ansible-playbook批量部署Zabbix
通过ansible-playbook,批量部署Zabbix-server和Zabbix-agent。
准备
- 将所有部署zabbix-server的主机分为zbxserver组,将所有部署zabbix-agent的主机分为zbxagent组:
# vim /etc/ansible/hosts
[zbxserver]
192.168.30.128[zbxagent]
192.168.30.128
192.168.30.129
192.168.30.130
在硬件和网络足够强悍的情况下,单台服务器理论上可以支持5万个客户端。
- 创建管理目录:
# mkdir -p zabbix/roles/{mysql_install,nginx_install,server_install,agent_install}/{files,handlers,meta,tasks,templates,vars}# cd zabbix/
说明:
files:存放需要同步到异地服务器的源码文件及配置文件;
handlers:当资源发生变化时需要进行的操作,若没有此目录可以不建或为空;
meta:存放说明信息、说明角色依赖等信息,可留空;
tasks:zabbix安装过程中需要进行执行的任务;
templates:用于执行zabbix安装的模板文件,一般为脚本;
vars:本次安装定义的变量
# tree .
.
├── roles
│ ├── agent_install
│ │ ├── files
│ │ ├── handlers
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── install.yml
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yml
│ ├── mysql_install
│ │ ├── files
│ │ │ └── mysql-5.7.25-linux-glibc2.12-x86_64.tar.gz
│ │ ├── handlers
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── copy.yml
│ │ │ ├── install.yml
│ │ │ ├── main.yml
│ │ │ └── prepare.yml
│ │ ├── templates
│ │ │ ├── change_passwd.sh
│ │ │ ├── my.cnf
│ │ │ └── mysqld.service
│ │ └── vars
│ │ └── main.yml
│ ├── nginx_install
│ │ ├── files
│ │ │ ├── lzxlinux.crt
│ │ │ ├── lzxlinux.key
│ │ │ └── nginx-1.15.0.tar.gz
│ │ ├── handlers
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── copy.yml
│ │ │ ├── install.yml
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ ├── nginx.conf
│ │ │ ├── nginx.service
│ │ │ └── zabbix.conf
│ │ └── vars
│ │ └── main.yml
│ └── server_install
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── config.yml
│ │ ├── install.yml
│ │ ├── main.yml
│ │ └── prepare.yml
│ ├── templates
│ │ ├── mysql_config.sh
│ │ └── zabbix.conf
│ └── vars
│ └── main.yml
└── zabbix.yml29 directories, 30 files
- 创建zabbix入口文件,用来调用roles:
# vim zabbix.yml---
- hosts: zbxserverremote_user: rootgather_facts: Trueroles:- mysql_install- nginx_install- server_install- hosts: zbxagentremote_user: rootgather_facts: Trueroles:- agent_install
mysql部分
- 创建mysql入口文件,用来调用mysql_install:
# vim mysql.yml#用于批量安装MySQL
- hosts: zbxserverremote_user: rootgather_facts: Trueroles:- mysql_install
- 创建变量:
# vim roles/mysql_install/vars/main.yml#定义mysql安装中的变量
MYSQL_VER: 5.7.25
MYSQL_VER_MAIN: "{{ MYSQL_VER.split('.')[0] }}.{{ MYSQL_VER.split('.')[1] }}"DOWNLOAD_URL: https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-{{ MYSQL_VER_MAIN }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz
MYSQL_USER: mysql
MYSQL_PORT: 3306
MYSQL_PASSWD: 123456789
SOURCE_DIR: /software
BASE_DIR: /usr/local/mysql
DATA_DIR: /data/mysql
- 创建模板文件:
mysql配置文件
# vim roles/mysql_install/templates/my.cnf[client]
port = {{ MYSQL_PORT }}
socket = {{ BASE_DIR }}/tmp/mysql.sock[mysql]
default-character-set=utf8[mysqld]
default-storage-engine=INNODB
character_set_server=utf8
explicit_defaults_for_timestamp
basedir={{ BASE_DIR }}
datadir={{ DATA_DIR }}
socket={{ BASE_DIR }}/tmp/mysql.sock
log_error = {{ BASE_DIR }}/log/error.logsql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
mysql服务文件
# vim roles/mysql_install/templates/mysqld.service[Unit]
Description=MySQL Server
After=network.target
After=syslog.target[Install]
WantedBy=multi-user.target[Service]
User=mysql
Group=mysql
ExecStart={{ BASE_DIR }}/bin/mysqld --defaults-file=/etc/my.cnf#连接数限制
LimitNOFILE=65535
LimitNPROC=65535#Restart配置可以在进程被kill掉之后,让systemctl产生新的进程,避免服务挂掉
#Restart=always
PrivateTmp=false
更改数据库root密码脚本
# vim roles/mysql_install/templates/change_passwd.sh#!/bin/bash
#该脚本用于更改数据库root密码passwd={{ MYSQL_PASSWD }}
n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l`if [ $n -eq 0 ]
thenecho "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profilesource /etc/profile
elsesource /etc/profile
fi{{ BASE_DIR }}/bin/mysql -uroot -D mysql -e "UPDATE user SET authentication_string=PASSWORD("$passwd") WHERE user='root';"{{ BASE_DIR }}/bin/mysql -uroot -e "FLUSH PRIVILEGES;"{{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all privileges on *.* to root@'%' identified by '$passwd';"
- 环境准备prepare.yml:
# vim roles/mysql_install/tasks/prepare.yml
- name: 关闭firewalldservice: name=firewalld state=stopped enabled=no- name: 临时关闭 selinuxshell: "setenforce 0"failed_when: false- name: 永久关闭 selinuxlineinfile:dest: /etc/selinux/configregexp: "^SELINUX="line: "SELINUX=disabled"- name: 添加EPEL仓库yum: name=epel-release state=latest- name: 安装常用软件包yum:name:- vim- lrzsz- net-tools- wget- curl- bash-completion- rsync- gcc- unzip- git- perl-Data-Dumper- libaio-devel- autoconf- cmake- openssl- openssl-devel- pcre - pcre-devel - zlib- zlib-devel- gd-devel- libxml2-develstate: latest- name: 更新系统shell: "yum update -y"args:warn: False
- 文件拷贝copy.yml:
# vim roles/mysql_install/tasks/copy.yml
- name: 创建mysql用户组group: name={{ MYSQL_USER }} state=present- name: 创建mysql用户user: name={{ MYSQL_USER }} group={{ MYSQL_USER }} state=present create_home=False shell=/sbin/nologin- name: 创建所需目录file: name={{ item }} state=directory mode=0755 recurse=yeswith_items:- "{{ SOURCE_DIR }}"- "{{ DATA_DIR }}"- name: 更改目录属主属组file: name={{ DATA_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }}#当前主机下没有mysql包
- name: 下载mysql包get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }}#当前主机files目录下已有mysql包
#- name: 拷贝现有mysql包到所有主机
# copy: src=mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }}- name: 解压mysql包unarchive: src={{ SOURCE_DIR }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest=/usr/local owner={{ MYSQL_USER }} group={{ MYSQL_USER }}- name: 目录重命名shell: "mv /usr/local/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64 {{ BASE_DIR }} && chown -R {{ MYSQL_USER }}:{{ MYSQL_USER }} {{ BASE_DIR }}"- name: 拷贝mysql配置文件template: src=my.cnf dest=/etc/my.cnf owner=root group=root- name: 拷贝mysql服务文件template: src=mysqld.service dest=/usr/lib/systemd/system/mysqld.service owner=root group=root- name: 拷贝更改密码脚本template: src=change_passwd.sh dest={{ SOURCE_DIR }} owner=root group=root- name: 创建日志目录file: name={{ item }} state=directory owner={{ MYSQL_USER }} group={{ MYSQL_USER }} mode=0755 recurse=yeswith_items:- "/var/log/mysql"- "/var/run/mysqld"- "{{ BASE_DIR }}/tmp"- "{{ BASE_DIR }}/log"- name: 创建错误日志文件file: dest={{ BASE_DIR }}/log/error.log state=touch owner={{ MYSQL_USER }} group={{ MYSQL_USER }}
- mysql初始化install.yml:
# vim roles/mysql_install/tasks/install.yml
#初始化安装mysql
- name: mysql初始化shell: "{{ BASE_DIR }}/bin/mysqld --initialize-insecure --user={{ MYSQL_USER }} --basedir={{ BASE_DIR }} --datadir={{ DATA_DIR }}"- name: 拷贝启动脚本到/etc下copy: src={{ BASE_DIR }}/support-files/mysql.server dest=/etc/init.d/mysql- name: 修改启动脚本_1lineinfile:dest: /etc/init.d/mysqlregexp: "^basedir="insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting"line: "basedir={{ BASE_DIR }}"- name: 修改启动脚本_2lineinfile:dest: /etc/init.d/mysqlregexp: "^datadir="insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting"line: "datadir={{ DATA_DIR }}"- name: 修改启动脚本_3 file: dest=/etc/init.d/mysql state=file mode=0755- name: 配置环境变量shell: " if [ `grep {{ BASE_DIR }}/bin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ BASE_DIR }}/bin >> /etc/profile && source /etc/profile; else source /etc/profile; fi"- name: 启动mysql并开机启动shell: "systemctl daemon-reload && systemctl enable mysqld && systemctl start mysqld"- name: 设置数据库root密码shell: "bash {{ SOURCE_DIR }}/change_passwd.sh"
- 引用文件main.yml:
# vim roles/mysql_install/tasks/main.yml
#引用prepare、copy、install模块
- include: prepare.yml
- include: copy.yml
- include: install.yml
nginx部分
- 创建nginx入口文件,用来调用nginx_install:
# vim nginx.yml#用于批量安装Nginx
- hosts: zbxserverremote_user: rootgather_facts: Trueroles:- nginx_install
- 创建变量:
# vim roles/nginx_install/vars/main.yml#定义nginx安装中的变量
NGINX_VER: 1.15.0
DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz
NGINX_USER: nginx
NGINX_PORT: 80
HTTPD_PORT: 8081
SOURCE_DIR: /software
NGINX_DIR: /usr/local/nginx
DATA_DIR: /data/nginx
CERT_DIR: /home/keys
DOMAIN: zabbix.lzxlinux.com
- 自生成SSL证书:
# openssl genrsa -des3 -out tmp.key 2048# openssl rsa -in tmp.key -out lzxlinux.key# rm -f tmp.key# openssl req -new -key lzxlinux.key -out lzxlinux.csr# openssl x509 -req -days 365 -in lzxlinux.csr -signkey lzxlinux.key -out lzxlinux.crt# ls
lzxlinux.crt lzxlinux.csr lzxlinux.key
配置nginx SSL需要lzxlinux.crt和lzxlinux.key这两个文件,将其放入files目录下,域名是zabbix.lzxlinux.com
。
- 创建模板文件:
nginx主配置文件nginx.conf
# vim roles/nginx_install/templates/nginx.confuser nobody nobody;
worker_processes 1;
error_log {{ DATA_DIR }}/log/error.log crit;
pid /run/nginx.pid;worker_rlimit_nofile 51200;events {use epoll;worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log {{ DATA_DIR }}/log/access.log main;sendfile on;server_tokens off;tcp_nopush on;keepalive_timeout 65;client_header_timeout 3m;client_body_timeout 3m;send_timeout 3m;client_max_body_size 10m;client_body_buffer_size 256k;connection_pool_size 256;client_header_buffer_size 1k;large_client_header_buffers 8 4k;request_pool_size 4k;output_buffers 4 32k;postpone_output 1460;client_body_temp_path {{ NGINX_DIR }}/client_body_temp;fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp;fastcgi_intercept_errors on;tcp_nodelay on;proxy_connect_timeout 300s;proxy_read_timeout 300s;proxy_send_timeout 300s;proxy_buffer_size 64k;proxy_buffers 4 32k;proxy_busy_buffers_size 64k;proxy_temp_file_write_size 64k;proxy_ignore_client_abort on;proxy_temp_path {{ NGINX_DIR }}/proxy_temp;gzip on;gzip_min_length 1k;gzip_buffers 4 8k;gzip_comp_level 5;gzip_http_version 1.1;gzip_types text/plain application/x-javascript text/css text/htmapplication/xml;include vhost/*.conf;server{listen 80;server_name localhost;location /{root html;index index.html index.htm index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}
}
nginx vhost配置文件zabbix.conf
# vim roles/nginx_install/templates/zabbix.confserver
{listen 80;server_name {{ DOMAIN }};rewrite ^(.*)$ https://$host$1 permanent;
}server
{listen 443 ssl http2;server_name {{ DOMAIN }};#ssl on; #nginx1.15.0以上版本可以去掉ssl onssl_certificate {{ CERT_DIR }}/lzxlinux.crt;ssl_certificate_key {{ CERT_DIR }}/lzxlinux.key;#DHE密钥交换,本地生成#ssl_dhparam /etc/ssl/certs/dhparam.pem;#强制httpsadd_header X-Frame-Options deny;add_header X-Content-Type-Options nosniff;# 分配10MB的共享内存缓存,不同工作进程共享TLS会话信息ssl_session_cache shared:SSL:10m;# 设置会话缓存过期时间ssl_session_timeout 10m;#指定TLS协议的版本,不安全的SSL2和SSL3要废弃掉ssl_protocols TLSv1.1 TLSv1.2;#由服务器选择适配算法ssl_prefer_server_ciphers on;ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";# valid表示缓存5分钟,resolver_timeout表示网络超时时间resolver 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s;resolver_timeout 10s;location / {proxy_pass http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ HTTPD_PORT }};proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}access_log {{ DATA_DIR }}/log/zabbix_access.log;
}
nginx服务文件nginx.service
# vim roles/nginx_install/templates/nginx.service[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t
ExecStart={{ NGINX_DIR }}/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true[Install]
WantedBy=multi-user.target
- 文件拷贝copy.yml:
# vim roles/nginx_install/tasks/copy.yml
- name: 创建nginx用户组group: name={{ NGINX_USER }} state=present- name: 创建nginx用户user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin#- name: 创建software目录
# file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes- name: 创建证书目录file: name={{ CERT_DIR }} state=directory mode=0755 recurse=yes- name: 拷贝证书文件到所有主机_1copy: src=lzxlinux.key dest={{ CERT_DIR }}- name: 拷贝证书文件到所有主机_2copy: src=lzxlinux.crt dest={{ CERT_DIR }}- name: 创建日志目录file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yeswith_items:- "{{ DATA_DIR }}"- "{{ DATA_DIR }}/log"- name: 创建日志文件file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644with_items:- "{{ DATA_DIR }}/log/access.log"- "{{ DATA_DIR }}/log/error.log"- "{{ DATA_DIR }}/log/zabbix_access.log"#当前主机下没有nginx包
- name: 下载nginx包get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }}#当前主机file目录下已有nginx包
#- name: 拷贝现有nginx包到所有主机
# copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }}- name: 解压nginx包unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }}#复制nginx服务文件
- name: 拷贝nginx服务文件template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root
- 编译安装install.yml:
# vim roles/nginx_install/tasks/install.yml
#编译nginx
- name: 编译nginxshell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module"#安装nginx
- name: 安装nginxshell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install"- name: 拷贝nginx主配置文件template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }}- name: 创建vhost配置文件目录file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes- name: 拷贝nginx vhost配置文件template: src=zabbix.conf dest={{ NGINX_DIR }}/conf/vhost/zabbix.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644- name: 配置环境变量shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi"- name: 开机启动nginxshell: "systemctl daemon-reload && systemctl enable nginx"
- 引用文件main.yml:
# vim roles/nginx_install/tasks/main.yml
#引用copy、install模块
- include: copy.yml
- include: install.yml
zabbix-server 部分
- 创建server入口文件,用来调用server_install:
# vim server.yml#用于批量安装Zabbix-server
- hosts: zbxserverremote_user: rootgather_facts: Trueroles:- server_install
- 创建变量:
# vim roles/server_install/vars/main.yml#定义zabbix安装中的变量
ZABBIX_VER: 3.4
RPM_URL: https://repo.zabbix.com/zabbix/{{ ZABBIX_VER }}/rhel/7/x86_64/zabbix-release-{{ ZABBIX_VER }}-2.el7.noarch.rpmSOURCE_DIR: /software
HTTPD_PORT: 8081
BASE_DIR: /usr/local/mysql
MYSQL_PASSWD: 123456789
DOMAIN: zabbix.lzxlinux.com
- 创建模板文件:
zabbix配置文件zabbix.conf
# vim roles/server_install/templates/zabbix.conf<VirtualHost *:{{ HTTPD_PORT }}>
DocumentRoot "/usr/share/zabbix"ServerName {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}<Directory "/usr/share/zabbix">Options FollowSymLinksAllowOverride allRequire all granted<IfModule mod_php7.c>php_value max_execution_time 600php_value memory_limit 256Mphp_value post_max_size 16Mphp_value upload_max_filesize 32Mphp_value max_input_time 600php_value max_input_vars 10000php_value always_populate_raw_post_data -1php_value date.timezone Asia/Shanghai
</IfModule></Directory><Directory "/usr/share/zabbix/conf">Require all denied
</Directory><Directory "/usr/share/zabbix/app">Require all denied
</Directory><Directory "/usr/share/zabbix/include">Require all denied
</Directory><Directory "/usr/share/zabbix/local">Require all denied
</Directory></VirtualHost>
zabbix数据库配置脚本mysql_config.sh
# vim roles/server_install/templates/mysql_config.sh#!/bin/bash
#该脚本用于zabbix数据库配置passwd={{ MYSQL_PASSWD }}
n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l`if [ $n -eq 0 ]
thenecho "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profilesource /etc/profile
elsesource /etc/profile
fi{{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "create database zabbix character set utf8;"{{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all on zabbix.* to 'zabbix'@'%' identified by '$passwd';"{{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "FLUSH PRIVILEGES;"cd `find / -name zabbix-server-mysql*` && gzip -d create.sql.gz {{ BASE_DIR }}/bin/mysql -uroot -S {{ BASE_DIR }}/tmp/mysql.sock -p{{ MYSQL_PASSWD }} zabbix < create.sql
- 环境准备prepare.yml:
# vim roles/server_install/tasks/prepare.yml
- name: 安装RPM包yum:name: https://mirror.webtatic.com/yum/el7/webtatic-release.rpmstate: present- name: 安装软件yum:name:- httpd- php72w- php72w-cli- php72w-common- php72w-devel- php72w-embedded- php72w-fpm- php72w-gd- php72w-mbstring- php72w-mysqlnd- php72w-opcache- php72w-pdo- php72w-xml- php72w-bcmath- php72w-ctype- libjpeg*- php72w-xmlreader- php72w-xmlwriter- php72w-session- php72w-gettext- php72w-ldapstate: latest
- 配置文件config.yml:
# vim roles/server_install/tasks/config.yml
- name: 安装RPM包yum:name: "{{ RPM_URL }}"state: present- name: 安装软件yum:name:- zabbix-agent- zabbix-get- zabbix-server-mysql- zabbix-web- zabbix-web-mysql- zabbix-java-gatewaystate: latest- name: 拷贝zabbix数据库配置脚本template: src=mysql_config.sh dest={{ SOURCE_DIR }} owner=root group=root- name: 创建zabbix库、授权、导入数据shell: "bash {{ SOURCE_DIR }}/mysql_config.sh"- name: 修改httpd配置_1lineinfile:dest: /etc/httpd/conf/httpd.confregexp: "Listen 80"insertafter: "#Listen 12.34.56.78:80"line: "Listen {{ HTTPD_PORT }}"- name: 修改httpd配置_2lineinfile:dest: /etc/httpd/conf/httpd.confinsertafter: "Include conf.modules.d/*.conf"line: "Include conf.d/*.conf"
- 编译安装install.yml:
# vim roles/server_install/tasks/install.yml
- name: 拷贝zabbix配置文件template: src=zabbix.conf dest=/etc/httpd/conf.d/ owner=root group=root- name: 启动httpdservice:name: httpdstate: startedenabled: yes- name: 修改zabbix_server配置_1lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# DBHost=localhost"line: "DBHost={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"- name: 修改zabbix_server配置_2lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# DBPassword="line: "DBPassword={{ MYSQL_PASSWD }}"#监控jvm/tomcat性能
- name: 修改zabbix_server配置_3lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# JavaGateway="line: "JavaGateway={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"- name: 修改zabbix_server配置_4lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# JavaGatewayPort=10052"line: "JavaGatewayPort=10052"- name: 修改zabbix_server配置_5lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# StartJavaPollers=0"line: "StartJavaPollers=5"- name: 修改zabbix_server配置_6lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# CacheSize=8M"line: "CacheSize=1G"- name: 修改zabbix_server配置_7lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# HistoryCacheSize=16M"line: "HistoryCacheSize=256M"- name: 修改zabbix_server配置_8lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# HistoryIndexCacheSize=4M"line: "HistoryIndexCacheSize=256M"- name: 修改zabbix_server配置_9lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# TrendCacheSize=4M"line: "TrendCacheSize=256M"- name: 修改zabbix_server配置_10lineinfile:dest: /etc/zabbix/zabbix_server.confinsertafter: "# ValueCacheSize=8M"line: "ValueCacheSize=512M"- name: 修改zabbix_server配置_11lineinfile:dest: /etc/zabbix/zabbix_server.confregexp: "Timeout=4"insertbefore: "### Option: TrapperTimeout"line: "Timeout=30"- name: 启动nginxservice:name: nginxstate: started- name: 启动zabbix-server并开机启动service:name: zabbix-serverstate: startedenabled: yes
- 引用文件main.yml:
# vim roles/server_install/tasks/main.yml
#引用prepare、config、install模块
- include: prepare.yml
- include: config.yml
- include: install.yml
zabbix-agent 部分
- 创建agent入口文件,用来调用agent_install:
# vim agent.yml#用于批量安装Zabbix-agent
- hosts: zbxagentremote_user: rootgather_facts: Trueroles:- agent_install
- 创建变量:
# vim roles/agent_install/vars/main.yml#定义zabbix安装中的变量
ZABBIX_VER: 3.4
RPM_URL: https://repo.zabbix.com/zabbix/{{ ZABBIX_VER }}/rhel/7/x86_64/zabbix-release-{{ ZABBIX_VER }}-2.el7.noarch.rpmSERVER_IP: 192.168.30.128 #安装前必须指定zabbix-server IP
- 编译安装install.yml:
# vim roles/agent_install/tasks/install.yml
- name: 安装RPM包yum:name: "{{ RPM_URL }}"state: present- name: 安装软件yum:name:- zabbix-agentstate: latest- name: 修改zabbix_agent配置_1lineinfile:dest: /etc/zabbix/zabbix_agentd.confregexp: "Server=127.0.0.1"insertbefore: "### Option: ListenPort"line: "Server={{ SERVER_IP }}"- name: 修改zabbix_server配置_2lineinfile:dest: /etc/zabbix/zabbix_agentd.confinsertafter: "# StartAgents=3"line: "StartAgents=3"- name: 修改zabbix_server配置_3lineinfile:dest: /etc/zabbix/zabbix_agentd.confregexp: "ServerActive=127.0.0.1"insertbefore: "### Option: Hostname"line: "ServerActive={{ SERVER_IP }}"- name: 修改zabbix_server配置_4lineinfile:dest: /etc/zabbix/zabbix_agentd.confregexp: "Hostname=Zabbix server"insertbefore: "### Option: HostnameItem"line: "Hostname={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"- name: 修改zabbix_server配置_5lineinfile:dest: /etc/zabbix/zabbix_agentd.confinsertafter: "# UnsafeUserParameters=0"line: "UnsafeUserParameters=1"- name: 启动zabbix-agent并开机启动service:name: zabbix-agentstate: startedenabled: yes
- 引用文件main.yml:
# vim roles/agent_install/tasks/main.yml
#引用install模块
- include: install.yml
安装测试
- 执行安装:
# ansible-playbook zabbix.yml
# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 28927/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 8926/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9132/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 28927/nginx: master
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 27961/zabbix_agentd
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 28729/zabbix_server
tcp6 0 0 :::3306 :::* LISTEN 20126/mysqld
tcp6 0 0 :::8081 :::* LISTEN 26402/httpd
tcp6 0 0 :::22 :::* LISTEN 8926/sshd
tcp6 0 0 ::1:25 :::* LISTEN 9132/master
tcp6 0 0 :::10050 :::* LISTEN 27961/zabbix_agentd
tcp6 0 0 :::10051 :::* LISTEN 28729/zabbix_server
在Windows电脑hosts文件中添加一行:192.168.100.128 zabbix.lzxlinux.com
,打开网页访问。
测试安装没有问题,如果本地没有下载好的包,安装会慢一点。此外需要注意,在安装agent时,变量SERVER_IP必须指定。已存放至个人gitgub:ansible-playbook
ansible-playbook批量部署Zabbix相关推荐
- ansible结合playbook批量部署war包项目上线
批量部署jenkins.war包实现上线 用于测试war包上线 [root~localhost]~#vim /etc/ansible/test.yml - hosts: test vars: ...
