Zabbix 5.0 LTSがリリースされていたので ApplianceをVMware Workstationにインポートして少し触ってみました。
Zabbix
https://www.zabbix.com/jp
Zabbix 5.0LTSの新機能
https://www.zabbix.com/jp/whats_new_5_0
Download and install Zabbix
https://www.zabbix.com/jp/download_appliance
Zabbix Documentation 5.0 – 6. Zabbix appliance
https://www.zabbix.com/documentation/current/manual/appliance
- セットアップ
- Zabbix仮想マシン
- コンソールからログイン
- パーティション
- Firewall
- sshでリモートログイン
- locale
- 時刻
- Webサーバ
- nginx zabbix設定ファイル
- Database
- open-vm-tools
- Webコンソールにログイン
セットアップは簡単でダウンロードサイトからOpen virtualization format (.ovf)をダウンロード、解凍して.ovfファイルを指定、インポートするだけで動作します。
途中で警告が出ますが[再試行]でインポートできました。
CPU:4, MEM:4GB, HDD:10GB
ネットワークがNATになっていましたのでブリッジに変更しました。
コンソールから初期設定のroot:zabbixでログインしてみます。Zabbix appliance 5.0はCentOS8ベースに変更になっていました。
LVM構成で無いのでHDDの増設が面倒で、ちょっと使いづらいかな。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@appliance ~]# fdisk -l Disk /dev/sda: 10 GiB, 10737418240 bytes, 20971520 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x2e364d15 Device Boot Start End Sectors Size Id Type /dev/sda1 * 2048 1050623 1048576 512M 83 Linux /dev/sda2 1050624 9439231 8388608 4G 83 Linux /dev/sda3 9439232 11536383 2097152 1G 83 Linux /dev/sda4 11536384 20971519 9435136 4.5G 5 Extended /dev/sda5 11538432 20971519 9433088 4.5G 83 Linux [root@appliance ~]# df -Th Filesystem Type Size Used Avail Use% Mounted on devtmpfs devtmpfs 2.0G 0 2.0G 0% /dev tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm tmpfs tmpfs 2.0G 8.6M 2.0G 1% /run tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup /dev/sda2 xfs 4.0G 1.1G 3.0G 26% / /dev/sda3 xfs 1014M 40M 975M 4% /tmp /dev/sda1 ext4 488M 36M 417M 8% /boot /dev/sda5 xfs 4.5G 715M 3.8G 16% /var/lib/mysql tmpfs tmpfs 395M 0 395M 0% /run/user/0 |
ドキュメントには下記のポートを許可しているようです。
1.2 Firewall
The appliance uses iptables firewall with predefined rules:Opened SSH port (22 TCP);
Opened Zabbix agent (10050 TCP) and Zabbix trapper (10051 TCP) ports;
Opened HTTP (80 TCP) and HTTPS (443 TCP) ports;
Opened SNMP trap port (162 UDP);
Opened outgoing connections to NTP port (53 UDP);
ICMP packets limited to 5 packets per second;
All other incoming connections are dropped.
確認するとCentOS 8ベースですがfirewalld+nftableでは無くiptablesを利用していました。
従ってfirewall-cmdも無いのでiptablesで設定変更することになります。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
[root@appliance ~]# systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pr> Active: active (exited) since Thu 2020-07-02 01:13:13 UTC; 24min ago Process: 715 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited> Main PID: 715 (code=exited, status=0/SUCCESS) Jul 02 01:13:12 appliance systemd[1]: Starting IPv4 firewall with iptables... Jul 02 01:13:13 appliance iptables.init[715]: iptables: Applying firewall rules> Jul 02 01:13:13 appliance systemd[1]: Started IPv4 firewall with iptables. [root@appliance ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT udp -- dns.google anywhere udp spt:domain ACCEPT udp -- dns.google anywhere udp spt:domain ICMP icmp -- anywhere anywhere NTP udp -- anywhere anywhere udp dpt:ntp SSH tcp -- anywhere anywhere tcp dpts:ftp-data:ssh ZBX tcp -- anywhere anywhere multiport dports zabbix-agent,zabbix-trapper WEB tcp -- anywhere anywhere multiport dports http,https SNMPTRAP udp -- anywhere anywhere udp dpt:snmptrap DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply Chain ICMP (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 5/sec burst 5 Chain NTP (1 references) target prot opt source destination Chain SSH (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain ZBX (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:zabbix-agent ACCEPT tcp -- anywhere anywhere tcp dpt:zabbix-trapper Chain WEB (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere multiport dports http,https ACCEPT udp -- anywhere anywhere udp dpt:snmptrap Chain SNMPTRAP (1 references) target prot opt source destination Chain SQL (0 references) target prot opt source destination |
標準でsshdが起動、ポートも許可になっているので試しにrootでログインしたところできました。
PermitRootLogin yesです。
日本語 localeはありません。
1 2 3 4 5 6 7 |
[root@appliance ~]# localectl status System Locale: LANG=en_US.UTF-8 VC Keymap: us X11 Layout: us [root@appliance ~]# localectl list-locales | grep -i jp |
時刻はUTCです。
1 2 |
[root@appliance ~]# date Thu Jul 2 02:01:07 UTC 2020 |
chronydは起動、時刻合わせが行われています。
1 2 3 4 5 6 7 8 |
chronyc> sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* mx.execve.net 2 9 377 11 +386us[ +785us] +/- 3124us ^- any.time.nl 2 9 377 74 -18us[ +373us] +/- 31ms ^- y.ns.gin.ntt.net 2 9 277 336 -2385us[-1938us] +/- 98ms ^- sh11.paina.net 3 8 377 23 -3944us[-3546us] +/- 94ms |
apacheでは無くnginx+php-fpmです。nginxか(^^;
1 2 3 4 5 6 |
[root@appliance ~]# nginx -v nginx version: nginx/1.14.1 [root@appliance ~]# php-fpm -v PHP 7.2.11 (fpm-fcgi) (built: Oct 9 2018 15:09:36) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
[root@appliance ~]# cat /etc/nginx/conf.d/zabbix.conf server { listen 80; server_name example.com; root /usr/share/zabbix; index index.php; location = /favicon.ico { log_not_found off; } location / { try_files $uri $uri/ =404; } location /assets { access_log off; expires 10d; } location ~ /\.ht { deny all; } location ~ /(api\/|conf[^\.]|include|locale) { deny all; return 404; } location ~ [^/]\.php(/|$) { fastcgi_pass unix:/run/php-fpm/zabbix.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } } |
mysqlでrootのパスワードは/root/.my.cnfに保存されていたので、入力の必要は無しと
Database passwords are randomly generated during the installation process.
Root password is stored inside the /root/.my.cnf file. It is not required to input a password under the “root” account.
確かに記載されていました。4バイトのUTF-8 Unicode…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
[root@appliance ~]# mysql -Version mysql Ver 8.0.17 for Linux on x86_64 (Source distribution) [root@appliance ~]# mysql -u root Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 117 Server version: 8.0.17 Source distribution Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | | zabbix | +--------------------+ 5 rows in set (0.00 sec) mysql> show variables like '%char%'; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | utf8mb4 | | character_set_connection | utf8mb4 | | character_set_database | utf8mb4 | | character_set_filesystem | binary | | character_set_results | utf8mb4 | | character_set_server | utf8mb4 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.01 sec) |
インストールされていないのでインストールしましょう。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@appliance ~]# dnf info open-vm-tools Last metadata expiration check: 0:08:42 ago on Thu 02 Jul 2020 01:23:14 AM UTC. Available Packages Name : open-vm-tools Version : 11.0.0 Release : 4.el8 Architecture : x86_64 Size : 695 k Source : open-vm-tools-11.0.0-4.el8.src.rpm Repository : AppStream Summary : Open Virtual Machine Tools for virtual machines hosted on VMware URL : https://github.com/vmware/open-vm-tools License : GPLv2 Description : The open-vm-tools project is an open source implementation of : VMware Tools. It is a suite of open source virtualization : utilities and drivers to improve the functionality, user : experience and administration of VMware virtual machines. This : package contains only the core user-space programs and libraries : of open-vm-tools. |
http://Zabbix appliance IP/ にアクセスして標準設定のAdmin:zabbixでログインします。
本格的に運用するにはどうしてもHDD容量が不足するだろし、日本語関係など考えたらOSから構築した方が良さそうな気がします。