Installing Zabbix 5.4, Nginx, PostgreSQL 13 + TimescaleDB on Centos 8 / Rocky Linux

Zabbix is ​​a free system for monitoring and tracking the statuses of various services on a computer network, servers and network equipment.

TimescaleDB is a PostgreSQL time series extension. Time series can be stored in PostgreSQL and just like that, but TimescaleDB provides better performance on the same hardware.

Installing Zabbix and Nginx

Add Zabbix repository

                      
                        $ sudo rpm -Uvh https://repo.zabbix.com/zabbix/5.4/rhel/8/x86_64/zabbix-release-5.4-1.el8.noarch.rpm
                      
                    

Add the Nginx repository

                      
                        $ sudo nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/
                        
                          centos
                        
                        /$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
                      
                    

The stable version will be used by default. If you need a mainline version, switch

                      
                        $ sudo dnf config-manager --set-enabled nginx-mainline
                      
                    

Removing all metadata

                      
                        $ sudo dnf clean all
                      
                    

Install Zabbix for PostgreSQL and Nginx databases

                      
                        $ sudo dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent
                      
                    

Installing PostgreSQL 13

Disable the PostgreSQL module in the default AppStream repository

                      
                        $ sudo dnf -qy module disable postgresql
                      
                    

Checking

                      
                        $ sudo dnf module list postgresql
CentOS-8 - AppStream Local
Name                          Stream                       Profiles                             Summary                                              
postgresql                    9.6 [x]                      client, server [d]                   PostgreSQL server and client module                  
postgresql                    10 [d][x]                    client, server [d]                   PostgreSQL server and client module                  
postgresql                    12 [x]                       client, server [d]                   PostgreSQL server and client module                  
postgresql                    13 [x]                       client, server [d]                   PostgreSQL server and client module
                      
                    

Add PostgreSQL repository

                      
                        $ sudo dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
                      
                    

Install PostgreSQL 13

                      
                        $ sudo dnf -y install postgresql13 postgresql13-server
                      
                    

Initializing the base

                      
                        $ sudo /usr/pgsql-13/bin/postgresql-13-setup initdb
Initializing database … OK
                      
                    

The main PostgreSQL config is located here:

                      
                        /var/lib/pgsql/13/data/postgresql.conf
                      
                    

Launch PostgreSQL and add the service to startup

                      
                        $ sudo systemctl enable --now postgresql-13
                      
                    

Checking the status

                      
                        $ systemctl status postgresql-13
                      
                    

Setting a password for the postgres user

                      
                        $ sudo su - postgres 
$ psql -c "alter user postgres with password 'mysuperpassword'"
ALTER ROLE
$ exit
                      
                    

Installing TimescaleDB

Add the TimescaleDB repository

                      
                        $ sudo nano /etc/yum.repos.d/timescale_timescaledb.repo
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
                      
                    

Install utilities

                      
                        $ sudo yum install pygpgme yum-utils
                      
                    

Install timescaledb

                      
                        $ sudo yum install timescaledb-2-postgresql-13
                      
                    

Stop PostgreSQL

                      
                        $ sudo systemctl stop postgresql-13
                      
                    

Tuning PostgreSQL (from root)

                      
                        $ sudo su -c 'timescaledb-tune --pg-config=/usr/pgsql-13/bin/pg_config'
                      
                    

Starting PostgreSQL

                      
                        $ sudo systemctl start postgresql-13
                      
                    

Setting up Zabbix and Nginx

Switching to the root user

                      
                        $ sudo su
                      
                    

Create a database user for Zabbix

                      
                        # sudo -u postgres createuser --pwprompt zabbix
Enter password for new role: zabbixpasswd
Enter it again: zabbixpasswd
                      
                    

Let’s create a database for Zabbix

                      
                        # sudo -u postgres createdb -O zabbix zabbix
                      
                    

Importing the initial schema and data

                      
                        # zcat /usr/share/doc/zabbix-sql-scripts/postgresql/create.sql.gz | sudo -u zabbix psql zabbix
                      
                    

We include the timescaledb extension

                      
                        # echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix
                      
                    

Download Zabbix sources and unpack the archive

                      
                        # cd /tmp
# wget https://cdn.zabbix.com/zabbix/sources/stable/5.4/zabbix-5.4.3.tar.gz

# tar -zxvf zabbix-5.4.3.tar.gz
                      
                    

Importing schema and data for the timescaledb extension into PostgreSQL

                      
                        # cat /tmp/zabbix-5.4.3/database/postgresql/timescaledb.sql | sudo -u zabbix psql zabbix
Creating home directory for zabbix.
NOTICE:  PostgreSQL version 13.3 is valid
NOTICE:  TimescaleDB extension is detected
NOTICE:  TimescaleDB version 2.4.0 is valid
NOTICE:  TimescaleDB is configured successfully
DO
                      
                    

Editing PostgreSQL config

                      
                        $ sudo nano /var/lib/pgsql/13/data/pg_hba.conf
...
#host    all             all             127.0.0.1/32            scram-sha-256
host    zabbix          zabbix          127.0.0.1/32            md5
                      
                    

We restart the service

                      
                        $ sudo systemctl restart postgresql-13
                      
                    

Configuring Zabbix connection to PostgreSQL

                      
                        $ sudo nano /etc/zabbix/zabbix_server.conf
DBHost=127.0.0.1
DBName=zabbix
DBUser=zabbix
DBPassword=zabbixpasswd
                      
                    

Configuring Nginx

                      
                        $ sudo nano /etc/nginx/conf.d/zabbix.conf
        listen          80;
        server_name     zabbix.example.ru;
...
                      
                    

Restart the services and add them to startup

                      
                        $ sudo systemctl restart zabbix-server zabbix-agent nginx php-fpm
$ sudo systemctl enable zabbix-server zabbix-agent nginx php-fpm
                      
                    

Configuring Firewall and SeLinux

Opening ports 80/443

                      
                        $ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
$ sudo firewall-cmd --reload
                      
                    

Run the following commands to grant the Zabbix frontend permission to connect to the server

                      
                        $ sudo setsebool -P httpd_can_connect_zabbix on
                      
                    

You also need to grant the Zabbix frontend permission to connect to the database.

                      
                        $ sudo setsebool -P httpd_can_network_connect_db on
                      
                    

Downloading a ready-made module for configuring SeLinux

                      
                        $ cd /tmp
$ wget https://support.zabbix.com/secure/attachment/53320/zabbix_server_add.te

$ checkmodule -M -m -o zabbix_server_add.mod zabbix_server_add.te
$ semodule_package -m zabbix_server_add.mod -o zabbix_server_add.pp
$ semodule -i zabbix_server_add.pp
                      
                    

We create our own module. In order for this to work, you need to unsuccessfully start the zabbix server with selinux enabled at least once.

                      
                        $ sudo ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
$ sudo semodule -X 300 -i my-zabbixserver.pp
                      
                    

After that, zabbix-server should start with SeLinux enabled

                      
                        $ sudo systemctl restart zabbix-server
                      
                    

Next, go to the web interface and complete the Zabbix configuration