客戶端批量安裝zabbix-agent
手動安裝zabbix-agent
少量linux客戶機的情況下,手動安裝zabbix-agent:
登入https://repo.zabbix.com/zabbix,這裡以3.4版,CentOS7為例:
#rpm -i https://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
#yum install -y zabbix-agent
#vi /etc/zabbix/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=10.3.8.100
ServerActive=10.3.8.100
HostMetadataItem=system.uname
Include=/etc/zabbix/zabbix_agentd.d/*.conf
注:Hostname可不用寫,它包含在HostMetadataItem裡面,除非要設定Hostname與系統的主機名不一樣。如果HostMeatadata不存在,它的值就從HostMetadataItem裡面獲取,如果HostMeatadata存在,那HostMetadataItem就不起作用。
system.uname的值包含了Linux開頭及主機名等資訊,如下(需要安裝zabbix-get包):
#zabbix_get -s 127.0.0.1 -k system.uname
Linux
結果開頭的Linux關鍵字可以用來代表Linux系統,作為自動註冊的匹配條件,即“元資料 似 Linux”,或英文網頁的”metadata like Linux”
如果配置了StartAgents=0,那是純主動模式,只能搭配主動模板使用,在Linux客戶端太多,ZabbixServer壓力大時,可以考慮改為純主動模式。
#systemctl enable zabbix-agentd
#systemctl start zabbix-agentd
#firewall-cmd –permanent –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
#firewall-cmd –reload
此外,Selinux關閉,不然麻煩非常大,除錯困難。
自動化部署zabbix-agent
當要監控的linux客戶機很多時,適合用ansible進行自動化運維部署。
安裝ansible
找一臺管理用的CentOS7機器,安裝ansible:
#yum -y install ansible
#ls /etc/ansible
ansible.cfg hosts roles
ansible.cfg 是 Ansible 工具的配置檔案;
hosts 用來配置被管理的機器;
roles 是一個目錄,playbook將使用它;
配置主機信任
Ansible 管理機與被管理機做祕鑰認證
#ssh-keygen
#ssh-copy-id root 10.3.8.63
#ssh-copy-id root 10.3.8.64
從這裡可以看出,對這臺管理用的主機,必須嚴格控制使用者使用,不然非法使用者能用它登入所有信任過的主機。
配置ansible
Host檔案新增被管理機
#vi /etc/ansible/hosts
[Client]
10.3.8.63
10.3.8.64
Ping測試:
#ansible Client -m ping
10.3.8.64 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
編寫YML檔案,由於wordpress對行首空格支援很不友好,這裡行產用 來表示空格,一個 代表2個空格。
#cd /etc/ansible/roles
#mkdir -p install_zabbix_agent/{files,handlers,tasks}
#vi install_zabbix_agent.yml
- hosts: zabbix-agent
remote_user: root
gather_facts: true
roles:
- install_zabbix_agent
#cd install_zabbix_agent/
先看files目錄,它是存放一些安裝包之類的檔案用的。
#ll files/
total 768
-rw-r–r– 1 root root 370932 Sep 14 16:40 zabbix-agent-3.4.14-1.el6.x86_64.rpm
-rw-r–r– 1 root root 375400 Sep 14 16:40 zabbix-agent-3.4.14-1.el7.x86_64.rpm
-rw-r–r– 1 root root 199 Sep 19 15:31 zabbix_agentd.conf
第一個rpm檔案是要複製給cent/rhel6用的zabbix-agent安裝包。第二個rpm檔案是要複製給cent/rhel7用的zabbix-agent安裝包。第三個檔案是複製到客戶機上的zabbix-agent配置檔案。
zabbix-agentd.conf檔案內容如下:
#cat files/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=10.3.8.100
ServerActive=10.3.8.100
HostMetadataItem=system.uname
Include=/etc/zabbix/zabbix_agentd.d/*.conf
再來看看tasks目錄:
ll tasks/
total 12
-rw-r–r– 1 root root 1284 Sep 18 22:48 install.yml
-rw-r–r– 1 root root 56 Sep 18 22:35 main.yml
-rw-r–r– 1 root root 755 Sep 18 20:41 setport.yml
tasks目錄內必須有一個主配置檔案main.yml,如果還有其它的yml檔案,必須被包含進main.yml檔案內。install.yml是安裝zabbix-agent,setport.yml是設定防火牆。
#cat tasks/main.yml
- import_tasks: install.yml
- import_tasks: setport.yml
#cat tasks/install.yml
- block:
- name: “copy zabbix_agent to Clients”
copy:
src=zabbix-agent-3.4.14-1.el6.x86_64.rpm
dest=/tmp
- name: “yum install zabbix_agent”
yum:
name: /tmp/zabbix-agent-3.4.14-1.el6.x86_64.rpm
state: present
- name: “copy zabbix_agentd.conf”
copy:
src=zabbix_agentd.conf
dest=/etc/zabbix/zabbix_agentd.conf
- name: “start zabbix,enable zabbix”
service:
name=zabbix-agent
state=started
enabled=yes
notify:
- restart zabbix-agent
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “6”
– block:
- name: “copy zabbix_agent to Clients”
copy:
src=zabbix-agent-3.4.14-1.el7.x86_64.rpm
dest=/tmp
- name: “yum install zabbix_agent”
yum:
name: /tmp/zabbix-agent-3.4.14-1.el7.x86_64.rpm
state: present
- name: “copy zabbix_agentd.conf”
copy:
src=zabbix_agentd.conf
dest=/etc/zabbix/zabbix_agentd.conf
- name: “start zabbix,enable zabbix”
service:
name=zabbix-agent
state=started
enabled=yes
notify:
- restart zabbix-agent
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “7”
- name: Unexpected OS family
debug: msg="OS Family {{ ansible_os_family }} is not supported" fail=yes
when: not ansible_os_family == "RedHat" or ansible_os_family == "CentOS"
#cat tasks/setport.yml
- block:
- name: add iptables
shell: iptables -I INPUT 1 -s 10.3.8.100/32 -p tcp –dport 10050 -j ACCEPT
- name: save iptables
shell: service iptables save
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “6”
– block:
- name: add firewalld running
shell: firewall-cmd –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
- name: add firewalld permanent
shell: firewall-cmd –permanent –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “7”
這裡對centos/rhel7的防火牆設定並不嚴謹,機器上並不一定都是firewalld,有可能是iptables。不知ansible的防火牆模組有沒有類似service模組的設定,只要提供name和state,ansible自動判斷是執行service zabbix-agent start/restart/stop 還是執行systemctl start/restart/stop zabbix-agent。
handlers目錄下定義了配置檔案發生變化後觸發的重啟程序(notify)
#ll handlers/
total 4
-rw-r–r– 1 root root 75 Sep 19 10:14 main.yml
#cat handlers/main.yml
- name: restart zabbix-agent
service: name=zabbix_agentd state=restarted
執行任務
語法檢查:
#ansible-playbook /etc/ansible/roles/install_zabbix_agent.yml –syntax-check
沒有提示錯誤就OK,正式執行任務就去掉–syntax-check:
#ansible-playbook /etc/ansible/roles/install_zabbix_agent.yml
觀察執行結果,成功後等兩分鐘左右,到web頁,管理——主機下面可看到自動註冊的Linux客戶機。