AWS上でCentOS 7にZabbix 3.2を構築してみた(Zabbix Proxy編)

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

はじめに

こんにちは、城内です。

今回は以前構築したAWSのZabbixに、Zabbix Proxyを追加してみたいと思います。

Zabbixに関する記事は、過去にもたくさんありますので、併せてこちらもご覧ください。

全体構成

今回は以下のような構成を構築します。

arch-01

セットアップ

MySQLのインストール

まず、MySQLをインストールします。

今回は、以前構築したZabbix Server用のRDSのバージョンに合わせて、5.6系をインストールしたいと思います。
(最新でインストールすると5.7系になってしまうのを、あえて5.6系にしています)

$ rpm -ivh  https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
Retrieving https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
warning: /var/tmp/rpm-tmp.80p0SX: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:mysql57-community-release-el7-9  ################################# [100%]
$ yum -y install --disablerepo=mysql57-community --enablerepo=mysql56-community mysql-community-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package mysql-community-server.x86_64 0:5.6.35-2.el7 will be installed
...
Dependency Installed:
  libaio.x86_64 0:0.3.109-13.el7                mysql-community-client.x86_64 0:5.6.35-2.el7  mysql-community-common.x86_64 0:5.6.35-2.el7  perl.x86_64 4:5.16.3-291.el7
  perl-Carp.noarch 0:1.26-244.el7               perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7  perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7   perl-DBI.x86_64 0:1.627-4.el7
  perl-Data-Dumper.x86_64 0:2.145-3.el7         perl-Encode.x86_64 0:2.51-7.el7               perl-Exporter.noarch 0:5.68-3.el7             perl-File-Path.noarch 0:2.09-2.el7
  perl-File-Temp.noarch 0:0.23.01-3.el7         perl-Filter.x86_64 0:1.49-3.el7               perl-Getopt-Long.noarch 0:2.40-2.el7          perl-HTTP-Tiny.noarch 0:0.033-3.el7
  perl-IO-Compress.noarch 0:2.061-2.el7         perl-Net-Daemon.noarch 0:0.48-5.el7           perl-PathTools.x86_64 0:3.40-5.el7            perl-PlRPC.noarch 0:0.2020-14.el7
  perl-Pod-Escapes.noarch 1:1.04-291.el7        perl-Pod-Perldoc.noarch 0:3.20-4.el7          perl-Pod-Simple.noarch 1:3.28-4.el7           perl-Pod-Usage.noarch 0:1.63-3.el7
  perl-Scalar-List-Utils.x86_64 0:1.27-248.el7  perl-Socket.x86_64 0:2.010-4.el7              perl-Storable.x86_64 0:2.45-3.el7             perl-Text-ParseWords.noarch 0:3.29-4.el7
  perl-Time-HiRes.x86_64 4:1.9725-3.el7         perl-Time-Local.noarch 0:1.2300-2.el7         perl-constant.noarch 0:1.27-2.el7             perl-libs.x86_64 4:5.16.3-291.el7
  perl-macros.x86_64 4:5.16.3-291.el7           perl-parent.noarch 1:0.225-244.el7            perl-podlators.noarch 0:2.5.1-3.el7           perl-threads.x86_64 0:1.87-4.el7
  perl-threads-shared.x86_64 0:1.43-6.el7

Replaced:
  mariadb-libs.x86_64 1:5.5.44-2.el7.centos

Complete!

MySQLを起動します。

$ systemctl start mysqld
$ systemctl status mysqld
● mysqld.service - MySQL Community Server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-04-01 00:32:54 JST; 1s ago
  Process: 2345 ExecStartPost=/usr/bin/mysql-systemd-start post (code=exited, status=0/SUCCESS)
  Process: 2283 ExecStartPre=/usr/bin/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
 Main PID: 2344 (mysqld_safe)
   CGroup: /system.slice/mysqld.service
           tq2344 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           mq2510 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld....

Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: Support MySQL by buying support/licenses at http://shop.mysql.com
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: Note: new default config file not created.
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: Please make sure your config file is current
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: WARNING: Default config file /etc/my.cnf exists on the system
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: This file will be read by default by the MySQL server
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: If you do not want to use this, either remove it, or use the
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysql-systemd-start[2283]: --defaults-file argument to mysqld_safe when starting the server
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysqld_safe[2344]: 170401 00:32:53 mysqld_safe Logging to '/var/log/mysqld.log'.
Apr 01 00:32:53 ip-172-31-3-173.ap-northeast-1.compute.internal mysqld_safe[2344]: 170401 00:32:53 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Apr 01 00:32:54 ip-172-31-3-173.ap-northeast-1.compute.internal systemd[1]: Started MySQL Community Server.

