Router php-7.4.20]# make install
Installing shared extensions: /apps/php/lib/php/extensions/no-debug-non-zts-20190902/
Installing PHP CLI binary: /apps/php/bin/
Installing PHP CLI man page: /apps/php/php/man/man1/
Installing PHP FPM binary: /apps/php/sbin/
Installing PHP FPM defconfig: /apps/php/etc/
Installing PHP FPM man page: /apps/php/php/man/man8/
Installing PHP FPM status page: /apps/php/php/php/fpm/
Installing phpdbg binary: /apps/php/bin/
Installing phpdbg man page: /apps/php/php/man/man1/
Installing PHP CGI binary: /apps/php/bin/
Installing PHP CGI man page: /apps/php/php/man/man1/
Installing build environment: /apps/php/lib/php/build/
Installing header files: /apps/php/include/php/
Installing helper programs: /apps/php/bin/
program: phpize
program: php-config
Installing man pages: /apps/php/php/man/man1/
page: phpize.1
page: php-config.1
Installing PEAR environment: /root/software/PEAR-1.10.12/
[PEAR] Archive_Tar - installed: 1.4.9
[PEAR] Console_Getopt - installed: 1.4.3
[PEAR] Structures_Graph- installed: 1.1.1
[PEAR] XML_Util - installed: 1.4.5
warning: pear/PEAR dependency package "pear/Archive_Tar" installed version 1.4.9 is not the recommended version 1.4.4
[PEAR] PEAR - installed: 1.10.12
Wrote PEAR system config file at: /apps/php/etc/pear.conf
You may want to add: /root/software/PEAR-1.10.12 to your php.ini include_path
/root/software/php-7.4.20/build/shtool install -c ext/phar/phar.phar /apps/php/bin/phar.phar
ln -s -f phar.phar /apps/php/bin/phar
Installing PDO headers: /apps/php/include/php/ext/pdo/
[root@Router php-7.4.20]#
添加php环境变量
[root@Router ~]# echo PATH=/apps/php/bin:'$PATH' > /etc/profile.d/php.sh
[root@Router ~]# cat /etc/profile.d/php.sh
PATH=/apps/php/bin:$PATH
[root@Router ~]# source /etc/profile.d/php.sh
准备php配置文件
cp /root/software/php-7.4.20/php.ini-production /apps/php/etc/php.ini
cp /apps/php/etc/php-fpm.conf.default /apps/php/etc/php-fpm.conf
cp /apps/php/etc/php-fpm.d/www.conf.default /apps/php/etc/php-fpm.d/www.conf
# 修改 /apps/php/etc/php-fpm.conf 运行用户和组改为nginx
chown nginx.nginx /apps/php/etc/php-fpm.conf
修改 php.ini 配置
vim /apps/php/etc/php.ini
date.timezone = Asia/Shanghai
memory_limit=512M
post_max_size = 16M
max_execution_time = 300
max_input_time = 300
# 必须设置socket地址,否则报错:Error connecting to database: No such file or directory
mysqli.default_socket = /data/mysql/logs/mysql.sock
# 必须为0
session.auto_start = 0
# 必须disable
mbstring.func_overload = 0
# 必须为-1
always_populate_raw_post_data = -1
如果设置完之后,仍然提示
可以这样设置(因为 php-fpm 作为一个独立的进程,需要单独设置)
[root@Router php-fpm.d]# tail -fn2 /apps/php/etc/php-fpm.d/www.conf
php_admin_value[post_max_size] = 32M
php_admin_value[max_execution_time] = 300
设置php-fpm运行账号为nginx
[root@Router ~]# grep ^user /apps/php/etc/php-fpm.d/www.conf
user = nginx
[root@Router ~]# grep ^group /apps/php/etc/php-fpm.d/www.conf
group = nginx
[root@Router ~]#
复制php-fpm启动文件,开启php-fpm
[root@Router ~]# \cp /root/software/php-7.4.20/sapi/fpm/php-fpm.service /usr/lib/systemd/system/
[root@Router ~]# systemctl daemon-reload # vim 进入之后,哪怕没有进行任何编辑,也要执行此命令才能启动服务,否则服务无法启动
