Zabbix

https://www.zabbix.com

Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services. Zabbix collects and displays mollions of metrics.

Installation

# Install Zabbix 6.0 LTS + TimescaleDB (PostgreSQL) on Rocky Linux 8
yum update -y
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # this is not pro productio setup
dnf install tar wget -y
setenforce 0
rm -rf /etc/localtime
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

# Install and configure Zabbix server for your platform
# a. Install Zabbix repository
# Documentation
rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm
dnf clean all

# b. Install Zabbix server, frontend, agent
dnf install -y zabbix-server-pgsql zabbix-web-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
# c. Create initial database
# Documentation
# Make sure you have database server up and running.
## Install PostgreSQL
dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf install -y postgresql13-server

## Install TimescaleDB
### Add TimescaleDB source;
tee /etc/yum.repos.d/timescale_timescaledb.repo <<"EOF"
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/$(rpm -E %{rhel})/\$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOF

### Install the TimescaleDB package;
dnf install timescaledb-2-postgresql-13 -y

### Initialize PostgreSQL;
/usr/pgsql-13/bin/postgresql-13-setup initdb

### Start the PostgreSQL server;
systemctl enable --now postgresql-13

### Add TimescaleDB and configure the parameters, an interactive screen will appear, all the way to y, this step will adjust the PostgreSQL configuration parameters according to the current machine configuration, and load the Timescaledb plug-in library;
timescaledb-tune --pg-config=/usr/pgsql-13/bin/pg_config

### Restart PostgreSQL to take effect;
systemctl restart postgresql-13

### Create a Zabbix user and database. Here, you need to enter the password of the database zabbix user, and enter it twice to confirm.
sudo -i -u postgres createuser --pwprompt zabbix

### Create zabbix database;
sudo -i -u postgres createdb -O zabbix zabbix

### Enable TimescleDB plugin for Zabbix database;
echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -i -u postgres psql zabbix
systemctl restart postgresql-13

wget https://cdn.zabbix.com/zabbix/sources/stable/6.0/zabbix-6.0.1.tar.gz
tar -zxf zabbix-6.0.1.tar.gz
cd zabbix-6.0.1/database/postgresql
useradd zabbix

### Import the three Zabbix sql files in sequence;
cat schema.sql |sudo -u zabbix psql zabbix
cat images.sql |sudo -u zabbix psql zabbix
cat data.sql |sudo -u zabbix psql zabbix

### Import TimescleDB table configuration sql;
cat timescaledb.sql | sudo -u zabbix psql zabbix

# Modify the configuration to allow remote connections;
sed -i "s/#listen_addresses = 'localhost'/listen_addresses = '*'/g" /var/lib/pgsql/13/data/postgresql.conf
sed -i 's/#port = 5432/port = 5432/g' /var/lib/pgsql/13/data/postgresql.conf
sed -i 's/max_connections = 25/max_connections = 100/g' /var/lib/pgsql/13/data/postgresql.conf

# Configure to use md5 authentication; not neccessary for our cause;
vim /var/lib/pgsql/13/data/pg_hba.conf

# IPv4 local connections
host    all             all             0.0.0.0/0               md5
restart pgsql;

systemctl restart postgresql-13

# Php7.4
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
sudo dnf install dnf-utils -y
sudo dnf module install php:remi-7.4 -y
sudo dnf install -y php-fpm php-cli php-common php-zip php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json php-pdo php-ldap php-pgsql

sudo vi /etc/php.ini

cgi.fix_pathinfo=0

sudo vi /etc/php-fpm.d/www.conf

user = nginx
group = nginx

listen.owner = nginx
listen.group = nginx

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

# nginx
sudo systemctl restart nginx

vi /etc/nginx/nginx.conf

server {

    # more config

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

sudo systemctl stop php-fpm
sudo systemctl restart php-fpm
sudo systemctl status php-fpm

# d. Configure the database for Zabbix server
# Edit file /etc/zabbix/zabbix_server.conf
vi  /etc/zabbix/zabbix_server.conf
DBPassword=password

# e. Configure PHP for Zabbix frontend
# Edit file /etc/nginx/conf.d/zabbix.conf, uncomment and set 'listen' and 'server_name' directives.
vi /etc/nginx/conf.d/zabbix.conf
listen 80;
server_name zabbix.home.lichnak.cz;

# f. Start Zabbix server and agent processes
# Start Zabbix server and agent processes and make it start at system boot.
systemctl restart zabbix-server zabbix-agent nginx php-fpm
systemctl enable zabbix-server zabbix-agent nginx php-fpm

# g. Configure Zabbix frontend
# Connect to your newly installed Zabbix frontend: http://server_ip_or_name
# Follow steps described in Zabbix documentation: Installing frontend

# if you don't have fping installed
dnf install -y epel-release.noarch
dnf install -y fping

Configuration

Zabbix SAML Azure AD

  1. Make your Zabbix-Frontend work with SSL, if you haven’t done so
  2. Create a new Enterprise-App in Azure. Entitiy-ID https://zabbix.home.lichnak.cz - Reply-URL: https://zabbix.home.lichnak.cz/index_sso.php

https://zabbix.home.lichnak.cz/sp https://zabbix.home.lichnak.cz/index_sso.php https://zabbix.home.lichnak.cz/index_sso.php?sls

  1. Download the Federation-Metadata XML from Azure, open it in a text-editor and search for the x509 certificate (appears 3 times in the XML - do NOT download and use the certificate the Azure offers you for direct download)
  2. Create a file (/usr/share/zabbix/)conf/certs/idp.crt and insert the certificate as one single string without any “begin certificate” or line breaks or any other stuff
  3. (May be optional - but I did it): create a personal certificate and private key and put it in the same directory as sp.crt and sp.key (I linked the letsencrypt cert and key I also use for SSL… potentially not the best idea in hyper-secure environments)
  4. (May also be optional): uncomment the SSO part in /usr/share/zabbix/conf/zabbix.conf.php
  5. Login in Zabbix-FE, goto Administration, Authentication, SAML. Map the values from Azure -> Zabbix: – Azure AD Identifier -> IdP Entity ID (https://sts.windows.net…) – Azure Login URL -> SSO service URL (https://login.microsoftonline.com…) – Claim name from Azure -> Username attribute (that one is tricky… zabbix will search for the internal technical name. Azure will show you these when you edit your claims. Eg: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name” is the userprinicipalname (aka UPN, aka: Mailaddress in most scenarios) – Identifier -> SP entity ID (https://zabbix.home.lichnak.cz in this example)
  6. Create a new user with the right field from Azure as Username (UPN/Mail)
  7. Don’t forget to grant your user access-rights in Azure, if you have set User assignment required (default)
  8. Login with SSO

Zabbix Slack Integration

TBD

Zabbix OTRS6 Integration

TBD

Backup and restore

# Backups


# Restore

From Zero to Hero

me

My name is Adam Lichonvsky and I'm proud father and researcher.

         

Recent Posts