Ansible自动化运维之playbook及roles实战(zabbix的部署)
文章目录
- 1.ansible-playbook yml文件部署zabbix
- 实现步骤
- 2.ansible-playbook roles角色部署zabbix
- 实现步骤
- 角色优化
1.ansible-playbook yml文件部署zabbix
实现步骤
(1)基础配置
[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ cat hosts
[db]
172.25.3.1
[server]
172.25.3.2
[web]
172.25.3.3
[agent:children]
web
server
[zabbix:children]
db
server
web
(2)配置文件准备
[devops@server1 ansible]$ cd zabbix/
[devops@server1 zabbix]$ pwd
/home/devops/ansible/zabbix
[devops@server1 zabbix]$ ls
create.sql.gz my.cnf zabbix.conf
deplay.yml zabbix_agented.conf.j2 zabbix_server.conf
[devops@server1 zabbix]$ vi zabbix_agented.conf.j2
98 Server=172.25.3.2
139 ServerActive=172.25.3.2
150 Hostname={{ ansible_hostname }}
[devops@server1 zabbix]$ vi zabbix.conf
20 php_value date.timezone Asia/Shanghai
[devops@server1 zabbix]$ vi my.cnf
10 character_set_server=utf8
[devops@server1 zabbix]$ vi zabbix_server.conf
124 DBPassword=zabbix
(3)yml文件编写
[devops@server1 zabbix]$ vim deplay.yml
[devops@server1 zabbix]$ cat deplay.yml
---
- hosts: db ##数据库服务器
tasks:
- name: install mariadb
yum:
name: mariadb-server,MySQL-python
state: present
- name: config mariadb
copy:
src: my.cnf
dest: /etc/my.cnf
notify: restart mariadb
- name: start mariadb
service:
name: mariadb
state: started
- name: create database zabbix
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: present
- name: create user
mysql_user:
login_user: root
login_password: westos
name: zabbix
password: zabbix
host: "%"
priv: "zabbix.*:ALL"
state: present
- name: copy create.sql
copy:
src: create.sql.gz
dest: /tmp/create.sql.gz
- name: import create.sql
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: import
target: /tmp/create.sql.gz
- hosts: server ##zabbix-server服务端
tasks:
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-server
yum:
name: zabbix-server-mysql,zabbix-agent
state: present
- name: config zabbix-server
copy:
src: zabbix_server.conf
dest: /etc/zabbix/zabbix_server.conf
owner: root ##所有人
group: zabbix ##所有组
mode: 640 ##文件权限
notify: restart zabbix-server
- name: start zabbix-server
service:
name: "{{ item }}"
state: started
loop:
- zabbix-server
- zabbix-agent
handlers:
- name: restart zabbix-server
service:
name: zabbix-server
state: restarted
- hosts: web ##web前端页面
tasks:
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: add centos repo
yum_repository:
name: centos
description: centos 7
baseurl: https://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck: no
- name: install zabbix-web
yum:
name: zabbix-web-mysql,httpd
state: present
- name: config zabbix-web
copy:
src: zabbix.conf
dest: /etc/httpd/conf.d/zabbix.conf
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: agent ##zabbix-agent代理端
tasks:
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-agent
yum:
name: zabbix-agent
state: present
- name: config zabbix-agent
template:
src: zabbix_agented.conf.j2
dest: /etc/zabbix/zabbix_agentd.conf
owner: root
group: root
mode: 644
notify: restart zabbix-agent
- name: start zabbix-agent
service:
name: zabbix-agent
state: started
handlers:
- name: restart zabbix-agent
service:
name: zabbix-agent
state: restarted
(4)执行效果
2.ansible-playbook roles角色部署zabbix
实现步骤
(1)根据需求创建5个role
ansible-galaxy init apache ##创建角色
[devops@server1 roles]$ pwd
/home/devops/ansible/roles
[devops@server1 roles]$ ls
apache mariadb zabbix-agent zabbix-server-mysql zabbix-web-mysql
(2)分别配置5个role
apache
[devops@server1 roles]$ cd apache/
[devops@server1 apache]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server1 apache]$ cat ./tasks/main.yml
---
- name: install httpd
yum:
name: httpd
state: present
- name: start httpd
service:
name: httpd
state: started
mariadb
[devops@server1 roles]$ cd mariadb/
[devops@server1 mariadb]$ cat tasks/main.yml
---
- name: install mariadb
yum:
name: mariadb-server,MySQL-python
state: present
- name: config mariadb
copy:
src: my.cnf
dest: /etc/my.cnf
notify: restart mariadb
- name: start mariadb
service:
name: mariadb
state: started
- name: create database zabbix
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: present
- name: create user
mysql_user:
login_user: root
login_password: westos
name: zabbix
password: zabbix
host: "%"
priv: "zabbix.*:ALL"
state: present
- name: copy create.sql
copy:
src: create.sql.gz
dest: /tmp/create.sql.gz
- name: import create.sql
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: import
target: /tmp/create.sql.gz
[devops@server1 mariadb]$ cat handlers/main.yml
---
- name: restart mariadb
service:
name: maridb
state: restarted
[devops@server1 mariadb]$ ll files/
total 1292
-rw-r--r-- 1 devops devops 1316758 Nov 24 00:46 create.sql.gz
-rw-r--r-- 1 devops devops 595 Nov 24 00:45 my.cnf
[devops@server1 mariadb]$
zabbix-agent
[devops@server1 roles]$ cd zabbix-agent
[devops@server1 zabbix-agent]$ cat tasks/main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-agent
