概述
Zabbix 5.0已经正式发布,相比4.0,它在可用性,安全性和完整性方面都有一系列重要改进。
支持的平台
除了现有的官方软件包和appliances外,Zabbix 5.0现在还支持以下平台:
| SUSE Linux Enterprise Server 15 | Debian 10 |
| Ubuntu 20.04 | Raspbian 10 |
| Mac OS/X | RHEL 8 |
| CentOS 8 | MSI for Windows Agent |
安全相关
SAML用于在安全身份提供者处提供单点身份验证,这意味着用户登录认证需要满足防火墙的安全策略,然后SAML用于向Zabbix和其他应用程序声明身份。SAML方式的支持使Zabbix具备开箱即用的与各种本地和云身份提供商(如Microsoft ADFS、OpenAM、Secureath、Okta、Auth0等)集成的功能。
Zabbix 5.0为更安全的监控进行了重大改进:
- 支持Webhook的HTTP代理,使从Zabbix server到外部告警和ITSM系统的连接更加安全和可控
- agent端的监控指标支持黑名单和白名单
- 所有Zabbix组件都可配置密码,以避免在TLS连接中使用非安全密码
- 支持到MySQL和PostgreSQL后端的加密连接
- 更强大的SHA256用于保存用户密码的Hash值
- Zabbix 5.0支持更隐秘的用户宏,用于保存任何敏感信息,如不希望向最终用户公开的密码和API令牌。
支持TimescaleDB
Zabbix 5.0支持对TimescaleDB收集的数据进行可选压缩。除了TimescaleDB的通用优势(自动表分区、高性能和可扩展性)之外,它还有助于进一步提高性能和降低存储成本。
Zabbix用户界面也得到了改进,以支持监控和管理数百万受监控设备。
agent升级
新一代agent为Linux和Windows提供了一系列新功能和高级监控功能:
- 用Golang编写
- 用于监控各种服务和应用程序的插件框架
- 在执行监控检查时能保持现有状态(例如,保持持久的数据库连接)
- 支持trapping
- 内置调度器,支持灵活的时间间隔
- 使用批量数据传输实现高效的网络使用
- 支持持续存储收集的数据
- 直接替换Linux和Windows上的现有agent
新的UI界面
部署
安装要求
数据库要求
| Software | Version | Comments |
| MySQL | 5.5.62 - 8.0.x | Required if MySQL is used as Zabbix backend database. InnoDB engine is required. MariaDB (10.0.37 or later) also works with Zabbix. |
| Oracle | 11.2 or later | Required if Oracle is used as Zabbix backend database. |
| PostgreSQL | 9.2.24 or later | Required if PostgreSQL is used as Zabbix backend database. It is suggested to use at least PostgreSQL 8.3, which introduced much better VACUUM performance. |
| TimescaleDB | 1.0 or later, OSS (free) version | Required if TimescaleDB is used as Zabbix backend database. |
| SQLite | 3.3.5 or later | SQLite is only supported with Zabbix proxies. Required if SQLite is used as Zabbix proxy database. |
前端要求
Zabbix前端支持的最小屏幕宽度为1200 px
| ftware | Version | Comments |
| Apache | 1.3.12 or later | - |
| Nginx | ? | - |
| PHP | 7.2.0 or later | - |
| PHP extensions: | - | - |
| gd | 2.0.28 or later | PHP GD extension must support PNG images (–with-png-dir), JPEG (–with-jpeg-dir) images and FreeType 2 (–with-freetype-dir). |
| bcmath | - | php-bcmath (–enable-bcmath) |
| ctype | - | php-ctype (–enable-ctype) |
| libXML | 2.6.15 or later | php-xml, if provided as a separate package by the distributor. |
| xmlreader | - | php-xmlreader, if provided as a separate package by the distributor. |
| xmlwriter | - | php-xmlwriter, if provided as a separate package by the distributor. |
| session | - | php-session, if provided as a separate package by the distributor. |
| sockets | - | php-net-socket (–enable-sockets). Required for user script support. |
| mbstring | - | php-mbstring (–enable-mbstring) |
| gettext | - | php-gettext (–with-gettext). Required for translations to work. |
| ldap | - | php-ldap. Required only if LDAP authentication is used in the frontend. |
| mysqli | - | Required if MySQL is used as Zabbix backend database. |
| oci8 | - | Required if Oracle is used as Zabbix backend database. |
| pgsql | - | Required if PostgreSQL is used as Zabbix backend database. |
服务端要求
| Requirement | Status | Description |
| libpcre | Mandatory | PCRE library is required for Perl Compatible Regular Expression (PCRE) support. The naming may differ depending on the GNU/Linux distribution, for example ‘libpcre3’ or ‘libpcre1’. Note that you need exactly PCRE (v8.x); PCRE2 (v10.x) library is not used. |
| libevent | Required for bulk metric support and IPMI monitoring. Version 1.4 or higher. Note that for Zabbix proxy this requirement is optional; it is needed for IPMI monitoring support. | - |
| libpthread | Required for mutex and read-write lock support. | - |
| zlib | Required for compression support. | - |
| OpenIPMI | Optional | Required for IPMI support. |
| libssh2 or libssh | Required for SSH checks. Version 1.0 or higher (libssh2); 0.6.0 or higher (libssh). libssh is supported since Zabbix 4.4.6. | - |
| fping | Required for ICMP ping items. | - |
| libcurl | Required for web monitoring, VMware monitoring, SMTP authentication, web.page.* Zabbix agent items, HTTP agent items and Elasticsearch (if used). Version 7.28.0 or higher is recommended. Libcurl version requirements: - SMTP authentication: version 7.20.0 or higher - Elasticsearch: version 7.28.0 or higher | - |
| libxml2 | Required for VMware monitoring and XML XPath preprocessing. | - |
