公网环境部署zabbix5.0
实验环境
虚拟机两台,一台公网地址为 1.1.1.1,部署 zabbix server,一台公网地址为 1.1.1.2,部署 zabbix proxy,系统为centos7.2。
1 zabbix server部署
1.1 准备工作
配置防火墙
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="1.1.1.2/32" port port="10051" protocol="tcp" accept"
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="1.1.1.2/32" port port="123" protocol="udp" accept"
firewall-cmd --reload
配置selinux
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
1.2 安装 server
安装 zabbix库
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
yum clean all
如果出现 curl: (60) The certificate issuer's certificate has expired. Check your system date and time 报错,则需要更新证书
yum install -y ca-certificates
update-ca-trust extract
安装 zabbix server
mariadb
yum install -y zabbix-server-mysql
PostgreSQL
yum install -y zabbix-server-pgsql
安装 zabbix 前端
yum install -y centos-release-scl
vim /etc/yum.repos.d/zabbix.repo
[zabbix-frontend]
enabled=1
Mariadb
yum install -y zabbix-web-mysql-scl zabbix-apache-conf-scl
PostgreSQL
yum install -y zabbix-web-pgsql-scl zabbix-apache-conf-scl
安装 mariadb
yum install -y mariadb-server
vim /etc/my.cnf
max_connections = 4096
character-set-server = utf8
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation 设置root密码为r00tP@ssw0rd
mysql -uroot -p'r00tP@ssw0rd'
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'z@bbixP@ssw0rd';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p'z@bbixP@ssw0rd' zabbix
安装 PostgreSQL
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y postgresql14-server
/usr/pgsql-14/bin/postgresql-14-setup initdb
配置
systemctl enable postgresql-14
systemctl start postgresql-14
sudo -u postgres createuser --pwprompt zabbix 设置密码为z@bbixP@ssw0rd
sudo -u postgres createdb -O zabbix zabbix
zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | sudo -u zabbix psql zabbix
安装timescaledb
tee /etc/yum.repos.d/timescale_timescaledb.repo <<EOL
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/$(rpm -E %{rhel})/\$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL
yum -y update
yum install -y timescaledb-2-postgresql-14
timescaledb-tune --pg-config=/usr/pgsql-14/bin/pg_config
systemctl restart postgresql-14
sudo -u zabbix psql zabbix
CREATE EXTENSION IF NOT EXISTS timescaledb;
zcat /usr/share/doc/zabbix-server-pgsql*/timescaledb.sql.gz | sudo -u zabbix psql zabbix
配置 php
修改时区
vim /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
php_value[date.timezone] = Asia/Shanghai
修改端口
vim /etc/httpd/conf/httpd.conf
Listen 12345
启动 zabbix server
vim /etc/zabbix/zabbix_server.conf
DBPassword=z@bbixP@ssw0rd
systemctl start zabbix-server httpd rh-php72-php-fpm
systemctl enable zabbix-server httpd rh-php72-php-fpm
配置zabbix前端
访问 http://1.1.1.1:12345/zabbix 按照提示配置,默认密码 Admin/zabbix,立即修改,并限制guest访问
1.3 配置ntp服务端
由于agent与server之间时间相差过大容易造成nodata的误告警,强烈建议设置时间同步
yum install –y ntp
vim /etc/ntp.conf
Server ntp.ntsc.ac.cn iburst
systemctl start ntpd
systemctl enable ntpd
检查ntp服务状态
ntpstat
ntpq -p
1.4 安装agent
yum install -y zabbix-agent
systemctl start zabbix-agent
systemctl enable zabbix-agent
2 zabbix proxy部署
2.1 准备工作
配置防火墙
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="1.1.1.1/32" port port="10050" protocol="tcp" accept"
firewall-cmd --reload
配置selinux
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
配置时间同步
vim /etc/chrony.conf
server 1.1.1.1 iburst
systemctl start chronyd
2.2 安装 proxy
安装 proxy
rpm -ivh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
yum-config-manager --enable rhel-7-server-optional-rpms
yum install -y zabbix-proxy-mysql
如果出现 curl: (60) The certificate issuer's certificate has expired. Check your system date and time 报错,则需要更新证书
yum install -y ca-certificates
update-ca-trust extract
安装 mariadb
yum install -y mariadb-server
vim /etc/my.cnf
max_connections = 4096
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation 设置root密码为r00tP@ssw0rd
mysql -uroot -p'r00tP@ssw0rd'
mysql> create database zabbix_proxy character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'z@bbixP@ssw0rd';
mysql> grant all privileges on zabbix_proxy.* to zabbix@localhost;
mysql> quit;
zcat /usr/share/doc/zabbix-proxy-mysql*/schema.sql.gz | mysql -uzabbix -p'z@bbixP@ssw0rd' zabbix_proxy
启动 proxy
web配置
vim /etc/zabbix/zabbix_proxy.conf
Server=1.1.1.1
Hostname=ZabbixProxy01
DBPassword=z@bbixP@ssw0rd
systemctl start zabbix-proxy
systemctl enable zabbix-proxy
2.3 安装agent
web配置
yum install -y zabbix-agent
vim /etc/zabbix/zabbix_agentd.conf
Hostname=ZabbixProxy01
Server=1.1.1.1
systemctl start zabbix-agent
systemctl enable zabbix-agent