Just recently I wanted to test out Zabbix frontend. Zabbix helpfully produce a neat appliance which once installed as a VM then allows you to connect up clients.
I wanted to test the new Zabbbix EPEL products.
- first step, needed a dedicated VM. Heading over to Fedora, downloaded a Centos live iso.
- once the iso was downloaded, flashed up a vm and have a virgin vm waiting for me within a few minutes.
being old-school prefer to work via a terminal prompt and leave the gui on the hypervisor (I’m using XenServer for my hypervisor, for a main reason that its very easy to install and simple to use.)
so after changing the keyboard to suit my needs, need to first enable ssh :
service sshd start
next, need to reference the EPEL repository
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
installing zabbix agent is the next easy step :
yum install zabbix20-agent
followed by installing the web frontend :
yum install zabbix20-web-mysql
next, it will be necessary to change some entries in the php config vi /etc/php change :
- Uncomment the date.timezone line and add your current zone, the list of time can be found here.
- max_execution_time = 300
- max_input_time = 300
- post_max_size = 16M
save the file and then connect to the zabbix url http://localhost/zabbix/ next step will be then to configure the connection to the Zabbix server database
test the connection and if all is well, Zabbix will then ask you to complete the fields for the zabbix backend server.
the above configuration is written to file
/etc/zabbix/web/zabbix.conf.php
- so if easier, modify that file. it may be necessary to restart the webserver to reflect the changes.
if the url fails to connect, then its possible :
1. firewall is precluding access – so configure iptables. Example method I use is:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v
/sbin/service iptables save
This executes the iptables init script, which runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables.
- When you reboot, the iptables service will apply the rules saved in this file by using the iptables-restore command.
2. selinux is giving a problem. run the following to see if selinux is preventing:
tail -f /var/log/audit/audit.log |grep -i avc
example of access denial
type=AVC msg=audit(1358942792.307:56): avc: denied { name_connect } for pid=2735 comm="httpd" dest=3306 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mys qld_port_t:s0 tclass=tcp_socket
if so, then turn off selinux or add a policy to allow it. I think it’s a bad idea to turn it off, especially when selinux is easy to configure. To do this, use commands getsebool & setsebool. To see a list of available attributes:
getsebool -a
the one we wish to use here is
httpd_can_network_connect
thus
[root@local]# getsebool httpd_can_network_connect
httpd_can_network_connect --> off
[root@local]# setsebool httpd_can_network_connect on
[root@local]# getsebool httpd_can_network_connect
httpd_can_network_connect --> on
so simple – start to finish, took less than 20minutes!
Big Nose Kates 