[root@Router ~]# systemctl enable --now php-fpm
[root@Router ~]# ps -ef|grep php|grep -v grep
root 13253 1 3 01:15 ? 00:00:00 php-fpm: master process (/apps/php/etc/php-fpm.conf)
nginx 13254 13253 0 01:15 ? 00:00:00 php-fpm: pool www
nginx 13255 13253 0 01:15 ? 00:00:00 php-fpm: pool www
[root@Router ~]# ss -antl|grep 9000
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
[root@Router ~]# lsof -i:9000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php-fpm 3201 root 8u IPv4 99975 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 3222 nginx 10u IPv4 99975 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 3436 nginx 10u IPv4 99975 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 3555 nginx 10u IPv4 99975 0t0 TCP localhost:cslistener (LISTEN)
[root@Router ~]#
查看 PHP 扩展
[root@Router ~]# php -m
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
curl
date
dba
dom
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
readline
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
zlib
[Zend Modules]
[root@Router ~]#
问题
有一些模块在 php7.4 中已不再使用,编译进去会有警告提示,我们可以去掉这些模块
configure: WARNING: unrecognized options: --with-libxml-dir, --with-mcrypt, --with-pcre-regex, --with-pcre-dir, --with-gd,
--with-jpeg-dir, --with-png-dir, --with-freetype-dir, --enable-gd-native-ttf, --enable-mbregex-backtrack, --with-libmbfl,
--with-onig, --enable-wddx, --with-libxml-dir, --enable-zip
可通过进入 php 的源码目录进行确认
注意:官方文档在此处有错误,如 with-freetype-dir 官方仍然提示可用,而实际上 php 7.4 则不在支持,其他版本请自行确认
[root@Router php-7.4.20]# pwd
/root/software/php-7.4.20
[root@Router php-7.4.20]# ./configure --help | grep "with-freetype-dir" # 不再支持
[root@Router php-7.4.20]# ./configure --help | grep "with-freetype" # 支持
--with-freetype GD: Enable FreeType 2 support (only for bundled
[root@Router php-7.4.20]#
4 安装 Zabbix Server
# 创建Zabbix运行的用户
groupadd --system zabbix
useradd --system -g zabbix -d /usr/lib/zabbix -s /sbin/nologin -c "Zabbix Monitoring System" zabbix
# 安装一些基础软件包
yum -y install net-snmp net-snmp-devel libssh2-devel libevent-devel pcre-devel libcurl-devel java-devel openldap-devel --nogpgcheck
# 安装fping(由于zabbix使用fping替代了ping作为icmp的工具,所以还要安装 fping)
wget http://fping.org/dist/fping-5.0.tar.gz
tar zxvf fping-5.0.tar.gz && cd fping-5.0 && ./configure --prefix=/usr/local/fping
make && make install
ln -s /usr/local/fping/sbin/fping /usr/local/sbin/
chown root:zabbix /usr/local/sbin/fping
chmod 4710 /usr/local/sbin/fping
# 在Zabbbix上安装unixODBC
yum -y install unixODBC unixODBC-devel
# 在Zabbix上安装对应数据库的unixODBC驱动,对于MySQL,安装unixODBC驱动
yum -y install mariadb-connector-odbc
# 如果是编译安装的ZabbixServer,一定要加上--with-unixodbc参数
tar zxvf zabbix-5.4.1.tar.gz && cd zabbix-5.4.1
./configure \
--prefix=/apps/zabbix \
--enable-server \
--enable-agent \
--with-mysql \
--with-net-snmp \
--enable-ipv6 \
--with-libcurl \
--with-ssh2 \
--with-unixodbc \
--enable-java \
--with-libxml2
make && make install
监控特定项,安装特定支持即可
-
OpenIPMI:IPMI硬件监控
-
libssh2:版本1.0以上,SSH支持
-
fping:icmp监控项
-
libcurl:监控web项
-
libiksemel:支持jabber报警
-
net-snmp:SNMP监控支持
Zabbix Server配置与启动
