在 CentOS, Rocky, Alma Linux 9 or 8 上轻松安装 Zabbix 6.0或者6.4

Zabbix server is installable on any Linux distribution, but in this tutorial, I will show you how to install the latest Zabbix 6.0 LTS or 6.4 standard release on RHEL and RHEL based Linux distributions: CentOS 8 or 9 / RHEL 9 or 8 / Oracle Linux 9 or 8 / Alma Linux 9 or 8 / Rocky Linux 9 or 8.

Zabbix is 100% free open-source ultimate enterprise-level software designed for monitoring availability and performance of IT infrastructure components and services. You can read a case-study about Zabbix popularity and find out more about open-source movement in this article.

Enough of talk lets do some work! First, we will install and configure Zabbix server, then a database and lastly the frontend – check the picture bellow for a better understanding of Zabbix architecture.

This guide is for installing Zabbix monitoring system (Server), while guide for installing Zabbix-Proxy on CentOS, RHEL, Oracle/Alma/Rocky Linux can be found on this link.

Step 1: Set SELinux to permissive mode

Configure SELinux to work in permissive mode:

setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

This way, SELinux will not block anything, but the audit log will fill up with what would have been denied. And later in step 12, we can create an SELinux policy based on that.

Step 2: Install Zabbix server, frontend, and agent

Setup Zabbix 6 RPM package on you favorite Linux (CentOS 8/9, RHEL 8/9, Oracle Linux 8/9, Alma Linux 8/9, Rocky Linux 8/9); clean repo; and install Zabbix server, frontend, and agent.

Zabbix 6.0 LTS version (supported until February, 2027)
rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/$(rpm -E %{rhel})/x86_64/zabbix-release-6.0-4.el$(rpm -E %{rhel}).noarch.rpm
dnf clean all
dnf -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent

                          OR

Zabbix 6.4 standard version (supported until November, 2023)
rpm -Uvh https://repo.zabbix.com/zabbix/6.4/rhel/$(rpm -E %{rhel})/x86_64/zabbix-release-6.4-1.el$(rpm -E %{rhel}).noarch.rpm
dnf clean all
dnf -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent

You can find more information about Zabbix’s life cycle and release policies on the official website.

Step 3: Install and configure database

In this installation, I will use password rootDBpass as root password and zabbixDBpass as Zabbix password for DB. Consider changing your password for security reasons.

a. Install MariaDB 10.6

curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
sudo bash mariadb_repo_setup --mariadb-server-version=10.6

dnf -y install mariadb-server && systemctl start mariadb && systemctl enable mariadb

b. Reset root password for database

Secure MySQL by changing the default password for MySQL root:

mariadb-secure-installation

Enter current password for root (enter for none): Press Enter
Switch to unix_socket authentication [Y/n] y
Change the root password? [Y/n] y
New password: <Enter root DB password>
Re-enter new password: <Repeat root DB password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

c. Create database

Create a database for Zabbix directly from the terminal using these two commands:

sudo mysql -uroot -p'rootDBpass' -e "create database zabbix character set utf8mb4 collate utf8mb4_bin;"
sudo mysql -uroot -p'rootDBpass' -e "create user 'zabbix'@'localhost' identified by 'zabbixDBpass';"
sudo mysql -uroot -p'rootDBpass' -e "grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbixDBpass';"

d. Import initial schema and data

sudo zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p'zabbixDBpass' zabbix

e. Enter database password in Zabbix configuration file

Open zabbix_server.conf file with command (use “vi” if you don’t have “nano” installed”):

sudo nano /etc/zabbix/zabbix_server.conf

and add database password in this format anywhere in file:

DBPassword=zabbixDBpass

Save and exit file (ctrl+x, followed by y and enter).

Step 4: Start Zabbix server and agent processes

systemctl restart zabbix-server zabbix-agent
systemctl enable zabbix-server zabbix-agent

Step 5: Configure firewall

firewall-cmd --add-service={http,https} --permanent
firewall-cmd --add-port={10051/tcp,10050/tcp} --permanent
firewall-cmd --reload

Step 6: Configure Zabbix frontend

a. Restart Apache web server and make it start at system boot

systemctl restart httpd php-fpm
systemctl enable httpd php-fpm

b. Configure web frontend

Connect to your newly installed Zabbix frontend using URL “http://server_ip_or_dns_name/zabbix” to initiate the Zabbix installation wizard.

In my case, that URL would be “http://192.168.1.161/zabbix” because I have installed Zabbix on the server with IP address 192.168.1.161 (you can find the IP address of your server by typing “ip a” command in the terminal).

