333 lines
9.2 KiB
Plaintext
333 lines
9.2 KiB
Plaintext
# in my case PostgreSQL run in docker with network_mode: "host" and the server port is 5500
|
|
|
|
docker ps -a
|
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
|
103200fc07a3 postgres:15.4 "docker-entrypoint.s…" 7 days ago Up About an hour postgres15-db-1
|
|
|
|
# use interactive shell on docker container in order to run psql
|
|
docker exec -it postgres15-db-1 bash
|
|
|
|
psql -p 5500 -U postgres
|
|
|
|
# list users
|
|
\du
|
|
|
|
# list databases
|
|
\l
|
|
|
|
# cleanup old ZABBIX database install
|
|
drop database zabbix;
|
|
drop role zabbix;
|
|
|
|
# create database & user
|
|
create database zabbix;
|
|
create role zabbix login password 'secret';
|
|
alter database zabbix owner TO zabbix;
|
|
|
|
# test connection
|
|
psql -p 5500 -U zabbix -d zabbix
|
|
|
|
# list tables
|
|
\dt
|
|
|
|
|
|
# get official docker files
|
|
mkdir -p /app/persistent_docker/zabbix
|
|
cd /app/persistent_docker/zabbix
|
|
git clone https://github.com/zabbix/zabbix-docker.git
|
|
|
|
# config files
|
|
##############
|
|
|
|
# use docker-compose_v3_alpine_pgsql_latest.yaml docker compose file to create our custom compose file
|
|
cp docker-compose_v3_alpine_pgsql_latest.yaml zabbix.yaml
|
|
|
|
zabbix.yaml
|
|
-----------
|
|
version: '3.5'
|
|
services:
|
|
zabbix-server:
|
|
image: zabbix/zabbix-server-pgsql:alpine-6.4-latest
|
|
ports:
|
|
- "10051:10051"
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
|
|
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
|
|
- ./zbx_env/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
|
|
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
|
|
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
|
|
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
|
|
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
|
|
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
|
|
- ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
|
|
# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
|
|
# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
|
|
# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
|
|
ulimits:
|
|
nproc: 65535
|
|
nofile:
|
|
soft: 20000
|
|
hard: 40000
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.70'
|
|
memory: 1G
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
env_file:
|
|
- ./env_vars/.env_db_pgsql
|
|
- ./env_vars/.env_srv
|
|
secrets:
|
|
- POSTGRES_USER
|
|
- POSTGRES_PASSWORD
|
|
networks:
|
|
zbx_net_backend:
|
|
aliases:
|
|
- zabbix-server
|
|
- zabbix-server-pgsql
|
|
- zabbix-server-alpine-pgsql
|
|
- zabbix-server-pgsql-alpine
|
|
zbx_net_frontend:
|
|
# devices:
|
|
# - "/dev/ttyUSB0:/dev/ttyUSB0"
|
|
stop_grace_period: 30s
|
|
sysctls:
|
|
- net.ipv4.ip_local_port_range=1024 64999
|
|
- net.ipv4.conf.all.accept_redirects=0
|
|
- net.ipv4.conf.all.secure_redirects=0
|
|
- net.ipv4.conf.all.send_redirects=0
|
|
labels:
|
|
com.zabbix.description: "Zabbix server with PostgreSQL database support"
|
|
com.zabbix.company: "Zabbix LLC"
|
|
com.zabbix.component: "zabbix-server"
|
|
com.zabbix.dbtype: "pgsql"
|
|
com.zabbix.os: "alpine"
|
|
|
|
|
|
zabbix-web-nginx-pgsql:
|
|
image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest
|
|
ports:
|
|
- "80:8080"
|
|
- "443:8443"
|
|
volumes:
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
|
|
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
|
|
# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
|
|
# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
|
|
# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.70'
|
|
memory: 512M
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 256M
|
|
env_file:
|
|
- ./env_vars/.env_db_pgsql
|
|
- ./env_vars/.env_web
|
|
secrets:
|
|
- POSTGRES_USER
|
|
- POSTGRES_PASSWORD
|
|
depends_on:
|
|
- zabbix-server
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
networks:
|
|
zbx_net_backend:
|
|
aliases:
|
|
- zabbix-web-nginx-pgsql
|
|
- zabbix-web-nginx-alpine-pgsql
|
|
- zabbix-web-nginx-pgsql-alpine
|
|
zbx_net_frontend:
|
|
stop_grace_period: 10s
|
|
sysctls:
|
|
- net.core.somaxconn=65535
|
|
labels:
|
|
com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support"
|
|
com.zabbix.company: "Zabbix LLC"
|
|
com.zabbix.component: "zabbix-frontend"
|
|
com.zabbix.webserver: "nginx"
|
|
com.zabbix.dbtype: "pgsql"
|
|
com.zabbix.os: "alpine"
|
|
|
|
networks:
|
|
zbx_net_frontend:
|
|
driver: bridge
|
|
driver_opts:
|
|
com.docker.network.enable_ipv6: "false"
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.16.238.0/24
|
|
zbx_net_backend:
|
|
driver: bridge
|
|
driver_opts:
|
|
com.docker.network.enable_ipv6: "false"
|
|
internal: true
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.16.239.0/24
