部署zabbix
场景
运维工程师除了搭建架构环境,配置管理外,还需要保证业务的稳定
运行。不稳定的情况包括很多方面,如:
- CPU负载过大
- 内存不够
- 磁盘空间满了
- 网络很卡
- 服务不能被访问
等等各种问题。我们运维工程师无法做到时刻盯着服务器查看各类状态,所以需要建立一套完善的自动化监控
系统,将所有需要监控的服务器及其各种需要的状态数据都实时地收集, 图形展示,报警。
linux系统中的监控主要监控什么?
任何你所想要监控的数据, 如cpu负载,cpu的idle时间,内存使用量,内存利用率,io,network等等。
现在很多开源监控方案已经把常见的监控做成了模板,我们可以直接套用
大型公司会有更多的监控需求, 那么就需要专业的开发人员来做监控开发(运维人员也可以开发)
主流的开源监控平台介绍
- mrtg (Multi Router Traffic Grapher)通过snmp协议得到设备的流量信息,并以包含PNG格式的图形的HTML文档方式显示给用户。
- cacti (仙人掌) 用php语言实现的一个软件,它的主要功能是用snmp服务获取数据,然后用rrdtool储存和更新数据。官网地址:https://www.cacti.net/
- ntop 官网地址: https://www.ntop.org/
- nagios 能够跨平台,插件多,报警功能强大。官网地址:https://www.nagios.org/
- centreon 底层使用的就是nagios。是一个nagios整合版软件。官网地址:https://www.centreon.com/
- ganglia 设计用于测量数以千计的节点,资源消耗非常小。官网地址:http://ganglia.info/
- open-falcon 小米公司开源,高效率,高可用。用户基数相对小。官网地址: http://open-falcon.org/
- zabbix 跨平台,画图,多条件告警,多种API接口。用户基数大。官网地址: https://www.zabbix.com/
- prometheus 基于时间序列的数值数据的容器监控解决方案。官网地址: https://prometheus.io/
zabbix
zabbix基础概念初探:
1. 主机(host)和主机群组(host group)
主机指被监控的一个设备(服务器,交换机等),当被监控的主机数量巨大时,就需要分组
2. zabbix用户(user)与用户群组(group)
zabbix可以多个用户登录管理(和Linux操作系统一样有管理员和普通管理者)
3. 监控项(item)与应用集(application)
监控的需求太多了,就拿监控cpu平均负载来说,就有监控1分钟内,5分钟内,15分钟内等三个常见的监控参数。
监控项(item)是从收集数据或监控的一个最小单位。把cpu1分钟内的平均负载就可以做成一个监控项。应用集就是多个监控项的组。
4. 图形
监控项收集的数据需要用图形直观地展示出来。
5. 触发器和报警
当监控项收集的数据达到一个临界点时,就要触发报警通知管理人员。
如: 当根分区使用率超过80%时, 就通过发报警信息到管理人员。
6. 模板
模板主要包括监控项,图形,触发器等概念,相当于是把要监控的东西做成一个合集。
一、部署LAMP
1.下载centos和epel源
[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@localhost ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@localhost ~]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@localhost ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
2.安装httpd
yum -y install httpd
[root@localhost ~]# yum -y install httpd
Dependencies resolved.
=======================================================================
Package Arch Version Repo Size
=======================================================================
Installing:
httpd x86_64 2.4.37-47.module_el8.6.0+1111+ce6f4ceb.1
appstream 1.4 M
......
Complete!
3.安装php
yum -y install php-xml.x86_64 php-json.x86_64 php-mysqlnd.x86_64 php-common.x86_64 php-fpm.x86_64 php-bcmath.x86_64 php-cli.x86_64 php.x86_64 php-gd.x86_64 php-pdo.x86_64 php-devel.x86_64
[root@localhost ~]# yum -y install php-xml.x86_64 php-json.x86_64 php-mysqlnd.x86_64 php-common.x86_64 php-fpm.x86_64 php-bcmath.x86_64 php-cli.x86_64 php.x86_64 php-gd.x86_64 php-pdo.x86_64 php-devel.x86_64
Repository extras is listed more than once in the configuration
Last metadata expiration check: 0:01:33 ago on Thu 01 Sep 2022 10:45:29 AM CST.
