环境依赖
- CentOS 7.3 + PHP5.4 + MariaDB + Nginx
- Zabbix Server 3.4.1
环境要求
- 12 CPU ,最少8 CPU
- 32G 内存,最少16G
- 1T 硬盘,最少500G,最好用RAID,如果监控的服务器数量较多,建议采用RAID10
安装过程
- 安装CentOS7.3,分区如下
/boot 500M
swap 16G
/ 50G
/var 剩下所有空间,如果做了RAID,建议将RAID划分给 /var
- 关闭Firewalld和SElinux
# systemctl disable firewalld.service && systemctl stop firewalld.service
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# setenforce 0
- 安装zabbix server YUM源
# yum -y install vim wget lsof net-tools -y
# wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
# rpm -ivh zabbix-release-3.4-2.el7.noarch.rpm
# yum install zabbix-server-mysql zabbix-web-mysql -y
- 安装Nginx+PHP+MariaDB
# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# yum install php php-fpm mariadb mariadb-server nginx -y
- 复制www目录
# mkdir -p /data/html/zabbix
# cd /usr/share/zabbix/ && cp -r * /data/html/zabbix/
# chown -Rf /data/html/zabbix/* && chmod -Rf 755 /data/html/zabbix/*
- 配置Nginx+HTTPS
生成自签名证书,先创建一个存放证书的目录
# mkdir -p /etc/nginx/cert && cd /etc/nginx/cert
创建服务器私钥,会提示输入一个口令
# openssl genrsa -des3 -out nginx.key 2048
创建签名请求的证书(CSR)
# openssl req -new -key nginx.key -out nginx.csr
加载SSL支持的Nginx并使用上述私钥时除去必须的口令
# cp nginx.key nginx.key.org
# openssl rsa -in nginx.key.org -out nginx.key
标记证书使用上述私钥和CSR
# openssl x509 -req -days 365 -in nginx.csr -signkey nginx.key -out nginx.crt
备份默认配置文件
# cd /etc/nginx/conf.d/ && mv default.conf default.conf.back
编辑新的zabbix.conf
# vim /etc/nginx/conf.d/zabbix.conf
写入以下内容
···
#http
server {
listen 80;
server_name localhost;
rewrite ^(.*) https://192.168.1.1$1 permanent;
#为了安全起见,配置了80重定向到443,IP地址自己根据环境定义
location / {
root /data/html/zabbix/;
index index.html index.htm index.php;
}
location ~ \.php$ {
root /data/html/zabbix/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/html/zabbix/$fastcgi_script_name;
include fastcgi_params;
}
}
#https
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/cert/nginx.crt;
ssl_certificate_key /etc/nginx/cert/nginx.key;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root /data/html/zabbix/;
index index.html index.htm index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /data/html;
}
location ~ \.php$ {
root /data/html/zabbix/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/html/zabbix/$fastcgi_script_name;
include fastcgi_params;
}
}
- 配置数据库
启动数据库
# systemctl start mariadb.service && systemctl enable mariadb.service
设置数据库root管理员的密码
# mysqladmin -u root password "Talent123"
登录数据库
# mysql -uroot -pTalent123
mysql> create database zabbix character set utf8; //创建zabbix数据库
mysql> insert into mysql.user(Host,User,Password) values("localhost","admin",password("Talent123")); //添加admin用户
mysql> flush privileges; //刷新权限表
mysql> grant all privileges on zabbix.* to admin@localhost identified by 'Talent123'; //将zabbix授权给admin
mysql> flush privileges; //刷新权限表
mysql> exit
# cd /usr/share/doc/zabbix-server-mysql-3.4.1
# gunzip create.sql.gz
# mysql -uadmin -pTalent123 zabbix < create.sql
# systemctl restart mariadb.service
提示
上面导入初始数据库的方法可能存在问题,我是选取了最笨的办法,先下载了zabbix-3.4.1.tar.gz
# wget https://sourceforge.net/projects/zabbix/files/latest/zabbix-3.4.1.tar.gz
# tar -zxvf zabbix-3.4.1.tar.gz
# cd zabbix-3.4.1
导入数据
# mysql -uroot -p zabbix < database/mysql/schema.sql
# mysql -uroot -p zabbix < database/mysql/data.sql
# mysql -uroot -p zabbix < database/mysql/images.sql
# service mariadb restart
- 配置PHP,修改php.ini
# vim /etc/php.ini
···
date.timezone = Asia/Shanghai
upload_max_filesize 2M
max_execution_time = 300
max_input_time = 300
post_max_size = 32M
memory_limit = 128M
···
启动php-fpm
# service php-fpm start && chkconfig php-fpm on
启动nginx
# systemctl enable nginx.service && systemctl start nginx.service
- 配置zabbix_server
# vim /etc/zabbix/zabbix_server.conf
DBHost=localhost
DBName=zabbix
DBUser=admin
DBPassword=Talent123
启动zabbix server
# service zabbix-server start && chkconfig zabbix-server on
- 安装zabbix-agent
RHEL6系列按照如下命令安装
# wget http://repo.zabbix.com/zabbix/3.4/rhel/6/x86_64/zabbix-agent-3.4.1-1.el6.x86_64.rpm
# yum install zabbix-agent-3.4.1-1.el6.x86_64.rpm -y
RHEL7系列按照如下命令安装
# wget http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-agent-3.4.1-1.el7.x86_64.rpm
# yum install zabbix-agent-3.4.1-1.el7.x86_64.rpm -y
修改agent客户端的配置文件
# vim /etc/zabbix/zabbix_agentd.conf
修改y以下地方内容
···
Server=192.168.1.1
ServerActive=192.168.1.1
#Hostname和自己的主机名不一致没关系,但是必须和在zabbix监控平台添加时的主机名一致,否则会产生错误日志
Hostname=ad1.cloud.top
···
- 启动zabbix-agent客户端服务
# service zabbix-agent start && chkconfig zabbix-agent on