# 创建 Zabbix 数据库和 MySQL 用户:
[root@Router mysql]# cd /root/software/zabbix-5.4.1/database/mysql
[root@Router mysql]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.3.28-MariaDB-log MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.059 sec)
# 授权用户密码一定要和zabbix_server配置相同(/apps/zabbix/etc/zabbix_server.conf)
MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix'@'10.%.%.%' identified by 'zabbix123';
Query OK, 0 rows affected (0.048 sec)
MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix'@'localhost' identified by 'zabbix123';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> grant all privileges on zabbix.* to 'zabbix'@'127.0.0.1' identified by 'zabbix123';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> grant reload,super,replication slave,replication client on *.* to 'replzabbix'@'10.%.%.%' identified by 'replzabbix';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.020 sec)
MariaDB [(none)]> quit
Bye
[root@Router mysql]# ll /apps/zabbix/etc/zabbix_server.conf
-rw-r--r-- 1 root root 23946 Oct 8 02:59 /apps/zabbix/etc/zabbix_server.conf
[root@Router mysql]#
如果使用mysql4.1+的版本,需要将主机密码设成41位
mysql> SET old_passwords = 0;
mysql> UPDATE mysql.user SET PASSWORD = PASSWORD( 'zabbix123' ) WHERE User = 'zabbix' LIMIT 1;
mysql> SELECT LENGTH( PASSWORD ) FROM mysql.user WHERE User = 'zabbix';
+--------------------+
| LENGTH( PASSWORD ) |
+--------------------+
| 41 |
+--------------------+
1 row in set (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
zabbix_server和proxy都需要数据库,agent不需要,尤其要注意的是
proxy只需要导入一个sql文件,
而server一共要导入3个sql文件
导入Zabbix初始数据(注意导入顺序不能乱)
# 切换到zabbix的解压目录下
cd /root/software/zabbix-5.4.1/database/mysql
# 登录 mysql 数据库
mysql
mysql> use zabbix;
mysql> set sql_log_bin=0;
mysql> source ./schema.sql;
mysql> source ./images.sql;
mysql> source ./data.sql;
mysql> set sql_log_bin=1;
5 Zabbix_Server 和 Zabbix_Agentd 配置
5.1 Zabbix_server.conf 配置
关于数据库的连接有两处,第二处在/data/ngx_web/conf/zabbix.conf.php
# 创建 ZabbixServer 日志目录
mkdir -p /apps/zabbix/logs
# 修改 ZabbixServer 配置文件
grep -Ev "#|^$" /apps/zabbix/etc/zabbix_server.conf
LogFile=/apps/zabbix/logs/zabbix_server.log
LogFileSize=0
DebugLevel=3
PidFile=/apps/zabbix/logs/zabbix_server.pid
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=zabbix123
DBSocket=/data/mysql/logs/mysql.sock
DBPort=3306
#系统报警:Zabbix poller processes more than 75% busy
#解决办法:修改此值StartPollers
StartPollers=50
StartPreprocessors=30
StartPollersUnreachable=5
StartTrappers=300
#系统报警Zabbix icmp pinger processes more than 75% busy
#解决办法:修改StartPingers此值
StartPingers=50
StartDiscoverers=50
StartHTTPPollers=50
#系统告警:More than 75% used in the configuration cache, 可用的配置缓存超过75%
#解决办法: 更改默认缓存配置的大小,默认CacheSize只有8M,可根据自己需求改大即可
CacheSize=2G
StartDBSyncers=32
HistoryCacheSize=512M
HistoryIndexCacheSize=512M
TrendCacheSize=512M
#系统告警:Zabbix value cache working in low memory mode
#定位到ValueCacheSize关键字位置,然后调高ValueCacheSize大小,大小根据自己环境调整
ValueCacheSize=1G
Timeout=10
AlertScriptsPath=/apps/zabbix/alertscripts
ExternalScripts=/apps/zabbix/externalscripts
FpingLocation=/usr/sbin/fping
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
5.2 Zabbix_agentd.conf 配置
vim /apps/zabbix/etc/zabbix_agentd.conf
##### Passive checks related #被动检查相关配置
Server=172.18.8.8 # 指向当前zabbix server
### Option: ListenPort
ListenPort=10050 # 监听端口
### Option: StartAgents
StartAgents=5 # 被动状态时默认启动的实例数(进程数),为0不监听任何端口
### Option: Hostname
Hostname=172.18.8.9 # 区分大小写且在zabbix server唯一的值
5.3 Zabbix Web前端设置
# 在安装目录将 ui 拷贝到指定的 web root:
mkdir -p /data/ngx_web
# cp -a /search/software/zabbix-4.4.6/frontends/php/* /data/ngx_web # 老版本路径
# 从 5.0 开始,放在 ui 文件夹下
cp -a /root/software/zabbix-5.4.1/ui/* /data/ngx_web
cd /data/ngx_web/conf
cp zabbix.conf.php.example zabbix.conf.php
chown -R zabbix.zabbix /data/ngx_web # zabbix的运行权限
# 修改配置文件
# 注意修改后,访问 ZabbixServer 的安装文件 setup.php 的时候将跳过环境检查,将直接进入监控页面
cat /data/ngx_web/conf/zabbix.conf.php
<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'MYSQL';
# $DB['SERVER'] = 'localhost'; # 此项配置为 localhost 在安装 ZabbixServer 的时候会报错
$DB['SERVER'] = '127.0.0.1';
$DB['PORT'] = '3306';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbix';
$DB['PASSWORD'] = 'zabbix123';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
$ZBX_SERVER = 'localhost';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Online_Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$DB['SERVER'] = 'localhost'; 此项配置为 localhost 在安装 ZabbixServer 的时候会报错
5.4 自定义 ZabbixServer 启动文件,端口:10051
[root@Router system]# cat /usr/lib/systemd/system/zabbix.service
[Unit]
Description=The ZabbixServer
After=syslog.target
After=network.target
[Service]
Type=forking
Environment="CONFFILE=/apps/zabbix/etc/zabbix_server.conf"
# 如果在 ZabbixServer 的配置文件中配置了 PID(PidFile=/apps/zabbix/logs/zabbix_server.pid),切记此处需要和其一致
EnvironmentFile=-/etc/default/zabbix-server
Restart=on-failure
PIDFile=/apps/zabbix/logs/zabbix_server.pid
KillMode=control-group
ExecStart=/apps/zabbix/sbin/zabbix_server -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
TimeoutSec=infinity
[Install]
WantedBy=multi-user.target
[root@Router system]# systemctl daemon-reload
[root@Router system]# systemctl enable --now zabbix
[root@Router ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10051 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:10051 [::]:*
LISTEN 0 128 *:3306 *:*
[root@Router ~]#
5.5 自定义 ZabbixAgent 启动文件,端口:10050
[root@Router etc]# cat /usr/lib/systemd/system/zabbix_agent.service
[Unit]
Description=The ZabbixAgent
After=syslog.target
After=network.target
[Service]
Type=forking
Environment="CONFFILE=/apps/zabbix/etc/zabbix_agentd.conf"
EnvironmentFile=-/etc/default/zabbix-agent
Restart=on-failure
PIDFile=/apps/zabbix/logs/zabbix_agentd.pid
KillMode=control-group
ExecStart=/apps/zabbix/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix
[Install]
WantedBy=multi-user.target
[root@Router etc]# systemctl daemon-reload
[root@Router etc]# systemctl enable --now zabbix_agent
[root@Router ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10051 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:10050 [::]:*
LISTEN 0 128 [::]:10051 [::]:*
LISTEN 0 128 *:3306 *:*
[root@Router ~]#
