# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.define "vyos_current" do |cfg|
cfg.vm.box = "vyos/current"
cfg.vm.provider "virtualbox" do |vb|
vb.name = "vyos253"
vb.customize ["modifyvm", :id, "--groups", "/default_group"]
end
cfg.vm.host_name = "vyos253"
cfg.vm.network "public_network", ip: "192.168.56.253"
cfg.vm.network "forwarded_port", guest: 22, host: 60253, auto_correct: true, id: "ssh"
cfg.vm.network "private_network", virtualbox__intnet: "eth2", auto_config: false
cfg.vm.network "private_network", virtualbox__intnet: "eth3", auto_config: false
cfg.vm.synced_folder "../data", "/vagrant", disabled: true
end
end
Vagrant up
PS C:\Users\shim> vagrant up
Bringing machine 'vm_define_vyos_current' up with 'virtualbox' provider...
==> vm_define_vyos_current: Importing base box 'vyos/current'...
==> vm_define_vyos_current: Matching MAC address for NAT networking...
==> vm_define_vyos_current: Checking if box 'vyos/current' version '20240325.00.19' is up to date...
==> vm_define_vyos_current: Setting the name of the VM: vyos254
==> vm_define_vyos_current: Clearing any previously set network interfaces...
==> vm_define_vyos_current: Preparing network interfaces based on configuration...
vm_define_vyos_current: Adapter 1: nat
vm_define_vyos_current: Adapter 2: bridged
vm_define_vyos_current: Adapter 3: intnet
vm_define_vyos_current: Adapter 4: intnet
==> vm_define_vyos_current: Forwarding ports...
vm_define_vyos_current: 22 (guest) => 2222 (host) (adapter 1)
==> vm_define_vyos_current: Booting VM...
==> vm_define_vyos_current: Waiting for machine to boot. This may take a few minutes...
vm_define_vyos_current: SSH address: 127.0.0.1:2222
vm_define_vyos_current: SSH username: vyos
vm_define_vyos_current: SSH auth method: private key
vm_define_vyos_current: Warning: Connection aborted. Retrying...
vm_define_vyos_current: Warning: Connection reset. Retrying...
vm_define_vyos_current: Warning: Connection reset. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
vm_define_vyos_current: Warning: Authentication failure. Retrying...
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.
If you look above, you should be able to see the error(s) that
Vagrant had when attempting to connect to the machine. These errors
are usually good hints as to what may be wrong.
If you're using a custom box, make sure that networking is properly
working and you're able to connect to the machine. It is a common
problem that networking isn't setup properly in these boxes.
Verify that authentication configurations are also setup properly,
as well.
If the box appears to be booting properly, you may want to increase
the timeout ("config.vm.boot_timeout") value.
PS C:\Users\shim>
Oracle VM 에 HOST VM vyos253생성 및 확인
vyos253 인터페이스 어댑터 변경
- 어댑터 1 : NAT
- 어댑터 2 : 호스트 전용 어댑터
- 어댑터 3 : 내부 네트워크
- 어댑터 4 : 내부 네트워크
vyos 설정
HOST VM vyos253 접속
Loing id/pw는 vyos / vyos 로 접속
login as: vyos
vyos@192.168.56.253's password:
Welcome to VyOS!
┌── ┐
. VyOS 1.5-rolling-202403250019
└ ──┘ current
* Documentation: https://docs.vyos.io/en/latest
* Project news: https://blog.vyos.io
* Bug reports: https://vyos.dev
You can change this banner using "set system login banner post-login" command.
