ZABBIXも6.0となり、従来のインストール方法では入らなくなったので作成。
ZABBIXの設定を開始できるようにするところまでの手順となります。
先に仕様を眺めておく。MariaDBはVerUPしないとZABBIXが起動しない。以下の仕様を参照。
https://www.zabbix.com/documentation/current/en/manual/installation/requirements#database-management-system
MySQL関係のものを削除する。
# dnf remove mysql*
MySQL関係プログラムの削除が完了したところで、ディレクトリ類も削除しておく。
# rm -rf /etc/my.cnf
# rm -rf /etc/my.cnf.d
# rm -rf /var/lib/mysql
# rm -rf /usr/share/mysql
Webサーバーのインストール
# dnf -y install httpd
設定修正
# vi /etc/httpd/conf/httpd.conf
#89行目あたり。管理者アドレスを設定
ServerAdmin root@test.com
#98行目アンコメントおよびサーバー名設定
ServerName www.test.com:80
##147行目の変更 (Indexes は削除)
Options FollowSymLinks
#154行目の変更
AllowOverride All
#167行目あたり
DirectoryIndex index.html index.php index.cgi
# これは最終行に追記する(サーバーの応答ヘッダ)
ServerTokens Prod
設定反映のためサーバー再起動実行
# systemctl enable --now httpd
PHPインストール
まず以下のコマンドを実行
# dnf module list php
実行結果は以下の通り。
[root@localhost ~]# dnf module list php
Last metadata expiration check: 0:07:21 ago on Tue 24 May 2022 09:43:13 PM JST.
CentOS Stream 8 - AppStream
Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 common [d], devel, minimal PHP scripting language
php 7.4 [e] common [d] [i], devel, minimal PHP scripting language
php 8.0 common [d], devel, minimal PHP scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
PHPの導入前設定
# dnf module reset php
# dnf module enable php:7.4
PHP7.4を指定して導入開始
# dnf module -y install php:7.4/common
導入後のバージョン確認
# php -v
PHP 7.4.19 (cli) (built: May 4 2021 11:06:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
MariaDB10.6のインストール
ただ単純にdnfでインストールしても入らないのでレポジトリを入手。
# curl -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
ダウンロードしたセットアッププログラムを実行する。
# bash mariadb_repo_setup --mariadb-server-version mariadb-10.6
実行結果は以下の通り(成功パターン)
# bash mariadb_repo_setup --mariadb-server-version mariadb-10.6
# [info] Checking for script prerequisites.
# [info] MariaDB Server version 10.6 is valid
# [info] Repository file successfully written to /etc/yum.repos.d/mariadb.repo
# [info] Adding trusted package signing keys...
/etc/pki/rpm-gpg ~
~
# [info] Successfully added trusted package signing keys
# [info] Cleaning package cache...
37 files removed
次にMariaDBプログラムをインストールする。
実行結果は以下の通り(成功パターン)
# dnf install MariaDB-server MariaDB-client -y
CentOS Stream 8 - AppStream 446 kB/s | 22 MB 00:50
CentOS Stream 8 - BaseOS 590 kB/s | 22 MB 00:38
CentOS Stream 8 - Extras 48 kB/s | 18 kB 00:00
CentOS Stream 8 - Extras common packages 12 kB/s | 4.3 kB 00:00
MariaDB Server 470 kB/s | 586 kB 00:01
MariaDB MaxScale 8.1 kB/s | 8.2 kB 00:01
MariaDB Tools 2.7 kB/s | 4.0 kB 00:01
Zabbix Official Repository - x86_64 33 kB/s | 69 kB 00:02
Zabbix Official Repository non-supported - x86_64 1.1 kB/s | 1.2 kB 00:01
Dependencies resolved.
====================================================================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================================================================
Installing:
MariaDB-client x86_64 10.6.8-1.el8 mariadb-main 14 M
MariaDB-server x86_64 10.6.8-1.el8 mariadb-main 25 M
Installing dependencies:
MariaDB-common x86_64 10.6.8-1.el8 mariadb-main 88 k
MariaDB-shared x86_64 10.6.8-1.el8 mariadb-main 116 k
replacing mariadb-connector-c.x86_64 3.1.11-2.el8_3
replacing mariadb-connector-c-config.noarch 3.1.11-2.el8_3
galera-4 x86_64 26.4.11-1.el8 mariadb-main 13 M
socat x86_64 1.7.4.1-1.el8 appstream 323 k
Transaction Summary
====================================================================================================================================================================
Install 6 Packages
Total download size: 54 M
Downloading Packages:
(1/6): MariaDB-common-10.6.8-1.el8.x86_64.rpm 121 kB/s | 88 kB 00:00
(2/6): MariaDB-client-10.6.8-1.el8.x86_64.rpm 4.9 MB/s | 14 MB 00:02
(3/6): MariaDB-server-10.6.8-1.el8.x86_64.rpm 9.7 MB/s | 25 MB 00:02
(4/6): MariaDB-shared-10.6.8-1.el8.x86_64.rpm 163 kB/s | 116 kB 00:00
(5/6): galera-4-26.4.11-1.el8.x86_64.rpm 9.3 MB/s | 13 MB 00:01
(6/6): socat-1.7.4.1-1.el8.x86_64.rpm 61 kB/s | 323 kB 00:05
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 9.6 MB/s | 54 MB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: MariaDB-shared-10.6.8-1.el8.x86_64 1/8
Installing : MariaDB-shared-10.6.8-1.el8.x86_64 1/8
Running scriptlet: MariaDB-shared-10.6.8-1.el8.x86_64 1/8
Running scriptlet: MariaDB-common-10.6.8-1.el8.x86_64 2/8
Installing : MariaDB-common-10.6.8-1.el8.x86_64 2/8
Running scriptlet: MariaDB-common-10.6.8-1.el8.x86_64 2/8
Running scriptlet: MariaDB-client-10.6.8-1.el8.x86_64 3/8
Installing : MariaDB-client-10.6.8-1.el8.x86_64 3/8
Running scriptlet: MariaDB-client-10.6.8-1.el8.x86_64 3/8
Installing : socat-1.7.4.1-1.el8.x86_64 4/8
Running scriptlet: galera-4-26.4.11-1.el8.x86_64 5/8
Installing : galera-4-26.4.11-1.el8.x86_64 5/8
Running scriptlet: galera-4-26.4.11-1.el8.x86_64 5/8
Running scriptlet: MariaDB-server-10.6.8-1.el8.x86_64 6/8
Installing : MariaDB-server-10.6.8-1.el8.x86_64 6/8
Running scriptlet: MariaDB-server-10.6.8-1.el8.x86_64 6/8
Obsoleting : mariadb-connector-c-3.1.11-2.el8_3.x86_64 7/8
Obsoleting : mariadb-connector-c-config-3.1.11-2.el8_3.noarch 8/8
Running scriptlet: MariaDB-server-10.6.8-1.el8.x86_64 8/8
Running scriptlet: mariadb-connector-c-config-3.1.11-2.el8_3.noarch 8/8
Verifying : socat-1.7.4.1-1.el8.x86_64 1/8
Verifying : MariaDB-client-10.6.8-1.el8.x86_64 2/8
Verifying : MariaDB-common-10.6.8-1.el8.x86_64 3/8
Verifying : MariaDB-server-10.6.8-1.el8.x86_64 4/8
Verifying : MariaDB-shared-10.6.8-1.el8.x86_64 5/8
Verifying : mariadb-connector-c-3.1.11-2.el8_3.x86_64 6/8
Verifying : mariadb-connector-c-config-3.1.11-2.el8_3.noarch 7/8
Verifying : galera-4-26.4.11-1.el8.x86_64 8/8
Installed:
MariaDB-client-10.6.8-1.el8.x86_64 MariaDB-common-10.6.8-1.el8.x86_64 MariaDB-server-10.6.8-1.el8.x86_64 MariaDB-shared-10.6.8-1.el8.x86_64
galera-4-26.4.11-1.el8.x86_64 socat-1.7.4.1-1.el8.x86_64
Complete!
実行
# systemctl enable mariadb --now
MySQLの初期設定
# mysql_secure_installation
対話型で以下のように設定。
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
ZABBIX Serevrのインストールの実施
# dnf -y install php-mysqlnd php-gd php-xml php-bcmath php-ldap
# dnf -y install https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm
# dnf -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
ZABBIXむけDBの作成と関連設定。
IDとしてのzabbixのログインパスワードはとりあえずpasswordにした。Internetからのアクセスがある場合は複雑なものにすべき。
# mysql -u root -p
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show grants for root@localhost;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` IDENTIFIED BY PASSWORD '*81195E2F4FD71FDAC8697F9D3007A54327A9147A' WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
MariaDB [(none)]> create database zabbix;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all privileges on zabbix.* to zabbix@'localhost' identified by 'password';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
次にZABBIXのDBのスキームを設定する。
# zcat /usr/share/doc/zabbix-sql-scripts/mysql/server.sql.gz | mysql -u zabbix -p zabbix
Enter password:
Zabbix Confの設定。
# vi /etc/zabbix/zabbix_server.conf
以下の部分を修正(今回はパスワードを「password」とした場合の設定)
DBPassword=password
完了後、zabbix-serverの起動
# systemctl restart zabbix-server zabbix-agent httpd php-fpm
# systemctl enable zabbix-server zabbix-agent httpd php-fpm
SELinuxの設定
# setsebool -P zabbix_can_network on
# setsebool -P httpd_can_connect_zabbix on
# setsebool -P domain_can_mmap_files on
# setsebool -P daemons_enable_cluster_mode on
# vi zabbix_server.te
zabbix_server.teの内容は以下の通り。
※こちらを参考にしています(https://www.server-world.info/query?os=CentOS_Stream_8&p=zabbix60&f=1)
module zabbix_server 1.0;
require {
type initctl_t;
type devlog_t;
type proc_kcore_t;
type zabbix_t;
type zabbix_agent_t;
type rpm_exec_t;
type rpm_var_lib_t;
class fifo_file getattr;
class sock_file getattr;
class file { execute execute_no_trans map open getattr };
class capability dac_override;
}
#============= zabbix_t ==============
allow zabbix_t self:capability dac_override;
#============= zabbix_agent_t ==============
allow zabbix_agent_t devlog_t:sock_file getattr;
allow zabbix_agent_t initctl_t:fifo_file getattr;
allow zabbix_agent_t proc_kcore_t:file getattr;
allow zabbix_agent_t rpm_var_lib_t:file open;
allow zabbix_agent_t rpm_exec_t:file { execute execute_no_trans map };
以下を実行。
# checkmodule -m -M -o zabbix_server.mod zabbix_server.te
# semodule_package --outfile zabbix_server.pp --module zabbix_server.mod
# semodule -i zabbix_server.pp
Firewall設定
# firewall-cmd --add-service=http --permanent
# firewall-cmd --add-service=https --permanent
# firewall-cmd --add-service=mysql --permanent
# firewall-cmd --add-port={10051/tcp,10050/tcp} --permanent
# firewall-cmd --reload
ZabbixAgent設定
Agentの設定をする場合。今回はZABBIXサーバーに入れたAgentの設定を行う場合となります。
vi /etc/zabbix/zabbix_agentd.conf
以下のように修正
Server=127.0.0.1
ServerActive=127.0.0.1
Hostname=zb02.test.com <-任意で変更してください
これにて完了。以下のようにアクセスするとZABBIXの設定を開始することができます
http://<IPアドレス>/zabbix/