Build monitoring platform with Zabbix and Docker

Zabbix is a network monitoring and management system developed by Alexei Vladishev based on the Server-Client architecture. It can be used to monitor the status of various network services, servers and network machines. (the from Zabbix)

1. The architecture

Zabbix, as an enterprise-level distributed monitoring system, has many advantages, such as: distributed monitoring, supporting node and proxy distributed mode; Automatic registration, according to the rules, automatically register hosts to the monitoring platform, automatically add monitoring templates; Supports agentD, SNMP, IPMI, and JMX communication modes.

Zabbix also released a Zabbix Docker image. This time, we built a monitoring platform based on the official Docker image of Zabbix. The overall architecture diagram is as follows:

The Zabbix official image zabbix-3.0:3.0.0 is used as Zabbix Web GUI and Zabbix Server. Zabbix Server is used to receive data from Zabbix Agent and store the data in Zabbix Database. According to the configured monitoring items and obtained data, it determines whether the alarm conditions are met and monitors the host. Zabbix Web GUI provides a visual interface for configuring Zabbix Server and displaying data.

MySQL as Zabbix Database, there is an official image of MariaDB, but it is not different from non-containerized MySQL, so it is convenient for centralized management of data. We do not start a separate MySQL container, but use existing MySQL;

Million12 Zabbix-Agent million12 Zabbix-Agent million12 Million12 Zabbix-Agent Million12 Million12 Zabbix-Agent Million12

2. Configure the database

There is no need to configure the database. You only need to configure a user name and password for Zabbix Server to access the Zabbix database. Set user name: zabbix, password: zabbix. Run the following command:

mysql> grant all privileges on zabbix.* to zabbix@'%' identified by 'zabbix';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)Copy the code

3. Start the Zabbix Server

Docker-compose is used to start Zabbix Server. The docker-compose. Yml file is as follows:

Version: '2' services: zabbix-server: image: zabbix/zabbix-3.0:3.0.0 container_name: zabbix-server network_mode: "bridge" restart: always ports: - "8888:80" - "10051:10051" volumes: - /etc/localtime:/etc/localtime:ro environment: -zs_dbhost =192.168.1.100 -zs_dbuser =zabbix -zs_dbpassword =zabbixCopy the code

The environment variable ZS_DBHost is the IP address of Zabbix Server. My host is 192.168.1.100. ZS_DBUser and ZS_DBPassword are the user name and password for the database, zabbix, which we set in the previous step;

Exposed port 8888 is used to access the page and 10051 is used to communicate with Zabbix-Agent.

Docker-compose up -d can be used to start the Zabbix Server, which takes about 1 to 3 minutes. Docker logs -f zabbix-server docker logs -f zabbix-server

[[email protected] zabbix-server]$docker logs -f Zabbix-server Creating Zabbix-server Attaching to Zabbix-server Zabbix server - | Nginx status page: charges address set to 127.0.0.1. The zabbix server | PHP - FPM status page: Allowed address set to 127.0.0.1. Zabbix server - | [LOG 13:39:08] Preparing server configuration zabbix server - | [LOG 13:39:16] Config updated. zabbix-server | [LOG 13:39:16] Enabling logging and pid management zabbix-server | [LOG 13:39:17] Done zabbix-server | [LOG 13:39:17] Waiting for database server zabbix-server | [LOG 13:39:17] Database server  is available zabbix-server | [LOG 13:39:17] Checking if database exists or SQL import is required zabbix-server | [WARNING 13:39:17] Zabbix database doesn't exist. Installing and importing default settings zabbix-server | ERROR 1044 (42000) at line 1: Access denied for user 'zabbix'@'%' to database 'zabbix' zabbix-server | ERROR 1227 (42000) at line 1: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation zabbix-server | zabbix-server | [LOG 13:39:17] Database and user created, importing default SQL zabbix-server | zabbix-server | [LOG 13:42:37] Import finished, Starting zabbix server - | [LOG 13:42:37] starting zabbix version 3.0.0 zabbix server - | 2016 zabbix server | - 2016-04-07 13:42:37, 691 CRIT Supervisor running as root (no user in the config file) 13:42:37 zabbix server | - 2016-04-07, 691 a WARN The Included extra file "/ etc/supervisor. D/nginx. Conf" during parsing zabbix server - | 2016-04-07 13:42:37, 691 WARN that Included extra file "/etc/supervisor.d/php-fpm.conf" during parsingCopy the code