yum:
name: zabbix-agent
state: present
- name: config zabbix-agent
template:
src: zabbix_agented.conf.j2
dest: /etc/zabbix/zabbix_agentd.conf
owner: root
group: root
mode: 644
notify: restart zabbix-agent
- name: start zabbix-agent
service:
name: zabbix-agent
state: started
[devops@server1 zabbix-agent]$ cat handlers/main.yml
---
- name: restart zabbix-agent
service:
name: zabbix-agent
state: restarted
[devops@server1 zabbix-agent]$ ll files/
total 0
[devops@server1 zabbix-agent]$ ll templates/
total 12
-rw-r--r-- 1 devops devops 10956 Nov 24 01:19 zabbix_agented.conf.j2
zabbix-server-mysql
[devops@server1 roles]$ cd zabbix-server-mysql
[devops@server1 zabbix-server-mysql]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server1 zabbix-server-mysql]$ cat tasks/main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-server
yum:
name: zabbix-server-mysql
state: present
- name: config zabbix-server
copy:
src: zabbix_server.conf
dest: /etc/zabbix/zabbix_server.conf
owner: root ##所有人
group: zabbix ##所有组
mode: 640 ##文件权限
notify: restart zabbix-server
- name: start zabbix-server
service:
name: "{{ item }}"
state: started
loop:
- zabbix-server
- zabbix-agent
[devops@server1 zabbix-server-mysql]$ cat handlers/main.yml
---
- name: restart zabbix-server
service:
name: zabbix-server
state: restarted
[devops@server1 zabbix-server-mysql]$
zabbix-web-mysql
[devops@server1 roles]$ cd zabbix-web-mysql
[devops@server1 zabbix-web-mysql]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server1 zabbix-web-mysql]$ cat tasks/main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: add centos repo
yum_repository:
name: centos
description: centos 7
baseurl: https://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck: no
- name: install zabbix-web
yum:
name: zabbix-web-mysql
state: present
- name: config zabbix-web
copy:
src: zabbix.conf
dest: /etc/httpd/conf.d/zabbix.conf
notify: restart httpd
[devops@server1 zabbix-web-mysql]$ cat handlers/main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
(3)yml文件编写
[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ ls
ansible.cfg hosts lin.repo roles test_roles.yml zabbix
[devops@server1 ansible]$ cat test_roles.yml
---
- hosts: db
roles:
- mariadb
- hosts: server
roles:
- zabbix-server-mysql
- zabbix-agent
- hosts: web
roles:
- zabbix-web-mysql
- apache
- hosts: agent
roles:
- zabbix-agent
(4)执行效果
监控页面
添加自动发现规则
自动发现监控主机
角色优化
(1)添加火墙角色
由于每一个hosts对象需要的firewalld策略都不相同,此时再多创建一个角色可能不能满足需求;所以,不如直接在相应角色的tasks下创建firewalld任务,再导入main.yml
- db端需要firewalld允许mysql
[devops@server1 tasks]$ ls
firewalld.yml main.yml
[devops@server1 tasks]$ pwd
/home/devops/ansible/roles/mariadb/tasks
[devops@server1 tasks]$ cat firewalld.yml
---
- name: start firewalld
service:
name: firewalld
state: started
- name: config firewalld
firewalld:
service: mysql
permanent: yes
state: enabled
immediate: yes
[devops@server1 tasks]$ ls
firewalld.yml main.yml
[devops@server1 tasks]$ head -n 3 main.yml
---
- import_tasks: firewalld.yml
- server端需要firewalld允许zabbix-server
[devops@server1 tasks]$ ls
firewalld.yml main.yml
[devops@server1 tasks]$ pwd
/home/devops/ansible/roles/zabbix-server-mysql/tasks
[devops@server1 tasks]$ cat firewalld.yml
---
- name: start firewalld
service:
name: firewalld
state: started
- name: config firewalld
firewalld:
port: 10051/tcp
permanent: yes
state: enabled
immediate: yes
[devops@server1 tasks]$ head -n 3 main.yml
---
- import_tasks: firewalld.yml
- agent端需要firewalld允许zabbix-agent
[devops@server1 tasks]$ pwd
/home/devops/ansible/roles/zabbix-agent/tasks
[devops@server1 tasks]$ ls
firewalld.yml main.yml
[devops@server1 tasks]$ cat firewalld.yml
---
- name: start firewalld
service:
name: firewalld
state: started
- name: config firewalld
firewalld:
port: 10050/tcp
permanent: yes
state: enabled
immediate: yes
[devops@server1 tasks]$ head -n 3 main.yml
---
- import_tasks: firewalld.yml
- web端需要firewalld允许http
[devops@server1 tasks]$ ls
firewalld.yml main.yml
[devops@server1 tasks]$ pwd
/home/devops/ansible/roles/apache/tasks
[devops@server1 tasks]$ cat firewalld.yml
---
- name: start firewalld
service:
name: firewalld
state: started
- name: config firewalld
firewalld:
service: http
permanent: yes
state: enabled
immediate: yes
[devops@server1 tasks]$ head -n 3 main.yml
---
- import_tasks: firewalld.yml
(2)添加tags
为每一个hosts对象添加一个tags,当我们测试时,可以将各个hosts对象模块化分割开来,一块一块测试,十分方便
[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ cat test_roles.yml
---
- hosts: db
roles:
- role: mariadb
tags: db
- hosts: server
roles:
- role: zabbix-server-mysql
- role: zabbix-agent
tags: server
- hosts: web
roles:
- role: zabbix-web-mysql
- role: apache
tags: web
- hosts: agent
roles:
- role: zabbix-agent
tags: agent
[devops@server1 ansible]$
(3)变量优化
将配置文件可替换的参数替换为变量,再将变量统一写在vars目录下或者直接写在主yml文件中声明,将变量统一管理,提高通用性。
- server端
- agent端