6 配置 Nginx 访问 Zabbix_Server
访问 web 界面 进行相关 web 配置,配置完成后使用默认
用户:Admin
密码:zabbix
[root@Router ~]# mysql -uroot -e "select * from zabbix.users\G"
[root@Router ~]# cat /apps/nginx/conf.d/zabbix.conf
server {
listen 80;
server_name zabbix.test.com;
location / {
root /data/ngx_web;
index index.php index.html;
}
location ~ \.php$ {
root /data/ngx_web;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@Router ~]#
[root@Router ~]# nginx -s reload
# 绑定 hosts
bogon:~ root# grep zabbix /etc/hosts
172.18.8.18 zabbix.test.com
bogon:~ root#
# 浏览器访问
http://zabbix.test.com/setup.php
7 zabbix 主动与被动监控模式
7.1 被动模式
无论是主动模式还是被动模式,都是站在 zabbix agent 角度来说的工作模式,比如被动模式,是说 zabbix agent 被动的接受 zabbix server 周期性发送过来的数据收集指令,在被动模式之下,zabbix server 会根据主机关联的模板中的监控项和数据采集间隔时间,周期性的打开随机端口并向 zabbix agent 服务器的 10050 发起 tcp 连接,然后发送获取
监控项数据的指令,即 zabbix server 发送什么指令那么 zabbix agent 就收集什么数据,zabbix server什么时候发
送 zabbix agent 就什么时候采集,zabbix server 不发送 zabbix agent 就一直不响应,所以 zabbix agent 也不用关心其监控项和数据采集周期间隔时间。
被动模式的优点就是配置简单,安装后即可使用,因此也成为 zabbix 的默认工作模式,但是被动模式的最大问题就是会加 zabbix server 的工作量,在数百甚至数千台服务器的环境下会导致 zabbix server 需要轮训向每个
zabbix agent 发送数据采集指令,如果 zabbix server 负载很高还会导致不能及时获取到最新数据,但由于无需其他复杂配置,被设置为了默认的工作方式。
7.1.1 被动模式工作流程
7.1.2 被动模式配置
[root@passiveAgent ~]# grep -Ev "#|^$" /etc/zabbix/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=172.18.8.18
StartAgents=5
ServerActive=127.0.0.1
Hostname=172.18.8.89
Include=/etc/zabbix/zabbix_agentd.d/*.conf
[root@passiveAgent ~]# systemctl restart zabbix-agent.service
7.1.3 被动模式端口状态
[root@passiveAgent ~]# netstat -antlp|grep 10050
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 17518/zabbix_agentd
tcp 0 0 172.18.8.89:10050 172.18.8.18:57496 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57398 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57408 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57510 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57484 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57446 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57402 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57456 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57414 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57400 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57394 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57474 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57532 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57452 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57468 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57358 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57464 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57404 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57420 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57498 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57478 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57422 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57440 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57372 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57426 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57520 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57516 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57382 TIME_WAIT -
tcp 0 0 172.18.8.89:10050 172.18.8.18:57460 TIME_WAIT -
tcp6 0 0 :::10050 :::* LISTEN 17518/zabbix_agentd
[root@passiveAgent ~]#
7.1.2 被动模式工作流程
7.2 主动模式
主动模式是由 zabbix agent 主动向 zabbix server 的 10051 端口发起 tcp 连接请求,因此主动模式下必须在 zabbix
agent 配置文件中指定 zabbix server 的 IP 或者主机名(必须可以被解析为IP地址),在连接到 zabbix server 之前 zabbix agent 是不知道自己要采集那些数据以及间隔多久采集一次数据的,然后在连接到 zabbix server 以后获取到自己的监控项和数据采集间隔周期时间,然后再根据监控项采集数据并返回给 zabbix server,在主动模式下不再需要 zabbix serve 向 zabbix agent 发起连接请求,因此主动模式在一定程度上可减轻 zabbix server 打开的本地随机端口和进程数,在一定程度就减轻看 zabbix server 的压力。
7.2.1 主动模式工作流程
7.2.2 修改zabbix agent为主动模式
[root@active_Agent ~]# grep -Ev "#|^$" /etc/zabbix/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=172.18.8.18
StartAgents=5
ServerActive=172.18.8.18 # 主动模式的 zabbix server 地址
Hostname=172.18.8.79
Timeout=30
Include=/etc/zabbix/zabbix_agentd.d/*.conf
[root@active_Agent ~]# systemctl enable --now zabbix-agent
Synchronizing state of zabbix-agent.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable zabbix-agent
7.2.3 生成主动模式模板
Zabbix 5.0+ 的版本和以前的版本有很大的不同,系统自带的监控模板分为主动监控模板(Linux by Zabbix agent active)和被动监控模板(Linux by Zabbix agent),并且主动和被动模板都关联了7个模块,不在需要单独制作
Zabbix 5.0 之前的模块的制作步骤如下
7.2.4 添加主动模式主机并关联主动模板
7.2.5 验证主动模式主机端口
[root@zabbixServer ~]# netstat -tanlp| grep 172.18.8.79
tcp 0 0 172.18.8.18:10051 172.18.8.79:60732 TIME_WAIT -
tcp 0 0 172.18.8.18:10051 172.18.8.79:60844 TIME_WAIT -
tcp 0 0 172.18.8.18:10051 172.18.8.79:60704 TIME_WAIT -
[root@zabbixServer ~]#
7.2.6 验证主动模式被监控端端口
[root@active_Agent ~]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 11987/zabbix_agentd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 29731/mysqld
tcp 0 0 172.18.8.111:6443 0.0.0.0:* LISTEN 8126/haproxy
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1536/redis-server 1
tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 8126/haproxy
tcp 0 0 172.18.8.222:80 0.0.0.0:* LISTEN 8126/haproxy
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 30163/systemd-resol
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2121/sshd
tcp 0 1 172.18.8.79:55116 172.18.8.59:30004 SYN_SENT 8126/haproxy
tcp 0 0 172.18.8.79:22 172.18.60.171:49580 ESTABLISHED 8768/sshd: root@pts
tcp 0 0 172.18.8.79:10050 172.18.8.18:42230 TIME_WAIT -
tcp 0 0 172.18.8.79:51906 172.18.8.18:10051 TIME_WAIT -
tcp6 0 0 :::10050 :::* LISTEN 11987/zabbix_agentd
tcp6 0 0 ::1:6379 :::* LISTEN 1536/redis-server 1
tcp6 0 0 :::22 :::* LISTEN 2121/sshd
7.3 主动模式和被动模式总结
7.3.1 主动模式
[root@active_Agent ~]# netstat -antp|grep 10051
tcp 0 0 172.18.8.79:59770 172.18.8.18:10051 TIME_WAIT -
-
ZabbixAgent 打开随机端口向 ZabbixServer 的 10051 端口发起请求,获取监控项
-
ZabbixServer 从 MySQL 查询当前主机的监控项并原路返回
-
ZabbixAgent 根据 ZabbixServer 返回的监控项采集数据并发送给 ZabbixServer
7.3.2 被动模式
[root@passiveAgent ~]# netstat -antlp|grep 10050
tcp 0 0 172.18.8.89:10050 172.18.8.18:57496 TIME_WAIT -
-
ZabbixServer 打开随机端口向 zabbixAgent 的 10050 端口发起请求,请求中包含当前主机的监控项
