Zabbix monitoring server, also Ansible command center — how to?
When you need to have a server for monitoring others, you need to buy a cloud service from tech company, or do it yourself.
In this and few next tutorials I will show my way to achive that. I hope, this will be good tutorial for any others.
Warning!
I use Linux Debian as a desktop machine, so please be aware — some things will not work on Windows machines — but I don’t bother that — I do not like Microsoft products. If you want to see my system, look at YouTube:
Any scripts will be availble at my GitHub repository, which I’ve made for this tutorial:
My VPS is a cheap VPS from Rapid DC — Polish company.
VPS NVMe.Light — https://rapiddc.pl/
KVM / 1vCPU / 2GB RAM / 20GB NVMe / 1Gbit
Starting with Ubuntu 20.04 LTS
I do the following initials steps:
- First, I install ssh key to log into as root — I work in this way, so I put
id_ed25519.pubas file/root/.ssh/authorized_keys
root@linux-admin:~/.ssh# ls -la
total 20
drwx------ 2 root root 4096 Aug 5 12:13 .
drwx------ 7 root root 4096 Aug 5 18:31 ..
-rw------- 1 root root 411 Aug 4 08:48 authorized_keysYou can read details in article https://blog.jurkiewicz.tech/ssh-from-linux-to-linux-in-10-seconds-35b46ffd31cd
After that, I can make ssh to server as a root directly, without need to do sudo each time.
- Install some stuff, which I will use later:
root@linux-admin:~# apt install vim-nox mc iptraf htop systat screenfetch pwgen -y- After that, I upgrade my system:
- I update the whole system:
root@linux-admin:~# do-release-upgrade
#
# [ ... some questions and answers, reboot server at the end...]
#
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-78-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sat Aug 5 02:01:22 PM CEST 2023
System load: 0.087890625 Processes: 94
Usage of /: 19.1% of 19.60GB Users logged in: 0
Memory usage: 8% IPv4 address for eth0: 188.68.237.191
Swap usage: 0%
root@linux-admin:~# screenfetch
./+o+- root@linux-admin.jurkiewicz.tech
yyyyy- -yyyyyy+ OS: Ubuntu 22.04 jammy
://+//////-yyyyyyo Kernel: x86_64 Linux 5.15.0-78-generic
.++ .:/++++++/-.+sss/` Uptime: 3h 32m
.:++o: /++++++++/:--:/- Packages: 714
o:+o+:++.`..```.-/oo+++++/ Shell: bash 5.1.16
.:+o:+o/. `+sssoo+/ Resolution: No X Server
.++/+:+oo+o:` /sssooo. WM: Not Found
/+++//+:`oo+o /::--:. GTK Theme: Adwaita [GTK3]
\+/+o+++`o++o ++////. Disk: 3.8G / 20G (21%)
.++.o+++oo+:` /dddhhh. CPU: AMD EPYC-Rome @ 2.8GHz
.+.o+oo:. `oddhhhh+ GPU: Cirrus Logic GD 5446
\+.++o+o``-````.:ohdhhhhh+ RAM: 312MiB / 1963MiB
`:o+++ `ohhhhhhhhyo++os:
.o:`.syhhhhhhh/.oo++o`
/osyyyyyyo++ooo+++/
````` +oo+++o\:
`oo++.
The next thing is to install OpenVPN Network — read an article how to do it: https://blog.jurkiewicz.tech/how-to-set-up-vpn-network-for-securetly-managing-linux-servers-in-15-minutes-34b069be6b38
After I set up VPN network (in my case: 172.30.0.0/24), I can configure connection from my PC to server; I have to change a file ~/.ssh/config as follows:
Host rapiddc_admin
HostName 172.30.0.1
Compression yes
User root
IdentityFile ~/.ssh/id_ed25519I can connect to my server using ssh rapiddc_admin command.
Of course, the server should be hardering — I will write dedicated article about it, but for now lets assume, that simple ufw will be enough:
root@linux-admin:~# ufw status verbose
Status: active
Logging: off
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere ALLOW IN 172.30.0.0/24
1195/udp ALLOW IN Anywhere Why? Beacause I allow ONLY VPN traffic — so everithing is closed to all hosts, but everything is open to hosts from VPN network.
Installing ansible is very simple, just few commands:
root@linux-admin:~# apt-add-repository --yes --update ppa:ansible/ansible
root@linux-admin:~# apt install ansible
root@linux-admin:~# ansible --version
root@linux-admin:~# ansible-config init --disabled -t all >/etc/ansible/ansible.cfg
root@linux-admin:~# ssh-keygen -t ed25519 -C ansible-serverI will explain it in details in article aboust Ansible Installation and configuration.
