概述
Zabbix 5.0已经正式发布,相比4.0,它在可用性,安全性和完整性方面都有一系列重要改进。
支持的平台
除了现有的官方软件包和appliances外,Zabbix 5.0现在还支持以下平台:
- SUSE Linux Enterprise Server 15
- Debian 10
- Ubuntu 20.04
- Raspbian 10
- Mac OS/X
- RHEL 8
- CentOS 8
- MSI for Windows Agent
安全相关
SAML用于在安全身份提供者处提供单点身份验证,这意味着用户登录认证需要满足防火墙的安全策略,然后SAML用于向Zabbix和其他应用程序声明身份。SAML方式的支持使Zabbix具备开箱即用的与各种本地和云身份提供商(如Microsoft ADFS、OpenAM、Secureath、Okta、Auth0等)集成的功能。
Zabbix 5.0为更安全的监控进行了重大改进:
- 支持Webhook的HTTP代理,使从Zabbix server到外部告警和ITSM系统的连接更加安全和可控
- agent端的监控指标支持黑名单和白名单
- 所有Zabbix组件都可配置密码,以避免在TLS连接中使用非安全密码
- 支持到MySQL和PostgreSQL后端的加密连接
- 更强大的SHA256用于保存用户密码的Hash值
Zabbix 5.0支持更隐秘的用户宏,用于保存任何敏感信息,如不希望向最终用户公开的密码和API令牌。
支持TimescaleDB
Zabbix 5.0支持对TimescaleDB收集的数据进行可选压缩。除了TimescaleDB的通用优势(自动表分区、高性能和可扩展性)之外,它还有助于进一步提高性能和降低存储成本。
Zabbix用户界面也得到了改进,以支持监控和管理数百万受监控设备。
agent升级
新一代agent为Linux和Windows提供了一系列新功能和高级监控功能:
- 用Golang编写
- 用于监控各种服务和应用程序的插件框架
- 在执行监控检查时能保持现有状态(例如,保持持久的数据库连接)
- 支持trapping
- 内置调度器,支持灵活的时间间隔
- 使用批量数据传输实现高效的网络使用
- 支持持续存储收集的数据
- 直接替换Linux和Windows上的现有agent
垂直菜单
5.0的新界面:
部署
安装要求
数据库要求
Software | Version | Comments |
---|---|---|
MySQL | 5.5.62 - 8.0.x | Required if MySQL is used as Zabbix backend database. InnoDB engine is required. MariaDB (10.0.37 or later) also works with Zabbix. |
Oracle | 11.2 or later | Required if Oracle is used as Zabbix backend database. |
PostgreSQL | 9.2.24 or later | Required if PostgreSQL is used as Zabbix backend database. It is suggested to use at least PostgreSQL 8.3, which introduced much better VACUUM performance. |
TimescaleDB | 1.0 or later, OSS (free) version | Required if TimescaleDB is used as Zabbix backend database. |
SQLite | 3.3.5 or later | SQLite is only supported with Zabbix proxies. Required if SQLite is used as Zabbix proxy database. |
前端要求
Zabbix前端支持的最小屏幕宽度为1200 px。
ftware | Version | Comments |
---|---|---|
Apache | 1.3.12 or later | |
Nginx | ? | |
PHP | 7.2.0 or later | |
PHP extensions: | ||
gd | 2.0.28 or later | PHP GD extension must support PNG images (--with-png-dir), JPEG (--with-jpeg-dir) images and FreeType 2 (--with-freetype-dir). |
bcmath | php-bcmath (--enable-bcmath) | |
ctype | php-ctype (--enable-ctype) | |
libXML | 2.6.15 or later | php-xml, if provided as a separate package by the distributor. |
xmlreader | php-xmlreader, if provided as a separate package by the distributor. | |
xmlwriter | php-xmlwriter, if provided as a separate package by the distributor. | |
session | php-session, if provided as a separate package by the distributor. | |
sockets | php-net-socket (--enable-sockets). Required for user script support. | |
mbstring | php-mbstring (--enable-mbstring) | |
gettext | php-gettext (--with-gettext). Required for translations to work. | |
ldap | php-ldap. Required only if LDAP authentication is used in the frontend. | |
mysqli | Required if MySQL is used as Zabbix backend database. | |
oci8 | Required if Oracle is used as Zabbix backend database. | |
pgsql | Required if PostgreSQL is used as Zabbix backend database. |
服务端要求
Requirement | Status | Description |
---|---|---|
libpcre | Mandatory | PCRE library is required for Perl Compatible Regular Expression (PCRE) support. The naming may differ depending on the GNU/Linux distribution, for example 'libpcre3' or 'libpcre1'. Note that you need exactly PCRE (v8.x); PCRE2 (v10.x) library is not used. |
libevent | Required for bulk metric support and IPMI monitoring. Version 1.4 or higher. Note that for Zabbix proxy this requirement is optional; it is needed for IPMI monitoring support. | |
libpthread | Required for mutex and read-write lock support. | |
zlib | Required for compression support. | |
OpenIPMI | Optional | Required for IPMI support. |
libssh2 or libssh | Required for SSH checks. Version 1.0 or higher (libssh2); 0.6.0 or higher (libssh). libssh is supported since Zabbix 4.4.6. | |