-
ZabbixAgent 收集数据并返回给 ZabbixServer
8 Zabbix 报警设置
8.1 配置 QQ 邮箱告警
[root@Router ~]# yum -y install mailx dos2unix
[root@Router ~]# cat /etc/mail.rc # 此文件不能放在用户家目录,否则,邮箱无法收到报警信息
set from=11111@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=11111@qq.com
set smtp-auth-password=此处填写你个人的授权码
set smtp-auth=login
set ssl-verify=ignore
[root@Router ~]#
8.2 Zabbix 报警配置
8.2.1 设置报警媒介
报警媒介可以是Email、SMS、Script、Webhook,此处我们使用Script编写简单脚本,调用 QQ 提供的接口进行报警
发送邮件脚本
[root@Router ~]# cat /apps/zabbix/share/zabbix/alertscripts/alert_email.sh
#!/bin/bash
#
sendTo=$1
subJect=$2
msg=$3
file=/tmp/mailtemp.txt
echo "$msg" > $file
/usr/bin/dos2unix -k $file
/bin/mail -s "$subJect" "$sendTo" < $file
[root@Router ~]# chown zabbix.zabbix /tmp/mailtemp.txt
[root@Router ~]#
8.2.2 设置报警发送人
8.2.3 设置报警动作及内容
报警条件
报警内容
# 官网
https://www.zabbix.com/documentation/current/manual/appendix/macros/supported_by_location
故障恢复后报警内容
9 Zabbix + Grafana 展示
Grafana官网:
https://grafana.com/grafana/download
https://grafana.com/docs/grafana/latest/installation/debian/
安装 Grafana
wget https://dl.grafana.com/oss/release/grafana-8.0.3-1.x86_64.rpm
sudo yum install grafana-8.0.3-1.x86_64.rpm
默认安装的新版 Grafana 并没有 Zabbix 的插件,所以需要手动安装
# 官网
https://grafana.com/grafana/plugins/alexanderzobnin-zabbix-app/
https://alexanderzobnin.github.io/grafana-zabbix/installation/
grafana-cli plugins install alexanderzobnin-zabbix-app
启动 Grafana
sudo systemctl daemon-reload
sudo systemctl start grafana-server
sudo systemctl status grafana-server
sudo systemctl enable grafana-server
默认的 Grafana 的端口是 3000,为了便于访问,我们自定义一个域名grafana.test.com
bogon:~ root# grep grafana /etc/hosts
172.18.8.18 zabbix.test.com grafana.test.com
bogon:~ root#
在 Nginx 上配置,让其可以通过域名直接访问
[root@Router ~]# cat /apps/nginx/conf.d/grafana.conf
server {
listen 80;
server_name grafana.test.com;
location / {
proxy_pass http://zabbix.test.com:3000;
}
}
[root@Router ~]#
# 浏览器访问
http://grafana.test.com
默认的用户名和密码都是admin,第一次登陆需要修改密码,请自行修改
- 添加
zabbix插件,左侧边栏(Configuration--Plugins)
- 添加
Zabbix数据源,左侧边栏(Configuration--Data sources)
- 配置
Zabbix数据源
采用域名访问,我最开始只在笔记本上配置了域名,并没有在zabbix所在的主机配置域名访问,导致在测试Zabbix 数据源的时候出现 462 错误
- 导入 Dashboard 配置模板
# Grafana 官网模板地址搜索模板,并记录编号
https://grafana.com/grafana/dashboards?search=zabbix
步骤:Create---Import–模板编号
10 其他
10.1 Zabbix_Server监控检查
服务器端检查,在server上执行, 看能不能取到agentd的数据
[root@Router ~]# /apps/zabbix/bin/zabbix_get -s127.0.0.1 -p10050 -k'system.uptime'
13059
[root@Router ~]# /apps/zabbix/bin/zabbix_get -s127.0.0.1 -p10050 -k'agent.ping'
1
[root@Router ~]# /apps/zabbix/bin/zabbix_get -s127.0.0.1 -p10050 -k'agent.version'
5.4.1
10.2 IPtable设置
iptables -A INPUT -p tcp -s 服务器IP -m multiport --dports 10050,10051 -j ACCPET
报错:前端与Zabbix数据库不匹配
# The frontend does not match Zabbix database. Current database version (mandatory/optional): 3020000/3020000
#. Required mandatory version: 4040000. Contact your system administrator.
mysql> show databases;
mysql> use zabbix;
mysql> update dbversion set mandatory=3020000;
mysql> flush privileges;
550
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
