(Grav GitSync) Automatic Commit from RealStickman

2022-06-30 14:07:34 +02:00 · 2022-06-30 14:07:34 +02:00 · c0ddd07fcc
commit c0ddd07fcc
parent 296aa8bb4b
1 changed files with 118 additions and 0 deletions
--- a/pages/02.linux/25.zabbix/default.en.md
+++ b/pages/02.linux/25.zabbix/default.en.md
@ -0,0 +1,118 @@
+---
+title: Zabbix
+---
+
+## Podman
+### Pod
+```
+# podman pod create --name zabbix -p 127.0.0.1:8080:8080 -p 10051:10051
+```
+
+### Database
+```
+# podman run --name zabbix-mysql -t \
+    -e MYSQL_DATABASE="zabbix" \
+    -e MYSQL_USER="zabbix" \
+    -e MYSQL_PASSWORD="zabbix" \
+    -e MYSQL_ROOT_PASSWORD="rootpass" \
+    -v /mnt/mysql/:/var/lib/mysql/:Z \
+    --restart=always \
+    --pod=zabbix \
+    -d docker.io/mysql:latest \
+    --character-set-server=utf8 --collation-server=utf8_bin \
+    --default-authentication-plugin=mysql_native_password
+```
+
+### Application
+Zabbix consists of multiple containers that need to be running.  
+First is the server itself.  
+```
+# podman run --name zabbix-server -t \
+    -e DB_SERVER_HOST="127.0.0.1" \
+    -e MYSQL_DATABASE="zabbix" \
+    -e MYSQL_USER="zabbix" \
+    -e MYSQL_PASSWORD="zabbix" \
+    -e MYSQL_ROOT_PASSWORD="rootpass" \
+    --pod=zabbix \
+    -d docker.io/zabbix/zabbix-server-mysql:latest
+```
+
+Next, we need the webserver  
+```
+# podman run --name zabbix-web -t \
+    -e ZBX_SERVER_HOST="127.0.0.1" \
+    -e DB_SERVER_HOST="127.0.0.1" \
+    -e MYSQL_DATABASE="zabbix" \
+    -e MYSQL_USER="zabbix" \
+    -e MYSQL_PASSWORD="zabbix" \
+    -e MYSQL_ROOT_PASSWORD="rootpass" \
+    --restart=always \
+    --pod=zabbix \
+    -d docker.io/zabbix/zabbix-web-nginx-mysql:latest
+```
+
+Finally, we will also install the agent as a container  
+```
+# podman run --name zabbix-agent \
+    -e ZBX_SERVER_HOST="127.0.0.1,localhost" \
+    --restart=always \
+    --pod=zabbix \
+    -d docker.io/zabbix/zabbix-agent:latest
+```
+
+The default user is `Admin` with password `zabbix`  
+
+## Zabbix Proxy
+`ZBX_HOSTNAME` has to be the same as the value configured on the zabbix server as the proxy name.  
+```
+# podman run --name zabbix-proxy \
+    -p 10051:10051 \
+    -e ZBX_SERVER_HOST="178.18.243.82" \
+    -e ZBX_HOSTNAME="he1prx1" \
+    -e ZBX_TLSCONNECT=psk \
+    -e ZBX_TLSPSKIDENTITY="PSK Zabbix he1prx1" \
+    -e ZBX_TLSPSKFILE="/mnt/zabbix/zabbix_agentd.psk" \
+    -v /mnt/zabbix:/var/lib/zabbix/db_data \
+    -v /mnt/zabbix:/mnt/zabbix \
+    -d docker.io/zabbix/zabbix-proxy-sqlite3:latest
+```
+
+## Zabbix Agent
+```
+# podman run --name zabbix-agent \
+    -p 10050:10050 \
+    -e ZBX_HOSTNAME="he1app1" \
+    -e ZBX_SERVER_HOST="172.18.50.60" \
+    -d docker.io/zabbix/zabbix-agent:latest
+```
+
+### XCP-ng
+Use zabbix package from EPEL.  
+Zabbix server can handle the older agent fine (https://www.zabbix.com/documentation/current/en/manual/appendix/compatibility)
+`# yum install zabbix50-agent --enablerepo=epel`  
+
+Edit `/etc/zabbix_agentd.conf`  
+*haven't managed to make encryption work yet*  
+```
+Server=(Zabbix server ip)
+ServerActive=(Zabbix server ip)
+Hostname=he1xcp1
+#TLSConnect=psk
+#TLSAccept=psk
+#TLSPSKIdentity=he1xcp1
+#TLSPSKFile=/mnt/zabbix/zabbix_agentd.psk
+```
+
+Create the .psk file. Set the user and group to `zabbix`  
+
+Allow 10050/TCP on the firewall  
+
+*nope*  
+`# yum install openssl11 --enablerepo=epel`  
+
+## TODO
+### Encryption with PSK
+> https://www.zabbix.com/documentation/6.0/en/manual/encryption/using_pre_shared_keys
+
+### Force refresh Proxy
+> https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/363196-cannot-send-list-of-active-checks-to-ip-address-host-ip-address-hostnames-match?p=363205#post363205