zabbix7 amazon linux2023 インストール postgres15

【postgres】

dnf -y install postgresql15-server postgresql15-server-devel
postgresql-setup initdb
passwd postgres
vi `find / -name pg_hba.conf` << __EOF__
#local all all peer
local all all trust
#host all all 127.0.0.1/32 ident
host all all 10.0.0.0/16   password

host all all 127.0.0.1/32 password

__EOF__

find / -name postgresql.conf
vi /var/lib/pgsql/data/postgresql.conf <<__EOF__
listen_addresses = '*'
port = 5432

log_timezone = 'Asia/Tokyo'
timezone = 'Asia/Tokyo'
lc_messages = 'ja_JP.utf8' # locale for system error message
lc_monetary = 'ja_JP.utf8' # locale for monetary formatting
lc_numeric = 'ja_JP.utf8' # locale for number formatting
lc_time = 'ja_JP.utf8'
__EOF__
systemctl start postgresql
systemctl start postgresql
systemctl enable postgresql

【zabbix】
rpm -Uvh https://repo.zabbix.com/zabbix/7.0/amazonlinux/2023/x86_64/zabbix-release-latest.amzn2023.noarch.rpm
dnf clean all
dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-apache-conf zabbix-sql-scripts zabbix-agent2
sudo -u postgres createuser --pwprompt zabbix
sudo -u postgres createdb -O zabbix zabbix
zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix
vi /etc/zabbix/zabbix_server.conf

DBPassword=xxxxx
vi /etc/php-fpm.d/zabbix.conf <<__EOF__
php_value[date.timezone] = Asia/Tokyo

__EOF__

systemctl restart zabbix-server zabbix-agent2 httpd php-fpm
systemctl enable zabbix-server zabbix-agent2 httpd php-fpm

Admin/zabbix

【agent2】

rpm -Uvh https://repo.zabbix.com/zabbix/7.0/amazonlinux/2023/x86_64/zabbix-release-latest.amzn2023.noarch.rpm

dnf install zabbix-agent2

vi /etc/zabbix/zabbix_agent2.d/plugins.d/z99-local.conf <<__EOF__

LogFileSize=1

Server=10.0.19.119

ServerActive=10.0.19.119:10051

Hostname=Zabbix server

#HostMetadata=Rockylinux

HostMetadataItem=system.uname

#ControlSocket=/run/zabbix/agent.sock

AllowKey=system.run[*]

__EOF__

systemctl start zabbix-agent2

systemctl enable zabbix-agent2

dnf install zabbix-get

zabbix_get -s 10.0.19.119 -k agent.version

aurora-postgres リリースバージョン

 aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[].[EngineVersion]' --output text --region ap-northeast-1

['VER_10_11', 'VER_10_12', 'VER_10_13', 'VER_10_14', 'VER_10_16', 'VER_10_17', 'VER_10_18', 'VER_10_19', 'VER_10_20', 'VER_10_21', 'VER_10_4', 'VER_10_5', 'VER_10_6', 'VER_10_7', 'VER_11_11', 'VER_11_12', 'VER_11_13', 'VER_11_14', 'VER_11_15', 'VER_11_16', 'VER_11_17', 'VER_11_18', 'VER_11_19', 'VER_11_20', 'VER_11_21', 'VER_11_4', 'VER_11_6', 'VER_11_7', 'VER_11_8', 'VER_11_9', 'VER_12_10', 'VER_12_11', 'VER_12_12', 'VER_12_13', 'VER_12_14', 'VER_12_15', 'VER_12_16', 'VER_12_17', 'VER_12_18', 'VER_12_19', 'VER_12_4', 'VER_12_6', 'VER_12_7', 'VER_12_8', 'VER_12_9', 'VER_13_10', 'VER_13_11', 'VER_13_12', 'VER_13_13', 'VER_13_14', 'VER_13_15', 'VER_13_3', 'VER_13_4', 'VER_13_5', 'VER_13_6', 'VER_13_7', 'VER_13_8', 'VER_13_9', 'VER_14_10', 'VER_14_11', 'VER_14_12', 'VER_14_3', 'VER_14_4', 'VER_14_5', 'VER_14_6', 'VER_14_7', 'VER_14_8', 'VER_14_9', 'VER_15_2', 'VER_15_3', 'VER_15_4', 'VER_15_5', 'VER_15_6', 'VER_15_7', 'VER_16_0', 'VER_16_1', 'VER_16_2', 'VER_16_3', 'VER_9_6_11', 'VER_9_6_12', 'VER_9_6_16', 'VER_9_6_17', 'VER_9_6_18', 'VER_9_6_19', 'VER_9_6_22', 'VER_9_6_8', 'VER_9_6_9', '__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getstate__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__jsii_declared_type__', '__jsii_type__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'aurora_postgres_full_version', 'aurora_postgres_major_version', 'of']

オラクルインデックス作成

ALTER TABLE ARCSDBCS.CSM002 ADD CONSTRAINT CSM002_PK PRIMARY KEY (UCODE) ENABLE;

CREATE INDEX CSM002_INDEX01 ON ARCSDBCS.CSM002 (gcode, ccode, scode) TABLESPACE USERS;

DROP INDEX CSM002_INDEX01;