| net-snmp | Required for SNMP support. Version 5.3.0 or higher. | - |
Agent 2
Agent 2 支持64位的Linux和Microsoft Windows。
| Requirement | Status | Description |
| libpcre | Mandatory | PCRE library is required for Perl Compatible Regular Expression (PCRE) support. The naming may differ depending on the GNU/Linux distribution, for example ‘libpcre3’ or ‘libpcre1’. Note that you need exactly PCRE (v8.x); PCRE2 (v10.x) library is not used. |
| OpenSSL | Optional | Required when using encryption. OpenSSL 1.0.1 or later is required on UNIX platforms. The OpenSSL library must have PSK support enabled. LibreSSL is not supported. On Microsoft Windows systems OpenSSL 1.1.1 or later is required. |
Java gateway
| Library | License | Website | Comments |
| logback-core-0.9.27.jar | EPL 1.0, LGPL 2.1 | http://logback.qos.ch/ | Tested with 0.9.27, 1.0.13, and 1.1.1. |
| logback-classic-0.9.27.jar | EPL 1.0, LGPL 2.1 | http://logback.qos.ch/ | Tested with 0.9.27, 1.0.13, and 1.1.1. |
| slf4j-api-1.6.1.jar | MIT License | http://www.slf4j.org/ | Tested with 1.6.1, 1.6.6, and 1.7.6. |
| android-json-4.3_r3.1.jar | Apache License 2.0 | https://android.googlesource.com/platform/libcore/+/master/json | Tested with 2.3.3_r1.1 and 4.3_r3.1. See src/zabbix_java/lib/README for instructions on creating a JAR file. |
安装LNMP
安装Nginx服务
yum -y install nginx
systemctl start nginx
systemctl enable nginx
安装MySQL服务
注:CentOS 7的yum源中貌似没有正常安装mysql时的mysql-sever文件,需要去官网上下载
wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server
systemctl start mysqld
systemctl enable mysqld
为MySQL设置密码
[root@cn-sz ~]# mysql -uroot
mysql> set password for 'root'@'localhost' = password('123456');
Query OK, 0 rows affected (0.00 sec)
mysql> quit
安装PHP服务
#安装php7存储库
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum remove -y php72w-devel php72w-fpm php72w-mysql php72w-common php72w-devel php72w-gd libjpeg* php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-mcrypt php72w-bcmath php72w-mhash libmcrypt libmcrypt-devel
# 配置php.ini文件,关闭php信息头
sed 's#expose_php = On#expose_php = Off#g' /etc/php.ini -i
# 查看php-fpm版本
[root@cn-sz zabbix]# php -v
PHP 7.0.33 (cli) (built: Dec 6 2018 22:30:44) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
安装Zabbix-server和zabbix-agent
#安装 Zabbix 存储库
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
yum clean all
#安装Zabbix服务器和代理
yum -y install zabbix-server-mysql zabbix-agent
数据导入
创建初始数据库
[root@cn-sz ~]# mysql -uroot -p
password:
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by '123456';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;
数据导入
#下载zabbix源码包
cd /root
wget https://cdn.zabbix.com/zabbix/sources/stable/5.0/zabbix-5.0.23.tar.gz
tar zxvf zabbix-5.0.23.tar.gz
#开始导入数据
[root@cn-sz ~]# mysql -uroot -p
password:
mysql> use zabbix;
mysql> source /root/zabbix-5.0.23/database/mysql/schema.sql;
mysql> source /root/zabbix-5.0.23/database/mysql/images.sql;
mysql> source /root/zabbix-5.0.23/database/mysql/data.sql;
mysql> quit;
修改配置文件
修改 php 配置文件参数
vim /etc/php.ini
post_max_size =16M #POST 方法提交最大限制,第 663 行
max_execution_time =300 #脚本超时时间,第 375 行
max_input_time =300 #第 385 行
systemctl restart php-fpm
修改zabbix-server配置文件参数
[root@cn-sz zabbix]# cat /etc/zabbix/zabbix_server.conf | grep -v '#' |grep -v '^$'
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
SocketDir=/var/run/zabbix
DBHost=127.0.0.1
DBName=zabbix
DBUser=zabbix
DBPassword=123456
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=4
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
systemctl start zabbix-server zabbix-agent
systemctl enable zabbix-server zabbix-agent
配置Nginx文件
[root@cn-sz zabbix]# cat /etc/nginx/conf.d/zabbix.conf
server {
listen 80;
server_name zabbix.if010.com;
root /data/zabbix_web;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location / {
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME /data/zabbix_web/$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
systemctl restart nginx
拷贝Zabbix Web UI文件
mkdir -R /data/zabbix_web
cp -a /root/zabbix-5.0.23/ui/* /data/zabbix_web/
访问配置
http://server_ip_or_name
中文乱码解决
解决:需要手动上传本地Windows的字体(如微软雅黑)到Zabbix服务器的/usr/share/zabbix/assets/fonts/,通常Win10字体文件在C:\Windows\Fonts路径下。
cd /usr/share/zabbix/assets/fonts
mv graphfont.ttf graphfont.ttf.backup
ln -s msyh.ttf graphfont.ttf