VyOS is a free software distribution that includes multiple components,
you can check individual component licenses under /usr/share/doc/*/copyright
Last login: Sun Mar 31 04:06:08 2024 from 192.168.56.1
vyos@vyos:~$
위에 vagrantfile로 public Network 를 설정했으나 ip설정이 안되어 수동으로 설정함
ssh 설정
snmp 설정 (community) 값을 public으로 설정
snmp 포트 161번 포트 설정
$ vyos / vyos 로 로그인
$ sudo passwd root / root 패스워드 변경 (필요한 경우 설정 root 패스워드 설정 변경)
$ configure
[edit]
# set service ssh port 22
# set service ssh disable-password-authentication
# set service ssh disable-host-validation
# set interfaces ethernet eth1 address 192.168.56.253/24
# set service snmp community public authorization ro
# set service snmp listen-address 192.168.56.254 port 161
# set service snmp v3
# commit
configuration changes to commit
[edit]
# save
[edit]
전체적인 설정 정보 확인
$ show configuration 또는 configuration 모드로 진입하여 run show configuration
# run show configuration
interfaces {
ethernet eth0 {
address dhcp
hw-id 08:00:27:8d:c0:4d
speed auto
}
ethernet eth1 {
address 192.168.56.253/24
hw-id 08:00:27:e3:05:9b
}
ethernet eth2 {
hw-id 08:00:27:9b:97:43
}
ethernet eth3 {
hw-id 08:00:27:5a:40:a5
}
loopback lo {
}
}
service {
ntp {
allow-client {
address 0.0.0.0/0
address ::/0
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
snmp {
community public {
authorization ro
}
listen-address 192.168.56.253 {
port 161
}
v3 {
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
name-server eth0
syslog {
global {
facility all {
level notice
}
facility local7 {
level debug
}
}
}
}
[edit]
Zabbix 서버 연동 (snmp 연동)
Data collection 에서 Hosts 클릭
오른쪽 상단에 Create host 클릭
host 등록 - Interfaces 아래 Add -> SNMP 클릭하여 해당정보 입력
SNMPv2 / SNMP Community는 위에서 설정한 public 또는 {$SNMP_COMMUNITY} 값 입력후 추가 또는 Update
# vagrant 설치 로그
C:\Users\shim>vagrant up
Bringing machine 'rock8Zabbix' up with 'virtualbox' provider...
==> rock8Zabbix: Importing base box 'generic/rocky8'...
==> rock8Zabbix: Matching MAC address for NAT networking...
==> rock8Zabbix: Checking if box 'generic/rocky8' version '4.3.12' is up to date...
==> rock8Zabbix: Setting the name of the VM: rocky8Zabbix
==> rock8Zabbix: Clearing any previously set network interfaces...
==> rock8Zabbix: Preparing network interfaces based on configuration...
rock8Zabbix: Adapter 1: nat
rock8Zabbix: Adapter 2: hostonly
==> rock8Zabbix: Forwarding ports...
rock8Zabbix: 22 (guest) => 60230 (host) (adapter 1)
==> rock8Zabbix: Running 'pre-boot' VM customizations...
==> rock8Zabbix: Booting VM...
==> rock8Zabbix: Waiting for machine to boot. This may take a few minutes...
rock8Zabbix: SSH address: 127.0.0.1:60230
rock8Zabbix: SSH username: vagrant
rock8Zabbix: SSH auth method: private key
rock8Zabbix:
rock8Zabbix: Vagrant insecure key detected. Vagrant will automatically replace
rock8Zabbix: this with a newly generated keypair for better security.
rock8Zabbix:
rock8Zabbix: Inserting generated public key within guest...
rock8Zabbix: Removing insecure key from the guest if it's present...
rock8Zabbix: Key inserted! Disconnecting and reconnecting using new SSH key...
==> rock8Zabbix: Machine booted and ready!
==> rock8Zabbix: Checking for guest additions in VM...
rock8Zabbix: The guest additions on this VM do not match the installed version of
rock8Zabbix: VirtualBox! In most cases this is fine, but in rare cases it can
rock8Zabbix: prevent things such as shared folders from working properly. If you see
rock8Zabbix: shared folder errors, please make sure the guest additions within the
rock8Zabbix: virtual machine match the version of VirtualBox you have installed on
rock8Zabbix: your host and reload your VM.
rock8Zabbix:
rock8Zabbix: Guest Additions Version: 6.1.30
rock8Zabbix: VirtualBox Version: 7.0
==> rock8Zabbix: Setting hostname...
==> rock8Zabbix: Configuring and enabling network interfaces...
C:\Users\shim>
Zabbix 설치하고픈 환경 선택 (Zabbix 6.4, Rocky Linux 8, Server, Agent, PostgreSQL, Apache)를 선택함
설치방법 안내 (홈페이지 안내 방법에 의해 설치하면 됨)
0. 서버 환경 (설치로그)
# 최초 vagrant / vagrant 로 서버 로그인하여 root 패스워드 변경
$ sudo passwd root
Changing password for user root.
