From c0ddd07fccde912a59874a77680929aa8436c544 Mon Sep 17 00:00:00 2001 From: RealStickman Date: Thu, 30 Jun 2022 14:07:34 +0200 Subject: [PATCH] (Grav GitSync) Automatic Commit from RealStickman --- pages/02.linux/25.zabbix/default.en.md | 118 +++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 pages/02.linux/25.zabbix/default.en.md diff --git a/pages/02.linux/25.zabbix/default.en.md b/pages/02.linux/25.zabbix/default.en.md new file mode 100644 index 0000000..3dedbf5 --- /dev/null +++ b/pages/02.linux/25.zabbix/default.en.md @@ -0,0 +1,118 @@ +--- +title: Zabbix +--- + +## Podman +### Pod +``` +# podman pod create --name zabbix -p 127.0.0.1:8080:8080 -p 10051:10051 +``` + +### Database +``` +# podman run --name zabbix-mysql -t \ + -e MYSQL_DATABASE="zabbix" \ + -e MYSQL_USER="zabbix" \ + -e MYSQL_PASSWORD="zabbix" \ + -e MYSQL_ROOT_PASSWORD="rootpass" \ + -v /mnt/mysql/:/var/lib/mysql/:Z \ + --restart=always \ + --pod=zabbix \ + -d docker.io/mysql:latest \ + --character-set-server=utf8 --collation-server=utf8_bin \ + --default-authentication-plugin=mysql_native_password +``` + +### Application +Zabbix consists of multiple containers that need to be running. +First is the server itself. +``` +# podman run --name zabbix-server -t \ + -e DB_SERVER_HOST="127.0.0.1" \ + -e MYSQL_DATABASE="zabbix" \ + -e MYSQL_USER="zabbix" \ + -e MYSQL_PASSWORD="zabbix" \ + -e MYSQL_ROOT_PASSWORD="rootpass" \ + --pod=zabbix \ + -d docker.io/zabbix/zabbix-server-mysql:latest +``` + +Next, we need the webserver +``` +# podman run --name zabbix-web -t \ + -e ZBX_SERVER_HOST="127.0.0.1" \ + -e DB_SERVER_HOST="127.0.0.1" \ + -e MYSQL_DATABASE="zabbix" \ + -e MYSQL_USER="zabbix" \ + -e MYSQL_PASSWORD="zabbix" \ + -e MYSQL_ROOT_PASSWORD="rootpass" \ + --restart=always \ + --pod=zabbix \ + -d docker.io/zabbix/zabbix-web-nginx-mysql:latest +``` + +Finally, we will also install the agent as a container +``` +# podman run --name zabbix-agent \ + -e ZBX_SERVER_HOST="127.0.0.1,localhost" \ + --restart=always \ + --pod=zabbix \ + -d docker.io/zabbix/zabbix-agent:latest +``` + +The default user is `Admin` with password `zabbix` + +## Zabbix Proxy +`ZBX_HOSTNAME` has to be the same as the value configured on the zabbix server as the proxy name. +``` +# podman run --name zabbix-proxy \ + -p 10051:10051 \ + -e ZBX_SERVER_HOST="178.18.243.82" \ + -e ZBX_HOSTNAME="he1prx1" \ + -e ZBX_TLSCONNECT=psk \ + -e ZBX_TLSPSKIDENTITY="PSK Zabbix he1prx1" \ + -e ZBX_TLSPSKFILE="/mnt/zabbix/zabbix_agentd.psk" \ + -v /mnt/zabbix:/var/lib/zabbix/db_data \ + -v /mnt/zabbix:/mnt/zabbix \ + -d docker.io/zabbix/zabbix-proxy-sqlite3:latest +``` + +## Zabbix Agent +``` +# podman run --name zabbix-agent \ + -p 10050:10050 \ + -e ZBX_HOSTNAME="he1app1" \ + -e ZBX_SERVER_HOST="172.18.50.60" \ + -d docker.io/zabbix/zabbix-agent:latest +``` + +### XCP-ng +Use zabbix package from EPEL. +Zabbix server can handle the older agent fine (https://www.zabbix.com/documentation/current/en/manual/appendix/compatibility) +`# yum install zabbix50-agent --enablerepo=epel` + +Edit `/etc/zabbix_agentd.conf` +*haven't managed to make encryption work yet* +``` +Server=(Zabbix server ip) +ServerActive=(Zabbix server ip) +Hostname=he1xcp1 +#TLSConnect=psk +#TLSAccept=psk +#TLSPSKIdentity=he1xcp1 +#TLSPSKFile=/mnt/zabbix/zabbix_agentd.psk +``` + +Create the .psk file. Set the user and group to `zabbix` + +Allow 10050/TCP on the firewall + +*nope* +`# yum install openssl11 --enablerepo=epel` + +## TODO +### Encryption with PSK +> https://www.zabbix.com/documentation/6.0/en/manual/encryption/using_pre_shared_keys + +### Force refresh Proxy +> https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/363196-cannot-send-list-of-active-checks-to-ip-address-host-ip-address-hostnames-match?p=363205#post363205