十三、使用Ansible批量安装Zabbix Agent,并通过自动注册添加Linux主机:
1、Ansible简介:
Ansible是一款基于Python研发的开源自动化工具,实现了批量运行命令、批量部署程序、批量配置系统等功能。默认通过SSH协议(也可使用其它协议)进行远程命令执行或下发配置,无需部署任何客户端代理软件(agentless)在被管控主机上,并可同时支持多台主机并行管理。Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。Ansible帮助文档:https://docs.ansible.com/ansible/latest/index.html
2、演示环境:
IP |
操作系统 |
主机名 |
角色 |
192.168.0.120 |
CentOS 7.7 x86_64 |
zabbix-server |
Zabbix Database、Zabbix Server、Zabbix Web、Zabbix Agent、Ansible主机 |
192.168.0.121 |
CentOS 7.7 x86_64 |
web01 |
Zabbix Agent、被管控主机 |
192.168.0.122 |
CentOS 7.7 x86_64 |
db01 |
Zabbix Agent、被管控主机 |
目标:zabbix-server节点通过Ansible自动配置web01和db01节点的防火墙、SELinux、系统时间、主机名,自动安装、配置、启动Zabbix Agent,最后通过Zabbix Web自动注册功能批量添加Linux主机
3、zabbix-server节点准备工作:
(1)配置hosts文件:
# vim /etc/hosts
192.168.0.120 zabbix-server
192.168.0.121 web01
192.168.0.122 db01
(2)配置chrony服务端:
a、修改chrony.conf配置文件:
# yum -y install chrony
# mv /etc/chrony.conf{,.bak}
# vim /etc/chrony.conf,新增如下代码:
# 指定上层NTP服务器为阿里云提供的公网NTP服务器
server ntp1.aliyun.com iburst minpoll 4 maxpoll 10
server ntp2.aliyun.com iburst minpoll 4 maxpoll 10
server ntp3.aliyun.com iburst minpoll 4 maxpoll 10
server ntp4.aliyun.com iburst minpoll 4 maxpoll 10
server ntp5.aliyun.com iburst minpoll 4 maxpoll 10
server ntp6.aliyun.com iburst minpoll 4 maxpoll 10
server ntp7.aliyun.com iburst minpoll 4 maxpoll 10
# 记录系统时钟获得/丢失时间的速率至drift文件中
driftfile /var/lib/chrony/drift
# 如果系统时钟的偏移量大于10秒,则允许在前三次更新中步进调整系统时钟
makestep 10 3
# 启用RTC(实时时钟)的内核同步
rtcsync
# 只允许192.168.0网段的客户端进行时间同步
allow 192.168.0.0/24
# 如果未能从阿里云提供的公网NTP服务器同步到时间,也允许将本地时间作为标准时间授时给其它客户端
local stratum 10
# 指定包含NTP验证密钥的文件
keyfile /etc/chrony.keys
# 指定存放日志文件的目录
logdir /var/log/chrony
# 让chronyd在选择源时忽略源的层级
stratumweight 0
# 禁用客户端访问的日志记录
noclientlog
# 如果时钟调整大于0.5秒,则向系统日志发送消息
logchange 0.5
说明:详细指令参数可以使用命令# man chrony.conf查看
b、启动chronyd:
# systemctl start chronyd
# systemctl status chronyd
# ps aux | grep chronyd
# ss -tunlp | grep chronyd
备注:123端口为NTP服务监听端口,323端口为chrony服务监听端口
c、配置开机自启:# systemctl enable chronyd
d、查看时间同步源:# chronyc sources -v
说明:
120.25.115.20:ntp1.aliyun.com域名解析后的地址
203.107.6.88:ntp2.aliyun.com~ntp7.aliyun.com域名解析后的地址
e、查看时间同步源状态:# chronyc sourcestats -v
(3)查看Python版本:# python -V
(4)还原至最初配置,删除Zabbix Web中zabbix-server以外的所有节点:
4、web01和db01节点为VMware Workstation最小化全新安装的CentOS 7.7
5、zabbix-server节点安装ansible:
# yum -y install epel-release
# yum -y install ansible
# ansible --version
6、zabbix-server节点配置被管控主机的主机清单文件:
# vim /etc/ansible/hosts,末尾新增如下代码:
[websrvs]
web01 ansible_host=192.168.0.121
[dbsrvs]
db01 ansible_host=192.168.0.122
7、 zabbix-server节点配置SSH互信:
(1)生成密钥对,基于密钥认证:# ssh-keygen -t rsa -P ""
(2)复制公钥至所有被管控主机:
# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
(3)测试连通性:# ansible all -m ping
8、zabbix-server节点创建roles相关目录结构:
# cd /etc/ansible/roles
# mkdir -pv {prepare,zabbix-agent}/{files,templates,tasks,handlers,vars,meta,defaults}
9、zabbix-server节点配置prepare role:
(1)修改prepare/tasks/main.yml配置文件:
# vim prepare/tasks/main.yml
- name: Stop Iptables On CentOS 6
service: name=iptables state=stopped enabled=no
when: ansible_distribution=="CentOS" and ansible_distribution_major_version=="6"
- name: Stop Firewalld On CentOS 7
systemd: name=firewalld.service state=stopped enabled=no
when: ansible_distribution=="CentOS" and ansible_distribution_major_version=="7"
- name: Install libselinux-python
yum: name=libselinux-python state=latest
- name: Stop SELinux
selinux: state=disabled
- name: Set Hostname
hostname: name={{inventory_hostname}}
- name: Edit Hosts File