NOTE: If you get an error saying that the minimum required version of php is 7.4, upgrade your PHP using these commands:

sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo dnf module reset php -y
sudo dnf module install php:remi-7.4 -y

Basically, in this wizard you only need to enter a password for Zabbix DB user and for everything else just click “Next step“. In this guide, I have used a zabbixDBpass as a database password, but if you set something else, be sure to enter the correct password when prompted by the wizard.

That’s it, you have installed Zabbix monitoring system!

Step 7: Login to frontend using Zabbix default login credentials

Use Zabbix default admin username “Admin” and password “zabbix” (without quotes) to login to Zabbix frontend at URL “http://server_ip_or_dns_name/zabbix” via your browser.

In my example, I have installed Zabbix on server 192.168.1.161 so I will enter in my browsers URL field http://192.168.1.161/zabbix (you can find the IP address of your server by typing “ip a” command in the terminal)

Step 8: Create MySQL partitions on History and Events tables

Zabbix’s housekeeping process is responsible for deleting old trend and history data. Removing old data from the database using SQL delete query can negatively impact database performance. Many of us have received that annoying alarm “Zabbix housekeeper processes more than 75% busy” because of that.

That problem can be easily solved with the database partitioning. Partitioning creates tables for each hour or day and drops them when they are not needed anymore. SQL DROP is way more efficient than the DELETE statement.

You can partition MySQL tables in 5 minutes using this simple guide.

Step 9: Optimizing Zabbix Server (optional)

Don’t bother with this optimization if you are monitoring a small number of devices, but if you are planning to monitor a large number of devices then continue with this step.

Open “zabbix_server.conf” file with command: “nano /etc/zabbix/zabbix_server.conf” and add this configuration anywhere in file:

StartPollers=100
StartPollersUnreachable=50
StartPingers=50
StartTrappers=10
StartDiscoverers=15
StartPreprocessors=15
StartHTTPPollers=5
StartAlerters=5
StartTimers=2
StartEscalators=2
CacheSize=128M
HistoryCacheSize=64M
HistoryIndexCacheSize=32M
TrendCacheSize=32M
ValueCacheSize=256M

Save and exit file (ctrl+x, followed by y and enter).

This is not a perfect configuration, keep in mind that you can optimize it even more. Let’s say if you don’t use ICMP checks then set the “StartPingers” parameter to 1 or if you don’t use active agents then set “StartTrappers” to 1 and so on. You can find out more about the parameters supported in a Zabbix server configuration file in the official documentation.

If you try to start the Zabbix server you may receive an error “[Z3001] connection to database 'Zabbix' failed: [1040] Too many connections” in the log “/var/log/zabbix/zabbix_server.log” because we are using more Zabbix server processes than MySQL can handle. We need to increase the maximum permitted number of simultaneous client connections and optimize MySQL – so move to the next step.

Step 10: Optimizing MySQL/MariaDB database (optional)

a. Create custom MySQL configuration file

Create file “10_my_tweaks.cnf" with “nano /etc/my.cnf.d/10_my_tweaks.cnf” and paste this configuration:

[mysqld]
max_connections = 404
innodb_buffer_pool_size = 800M

innodb-log-file-size = 128M
innodb-log-buffer-size = 128M
innodb-file-per-table = 1
innodb_buffer_pool_instances = 8
innodb_old_blocks_time = 1000
innodb_stats_on_metadata = off
innodb-flush-method = O_DIRECT
innodb-log-files-in-group = 2
innodb-flush-log-at-trx-commit = 2

tmp-table-size = 96M
max-heap-table-size = 96M
open_files_limit = 65535
max_connect_errors = 1000000
connect_timeout = 60
wait_timeout = 28800

Save and exit the file (ctrl+x, followed by y and enter) and set the correct file permission:

chown mysql:mysql /etc/my.cnf.d/10_my_tweaks.cnf
chmod 644 /etc/my.cnf.d/10_my_tweaks.cnf

Two things to remember!

Configuration parameter max_connections must be larger than the total number of all Zabbix proxy processes plus 150. You can use the command below to automatically check the number of Zabbix processes and add 150 to that number:

egrep "^Start.+=[0-9]" /etc/zabbix/zabbix_server.conf | awk -F "=" '{s+=$2} END {print s+150}'
295

The second most important parameter is innodb_buffer_pool_size, which determines how much memory can MySQL get for caching InnoDB tables and index data. You should set that parameter to 70% of system memory if only database is installed on server.