|
|
|
|
volumes:
|
|
snmptraps:
|
|
|
|
secrets:
|
|
POSTGRES_USER:
|
|
file: ./env_vars/.POSTGRES_USER
|
|
POSTGRES_PASSWORD:
|
|
file: ./env_vars/.POSTGRES_PASSWORD
|
|
|
|
|
|
./env_vars/.env_db_pgsql
|
|
------------------------
|
|
DB_SERVER_HOST=socorro.swgalaxy
|
|
DB_SERVER_PORT=5500
|
|
POSTGRES_USER=zabbix
|
|
POSTGRES_PASSWORD=secret
|
|
POSTGRES_DB=zabbix
|
|
|
|
|
|
|
|
# start docker containers, check status and logs
|
|
docker compose -f zabbix.yaml up -d
|
|
docker ps -a
|
|
docker logs zabbix-docker-zabbix-server-1
|
|
docker logs zabbix-docker-zabbix-web-nginx-pgsql-1
|
|
|
|
# download zabbix agent: zabbix_agent-6.4.8-linux-3.0-amd64-static.tar.gz
|
|
# uncompress archive to /app/zabbix_agent2
|
|
|
|
cd /app/zabbix_agent2
|
|
gunzip -c zabbix_agent-6.4.8-linux-3.0-amd64-static.tar.gz | tar -xvf -
|
|
|
|
# update zabbix_agentd.conf file:
|
|
Server=172.16.238.0/24 <- frontend network defined in docker compose file
|
|
ServerActive=192.168.0.91 <- IP of the docker host
|
|
AllowRoot=1 <- if you want to allow agent running under root account
|
|
|
|
|
|
|
|
# in my case I prefer to run tha agent as a non root user
|
|
groupadd zabbixag
|
|
useradd zabbixag -g zabbixag -G zabbixag
|
|
|
|
# switch to agent user and start:
|
|
su - zabbixag
|
|
/app/zabbix_agent2/sbin/zabbix_agentd -c /app/zabbix_agent2/conf/zabbix_agentd.conf
|
|
|
|
# check agent process and log
|
|
ps -edf | grep -i agent
|
|
tail -f /tmp/zabbix_agentd.log
|
|
|
|
# interesting, when I deployed the agent on a remote host, I had tu put in agent configuration file:
|
|
Server=192.168.0.91 <- IP of the docker host
|
|
|
|
# Setup a notification test when a specific file exists
|
|
#######################################################
|
|
# https://aaronsaray.com/2020/zabbix-test-notification/
|
|
- select a host
|
|
- create a new ITEM:
|
|
- Name: (my) check if file /tmp/test exists
|
|
- Type: Zabbix agent
|
|
- Key: vfs.file.exists[/tmp/test]
|
|
- Update interval: 1m
|
|
- create a nuew TRIGGER:
|
|
- Name: (my) raise error if file /tmp/test exists
|
|
- Severity: Disaster
|
|
- Expression: last(/bakura.swgalaxy/vfs.file.exists[/tmp/test])=1
|
|
|
|
|
|
# Setup notifications to Opsgenie using webhook
|
|
###############################################
|
|
# https://www.zabbix.com/integrations/opsgenie
|
|
|
|
From Opsgenie we need:
|
|
- Opsgenie API URL: https://api.eu.opsgenie.com/v2/alerts
|
|
- Your 0psgenie API KEY (token): 58798dad-fd7f-4f97-a4cc-85a45174fb29
|
|
- Your Opsgenie Web URL: https://swgalaxy.app.opsgenie.com
|
|
|
|
In Zabbix:
|
|
|
|
1. Setup an Opsgenie media type
|
|
|
|
- define the global macro {$ZABBIX.URL}=<your ZABBIX URL>, example {$ZABBIX.URL}=http://192.168.0.91
|
|
(Menu: Administration/Macros)
|
|
- Create a copy pf Opsgenie media type (export in yaml, change media type name, import from yaml)
|
|
(Menu: Alerts/Media type)
|
|
- In your new Opsgenie media type, configure:
|
|
- opsgenie_api
|
|
- opsgenie_token
|
|
- opsgenie_web
|
|
- Enable the media type and test:
|
|
- alert_message: MEDIA TYPE TEST
|
|
- event_id: 12345
|
|
- event_source: 0
|
|
- event_update_status: 0
|
|
- event_value: 1
|
|
|
|
2. Associate the media type with User profile
|
|
|
|
- Menu: User settings/Profile/Media
|
|
- Click on Add
|
|
- Send to: <put a string> (not used but mandatory to add)
|
|
- customize (defaults values seems to be good)
|
|
- Don't forget to click on Update button
|
|
|
|
3. Enable triggering alerts to administrators via all media
|
|
|
|
- Menu: Alerts / Actions / Trigger Actions
|
|
- Enable the action: Report problems to Zabbix administrators
|
|
(the value of Operation should be: Send message to user groups: Zabbix administrators via all media)
|
|
|
|
# using zabbix_sender to send custom values
|
|
###########################################
|
|
|
|
|
|
On the host bakura.swgalaxy I will create a new item:
|
|
|
|
Name: (my) item from zabbix_sender
|
|
Type: Zabbix trapper
|
|
Key: my_key_custom_integer
|
|
Type of information: Numeric (unsigned)
|
|
|
|
|
|
From the host bakura.swgalaxy:
|
|
/app/oracle/zabbix_agent/bin/zabbix_sender -c /app/oracle/zabbix_agent/conf/zabbix_agentd.conf -s "bakura.swgalaxy" -k my_key_custom_integer -o 39
|
|
|
|
|
|
# Proxy zabbix
|
|
##############
|
|
|
|
Docker file example:
|
|
|
|
zabbix_proxy.yaml
|
|
-----------------
|
|
services:
|
|
exegol-zabbix-proxy:
|
|
image: zabbix/zabbix-proxy-sqlite3:latest
|
|
restart: always
|
|
environment:
|
|
ZBX_HOSTNAME: exegol.swgalaxy
|
|
ZBX_PROXYMODE: 0
|
|
ZBX_SERVER_HOST: socorro.swgalaxy
|
|
|
|
|
|
To declare the proxy in Web Interface: Administration / Proxys / Create proxy
|
|
|
|
|
|
|
|
|
|
|