Nginx 配置反向代理服務(wù)器
天要講的是Nginx最重要的一塊——配置反向代理服務(wù)器。
Nginx的負(fù)載均衡功能和代理功能是經(jīng)常被用到的����。本文會先將如何配置反向代理���,然后講一下負(fù)載均衡���。
反向代理
反向代理(Reverse Proxy)方式是指以代理服務(wù)器來接受Internet上的連接請求����,然后將請求轉(zhuǎn)發(fā)給內(nèi)部網(wǎng)絡(luò)上的服務(wù)器�;
反向代理的一個(gè)好處就是提高網(wǎng)站性能啦�。個(gè)人比較同意知乎上高票的Nginx 反向代理為什么可以提高網(wǎng)站性能?的回答
Nginx 的優(yōu)勢是在于它的異步阻塞模型����,可以通過基于事件的方式同時(shí)處理和維護(hù)多個(gè)請求���,而后端只要去做邏輯計(jì)算���,節(jié)約等待時(shí)間去處理更多請求���。
配置說明
要想配置反向代理�,首先要掌握基本配置規(guī)范����,基本的反向代理配置很簡單,但是如果要仔細(xì)配置也可以做到很復(fù)雜�。
官網(wǎng)給出反向代理的最簡單的代碼例子�。(https://www.nginx.com/resources/admin-guide/reverse-proxy/)
location /some/path/ {
proxy_pass http://www.example.com/link/;
}
但是在互聯(lián)網(wǎng)公司你看到的反向代理配置往往是這樣的:
upstream baidunode {
server 172.25.0.105:8081 weight=10 max_fails=3 fail_timeout=30s;
}
location / {
add_header Cache-Control no-cache;
proxy_set_header Host local.baidu.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://baidunode;
proxy_connect_timeout 30s;
}
下面就代碼里的配置做說明:
nginx配置文件通過使用add_header指令來設(shè)置response header�,response header一般都是以key:value的形式,例如:“Content-Encoding:gzip�、Cache-Control:no-store”�,設(shè)置的命令為:
add_header Cache-Control no-store
add_header Content-Encoding gzip
nginx 為實(shí)現(xiàn)反向代理的需求增加了一個(gè) ngx_http_proxy_module 模塊�。其中 proxy_set_header 指令就是該模塊需要讀取的配置。
現(xiàn)在對每句配置做個(gè)說明
- proxy_set_header Host local.baidu.com;
HTTP header 中的 Host 含義為所請求的目的主機(jī)名�。當(dāng) nginx 作為反向代理使用����,而后端真實(shí) web 服務(wù)器設(shè)置有類似 防盜鏈功能 ���,或者根據(jù) HTTP header 中的 Host 字段來進(jìn)行 路由 或 過濾 功能的話�,若作為反向代理的 nginx 不重寫請求頭中的 Host 字段����,將會導(dǎo)致請求失敗。 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
HTTP header 中的 X_Forward_For 表示該條 http 請求是由誰發(fā)起的。如果反向代理服務(wù)器不重寫該請求頭的話�,那么后端真實(shí) web 服務(wù)器在處理時(shí)會認(rèn)為所有的請求都來自反向代理服務(wù)器�。如果后端 web 服務(wù)器有防攻擊策略的話���,那么反向代理服務(wù)器對應(yīng)的 ip 地址就會被封掉�。
上述配置的意思是增加一個(gè) $proxy_add_x_forwarded_for 到 X-Forwarded-For里去,注意是增加,而不是覆蓋���。當(dāng)然由于默認(rèn)的 X-Forwarded-For 值是空的,所以我們總感覺 X-Forwarded-For 的值就等于 $proxy_add_x_forwarded_for 的值。
X-Forwarded-For的格式為X-Forwarded-For:real client ip, proxy ip 1, proxy ip N,每經(jīng)過一個(gè)反向代理就在請求頭X-Forwarded-For后追加反向代理IP���。 - proxy_connect_timeout
nginx服務(wù)器與被代理的服務(wù)器建立連接的超時(shí)時(shí)間,默認(rèn)60秒
例子
如果只看上面的配置解釋不容易理解,下面給一個(gè)具體的關(guān)于獲取客戶端真實(shí)ip的例子
下圖所示是一個(gè)請求進(jìn)來經(jīng)過Nginx的流程示意圖
如果我們把三個(gè)反向代理的配置如下:
Nginx Proxy
192.168.107.107 nginx.conf
location /test {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.107.112:8080;
}
192.168.107.112 nginx.conf
location /test {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.107.114:8080;
}
Nginx Backend
192.168.107.114 nginx.conf
location /test {
default_type text/html;
charset gbk;
echo "$remote_addr ||$http_x_real_ip ||$http_x_forwarded_for";
}
當(dāng)訪問服務(wù)的時(shí)候輸出為
192.168.107.112 || 192.168.162.16 || 192.168.162.16, 192.168.107.107
分析
1.在離用戶最近的反向代理NginxProxy 1�,通過“proxy_set_header X-Real-IP $remote_addr”把真實(shí)客戶端IP寫入到請求頭X-Real-IP���,在NginxBackend輸出$http_x_real_ip獲取到了真實(shí)客戶端IP���;而Nginx Backend的“$remote_addr”輸出為最后一個(gè)反向代理的IP����;
2.“proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for”的是把請求頭中的X-Forwarded-For與$remote_addr用逗號合起來�,如果請求頭中沒有X-Forwarded-For則$proxy_add_x_forwarded_for為$remote_addr。
X-Forwarded-For代表了客戶端IP,反向代理如Nginx通過$proxy_add_x_forwarded_for添加此項(xiàng)����,X-Forwarded-For的格式為X-Forwarded-For:real client ip, proxy ip 1, proxy ip N����,每經(jīng)過一個(gè)反向代理就在請求頭X-Forwarded-For后追加反向代理IP���。
到此我們可以使用請求頭X-Real-IP和X-Forwarded-For來獲取客戶端IP及客戶端到服務(wù)端經(jīng)過的反向代理IP了����。這種方式還是很麻煩���,$remote_addr并不是真實(shí)客戶端IP���。
為了更方便地獲取真實(shí)客戶端IP,可以使用nginx http_realip_module模塊解決����,在安裝nginx時(shí)通過–with-http_realip_module安裝該模塊����。NginxProxy配置和場景2一樣�。
Nginx Backend
192.168.107.114 nginx.conf
real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.0.0/16;
real_ip_recursive on;
location /test {
default_type text/html;
charset gbk;
echo "$remote_addr || $http_x_real_ip ||$http_x_forwarded_for";
}
具體分析可以參照該博客
http://blog.csdn.net/broadview2006/article/details/54570943
其實(shí)還有很多配置 具體說明可以參考該博客http://www.cnblogs.com/knowledgesea/p/5199046.html
include mime.types; #文件擴(kuò)展名與文件類型映射表
default_type application/octet-stream; #默認(rèn)文件類型,默認(rèn)為text/plain
#access_log off; #取消服務(wù)日志
log_format myFormat ' $remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定義格式
access_log log/access.log myFormat; #combined為日志格式的默認(rèn)值
sendfile on; #允許sendfile方式傳輸文件�,默認(rèn)為off�,可以在http塊���,server塊�,location塊。
sendfile_max_chunk 100k; #每個(gè)進(jìn)程每次調(diào)用傳輸數(shù)量不能大于設(shè)定的值,默認(rèn)為0����,即不設(shè)上限����。
keepalive_timeout 65; #連接超時(shí)時(shí)間���,默認(rèn)為75s�,可以在http���,server���,location塊����。
proxy_connect_timeout 1; #nginx服務(wù)器與被代理的服務(wù)器建立連接的超時(shí)時(shí)間,默認(rèn)60秒
proxy_read_timeout 1; #nginx服務(wù)器想被代理服務(wù)器組發(fā)出read請求后�,等待響應(yīng)的超時(shí)間����,默認(rèn)為60秒���。
proxy_send_timeout 1; #nginx服務(wù)器想被代理服務(wù)器組發(fā)出write請求后���,等待響應(yīng)的超時(shí)間����,默認(rèn)為60秒。
proxy_http_version 1.0 ; #Nginx服務(wù)器提供代理服務(wù)的http協(xié)議版本1.0���,1.1,默認(rèn)設(shè)置為1.0版本����。
#proxy_method get; #支持客戶端的請求方法���。post/get;
proxy_ignore_client_abort on; #客戶端斷網(wǎng)時(shí),nginx服務(wù)器是否終端對被代理服務(wù)器的請求���。默認(rèn)為off。
proxy_ignore_headers "Expires" "Set-Cookie"; #Nginx服務(wù)器不處理設(shè)置的http相應(yīng)投中的頭域,這里空格隔開可以設(shè)置多個(gè)�。
proxy_intercept_errors on; #如果被代理服務(wù)器返回的狀態(tài)碼為400或者大于400�,設(shè)置的error_page配置起作用����。默認(rèn)為off。
proxy_headers_hash_max_size 1024; #存放http報(bào)文頭的哈希表容量上限,默認(rèn)為512個(gè)字符。
proxy_headers_hash_bucket_size 128; #nginx服務(wù)器申請存放http報(bào)文頭的哈希表容量大小。默認(rèn)為64個(gè)字符。
