Installing Zabbix GUI on Debian Wheezy (with dotdeb, MySQL and lighttpd)

Nov 4, 2013   #zabbix  #linux 

But Why?

Everybody knows how important it is to monitor your servers, so you know what is going on at all times of the day. This also applies when when you want to have time of with friends and family. Everybody knows this, but it can be hard to make happen for yourself.

Enter Zabbix!

Yes, there are alternatives like Cacti and probably other good monitoring systems, but while Zabbix is ugly as shit, it also is very powerful, easy to setup (sort of) and widely used.

How does it work?

Zabbix is very modular. There are 3 parts that make up the system; Server, GUI and Agent(s). I assume that you want to host the GUI on the same machine as the Server. This means that the finished setup could look something like this:

Zabbix network secured through SSH tunnels.

Environment

Before we get started, we need to make sure some things are setup correctly. First of we need to add the dotdeb main repository to your sources.list . Add these two lines to your /etc/apt/sources.list file (you can also choose a mirror near you):

deb http://packages.dotdeb.org wheezy all
deb-src http://packages.dotdeb.org wheezy all

and install the GnuPG key in APT:

curl http://www.dotdeb.org/dotdeb.gpg | sudo apt-key add -

Then update the package cache:

sudo apt-get update

Installing Zabbix Server

Zabbix Server can be installed with support for either MySQL or PostgreSQL. I assume that you already have a running MySQL server:

sudo aptitude install zabbix-server-mysql

Once installed, edit /etc/zabbix/zabbix_server.conf:

sudo nano /etc/zabbix/zabbix_server.conf

and add the following changes:

DBName=zabbix
DBUser=zabbix
DBPassword=<secret password>

Create the database:

mysql -e "CREATE DATABASE zabbix"

and install the tables and initial data:

zcat /usr/share/zabbix-server-mysql/schema.sql.gz |mysql zabbix
zcat /usr/share/zabbix-server-mysql/images.sql.gz |mysql zabbix
zcat /usr/share/zabbix-server-mysql/data.sql.gz |mysql zabbix

To make the Zabbix server start in Debian, edit /etc/default/zabbix-server:

sudo nano /etc/default/zabbix-server

and change the START option:

START=yes

Now we are ready to start the Zabbix server:

sudo service zabbix-server start

The server should now respond to requests on port 10051. You can check this by running the following command:

netstat -ln |grep 10051

The resonse should be something like this:

tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN
tcp6       0      0 :::10051                :::*                    LISTEN

Setting up the Zabbix GUI/Web interface

I assume that you already have PHP and lighttpd installed and working on the server.

Start by install the Zabbix frontend package:

sudo aptitude install zabbix-frontend-php

Zabbix is very picky with the settings of PHP, so edit php.ini:

sudo nano /etc/php5/cgi/php.ini

and make sure the values are matched. If in doubt, just wait. Zabbix will inform you of any warnings once it comes online.

post_max_size = 16M
max_execution_time = 300
max_input_time = 300
date.timezone = UTC

Create a config file:

sudo nano /etc/zabbix/zabbix.conf.php

And insert the following:

<?php
global $DB;

$DB["TYPE"]             = 'MYSQL';
$DB["SERVER"]           = 'localhost';
$DB["PORT"]             = 3306;
$DB["DATABASE"]         = 'zabbix';
$DB["USER"]             = 'zabbix';
$DB["PASSWORD"]         = '<secret password>';

$ZBX_SERVER             = 'localhost';
$ZBX_SERVER_PORT        = 10051;
$ZBX_SERVER_NAME        = '';

$IMAGE_FORMAT_DEFAULT   = IMAGE_FORMAT_PNG;
?>

Make sure to replace the <secret password> with a working one.

Once this is done, it’s time to add the Zabbix webroot to the lighttpd vhost config file:

sudo nano /etc/lighttpd/conf-enabled/10-simple-vhost.conf

Insert the following at the end of the file:

$HTTP["host"] =~ "^zabbix-srv.example.com" {
    server.document-root = "/var/www/"
    alias.url += (
        "/zabbix/" => "/usr/share/zabbix/"
    )
}

This it. Restart lighttpd:

sudo service lighttpd restart

and visit the Zabbix web interface:

https://zabbix-srv.example.com/zabbix/

The default username/password is: admin/zabbix

Installing a Zabbix agent

Installing a Zabbix agent is very easy. All you need to do is install the package and edit the /etc/zabbix/zabbix_agentd.conf and change the following:

Server=zabbix-srv.example.com,127.0.0.1
Hostname=srv1.example.com

But this would expose all the data between the Zabbix Agent and the Zabbix Server, since it is not encrypted. If you take your job serious, you always encrypt your data. You don’t know what kind of data you will be exchanging tomorrow. Perhaps it’s something sensitive, this way you won’t have to worry about that.