New password:
===========================================================================================
# 원격 접속 가능하게 sshd_config 파일 수정
# pwd
/etc/ssh
# ls
moduli ssh_config ssh_config.d sshd_config ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
# vi sshd_config
PermitRootLogin yes <-- yes로 변경
PasswordAuthentication yes <-- yes로 변경
============================================================================================
# 시간 맞추기
# sudo timedatectl set-timezone Asia/Seoul
# dnf module switch-to php:7.4
Rocky Linux 8 - AppStream 4.9 MB/s | 11 MB 00:02
Rocky Linux 8 - BaseOS 2.8 MB/s | 7.1 MB 00:02
Rocky Linux 8 - Extras 8.0 kB/s | 14 kB 00:01
Extra Packages for Enterprise Linux 8 - x86_64 5.3 MB/s | 16 MB 00:03
Zabbix Official Repository - x86_64 122 kB/s | 208 kB 00:01
Zabbix Official Repository non-supported - x86_64 1.1 kB/s | 1.4 kB 00:01
Dependencies resolved.
=======================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================================================================================================
Enabling module streams:
httpd 2.4
nginx 1.14
php 7.4
Transaction Summary
=======================================================================================================================================================================================================================================
Is this ok [y/N]: y
Complete!
c. Install Zabbix server, frontend, agent
# dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
=======================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=======================================================================================================================================================================================================================================
Installing:
zabbix-agent x86_64 6.4.13-release1.el8 zabbix 592 k
zabbix-apache-conf noarch 6.4.13-release1.el8 zabbix 27 k
zabbix-selinux-policy x86_64 6.4.13-release1.el8 zabbix 320 k
zabbix-server-pgsql x86_64 6.4.13-release1.el8 zabbix 1.9 M
zabbix-sql-scripts noarch 6.4.13-release1.el8 zabbix 7.9 M
zabbix-web-pgsql noarch 6.4.13-release1.el8 zabbix 26 k
..
..
Transaction Summary
=======================================================================================================================================================================================================================================
Install 51 Packages
Complete!
d. Create initial database
먼저 서버에 postgresql을 설치해야 됨
- 레포지토리 버전 확인 및 기존 버전 비활성화
# dnf module list postgresql
Rocky Linux 8 - AppStream 5.6 kB/s | 4.8 kB 00:00
Rocky Linux 8 - BaseOS 5.3 kB/s | 4.3 kB 00:00
Rocky Linux 8 - Extras 3.7 kB/s | 3.1 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 4.8 kB/s | 8.2 kB 00:01
Zabbix Official Repository - x86_64 4.8 kB/s | 2.9 kB 00:00
Zabbix Official Repository non-supported - x86_64 4.9 kB/s | 2.9 kB 00:00
Rocky Linux 8 - AppStream
Name Stream Profiles Summary
postgresql 9.6 client, server [d] PostgreSQL server and client module
postgresql 10 [d] client, server [d] PostgreSQL server and client module
postgresql 12 client, server [d] PostgreSQL server and client module
postgresql 13 client, server [d] PostgreSQL server and client module
postgresql 15 client, server [d] PostgreSQL server and client module
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
# dnf -qy module disable postgresql
# dnf module list postgresql
Last metadata expiration check: 0:02:24 ago on Sun 31 Mar 2024 07:33:39 AM KST.
Rocky Linux 8 - AppStream
Name Stream Profiles Summary
postgresql 9.6 [x] client, server [d] PostgreSQL server and client module
postgresql 10 [d][x] client, server [d] PostgreSQL server and client module
postgresql 12 [x] client, server [d] PostgreSQL server and client module
postgresql 13 [x] client, server [d] PostgreSQL server and client module
postgresql 15 [x] client, server [d] PostgreSQL server and client module
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
# cat passwd
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
# su - postgres
$ pwd
/var/lib/pgsql
$ pwd
/usr/pgsql-13/bin
# postgresql-13-setup initdb
Initializing database ... OK
# cat /var/lib/pgsql/13/initdb.log
runuser: may not be used by non-root users
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/pgsql/13/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Asia/Seoul
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/pgsql-13/bin/pg_ctl -D /var/lib/pgsql/13/data/ -l logfile start
- PostgreSQL 13 서비스 상태 확인 (Active : Failed)
# systemctl status postgresql-13.service
● postgresql-13.service - PostgreSQL 13 database server
Loaded: loaded (/usr/lib/systemd/system/postgresql-13.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2024-03-31 07:58:51 KST; 3min 59s ago
Docs: https://www.postgresql.org/docs/13/static/
Process: 27856 ExecStartPre=/usr/pgsql-13/bin/postgresql-13-check-db-dir ${PGDATA} (code=exited, status=1/FAILURE)
Mar 31 07:58:51 rocky8Zabbix systemd[1]: Starting PostgreSQL 13 database server...
Mar 31 07:58:51 rocky8Zabbix postgresql-13-check-db-dir[27856]: "/var/lib/pgsql/13/data/" is missing or empty.
