Launch Zabbix on EC2 instance and RDS DB instance via nixops deployment tool
The following resources will be provisioned and managed as part of this nixops deployment
+--------------------------------+
| ec2-instance |
| elastic-ip |
| aws-route53-recordset |
| aws-route53-hosted-zone |
| ec2-keypair |
| ec2-rds-dbinstance |
| ec2-security-group for EC2 |
| ec2-security-group for RDS |
| iam-role |
| rds-subnet-group |
+--------------------------------+
These nix expressions allow the following :
- Creating an EC2 instance and configuring it
- Creating an elastic IP and associating it to the machine
- Enabling the zabbix-server systemd unit in a generic nix module
- Including zabbixWeb module for the GUI
- Creating the RDS DB Instance resource in VPC
- Creating RDS Subnet group and the VPC SG alongside
- Managing all instance security groups ( SSH, HTTPS, Zabbix Agent )
- Creating the Route53 hosted zone
- Creating the Route53 record set
- Whitelisting the whole VPC Cidr since the DNS of the zabbix server is resolved on the private IP
- Support the alerting via AWS SES
- Possibility to restore the RDS DB instance from snapshot
nixops create -d test-deployment $(pwd)/network.nix -I global_creds=/data/keys/zabbix
-
Add the VPC Cidr block in the "sg-db" of rules.nix
-
Update the "sg-ssh" rules with your IP addresses
-
Update the "sg-https" rules with your IP addresses
-
Update the "sg-agent" rules with IP addresses of the monitored servers
Mandatory
| Nix Arg | Example | Type |
|---|---|---|
| vpcId | "vpc-a1b473b1" | String |
| subnetId | "subnet-9714dbe1" | String |
| subnetIds | [ "subnet-2fed62ba" "subnet-6639bae3" ] | Nix |
| dnsZoneName | "example.com" | String |
| dnsName | "zabbix.example.com" | String |
Optional
| Nix Arg | Default | Type |
|---|---|---|
| account | "default" | String |
| region | "us-east-1" | String |
| zone | "us-east-1d" | String |
| instanceType | "m5.large" | String |
| timezone | "America/New_York" | String |
| sslCert | "" | String |
| zabbixServer | "default" | String |
| emailFrom | "[email protected]" | String |
| emailTo | "$1" | String |
| ownerDL | "[email protected]" | String |
| rdsEngine | "mysql" | String |
| rdsPort | 3306 | Nix |
| rdsName | "zabbixDB" | String |
| rdsUsername | "master" | String |
| rdsClass | "db.m3.xlarge" | String |
| rdsStorage | 200 | Nix |
| rdsSnapshot | "" | String |
Place the following secrets under <global_creds> :
-
zabbix-db-${zabbixServer}
-
${sslCert}.crt & ${sslCert}.key ( optional )
nixops deploy -d test-deployment
Output
nixops info -d test-deployment
$ nixops info -d zabbix-nix
Network name: zabbix-nix
Network UUID: 5db2c712-55e2-11eb-b862-41088537904a
Network description: Zabbix default NixOS
Nix expressions: /data/zabbix-nix/network.nix
Nix path: -I global_creds=/data/keys/zabbix
Nix arguments: region = "eu-central-1", zone = "eu-central-1a", vpcId = "vpc-abcdef", subnetId = "subnet-5381923", subnetIds = [ "subnet-123351a" "subnet-a12314314" ], dnsZoneName = "nixops.com", dnsName = "zabbix.nixops.com"
+-----------------------------+-----------------+-----------------------------------+-------------------------------------------------------------------------+---------------+
| Name | Status | Type | Resource Id | IP address |
+-----------------------------+-----------------+-----------------------------------+-------------------------------------------------------------------------+---------------+
| zabbix-default-hosted-zone | Up | aws-route53-hosted-zone | /hostedzone/Z089234OZDBDWURI5SN8 | |
| zabbix-default-dns | Up | aws-route53-recordset | zabbix.nixops.com. | |
| machine | Up / Up-to-date | ec2 [eu-central-1a; m5.large] | i-0f4eg4ga1d2fbce2c | 18.198.11.158 |
| zabbix-default-keypair | Up | ec2-keypair [eu-central-1] | charon-91233712-55e2-11eb-b862-41088537904a-zabbix-default-keypair | |
| zabbix-default-rds-db | Up | ec2-rds-dbinstance [eu-central-1] | zabbix-default | |
| zabbix-default-agent-sg | Up | ec2-security-group [eu-central-1] | zabbix-default-agent | |
| zabbix-default-https-sg | Up | ec2-security-group [eu-central-1] | zabbix-default-https | |
| zabbix-default-rds-sg | Up | ec2-security-group [eu-central-1] | zabbix-default-rds-db | |
| zabbix-default-ssh-sg | Up | ec2-security-group [eu-central-1] | zabbix-default-ssh | |
| zabbix-default-eipv4 | Up | elastic-ip [eu-central-1] | eipalloc-07g65f23 | |
| zabbix-default-role | Up | iam-role | charon-91233712-55e2-11eb-b862-41088537904a-zabbix-default-role | |
| zabbix-default-subnet-group | Up | rds-subnet-group | nixops-91233712-55e2-11eb-b862-41088537904a-zabbix-default-subnet-group | |
+-----------------------------+-----------------+-----------------------------------+-------------------------------------------------------------------------+---------------+
-
subnetIdmust exist in thezonespecified - SSL encryption is disabled by default, it gets enabled if you specify the
sslCertnix arg - If
sslCertnix arg is specified, the${sslCert}.crtand${sslCert}.keyfiles must be renamed depending on its value -
emailToby default will be set to the destination addresses defined in the zabbix actions, unless overriden by a static recipient - The
zabbix-db-${zabbixServer}file should be named based onzabbixServer's value - If you would like to restore the RDS DB instance from snapshot, you can do so by specifying the
rdsSnapshotnix argument