proxy_next_upstream timeout; #反向代理upstream中設(shè)置的服務(wù)器組���,出現(xiàn)故障時(shí),被代理服務(wù)器返回的狀態(tài)值。error|timeout|invalid_header|http_500|http_502|http_503|http_504|http_404|off
#proxy_ssl_session_reuse on; 默認(rèn)為on,如果我們在錯誤日志中發(fā)現(xiàn)“SSL3_GET_FINSHED:digest check failed”的情況時(shí)����,可以將該指令設(shè)置為off���。
總結(jié):proxy_set_header 就是可設(shè)置請求頭-并將頭信息傳遞到服務(wù)器端�。不屬于請求頭的參數(shù)中也需要傳遞時(shí) 重定義下就行啦����。
負(fù)載均衡
Nginx提供了兩種負(fù)載均衡策略:內(nèi)置策略和擴(kuò)展策略���。內(nèi)置策略為輪詢���,加權(quán)輪詢����,Ip hash����。擴(kuò)展策略,就是自己實(shí)現(xiàn)一套策略���。
大家可以通過upstream這個(gè)配置�,寫一組被代理的服務(wù)器地址,然后配置負(fù)載均衡的算法。
熱備
當(dāng)一臺服務(wù)器發(fā)生事故時(shí)�,才啟用第二臺服務(wù)器給提供服務(wù)�。
比如127.0.0.1 掛了�,就啟動192.168.10.121。
upstream mysvr {
server 127.0.0.1:7878;
server 192.168.10.121:3333 backup; #熱備
}
輪詢
Nginx 輪詢的默認(rèn)權(quán)重是1。 所以請求順序就是ABABAB....交替
upstream mysvr {
server 127.0.0.1:7878;
server 192.168.10.121:3333;
}
加權(quán)輪詢
根據(jù)權(quán)重大小���,分發(fā)給不同服務(wù)器不同數(shù)量請求。如下配置的請求順序?yàn)椋篈BBABBABBABB.....�??梢葬槍Σ煌?wù)器的性能���,配置不同的權(quán)重�。
upstream mysvr {
server 127.0.0.1:7878 weight=1;
server 192.168.10.121:3333 weight=2;
}
ip_hash
讓相同客戶端ip請求相同的服務(wù)器。對客戶端請求的ip進(jìn)行hash操作,然后根據(jù)hash結(jié)果將同一個(gè)客戶端ip的請求分發(fā)給同一臺服務(wù)器進(jìn)行處理���,可以解決session不共享的問題。
程連接并登錄到 Linux 實(shí)例。
執(zhí)行命令 cd /etc/nginx/conf.d 打開 Nginx 服務(wù)配置文件目錄。
執(zhí)行命令 vi 您要創(chuàng)建的域名.conf 創(chuàng)建域名規(guī)則配置文件,如示例中的 vi www.server110.com.conf。
輸入 i 編輯新建的配置文件:
為每一個(gè)域名建立一個(gè)單獨(dú)的配置文件時(shí)輸入以下內(nèi)容:
server
{
listen 80; #監(jiān)聽端口設(shè)為 80�。
server_name www.server110.com; #綁定您的域名����。
index index.htm index.html index.php; #指定默認(rèn)文件���。
root /home/www/server110.com; #指定網(wǎng)站根目錄����。
include location.conf; #當(dāng)您需要調(diào)用其他配置文件時(shí)才粘貼此項(xiàng),如無需要,請刪除此項(xiàng)�。
}
將多個(gè)域名規(guī)則寫進(jìn)一個(gè)共同的配置文件時(shí)輸入以下內(nèi)容:
server
{
listen 80; #監(jiān)聽端口設(shè)為 80����。
server_name www.server110.com; #綁定您的域名���。
index index.htm index.html index.php; #指定默認(rèn)文件����。
root /home/www/server110.com; #指定網(wǎng)站根目錄�。
include location.conf; #當(dāng)您需要調(diào)用其他配置文件時(shí)才粘貼此項(xiàng),如無需要����,請刪除此項(xiàng)�。
}
server
{
listen 80; #監(jiān)聽端口設(shè)為 80���。
server_name msn.server111.com; #綁定您的域名����。
index index.htm index.html index.php; #指定默認(rèn)文件。
root /home/www/msn.server110.com; #指定網(wǎng)站根目錄���。
include location.conf; #當(dāng)您需要調(diào)用其他配置文件時(shí)才粘貼此項(xiàng),如無需要�,請刪除此項(xiàng)����。
}
為無 WWW 前綴的域名配置規(guī)則并加 301 跳轉(zhuǎn)時(shí)輸入以下內(nèi)容:
server
{
listen 80;
server_name server110.com;
rewrite ^/(.*) http://www.server110.com/ permanent;
}
需要為域名添加 404 提示時(shí)輸入以下內(nèi)容:
server
{
listen 80; #監(jiān)聽端口設(shè)為 80�。
server_name www.server110.com; #綁定您的域名。
index index.htm index.html index.php; #指定默認(rèn)文件�。
root /home/www/server110.com; #指定網(wǎng)站根目錄����。
include location.conf; #當(dāng)您需要調(diào)用其他配置文件時(shí)才粘貼此項(xiàng),如無需要����,請刪除此項(xiàng)���。
error_page 404 /404.html;
}
按 Esc 退出編輯并輸入 :wq 保存退出����。
執(zhí)行命令 nginx -t 檢查配置是否有誤���,并按照報(bào)錯提示修復(fù)錯誤�。
執(zhí)行命令 service nginx restart 重啟 Nginx 服務(wù)���。
執(zhí)行命令 service nginx reload 重新載入 Nginx 服務(wù)����。
動化監(jiān)控系統(tǒng)
|
|
|
Cacti | 特點(diǎn):將監(jiān)控到的數(shù)據(jù),繪制成各種圖形 | 基于SNMP協(xié)議 (網(wǎng)絡(luò)管理協(xié)議) 的監(jiān)控軟件���,強(qiáng)大的繪圖能力 |
Nagios | 特點(diǎn):狀態(tài)檢查和報(bào)警機(jī)制 (例如:內(nèi)存不足或CPU負(fù)載高時(shí),及時(shí)的給管理員發(fā)送報(bào)警信息(郵件報(bào)警����,短信報(bào)警等) ) | 基于Agent監(jiān)控�,強(qiáng)大的狀態(tài)檢查與報(bào)警機(jī)制����,插件極多,自己寫監(jiān)控腳本嵌入到Nagios非常方便 |
Zabbix | 特點(diǎn):支持多種報(bào)警機(jī)制�,支持分布式監(jiān)控���,支持?jǐn)?shù)據(jù)繪圖 | 基于多種監(jiān)控機(jī)制���,支持分布式監(jiān)控 |
1.3.1 Zabbix簡介
Zabbix 是一個(gè)高度集成的監(jiān)控解決方案,可以實(shí)現(xiàn)企業(yè)級的開源分布式監(jiān)控,
Zabbix 通過 C/S模式采集監(jiān)控?cái)?shù)據(jù)
C/S (client/server): 客戶端/服務(wù)器
客戶端程序負(fù)載采集要監(jiān)控的數(shù)據(jù)�,然后發(fā)送給監(jiān)控服務(wù)器����;
監(jiān)控服務(wù)器對客戶發(fā)送過來的數(shù)據(jù)進(jìn)行存儲和處理;
Zabbix通過B/S模式實(shí)現(xiàn)Web管理
B/S (browser/server): 瀏覽器/服務(wù)器
管理員可以通過瀏覽器�,訪問監(jiān)控服務(wù)器web頁面�,并可以查看和管理監(jiān)控系統(tǒng)
1.3.2 監(jiān)控拓?fù)?/h1>Zabbix監(jiān)控原理: |
部署一個(gè)Zabbix監(jiān)控服務(wù)器, 用于存儲和處理監(jiān)控?cái)?shù)據(jù)����; |
如果被監(jiān)控的是Linux或Windows主機(jī)�,需要安裝客戶端程序agent來采集監(jiān)控?cái)?shù)據(jù); |
如果被監(jiān)控的是網(wǎng)絡(luò)設(shè)備(交換機(jī),路由器等)���,通過SNMP協(xié)議進(jìn)行監(jiān)控; |
最后Zabbix監(jiān)控服務(wù)器,將客戶端收集來的數(shù)據(jù)存儲到數(shù)據(jù)庫中���,通過web頁面來管理 |
監(jiān)控角色 |
監(jiān)控服務(wù)器 |
監(jiān)控服務(wù)器可以通過SNMP (網(wǎng)絡(luò)管理協(xié)議)或Agent采集數(shù)據(jù) |
數(shù)據(jù)可以寫入MYSQL、Oracle等數(shù)據(jù)庫中 |
|
被監(jiān)控主機(jī) |
被監(jiān)控主機(jī)需要安裝Agent |
常見的網(wǎng)絡(luò)設(shè)備一般支持SNMP (網(wǎng)絡(luò)管理協(xié)議) |
二、LNMP環(huán)境準(zhǔn)備
這里的話����,因?yàn)閦abbix web系統(tǒng)使用的是php�,所以需要配置LNMP環(huán)境����。
服務(wù)器使用LNMP實(shí)現(xiàn)web前端的管理
Nginx是一款小巧而高效的Web服務(wù)器軟件,可幫您在Linux系統(tǒng)下快速方便地搭建出LNMP Web服務(wù)環(huán)境。在ECS實(shí)例上搭建LNMP環(huán)境�,其中LNMP分別代表Linux����、Nginx����、MySQL和PHP。
2.1 部署LNMP
這里小伙伴可以參考這個(gè):手動部署LNMP環(huán)境(CentOS 7)手動部署LNMP環(huán)境(CentOS 7) - 云服務(wù)器 ECS - 阿里云
2.1.1 安裝前準(zhǔn)備
- 監(jiān)控服務(wù)器(需要使用Web頁面操作,因此需要先部署LNMP)設(shè)置主機(jī)名(zabbixserver)設(shè)置IP地址(192.168.26.15)關(guān)閉防火墻、SELinux
- 監(jiān)控客戶端 (2.100和2.200)主機(jī)web1(192.168.26.14)主機(jī)web2(192.168.26.13)關(guān)閉防火墻、SELinux
虛擬機(jī)環(huán)境準(zhǔn)備(克隆centos7 模板機(jī)): ——> 關(guān)閉防火墻和SELinux����,嗯�,因?yàn)樾枰鄠€(gè)機(jī)器���,所以我們用ansible,方便一點(diǎn),這里,192.168.26.15為控制機(jī)���,192.168.26.14����,192.168.26.13 為節(jié)點(diǎn)機(jī)
主機(jī)名 | IP地址 |
zabbixserver | 192.168.26.15 |
web1 | 192.168.26.14 |
web2 | 192.168.26.13 |
配置到物理機(jī)的SSH免密
┌──(liruilong?Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.13 (192.168.26.13)' can't be established.
ECDSA key fingerprint is SHA256:1F/T20FjhEaLDtutI1rXCwOFGZ5nPs3hFzHyjsnAs3Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.13's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.13'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong?Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.14 (192.168.26.14)' can't be established.
ECDSA key fingerprint is SHA256:cfpb8zAi+otnaU0YIoRb76iaOYiFDI4JHyU9N0LmNkY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.14's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.14'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong?Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.15
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.15 (192.168.26.15)' can't be established.
ECDSA key fingerprint is SHA256:Ix6WxiXXJVdMFdSqiXLaPYdg+khbzkjuYO4raDDnih0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.15's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.15'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong?Liruilong)-[/mnt/e/docker]
└─$
ansible環(huán)境準(zhǔn)備
┌──[root@zabbixserver]-[/]
└─$ mkdir ansible;cd ansible;vim ansible.cfg
┌──[root@zabbixserver]-[/ansible]
└─$ cat ansible.cfg
[defaults]
# 主機(jī)清單文件,就是要控制的主機(jī)列表
inventory=inventory
# 連接受管機(jī)器的遠(yuǎn)程的用戶名
remote_user=root
# 角色目錄
roles_path=roles
# 設(shè)置用戶的su 提權(quán)
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
┌──[root@zabbixserver]-[/ansible]
└─$ vim inventory
┌──[root@zabbixserver]-[/ansible]
└─$ cat inventory
[web]
192.168.26.13
192.168.26.14
[zabbix]
192.168.26.13
192.168.26.14
127.0.0.1
┌──[root@zabbixserver]-[/ansible]
└─$
配置控制機(jī)到節(jié)點(diǎn)機(jī)的SSH免密
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory
(to install the contents of '/root/.pub' anyway, look at the -f option)
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory
(to install the contents of '/root/.pub' anyway, look at the -f option)
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/wLemqRJd5tsIWj/hxole6EpNTZ9M2lDooVGnYTx3I4 root@zabbixserver
The key's randomart image is:
+---[RSA 2048]----+
| o=.. |
| ..+o. |
| o=o |
| . +=. |
| .S E O |
| oooX.+ + |
| .ooB++o |
| . *o*=+. |
| o +==o. |
+----[SHA256]-----+
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.14 (192.168.26.14)' can't be established.
ECDSA key fingerprint is SHA256:cfpb8zAi+otnaU0YIoRb76iaOYiFDI4JHyU9N0LmNkY.
ECDSA key fingerprint is MD5:35:32:02:28:b3:2f:9b:11:3c:d9:16:29:ab:2f:75:73.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.14's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.14'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.13 (192.168.26.13)' can't be established.
ECDSA key fingerprint is SHA256:1F/T20FjhEaLDtutI1rXCwOFGZ5nPs3hFzHyjsnAs3Q.
ECDSA key fingerprint is MD5:b3:c9:31:0e:08:31:5b:7b:25:dd:a3:a7:f1:db:ac:7a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.13's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.13'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.15
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.15's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.15'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
測試ansible
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m ping
192.168.26.13 | SUCCESS=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.26.14 | SUCCESS=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
127.0.0.1 | SUCCESS=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
┌──[root@zabbixserver]-[/ansible]
└─$
檢查防火墻和selinux
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a 'sed -n 7p /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If
you need to use command because replace, lineinfile or template is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
127.0.0.1 | CHANGED | rc=0 >>
SELINUX=disabled
192.168.26.14 | CHANGED | rc=0 >>
SELINUX=disabled
192.168.26.13 | CHANGED | rc=0 >>
SELINUX=disabled
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a ' systemctl status firewalld | grep Active'
127.0.0.1 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:48:56 CST; 51min ago
192.168.26.14 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:49:47 CST; 50min ago
192.168.26.13 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:49:14 CST; 51min ago
發(fā)現(xiàn)防火墻還沒有關(guān)閉,所以在關(guān)閉一下防火墻:
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a 'systemctl disable firewalld --now'
192.168.26.14 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
192.168.26.13 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
127.0.0.1 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
┌──[root@zabbixserver]-[/ansible]
└─$
2.1.2 部署LNMP
┌──[root@zabbixserver]-[/ansible]
└─$ yum -y install nginx php php-fpm php-mysql mariadb-server mariadb mariadb-devel
安裝需要的軟件包,也可以分別安裝
##安裝Ng
[root@zabbixserver ~]yum -y install nginx
###安裝php解釋器及相關(guān)軟件包
[root@zabbixserver ~]# yum -y install php #php解釋器
[root@zabbixserver ~]# yum -y install php-fpm #可以支持 Fastcgi 通用語言
[root@zabbixserver ~]# yum -y install php-mysql #php和數(shù)據(jù)通信的擴(kuò)展包
###安裝數(shù)據(jù)庫及相關(guān)軟件包
[root@web1 ~]# yum -y install mariadb-server #數(shù)據(jù)庫服務(wù)端軟件
[root@web1 ~]# yum -y install mariadb #數(shù)據(jù)庫客戶端軟件
[root@web1 ~]# yum -y install mariadb-devel #相關(guān)的依賴包
修改nginx配置
┌──[root@zabbixserver]-[~]
└─$ vim /etc/nginx/nginx.conf
┌──[root@zabbixserver]-[~]
└─$ cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location=/404.html {
}
error_page 500 502 503 504 /50x.html;
location=/50x.html {
}
fastcgi_buffers 8 16k; #緩存php生成的數(shù)據(jù)�,緩存大小為8個(gè)16k
fastcgi_buffer_size 32k; #緩存php產(chǎn)生的頭部信息���,緩存大小為32k
fastcgi_connect_timeout 300; #連接php的超時(shí)時(shí)間為300秒
fastcgi_send_timeout 300; #發(fā)送請求的超時(shí)時(shí)間為300秒
fastcgi_read_timeout 300; #讀取請求的超時(shí)時(shí)間為300秒
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1: 9000;
# fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location=/40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location=/50x.html {
# }
# }
}
通過systemd的方式管理nginx服務(wù),通過源碼安裝的NG需要
##此文件�,每次Linux開機(jī)時(shí)����,都會運(yùn)行里面的所有命令
[root@zabbixserver ~]# vim /etc/rc.d/rc.local
/usr/local/nginx/sbin/nginx
[root@zabbixserver ~]# chmod +x /etc/rc.d/rc.local
####nginx管理服務(wù)模板文件路徑,也可在百度搜索nginx systemd
https://www.nginx.com/resources/wiki/start/topics/examples/systemd/
#####在/usr/lib/systemcd/systemd下創(chuàng)建nginx服務(wù)配置文件
##拷貝模板
[root@web1 ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP server #描述信息
##After 指nginx開機(jī)時(shí),啟動服務(wù)的順序
After=syslog.target network-online.targetnss-lookup.target
[Service]
#Type 指啟動服務(wù)后只有一個(gè)進(jìn)程使用simple����,有多個(gè)進(jìn)程使用forking
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
####修改路徑為/usr/local/nginx/sbin 實(shí)際nginx安裝路徑
##ExecStartPre 指啟動服務(wù)之前檢測nginx配置語法是否正確
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx #啟動nginx服務(wù)
ExecReload=/usr/local/nginx/sbin/ -s reload #重啟nginx服務(wù)
ExecStop=/bin/kill -s QUIT $MAINPID #停止nginx服務(wù)
PrivateTmp=true
[Install]
#WantedBy 指將nginx服務(wù)放到 multi-user.target 服務(wù)組
#路徑在/etc/systemd/system/multi-user.target
#重啟multi-user.target����,會啟動這個(gè)目錄下的所有服務(wù)
WantedBy=multi-user.target
2.1.4 啟動服務(wù)
┌──[root@zabbixserver]-[~]
└─$ systemctl enable mariadb.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
┌──[root@zabbixserver]-[~]
└─$ systemctl enable php-fpm --now
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