Mar 31 07:58:51 rocky8Zabbix postgresql-13-check-db-dir[27856]: Use "/usr/pgsql-13/bin/postgresql-13-setup initdb" to initialize the database cluster.
Mar 31 07:58:51 rocky8Zabbix postgresql-13-check-db-dir[27856]: See /usr/share/doc/postgresql13/README.rpm-dist for more information.
Mar 31 07:58:51 rocky8Zabbix systemd[1]: postgresql-13.service: Control process exited, code=exited status=1
Mar 31 07:58:51 rocky8Zabbix systemd[1]: postgresql-13.service: Failed with result 'exit-code'.
Mar 31 07:58:51 rocky8Zabbix systemd[1]: Failed to start PostgreSQL 13 database server.
- PostgreSQL 13 서비스 재기동 (Active : running)
# systemctl disable postgresql-13.service
Removed /etc/systemd/system/multi-user.target.wants/postgresql-13.service.
# systemctl stop postgresql-13.service
# systemctl enable postgresql-13.service
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql-13.service → /usr/lib/systemd/system/postgresql-13.service.
# systemctl start postgresql-13.service
# systemctl status postgresql-13.service
● postgresql-13.service - PostgreSQL 13 database server
Loaded: loaded (/usr/lib/systemd/system/postgresql-13.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2024-03-31 08:03:17 KST; 4s ago
Docs: https://www.postgresql.org/docs/13/static/
Process: 28095 ExecStartPre=/usr/pgsql-13/bin/postgresql-13-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
Main PID: 28101 (postmaster)
Tasks: 8 (limit: 23144)
Memory: 16.9M
CGroup: /system.slice/postgresql-13.service
├─28101 /usr/pgsql-13/bin/postmaster -D /var/lib/pgsql/13/data/
├─28102 postgres: logger
├─28104 postgres: checkpointer
├─28105 postgres: background writer
├─28106 postgres: walwriter
├─28107 postgres: autovacuum launcher
├─28108 postgres: stats collector
└─28109 postgres: logical replication launcher
Mar 31 08:03:17 rocky8Zabbix systemd[1]: Starting PostgreSQL 13 database server...
Mar 31 08:03:17 rocky8Zabbix postmaster[28101]: 2024-03-31 08:03:17.692 KST [28101] LOG: redirecting log output to logging collector process
Mar 31 08:03:17 rocky8Zabbix postmaster[28101]: 2024-03-31 08:03:17.692 KST [28101] HINT: Future log output will appear in directory "log".
Mar 31 08:03:17 rocky8Zabbix systemd[1]: Started PostgreSQL 13 database server.
- PostgreSQL 13 계정 및 데이터베이스 생성 ※ zabbix 홈페이지에 나와 있는 zabbix 계정생성 및 db 생성
# sudo -u postgres createuser --pwprompt zabbix
# sudo -u postgres createdb -O zabbix zabbix
또는 postgres 로 로그인 하여
$ cd /usr/pgsql-13/bin/
$ psql
postgres=# create user zabbix password 'zabbix' superuser;
postgres=# create database zabbix owner zabbix;
혹시 몰라서 postgres 패스워드를 zabbix으로 변경
postgres=# alter user postgres with password 'zabbix';
- 계정생성 확인 ( zabbix 계정 superuser로 생성)
$ cd /usr/pgsql-13/bin/
$ psql
psql (13.14)
Type "help" for help.
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
zabbix | | {}
postgres=# ALTER USER zabbix superuser;
ALTER ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
zabbix | Superuser | {}
# /var/lib/pgsql/13/data/postgresql.conf
listen_addresses = 'localhost' 를 listen_addresses = '*' 로 변경
#/var/lib/pgsql/13/data/pg_hba.conf
host all all 0.0.0.0/0 scram-sha-256 / 줄 추가
host all all 0.0.0.0/0 trust / superuser 패스워드 없이 로그인시 줄 추가
(간혹 superuser 패스워드를 모를경우 trust mode로 설정하고
HeidiSQL 툴로 패스워드 없이 접속하여 superuser 초기 패스워드 변경)
# systemctl restart postgresql-13 / 시스템 환경 변경시 restart는 필수
- 데이터베이스 스키마 확인 (스키마 명 \dn명령어로 확인 public 으로 확인됨)
# su - postgres
Last login: Sun Mar 31 09:05:46 KST 2024 on pts/0
$ psql
psql (13.14)
Type "help" for help.
postgres=# \dn
List of schemas
Name | Owner
--------+----------
public | postgres
(1 row)
