■CentOS7にZabbixをインストールしてみる。
$ cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
$ uname -r
3.10.0-1127.el7.x86_64
■SELINUXは監査ログのみを確認するために「permissive」とする。
監査ログも不要であれば「disabled」とする。
$ sudo sed -i -e 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
$ sudo reboot && exit
$ getenforce
Permissive
$ sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
■epelリポジトリがなければ登録する。
$ sudo yum -y install epel-release
$ sudo yum -y update
■epelリポジトリからはZabbix3.0かZabbix4.0が選べる。
$ env LANG=C yum provides zabbix | grep -B 4 ^Provides
zabbix30-3.0.22-2.el7.x86_64 : Open-source monitoring solution for your IT
: infrastructure
Repo : epel
Matched from:
Provides : zabbix = 3.0.22-2.el7
--
zabbix40-4.0.17-1.el7.x86_64 : Open-source monitoring solution for your IT
: infrastructure
Repo : epel
Matched from:
Provides : zabbix = 4.0.17-1.el7
■まず先にDBを選ぶ。
DBはmysqlの代わりにbaseリポジトリのmariadbを使用する。
$ env LANG=C yum provides mysql | awk '(NR>6 && !/^$/)'
1:mariadb-5.5.65-1.el7.x86_64 : A community developed branch of MySQL
Repo : base
Matched from:
Provides : mysql = 1:5.5.65-1.el7
$ env LANG=C yum provides mariadb-server | awk '(NR>6 && !/^$/)'
1:mariadb-server-5.5.65-1.el7.x86_64 : The MariaDB server and related files
Repo : base
$ sudo yum list available | awk '$1 ~ /maria/ && $1 !~ /686|test|devel|backup/'
mariadb.x86_64 1:5.5.65-1.el7 base
mariadb-bench.x86_64 1:5.5.65-1.el7 base
mariadb-embedded.x86_64 1:5.5.65-1.el7 base
mariadb-server.x86_64 1:5.5.65-1.el7 base
$ sudo yum install -y mariadb mariadb-server
$ yum list installed | grep mariadb
mariadb.x86_64 1:5.5.65-1.el7 @base
mariadb-libs.x86_64 1:5.5.65-1.el7 @anaconda
mariadb-server.x86_64 1:5.5.65-1.el7 @base
$ sudo systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
$ sudo systemctl start mariadb
$ sudo systemctl status mariadb
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since 火 2020-06-16 17:24:31 JST; 4s ago
Process: 9947 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 9863 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 9946 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─ 9946 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─10108 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var...
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: MySQL manual for more instructions.
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: Please report any problems at http://mariadb.org/jira
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: The latest information about MariaDB is available at http://mariadb.org/.
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: You can find additional information about the MySQL part at:
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: http://dev.mysql.com
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: Consider joining MariaDB's strong and vibrant community:
6月 16 17:24:28 centos7 mariadb-prepare-db-dir[9863]: https://mariadb.org/get-involved/
6月 16 17:24:29 centos7 mysqld_safe[9946]: 200616 17:24:29 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
6月 16 17:24:29 centos7 mysqld_safe[9946]: 200616 17:24:29 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
6月 16 17:24:31 centos7 systemd[1]: Started MariaDB database server.
