(Grav GitSync) Automatic Commit from RealStickman

This commit is contained in:
RealStickman 2022-06-30 14:07:34 +02:00 committed by GitSync
parent 296aa8bb4b
commit c0ddd07fcc

View File

@ -0,0 +1,118 @@
---
title: Zabbix
---
## Podman
### Pod
```
# podman pod create --name zabbix -p 127.0.0.1:8080:8080 -p 10051:10051
```
### Database
```
# podman run --name zabbix-mysql -t \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-e MYSQL_ROOT_PASSWORD="rootpass" \
-v /mnt/mysql/:/var/lib/mysql/:Z \
--restart=always \
--pod=zabbix \
-d docker.io/mysql:latest \
--character-set-server=utf8 --collation-server=utf8_bin \
--default-authentication-plugin=mysql_native_password
```
### Application
Zabbix consists of multiple containers that need to be running.
First is the server itself.
```
# podman run --name zabbix-server -t \
-e DB_SERVER_HOST="127.0.0.1" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-e MYSQL_ROOT_PASSWORD="rootpass" \
--pod=zabbix \
-d docker.io/zabbix/zabbix-server-mysql:latest
```
Next, we need the webserver
```
# podman run --name zabbix-web -t \
-e ZBX_SERVER_HOST="127.0.0.1" \
-e DB_SERVER_HOST="127.0.0.1" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-e MYSQL_ROOT_PASSWORD="rootpass" \
--restart=always \
--pod=zabbix \
-d docker.io/zabbix/zabbix-web-nginx-mysql:latest
```
Finally, we will also install the agent as a container
```
# podman run --name zabbix-agent \
-e ZBX_SERVER_HOST="127.0.0.1,localhost" \
--restart=always \
--pod=zabbix \
-d docker.io/zabbix/zabbix-agent:latest
```
The default user is `Admin` with password `zabbix`
## Zabbix Proxy
`ZBX_HOSTNAME` has to be the same as the value configured on the zabbix server as the proxy name.
```
# podman run --name zabbix-proxy \
-p 10051:10051 \
-e ZBX_SERVER_HOST="178.18.243.82" \
-e ZBX_HOSTNAME="he1prx1" \
-e ZBX_TLSCONNECT=psk \
-e ZBX_TLSPSKIDENTITY="PSK Zabbix he1prx1" \
-e ZBX_TLSPSKFILE="/mnt/zabbix/zabbix_agentd.psk" \
-v /mnt/zabbix:/var/lib/zabbix/db_data \
-v /mnt/zabbix:/mnt/zabbix \
-d docker.io/zabbix/zabbix-proxy-sqlite3:latest
```
## Zabbix Agent
```
# podman run --name zabbix-agent \
-p 10050:10050 \
-e ZBX_HOSTNAME="he1app1" \
-e ZBX_SERVER_HOST="172.18.50.60" \
-d docker.io/zabbix/zabbix-agent:latest
```
### XCP-ng
Use zabbix package from EPEL.
Zabbix server can handle the older agent fine (https://www.zabbix.com/documentation/current/en/manual/appendix/compatibility)
`# yum install zabbix50-agent --enablerepo=epel`
Edit `/etc/zabbix_agentd.conf`
*haven't managed to make encryption work yet*
```
Server=(Zabbix server ip)
ServerActive=(Zabbix server ip)
Hostname=he1xcp1
#TLSConnect=psk
#TLSAccept=psk
#TLSPSKIdentity=he1xcp1
#TLSPSKFile=/mnt/zabbix/zabbix_agentd.psk
```
Create the .psk file. Set the user and group to `zabbix`
Allow 10050/TCP on the firewall
*nope*
`# yum install openssl11 --enablerepo=epel`
## TODO
### Encryption with PSK
> https://www.zabbix.com/documentation/6.0/en/manual/encryption/using_pre_shared_keys
### Force refresh Proxy
> https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/363196-cannot-send-list-of-active-checks-to-ip-address-host-ip-address-hostnames-match?p=363205#post363205