181 lines
4.8 KiB
Markdown
181 lines
4.8 KiB
Markdown
---
|
|
title: Zabbix
|
|
visible: true
|
|
---
|
|
|
|
[toc]
|
|
|
|
## Zabbix Server
|
|
|
|
### Pod
|
|
|
|
```sh
|
|
podman pod create --name zabbix -p 127.0.0.1:8080:8080 -p 10051:10051
|
|
```
|
|
|
|
### Database
|
|
|
|
```sh
|
|
podman run --name zabbix-mysql -t \
|
|
-e MYSQL_DATABASE="zabbix" \
|
|
-e MYSQL_USER="zabbix" \
|
|
-e MYSQL_PASSWORD="zabbix" \
|
|
-e MYSQL_ROOT_PASSWORD="rootpass" \
|
|
-v /mnt/mysql/:/var/lib/mysql/:Z \
|
|
--restart=always \
|
|
--pod=zabbix \
|
|
-d docker.io/mysql:latest \
|
|
--character-set-server=utf8 --collation-server=utf8_bin \
|
|
--default-authentication-plugin=mysql_native_password
|
|
```
|
|
|
|
### Application
|
|
|
|
Zabbix consists of multiple containers that need to be running.
|
|
First is the server itself.
|
|
|
|
```sh
|
|
podman run --name zabbix-server -t \
|
|
-e DB_SERVER_HOST="127.0.0.1" \
|
|
-e MYSQL_DATABASE="zabbix" \
|
|
-e MYSQL_USER="zabbix" \
|
|
-e MYSQL_PASSWORD="zabbix" \
|
|
-e MYSQL_ROOT_PASSWORD="rootpass" \
|
|
--pod=zabbix \
|
|
-d docker.io/zabbix/zabbix-server-mysql:latest
|
|
```
|
|
|
|
Next, we need the webserver
|
|
|
|
```sh
|
|
podman run --name zabbix-web -t \
|
|
-e ZBX_SERVER_HOST="127.0.0.1" \
|
|
-e DB_SERVER_HOST="127.0.0.1" \
|
|
-e MYSQL_DATABASE="zabbix" \
|
|
-e MYSQL_USER="zabbix" \
|
|
-e MYSQL_PASSWORD="zabbix" \
|
|
-e MYSQL_ROOT_PASSWORD="rootpass" \
|
|
--restart=always \
|
|
--pod=zabbix \
|
|
-d docker.io/zabbix/zabbix-web-nginx-mysql:latest
|
|
```
|
|
|
|
Finally, we will also install the agent as a container
|
|
|
|
```sh
|
|
podman run --name zabbix-agent \
|
|
-e ZBX_SERVER_HOST="127.0.0.1,localhost" \
|
|
--restart=always \
|
|
--pod=zabbix \
|
|
-d docker.io/zabbix/zabbix-agent:latest
|
|
```
|
|
|
|
The default user is `Admin` with password `zabbix`
|
|
|
|
### Updating Server
|
|
|
|
Updating the server might fail for various reasons. Those I already encountered will be documented below.
|
|
_NOTE: The server and proxy need to run the same version of zabbix to talk with one another_
|
|
|
|
#### MARIADB: Missing permissions (log_bin_trust_function_creators)
|
|
|
|
From what I could find this error is thrown, when the specified user lacks super user privileges.
|
|
A workaround is enabling `log_bin_trust_function_creators` temporarily.
|
|
`# podman exec -it zabbix-mysql bash`
|
|
`# mysql -u root -p` and enter the root password
|
|
`mysql> set global log_bin_trust_function_creators=1;`
|
|
|
|
The setting will be reset to default after a restart of the database container.
|
|
|
|
## Zabbix Proxy
|
|
|
|
`ZBX_HOSTNAME` has to be the same as the value configured on the zabbix server as the proxy name.
|
|
|
|
```sh
|
|
podman run --name zabbix-proxy \
|
|
-p 10051:10051 \
|
|
-e ZBX_SERVER_HOST="178.18.243.82" \
|
|
-e ZBX_HOSTNAME="he1prx1" \
|
|
-e ZBX_TLSCONNECT=psk \
|
|
-e ZBX_TLSPSKIDENTITY="PSK Zabbix he1prx1" \
|
|
-e ZBX_TLSPSKFILE="/mnt/zabbix/zabbix_agentd.psk" \
|
|
-v /mnt/zabbix:/var/lib/zabbix/db_data \
|
|
-v /mnt/zabbix:/mnt/zabbix \
|
|
-d docker.io/zabbix/zabbix-proxy-sqlite3:latest
|
|
```
|
|
|
|
### Updating Proxy
|
|
|
|
Updating the proxy will always fail when using the SQLite database, as upgrading is not supported for SQLite.
|
|
_NOTE: The server and proxy need to run the same version of zabbix to talk with one another_
|
|
|
|
Simply deleting/moving the old SQLite database and restarting the proxy is enough.
|
|
_NOTE: History stored on the proxy will obviously be lost_
|
|
|
|
## Zabbix Agent
|
|
|
|
```sh
|
|
podman run --name zabbix-agent \
|
|
-p 10050:10050 \
|
|
-e ZBX_HOSTNAME="(hostname)" \
|
|
-e ZBX_SERVER_HOST="(zabbix server/proxy)" \
|
|
-d docker.io/zabbix/zabbix-agent:latest
|
|
```
|
|
|
|
### XCP-ng
|
|
|
|
Use zabbix package from EPEL.
|
|
Zabbix server can handle the older agent fine [See the Documentation on Compatibility](https://www.zabbix.com/documentation/current/en/manual/appendix/compatibility)
|
|
`# yum install zabbix50-agent --enablerepo=epel`
|
|
|
|
Edit `/etc/zabbix_agentd.conf`
|
|
_haven't managed to make encryption work yet_
|
|
|
|
```
|
|
Server=(Zabbix server ip)
|
|
ServerActive=(Zabbix server ip)
|
|
Hostname=he1xcp1
|
|
#TLSConnect=psk
|
|
#TLSAccept=psk
|
|
#TLSPSKIdentity=he1xcp1
|
|
#TLSPSKFile=/mnt/zabbix/zabbix_agentd.psk
|
|
```
|
|
|
|
Create the .psk file. Set the user and group to `zabbix`
|
|
|
|
Allow 10050/TCP on the firewall
|
|
|
|
_nope_
|
|
`# yum install openssl11 --enablerepo=epel`
|
|
|
|
## TODO
|
|
|
|
### Encryption with PSK
|
|
|
|
> [Official Documentation](https://www.zabbix.com/documentation/6.0/en/manual/encryption/using_pre_shared_keys)
|
|
|
|
### Force refresh Proxy
|
|
|
|
> [Zabbix Forum Post](https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/363196-cannot-send-list-of-active-checks-to-ip-address-host-ip-address-hostnames-match?p=363205#post363205)
|
|
|
|
## Configuration
|
|
|
|
### SMART monitoring
|
|
|
|
Smart monitoring is available using an official template
|
|
|
|
Requirements:
|
|
|
|
```
|
|
smartmontools > 7.1
|
|
```
|
|
|
|
Additionally, the `zabbix` user needs to have permission for running `smartctl`.
|
|
With `sudo` this can be accomplished without the user entering a password.
|
|
|
|
```
|
|
zabbix ALL=(ALL) NOPASSWD:/usr/sbin/smartctl
|
|
```
|
|
|
|
After that, add the `SMART by Zabbix agent 2` template to the host
|