Centos7部署Zabbix

浏览zabbix官网,发现centos7只能部署zabbix5.0版本
https://www.zabbix.com/cn/download?zabbix=5.0&os_distribution=centos&os_version=7&components=server_frontend_agent&db=mysql&ws=apache
rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm   #首先更改rpm源
yum -y install zabbix-server-mysql zabbix-agent zabbix-get mariadb mariadb-server centos-release-scl   #安装zabbix
vi /etc/yum.repos.d/zabbix.repo    #编辑[ zabbix-frontend ]下修改enabled=1
systemctl start mariadb    #启动数据库
mysql_secure_installation   #初始化数据库
mysql -uroot -p   #登录数据库并如下配置
create database zabbix character set utf8 collate utf8_bin;
create user zabbix@localhost identified by 'password';
grant all privileges on zabbix.* to zabbix@localhost;
quit;
yum -y install zabbix-web-mysql-scl zabbix-nginc-conf-scl   #安装前端
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix(库名)   #导入初始数据和架构
vi /etc/zabbix/zabbix_server.conf   #编辑配置文件
DBHost=localhost
DBPassword=之前设置的数据库密码
vi etc/opt/rh/rh-nginx116/nginx/conf.d/zabbix.conf     #编辑nginx配置把listen端口修改为10088或者别的
vi  etc/opt/rh/ rh-php72/php-fpm.d/zabbix.conf   #编辑php,修改以下几条
listen.acl_users=apache,nginx
php_value[date.timezone]=Asia/Shanghai

接下来,启动systemctl start zabbix-server zabbix-agent  rh-nginx116-nginx rh-php72-php-fpm
网页访问地址+端口,按需设置,完成,默认账号Admin密码zabbix

bind遇到递归查询的最大数量问题处理

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
channel warning {
file “data/named.log” versions 3 size 2048k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel query {
file “data/query.log” versions 3 size 2048k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default {warning;};
category queries {query;};

};

上述配置抓日志,配置在/etc/named.conf下,发现named.log下报错

network: warning: not listening on any interfaces

client: warning: client @0x7fde752ca260 (no-peer): TCP client quota reached: quota reached

在 /etc/named.conf下 的options下配置

recursive-clients 300000;

定义递归查询最大数量,一个递归约20K,按照实际内存去算最大支持量

Centos7下nginx加载ssl模块

原始安装配置https后无法正常加载配置,需要增加SSL支持

在源码安装包路径下 ./configure –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module增加https模块支持,然后make一下,把nginx进程kill掉,将objs/nginx复制到sbin/下替换原有nginx文件,再./nginx启动,查看netstat,443端口起来了

Centos7增加BBR

uname -r    #查看当前版本
 3.10.0-862.el7.x86_64    #当前版本
 rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
 yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y    #安装elrepo
 yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install kernel-ml -y    #安装内核,这个过程很久,不是卡住了
 egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'    #查看当前全版本
 grub2-set-default 0    #生效新版本
 reboot    #重启
 uname -r    #查看当前版本是否生效
vi /etc/sysctl.conf    #修改配置增加下面两句

net.core.default_qdisc = fq 

net.ipv4.tcp_congestion_control = bbr

sysctl -p    #加载系统设置

lsmod | grep bbr    #查看bbr是否生效

bind禁用ipv6

国内的教程都是你抄我,我抄你,完全没有自己试过的,大批量教程里让你改/etc/named文件,这特么哪有这个文件,实际修改方式如下:

修改/etc/sysconfig/named文件,修改为如下

#BIND named process options
# ~~~~~~

OPTIONS=”-4″
# — These additional options will be passed to named
# at startup. Don’t add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001

#DISABLE_ZONE_CHECKING — By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to ‘yes’ then service file doesn’t perform those
# checks.