lineinfile: path=/etc/hosts line="{{ansible_host}} {{inventory_hostname}}" state=present backup=yes
- name: Install {{item}}
yum: name={{item}} state=latest
loop:
- epel-release
- chrony
- name: Install Configuration File
copy: src=chrony.conf dest=/etc/ owner=root group=root mode=0644 backup=yes
notify: Restart Chrony Service
tags: Chrony Configuration File
- name: Start Chrony Service
service: name=chronyd state=started enabled=yes
(2)修改prepare/files/chrony.conf配置文件:
# vim prepare/files/chrony.conf
server 192.168.0.120 iburst
driftfile /var/lib/chrony/drift
makestep 10 3
rtcsync
local stratum 10
keyfile /etc/chrony.keys
logdir /var/log/chrony
stratumweight 0
noclientlog
logchange 0.5
备注:192.168.0.120为内网chrony服务端IP
(3)修改prepare/handlers/main.yml配置文件:
# vim prepare/handlers/main.yml
- name: Restart Chrony Service
service: name=chronyd state=restarted
10、zabbix-server节点配置zabbix-agent role:
(1)修改zabbix-agent/tasks/main.yml配置文件:
# vim zabbix-agent/tasks/main.yml
- name: Create Zabbix Repository
yum_repository: file=zabbix name=aliyun-zabbix description="Aliyun Zabbix Repository" baseurl=https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/$basearch/ gpgcheck=no enabled=yes owner=root group=root mode=0644 state=present
- name: Install zabbix-agent
yum: name=zabbix-agent state=latest
- name: Install Configuration File
template: src=zabbix_agentd.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf owner=root group=root mode=0644 backup=yes
notify: Restart zabbix-agent Service
tags: zabbix-agent Configuration File
- name: Start zabbix-agent Service
service: name=zabbix-agent state=started enabled=yes
说明:
yum_repository: file=zabbix name=aliyun-zabbix description="Aliyun Zabbix Repository" baseurl=https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/$basearch/ gpgcheck=no enabled=yes owner=root group=root mode=0644 state=present
对应的/etc/yum.repos.d/zabbix.repo
[aliyun-zabbix]
name=Aliyun Zabbix Repository
baseurl=https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/$basearch/
enabled=1
gpgcheck=0
(2)修改zabbix-agent/handlers/main.yml配置文件:
# vim zabbix-agent/handlers/main.yml
- name: Restart zabbix-agent Service
service: name=zabbix-agent state=restarted
(3)复制zabbix-server节点的zabbix_agentd.conf配置文件,并修改成zabbix_agentd.conf.j2通用模板文件:
# cp /etc/zabbix/zabbix_agentd.conf /etc/ansible/roles/zabbix-agent/templates/zabbix_agentd.conf.j2
# vim /etc/ansible/roles/zabbix-agent/templates/zabbix_agentd.conf.j2
修改前 |
修改后 |
Server=192.168.0.120 |
Server={{zabbix_server}} |
ListenPort=10050 |
ListenPort={{listen_port}} |
ListenIP=192.168.0.120 |
ListenIP={{ansible_host}} |
ServerActive=192.168.0.120 |
ServerActive={{zabbix_server}} |
Hostname=zabbix-server |
Hostname={{inventory_hostname}} |
# HostMetadata= |
HostMetadata={{inventory_hostname}} |
(4)修改/etc/ansible/roles/zabbix-agent/vars/main.yml配置文件:
# vim /etc/ansible/roles/zabbix-agent/vars/main.yml
zabbix_server: 192.168.0.120
listen_port: 10050
备注:不能有中横杠,下划线可以
11、zabbix-server节点查看roles目录结构:
# yum -y install tree
# cd /etc/ansible
# tree
12、zabbix-server节点编写playbook并执行:
# mkdir -pv /playbooks
# vim /playbooks/zabbix-agent.yml
- hosts: all
remote_user: root
roles:
- prepare
- zabbix-agent
# ansible-playbook --syntax-check /playbooks/zabbix-agent.yml
# ansible-playbook -C /playbooks/zabbix-agent.yml
# ansible-playbook /playbooks/zabbix-agent.yml
13、Zabbix Web中定义动作:
Configuration --> Actions --> Auto registration --> Create action --> Add
14、查看已添加主机:
Configuration --> Hosts
15、查看2个节点最新监控数据: