Configure Zabbix Server on CentOS 6.6 with Ansible

Introduction

Soon I will start my internship and I received the question if I knew something about this topic. Since I do not have any experience with Zabbix I wanted to configure this server in my test lab. In this post I will configure a CentOS 6.6 machine as Zabbix Server to monitor some Windows machines. To make it even more interesting for myself I used Ansible to configure it all.

What is Zabbix?

Wikipedia: "Zabbix is an enterprise open source monitoring solution for networks and applications, created by Alexei Vladishev. It is designed to monitor and track the status of various network services, servers, and other network hardware."

Used Tools

- CentOS 7 Workstation to configure Ansible playbook's.
- CentOS 6.6 Minimal for Zabbix Server
- Hyper-V running Windows Server's / Zabbix Server

Prepare Server to accept Ansible Playbooks

	# Create SSH key
	[root@zabbix-server ~]# ssh-keygen -t rsa
	# Move key to the authorized keys
	[root@zabbix-server ~]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
	# Change permissions
	[root@zabbix-server ~]# chmod 700 ~/.ssh/authorized_keys

view raw sshkey hosted with ❤ by GitHub

Configure Ansible and run the Playbook

	# Install Ansible
	[jvm@localhost ~]$ sudo yum install epel-release
	[jvm@localhost ~]$ sudo yum install ansible

view raw Install Ansible hosted with ❤ by GitHub

After these steps Ansible should be able to talk to our configured servers. We can test this with a single ping. The command used for this is "ansible all -m ping", this command pings all the servers in the hosts file from the previous step.

Ansible can communicate with our other server.

Next we need to configure the path where our Ansible roles will be located. This file can be found here: "/etc/ansible/ansible.cfg".

Now we have defined the path, lets make the necessary folders and files for Zabbix.

	# Create folders and main.yml for Ansible
	[jvm@localhost ~]$ sudo mkdir /etc/ansible/roles
	[jvm@localhost ~]$ sudo chmod 775 /etc/ansible/roles
	[jvm@localhost ~]$ sudo vim /etc/ansible/roles/main.yml
	[jvm@localhost ~]$ sudo mkdir /etc/ansible/roles/zabix-server
	[jvm@localhost ~]$ sudo mkdir /etc/ansible/roles/zabix-server/tasks
	[jvm@localhost ~]$ sudo mkdir /etc/ansible/roles/zabix-server/templates

view raw Create Folders Ansible Roles hosted with ❤ by GitHub

Here we configure the right roles for our hosts.

Now we can create the other files and folders for Zabbix.

main.yml (task folder)

	- name: Install Zabbix Repository Key
	rpm_key: state=present key=http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX
	- name: Install Zabbix Repository and other packages needed by Ansible
	yum: pkg={{item}} state=installed
	with_items:
	- policycoreutils-python
	- libselinux-python
	- MySQL-python
	- http://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-2.4-1.el6.noarch.rpm
	- name: Add MariaDB Repo
	template:
	src=MariaDB.repo
	dest=/etc/yum.repos.d/MariaDB.repo
	owner=root
	group=root
	mode=0640
	- name: Install MariaDB packages
	yum: pkg={{item}} state=installed
	with_items:
	- mariadb-server
	- name: Install Zabbix packages
	yum: pkg={{item}} state=installed
	with_items:
	- zabbix-server-mysql
	- zabbix-web-mysql
	- name: Run MariaDB
	service: name=mysql enabled=true state=restarted
	tags: initial
	- name: Create Zabbix Database
	mysql_db: name=zabbix state=present collation=utf8_bin
	- name: Create Zabbix user and grant permissions
	mysql_user: name=zabbix password=zabbix priv=zabbix.*:ALL host=localhost state=present
	- name: Import initial schema
	mysql_db: name=zabbix state=import target={{item}}
	with_items:
	- /usr/share/doc/zabbix-server-mysql-2.4.3/create/schema.sql
	- /usr/share/doc/zabbix-server-mysql-2.4.3/create/images.sql
	- /usr/share/doc/zabbix-server-mysql-2.4.3/create/data.sql
	- name: Copy Zabbix Config
	template:
	src=zabbix_server.conf
	dest=/etc/zabbix/zabbix_server.conf
	owner=root
	group=root
	mode=0610
	- name: Add Httpd Config
	template:
	src=zabbix.conf
	dest=/etc/httpd/conf.d/zabbix.conf
	owner=root
	group=root
	mode=0641
	- name: Configure SELinux
	seboolean: name=httpd_can_network_connect state=yes persistent=yes
	- name: Run MariaDB
	service: name=httpd enabled=true state=restarted
	- name: Restart Zabbix Server
	service: name=zabbix-server enabled=true state=restarted

view raw main.yml hosted with ❤ by GitHub

MariaDB.repo (template folder)

	#MariaDB 10.0 CentOS repository list - created 2014-12-19 09:37 UTC
	# http://mariadb.org/mariadb/repositories/
	[mariadb]
	name = MariaDB
	baseurl = http://yum.mariadb.org/10.0/centos6-amd64
	gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
	gpgcheck=1

view raw MariaDB.repo hosted with ❤ by GitHub

zabbix.conf (template folder)

	#
	# Zabbix monitoring system php web frontend
	#
	Alias /zabbix /usr/share/zabbix
	<Directory "/usr/share/zabbix">
	Options FollowSymLinks
	AllowOverride None
	Order allow,deny
	Allow from all
	php_value max_execution_time 300
	php_value memory_limit 128M
	php_value post_max_size 16M
	php_value upload_max_filesize 2M
	php_value max_input_time 300
	php_value date.timezone Europe/Brussels # Change this to your timezone!!!
	</Directory>
	<Directory "/usr/share/zabbix/conf">
	Order deny,allow
	Deny from all
	<files *.php>
	Order deny,allow
	Deny from all
	</files>
	</Directory>
	<Directory "/usr/share/zabbix/api">
	Order deny,allow
	Deny from all
	<files *.php>
	Order deny,allow
	Deny from all
	</files>
	</Directory>
	<Directory "/usr/share/zabbix/include">
	Order deny,allow
	Deny from all
	<files *.php>
	Order deny,allow
	Deny from all
	</files>
	</Directory>
	<Directory "/usr/share/zabbix/include/classes">
	Order deny,allow
	Deny from all
	<files *.php>
	Order deny,allow
	Deny from all
	</files>
	</Directory>

view raw zabbix.conf hosted with ❤ by GitHub

zabbix_server.conf (template folder)

	# This is a configuration file for Zabbix Server process
	# To get more information about Zabbix,
	# visit http://www.zabbix.com
	############ GENERAL PARAMETERS #################
	LogFile=/var/log/zabbix/zabbix_server.log
	LogFileSize=0
	PidFile=/var/run/zabbix/zabbix_server.pid
	DBHost=localhost
	DBName=zabbix
	DBUser=zabbix
	DBPassword=zabbix
	DBSocket=/var/lib/mysql/mysql.sock

view raw zabbix_server.conf hosted with ❤ by GitHub

Running the playbook

	[jvm@localhost roles]$ cd /etc/ansible/roles
	[jvm@localhost roles]$ ansible-playbook -s main.yml
	PLAY [zabix-server] ***********************************************************
	GATHERING FACTS ***************************************************************
	ok: [zabix-server]
	TASK: [zabix-server | Install Zabbix Repository Key] **************************
	ok: [zabix-server]
	TASK: [zabix-server | Install Zabbix Repository and other packages needed by Ansible] ***
	ok: [zabix-server] => (item=policycoreutils-python,libselinux-python,MySQL-python,http://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-2.4-1.el6.noarch.rpm)
	TASK: [zabix-server | Add MariaDB Repo] ***************************************
	ok: [zabix-server]
	TASK: [zabix-server | Install MariaDB packages] *******************************
	ok: [zabix-server] => (item=mariadb-server)
	TASK: [zabix-server | Install Zabbix packages] ********************************
	ok: [zabix-server] => (item=zabbix-server-mysql,zabbix-web-mysql)
	TASK: [zabix-server | Run MariaDB] ********************************************
	changed: [zabix-server]
	TASK: [zabix-server | Create Zabbix Database] *********************************
	ok: [zabix-server]
	TASK: [zabix-server | Create Zabbix user and grant permissions] ***************
	ok: [zabix-server]
	TASK: [zabix-server | Copy Zabbix Config] *************************************
	ok: [zabix-server]
	TASK: [zabix-server | Add Httpd Config] ***************************************
	ok: [zabix-server]
	TASK: [zabix-server | Configure SELinux] **************************************
	ok: [zabix-server]
	TASK: [zabix-server | Run MariaDB] ********************************************
	changed: [zabix-server]
	TASK: [zabix-server | Restart Zabbix Server] **********************************
	changed: [zabix-server]
	PLAY RECAP ********************************************************************
	zabix-server : ok=14 changed=3 unreachable=0 failed=0
	[jvm@localhost roles]$

view raw Output Ansible hosted with ❤ by GitHub

Configure Zabbix

Now open your web browser and navigate to "http://<your server ip>/zabbix".

Add Windows host

Install agent on Windows machine

	# Log errors and warnings
	DebugLevel=3
	# Name of log file
	LogFile=C:\Zabbix_agentd.log
	# Zabbix Server
	Server=192.168.1.200
	# Allow remote commands for reactive monitoring
	EnableRemoteCommands=1
	# Log all remotely executed commands
	LogRemoteCommands=1
	# Increase default timeout from 3 seconds
	Timeout=5
	# Increase default number of agents from 3
	StartAgents=5

view raw zabbix_agentd.conf hosted with ❤ by GitHub

Start the service

Now the only thing we need to to is to configure the firewall to allow traffic on port 10050. I created the following rule for this. You might want to configure it more aggressive in a production environment.

Result