■DBの初期設定
$ mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
$ mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> \q
Bye
■Zabbixをインストールする。
Postgresとsqliteを除外して確認
$ yum list available | awk '/zabbix40/&& !/pgsql|sqlite/'
zabbix40.x86_64 4.0.17-1.el7 epel
zabbix40-agent.x86_64 4.0.17-1.el7 epel
zabbix40-dbfiles-mysql.noarch 4.0.17-1.el7 epel
zabbix40-proxy.noarch 4.0.17-1.el7 epel
zabbix40-proxy-mysql.x86_64 4.0.17-1.el7 epel
zabbix40-server.noarch 4.0.17-1.el7 epel
zabbix40-server-mysql.x86_64 4.0.17-1.el7 epel
zabbix40-web.noarch 4.0.17-1.el7 epel
zabbix40-web-mysql.noarch 4.0.17-1.el7 epel
$ sudo yum -y install zabbix40-server-mysql zabbix40-proxy-mysql zabbix40-web-mysql zabbix40-agent
$ yum list installed | grep zabbix
zabbix40.x86_64 4.0.17-1.el7 @epel
zabbix40-agent.x86_64 4.0.17-1.el7 @epel
zabbix40-dbfiles-mysql.noarch 4.0.17-1.el7 @epel
zabbix40-proxy.noarch 4.0.17-1.el7 @epel
zabbix40-proxy-mysql.x86_64 4.0.17-1.el7 @epel
zabbix40-server.noarch 4.0.17-1.el7 @epel
zabbix40-server-mysql.x86_64 4.0.17-1.el7 @epel
zabbix40-web.noarch 4.0.17-1.el7 @epel
zabbix40-web-mysql.noarch 4.0.17-1.el7 @epel
■Zabbix用にデータベースを作成。
$ mysql -u root -p -e 'create database zabbix character set utf8 collate utf8_bin'
Enter password:
$ mysql -u root -p -e 'show databases'
Enter password:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| zabbix |
+--------------------+
■Zabbixユーザを作成して権限を割り当てる。
※mypasswordは各環境に合わせて設定。
$ mysql -u root -p -e "CREATE USER zabbix@localhost IDENTIFIED BY 'mypassword'"
$ mysql -u root -p -e 'GRANT ALL ON zabbix.* TO zabbix@localhost'
■Zabbix DB、ユーザ、ユーザ権限を確認。
$ mysql -u root -p -e "show databases;select Host,User from mysql.user;show grants for zabbix@localhost"
Enter password:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| zabbix |
+--------------------+
+-----------+--------+
| Host | User |
+-----------+--------+
| 127.0.0.1 | root |
| ::1 | root |
| centos7 | root |
| localhost | root |
| localhost | zabbix |
+-----------+--------+
+---------------------------------------------------------------------------------------------------------------+
| Grants for zabbix@localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'zabbix'@'localhost' IDENTIFIED BY PASSWORD '*FABE5482D5AADF36D028AC443D117BE1180B9725' |
| GRANT ALL PRIVILEGES ON `zabbixdb`.* TO 'zabbix'@'localhost' |
+---------------------------------------------------------------------------------------------------------------+
■スキーマとデータを取り込む。
「No database selected」は1行目に「use zabbix」で使うDBを指定する必要がある。
$ ls /usr/share/zabbix-mysql/*.sql
/usr/share/zabbix-mysql/data.sql /usr/share/zabbix-mysql/images.sql /usr/share/zabbix-mysql/schema.sql
$ mysql -u zabbix -p < /usr/share/zabbix-mysql/schema.sql
Enter password:
ERROR 1046 (3D000) at line 1: No database selected
$ sudo sed -i '1i use zabbix;' /usr/share/zabbix-mysql/schema.sql
$ sudo sed -i '1i use zabbix;' /usr/share/zabbix-mysql/images.sql
$ sudo sed -i '1i use zabbix;' /usr/share/zabbix-mysql/data.sql
$ mysql -u zabbix -p < /usr/share/zabbix-mysql/schema.sql
Enter password:
$ mysql -u zabbix -p < /usr/share/zabbix-mysql/images.sql
Enter password:
$ mysql -u zabbix -p < /usr/share/zabbix-mysql/data.sql