初期セットアップのためmysql_secure_installationを実行します。

$ mysql_secure_installation



NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!




All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


Cleaning up...

Zabbix Proxyの構築

次に、Zabbix Proxyを構築していきます。

EC2の作成

今回も、EC2はAWS MarketplaceからCentOS 7を使用します。

ec2-01

設定は前回と同様に、セキュリティグループもデフォルトとローカル環境からのSSHだけを許可しています。
しっかり設定したい場合は、Zabbix ServerとZabbix Agentのサーバたちと10050と10051ポートだけを許可するという感じで設定してみてください。

ec2-02

タイムゾーンの設定

作成したEC2にSSHでログインします。ログインユーザは「centos」になりますので注意してください。

CentOS 7でのタイムゾーンの設定コマンドは以下になります。

$ timedatectl set-timezone Asia/Tokyo

SELinuxの無効化

SELinuxについては、いろいろと引っかかるところがあるようですので、とりあえず無効化してしまいます。
細かく制御することもできるようですので、無効化が気になる方は以下を参照してみてください。

$ cp -p /etc/selinux/config /etc/selinux/config.org
$ vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
...
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
...
$ reboot

Zabbix Proxyのインストール

Zabbix Proxyをインストールします。

$ rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
Retrieving http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
warning: /var/tmp/rpm-tmp.MMKsX9: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:zabbix-release-3.2-1.el7         ################################# [100%]
$ yum install zabbix-proxy-mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package zabbix-proxy-mysql.x86_64 0:3.2.4-2.el7 will be installed
...
Installed:
  zabbix-proxy-mysql.x86_64 0:3.2.4-2.el7

Dependency Installed:
  OpenIPMI-libs.x86_64 0:2.0.19-15.el7             OpenIPMI-modalias.x86_64 0:2.0.19-15.el7          fping.x86_64 0:3.10-1.el7          libtool-ltdl.x86_64 0:2.4.2-21.el7_2
  net-snmp-libs.x86_64 1:5.7.2-24.el7_2.1          unixODBC.x86_64 0:2.3.1-11.el7

Complete!

yumで不意にアップデートされてしまわないように、Zabbixのリポジトリを無効化しておきます。

$ vi /etc/yum.repos.d/zabbix.repo
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://repo.zabbix.com/zabbix/3.2/rhel/7/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX-A14FE591

[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://repo.zabbix.com/non-supported/rhel/7/$basearch/
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=1

データベースとユーザの作成

MySQLにアクセスして、Zabbix Proxyで使用するデータベースとユーザを作成します。

$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 5.6.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database zabbix_proxy character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on zabbix_proxy.* to zabbix@localhost identified by '<パスワード>';
Query OK, 0 rows affected (0.00 sec)

mysql> quit;
Bye
$ zcat /usr/share/doc/zabbix-proxy-mysql-3.2.4/schema.sql.gz | mysql -uroot -p zabbix_proxy
Enter password:

Zabbix Proxyの初期設定

Zabbix Proxyを起動する前に、設定ファイルを編集します。

$ cp -p /etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf.org
$ vi /etc/zabbix/zabbix_proxy.conf
# This is a configuration file for Zabbix proxy daemon
# To get more information about Zabbix, visit http://www.zabbix.com

############ GENERAL PARAMETERS #################

### Option: ProxyMode
#       Proxy operating mode.
#       0 - proxy in the active mode
#       1 - proxy in the passive mode
#
# Mandatory: no
# Default:
# ProxyMode=0

### Option: Server
#       IP address (or hostname) of Zabbix server.
#       Active proxy will get configuration data from the server.
#       For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: yes (if ProxyMode is set to 0)
# Default:
# Server=

Server=<Zabbix ServerサーバのIPアドレス>
...
### Option: DBPassword
#       Database password. Ignored for SQLite.
#       Comment this line if no password is used.
#
# Mandatory: no
# Default:
# DBPassword=

DBPassword=<MySQLユーザのパスワード>
...

Zabbix Proxyを起動し、自動起動に設定します。

$ systemctl start zabbix-proxy
$ systemctl status zabbix-proxy
● zabbix-proxy.service - Zabbix Proxy
   Loaded: loaded (/usr/lib/systemd/system/zabbix-proxy.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-04-01 01:03:29 JST; 4s ago
  Process: 2315 ExecStart=/usr/sbin/zabbix_proxy -c $CONFFILE (code=exited, status=0/SUCCESS)
 Main PID: 2317 (zabbix_proxy)
   CGroup: /system.slice/zabbix-proxy.service
           tq2317 /usr/sbin/zabbix_proxy -c /etc/zabbix/zabbix_proxy.conf
           tq2319 /usr/sbin/zabbix_proxy: configuration syncer [synced config 63 bytes in 0.005576 sec, idle 3600 sec]
           tq2320 /usr/sbin/zabbix_proxy: heartbeat sender [sending heartbeat message failed in 0.018198 sec, idle 60 sec]
           tq2321 /usr/sbin/zabbix_proxy: data sender [sent 0 values in 0.000799 sec, idle 1 sec]
           tq2322 /usr/sbin/zabbix_proxy: poller #1 [got 0 values in 0.000015 sec, idle 5 sec]
           tq2323 /usr/sbin/zabbix_proxy: poller #2 [got 0 values in 0.000014 sec, idle 5 sec]
           tq2324 /usr/sbin/zabbix_proxy: poller #3 [got 0 values in 0.000016 sec, idle 5 sec]
           tq2325 /usr/sbin/zabbix_proxy: poller #4 [got 0 values in 0.000015 sec, idle 5 sec]
           tq2326 /usr/sbin/zabbix_proxy: poller #5 [got 0 values in 0.000028 sec, idle 5 sec]
           tq2327 /usr/sbin/zabbix_proxy: unreachable poller #1 [got 0 values in 0.000015 sec, idle 5 sec]
           tq2328 /usr/sbin/zabbix_proxy: trapper #1 [processed data in 0.000000 sec, waiting for connection]
           tq2329 /usr/sbin/zabbix_proxy: trapper #2 [processed data in 0.000000 sec, waiting for connection]
           tq2330 /usr/sbin/zabbix_proxy: trapper #3 [processed data in 0.000000 sec, waiting for connection]
           tq2331 /usr/sbin/zabbix_proxy: trapper #4 [processed data in 0.000000 sec, waiting for connection]
           tq2332 /usr/sbin/zabbix_proxy: trapper #5 [processed data in 0.000000 sec, waiting for connection]
           tq2333 /usr/sbin/zabbix_proxy: icmp pinger #1 [got 0 values in 0.000015 sec, idle 5 sec]
           tq2334 /usr/sbin/zabbix_proxy: housekeeper [startup idle for 30 minutes]
           tq2335 /usr/sbin/zabbix_proxy: http poller #1 [got 0 values in 0.001231 sec, idle 5 sec]
           tq2336 /usr/sbin/zabbix_proxy: discoverer #1 [processed 0 rules in 0.000597 sec, idle 60 sec]
           tq2337 /usr/sbin/zabbix_proxy: history syncer #1 [synced 0 items in 0.000001 sec, idle 1 sec]
           tq2338 /usr/sbin/zabbix_proxy: history syncer #2 [synced 0 items in 0.000001 sec, idle 1 sec]
           tq2339 /usr/sbin/zabbix_proxy: history syncer #3 [synced 0 items in 0.000001 sec, idle 1 sec]
           tq2340 /usr/sbin/zabbix_proxy: history syncer #4 [synced 0 items in 0.000000 sec, idle 1 sec]
           mq2341 /usr/sbin/zabbix_proxy: self-monitoring [processed data in 0.000003 sec, idle 1 sec]

Apr 01 01:03:29 ip-172-31-3-173.ap-northeast-1.compute.internal systemd[1]: Starting Zabbix Proxy...
Apr 01 01:03:29 ip-172-31-3-173.ap-northeast-1.compute.internal systemd[1]: PID file /run/zabbix/zabbix_proxy.pid not readable (yet?) after start.
Apr 01 01:03:29 ip-172-31-3-173.ap-northeast-1.compute.internal systemd[1]: Started Zabbix Proxy.
$ systemctl enable zabbix-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-proxy.service to /usr/lib/systemd/system/zabbix-proxy.service.
$ systemctl is-enabled zabbix-proxy
enabled

プロキシの設定

Zabbix Serverに作成したZabbix Proxyを登録します。

zbx-01

「プロキシ名」はzabbix_proxy.confに設定してあるHostnameの値と合わせてください。

zbx-02

zbx-03

以前構築したZabbix ServerとAgentの間を、いま登録したプロキシ経由に設定します。

zbx-04

zbx-05

zbx-06

zbx-07

動作確認

以下のWebインターフェイス画面で状態が確認できます。

zbx-08

さいごに

今回は以前の構成にプロキシを追加してみました。
ただのお試しなのであまり意味はないかと思いますが、本格的には監視処理の負荷分散や離れたネットワークとの連携などに使ってみたいですね。

参考情報