Installing:
php x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 1.5 M
php-bcmath x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 79 k
php-cli x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 3.1 M
php-common x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 661 k
php-devel x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 712 k
php-fpm x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 1.6 M
php-gd x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 84 k
php-json x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 73 k
php-mysqlnd x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 190 k
php-pdo x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 122 k
php-xml x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
AppStream 188 k
... ...
... ...
php-mysqlnd-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64
php-pdo-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64
php-xml-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64
Complete!
4.安装mariadb
yum -y install mariadb-server mariadb
[root@localhost ~]# yum -y install mariadb-server mariadb
Repository extras is listed more than once in the configuration
Last metadata expiration check: 0:14:05 ago on Thu 01 Sep 2022 10:45:29 AM CST.
Installing:
mariadb x86_64 3:10.3.28-1.module_el8.3.0+757+d382997d
AppStream 6.0 M
......
mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64
perl-DBD-MySQL-4.046-3.module_el8.3.0+419+c2dec72b.x86_64
Complete!
5.设置数据库服务
systemctl restart mariadb
systemctl enable mariadb
mysql_secure_installation
设置密码为redhat 其余的全部y
启动数据库服务,设置下次启动生效
[root@localhost ~]# systemctl restart mariadb
[root@localhost ~]# systemctl enable mariadb
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: redhat
Re-enter new password: redhat //设置密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
6.设置httpd服务
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
7.测试php页面
[root@localhost ~]# vim /etc/php.ini
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Asia/Shanghai //添加时间同步
[root@localhost ~]# vim /var/www/html/index.php
[root@localhost ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>
8.验证
关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
.....
SELINUX=disabled
....
二、安装zabbix
1.配置仓库
[root@localhost ~]# vim /etc/yum.repos.d/zabbix.repo
[root@localhost ~]# cat /etc/yum.repos.d/zabbix.repo
[aliyun]
name=aliyun
baseurl=https://mirrors.aliyun.com/zabbix/zabbix/4.4/rhel/8/x86_64/
enable=1
gpgcheck=0
[qinghua]
name=Zabbix Official Repository - $basearch
#baseurl=http://repo.zabbix.com/zabbix/3.4/rhel/7/$basearch/
baseurl=https://mirrors.tuna.tsinghua.edu.cn/zabbix/zabbix/4.4/rhel/8/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
[root@localhost ~]# yum clean all
Repository extras is listed more than once in the configuration
51 files removed
[root@localhost ~]# yum list all
2.安装
[root@localhost ~]# dnf -y install gcc gcc-c++ python3 python3-devel python3-createrepo_c python3-libdnf python3-libmodulemd libmodulemd
root@localhost ~]# dnf -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-agent
Repository extras is listed more than once in the configuration
Last metadata expiration check: 0:49:58 ago on Thu 01 Sep 2022 11:36:54 AM CST.
Dependencies resolved.
=======================================================================
Package Arch Version Repo Size
=======================================================================
Installing:
zabbix-agent x86_64 4.4.10-1.el8
zabbix-web-4.4.10-1.el8.noarch
zabbix-web-mysql-4.4.10-1.el8.noarch
Complete!
3.配置数据库并导入zabbix表数据
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.005 sec)
MariaDB [(none)]> grant all on zabbix.* to zabbix@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.003 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> exit
Bye
[root@localhost ~]# zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -u zabbix -predhat zabbix
4.验证zabbix数据库数据
root@localhost ~]# mysql -u root -predhat
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use zabbix;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [zabbix]> show tables;
+----------------------------+
| Tables_in_zabbix |
+----------------------------+
| acknowledges |
| actions |
| alerts |
| application_discovery |
| application_prototype |
| application_template |
| applications |
| auditlog |
| auditlog_details |
| autoreg_host |
| conditions |
| config |
| config_autoreg_tls |
| corr_condition |
| corr_condition_group |
| corr_condition_tag |
| corr_condition_tagpair |
| corr_condition_tagvalue |
| corr_operation |
| correlation |
| dashboard |
| dashboard_user |
| dashboard_usrgrp |
| dbversion |
| dchecks |
| dhosts |
| drules |
| dservices |
| escalations |
| event_recovery |
| event_suppress |
| event_tag |
| events |
| expressions |
| functions |
| globalmacro |
| globalvars |
| graph_discovery |
| graph_theme |
| graphs |
| graphs_items |
| group_discovery |
| group_prototype |
| history |
| history_log |
| history_str |
| history_text |
| history_uint |
| host_discovery |
| host_inventory |
| host_tag |
| hostmacro |
| hosts |
| hosts_groups |
| hosts_templates |
| housekeeper |
| hstgrp |
| httpstep |
| httpstep_field |
| httpstepitem |
| httptest |
| httptest_field |
| httptestitem |
| icon_map |
| icon_mapping |
| ids |
| images |
| interface |
| interface_discovery |
| item_application_prototype |
| item_condition |
| item_discovery |
| item_preproc |
| item_rtdata |
| items |
| items_applications |
| lld_macro_path |
| maintenance_tag |
| maintenances |
| maintenances_groups |
| maintenances_hosts |
| maintenances_windows |
| mappings |
| media |
| media_type |
| media_type_param |
| opcommand |
| opcommand_grp |
| opcommand_hst |
| opconditions |
| operations |
| opgroup |
| opinventory |
| opmessage |
| opmessage_grp |
| opmessage_usr |
| optemplate |
| problem |
| problem_tag |
| profiles |
| proxy_autoreg_host |
| proxy_dhistory |
| proxy_history |
| regexps |
| rights |
| screen_user |
| screen_usrgrp |
| screens |
| screens_items |
| scripts |
| service_alarms |
| services |
| services_links |
| services_times |
| sessions |
| slides |
| slideshow_user |
| slideshow_usrgrp |
| slideshows |
| sysmap_element_trigger |
| sysmap_element_url |
| sysmap_shape |
| sysmap_url |
| sysmap_user |
| sysmap_usrgrp |
| sysmaps |
| sysmaps_elements |
| sysmaps_link_triggers |
| sysmaps_links |
| tag_filter |
| task |
| task_acknowledge |
| task_check_now |
| task_close_problem |
| task_remote_command |
| task_remote_command_result |
| timeperiods |
| trends |
| trends_uint |
| trigger_depends |
| trigger_discovery |
| trigger_tag |
| triggers |
| users |
| users_groups |
| usrgrp |
| valuemaps |
| widget |
| widget_field |
+----------------------------+
149 rows in set (0.001 sec)
MariaDB [zabbix]> exit
Bye
[root@localhost ~]#
5.配置zabbix并启动服务
[root@localhost ~]# vim /etc/zabbix/zabbix_server.conf
ListenPort=10051
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=redhat #打开注释并修改连接mysql的密码,在124行
DBSocket=/var/lib/mysql/mysql.sock
ListenIP=0.0.0.0
[root@localhost ~]# systemctl restart zabbix-server.service
Job for zabbix-server.service failed because the control process exited with error code.
See "systemctl status zabbix-server.service" and "journalctl -xe" for details. //如果出现服务起不来的情况,按照以下步骤解决
[root@localhost ~]# journalctl -xe
Sep 01 21:36:17 localhost.localdomain setroubleshoot[36352]: AnalyzeThread.run(): Set alarm timeout to 10
[root@localhost ~]# ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-zabbixserver.pp
[root@localhost ~]# semodule -X 300 -i my-zabbixserver.pp //做完这些步骤再次启动服务就成功了
[root@localhost ~]# systemctl restart zabbix-server.service
[root@localhost ~]# systemctl enable zabbix-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-server.service → /usr/lib/systemd/system/zabbix-server.service.
[root@localhost ~]# netstat -tulnp | grep 10051
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 38545/zabbix_server
6.配置httpd并启动服务
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# systemctl enable httpd
7.浏览器访问http://192.168.223.149/zabbix
默认账号为Admin,密码为zabbix