┌──[root@zabbixserver]-[~]
└─$ systemctl enable nginx --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
┌──[root@zabbixserver]-[~]
└─$
頁面測試
######編寫php動態(tài)測試頁面
[root@zabbixserver ~]# vim /usr/local/nginx/html/test.php
<?php
$i=33;
echo $i;
?>
三�、安裝Zabbix
官方文檔: 從部署包安裝
3.1 部署Zabbix監(jiān)控端服務(wù)器
3.1.1 安裝軟件
┌──[root@zabbixserver]-[~]
└─$ ls
anaconda-ks.cfg calico.yaml one-client-install.sh zabbix-3.4.4
calico_3_14.tar download set.sh zabbix-3.4.4.tar.gz
##########安裝zabbix相關(guān)依賴包
┌──[root@zabbixserver]-[~]
└─$ yum -y install net-snmp-devel curl-devel libevent-devel gcc
##########獲取mysql_config的絕對路徑 (此命令用于編譯mysql的客戶端程序)
┌──[root@zabbixserver]-[~]
└─$ mysql_config
Usage: /usr/bin/mysql_config [OPTIONS]
Options:
--cflags [-I/usr/include/mysql]
--include [-I/usr/include/mysql]
--libs [-L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -ldl -lssl -lcrypto]
--libs_r [-L/usr/lib64/mysql -lmysqlclient -lpthread -lz -lm -ldl -lssl -lcrypto]
--plugindir [/usr/lib64/mysql/plugin]
--socket [/var/lib/mysql/mysql.sock]
--port [0]
--version [5.5.68]
--libmysqld-libs [-L/usr/lib64/mysql -lmysqld]
--variable=VAR VAR is one of:
pkgincludedir [/usr/include/mysql]
pkglibdir [/usr/lib64/mysql]
plugindir [/usr/lib64/mysql/plugin]
源碼安裝zabbix軟件
#########進(jìn)入到zabbix源碼包下,源碼安裝zabbix軟件
#--enable-server 指安裝zabbix服務(wù)端模塊;
#--enable-agent 指安裝zabbix客戶端模塊(用于收集監(jiān)控?cái)?shù)據(jù),在客戶端安裝����,服務(wù)器也可以按照���,用于監(jiān)控自己)�;
#--enable-proxy 指安裝zabbix的代理模塊�,實(shí)現(xiàn)代理功能(此實(shí)驗(yàn)用不到);
#--with-mysql=指定mysql數(shù)據(jù)庫,用于存放客戶端收集的監(jiān)控?cái)?shù)據(jù);
#--with-net-snmp 指安裝此模塊�,可以通過snmp協(xié)議����,去監(jiān)控網(wǎng)絡(luò)設(shè)備(路由器���,交換機(jī));
#--with-libcurl 指安裝此模塊���,可以讓zabbix調(diào)用curl,獲取被監(jiān)控主機(jī)的信息����,做健康檢查
┌──[root@zabbixserver]-[~]
└─$ cd zabbix-3.4.4/
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ls
aclocal.m4 ChangeLog config.sub database INSTALL Makefile.in NEWS src
AUTHORS compile configure depcomp install-sh man README upgrades
bin conf configure.ac frontends m4 misc README.txt
build config.guess COPYING include Makefile.am missing sass
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ./configure --enable-server --enable-proxy --enable-agent --with-mysql=/usr/bin/mysql_config
#########直接安裝����,不需要make
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ make install
查看zabbix相關(guān)的配置文件
#########查看zabbix相關(guān)的配置文件
#zabbix_server.conf zabbix服務(wù)端配置文件
#zabbix_agentd.conf zabbix客戶端配置文件
#zabbix_proxy.conf zabbix監(jiān)控代理的配置文件
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ls /usr/local/etc/
zabbix_agentd.conf zabbix_proxy.conf zabbix_server.conf
zabbix_agentd.conf.d zabbix_proxy.conf.d zabbix_server.conf.d
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$
獲取目標(biāo)主機(jī)監(jiān)控?cái)?shù)據(jù)和向目標(biāo)主機(jī)發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
#########獲取目標(biāo)主機(jī)監(jiān)控?cái)?shù)據(jù)和向目標(biāo)主機(jī)發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
#zabbix_get 獲取監(jiān)控?cái)?shù)據(jù)的命令
#zabbix_sender 發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ls /usr/local/bin/
zabbix_get zabbix_sender
啟動zabbix的命令,zabbix默認(rèn)無法通過systemd管理
########啟動zabbix的命令����,zabbix默認(rèn)無法通過systemd管理
#zabbix_agentd zabbix 客戶端的啟動命令
#zabbix_proxy zabbix 監(jiān)控代理服務(wù)的啟動命令
#zabbix_server zabbix 服務(wù)端的啟動命令
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ls /usr/local/sbin/
zabbix_agentd zabbix_proxy zabbix_server
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$
3.1.2初始化準(zhǔn)備
創(chuàng)建數(shù)據(jù)庫與數(shù)據(jù)庫賬戶
###########創(chuàng)建zabbix數(shù)據(jù)庫并授權(quán)
[root@zabbixserver ~]# mysql
#創(chuàng)建一個(gè)zabbix空數(shù)據(jù)庫�����,用于存儲監(jiān)控?cái)?shù)據(jù)����,設(shè)置為utf8格式,可以存儲中文
MariaDB [(none)]> create database zabbix character set utf8;
#授權(quán)����,zabbix用戶可以從本機(jī)登錄mysql
#登錄密碼為zabbix,對zabbix庫下的表擁有所有權(quán)限(增刪改查)
MariaDB [(none)]> grant all on zabbix.* to zabbix@'localhost' identified by 'zabbix';
#退出數(shù)據(jù)庫
MariaDB [(none)]> exit
導(dǎo)入zabbix提供的備份數(shù)據(jù)庫文件�����,導(dǎo)入順序不能發(fā)生改變(否則報(bào)錯)
#########導(dǎo)入zabbix提供的備份數(shù)據(jù)庫文件,導(dǎo)入順序不能發(fā)生改變(否則報(bào)錯)
##mysql備份數(shù)據(jù)庫文件在zabbix源碼包路徑:zabbix-3.4.4/database/mysql/
#Oracle備份數(shù)據(jù)庫文件在zabbix源碼包路徑:zabbix-3.4.4/database/oracle/
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ ls
aclocal.m4 compile config.sub depcomp m4 misc sass
AUTHORS conf configure frontends Makefile missing src
bin config.guess configure.ac include Makefile.am NEWS upgrades
build config.log COPYING INSTALL Makefile.in README
ChangeLog config.status database install-sh man README.txt
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ cd database/mysql/
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$ ls
data.sql images.sql schema.sql
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$ mysql -uzabbix -pzabbix zabbix < schema.sql
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$ mysql -uzabbix -pzabbix zabbix < images.sql
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$ mysql -uzabbix -pzabbix zabbix < data.sql
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$
查看mysql的zabbix下的表
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use zabbix;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [zabbix]> show tables;
+----------------------------+
| Tables_in_zabbix |
+----------------------------+
| acknowledges |
| actions |
| alerts |
| application_discovery |
| application_prototype |
| application_template |
| applications |
����。����。��。。。
| widget |
| widget_field |
+----------------------------+
140 rows in set (0.00 sec)
#查看zabbix用戶名和密碼
MariaDB [zabbix]> select alias,passwd from users;
+-------+----------------------------------+
| alias | passwd |
+-------+----------------------------------+
| Admin | 5fce1b3e34b520afeffb37ce08c7cd66 |
| guest | d41d8cd98f00b204e9800998ecf8427e |
+-------+----------------------------------+
2 rows in set (0.00 sec)
MariaDB [zabbix]> exit
Bye
┌──[root@zabbixserver]-[~/zabbix-3.4.4/database/mysql]
└─$
上線Zabbix頁面
┌──[root@zabbixserver]-[~/zabbix-3.4.4]
└─$ cd frontends/php/
#拷貝所有內(nèi)容到nginx網(wǎng)頁的默認(rèn)路徑下
┌──[root@zabbixserver]-[~/zabbix-3.4.4/frontends/php]
└─$ cp -r * /usr/share/nginx/html
cp: cannot overwrite non-directory ‘/usr/share/nginx/html/img’ with directory ‘img’
┌──[root@zabbixserver]-[~/zabbix-3.4.4/frontends/php]
└─$ cd /usr/share/nginx/html/
┌──[root@zabbixserver]-[/usr/share/nginx/html]
└─$ chown -R nginx.nginx /usr/share/nginx/html/
┌──[root@zabbixserver]-[/usr/share/nginx/html]
└─$
安裝依賴軟件
┌──[root@zabbixserver]-[~/zabbix-3.4.4/frontends/php]
└─$ yum -y install php-gd php-xml php-ldap;yum -y install php-bcmath php-mbstring
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package php-gd-5.4.16-48.el7.x86_64 already installed and latest version
Package php-xml-5.4.16-48.el7.x86_64 already installed and latest version
Package php-ldap-5.4.16-48.el7.x86_64 already installed and latest version
Nothing to do
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package php-bcmath-5.4.16-48.el7.x86_64 already installed and latest version
Package php-mbstring-5.4.16-48.el7.x86_64 already installed and latest version
Nothing to do
┌──[root@zabbixserver]-[~/zabbix-3.4.4/frontends/php]
└─$
修改PHP配置文件
######php中��,分號【;】 代表注釋
┌──[root@zabbixserver]-[~/zabbix-3.4.4/frontends/php]
└─$ vim /etc/php.inii
......
#每個(gè)php腳本可最大以執(zhí)行的時(shí)間
384 max_execution_time=300
......
#服務(wù)器接收數(shù)據(jù)的時(shí)間限制為300s
394 max_input_time=300
......
#客戶端連接時(shí),最多可以接受多大的POST請求數(shù)據(jù)
672 post_max_size=32M
......
#設(shè)置時(shí)區(qū)
878 date.timezone=Asia/Shanghai
......
重啟php-fpm服務(wù)
#########重啟php-fpm服務(wù)
[root@zabbixserver ~]# systemctl restart php-fpm
3.1.3 初始化
嗯�����。這里可能會遇到配置文件無法寫入�����,無法覆蓋的問題����,主要是權(quán)限的問題��,需要給/usr/share/nginx/html/授權(quán)
默認(rèn)登錄賬戶admin��,默認(rèn)密碼zabbix
|
|
|
|
|
默認(rèn)登錄賬戶admin,默認(rèn)密碼zabbix |
|
|
寫入的配置文件
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ ls
maintenance.inc.php zabbix.conf.php zabbix.conf.php.bak
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ cat zabbix.conf.php
<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE']='MYSQL';
$DB['SERVER']='localhost';
$DB['PORT']='3306';
$DB['DATABASE']='zabbix';
$DB['USER']='zabbix';
$DB['PASSWORD']='zabbix';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA']='';
$ZBX_SERVER='localhost';
$ZBX_SERVER_PORT='10051';
$ZBX_SERVER_NAME='';
$IMAGE_FORMAT_DEFAULT=IMAGE_FORMAT_PNG;
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$
設(shè)置中文環(huán)境(推薦英文����,中文小部分為亂碼) |
|
3.1.4 啟動服務(wù)
修改配置文件
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ vim /usr/local/etc/zabbix_server.conf
######修改配置, 指定zabbix管理的數(shù)據(jù)庫信息
[root@zabbixserver ~]# vim /usr/local/etc/zabbix_server.conf
......
#數(shù)據(jù)庫服務(wù)器的地址����,本機(jī)localhost��,如果在其他主機(jī)上�����,指定IP地址
85 DBHost=localhost
......
#mysql中的數(shù)據(jù)庫名為zabbix,用于存放監(jiān)控?cái)?shù)據(jù)
95 DBName=zabbix
......
#登錄mysql的用戶名為zabbix
111 DBUser=zabbix
......
#登錄mysql的密碼為zabbix
119 DBPassword=zabbix
......
####啟動服務(wù)
必須創(chuàng)建用戶zabbix����,用于啟動zabbix服務(wù)
#######必須創(chuàng)建用戶zabbix,用于啟動zabbix服務(wù)
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ useradd -s /sbin/nologin zabbix
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ zabbix_server
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$
######查看端口,zabbix服務(wù)端口號:10051
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ ss -ntulpa | grep zabbix
tcp LISTEN 0 128 *:10051 *:* users:(("zabbix_server",pid=25481,fd=4),("zabbix_server",pid=25480,fd=4),("zabbix_server",pid=25478,fd=4),("zabbix_server",pid=25477,fd=4),("zabbix_server",pid=25475,fd=4),("zabbix_server",pid=25474,fd=4),("zabbix_server",pid=25473,fd=4),("zabbix_server",pid=25471,fd=4),("zabbix_server",pid=25470,fd=4),("zabbix_server",pid=25468,fd=4),("zabbix_server",pid=25467,fd=4),("zabbix_server",pid=25466,fd=4),("zabbix_server",pid=25464,fd=4),("zabbix_server",pid=25463,fd=4),("zabbix_server",pid=25462,fd=4),("zabbix_server",pid=25460,fd=4),("zabbix_server",pid=25459,fd=4),("zabbix_server",pid=25458,fd=4),("zabbix_server",pid=25456,fd=4),("zabbix_server",pid=25455,fd=4),("zabbix_server",pid=25454,fd=4),("zabbix_server",pid=25453,fd=4),("zabbix_server",pid=25451,fd=4),("zabbix_server",pid=25450,fd=4),("zabbix_server",pid=25448,fd=4),("zabbix_server",pid=25447,fd=4),("zabbix_server",pid=25445,fd=4),("zabbix_server",pid=25444,fd=4),("zabbix_server",pid=25443,fd=4),("zabbix_server",pid=25442,fd=4),("zabbix_server",pid=25441,fd=4),("zabbix_server",pid=25440,fd=4),("zabbix_server",pid=25439,fd=4),("zabbix_server",pid=25434,fd=4))
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$
3.1.5 開機(jī)自啟
將 zabbix_server 設(shè)置為開機(jī)自啟服務(wù) |
/etc/rc.local 為開機(jī)會執(zhí)行的腳本文件 |
可以將任意命令寫入該腳本文件����,開機(jī)時(shí)就會被執(zhí)行 |
該文件默認(rèn)沒有可執(zhí)行權(quán)限 |
└─$ echo zabbix_server >> /etc/rc.d/rc.local
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ echo zabbix_agentd >> /etc/rc.d/rc.local
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$ chmod +x /etc/rc.d/rc.local
┌──[root@zabbixserver]-[/usr/share/nginx/html/conf]
└─$bash
3.2 部署Zabbix被監(jiān)控端服務(wù)器
scp -r /root/zabbix-3.4.4 root@192.168.26.13:/root/
scp -r /root/zabbix-3.4.4 root@192.168.26.14:/root/
3.2.1 配置被監(jiān)控主機(jī)
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "yum -y install gcc pcre-devel autoconf"
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "cd /root/zabbix-3.4.4;./configure --enable-agent;make install;ls /usr/local/etc/"
.......
