playbook部署zabbix--角色
文章目录
- 角色的作用
- 部署
- 部署前准备
- zabbix-mysqld的部署
- zabbix-server部署
- zabbix-web的部署
- zabbix-agent的部署
- 报错
- 整合脚本
- 运行情况
角色的作用
角色其实就是每个功能模块,它是对原先playbook的一种优化方法,就拿zabbix来说,如果将zabbix四个部分写在一个playbook中,文本会十分冗长,不方便阅读也不方便维护。可以考虑将其分解,它需要zabbix_server zabbix_agent zabbix数据库 以及web前端,也就是说如果用角色的方式来优化zabbix的部署,那么至少需要四个角色,将冗长的文本按功能拆分,这样会更简洁。
部署
现在我们就来尝试部署:
部署前准备
1.在部署之前我们要先确保ansible工作状态良好,并且已经完成免密
下面文件是之前直接书写playbook时所用过的,这里可以直接拿来拷贝到对应的files目录中
[devops@server10 ansible]$ ls
ansible.cfg hosts roles ssh.yml zabbix zabbix.yml
[devops@server10 ansible]$ ll zabbix
total 1352
-rw-r--r-- 1 devops devops 952 Nov 23 20:53 agent.yml
-rw-r--r-- 1 devops devops 1316758 Nov 23 20:46 create.sql.gz
-rw-r--r-- 1 devops devops 1358 Nov 23 20:55 db.yml
-rw-r--r-- 1 devops devops 4729 Nov 23 21:09 deploy.yml
-rw-r--r-- 1 devops devops 596 Nov 23 20:53 my.cnf
-rw-r--r-- 1 devops devops 1234 Nov 23 20:46 server.yml
-rw-r--r-- 1 devops devops 1241 Nov 23 20:46 web.yml
-rw-r--r-- 1 devops devops 10962 Nov 23 20:56 zabbix_agentd.conf.j2
-rw-r--r-- 1 devops devops 870 Nov 23 20:46 zabbix.conf
-rw-r--r-- 1 devops devops 17395 Nov 23 20:54 zabbix_server.conf
运行ssh.yml可以进行免密操作
[devops@server10 ansible]$ cat ssh.yml
---
- hosts: all
tasks:
- name: Set up authorized keys
authorized_key:
user: devops
state: present
key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub
2.在普通用户家目录下的ansible目录下role目录.四个角色都将放在这个目录下
[devops@server10 ansible]$ mkdir roles
[devops@server10 ansible]$ ls
ansible.cfg hosts roles ssh.yml zabbix
将角色默认路径改为当前路径
[devops@server10 ansible]$ cat ansible.cfg
[defaults]
inventory = ./hosts
roles_path = ./roles
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
如果不是在ansible目录下,会读取到/home/devops/.ansible/roles
[devops@server10 roles]$ ansible-galaxy list
# /usr/share/ansible/roles
# /etc/ansible/roles
[WARNING]: - the configured path /home/devops/.ansible/roles does not exist.
