KVM、zabbix具体配置

KVM、zabbix具体配置

防火墙技术
配置主机名
节点配置主机名：
[root@localhost ~]# hostnamectl set-hostname user1
//退出并重新连接虚拟机
[root@user1 ~]# hostnamectl
Static hostname: user1
Icon name: computer-vm
Chassis: vm
Machine ID: 17d24d21f1c34b699c19d5e84762b3fe
Boot ID: 6ea800f863564e11afc5d91d65fafb3f
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64redis2节点配置主机名：
[root@localhost ~]# hostnamectl set-hostname user2
//退出并重新连接虚拟机
[root@user2 ~]# hostnamectl
Static hostname: user2
Icon name: computer-vm
Chassis: vm
Machine ID: 17d24d21f1c34b699c19d5e84762b3fe
Boot ID: d6c808d94d6b4501b5ad740429e23aa4
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
将centos镜像上传并挂载，所有节点配置yum源
所有节点配置本地yum源。
[root@user1 ~]# mkdir /opt/centos
[root@user1 ~]# mount CentOS-7-x86_64-DVD-1511.iso /opt/centos
mount: /dev/loop0 is write-protected, mounting read-only
[root@user1 ~]# rm -rf /pos.d/*
[root@user1 ~]# cat /pos.po
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
在两个节点安装并启动httpd和mariadb服务，并在user2上新建一个网页。
[root@user1 ~]# yum install mariadb-server httpd -y
[root@user1 ~]# systemctl start httpd
[root@user1 ~]# systemctl start mariadb
[root@user2 ~]# yum install mariadb-server httpd -y
[root@user2 ~]# systemctl start httpd
[root@user2 ~]# systemctl start mariadb
[root@user2 ~]# echo welcome to beijing > /var/www/html/index.html
此时user2主机进行控制其他机器访问。
[root@user2 ~]# iptables -A INPUT -s 192.168.20.1,127.0.0.1 -j ACCEPT //允许本地windows系统访问
[root@user2 ~]# iptables -A INPUT -j REJECT //拒绝其他所有主机访问本机
[root@user2 ~]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 8 560 ACCEPT all – * * 192.168.20.1 0.0.0.0/0
2 0 0 ACCEPT all – * * 127.0.0.1 0.0.0.0/0
3 0 0 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 3 packets, 308 bytes)
num pkts bytes target prot opt in out source destination
[root@user2 html]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 15 1012 ACCEPT all – * * 192.168.20.1 0.0.0.0/0
2 0 0 ACCEPT all – * * 127.0.0.1 0.0.0.0/0
3 0 0 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 8 packets, 1568 bytes)
num pkts bytes target prot opt in out source destination
此时user1主机无法访问user2主机。
[root@user1 ~]# curl 192.168.20.20
curl: (7) Failed connect to 192.168.20.20:80; Connection refused
此时只允许user1用户访问本机的httpd服务。
[root@user2 ~]# iptables -I INPUT 3 -s 192.168.20.10 -p tcp --dport 80 -j ACCEPT
[root@user2 ~]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 126 9352 ACCEPT all – * * 192.168.20.1 0.0.0.0/0
2 0 0 ACCEPT all – * * 127.0.0.1 0.0.0.0/0
3 0 0 ACCEPT tcp – * * 192.168.20.10 0.0.0.0/0 tcp dpt:80
4 1 60 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 7 packets, 772 bytes)
num pkts bytes target prot opt in out source destination
此时user1主机通过TCP协议就可以访问user2主机的httpd服务内容。
[root@user1 ~]# curl 192.168.20.20
welcome to beijing
在user2主机将mysql数据库允许user1主机访问。
[root@user2 ~]# iptables -I INPUT 3 -s 192.168.20.10 -p tcp --dport 3306 -j ACCEPT
[root@user2 ~]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 220 16328 ACCEPT all – * * 192.168.20.1 0.0.0.0/0
2 0 0 ACCEPT all – * * 127.0.0.1 0.0.0.0/0
3 0 0 ACCEPT tcp – * * 192.168.20.10 0.0.0.0/0 tcp dpt:3306
4 6 397 ACCEPT tcp – * * 192.168.20.10 0.0.0.0/0 tcp dpt:80
5 1 60 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 13 packets, 1580 bytes)
num pkts bytes target prot opt in out source destination
在user2主机将mysql数据库允许user1主机访问，并验证。
[root@user2 ~]# mysql -e “grant all on . to test@‘192.168.20.%’ identified by ‘centos’”
[root@user1 ~]# mysql -utest -pcentos -h192.168.20.20 //在user1节点验证
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 6
Server version: 5.5.44-MariaDB MariaDB Server

