docker-compose 部署 zabbix-server 5.0 LTS
docker-compose 部署 zabbix-server 5.0 LTS
文章目录
- docker-compose 部署 zabbix-server 5.0 LTS
-
- 前期准备工作
- 下载 zabbix-docker
- 修改 docker-compose_v3_alpine_mysql_5.0.yaml
- 部署服务
- nginx 反向代理,ssl证书服务
- 防火墙配置
- 测试 zabbix
前期准备工作
# centos 7.x 环境
yum update -y
yum install deltarpm -y
# Warning: RPMDB altered outside of yum.
# yum history sync
yum install bash-completion bash-completion-extras lsof net-tools -y
source /etc/profile
# 禁用 selinux
setenforce 0
sed -i '/=enforcing/ s/enforcing/disabled/' /etc/selinux/config
# 添加docker-ce阿里云镜像源
yum install yum-utils -y
yum-config-manager --add-repo http://mirrors.cloud.aliyuncs.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker-ce并启动服务
yum install docker-ce -y
systemctl enable docker --now
# 设置 Docker daemon.json,配置镜像加速,参考以下kubernetes配置
# https://kubernetes.io/zh/docs/setup/production-environment/container-runtimes/
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
# https://kubernetes.io/zh/docs/setup/production-environment/container-runtimes/
# 重启 Docker 服务
systemctl daemon-reload
systemctl restart docker
# 安装 docker-compose yum安装或直接下载官网的二进制可执行文件
# yum install docker-compose -y
curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
下载 zabbix-docker
mkdir /data && cd /data
yum install git -y
git clone https://github.com/zabbix/zabbix-docker.git
cd zabbix-docker
# 切换到 5.0 LTS 版本
git checkout 5.0
cp docker-compose_v3_alpine_mysql_latest.yaml docker-compose_v3_alpine_mysql_5.0.yaml
修改 docker-compose_v3_alpine_mysql_5.0.yaml
version: '3.5'
services:
zabbix-server:
image: zabbix/zabbix-server-mysql:alpine-5.0-latest
ports:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- snmptraps:/var/lib/zabbix/snmptraps:rw
links:
- mysql-server:mysql-server
- zabbix-java-gateway:zabbix-java-gateway
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
env_file:
- .env_db_mysql
- .env_srv
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-java-gateway
- zabbix-snmptraps
networks:
zbx_net_backend:
aliases:
- zabbix-server
- zabbix-server-mysql
- zabbix-server-alpine-mysql
- zabbix-server-mysql-alpine
zbx_net_frontend:
# devices:
# - "/dev/ttyUSB0:/dev/ttyUSB0"
stop_grace_period: 30s
sysctls:
- net.ipv4.ip_local_port_range=1024 65000
- net.ipv4.conf.all.accept_redirects=0
- net.ipv4.conf.all.secure_redirects=0
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-web-nginx-mysql:
image: zabbix/zabbix-web-nginx-mysql:alpine-5.0-latest
ports:
- "8080:8080"
- "8443:8443"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
env_file:
- .env_db_mysql
- .env_web
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
# - client-key.pem
# - client-cert.pem
# - root-ca.pem
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
networks:
zbx_net_backend:
aliases:
- zabbix-web-nginx-mysql
- zabbix-web-nginx-alpine-mysql
- zabbix-web-nginx-mysql-alpine
zbx_net_frontend:
stop_grace_period: 10s
sysctls:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "nginx"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-agent:
image: zabbix/zabbix-agent:alpine-5.0-latest
ports:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
links:
- zabbix-server:zabbix-server
env_file:
- .env_agent
privileged: true
pid: "host"
networks:
zbx_net_backend:
aliases:
- zabbix-agent
- zabbix-agent-passive
- zabbix-agent-alpine
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "alpine"
zabbix-java-gateway:
image: zabbix/zabbix-java-gateway:alpine-5.0-latest
ports:
- "10052:10052"
env_file:
- .env_java
networks:
zbx_net_backend:
aliases:
- zabbix-java-gateway
- zabbix-java-gateway-alpine
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix Java Gateway"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "java-gateway"
com.zabbix.os: "alpine"
zabbix-snmptraps:
image: zabbix/zabbix-snmptraps:alpine-5.0-latest
ports:
- "1162:1162/udp"
volumes:
- snmptraps:/var/lib/zabbix/snmptraps
networks:
zbx_net_frontend:
aliases:
- zabbix-snmptraps
zbx_net_backend:
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix snmptraps"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "snmptraps"
com.zabbix.os: "alpine"
mysql-server:
image: mysql:8.0
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
# - --require-secure-transport
# - --ssl-ca=/run/secrets/root-ca.pem
# - --ssl-cert=/run/secrets/server-cert.pem
# - --ssl-key=/run/secrets/server-key.pem
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
- .env_db_mysql
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
# - server-key.pem
# - server-cert.pem
# - root-ca.pem
stop_grace_period: 1m
networks:
zbx_net_backend:
aliases:
- mysql-server
- zabbix-database
- mysql-database
db_data_mysql:
image: busybox
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
# elasticsearch:
# image: elasticsearch
# environment:
# - transport.host=0.0.0.0
# - discovery.zen.minimum_master_nodes=1
# networks:
# zbx_net_backend:
# aliases:
# - elasticsearch
networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
volumes:
snmptraps:
secrets:
MYSQL_USER:
file: ./.MYSQL_USER
MYSQL_PASSWORD:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
# client-key.pem:
# file: ./.ZBX_DB_KEY_FILE
# client-cert.pem:
# file: ./.ZBX_DB_CERT_FILE
# root-ca.pem:
# file: ./.ZBX_DB_CA_FILE
# server-cert.pem:
# file: ./.DB_CERT_FILE
# server-key.pem:
# file: ./.DB_KEY_FILE
部署服务
cd /data/zabbix-docker
docker-compose -f ./docker-compose_v3_alpine_mysql_5.0.yaml up -d
nginx 反向代理,ssl证书服务
# cat zabbix.example.com.conf
upstream zabbix-web {
server 172.26.166.167:8080;
}
server {
listen 8443 ssl;
server_name zabbix.example.com;
ssl_certificate /data/html/ssl/example.com.pem;
ssl_certificate_key /data/html/ssl/example.com.key;
ssl_session_timeout 15m;
ssl_session_cache shared:SSL:1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#charset koi8-r;
access_log /usr/local/openresty/nginx/logs/zabbix-web.access.log;
error_log /usr/local/openresty/nginx/logs/zabbix-web.error.log;
location / {
proxy_pass http://zabbix-web;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/openresty/nginx/html;
}
}
防火墙配置
firewall-cmd --add-service=zabbix-server --permanent
firewall-cmd --add-service=zabbix-agent --permanent
firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --add-port=8443/tcp --permanent
firewall-cmd --add-port=1162/udp --permanent
firewall-cmd --reload
测试 zabbix
# 查看容器状态
docker-compose -f docker-compose_v3_alpine_mysql_5.0.yaml ps
# 测试网页
curl -I https://zabbix.example.com:8443
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Thu, 07 Jan 2021 03:20:27 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.3.25
Set-Cookie: PHPSESSID=ppbgaib44bk1r09cssp763eb2q; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN