ZabbixServerのインストールをShellでいい塩梅に半自動化する
なんかZabbixのお勉強をしないといけなくなってEC2で構築しようとしたけれども何回もやるのかったるいのでShellスクリプトでコマンドコピペしなくても動くようにしました。
zabbix.shとかいう名前つけてファイル保存してから権限つけて
./zabbix.shとしてあげればZabbixServerとWeb-UI入れてくれます。なんかtime-scaleがうまく動かないのと細かいパラメータは調整いるけど、かなり楽にはなって試行錯誤しやすくなりました。
事前にEIPを取ってRoute53に登録してやればEC2+RDS(PostgreSQL)構成もしくはEC2単体構成で動かすことができます。【AWS構成】
もしくは静的外部アドレスとってCloudDNSを登録してあげればGCE+CloudSQL(PostgreSQL)構成もしくはGCE単体で動かすこともできます。【GCP構成】
Azureと普通のUbuntuの場合は試していないけど必要なパッケージ入れてあげれば動くと思います。たぶん
動くは動くけど、なんかtime-scaledbはうまく機能していない(´;ω;`)
バージョンは切替できるので、それで試してみるとうまく動くかな。それとパラメータあまりいじくっていないのでそのあたりは細かく設定する必要あり。
ちなみに、一々コピペしてコマンド貼り付けなくてよいのでかなり楽になったかな
◆Shellスクリプト
#!/bin/bash HOST_NAME=zabbix-srv POSTGRE_VER=timescaledb-2-2.12.2-postgresql-15=2.12.2~ubuntu22.04 #POSTGRE_VER=timescaledb-2-postgresql-15 DB_VERSION=15 DATABASE=zabbix MASTER_USER=postgres DB_USER=zabbix DB_PASSWORD=zabbix PHP_FPM=php8.2-fpm PG_SQL=php8.2-pgsql PHP_VERSION=8.2 SERVER_NAME=zabbix.example.com SITE_URL=https://zabbix.example.com/ DOCUMENT_ROOT=/var/www/html ADMIN_MAIL=yourmail@example.com ZABBIX_DL_URL=https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu22.04_all.deb ZABBIX_PKG=zabbix-release_6.0-4+ubuntu22.04_all.deb sudo hostnamectl set-hostname ${HOST_NAME} # --------------------------------------------- # 1.postgreSQLインストール RDS使う場合はnとする必要あり # --------------------------------------------- read -p "## Do you want to install postgress? (y/n) [y]: " -e -i "y" pgResponseinput if [ "$pgResponseinput" == "y" ] || [ "$pgResponseinput" == "Y" ]; then echo "# install postgres process..." sudo apt install -y software-properties-common gnupg postgresql-common apt-transport-https lsb-release wget sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh echo "deb https://packagecloud.io/timescale/timescaledb/ubuntu/ $(lsb_release -c -s) main" | sudo tee /etc/apt/sources.list.d/timescaledb.list wget --quiet -O - https://packagecloud.io/timescale/timescaledb/gpgkey | sudo apt-key add - sudo apt update sudo apt install -y ${POSTGRE_VER} #localhost Listenの有効化 sudo sed -i "/#listen_addresses/a listen_addresses = 'localhost'" /etc/postgresql/${DB_VERSION}/main/postgresql.conf #timescaleDBの有効化 sudo sed -i "/#shared_preload/a shared_preload_libraries = 'timescaledb'" /etc/postgresql/${DB_VERSION}/main/postgresql.conf sudo systemctl restart postgresql echo "# Install Postgres done!" fi # --------------------------------------------- # 2.PHPインストール # --------------------------------------------- read -p "## Do you want to install php? (y/n) [y]: " -e -i "y" pgResponseinput if [ "$pgResponseinput" == "y" ] || [ "$pgResponseinput" == "Y" ]; then echo "# install php process..." sudo apt install software-properties-common sudo add-apt-repository ppa:ondrej/php sudo apt update sudo apt -y install ${PHP_FPM} ${PG_SQL} # post_max_sizeの変更 sudo sed -i 's/^post_max_size = .*/post_max_size = 16M/' /etc/php/${PHP_VERSION}/fpm/php.ini # max_execution_timeの変更 sudo sed -i 's/^max_execution_time = .*/max_execution_time = 300/' /etc/php/${PHP_VERSION}/fpm/php.ini # max_input_timeの変更 sudo sed -i 's/^max_input_time = .*/max_input_time = 300/' /etc/php/${PHP_VERSION}/fpm/php.ini # Timezone変更 sudo sed -i 's/;date.timezone =/date.timezone = "Asia\/Tokyo"/g' /etc/php/${PHP_VERSION}/fpm/php.ini echo "# Install php done!" fi # --------------------------------------------- # 3.Apacheインストール # --------------------------------------------- read -p "## Do you want to install Apache2? (y/n) [y]: " -e -i "y" apacheResponseinput if [ "$apacheResponseinput" == "y" ] || [ "$apacheResponseinput" == "Y" ]; then echo "# install apache process..." sudo add-apt-repository ppa:ondrej/apache2 sudo apt-get update sudo apt-get install -y apache2 libapache2-mod-php sudo cp /etc/apache2/conf-enabled/security.conf /etc/apache2/conf-enabled/security.conf.org # --------------------------------------------- # security.conf設定 # --------------------------------------------- sudo tee /etc/apache2/conf-enabled/security.conf <<_EOF_ # バージョン情報の隠蔽 ServerTokens Prod Header unset "X-Powered-By" # httpoxy 対策 RequestHeader unset Proxy # クリックジャッキング対策 Header append X-Frame-Options SAMEORIGIN # XSS対策 Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff # XST対策 TraceEnable Off _EOF_ sudo sed -i 's#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm#DirectoryIndex index.php index.html index.htm#' /etc/apache2/mods-enabled/dir.conf sudo sed -i 's#Options Indexes FollowSymLinks#Options FollowSymLinks#' /etc/apache2/apache2.conf sudo a2enmod headers sudo a2enmod proxy_fcgi setenvif sudo a2enconf${PHP_FPM} sudo systemctl restart ${PHP_FPM} apache2 echo "# Install Apache2 done!" fi # --------------------------------------------- # 4.Zabbixインストール # --------------------------------------------- read -p "## Do you want to install Zabbix? (y/n) [y]: " -e -i "y" zabbixResponseinput if [ "$zabbixResponseinput" == "y" ] || [ "$zabbixResponseinput" == "Y" ]; then echo "# install zabbix process..." wget ${ZABBIX_DL_URL} sudo dpkg -i ${ZABBIX_PKG} sudo apt update sudo apt install -y zabbix-server-pgsql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent echo "# Install Zabbix done!" fi # --------------------------------------------- # ローカルホストDB使用の場合、外部DB使用の場合はn選択 # --------------------------------------------- read -p "## Do you want to Setting localDataBase? (y/n) [y]: " -e -i "y" localDBResponseinput if [ "$localDBResponseinput" == "y" ] || [ "$localDBResponseinput" == "Y" ]; then echo "# please password input ${DB_PASSWORD} " sudo -u postgres createuser --pwprompt ${DB_USER} sudo -u postgres createdb -O ${DB_USER} ${DATABASE} echo "# Install Postgres done!" echo "# Setting zabbix database process..." sudo zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix sudo sed -i 's/# DBPassword=/DBPassword='"${DB_PASSWORD}"'/' /etc/zabbix/zabbix_server.conf sudo echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix sudo cat /usr/share/zabbix-sql-scripts/postgresql/timescaledb.sql | sudo -u zabbix psql zabbix echo "# Settings zabbix database done!..." fi # --------------------------------------------- # ローカルホスト以外にDBをインストールする場合の設定 # --------------------------------------------- echo "## RemoteDatabase Setting start" read -p "## Do you want to use RemoteDatabase? (y/n) [y]: " -e -i "n" remoteDBResponseinput if [ "$remoteDBResponseinput" == "y" ] || [ "$remoteDBResponseinput" == "Y" ]; then # # RDSエンドポイントの設定 # read -p "Enter Remotedatabase host info: " ENDPOINT # 入力が空欄の場合は終了 if [ -z "$ENDPOINT" ]; then echo "Endpoint cannot be empty. Exiting..." exit 1 fi # # Postgreクライアントインストール # sudo apt install -y software-properties-common gnupg postgresql-common apt-transport-https lsb-release wget sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh echo "deb https://packagecloud.io/timescale/timescaledb/ubuntu/ $(lsb_release -c -s) main" | sudo tee /etc/apt/sources.list.d/timescaledb.list wget --quiet -O - https://packagecloud.io/timescale/timescaledb/gpgkey | sudo apt-key add - sudo apt update sudo apt install -y postgresql-client # # リモートにZabbix用DB作成(timescaleDBは課題) # echo "# please password input RemoteDatabase password !" psql --host=${ENDPOINT} --port=5432 --username=${MASTER_USER} <<_EOF \set ON_ERROR_STOP on -- ロールの作成 CREATE ROLE ${DB_USER} WITH PASSWORD '${DB_PASSWORD}' LOGIN; -- ロールへの権限付与 GRANT ${DB_USER} TO ${MASTER_USER}; -- データベースの作成 CREATE DATABASE ${DATABASE} OWNER ${DB_USER}; _EOF # ZabbixDB設定 echo "# please password input ${DB_PASSWORD} " sudo zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | \ psql -h ${ENDPOINT} -U ${DB_USER} -d ${DATABASE} -p 5432 sudo sed -i 's/# DBHost=localhost/DBHost='"${ENDPOINT}"'/' /etc/zabbix/zabbix_server.conf sudo sed -i 's/# DBPassword=/DBPassword='"${DB_PASSWORD}"'/' /etc/zabbix/zabbix_server.conf fi # --------------------------------------------- # 5.SSL設定 Let'sEncrypt使用しない場合はn # --------------------------------------------- read -p "## Do you want to install Let's Encrypt? (y/n) [y]: " -e -i "y" sslResponseinput if [ "$sslResponseinput" == "y" ] || [ "$sslResponseinput" == "Y" ]; then echo "# install Let's Encrypt process..." sudo apt -y install certbot sudo certbot certonly --webroot -w /var/www/html -d ${SERVER_NAME} --agree-tos --email ${ADMIN_MAIL} --non-interactive sudo sed -i 's#ServerAdmin webmaster@localhost#ServerAdmin '"${ADMIN_MAIL}"'#' /etc/apache2/sites-available/default-ssl.conf sudo sed -i 's#/etc/ssl/certs/ssl-cert-snakeoil.pem#/etc/letsencrypt/live/'"${SERVER_NAME}"'/cert.pem#' /etc/apache2/sites-available/default-ssl.conf sudo sed -i 's#/etc/ssl/private/ssl-cert-snakeoil.key#/etc/letsencrypt/live/'"${SERVER_NAME}"'/privkey.pem#' /etc/apache2/sites-available/default-ssl.conf sudo sed -i 's|#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt|SSLCertificateChainFile /etc/letsencrypt/live/'"${SERVER_NAME}"'/chain.pem|' /etc/apache2/sites-available/default-ssl.conf echo "# Install Let'sEncrypt done!" fi # --------------------------------------------- # 6.バーチャルホスト設定 # --------------------------------------------- read -p "## Do you want to Setting Vitualhost? (y/n) [y]: " -e -i "y" vhostResponseinput if [ "$vhostResponseinput" == "y" ] || [ "$vhostResponseinput" == "Y" ]; then echo "# Vitualhost setting process..." sudo tee /etc/apache2/sites-available/${SERVER_NAME}.conf <<_EOF_ServerName any Require all denied ServerAdmin ${ADMIN_MAIL} ServerName ${SERVER_NAME} Redirect permanent / ${SITE_URL} ErrorLog \${APACHE_LOG_DIR}/error.log CustomLog \${APACHE_LOG_DIR}/access.log combined Header set Strict-Transport-Security "max-age=31536000" _EOF_ sudo a2ensite default-ssl sudo a2ensite ${SERVER_NAME} sudo a2enmod ssl sudo a2enmod rewrite sudo a2enmod headers sudo rm /var/www/html/index.html sudo a2dissite 000-default sudo systemctl restart apache2 echo "# Vitualhost setting done!" fi # # 7.グラフ文字化解消 # sudo apt install -y fonts-ipafont-gothic sudo update-alternatives --install /usr/share/zabbix/assets/fonts/graphfont.ttf zabbix-frontend-font /usr/share/fonts/opentype/ipafont-gothic/ipagp.ttf 20 sudo update-alternatives --config zabbix-frontend-font sudo systemctl enable zabbix-server zabbix-agent sudo systemctl restart zabbix-server zabbix-agent ${PHP_FPM} apache2 echo "### Zabbix Setting Done!"
コメント