- Ansible实现zabbix服务器agent端批量部署
项目需求:由于搭建zabbix,需要每台服务器都需要安装监控端(agent)正常的的操作是一台一台去安装,这样确实有点浪费时间,这里为大家准备了一款开源 的自动化运维工具Ansible,相信大家也很熟 ...
- 使用ansible批量部署开机启动时为字符界面
使用ansible批量部署开机启动时为字符界面 一.查看当前启动默认的引导目标 ansible product -u user1 -b -a "systemctl get-default&q ...
- ansible安装部署_运维日记|使用ansible批量部署crontab定时删归档任务
在某个下午,测试同事突然找过来说,之前测试服务器搭的几套oracle数据库忘记部署删除归档脚本了,要让小编都给部署一下. 数了数,有接近十套呢,一部部登陆上去,部署一个删归档脚本,然后再到cron ...
- 基于ansible Role实现批量部署lamp平台
一.ansible Role介绍 # ansilbe自1.2版本引入的新特性,用于层次性.结构化地组织playbook. # roles能够根据层次型结构自动装载变量文件.tasks以及handler ...
- Ansible概述与部署及playbook剧本编写
Ansible自动化运维管理工具的概述与部署 文章目录 Ansible自动化运维管理工具的概述与部署 一.Ansible简介 1.Ansible概述 2.ansible环境安装部署 3.ansible ...
- ansible批量部署
ansible ansible是一种自动化运维工具,基于paramiko开发的,并且基于模块化工作,Ansible是一种集成IT系统的配置管理.应用部署.执行特定任务的开源平台,它是基于python语 ...
- 基于ansible role实现LAMP平台批量部署 - 推酷
基于ansible role实现LAMP平台批量部署 - 推酷 基于ansible role实现LAMP平台批量部署 - 推酷 posted on 2016-04-07 17:17 lexus 阅读( ...
- 使用Asible批量部署yum仓库
使用Asible批量部署yum仓库 一.工作要求及目的 二.playbook内容 三.运行palybook 一.工作要求及目的 使用华为镜像源作为yum仓库批量分发达到所有受控端 二.playbook ...
最新文章
- Linux下运行run文件
- 小五:从个人用户无法注册.CN域名说起
- redis常见关键字
- python爬取jsp网页_帮MM用python抓取index及一级目录下的所有符合要求的网页
- 网络编程: 基于UDP协议的socket
- java 多线程 举例,Java多线程简单举例
- Silverlight-style
- mysql 删除后缀表_mysql批量删除指定前缀或后缀表
- BOB靶机渗透实战-----攻略(大神勿喷)
- TCP快速重传触发条件的一个细节
- python趣味编程100例-儿童Python趣味编程课程
- 【毕业设计】基于SSM实现酒店管理系统(论文+源码+ppt+视频)
- 微信铃声设置教程,怎么设置微信铃声?
- CREO-三维建模技巧
- 参数估计:对无偏性的理解
- qt 实现导航栏切换页面功能 stackedWidget
- 改进YOLOv5系列:13.添加CrissCrossAttention注意力机制
- 多线程经典问题 卖票问题
- 【5G核心网】5G Non 3GPP接入-N3IWF
- iframe的src可以引入任何源,但是二者如果想通信的话,必须是同源,如果是非同源,如何解决?
热门文章
- SQL查询JSON格式的字段值 JSON_UNQUOTE与JSON_EXTRACT 去除SQL中双引号
- HDU 2370 Convert Kilometers to Miles
- 很多人觉得做地推很没有面子
- 中科大脑知识图谱平台建设及业务实践
- 如何防止SP利用欠费进行套利
- android:手机与BLE-CC41-A蓝牙模块通信
- burp安装及代理设置
- poj 2152 Fire - 经典树形dp
- PC微信 HOOK 接口 (版本:3.6.0.18)
- Unity3d实现阿拉伯语适配,不规则特殊字符的处理。