However, in this case, we are sharing a server with Zabbix and Apache processes so you should set innodb_buffer_pool_size to 40% of total system memory. That would be 800 MB because my CentOS server has 2 GB RAM.

I didn’t have any problems with memory, but if your Zabbix proxy crashes because of lack of memory, reduce “innodb_buffer_pool_size” and restart MySQL server.

Note that if you follow this configuration, you will receive “Too many processes on the Zabbix server” alarm in Zabbix frontend due to the new Zabbix configuration. It is safe to increase the trigger threshold or turn off that alarm (select “Problems” tab → left click on the alarm → select “Configuration” → remove the check from “Enabled” → hit the “Update” button)

Learn more about database optimization in the tutorial: How to optimize Zabbix database?

b. Restart Zabbix Server and MySQL service

Stop and start the services in the same order as below:

systemctl stop zabbix-server
systemctl stop mysql
systemctl start mysql
systemctl start zabbix-server

Step 11: How to manage Zabbix / MySQL / Apache service

Sometimes you will need to check or restart Zabbix, MySQL or Apache service – use commands below to do that.

Zabbix Server
systemctl <status/restart/start/stop> zabbix-server

MySQL/MariaDB Server
systemctl <status/restart/start/stop> mysql

Apache Server
systemctl <status/restart/start/stop> httpd

PHP FastCGI Process Manager
systemctl <status/restart/start/stop> php-fpm

Zabbix Agent
systemctl <status/restart/start/stop> zabbix-agent

Step 12: Enable and configure SELinux on Zabbix

While it is acceptable to disable SELinux in a lab environment, depending on the requirements of the local security IT team, you may need to enable and configure SELinux in your production environment.

At the beginning of this guide, we did not turn off SELinux completely but configure it to work in the permissive mode which means it will log all the security errors but will not block anything.

If you accidentally left it in enforcing mode then you will receive the “Zabbix server is not running: the information displayed may not be current” warning on the Zabbix frontend and “cannot set resource limit: [13] Permission denied” in the log file.

Don’t worry, this can be easily fixed, so without further delay, let’s configure SELinux for Zabbix!

a) SELinux: Allow http daemon to connect to Zabbix:

Enable SELinux  boolean “httpd_can_connect_zabbix” that will allow http daemon to connect to Zabbix:

setsebool -P httpd_can_connect_zabbix 1

b) SELinux: Allow Zabbix to connect to all TCP ports:

Enable SELinux  boolean “zabbix_can_network” that will allow Zabbix to connect to all TCP ports :

setsebool -P zabbix_can_network on

And to avoid error “cannot start HA manager: timeout while waiting for HA manager registration” enable daemons_enable_cluster_mode with this command:

setsebool -P daemons_enable_cluster_mode on

c) Set SELinux to work in enforcing mode

Turn on SELinux by setting it to work in enforcing mode:

setenforce 1 && sed -i 's/^SELINUX=.*/SELINUX=enforcing/g' /etc/selinux/config

And check SELinux status :

# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31

d) Create additional SELINUX policy for Zabbix

Just in case, we will create an additional SELinux policy for each error in the audit log (“/var/log/audit/audit.log“)

To do this, we will need the policycoreutils-python tool, so let’s install it:

dnf -y install policycoreutils-python-utils

Create a custom policy package:

grep "denied.*zabbix" /var/log/audit/audit.log | audit2allow -M zabbix_policy

Install custom SELinux policy package:

semodule -i zabbix_policy.pp

Also, to avoid “Database error on login” on CentOS 9 please run these command

sealert -a /var/log/audit/audit.log

It will suggest you to apply additional rules:

ausearch -c ‘php-fpm’ –raw | audit2allow -M my-phpfpm
semodule -X 300 -i my-phpfpm.pp

Well done! You have configured SELinux for Zabbix!

Step 13: Upgrade between minor Zabbix versions

I wrote about upgrade procedures in my post about Zabbix upgrade. Zabbix’s team releases new minor versions at least once a month. The main purpose of minor upgrades is to fix bugs (hotfix) and sometimes even bring new functionality. Therefore, try to do a minor upgrade of Zabbix at least once a month.

There is no need for backups when doing a minor upgrade, they are completely safe. With this command you can easily upgrade minor versions of 6.0.x (for example, from 6.0.1 to 6.0.5):

dnf upgrade 'zabbix*'

And restart Zabbix server afterward:

systemctl restart zabbix-server

文章转自：https://bestmonitoringtools.com/how-to-install-zabbix-server-on-centos-or-rhel/#Step_12_Enable_and_configure_SELinux_on_Zabbix