ansible 批量安装zabbix-agent

时间:2021-04-15 17:29:31

服务器初始化(这是在建立在新的服务器基础上做的初始化)关闭防火墙、selinux,添加epel常用源,安装常用工具、添加普通用户并禁止root

 1、服务器批量初始化

[root@fwd ansible]# cat init.yml  系统初始化脚本
---
- hosts: all

  tasks: 
    - name: disable selinux、firewalls,replace ali sources
      shell: |
        sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
        systemctl disable firewalld
        mkdir -p /etc/yum.repos.d/backup
        mv /etc/yum.repos.d/* /etc/yum.repos.d/backup/
        curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

    - name: ensure a list of packages installed
      yum:
        name: "{{ packages }}"
      vars:
        packages:
        - wget
        - vim
        - sysstat
        - lrzsz
        - lsof

    - name: Add the user centos 
      user:
        name: centos 
        group: wheel

    - name:  disabled root remote login
      replace:
        path: /etc/ssh/sshd_config
        regexp: '\#PermitRootLogin yes'
        replace: 'PermitRootLogin no'
        backup: yes

    - name: modify ssh port
      shell: sed -i '/^\#Port/a\Port 22201' /etc/ssh/sshd_config

    - name: restart ssh
      service:
        name: sshd
        state: restarted

    - name: Add epel and reboot server
      shell: |
        reboot

 2、检测语法

[root@fwd ansible]# ansible-playbook -C init.yml 

PLAY [all] *******************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [192.168.9.22]
ok: [192.168.9.14]
ok: [192.168.9.132]

TASK [disable selinux、firewalls,replace ali sources] *************************************************************************************************************************************************************************************************************************
skipping: [192.168.9.132]
skipping: [192.168.9.14]
skipping: [192.168.9.22]

TASK [ensure a list of packages installed] ***********************************************************************************************************************************************************************************************************************************
changed: [192.168.9.22]
changed: [192.168.9.14]
changed: [192.168.9.132]

TASK [Add the user centos] ***************************************************************************************************************************************************************************************************************************************************
changed: [192.168.9.22]
changed: [192.168.9.132]
changed: [192.168.9.14]

TASK [disabled root remote login] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.9.132]
changed: [192.168.9.22]
changed: [192.168.9.14]

TASK [modify ssh port] *******************************************************************************************************************************************************************************************************************************************************
skipping: [192.168.9.22]
skipping: [192.168.9.132]
skipping: [192.168.9.14]

TASK [restart ssh] ***********************************************************************************************************************************************************************************************************************************************************
changed: [192.168.9.22]
changed: [192.168.9.132]
changed: [192.168.9.14]

TASK [Add epel and reboot server] ********************************************************************************************************************************************************************************************************************************************
skipping: [192.168.9.22]
skipping: [192.168.9.132]
skipping: [192.168.9.14]

PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
192.168.9.132              : ok=5    changed=4    unreachable=0    failed=0   
192.168.9.14               : ok=5    changed=4    unreachable=0    failed=0   
192.168.9.22               : ok=5    changed=4    unreachable=0    failed=0   

3、mysql 安装,并创建zabbix 需要数据库

[root@fwd ~]# wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
[root@fwd ~]# rpm -ivh mysql-community-release-el7-5.noarch.rpm
[root@fwd ~]# yum install mysql-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
mysql-connectors-community                                                                                   | 2.5 kB  00:00:00     
mysql-tools-community                                                                                        | 2.5 kB  00:00:00     
mysql56-community                                                                                            | 2.5 kB  00:00:00     
(1/3): mysql-connectors-community/x86_64/primary_db                                                          |  41 kB  00:00:00     
(2/3): mysql-tools-community/x86_64/primary_db                                                               |  58 kB  00:00:00     
(3/3): mysql56-community/x86_64/primary_db                                                                   | 226 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package Percona-Server-server-56.x86_64 0:5.6.43-rel84.3.el7 will be installed
--> Processing Dependency: Percona-Server-client-56 for package: Percona-Server-server-56-5.6.43-rel84.3.el7.x86_64
--> Processing Dependency: Percona-Server-shared-56 for package: Percona-Server-server-56-5.6.43-rel84.3.el7.x86_64
--> Running transaction check
---> Package Percona-Server-client-56.x86_64 0:5.6.43-rel84.3.el7 will be installed
---> Package Percona-Server-shared-56.x86_64 0:5.6.43-rel84.3.el7 will be obsoleting
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be obsoleted
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================
 Package                              Arch               Version                           Repository                          Size
====================================================================================================================================
Installing:
 Percona-Server-server-56             x86_64             5.6.43-rel84.3.el7                percona-release-x86_64              18 M
 Percona-Server-shared-56             x86_64             5.6.43-rel84.3.el7                percona-release-x86_64             619 k
     replacing  mariadb-libs.x86_64 1:5.5.60-1.el7_5
Installing for dependencies:
 Percona-Server-client-56             x86_64             5.6.43-rel84.3.el7                percona-release-x86_64             5.5 M

Transaction Summary
====================================================================================================================================
Install  2 Packages (+1 Dependent package)

Total size: 24 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/percona-release-x86_64/packages/Percona-Server-client-56-5.6.43-rel84.3.el7.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 8507efa5: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percona


The GPG keys listed for the "Percona-Release YUM repository - x86_64" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


 Failing package is: Percona-Server-client-56-5.6.43-rel84.3.el7.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Percon
 报错Percona-Release YUM存储库 -  x86_64”存储库列出的GPG密钥已经安装!
 解决办法如下:
[root@fwd ~]# yum update percona-release 
[root@fwd ~]# systemctl start mysqld

3.1、修改mysql 密码 授权zabbix用户

[root@fwd ~]# mysql_secure_installatio 
[root@fwd ~]# mysqladmin -u root password "123456";  2中方法随意
[root@fwd ~]# mysql -uroot -p
Enter password:
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> grant all privileges on zabbix.* to zabbix@localhost identified by '123456';
mysql> quit;  

3.2、安装zabbix 4.0 server 添加zabbix 4.0 存储库, 并使用mysql 支持zabbix前端

[root@fwd ~]# yum install -y https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
[root@fwd ~]# yum install -y zabbix-server-mysql zabbix-web-mysql zabbix-agent zabbix-get

3.3、导入表结构

 

[root@fwd ~]# zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

 

3.4、修改配置文件

编辑 /etc/httpd/conf.d/zabbix.conf
php_value date.timezone Europe/Riga  修改为 php_value date.timezone Asia/Shanghai
编辑 /etc/zabbix/zabbix_server.conf
DBPassword=123456

3.5、开启服务,并设置开机自启

[root@fwd ~]# systemctl restart zabbix-server zabbix-agent httpd
[root@fwd ~]# systemctl enable zabbix-server zabbix-agent httpd

4、批量部署zabbix-agent 客户端

 

[root@fwd ansible]# pwd
/etc/ansible
[root@fwd ansible]# tree
.
├── ansible.cfg
├── comon_site.retry
├── comon_site.yml
├── hosts
├── init.retry
├── init.yml
├── roles
│   ├── common
│   │   ├── defaults
│   │   │   └── main.yml
│   │   ├── files
│   │   │   ├── common_id_rsa.pub
│   │   │   ├── common_sshd_config
│   │   │   └── common_sysctl.conf
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   │   ├── common_motd
│   │   │   └── common_sshd_config
│   │   └── vars
│   │       └── main.yml
│   └── zabbix_agent
│       ├── files
│       │   └── zabbix-agent-4.0.2-1.el7.x86_64.rpm
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           └── zabbix_agentd.conf.j2

4.1、查看hosts 文件  

[root@fwd ansible]# cat hosts
[james]
192.168.9.22
192.168.9.132
192.168.9.14

 

[root@fwd ansible]# cat zabbix_agent.yml   
- hosts: all
  user: root
  vars:
     zabbix_serverip: 192.168.9.129 # zabbix 服务器IP
     zabbix_activeip: 192.168.9.129 # zabbix 服务器IP
     agent_hostname: '{{ ansible_hostname }}' # 客户端hostname
     agent_ip: '{{ ansible_ens33.ipv4.address }}' # 客户端IP 根据实际情况修改自己的网卡名字ens33 改成自己服务器
  roles:
    - zabbix_agent

4.2、在/etc/ansible/roles/zabbix_agent/ 创建tasks 目录 添加 main.yml 文件

 

[root@fwd tasks]# cat main.yml   # 这里写的是zabbix-agent 安装剧本
- name: copy zabbix_agentd 
  copy: src=/etc/ansible/roles/zabbix_agent/files/zabbix-agent-4.0.2-1.el7.x86_64.rpm dest=/usr/local/src/zabbix-agent-4.0.2-1.el7.x86_64.rpm
- name: install zabbix-agend
  shell: rpm -ivh /usr/local/src/zabbix-agent-4.0.2-1.el7.x86_64.rpm # 安装zabbix agentd
- name: up zabbix-agent file client  # 上传配置文件
  template: src=zabbix_agentd.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf
- name: enabled service zabbix-agent # 打开zabbix-agent 开机启动
  service: name=zabbix-agent enabled=yes
- name: start  service zabbix-agent # 启动zabbix-agent
  service: name=zabbix-agent  state=started

 

4.3、在/etc/ansible/roles/zabbix_agent/ 下创建 templates 文件,定义zabbix_agent.conf .js模板文件

[root@fwd templates]# cat zabbix_agentd.conf.j2 
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
EnableRemoteCommands=1  #远程执行命令的选项
Server={{zabbix_serverip}} #自定义server IP 变量
ListenPort=10050
ServerActive={{zabbix_activeip}}
Hostname={{ansible_hostname}}  #自定义主机名变量
AllowRoot=1
UnsafeUserParameters=1   #设置为1 表示允许用户自定义key值
HostMetadataItem=system.uname
Include=/etc/zabbix/zabbix_agentd.d/*.confgather_facts: false

5、执行批量安装  

 

[root@fwd ansible]# ansible-playbook zabbix_agent.yml 

PLAY [all] *************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************
ok: [192.168.9.22]
ok: [192.168.9.14]
ok: [192.168.9.132]

TASK [zabbix_agent : copy zabbix_agentd] *******************************************************************************************
changed: [192.168.9.132]
changed: [192.168.9.22]
changed: [192.168.9.14]

TASK [zabbix_agent : install zabbix-agend] *****************************************************************************************
changed: [192.168.9.132]
changed: [192.168.9.22]
changed: [192.168.9.14]

TASK [zabbix_agent : up zabbix-agent file client] **********************************************************************************
changed: [192.168.9.22]
changed: [192.168.9.132]
changed: [192.168.9.14]

TASK [zabbix_agent : enabled service zabbix-agent] *********************************************************************************
changed: [192.168.9.132]
changed: [192.168.9.22]
changed: [192.168.9.14]

TASK [zabbix_agent : start  service zabbix-agent] **********************************************************************************
changed: [192.168.9.132]
changed: [192.168.9.22]
changed: [192.168.9.14]

PLAY RECAP *************************************************************************************************************************
192.168.9.132              : ok=6    changed=5    unreachable=0    failed=0   
192.168.9.14               : ok=6    changed=5    unreachable=0    failed=0   
192.168.9.22               : ok=6    changed=5    unreachable=0    failed=0 

 

检查客户端zabbix_agent服务是否启动  

 

[root@fwd ansible]# ansible james -m shell -a "ps -ef | grep zabbix_agent"
192.168.9.132 | CHANGED | rc=0 >>
root       9512      1  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
root       9513   9512  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
root       9514   9512  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
root       9515   9512  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
root       9516   9512  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
root       9517   9512  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
root       9566   9565  0 13:26 pts/0    00:00:00 /bin/sh -c ps -ef | grep zabbix_agent
root       9568   9566  0 13:26 pts/0    00:00:00 grep zabbix_agent

192.168.9.14 | CHANGED | rc=0 >>
root       8847      1  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
root       8848   8847  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
root       8849   8847  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
root       8850   8847  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
root       8851   8847  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
root       8852   8847  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
root       8902   8901  0 13:26 pts/1    00:00:00 /bin/sh -c ps -ef | grep zabbix_agent
root       8904   8902  0 13:26 pts/1    00:00:00 grep zabbix_agent

192.168.9.22 | CHANGED | rc=0 >>
root       8982      1  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
root       8983   8982  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
root       8984   8982  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
root       8985   8982  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
root       8986   8982  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
root       8987   8982  0 13:26 ?        00:00:00 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
root       9037   9036  0 13:26 pts/1    00:00:00 /bin/sh -c ps -ef | grep zabbix_agent
root       9039   9037  0 13:26 pts/1    00:00:00 grep zabbix_agent

[root@fwd ansible]# ansible james -m shell -a "netstat -plunt"
192.168.9.22 | CHANGED | rc=0 >>
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      6769/httpd          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7343/sshd           
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      8982/zabbix_agentd  
tcp6       0      0 :::22                   :::*                    LISTEN      7343/sshd           
tcp6       0      0 :::10050                :::*                    LISTEN      8982/zabbix_agentd  

192.168.9.132 | CHANGED | rc=0 >>
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      6865/httpd          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7826/sshd           
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      9512/zabbix_agentd  
tcp6       0      0 :::873                  :::*                    LISTEN      6869/xinetd         
tcp6       0      0 :::22                   :::*                    LISTEN      7826/sshd           
tcp6       0      0 :::10050                :::*                    LISTEN      9512/zabbix_agentd  
udp        0      0 0.0.0.0:68              0.0.0.0:*                           7643/dhclient       

192.168.9.14 | CHANGED | rc=0 >>
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7245/sshd           
tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN      8847/zabbix_agentd  
tcp6       0      0 :::22                   :::*                    LISTEN      7245/sshd           
tcp6       0      0 :::10050                :::*                    LISTEN      8847/zabbix_agentd

 

5.1、这里介绍下忘记zabbix 登录密码怎么办,因为我经常忘记 查看md5秘钥

[root@fwd templates]# mysql -uroot -p -e "select * from zabbix.users\G"
Enter password: 
*************************** 1. row ***************************
        userid: 1
         alias: Admin
          name: Zabbix
       surname: Administrator
        passwd: 5fce1b3e34b520afeffb37ce08c7cd66
           url: 
     autologin: 1
    autologout: 0
          lang: en_GB
       refresh: 30s
          type: 3
         theme: default
attempt_failed: 0
    attempt_ip: 
 attempt_clock: 0
 rows_per_page: 50
*************************** 2. row ***************************
        userid: 2
         alias: guest
          name: 
       surname: 
        passwd: d41d8cd98f00b204e9800998ecf8427e
           url: 
     autologin: 0
    autologout: 15m
          lang: en_GB
       refresh: 30s
          type: 1
         theme: default
attempt_failed: 0
    attempt_ip: 
 attempt_clock: 0
 rows_per_page: 50  
[root@fwd templates]# mysql -uroot -p
Enter password:
    mysql>use zabbix ;  进入到zabbix数据库
    mysql>update users set passwd='5fce1b3e34b520afeffb37ce08c7cd66' where userid='1';
    因为5fce1b3e34b520afeffb37ce08c7cd66 = zabbix  你现在就可以用 Admin zabbix 登录了~

6、zabbix自动发现,自动添加(我们批量安装zabbix_agent的目的就是因为以后服务器越来越多,面对越来越多的服务器,我们一台一台添加明显有点不现实!所以就要用到zabbix的自动发现登录zabbix http://localhost/zabbix)  

6.1、配置自动发现规则

ansible 批量安装zabbix-agent

ansible 批量安装zabbix-agent

6.2、配置-动作-触发器-创建动作

ansible 批量安装zabbix-agent

ansible 批量安装zabbix-agent

6.3、配置完毕,几分钟后zabbix--监控中--自动发现

ansible 批量安装zabbix-agent

6.4、自动注册 配置-动作-自动注册

ansible 批量安装zabbix-agent

ansible 批量安装zabbix-agent

更新过后,刷新就会发现发现的主机已经自动添加了

ansible 批量安装zabbix-agent

报错主机无法被监控是因为我客户端防火墙开启了,没对外开放10050端口,给防火墙添加条规则就可以

[root@proxy-01 network-scripts]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 10050 -j ACCEPT   添加规则 对外开放10050端口
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@proxy-01 network-scripts]# systemctl restart iptables.service
[root@proxy-01 network-scripts]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   30  1980 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:10050
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 16 packets, 1552 bytes)
 pkts bytes target     prot opt in     out     source               destination