Setting it up securely

To make the communication secure, we can use autossh to make sure we have working SSH tunnels to and from the Zabbix Server. We will simply forward Zabbix Server port (10051) to all the servers running the agent software and reverse another SSH tunnel from every Zabbix Agent (port 10050) to the Server.

Secure network tunnels between the Zabbix server and the Zabbix Agents

Before we can start to make the tunnels, we need a SSH account we can connect to. The easiest way to do this so it scales well, is to let the machines holding the Zabbix Agent connect to the machine holding the Zabbix Server and setting up the two connections. To make this happen, we need an account on zabbix-srv.example.com that the agent-machines can connect to.

Creating an zabbixagent user on zabbix-srv.example.com

sudo adduser --system --group zabbixagent
sudo mkdir -p /home/zabbixagent/.ssh

The zabbixagent is only allowed to forward ports. Not to gain shell access.

Make the tunnels on the agent machines

To make this simple, we will use the machines root user to make the connections for us. First we need to create a SSH keypair (on the agent-machine) for the connections. Each of the agent-machines will have their own keypair.

sudo mkdir -p /root/.ssh
sudo ssh-keygen -t rsa -C "[email protected]" -f /root/.ssh/zabbixagent_id_rsa -N ''
sudo cat /root/.ssh/zabbixagent_id_rsa.pub

Once done, the public key (that is displayed on the screen) should be added to /home/zabbixagent/.ssh/authorized_keys on zabbix-srv.example.com

We should now be able to make a couple of tunnels to and from zabbix-srv.example.com:

To test it and to add zabbix-srv.example.com to the trusted list of machines, we can try to log in:

sudo ssh -i /root/.ssh/zabbixagent_id_rsa [email protected]

This should give us a welcome text, something like this:

Linux zabbix-srv.example.com 3.10.3-x86_64 Wed Oct 23 15:24:17 EDT 2013

All should be ready to go. To set up the tunnel from srv1 we need to run these two commands:

sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -R 10150:localhost:10050 -L 10051:localhost:10051 [email protected]

for srv2 it’s:

sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -R 10250:localhost:10050 -L 10051:localhost:10051 [email protected]

and for srv3 it’s:

sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -R 10350:localhost:10050 -L 10051:localhost:10051 [email protected]

Installing zabbix-agent

sudo apt-get install zabbix-agent

Change the config file to make the agent know which Zabbix Server to use:

sudo nano /etc/zabbix/zabbix_agentd.conf
Server=zabbix-srv.example.com,127.0.0.1
Hostname=srv1.example.com

and restart the agent:

sudo service zabbix-agent restart

That’s it. Do the same for the other servers and we are ready to setup the hosts in Zabbix Server.

Setting up the hosts in Zabbix Server

First you should go to “Configuration” and “Hosts”.

Created with Apple Preview and Seashore.

Here you see my setup. Never mind that. Just press “Create Host” in the top right corner.

Created with Apple Preview and Seashore.

The only two tabs you should use here are “Host” and “Templates”. Fill out the form the way I did and continue on to the “Templates”-tab.

Created with Apple Preview and Seashore.

Click the “Add”-button in the “Templates”-tab and pick “Template OS Linux” (Make sure you are in the “Templates” category in the dropdown box at the top). Once you are done; press the “Select”-button (at the bottom of the screen) and save the host by clicking on the “Save”-button.

Created with Apple Preview and Seashore.

It can take up to 30 seconds to see the little indicator on the host-line to go green. It should go green, since we have two-way communication in the SSH tunnels.

Created with Apple Preview and Seashore.

Once the servers are green, you are ready to continue on with using Zabbix. From here you can start setting up all the services on your servers, knowing that the communication is secure.

That’s it. Enjoy!