Monday, September 11, 2017

Install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled


Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux enabled.


We will install Zabbix 3.4.1 on Oracle Linux 7.4 64-bit.

OS: Oracle Linux 7.4 64-bit

We install OS using VMware Workstation 12 Player.
We use 20 GB partition with option automatic LVM.

After install   make network interface start on boot

grep ONBOOT /etc/sysconfig/network-scripts/ifcfg-ens33 
 
ONBOOT=yes

-          set hostname:

hostnamectl set-hostname zabbix01
  
-           do system update:

yum clean all; rm –fr /var/cache/yum; yum update –y
 
 
Optional allow rule for ssh with firwall-cmd and install necessary packages:
 
firewall-cmd --permanent --add-port=22/tcp
 
yum install vim mc wget tcpdump -y

Finally after reboot we have newest possible kernel installed:

uname –a
 
Linux zabbix01 4.1.12-103.3.8.el7uek.x86_64 #2 SMP Mon Aug 21 17:27:54 PDT 2017
 x86_64 x86_64 x86_64 GNU/Linux

Next install your favorite X-System – for example:

yum groupinstall "X Window System"
yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts firefox
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
reboot

MySQL

cd /opt/

wget https://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm --no-check-certificate

rpm -i mysql57-community-release-el7-8.noarch.rpm

yum install mysql-server -y

Check mysql version:

rpm -qa| grep mysql-community-server
 
mysql-community-server-5.7.19-1.el7.x86_64
 
 
Enable and start mysql:
  
systemctl enable mysqld;systemctl start mysqld;systemctl status mysqld
  
Next hardening mysql - get temporary pass:
 
grep 'temporary password' /var/log/mysqld.log
 
 
[root@zabbix01 pegaz]# mysql_secure_installation 
 
Securing the MySQL server deployment.
 
Enter password for user root: 
 
The existing password for the user account root has expired. Please set a new password.
 
New password: 
 
Re-enter new password: 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.
 
Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : No
 
 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
 
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.
 
 
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
 
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.
 
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
 
 
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
 - Dropping test database...
Success.
 
 - Removing privileges on test database...
Success.
 
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
 
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.
 
All done! 
 
 
Tune mysql settings – all settings are examples so modify to Yours needs:
 
vim /etc/my.cnf.d/server.conf
 
[mysqld]
innodb_file_per_table
innodb_flush_method=O_DIRECT
innodb_log_file_size=1G
innodb_buffer_pool_size=4G
innodb_data_file_path=ibdata1:10M:autoextend
 
 
Notice that innodb_log_file_size is 25% of innodb_buffer_pool_size !
 
 
rm -rf /var/lib/mysql/ib*
 
 
systemctl restart mysqld; systemctl status mysqld
 
 
mysql -p
 
create database zabbixdb character set utf8 collate utf8_bin;
 
grant all privileges on zabbixdb.* to zabbix@localhost identified by '<password>';
 
quit;
 
 
HTTPD

yum install httpd -y

systemctl enable httpd; systemctl restart httpd; systemctl status httpd
 
We see error like that:
 
httpd: Could not reliably determine the server's fully qualified domain name
 
So we can fix it adding hostname as ServerName:
 
grep ServerName /etc/httpd/conf/httpd.conf | grep -v "#"
ServerName zabbix01
 
And then
 
systemctl restart httpd

PHP

Enable Optional repo modifying file

vim /etc/yum.repos.d/public-yum-ol7.repo
 
[ol7_optional_latest]
name=Oracle Linux $releasever Optional Latest ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/optional/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

We get:

yum repolist | grep Optional

ol7_optional_latest/x86_64 Oracle Linux 7Server Optional Latest (x86_64)  16,334

Zabbix 3.4

rpm --import http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX

rpm -i http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm

yum install zabbix-server-mysql zabbix-web-mysql zabbix-agent zabbix-java-gateway –y
 
  
 Modify file /etc/php.ini adding Your timezone:
grep date.timezone /etc/php.ini|grep -v ";"
 
date.timezone = Europe/Warsaw
 
 
I won’t write about other settings because you can modify them according to your needs.
 
 
Make iptables rules:
 
firewall-cmd --permanent --add-port=10050/tcp
firewall-cmd --permanent --add-port=10051/tcp
firewall-cmd --reload 
systemctl restart firewalld
 
zcat /usr/share/doc/zabbix-server-mysql-3.4.1/create.sql.gz | mysql -uzabbix -p zabbixdb
 
Update your timezone:
 
grep timezone /etc/httpd/conf.d/zabbix.conf
        php_value date.timezone Europe/Warsaw
 
  
systemctl enable zabbix-server; systemctl enable zabbix-agent
 
We use Selinux so must add rule like this:
 
setsebool -P httpd_can_connect_zabbix=1
  
Set mysql parameters:
 
grep DB /etc/zabbix/zabbix_server.conf | grep -v "#"
DBHost=localhost
DBName=zabbixdb
DBUser=zabbix
DBPassword='Password’
 
  
Start server and agent:
 
systemctl start zabbix-server; systemctl start zabbix-agent
 
 
We get error lioke this in /var/log/zabbix/zabbix_server.log
 
Cannot bind socket to "/var/run/zabbix/zabbix_server_alerter.sock"
 
  
So once again Selinux J
 
 yum install policycoreutils-python -y
 
There is workaround because it is known issue:  Zabbix3Selinux
 
 
wget -O zabbix_server_add.te https://support.zabbix.com/secure/attachment/53320/53320_zabbix_server_add.te --no-check-certificate
 
checkmodule -M -m -o zabbix_server_add.mod zabbix_server_add.te
  
semodule_package -o zabbix_server_add.pp -m zabbix_server_add.mod
  
semodule -i zabbix_server_add.pp
  
systemctl restart zabbix-server; systemctl restart zabbix-agent
 

where ipadress is your IP



Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux
Dodaj napis

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux
 Admin / zabbix
Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux
 We get clean dashboard:
Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux
 We can enable zabbix server:
Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux
 Now we can see first server J
Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux

Zabbix 3.4.1 on Oracle Linux 7.4 64-bit with Selinux


   That is all and we have  installed Zabbix 3.4.1 on Oracle Linux 7.4 64-bit.

Enjoy J


No comments:

Post a Comment

HelenOS

HelenOS HelenOS is a portable microkernel-based multiserver operating system designed and implemented from scratch. It decomposes k...