[devops@server10 ansible]$ ansible-galaxy list
# /home/devops/ansible/roles
3.现在开始真正的部署
zabbix-mysqld的部署
- zabbix-mysql的
tasks
[devops@server10 roles]$ ansible-galaxy init zabbix_db
- Role zabbix_server was created successfully
[devops@server10 roles]$ ls
zabbix_db zabbix_server
[devops@server10 roles]$ cd zabbix_server/
[devops@server10 zabbix_server]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server10 zabbix_db]$ cd tasks
[devops@server10 tasks]$ ls
main.yml
[devops@server10 tasks]$ vim main.yml
---
- name: install mariadb
yum:
name: mairadb-server,MySQL-python
state: present
- name: config mariadb
copy:
src: my.cnf
dest: /etc/my.cnf
notify: restart mariadb
- name: start mariadb
service:
name: '{{ item }}'
state: started
loop:
- mariadb
- firewalld
- name: create database zabbix
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: present
notify:import create.sql
- name: create user
mysql_user:
login_user: root ##在这里要注意,此时root是有密码的,即已经进行过安全初始化,但是安全初始化的时候不能拒绝root远程连接
login_password: westos
name: zabbix
password: zabbix
host: '%'
priv: 'zabbix.*:ALL'
state: present
- name: copy create.sql
copy:
src: create.sql.gz
dest: /tmp/create.sql.gz
- name: config firewalld
firewalld:
service: mysql
permanent: yes
immediate: yes
state: enabled
因为tasks中有notify,所以要用到触发器handlers
- zabbix-mysql的
handlers
[devops@server10 zabbix_db]$ cd handlers
[devops@server10 handlers]$ ls
main.yml
[devops@server10 handlers]$ vim main.yml
---
- name: restart mariadb
service:
name: mariadb
state: restarted
- name: import create.sql
mysql_db:
login_user: root
login_password: westos
name: zabbix
state: import
target: /tmp/create.sql.gz
因为server的tasks中涉及到template模块,需要模板,那么我们将其写入模板分支中
- zabbix-db的
files
[devops@server10 roles]$ ll zabbix_db/files/
total 1292
-rw-r--r-- 1 devops devops 1316758 Nov 23 23:52 create.sql.gz
-rw-r--r-- 1 devops devops 596 Nov 23 23:33 my.cnf
zabbix-server部署
- zabbix-server的
tasks
[devops@server10 roles]$ ansible-galaxy init zabbix_server
- Role zabbix_server was created successfully
[devops@server10 roles]$ ls
zabbix_db zabbix_server
[devops@server10 roles]$ cd zabbix_server/
[devops@server10 zabbix_server]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server10 zabbix_server]$ cd tasks/
[devops@server10 tasks]$ ls
main.yml
[devops@server10 tasks]$ vim main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-server
yum:
name: zabbix-server-mysql,zabbix-agent
state: present
- name: config zabbix-server
copy:
src: zabbix_server.conf
dest: /etc/zabbix/zabbix_server.conf
owner: root
group: zabbix
mode: 640
notify: restart zabbix-server
- name: start zabbix-server
service:
name: "{{ item }}"
state: started
loop:
- zabbix-server
- zabbix-agent
- firewalld
- name: config firewalld
firewalld:
port: 10051/tcp
permanent: yes
immediate: yes
state: enabled
- zabbix-server的
handlers
[devops@server10 zabbix_server]$ cd handlers/
[devops@server10 handlers]$ ls
main.yml
[devops@server10 handlers]$ vim main.yml
[devops@server10 handlers]$ vim main.yml
---
- name: restart zabbix-server
service:
name: zabbix-server
state: restarted
- zabbix-server的
files中
[devops@server10 roles]$ ll zabbix_server/files
total 20
-rwxr-xr-x 1 devops devops 17395 Nov 23 23:18 zabbix_server.conf
zabbix-web的部署
- zabbix-web的
tasks
[devops@server10 roles]$ ansible-galaxy init web
- Role web was created successfully
[devops@server10 roles]$ cd web/
[devops@server10 web]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server10 web]$ cd tasks/
[devops@server10 tasks]$ ls
main.yml
[devops@server10 tasks]$ vim main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: add update repo
yum_repository:
name: update
description: non-supported
baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
gpgcheck: no
- name: add centos repo ##因为php对版本和依赖性要求极其高,所以再引用一个yum源解决其相关的依赖性和版本问题
yum_repository:
name: centos
description: centos 7