Copyright © 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

MariaDB [(none)]>

Zabbix监控
环境软件包
节点名称 ip地址 组件
controller 192.168.100.10 mysql,php,nginx,zabbix-server,zabbix-agent
compute 192.168.100.20 mysql,php,nginx,zabbix-agent

2台服务器,1台zabbix_server，1台zabbix_agent
2台服务器配置50G硬盘,内存2G以上，cpu2个
软件包zabbix-4.0.3.tar, zabbix-agent-4.0.3-1.el7.x86_64.rpm, lnmp1.6-full.tar
Zabbix server机器装载mysql,php,nginx,zabbix-server,zabbix-agent
Zabbix agent机器装载mysql,php,nginx,zabbix-agent

1.lnmp环境配置
导入lnmp1.6-full.tar，并解压出来，里面存放的是lnmp环境一键部署脚本；

tar –zxvf lnmp1.6-full.tar –C /usr/local

cd /usr/local /lnmp1.6-full

修改脚本环境变量配置文件：

f

MySQL_Data_Dir=’/data/mysql/’

执行脚本：./install.sh lnmp

目前提供了较多的MySQL、MariaDB版本和不安装数据库的选项，需要注意的是MySQL 5.6,5.7及MariaDB 10必须在1G以上内存的更高配置上才能选择！
输入对应MySQL或MariaDB版本前面的序号，回车进入下一步

设置MySQL的root密码，输入后回车进入下一步，如下图所示：

询问是否需要启用MySQL InnoDB，InnoDB引擎默认为开启，一般建议开启！直接回车或输入 y ，输入完成，回车进入下一步。

注意：选择PHP 7+版本时需要自行确认PHP版本是否与自己的程序兼容。
输入要选择的PHP版本的序号，回车进入下一步，选择是否安装内存优化：

安装完成 如果显示Nginx: OK，MySQL: OK，PHP: OK

2.zabbix安装部署
Zabbix Server编译安装 安装依赖 yum install -y libevent-devel wget tar gcc gcc-c++ make net-snmp-devel libxml2-devel libcurl-devel 创建zabbix用户 useradd -s /sbin/nologin zabbix 下载zabbix源码包 cd /usr/local/src/ rz zabbix-4.0. 解压编译 tar -zxvf zabbix-4.0. cd zabbix-4.0.3 mv /usr/local/src/zabbix-4.0.3/* /usr/local/zabbix ./configure --prefix=/usr/local/zabbix --enable-server --enable-agent --with-mysql=/usr/local/mysql/bin/mysql_config --with-net-snmp --with-libcurl --with-libxml2 make && make install 选项说明 1) --prefix指定安装目录 2) --enable-server安装zabbix server 3) --enable-agent安装zabbix agent 4) --with-mysql用mysql来存储 环境变量设置： vim /etc/profile export PATH=$PATH:/usr/local/zabbix/sbin/:/usr/local/zabbix/bin/ source /etc/profile echo KaTeX parse error: Expected 'EOF', got '#' at position 174: …e utf8_bin; #̲#创建zabbix库和设置格式…) { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/nginx/zabbix$fastcgi_script_name; include fastcgi_params; } } mkdir /data/nginx/zabbix ##创建zabbix web 的文件目录 /etc/init.d/nginx reload cp -rf /usr/local/zabbix/frontends/php/* /data/nginx/zabbix ##把源码安装包路径下的文件cp到zabbix web文件目录当中 到浏览器通过192.168.100.10/setup.php 配置zabbix的初始化设置；
注：这里zabbix初始化设置会有报错，需要提前修改php.ini的配置文件； vim /usr/local/php/etc/php.ini post_max_size = 32M max_execution_time = 350 max_input_time = 350 date.timezone = Asia/Shanghai always_populate_raw_post_data = -1 重启php-fpm服务 /etc/init.d/php-fpm restart
Zabbix web界面部署：

测试登录：
登陆账户是Admin
密码是zabbix

设置中文

监控报警提示：Zabbix agent on Zabbix server is unreachable for 5 minutes 此提示为zabbix agent未启动导致的！
查看端口10051是否有启动： [root@controller frontends]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 25409/zabbix_server tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 23148/php-fpm: mast tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 25395/nginx: master tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 25395/nginx: master tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 25395/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1145/sshd tcp6 0 0 :::3306 ::