CentOS Stream 9
Sponsored Link

Zabbix 7.0 : Install2024/09/05

 

Install Zabbix 7.0 LTS which is an enterprise open source monitoring system.

[1]

Install Apache httpd, refer to here.

[2]

Configure SSL/TLS setting for Install Apache httpd, refer to here. (optional but recommended)

[3]

Install PHP, refer to here.

[4]

Install MariaDB server, refer to here.

[5] Install other required packages and Add Zabbix repository.
[root@dlp ~]#
dnf -y install php-mysqlnd php-gd php-xml php-bcmath php-ldap

[root@dlp ~]#
dnf -y install https://repo.zabbix.com/zabbix/7.0/centos/9/x86_64/zabbix-release-7.0-5.el9.noarch.rpm
[6] Install Zabbix Server. To monitor Zabbix Server itself, Install Zabbix Agent, too.
[root@dlp ~]#
dnf -y install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent2

[7] Create a database for Zabbix.
[root@dlp ~]#
mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.5.22-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database zabbix character set utf8mb4 collate utf8mb4_bin; 
Query OK, 1 row affected (0.00 sec)

# replace any password for DB [password]
MariaDB [(none)]> grant all privileges on zabbix.* to zabbix@'localhost' identified by 'password'; 
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit 
Bye

[root@dlp ~]#
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix

Enter password:  
# password of zabbix user on MariaDB you set above
[8] Configure and start Zabbix Server.
[root@dlp ~]#
vi /etc/zabbix/zabbix_server.conf
# line 96 : add

DBHost=localhost
# line 132 : add Zabbix DB password

DBPassword=password
[root@dlp ~]#
systemctl enable --now zabbix-server

[9] If SELinux is enabled, change policy like follows.
[root@dlp ~]#
setsebool -P zabbix_can_network on

[root@dlp ~]#
setsebool -P httpd_can_connect_zabbix on

[root@dlp ~]#
setsebool -P domain_can_mmap_files on

[root@dlp ~]#
setsebool -P daemons_enable_cluster_mode on

[root@dlp ~]#
vi zabbix_server.te
# create new

module zabbix_server 1.0;

require {
        type initctl_t;
        type devlog_t;
        type proc_kcore_t;
        type zabbix_t;
        type zabbix_agent_t;
        type rpm_exec_t;
        type rpm_var_lib_t;
        class fifo_file getattr;
        class sock_file getattr;
        class file { execute execute_no_trans map open getattr };
        class capability dac_override;
}

#============= zabbix_t ==============
allow zabbix_t self:capability dac_override;

#============= zabbix_agent_t ==============
allow zabbix_agent_t devlog_t:sock_file getattr;
allow zabbix_agent_t initctl_t:fifo_file getattr;
allow zabbix_agent_t proc_kcore_t:file getattr;
allow zabbix_agent_t rpm_var_lib_t:file open;
allow zabbix_agent_t rpm_exec_t:file { execute execute_no_trans map };

[root@dlp ~]#
checkmodule -m -M -o zabbix_server.mod zabbix_server.te

[root@dlp ~]#
semodule_package --outfile zabbix_server.pp --module zabbix_server.mod

[root@dlp ~]#
semodule -i zabbix_server.pp

[10] If Firewalld is running, allow Zabbix related ports.
[root@dlp ~]#
firewall-cmd --add-service={http,https}

success
[root@dlp ~]#
firewall-cmd --add-port={10051/tcp,10050/tcp}

success
[root@dlp ~]#
firewall-cmd --runtime-to-permanent

success
[11] Configure and start Zabbix Agent to monitor Zabbix Server itself.
[root@dlp ~]#
vi /etc/zabbix/zabbix_agent2.conf
# line 80 : specify Zabbix server

Server=
127.0.0.1
# line 133 : specify Zabbix server

ServerActive=
127.0.0.1
# line 144 : change to your hostname

Hostname=
dlp.srv.world
[root@dlp ~]#
systemctl enable --now zabbix-agent2

[12] Change httpd settings. That's OK to configure Zabbix Server.
[root@dlp ~]#
vi /etc/httpd/conf.d/zabbix.conf
# line 12 : add access permittion for Zabbix Web frontend if you need
# by default, All are allowed

#
Require all granted
Require ip 127.0.0.1 10.0.0.0/24
[root@dlp ~]#
systemctl reload httpd php-fpm

Matched Content