baseurl: https://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck: no
- name: install zabbix-web
yum:
name: zabbix-web-mysql
state: present
- name: config zabbix-web
copy:
src: zabbox.conf
dest: /etc/httpd/conf.d/zabbix.conf
notify: restart httpd
- name: start httpd
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: config firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- zabbix-web的
handlers
[devops@server10 web]$ cd handlers/
[devops@server10 handlers]$ ls
main.yml
[devops@server10 handlers]$ vim main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
因为tasks中出现src,要复制源文件,将文件放入files静态文件目录下
- zabbix-web的
files
[devops@server10 roles]$ ll web/files/
total 4
-rwxr-xr-x 1 devops devops 870 Nov 23 23:47 zabbix.conf
zabbix-agent的部署
- agent的
tasks
[devops@server10 ansible]$ cd roles/
[devops@server10 roles]$ ansible-galaxy init agent
- Role agent was created successfully
[devops@server10 roles]$ ls
agent web zabbix_db zabbix_server
[devops@server10 roles]$ cd agent
[devops@server10 agent]$ ls
defaults files handlers meta README.md tasks templates tests vars
[devops@server10 agent]$ cd tasks/
[devops@server10 tasks]$ ls
main.yml
[devops@server10 tasks]$ vim main.yml
---
- name: add zabbix repo
yum_repository:
name: zabbix
description: zabbix 4.0
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-agent
yum:
name: zabbix-agent
state: present
- name: config zabbix-agent
template:
src: zabbix_agentd.conf.j2
dest: /etc/zabbix/zabbix_agentd.conf
owner: root
group: root
mode: 644
notify: restart zabbix-agent
- name: start zabbix-agent
service:
name: "{{ item }}"
state: started
loop:
- zabbix-agent
- firewalld
- name: config firewalld
firewalld:
port: 10050/tcp
permanent: yes
immediate: yes
state: enabled
- agent的
handlers
[devops@server10 agent]$ cd handlers/
[devops@server10 handlers]$ ls
main.yml
[devops@server10 handlers]$ vim main.yml
[devops@server10 handlers]$ vim main.yml
---
- name: restart zabbix-agent
service:
name: zabbix-agent
state: restarted
因为agent的tasks中涉及到template模块,需要模板,那么我们将其写入模板分支中
- agent 的模板
template
[devops@server10 templates]$ cp /etc/zabbix/zabbix_agentd.conf .
[devops@server10 templates]$ ls
zabbix_agentd.conf
[devops@server10 templates]$ mv zabbix_agentd.conf zabbix_agentd.conf.j2 ## j2结尾表示其是一个模板
[devops@server10 templates]$ ls
zabbix_agentd.conf.j2
必要时进行适当的权限修改,但是一定要慎重,不能随意改动文件的权限导致安全风险
[devops@server10 templates]$ ll
total 12
--w----r-- 1 devops devops 10948 Nov 23 22:52 zabbix_agentd.conf.j2
[devops@server10 templates]$ chmod 755 zabbix_agentd.conf.j2
[devops@server10 templates]$ ls
zabbix_agentd.conf.j2
模板文件中需要修改的地方一共三处
1.[devops@server10 templates]$ cat zabbix_agentd.conf.j2 | grep Server
Server=172.25.65.10 ##server的IP
ServerActive=172.25.65.10
2.[devops@server10 templates]$ cat zabbix_agentd.conf.j2 | grep Hostname
Hostname= {{ ansible_hostname }}
报错
1.因为之前主机上已经安装过mariadb,导致重新执行时没有安装包无法安装,会出现以下错误
TASK [zabbix_db : install mariadb] ***********************************************************************
fatal: [172.25.65.11]: FAILED! => {"changed": false, "msg": "No package matching 'mairadb-server' found available, installed or updated", "rc": 126, "results": ["No package matching 'mairadb-server' found available, installed or updated"]
解决方法:
ignore_errors: True
TASK [zabbix_db : config mariadb] ************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [172.25.65.11]: FAILED! => {"changed": false, "msg": "Could not find or access 'my.cnf'\nSearched in:\n\t/home/devops/ansible/roles/zabbix_db/files/my.cnf\n\t/home/devops/ansible/roles/zabbix_db/my.cnf\n\t/home/devops/ansible/roles/zabbix_db/tasks/files/my.cnf\n\t/home/devops/ansible/roles/zabbix_db/tasks/my.cnf\n\t/home/devops/ansible/files/my.cnf\n\t/home/devops/ansible/my.cnf on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
这个报错是因为在读取tasks任务src在filles中找不到文件,把对应的文件拷贝过来就可以解决。
!数据库导入部分还是有问题,后期更正!!!
整合脚本
[devops@server10 ansible]$ cat zabbix.yml
---
- hosts: server
vars:
- Server: "server10"
roles:
- zabbix_server
- hosts: web
vars:
- Server: " server12 "
roles:
- web
- hosts: agent
vars:
- Server: "{{ ansible_hostname}}"
roles:
- agent
- hosts: db
vars:
- Server: " server11 "
roles:
- zabbix_db
运行情况
[devops@server10 ansible]$ ansible-playbook zabbix.yml
PLAY [server] ********************************************************************************************
TASK [Gathering Facts] ***********************************************************************************
ok: [172.25.65.10]
TASK [zabbix_server : add zabbix repo] *******************************************************************
ok: [172.25.65.10]
TASK [zabbix_server : add update repo] *******************************************************************
ok: [172.25.65.10]
TASK [zabbix_server : install zabbix-server] *************************************************************
ok: [172.25.65.10]
TASK [zabbix_server : config zabbix-server] **************************************************************
ok: [172.25.65.10]
TASK [zabbix_server : start zabbix-server] ***************************************************************
ok: [172.25.65.10] => (item=zabbix-server)
ok: [172.25.65.10] => (item=zabbix-agent)
ok: [172.25.65.10] => (item=firewalld)
TASK [zabbix_server : config firewalld] ******************************************************************
ok: [172.25.65.10]
PLAY [web] ***********************************************************************************************
TASK [Gathering Facts] ***********************************************************************************
ok: [172.25.65.12]
TASK [web : add zabbix repo] *****************************************************************************
ok: [172.25.65.12]
TASK [web : add update repo] *****************************************************************************
ok: [172.25.65.12]
TASK [web : add centos repo] *****************************************************************************
ok: [172.25.65.12]
TASK [web : install zabbix-web] **************************************************************************
ok: [172.25.65.12]
TASK [web : config zabbix-web] ***************************************************************************
ok: [172.25.65.12]
TASK [web : start httpd] *********************************************************************************
ok: [172.25.65.12] => (item=httpd)
ok: [172.25.65.12] => (item=firewalld)
TASK [web : config firewalld] ****************************************************************************
ok: [172.25.65.12]
PLAY [agent] *********************************************************************************************
TASK [Gathering Facts] ***********************************************************************************
ok: [172.25.65.10]
ok: [172.25.65.11]
TASK [agent : add zabbix repo] ***************************************************************************
ok: [172.25.65.11]
ok: [172.25.65.10]
TASK [agent : install zabbix-agent] **********************************************************************
ok: [172.25.65.11]
ok: [172.25.65.10]
TASK [agent : config zabbix-agent] ***********************************************************************
ok: [172.25.65.11]
ok: [172.25.65.10]
TASK [agent : start zabbix-agent] ************************************************************************
ok: [172.25.65.10] => (item=zabbix-agent)
ok: [172.25.65.11] => (item=zabbix-agent)
ok: [172.25.65.11] => (item=firewalld)
ok: [172.25.65.10] => (item=firewalld)
TASK [agent : config firewalld] **************************************************************************
ok: [172.25.65.11]
ok: [172.25.65.10]
PLAY [db] ************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************
ok: [172.25.65.11]
TASK [zabbix_db : install mariadb] ***********************************************************************
fatal: [172.25.65.11]: FAILED! => {"changed": false, "msg": "No package matching 'mairadb-server' found available, installed or updated", "rc": 126, "results": ["No package matching 'mairadb-server' found available, installed or updated"]}
...ignoring
TASK [zabbix_db : config mariadb] ************************************************************************
ok: [172.25.65.11]
TASK [zabbix_db : start mariadb] *************************************************************************
ok: [172.25.65.11] => (item=mariadb)
ok: [172.25.65.11] => (item=firewalld)
TASK [zabbix_db : create database zabbix] ****************************************************************
ok: [172.25.65.11]
TASK [zabbix_db : create user] ***************************************************************************
ok: [172.25.65.11]
TASK [zabbix_db : copy create.sql] ***********************************************************************
ok: [172.25.65.11]
TASK [zabbix_db : config firewalld] **********************************************************************
ok: [172.25.65.11]
PLAY RECAP ***********************************************************************************************
172.25.65.10 : ok=13 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.25.65.11 : ok=14 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
172.25.65.12 : ok=8 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