Enter password:
■zabbix-server設定を変更する。
$ sudo awk '/DB/&&/Host|Name|User|Pass/' /etc/zabbix/zabbix_server.conf
DBName=zabbix
DBUser=zabbix
■zabbix-serverからの情報と同じ方法でmysqlクライアントからログイン
ユーザ名、パスワード、ホスト、DB名の状態確認。
$ mysql -u zabbix -p -h 127.0.0.1 zabbix -e 'status'
Enter password:
--------------
mysql Ver 15.1 Distrib 5.5.65-MariaDB, for Linux (x86_64) using readline 5.1
Connection id: 85
Current database: zabbix
Current user: zabbix@localhost
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 5.5.65-MariaDB MariaDB Server
Protocol version: 10
Connection: 127.0.0.1 via TCP/IP
Server characterset: latin1
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 2 hours 5 min 30 sec
Threads: 1 Questions: 1012 Slow queries: 0 Opens: 639 Flush tables: 2 Open tables: 50 Queries per second avg: 0.134
--------------
■Zabbixのサービスを有効化して、起動する。
$ sudo systemctl enable zabbix-server-mysql
$ sudo systemctl start zabbix-server-mysql
$ systemctl list-unit-files --type=service | grep zabbix
zabbix-agent.service disabled
zabbix-server-mysql.service enabled
zabbix-server.service bad
$ sudo systemctl status zabbix-server
● zabbix-server-mysql.service - Zabbix Server with MySQL DB
Loaded: loaded (/usr/lib/systemd/system/zabbix-server-mysql.service; enabled; vendor preset: disabled)
Active: active (running) since 火 2020-06-16 19:41:05 JST; 2s ago
Main PID: 16129 (zabbix_server)
CGroup: /system.slice/zabbix-server-mysql.service
├─16129 /usr/sbin/zabbix_server -f
├─16133 /usr/sbin/zabbix_server: configuration syncer [synced configuration in 0.009050 sec, idle 60 sec]
├─16136 /usr/sbin/zabbix_server: housekeeper [startup idle for 30 minutes]
├─16137 /usr/sbin/zabbix_server: timer
├─16138 /usr/sbin/zabbix_server: http poller
├─16139 /usr/sbin/zabbix_server: discoverer
├─16140 /usr/sbin/zabbix_server: history syncer
├─16142 /usr/sbin/zabbix_server: history syncer
├─16143 /usr/sbin/zabbix_server: history syncer
├─16145 /usr/sbin/zabbix_server: history syncer
├─16146 /usr/sbin/zabbix_server: escalator
├─16147 /usr/sbin/zabbix_server: proxy poller
├─16148 /usr/sbin/zabbix_server: self-monitoring [processed data in 0.000030 sec, idle 1 sec]
├─16149 /usr/sbin/zabbix_server: task manager [started, idle 5 sec]
├─16150 /usr/sbin/zabbix_server: poller
├─16151 /usr/sbin/zabbix_server: poller
├─16152 /usr/sbin/zabbix_server: poller
├─16153 /usr/sbin/zabbix_server: poller
├─16154 /usr/sbin/zabbix_server: poller
├─16155 /usr/sbin/zabbix_server: unreachable poller
├─16156 /usr/sbin/zabbix_server: trapper
├─16157 /usr/sbin/zabbix_server: trapper
├─16159 /usr/sbin/zabbix_server: trapper
├─16160 /usr/sbin/zabbix_server: trapper
├─16162 /usr/sbin/zabbix_server: trapper
├─16163 /usr/sbin/zabbix_server: icmp pinger
├─16165 /usr/sbin/zabbix_server: alert manager
├─16166 /usr/sbin/zabbix_server: alerter
├─16167 /usr/sbin/zabbix_server: alerter
├─16168 /usr/sbin/zabbix_server: alerter
├─16169 /usr/sbin/zabbix_server: preprocessing manager
├─16170 /usr/sbin/zabbix_server: preprocessing worker
├─16171 /usr/sbin/zabbix_server: preprocessing worker
└─16172 /usr/sbin/zabbix_server: preprocessing worker
6月 16 19:41:05 centos7 systemd[1]: Started Zabbix Server with MySQL DB.