EC2 AWS上での動作判定 メタ情報の取得

import requests
METADATA_URL = "http://169.254.169.254/latest/"
def is_aws_instance():
　　try:
　　　　token = requests.put(
　　　　　　METADATA_URL + "api/token",　　
　　　　　　headers={"X-aws-ec2-metadata-token-ttl-seconds": "3600"}
　　　　).text
　　　　metadata = requests.get(
　　　　　　METADATA_URL + "meta-data/",
　　　　　　headers={"X-aws-ec2-metadata-token": token}
　　　　)
　　　　return str(metadata.status_code) == '200'
　　except requests.RequestException:
　　　　return False

if is_aws_instance():
　　print("This instance is running on AWS.meta=")
else:
　　print("This instance is not running on AWS.meta=")

codeでssh

1)  Remote-ssh拡張機能インストール

2) 

gradle インストール tomcat build環境

・javaインストール

# cd /opt

# wget https://services.gradle.org/distributions/gradle-8.10-bin.zip

# unzip gradle-8.10-bin.zip

# ln -s   gradle-8.10 gradle

# vi /etc/profile.d/gradle.sh <<__EOF__

export GRADLE_HOME=/opt/gradle

export PATH=$GRADLE_HOME/bin:$PATH

__EOF__

$ source /etc/profile

$ cd Make

$ mkdir gradle_app

$ cd gradle_app

$ mkdir -p src/main/java/com/example

$ mkdir -p src/main/webapp/WEB-INF

$ vi build.gradle <<__EOF__

plugins {

  id 'war'

}

repositories {

  mavenCentral()

}

dependencies {

  // Jakarta Servlet 5.0 API

  // https://mvnrepository.com/artifact/jakarta.servlet/jakarta.servlet-api

  providedCompile 'jakarta.servlet:jakarta.servlet-api:5.0.0'

}

// Java 22

sourceCompatibility = 22

targetCompatibility = 22

// Application

version = '1.0'

__EOF__

$ vi src/main/webapp/WEB-INF/web.xml <<__EOF__

<?xml version="1.0" encoding="UTF-8"?>

<!-- Web Application Deployment Descriptor (Jakarta Servlet 5.0) -->

<web-app

  xmlns="https://jakarta.ee/xml/ns/jakartaee"

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee

  https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd"

  version="5.0">

  <servlet>

    <servlet-name>myjsp</servlet-name>

    <jsp-file>/myjsp.jsp</jsp-file>

  </servlet>

  <servlet-mapping>

    <servlet-name>myjsp</servlet-name>

    <url-pattern>/myjsp</url-pattern>

  </servlet-mapping>

</web-app>

__EOF__

$ vi src/main/java/com/example/MyServlet.java

$ vi src/main/webapp/myjsp.jsp

$ gradle build

$ tree

.

├── build

│   ├── classes

│   │   └── java

│   │       └── main

│   │           └── com

│   │               └── example

│   │                   └── MyServlet.class

│   ├── generated

│   │   └── sources

│   │       ├── annotationProcessor

│   │       │   └── java

│   │       │       └── main

│   │       └── headers

│   │           └── java

│   │               └── main

│   ├── libs

│   │   └── gradle_app-1.0.war

│   └── tmp

│       ├── compileJava

│       │   └── previous-compilation-data.bin

│       └── war

│           └── MANIFEST.MF

├── build.gradle

└── src

    └── main

        ├── java

        │   └── com

        │       └── example

        │           └── MyServlet.java

        └── webapp

            ├── WEB-INF

            │   └── web.xml

            └── myjsp.jsp

# cp -p  build/libs/gradle_app-1.0.war  /opt/tomcat/webapps/

URL:  localhost/gradle_app/myjsp

【SELINUX】

sestatus

sudo dnf install policycoreutils-python-utils

sudo grep tomcat /var/log/audit/audit.log

sudo chcon -R -t tomcat_exec_t /opt/tomcat

sudo chcon -R -t tomcat_var_lib_t /opt/tomcat/logs

sudo audit2allow -a -M tomcat-custom

sudo semodule -i tomcat-custom.pp

sudo restorecon -R -v /opt/tomcat

パラメータストア

# vi /etc/sysconfig/cxdnext/ssm-param-pre-exec.sh << __EOF__
#!/bin/bash
#----------------------------------------------
# パラメータストアからの環境取得
#----------------------------------------------
main(){
case "$1" in
"export" )
EVAL_COMMAND="echo export \${NAME##*/}=\$VALUE"
parameter_store
;;
*)
EVAL_COMMAND="systemctl set-environment \${NAME##*/}=\$VALUE"
parameter_store
;;
esac
}
parameter_store(){
# Load environmental variables
SSM_PARAMETER_STORE=$(aws ssm get-parameters-by-path --region ap-northeast-1 --path "/CXDNEXT/" --with-decryption)

echo ${SSM_PARAMETER_STORE} | jq -c '.Parameters[]' | while read i; do
NAME=$(echo $i | jq -r '.Name')
VALUE=$(echo $i | jq -r '.Value' | sed 's/\$/\\$/g')
eval $EVAL_COMMAND
done
}
main $@

__EOF__

※ 独自の環境変数を発生させる

#systemctl set-environment {NAME}={VALUE}
systemctl set-environment PARAMETER_STORE=ENABLE_DAYO

# cp -p /usr/lib/systemd/system/httpd.service  /etc/systemd/system/httpd.service

# vi /etc/systemd/system/httpd.service

ExecStartPre=/usr/bin/bash /etc/sysconfig/cxdnext/ssm-param-pre-exec.sh

systemctl stop httpd

systemctl disable httpd

systemctl enable httpd

systemctl start httpd

# systemctl status httpd

● httpd.service - The Apache HTTP Server

     Loaded: loaded (/etc/systemd/system/httpd.service; enabled; preset: disabled)

# vi /opt/tomcat/bin/setenv.sh  <<__EOF__

source <( sh /etc/sysconfig/cxdnext/ssm-param-pre-exec.sh export )

__EOF__