According to the logs, the Zabbix Server uses the configured user name and password to initialize the database named Zabbix and import the corresponding data structure and corresponding basic data during the startup process, so the startup of the container takes about 3 minutes. After container startup, we visit http://192.168.1.100:8888, appear the following interface, prove Zabbix Server started successfully.

The default user name and password are Admin and Zabbix. Enter the user name and password to log in to the main screen.

Go to Configuration Hosts and click the Disable button to enable Zabbix Server.

After successfully enabling, ZBX in the AVAILABILITY item turns green, as shown in the following figure:

4. Start the Zabbix Agent

Zabbix agent is composed by docker-compose, which is composed by docker-compose. Zabbix agent is composed by docker-compose.

zabbix-agent
|-- conf
|   -- zabbix-agentd.conf
 -- docker-compose.yml

Conf /zabbix-agentd.conf contains the following contents:

LogFile=/ TMP /zabbix_agentd.log EnableRemoteCommands=1 Server=192.168.1.100 ListenPort=10050 ServerActive=192.168.1.100Copy the code

ListenPort is the exposed port of the container Zabbix-Agent, used to receive commands from zabbix Server and interact with it. Both Server and ServerActive point to the IP of Zabbix Server;

Docker-compose.yml contains the following contents:

Version: '2' services: zabbix-agent: image: million12/ Zabbix-agent :2.4.7 Container_name: Zabbix-agent restart always network_mode: "bridge" ports: - "10050:10050" volumes: - ./conf/zabbix-agentd.conf:/etc/zabbix_agentd.conf - /proc:/data/proc - /sys:/data/sys - /dev:/data/dev - The/var/run/docker. The sock: / var/run/docker. The sock environment: - ZABBIX_SERVER = 192.168.1.100Copy the code

Ports expose the interfaces to be exposed in the configuration file. Mount the./conf/zabbix-agentd.conf custom configuration file to /etc/zabbix_agentd.conf instead of the default configuration file. Mount /proc, /sys, and /dev to /data for Zabbix-Agent to collect monitoring information about system processes. In the environment variable, ZABBIX_SERVER points to the IP address of Zabbix Server.

Docker-compose up -d

End of the 5.

The database has been configured successfully, Zabbix Server has started properly, and Zabbix Agent has started properly. As for how to add hosts to be monitored in Zabbix Server, there are many methods, such as active addition and automatic discovery with IP range, but they are beyond the scope of this article. So far, the monitoring platform built with Zabbix and Docker has been completely realized.

The attached

(1) Alarm media Email configuration considerations

In THE SMTP HELO configuration item, it is usually the root domain name of the SMTP server. For Tencent enterprise email, if the SMTP server is smtp.exmail.qq.com, set SMTP HELO to QQ.com.

(2) Change the system language of the Zabbix Server to Simplified Chinese

For the 3.0 version of Zabbix Server, there is no simplified Chinese in the system language drop-down box by default. You need to change the source code as follows:

1. docker exec -it zabbix-server /bin/bashEnter a container;
2. vi /usr/local/src/zabbix/frontends/php/include/locales.inc.php, modify the file'zh_CN' => ['name' => _('Chinese (zh_CN)'), 'display' => false] 的 false 为 trueCan.

However, the Chinese translation is not appropriate, and there will be garbled (need to modify the font to solve), it is not recommended to modify this item.

Method 1.

methods	version	instructions
GET	1.0, 1.1,	Access to resources
POST	1.0, 1.1,	Transport entity body
PUT	1.0, 1.1,	Transfer files
DELETE	1.0, 1.1,	Delete the file
HEAD	1.1, 1.1,	Obtaining packet header
OPTIONS	1.1	To query the methods supported by the server
TRACE	1.1	Tracking path
CONNECT	1.1	The tunnel protocol link agent is required
LINK	1.0	Establish direct connections to resources
UNLINE	1.0	Disconnection relation

The HEAD and GET methods are similar, but the response does not contain the entity part, which is used to determine the validity and expiration time of the URL.

TRACE lets the Web server return the loopback path of the previous request to the client. At the time of sending the request, the forward field of max-forwards is filled with a value minus one for each end of the request. When the value reaches zero, the transmission is stopped and the last server to receive the request returns a response of 200 OK.

CONNECT requires the establishment of a tunnel when communicating with the proxy server to achieve TCP communication using the tunnel protocol. SSL and TLS are used to encrypt communication content and then transmit it through network tunnels.

2. A TCP connection

TCP requires three handshakes to establish a connection and four waves to disconnect.

3. The transmission

In the process of data transmission, from the application layer to the transmission layer, network layer, and then to the link layer, each sending end through a layer, will increase the corresponding head; At each layer of propagation, the receiver removes the corresponding headers until it reaches the application layer, retrieving the raw HTTP data.

4. A status code

	category	The reason the phrase
1XX	Informational (Informational status code)	The received request is being processed
2XX	Success (Success Status code)	The request is normal. No further action is required
3XX	Redirection (Redirection status code)	Additional action is required to complete the request
4XX	Client Error (Client Error status code)	The server cannot process the request
5XX	Server Error	The server failed to process the request

2XX: Correct response

• 200: Correct handling;
• 204: No content, the server handled it correctly, but there is No body in the response entity;
• Request headers that contain content-range fields are Partial content.

3XX: redirection

• 301: Moved permanently, redirected permanently, the result of the location field contained in the response header was redirected;
• The requested resource has been assigned to a new URI, and the user is expected to use the new URI this time (temporary meaning it may change back later).
• 303: See other, the requested resource has another URI, please obtain it in GET mode.
• 304: Not Modified, when a client sends a request with a condition (if-modified-since, if-range, and so on), the server resource has been found, but the condition is Not met. (304 no response entity in response, no relation to redirection)

4XX: Client error

• 400: Bad Request. The request packet contains syntax errors.
• 401: Unauthorized requests require HTTP authentication (BASIC/DIGEST authentication). The request header should include the WWW-Authenticate field.
• 403: Forbidden, the requested resource is rejected by the server.
• 404: Not found, requested resource Not found on server.

5XX: Server error

• 500: Internal server error, an error occurred when the server executed the request.
• 503: Service Unavailable, the server is overloaded or is down for maintenance and cannot process requests at this time.

Note: The status code is not consistent with the situation, such as the server error, but still return 200 status code, this is also common.

5. Security

HTTPS

HTTPS, as opposed to HTTP, adds SSL/TLS between the application layer and transport layer.

A digital signature

1. Generate Keypair, which is a Keypair, including public and private keys;
2. HASH the content to be signed to obtain the Digest of the content.
3. Encrypts the Digest with the private key to obtain Signature.

certificate

1. A key pair is generated, and the server logs in its public key to the CA.
2. The CA uses its own private key to sign the digital signature to the public key of the server and issues the public key certificate.
3. After obtaining the public key certificate of the server, the client uses the public key of the CA to verify the digital signature of the public key certificate to verify the authenticity of the public key of the server (the public key of the CA has been implanted in the browser).
4. The client authenticates the certificate, encrypts the data using the public key of the server, and sends the certificate to the server.
5. After receiving the encrypted content from the client, the server decrypts it with the private key to obtain the real data content.