fping | Required for ICMP ping items. | |
libcurl | Required for web monitoring, VMware monitoring, SMTP authentication, web.page.* Zabbix agent items, HTTP agent items and Elasticsearch (if used). Version 7.28.0 or higher is recommended. Libcurl version requirements: - SMTP authentication: version 7.20.0 or higher - Elasticsearch: version 7.28.0 or higher |
|
libxml2 | Required for VMware monitoring and XML XPath preprocessing. | |
net-snmp | Required for SNMP support. Version 5.3.0 or higher. |
Agent 2
Agent 2 支持64位的Linux和Microsoft Windows。
Requirement | Status | Description |
---|---|---|
libpcre | Mandatory | PCRE library is required for Perl Compatible Regular Expression (PCRE) support. The naming may differ depending on the GNU/Linux distribution, for example 'libpcre3' or 'libpcre1'. Note that you need exactly PCRE (v8.x); PCRE2 (v10.x) library is not used. |
OpenSSL | Optional | Required when using encryption. OpenSSL 1.0.1 or later is required on UNIX platforms. The OpenSSL library must have PSK support enabled. LibreSSL is not supported. On Microsoft Windows systems OpenSSL 1.1.1 or later is required. |
Java gateway
Library | License | Website | Comments |
---|---|---|---|
logback-core-0.9.27.jar | EPL 1.0, LGPL 2.1 | http://logback.qos.ch/ | Tested with 0.9.27, 1.0.13, and 1.1.1. |
logback-classic-0.9.27.jar | EPL 1.0, LGPL 2.1 | http://logback.qos.ch/ | Tested with 0.9.27, 1.0.13, and 1.1.1. |
slf4j-api-1.6.1.jar | MIT License | http://www.slf4j.org/ | Tested with 1.6.1, 1.6.6, and 1.7.6. |
android-json-4.3_r3.1.jar | Apache License 2.0 | https://android.googlesource.com/platform/libcore/+/master/json | Tested with 2.3.3_r1.1 and 4.3_r3.1. See src/zabbix_java/lib/README for instructions on creating a JAR file. |
安装
环境如下:
- 系统版本:CentOS Linux release 8.1.1911 (Core)
- MySQL:8.0.17
- Nginx:1.14.1
- PHP:7.2.11
关闭防火墙和SELingux
systemctl stop firewalld
systemctl disable firewalld
sed -i 's#^SELINUX=.*#SELINUX=disabled#g' /etc/sysconfig/selinux
setenforce 0
配置镜像源
新增阿里云zabbix镜像源zabbix.repo
:
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/8/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591
[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://mirrors.aliyun.com/zabbix/non-supported/rhel/8/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=1
dnf clean all
安装数据库
添加源
rpm -Uvh https://repo.mysql.com//mysql80-community-release-el8-1.noarch.rpm
dnf clean all
安装
dnf install mysql mysql-server mysql-devel
启动并设置开机自启
systemctl enable mysqld
systemctl start mysqld
修改root密码
[root@centos8 yum.repos.d]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 8
Server version: 8.0.17 Source distribution
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> ALTER user 'root'@'localhost' IDENTIFIED BY 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
Tips:密码必须包含大写字母、数字、特殊符号,不需要
flush privileges
来刷新权限。
Zabbix server,Web前端,agent及相关依赖
dnf install zabbix-server-mysql zabbix-web-mysql zabbix-nginx-conf zabbix-agent
创建初始数据库
create database zabbix character set utf8 collate utf8_bin;
create user zabbix@localhost identified by 'password';
grant all privileges on zabbix.* to zabbix@localhost;
导入初始架构和数据,系统将提示您输入新创建的密码。
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix
为Zabbix server配置数据库
修改数据库密码,编辑配置文件 /etc/zabbix/zabbix_server.conf
DBPassword=password
为Zabbix前端配置PHP
配置web端口,编辑配置文件 /etc/nginx/conf.d/zabbix.conf
listen 80;
# server_name example.com;
修改时区,编辑配置文件 /etc/php-fpm.d/zabbix.conf
php_value[date.timezone] = Asia/Shanghai
启动Zabbix server和agent进程
启动Zabbix server和agent进程,并为它们设置开机自启:
systemctl restart zabbix-server zabbix-agent nginx php-fpm
systemctl enable zabbix-server zabbix-agent nginx php-fpm
配置Zabbix前端
打开URL: http://<server_ip_or_name>/zabbix
Tips:若打不开以上URL,试试
http://<server_ip_or_name>/zabbix.php
。
填写数据库密码
Name为可选,但是如果填写,它将显示在菜单栏和页面标题中。
用户名:Admin,密码:zabbix
自此安装完成