zabbix proxy 可以代替 zabbix server 收集性能和可用性数据,然后将数据汇总给 zabbix server,并且在一定程度上分担了zabbix server 的压力。此外,当所有agents和proxies报告给一个Zabbix server并且所有数据都集中收集时,使用proxy是实现集中式和分布式监控的最简单方法。
| 序号 | IP | 角色 | 操作系统 |
|---|---|---|---|
| 1 | 192.168.9.10 | zabbix-server | CentOS Linux release 7.9.2009 (Core) |
| 2 | 192.168.9.148 | zabbix-proxy | CentOS Linux release 7.9.2009 (Core) |
| 3 | 192.168.9.20 | k8s-node2 | CentOS Linux release 7.9.2009 (Core) |
部署zabbix-proxy
[root@zabbix_proxy-centos7-shanghai-area502 ~]# yum install https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm -y
[root@zabbix_proxy-centos7-shanghai-area502 ~]# yum install -y mysql-server
[root@zabbix_proxy-centos7-shanghai-area502 ~]# systemctl start mysqld && systemctl enable mysqld
[root@zabbix_proxy-centos7-shanghai-area502 ~]# cat /var/log/mysqld.log | grep -E "root@localhost"
[root@zabbix_proxy-centos7-shanghai-area502 ~]# mysql -u root -p
Enter password: Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.34
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set global validate_password_policy=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_length=1;
Query OK, 0 rows affected (0.00 sec)
mysql> set password=password('proxy@zabbix');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> grant all on *.* to root@"%" identified by "proxy@zabbix";
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> create database zabbix_proxy character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on zabbix_proxy.* to zabbix@localhost identified by 'proxy@zabbix';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
[root@zabbix_proxy-centos7-shanghai-area502 ~]# yum install -y zabbix-proxy-mysql
[root@zabbix_proxy-centos7-shanghai-area502 ~]# zcat /usr/share/doc/zabbix-proxy-mysql-5.0.12/schema.sql.gz | mysql -uzabbix -p zabbix_proxy
[root@zabbix_proxy-centos7-shanghai-area502 ~]# cat /etc/zabbix/zabbix_proxy.conf
# This is a configuration file for Zabbix proxy daemon
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ProxyMode
# Proxy operating mode.
# 0 - proxy in the active mode
# 1 - proxy in the passive mode
#
# Mandatory: no
# Default:
# ProxyMode=0
### Option: Server
# If ProxyMode is set to active mode:
# IP address or DNS name of Zabbix server to get configuration data from and send data to.
# If ProxyMode is set to passive mode:
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
# Incoming connections will be accepted only from the addresses listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes
# Default:
# Server=
Server=192.168.9.10
### Option: ServerPort
# Port of Zabbix trapper on Zabbix server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1024-32767
# Default:
ServerPort=10051
### Option: Hostname
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=Area502 Zabbix proxy
### Option: HostnameItem
# Item used for generating Hostname if it is undefined.
# Ignored if Hostname is defined.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_proxy.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_proxy.pid
PidFile=/var/run/zabbix/zabbix_proxy.pid
### Option: SocketDir
# IPC socket directory.
# Directory to store IPC sockets used by internal Zabbix services.
#
# Mandatory: no
# Default:
# SocketDir=/tmp
SocketDir=/var/run/zabbix
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# Warning: do not attempt to use the same database Zabbix server is using.
#
# Mandatory: yes
# Default:
# DBName=
DBName=zabbix_proxy
### Option: DBSchema
# Schema name. Used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Default:
# DBUser=
DBUser=zabbix
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=proxy@zabbix
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=
# Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Default:
# DBPort=
######### PROXY SPECIFIC PARAMETERS #############
### Option: ProxyLocalBuffer
# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
# This parameter may be used if local data will be used by third party applications.
#
# Mandatory: no
# Range: 0-720
# Default:
# ProxyLocalBuffer=0
### Option: ProxyOfflineBuffer
# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
# Older data will be lost.
#
# Mandatory: no
# Range: 1-720
# Default:
# ProxyOfflineBuffer=1
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of Proxy on server side.
# 0 - heartbeat messages disabled.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 0-3600
# Default:
# HeartbeatFrequency=60
### Option: ConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ConfigFrequency=3600
### Option: DataSenderFrequency
# Proxy will send collected data to the Server every N seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600
# Default:
# DataSenderFrequency=1
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
# The IPMI manager process is automatically started when at least one IPMI poller is started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPreprocessors
# Number of pre-forked instances of preprocessing workers.
# The preprocessing manager process is automatically started when preprocessor worker is started.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartPreprocessors=3
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender and active agents.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the proxy.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle.
# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
#
# Mandatory: no
# Range: 0-24
# Default:
# HousekeepingFrequency=1
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size, for storing hosts and items data.
#
# Mandatory: no
# Range: 128K-64G
# Default:
# CacheSize=8M
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=16M
### Option: HistoryIndexCacheSize
# Size of history index cache, in bytes.
# Shared memory size for indexing history cache.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryIndexCacheSize=4M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
Timeout=4
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
LogSlowQueries=3000
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: AllowRoot
# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_proxy.general.conf
# Include=/usr/local/etc/zabbix_proxy.conf.d/
# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of proxy modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
### Option: StatsAllowedIP
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
# will be accepted.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Default:
# StatsAllowedIP=
StatsAllowedIP=127.0.0.1
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the proxy certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the proxy private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
### Option: DBTLSConnect
# Setting this option enforces to use TLS connection to database.
# required - connect using TLS
# verify_ca - connect using TLS and verify certificate
# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
# matches its certificate
# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
# "verify_full".
# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
# Default is not to set any option and behavior depends on database configuration
#
# Mandatory: no
# Default:
# DBTLSConnect=
### Option: DBTLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
# Default:
# DBTLSCAFile=
### Option: DBTLSCertFile
# Full pathname of file containing Zabbix proxy certificate for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSCertFile=
### Option: DBTLSKeyFile
# Full pathname of file containing the private key for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSKeyFile=
### Option: DBTLSCipher
# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
# Supported only for MySQL
#
# Mandatory no
# Default:
# DBTLSCipher=
### Option: DBTLSCipher13
# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
# Supported only for MySQL, starting from version 8.0.16
#
# Mandatory no
# Default:
# DBTLSCipher13=
[root@zabbix_proxy-centos7-shanghai-area502 ~]# systemctl enable zabbix-proxy && systemctl start zabbix-proxy部署zabbix-agent节点
[root@centos7-k8s-node2-shanghai-area502 ~]# rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
[root@centos7-k8s-node2-shanghai-area502 ~]# yum install -y zabbix-agent
[root@centos7-k8s-node2-shanghai-area502 ~]# sed -i 's/Server=127.0.0.1/Server=192.168.9.148/' /etc/zabbix/zabbix_agentd.conf
[root@centos7-k8s-node2-shanghai-area502 ~]# sed -i 's/# ListenPort=10050/ListenPort=10060/' /etc/zabbix/zabbix_agentd.conf
[root@centos7-k8s-node2-shanghai-area502 ~]# sed -i 's/ServerActive=127.0.0.1/ServerActive=192.168.9.148/' /etc/zabbix/zabbix_agentd.conf
[root@centos7-k8s-node2-shanghai-area502 ~]# sed -i "s/Hostname=[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/Hostname=Area-$(ifconfig em1|grep -oP '(?<=inet )(\d+\.){3}\d+')/" /etc/zabbix/zabbix_agentd.conf
[root@centos7-k8s-node2-shanghai-area502 ~]# sed -i 's/# HostMetadata=/HostMetadata=area502/' /etc/zabbix/zabbix_agentd.conf # HostMetadata 和 HostMetadataItem ,两者都是用于自动注册使用的,HostMetadata属于静态配置,HostMetadataItem属于动态配置,还可以使用zabbix key 密码串
[root@centos7-k8s-node2-shanghai-area502 ~]# systemctl enable zabbix-agent && systemctl restart zabbix-agent
[root@centos7-k8s-node2-shanghai-area502 ~]# tailf /var/log/zabbix/zabbix_agentd.log # 注意查看日志zabbix-server 配置自动注册
创建agent代理程序,名称根据zabbix-proxy所配置的Hostname配置。
创建自动注册的动作。
验证查看自动注册
.png)