Now, we will focus on installing Zabbix LTS 6.0 (Long Term Support).
Detailed documentation is located at: https://www.zabbix.com/documentation/6.0/en/manual — we will go through key elements in this tutorial.
We have to choose Zabbix Version, OS an other elements, after that we will get set of commands to run in Terminal. In my particular case, the link to get the commands is:
Installing — key elements:
In Terminal we run the following commands, as described in documentation page:
root@linux-admin:~# wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu22.04_all.deb
root@linux-admin:~# dpkg -i zabbix-release_6.0-4+ubuntu22.04_all.deb
root@linux-admin:~# apt update
MySQL Database
We have to install SQL Database — of course, we can use different, but for this case we use MySQL 8. There are some important things:
- With MySQL 8.0.30–8.1.X, InnoDB engine is required.
- Character sets utf8 (aka utf8mb3) and utf8mb4 are supported (with utf8_bin and utf8mb4_bin collation respectively) for Zabbix server/proxy to work properly with MySQL database. It is recommended to use utf8mb4 for new installations.
To install we will use the following command:
root@linux-admin:~# apt install mysql-server-8.0
After few minutes we have MySQL Server up and running, we can check:
root@linux-admin:~# systemctl status mysql.service
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-09-22 15:56:33 CEST; 20min ago
Process: 848 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
Main PID: 936 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 2220)
Memory: 421.5M
CPU: 4.493s
CGroup: /system.slice/mysql.service
└─936 /usr/sbin/mysqld
Sep 22 15:56:31 linux-admin.jurkiewicz.tech systemd[1]: Starting MySQL Community Server...
Sep 22 15:56:33 linux-admin.jurkiewicz.tech systemd[1]: Started MySQL Community Server.
The version is Server version: 8.0.34-0ubuntu0.22.04.1 (Ubuntu) - so this is the correct version.
Init database
We need to create initial database:
root@linux-admin:~# mysql -uroot -p
password
mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
mysql> create user zabbix@localhost identified by 'password';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;
On Zabbix server host we have to import initial schema and data. We will be prompted to enter our newly created password.
root@linux-admin:~# zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbixAfter that, we need to set in database:
root@linux-admin:~# mysql -uroot -p
mysql> set global log_bin_trust_function_creators = 1;
mysql> quit;Install Zabbix server software:
root@linux-admin:~# apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agentWe will use Apache server, so we have to open 80/tcp (http) and 443/tcp (https) port on firewall, so we do:
root@linux-admin:~# ufw allow 80/tcp
root@linux-admin:~# ufw allow 443/tcpAfter that, we have access to Apache from outside:
root@linux-admin:~# ufw status verbose
Status: active
Logging: off
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere ALLOW IN 172.30.0.0/24
1095/udp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6) We can test access to http://linux-admin.jurkiewicz.tech/
Now we have to change password in Zabbix configuration file:
root@linux-admin:~# vim /etc/zabbix/zabbix_server.confWe have to change only the password:
### Option: DBPassword
# Database password.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=passwordIf we have done everything correctly, we can restart and check server process:
root@linux-admin:~# systemctl restart zabbix-server.service
root@linux-admin:~# systemctl status zabbix-server.service
Configuring web interface.
Now we can go to web interface: http://server_ip/zabbix — in our case:
http://linux-admin.jurkiewicz.tech/zabbix/
We have to check if every parameter of server is at correct value.
Then we put the password in configuration page:
And write down server name:
Congratulations — we have install and configre our server!
In first login, we can use standard login: Administrator and password: zabbix. We have to remember to change it in first minut after login.
After all, we must remember to configure automatic startup of Zabbix server after each reboot:
root@linux-admin:~# systemctl enable zabbix-server.service
Synchronizing state of zabbix-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable zabbix-server
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-server.service → /lib/systemd/system/zabbix-server.service.
We can observer warning after rebooting server:
We can install Free SSL Certificate from Lets Encrypt. If you want to read whole process, take a look at: https://blog.jurkiewicz.tech/how-to-configure-free-ssl-certificate-with-certbot-letsencrypt-on-ubuntu-linux-20-04-61e1553f250b
We can add some host for monitoring — in this article there is sample configuration: https://blog.jurkiewicz.tech/how-to-start-monitor-linux-host-with-zabbix-server-in-30-minuts-3a3a91df799a