***********************************************************
* Now run 'make install' *
* *
* Thank you for using Zabbix! *
* <http://www.zabbix.com> *
***********************************************************
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /root/zabbix-3.4.4/missing aclocal-1.15 -I m4/root/zabbix-3.4.4/missing: line 81: aclocal-1.15: command not found
WARNING: 'aclocal-1.15' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<http://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<http://www.gnu.org/software/autoconf>
<http://www.gnu.org/software/m4/>
<http://www.perl.org/>
make: *** [aclocal.m4] Error 127
報(bào)錯了����,提示少一個(gè)包aclocal-1.15 ��,我們裝一下����。
┌──[root@zabbixserver]-[/ansible]
└─$ ls
ansible.cfg inventory
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "cd /root/zabbix-3.4.4;./configure --enable-agent;yum -y install automake;autoreconf -ivf;make install;ls /usr/local/etc/"
查看配置文件路徑����,只有客戶端配置文件
#######查看配置文件路徑,只有客戶端配置文件
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "ls /usr/local/etc/"
192.168.26.14 | CHANGED | rc=0 >>
zabbix_agentd.conf
zabbix_agentd.conf.d
192.168.26.13 | CHANGED | rc=0 >>
zabbix_agentd.conf
zabbix_agentd.conf.d
獲取目標(biāo)主機(jī)監(jiān)控?cái)?shù)據(jù)和向目標(biāo)主機(jī)發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
#########獲取目標(biāo)主機(jī)監(jiān)控?cái)?shù)據(jù)和向目標(biāo)主機(jī)發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
#zabbix_get 獲取監(jiān)控?cái)?shù)據(jù)的命令
#zabbix_sender 發(fā)送監(jiān)控?cái)?shù)據(jù)的命令
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "ls /usr/local/bin/"
192.168.26.13 | CHANGED | rc=0 >>
zabbix_get
zabbix_sender
192.168.26.14 | CHANGED | rc=0 >>
zabbix_get
zabbix_sender
查看啟動zabbix客戶端的命令
########查看啟動zabbix客戶端的命令
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "ls /usr/local/sbin/"
192.168.26.13 | CHANGED | rc=0 >>
zabbix_agentd
192.168.26.14 | CHANGED | rc=0 >>
zabbix_agentd
┌──[root@zabbixserver]-[/ansible]
└─$
修改配置文件
允許被哪些服務(wù)器監(jiān)控��,允許自己監(jiān)控自己����,允許26.15來監(jiān)控自己
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m lineinfile -a "path=/usr/local/etc/zabbix_agentd.conf regexp=^Server=127.0.0.1$ line=Server=127.0.0.1,192.168.26.15"
192.168.26.14 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
192.168.26.13 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'cat /usr/local/etc/zabbix_agentd.conf | grep Server=127.0.0.1'
192.168.26.13 | CHANGED | rc=0 >>
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.domain
Server=127.0.0.1,192.168.26.15
192.168.26.14 | CHANGED | rc=0 >>
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.domain
Server=127.0.0.1,192.168.26.15
┌──[root@zabbixserver]-[/ansible]
└─$
監(jiān)控服務(wù)器的IP地址和端口號
######監(jiān)控服務(wù)器的IP地址和端口號
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m lineinfile -a "path=/usr/local/etc/zabbix_agentd.conf regexp=^ServerActive=127.0.0.1$ line=ServerActive=192.168.26.15:10051"
192.168.26.14 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
192.168.26.13 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'cat /usr/local/etc/zabbix_agentd.conf | grep ServerActive=127.0.0.1'
192.168.26.14 | CHANGED | rc=0 >>
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
192.168.26.13 | CHANGED | rc=0 >>
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'cat /usr/local/etc/zabbix_agentd.conf | grep ServerActive='
192.168.26.14 | CHANGED | rc=0 >>
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# ServerActive=ServerActive=192.168.26.15:10051
192.168.26.13 | CHANGED | rc=0 >>
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# ServerActive=ServerActive=192.168.26.15:10051
啟動服務(wù)
└─$ ansible web -m shell -a 'useradd -s /sbin/nologin zabbix;zabbix_agentd;ss -ntulpa | grep zabbix'
192.168.26.14 | CHANGED | rc=0 >>
tcp LISTEN 0 128 *:10050 *:* users:(("zabbix_agentd",pid=59879,fd=4),("zabbix_agentd",pid=59878,fd=4),("zabbix_agentd",pid=59877,fd=4),("zabbix_agentd",pid=59876,fd=4),("zabbix_agentd",pid=59875,fd=4),("zabbix_agentd",pid=59873,fd=4))
192.168.26.13 | CHANGED | rc=0 >>
tcp LISTEN 0 128 *:10050 *:* users:(("zabbix_agentd",pid=47251,fd=4),("zabbix_agentd",pid=47250,fd=4),("zabbix_agentd",pid=47249,fd=4),("zabbix_agentd",pid=47248,fd=4),("zabbix_agentd",pid=47247,fd=4),("zabbix_agentd",pid=47246,fd=4))
┌──[root@zabbixserver]-[/ansible]
└─$
3.2.3 開機(jī)自啟
將zabbix_agend設(shè)置為開機(jī)自啟服務(wù) |
/etc/rc.local 為開機(jī)會執(zhí)行的腳本文件 |
可以將任意命令寫入該腳本文件,開機(jī)時(shí)就會被執(zhí)行 |
該文件默認(rèn)沒有可執(zhí)行權(quán)限 |
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'echo zabbix_agentd >> /etc/rc.d/rc.local;chmod +x /etc/rc.d/rc.local'
192.168.26.14 | CHANGED | rc=0 >>
192.168.26.13 | CHANGED | rc=0 >>
┌──[root@zabbixserver]-[/ansible]
└─$
四、zabbix 實(shí)戰(zhàn)
一、基礎(chǔ)監(jiān)控
1.2 添加監(jiān)控主機(jī)
添加監(jiān)控主機(jī) |
Host (主機(jī)) 是監(jiān)控的基本載體����,Zabbix 所有監(jiān)控都是基于Host����,通過Configuration —> Hosts —> Create Host創(chuàng)建 |
注意設(shè)置中文環(huán)境后����,中英文差異, 選擇 “ 配置 ”,然后選擇 “主機(jī)”����,查看被監(jiān)控的主機(jī) |
|
點(diǎn)擊 “停用的”,然后選中 “確認(rèn)”����,開啟監(jiān)控狀態(tài) |
|
第一步:選擇 “配置”, 然后選擇 “主機(jī)”, 最后選擇 “創(chuàng)建主機(jī)” |
|
第二步:設(shè)置被監(jiān)控端的主機(jī)名, 將主機(jī)添加到任意一個(gè)組中 |
第三步:設(shè)置被監(jiān)控端的IP地址和端口號 |
第四步:點(diǎn)擊最后的 “添加按鈕”, 添加web1主機(jī)完成 |
|
應(yīng)用監(jiān)控模板 |
|
為主機(jī)添加關(guān)聯(lián)的監(jiān)控模板 |
在 “Templates” 模板選項(xiàng)卡頁面中 |
找到 Link new templates����,select 選項(xiàng)合適的模板添加 |
這里我們選擇 Template OS Linux模板 |
|
這些32個(gè)zabbix默認(rèn)的監(jiān)控項(xiàng),會對Linux系統(tǒng)的內(nèi)存,CPU,網(wǎng)卡流量����,磁盤等進(jìn)行監(jiān)控����; |
選擇對應(yīng)的模板��,則該模板中默認(rèn)的所有監(jiān)控選項(xiàng)都可以使用 |
查看監(jiān)控?cái)?shù)據(jù) |
可以點(diǎn)擊“Monitoring” —> “Latest data” |
在過濾器中填寫條件�����,根據(jù)群組和主機(jī)搜索即可 |
第一步:選擇 “監(jiān)測中”,選擇“最新數(shù)據(jù)”,選擇“主機(jī)群組”,選擇 “主機(jī)”��,最后選擇 “應(yīng)用” |
|
|
五��、自定義監(jiān)控
5.1 自定義key
被監(jiān)控端修改Agent配置文件
#####查看被監(jiān)控主機(jī)web1的配置文件
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'ls /usr/local/etc'
192.168.26.14 | CHANGED | rc=0 >>
zabbix_agentd.conf
zabbix_agentd.conf.d
192.168.26.13 | CHANGED | rc=0 >>
zabbix_agentd.conf
zabbix_agentd.conf.d
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'cat /usr/local/etc/zabbix_agentd.conf'
192.168.26.14 | CHANGED | rc=0 >>
#####被監(jiān)控端修改Agent配置文件
[root@web1 ~]# vim /usr/local/etc/zabbix_agentd.conf
......
#########加載配置文件的目錄����,取消注釋����,也是自定義選項(xiàng)存放的目錄
263 # Include=/usr/local/etc/zabbix_agentd.userparams.conf
264 Include=/usr/local/etc/zabbix_agentd.conf.d/
265 # Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
......
加載配置文件的目錄,取消注釋�����,也是自定義選項(xiàng)存放的目錄
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "sed -i '264i Include=/usr/local/etc/zabbix_agentd.conf.d/' /usr/local/etc/zabbix_agentd.conf"
開啟自定義監(jiān)控功能��,默認(rèn)注釋
##########開啟自定義監(jiān)控功能,默認(rèn)注釋
280 UnsafeUserParameters=1
281
282 ### Option: UserParameter
283 # User-defined parameter to monitor. There can be s everal userdefined parameters.
284 # Format: UserParameter=<key>,<shell command>
285 # See 'zabbix_agentd' directory for examples.
286 #
287 # Mandatory: no
288 # Default:
289 # UserParameter=
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "sed -i '282i UnsafeUserParameters=1' /usr/local/etc/zabbix_agentd.conf"
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If
you need to use command because replace, lineinfile or template is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.26.14 | CHANGED | rc=0 >>
192.168.26.13 | CHANGED | rc=0 >>
┌──[root@zabbixserver]-[/ansible]
└─$
創(chuàng)建自定義key
######進(jìn)入到自定義監(jiān)控文件的目錄下
[root@web1 ~]# cd /usr/local/etc/zabbix_agentd.conf.d/
####創(chuàng)建自定義監(jiān)控項(xiàng)��,文件名為count.line.passwd【任意取名】
##自定義監(jiān)控項(xiàng)格式: UserParameter=<key>,<shell command>
#key為監(jiān)控項(xiàng)名稱����,后面跟具體命令
[root@web1 zabbix_agentd.conf.d]# vim count.line.passwd
UserParameter=count.user,sed -n '$=' /etc/passwd
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a 'cd /usr/local/etc/zabbix_agentd.conf.d/;echo "UserParameter=count.user,sed -n '$=' /etc/passwd" >count.line.passwd '
192.168.26.13 | CHANGED | rc=0 >>
192.168.26.14 | CHANGED | rc=0 >>
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "cat /usr/local/etc/zabbix_agentd.conf.d/count.line.passwd"
192.168.26.14 | CHANGED | rc=0 >>
UserParameter=count.user,sed -n $=/etc/passwd
192.168.26.13 | CHANGED | rc=0 >>
UserParameter=count.user,sed -n $=/etc/passwd
┌──[root@zabbixserver]-[/ansible]
└─$
重啟Agentd
#####被監(jiān)控端配置文件發(fā)生變化,需要重啟服務(wù)
##查看命令是由哪個(gè)軟件提供的��,沒安裝����,則需要安裝
[root@web1 ~]# yum provides "killall"
......
psmisc-22.20-15.el7.x86_64 : Utilities for managing processes
##殺死進(jìn)程,重新開啟agent服務(wù)
[root@web1 ~]# killall zabbix_agentd
[root@web1 ~]# zabbix_agentd
##查看端口信息
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "yum -y install psmisc;killall zabbix_agentd;zabbix_agentd;ss -ntulpa | grep zabbix"
[WARNING]: Consider using the yum module rather than running 'yum'. If you need to use command
because yum is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.26.13 | CHANGED | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package psmisc-22.20-17.el7.x86_64 already installed and latest version
Nothing to do
tcp LISTEN 0 128 *:10050 *:* users:(("zabbix_agentd",pid=51045,fd=4))zabbix_agentd: no process found
192.168.26.14 | CHANGED | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package psmisc-22.20-17.el7.x86_64 already installed and latest version
Nothing to do
tcp LISTEN 0 128 *:10050 *:* users:(("zabbix_agentd",pid=61926,fd=4),("zabbix_agentd",pid=61925,fd=4),("zabbix_agentd",pid=61924,fd=4),("zabbix_agentd",pid=61923,fd=4),("zabbix_agentd",pid=61922,fd=4),("zabbix_agentd",pid=61921,fd=4))zabbix_agentd: no process found
┌──[root@zabbixserver]-[/ansible]
└─$
測試自定義key是否生效
#######注意:最后count.user為監(jiān)控項(xiàng)的key,不是監(jiān)控項(xiàng)的文件名
##作用:安全��,入侵者創(chuàng)建用戶后��,從zabbix監(jiān)控中可以實(shí)時(shí)看到
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "zabbix_get -s 127.0.0.1 -k count.user"
192.168.26.13 | CHANGED | rc=0 >>
21
192.168.26.14 | CHANGED | rc=0 >>
21
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m user -a "name=test20211002 state=present"
192.168.26.13 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/test20211002",
"name": "test20211002",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
192.168.26.14 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1002,
"home": "/home/test20211002",
"name": "test20211002",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "zabbix_get -s 127.0.0.1 -k count.user"
192.168.26.13 | CHANGED | rc=0 >>
22
192.168.26.14 | CHANGED | rc=0 >>
22
┌──[root@zabbixserver]-[/ansible]
└─$
5.2 一些概念
創(chuàng)建自定義監(jiān)控項(xiàng)的步驟: |
創(chuàng)建新的監(jiān)控模板(默認(rèn)監(jiān)控項(xiàng)為空)��; |
在監(jiān)控模板中創(chuàng)建應(yīng)用集(對監(jiān)控項(xiàng)進(jìn)行分類管理); |
將自定義監(jiān)控項(xiàng)加入到對應(yīng)的應(yīng)用集中��; |
監(jiān)控模板 —> 應(yīng)用集 —> 監(jiān)控項(xiàng) |
|
5.3 創(chuàng)建監(jiān)控模板
登錄監(jiān)控服務(wù)器Web管理頁面 |
選擇 Configuration —> Templates 創(chuàng)建模板 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m user -a "name=date state=present"
192.168.26.13 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1003,
"home": "/home/date",
"name": "date",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1003
}
192.168.26.14 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1003,
"home": "/home/date",
"name": "date",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1003
}
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m user -a "name=liruilong state=present"
192.168.26.13 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1004,
"home": "/home/liruilong",
"name": "liruilong",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1004
}
192.168.26.14 | CHANGED=> {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1004,
"home": "/home/liruilong",
"name": "liruilong",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1004
}
┌──[root@zabbixserver]-[/ansible]
└─$ ansible web -m shell -a "zabbix_get -s 127.0.0.1 -k count.user"
192.168.26.14 | CHANGED | rc=0 >>
24
192.168.26.13 | CHANGED | rc=0 >>
24
┌──[root@zabbixserver]-[/ansible]
└─$
六�����、拓?fù)鋱D與聚合圖形
6.1 拓?fù)鋱D
6.1.1 拓?fù)鋱D
拓?fù)鋱D |
繪制拓?fù)鋱D可以快速了解服務(wù)器架構(gòu) |
Monitoring —> Maps (拓?fù)鋱D) |
選擇默認(rèn)的 Local network 拓?fù)鋱D����,編寫即 |
創(chuàng)建一個(gè)空的拓?fù)鋱D |
|
lcon(圖標(biāo))��,添加新的設(shè)備后可以點(diǎn)擊圖標(biāo)修改屬性Shape(形狀),Link(連線)����,先選擇兩個(gè)圖標(biāo)����,再選擇連線完成后�����,點(diǎn)擊Update(更新) |
|
|
編輯拓?fù)鋱D |
|
:再次選擇 ”添加“�����,點(diǎn)擊”新的組件 |
|
修改新組件的 ” 地圖元素” |
|
建立監(jiān)控服務(wù)器與被監(jiān)控主機(jī)web1的鏈接 |
|
更新拓?fù)鋱D |
|
6.2 聚合圖形
聚合圖形 |
在一個(gè)頁面顯示多個(gè)數(shù)據(jù)圖表,方便了解多組數(shù)據(jù) |
Monitoring —> Screens(聚合圖形)—> Create screen |
Owner: 使用默認(rèn)的Admin用戶 |
Name: 名稱設(shè)置為 web1 |
Columns: 列數(shù)設(shè)置為2列 |
Rows: 行數(shù)設(shè)置為4行 |
第一步:選擇“監(jiān)控中”,選擇“聚合圖形”�����,選擇“創(chuàng)建聚合圖形” |
|
|
選擇剛剛創(chuàng)建的聚合圖形(web1),點(diǎn)擊后面的構(gòu)造函數(shù)(constructor),點(diǎn)擊Change (更改),設(shè)置每行每列需要顯示的數(shù)據(jù)圖表,第一步:選擇“監(jiān)控中”����,選擇“聚合圖形”�����,選擇web后面的“構(gòu)造函數(shù)” |
|
|
第二步:選擇第二個(gè) “更改”,配置圖形數(shù)據(jù)����,查看網(wǎng)卡信息 |
|
七����、自動發(fā)現(xiàn)
自動發(fā)現(xiàn)(Discovery):當(dāng)Zabbix需要監(jiān)控的設(shè)備越來越多��,手動添加監(jiān)控設(shè)備越來越有挑戰(zhàn),此時(shí),可以考慮使用自動發(fā)現(xiàn)功能
自動發(fā)現(xiàn)可以實(shí)現(xiàn):發(fā)現(xiàn)主機(jī)�����、添加主機(jī)��、添加主機(jī)到組����、鏈接模板等����。
自動發(fā)現(xiàn) |
zabbix自動發(fā)現(xiàn)我們需要監(jiān)控的目標(biāo)主機(jī); |
zabbix自動的把這臺主機(jī)添加到監(jiān)控的主機(jī)列表中; |
zabbix自動將目標(biāo)主機(jī)加入到特定的組中; |
zabbix自動為目標(biāo)主機(jī)鏈接模板�����; |
自動發(fā)現(xiàn)(Discovery)流程 |
創(chuàng)建自動發(fā)現(xiàn)規(guī)則 |
創(chuàng)建 Action 動作(發(fā)現(xiàn)主機(jī)后自動執(zhí)行什么動作) |
通過動作����,執(zhí)行添加主機(jī),鏈接模板到主機(jī)等操作 |
7.1自動發(fā)現(xiàn)規(guī)則
創(chuàng)建自動發(fā)現(xiàn)規(guī)則 |
Configuration —> Discovery —> Create discovery rule |
第一步:選擇“配置”,選擇“自動發(fā)現(xiàn)”,選擇“創(chuàng)建自動發(fā)現(xiàn)規(guī)則” |
|
【名稱】 #任意定義 |
【IP范圍】 #設(shè)置自動發(fā)現(xiàn)的主機(jī)IP范圍����,不同IP以逗號作為分隔�����; |
【更新間隔】 #每隔多長時(shí)間掃描一次被監(jiān)控主機(jī),1h為正常開發(fā)環(huán)境參數(shù)�����,1m為實(shí)驗(yàn)環(huán)境參數(shù)����; |
【檢查】 #選擇根據(jù)什么服務(wù)來發(fā)現(xiàn)目標(biāo)主機(jī)����; |
填寫規(guī)則 |
自動發(fā)現(xiàn)的IP范圍(逗號隔開可以寫多個(gè)) |
多久做一次自動發(fā)現(xiàn) |
(默認(rèn)為1小時(shí),僅實(shí)驗(yàn)修改為1m) |
【名稱】 #任意定義 |
【IP范圍】 #設(shè)置自動發(fā)現(xiàn)的主機(jī)IP范圍����,不同IP以逗號作為分隔�����; |
【更新間隔】 #每隔多長時(shí)間掃描一次被監(jiān)控主機(jī),1h為正常開發(fā)環(huán)境參數(shù)�����,1m為實(shí)驗(yàn)環(huán)境參數(shù)�����; |
【檢查】 #選擇根據(jù)什么服務(wù)來發(fā)現(xiàn)目標(biāo)主機(jī)��; |
檢查的方式: |
HTTP����、FTP�����、Agent的自定義key等檢查 |
|
7.2 創(chuàng)建動作
創(chuàng)建動作 |
Configuration —> Actions |
Event source(Discovery) —> Create action |
注意:選擇事件源為:自動發(fā)現(xiàn) |
第一步:選擇“配置”�����,選擇“動作”�����,事件源選擇“自動發(fā)現(xiàn)”�����,選擇“創(chuàng)建動作” |
|
添加動作名稱,添加觸發(fā)動作的條件 |
操作(觸發(fā)動作后要執(zhí)行的操作指令)�����,操作細(xì)節(jié)如下: |
添加主機(jī)到組�����,與模板鏈接(HTTP模板) |
第二步:添加動作“名稱”����,選擇“新的觸發(fā)條件” (進(jìn)一步過濾要發(fā)現(xiàn)的主機(jī))�����,選擇“添加” |
|
|
|
八��、監(jiān)控觸發(fā)器
8.1 基本概念
基本概念 |
自定義的監(jiān)控項(xiàng)默認(rèn)不會自動報(bào)警 |
首頁也不會提示錯誤 |
需要配置觸發(fā)器與報(bào)警動作才可以自動報(bào)警 |
|
動作(action) | 觸發(fā)器(trigger) |
觸發(fā)器的條件被觸發(fā)后的行為 | 表達(dá)式,如內(nèi)存不足300M��,用戶超過30個(gè)等��; |
可以是發(fā)送郵件�����、也可以是重啟某個(gè)服務(wù)等 | 當(dāng)觸發(fā)條件發(fā)生后����,會導(dǎo)致一個(gè)觸發(fā)事件; |
觸發(fā)事件會執(zhí)行某個(gè)動作; |
|
8.2 觸發(fā)器
8.2.1 創(chuàng)建觸發(fā)器
|
第二步:選擇“Configuration”��,選擇"Templates", 選擇對應(yīng)模板后的“Triggers” |
|
第三步:選擇 “Create trigger”��,創(chuàng)建觸發(fā)器�����, |
Expression表達(dá)式:觸發(fā)異常的條件 |
{sserver>:<key>.<function>(<parameter>)}<operator><constant>住機(jī): key.函數(shù)(參數(shù))<表達(dá)式>常數(shù) |
{web1:system.cpu.load[all, avg1].last(0)}>5 //0為最新數(shù)據(jù)如果web1主機(jī)最新的CPU平均負(fù)載值大于5,則觸發(fā)器狀態(tài)Problem |
{vfs.fs.size[/,free].max(5m)}<10G //5m為最近5分鐘根分區(qū),最近5分鐘的最大容量小于10G,則狀態(tài)進(jìn)入Problem |
{fvis.file.cksum[/etc/passwd].diff(0)}>0 //0為最新數(shù)據(jù),最新一次校驗(yàn)/etc/passwd如果與上一次有變化,則狀態(tài)進(jìn)入Problem |
Expression表達(dá)式案例 |
大多數(shù)函數(shù)使用秒作為參數(shù),使用#代表不同含義 |
avg,count�����,last����,min and max 函數(shù)支持額外的第二個(gè)參數(shù)time_shift (時(shí)間偏移量) |
這個(gè)參數(shù)允許從過去一段時(shí)間內(nèi)引用數(shù)據(jù)。 |
|
【Item】 #模板對應(yīng)的監(jiān)控項(xiàng),對具體的監(jiān)控項(xiàng)設(shè)置觸發(fā)器 |
【Function】 #選擇已經(jīng)定義好的觸發(fā)器表達(dá)式 |
【Last of(T)】 #最近多少時(shí)間內(nèi)(秒)����,滿足表達(dá)式����,才會觸發(fā) |
【Time shift】 #指偏移量,取多長時(shí)間以前的監(jiān)控?cái)?shù)據(jù),用于條件判斷 |
針對模板【count_line_passwd】中的監(jiān)控項(xiàng)【count_passwd_item】設(shè)置觸發(fā)條件; |
使用函數(shù)判斷:當(dāng)監(jiān)控到的最小值大于N(N=20)時(shí),被觸發(fā)�����; |
取7200秒(2小時(shí))以前����,向后再推移300秒的監(jiān)控?cái)?shù)據(jù)����,用于觸發(fā)條件判斷; |
|
選擇觸發(fā)器報(bào)警級別,Add創(chuàng)建該觸發(fā)器 |
九����、報(bào)警郵件
9.1 設(shè)置郵件
創(chuàng)建Media
設(shè)置郵件服務(wù)器 |
Administration —> Media Type —> 選擇Email郵件 |
設(shè)置郵件服務(wù)器信息 |
第一步:選擇”管理“����,選擇”報(bào)警媒介類型“�����,點(diǎn)擊”Email“電子郵件 |
|
第二步:設(shè)置報(bào)警媒介 |
|
【名稱】 #名稱可以任意定義 |
【類型】 #選擇”電子郵件“ 用于發(fā)送報(bào)警信息 |
【SMTP服務(wù)器】 #郵件服務(wù)器的地址��,localhost指用本機(jī)作為郵件服務(wù)器 |
【SMTP服務(wù)器端口】 #郵件服務(wù)器的端口號,默認(rèn)為25 |
【SMTP電郵】 #郵件服務(wù)器的賬戶����,root作為郵件服務(wù)器的賬戶�����,localhost指本機(jī) |
【安全鏈接】 #如果是發(fā)送到其他郵箱上(qq,163),需要選擇對應(yīng)的安全鏈接方式 |
【認(rèn)證】 #用戶名��,密碼 |
|
選擇Media菜單 —> 點(diǎn)擊Add添加報(bào)警媒介 |
在Media Type中填寫報(bào)警類型�����,收件人����,時(shí)間等信息 |
第二步:給用戶添加報(bào)警方式��,”選擇報(bào)警媒介“,選擇 ”添加“ |
|
9.2 創(chuàng)建動作
Action(行為) |
定義當(dāng)觸發(fā)器被觸發(fā)時(shí)�����,執(zhí)行什么Action |
通過Configuration —> Actions —> Create action 創(chuàng)建 |
選擇 ”配置“, 選擇”動作“, 選擇"觸發(fā)器" ����,根據(jù)觸發(fā)器來”創(chuàng)建動作“ |
|
|
|
配置動作的具體操作行為(發(fā)送信息或執(zhí)行遠(yuǎn)程命令) |
無限次數(shù)發(fā)送郵件,60秒1次����,發(fā)送給Admin用戶 |
【步驟】 #1 - 0 代表只要問題沒有解決��,就會一直發(fā)送報(bào)警郵件,1 - 10指只會發(fā)送最多10封報(bào)警郵件��; |
【步驟持續(xù)時(shí)間】 #默認(rèn)時(shí)間為秒����,指每隔多長時(shí)間發(fā)送一次報(bào)警郵件; |
【發(fā)送到用戶】 #將報(bào)警郵件發(fā)送給哪個(gè)用戶��,使用【添加】�����; |
【僅送到】 #選擇Email,只采用郵件的發(fā)送方式����,all指的是所有方式都用�����; |
|
選擇”監(jiān)測中”, 選擇 “儀表盤”�����,查看監(jiān)控信息 |
|
嗯,我這個(gè)沒有成功��,時(shí)間關(guān)係��,以後在研究��,感興趣小夥伴可以研究下
十、主被動監(jiān)控
1.1 概述
主動和被動都是對被監(jiān)控端主機(jī)而言的
默認(rèn)zabbix采用的是被動監(jiān)控,當(dāng)監(jiān)控主機(jī)達(dá)到一定量級后��,Zabbix服務(wù)器會越來越慢,此外��,可以考慮使用主動監(jiān)控��,釋放服務(wù)器的壓力,另外,Zabbix 也支持分布式監(jiān)控��,也是可以考慮的方案
被動監(jiān)控 | 主動監(jiān)控 |
被動監(jiān)控:Server向Agent發(fā)起連接 | 主動監(jiān)控:Agent向Server發(fā)起連接 |
| |
區(qū)別:Server 不用每次需要數(shù)據(jù)都連接Agent����,Agent會自己收集數(shù)據(jù)并處理數(shù)據(jù),Server僅需要保存數(shù)據(jù)即可