6月 16 19:41:05 centos7 zabbix_server[16129]: Starting Zabbix Server. Zabbix 4.0.17 (revision a528a0a4bc).
6月 16 19:41:05 centos7 zabbix_server[16129]: Press Ctrl+C to exit.
$ sudo systemctl status zabbix-server-mysql
● zabbix-server-mysql.service - Zabbix Server with MySQL DB
Loaded: loaded (/usr/lib/systemd/system/zabbix-server-mysql.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 火 2020-06-16 19:43:12 JST; 20s ago
Process: 16129 ExecStart=/usr/sbin/zabbix_server -f (code=exited, status=0/SUCCESS)
Main PID: 16129 (code=exited, status=0/SUCCESS)
6月 16 19:41:05 centos7 systemd[1]: Started Zabbix Server with MySQL DB.
6月 16 19:41:05 centos7 zabbix_server[16129]: Starting Zabbix Server. Zabbix 4.0.17 (revision a528a0a4bc).
6月 16 19:41:05 centos7 zabbix_server[16129]: Press Ctrl+C to exit.
6月 16 19:43:12 centos7 systemd[1]: Stopping Zabbix Server with MySQL DB...
6月 16 19:43:12 centos7 systemd[1]: Stopped Zabbix Server with MySQL DB.
■Webサーバ(Apache2)の設定
$ yum list installed | grep httpd
httpd.x86_64 2.4.6-93.el7.centos @base
httpd-tools.x86_64 2.4.6-93.el7.centos @base
web-assets-httpd.noarch 5-1.el7 @epel
$ yum list available | awk '($NF ~ /base/ && $1 ~ /^httpd/)'
httpd-devel.x86_64 2.4.6-93.el7.centos base
httpd-manual.noarch 2.4.6-93.el7.centos base
■タイムゾーンの修正
$ grep zone /etc/httpd/conf.d/zabbix.conf
php_value date.timezone Asia/Tokyo
$ sudo systemctl restart zabbix-server httpd zabbix-agent
$ sudo systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
$ sudo systemctl enable zabbix-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-agent.service to /usr/lib/systemd/system/zabbix-agent.service.
$ systemctl list-unit-files --type=service | grep zabbix
zabbix-agent.service enabled
zabbix-server-mysql.service enabled
zabbix-server.service bad
■IPv6になっているので、0.0.0.0を追加。
$ ss -tln | grep :80
LISTEN 0 128 [::]:80 [::]:*
$ sudo grep ^Listen /etc/httpd/conf/httpd.conf
Listen 0.0.0.0:80
$ sudo systemctl restart httpd
$ ss -tln | grep :80
LISTEN 0 128 *:80 *:*
■firewallの開放
$ sudo systemctl status firewalld.service
[sudo] labunix のパスワード:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 火 2020-06-16 16:59:40 JST; 3h 31min ago
Docs: man:firewalld(1)
Main PID: 702 (firewalld)
CGroup: /system.slice/firewalld.service
└─702 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
6月 16 16:59:39 centos7 systemd[1]: Starting firewalld - dynamic firewall.....
6月 16 16:59:40 centos7 systemd[1]: Started firewalld - dynamic firewall ...n.
6月 16 16:59:40 centos7 firewalld[702]: WARNING: AllowZoneDrifting is enab....
Hint: Some lines were ellipsized, use -l to show in full.
$ sudo firewall-cmd --state
running
$ firewall-cmd --get-active-zones
public
interfaces: eth0
$ firewall-cmd --get-default-zone
public
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ sudo firewall-cmd --add-service=http --zone=public
success
■初期設定を行い、初期アカウントのAdmin/zabbixでログイン
$ firefox 192.168.100.50/zabbix/
■firewallの恒久設定
$ sudo firewall-cmd --add-service=http --zone=public --permanent
$ sudo firewall-cmd --reload
success
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
