在运维界有句话:
不会偷懒的运维不是好运维
,尽量使用工具来帮助解决运维的事情,解放双手,然后你懂的….,小鸡全部监控起来,才发现吃灰小鸡已达13只,shit…Ansible 是一个开源的基于 OpenSSH 的自动化配置管理工具。可以用它来配置系统、部署软件和编排更高级的 IT 任务,比如持续部署或零停机更新。Ansible 的主要目标是简单和易用,并且它还高度关注安全性和可靠性。基于这样的目标,Ansible 适用于开发人员、系统管理员、发布工程师、IT 经理,以及介于两者之间的所有人。Ansible 适合管理几乎所有的环境,从拥有少数实例的小型环境到有数千个实例的企业环境。
使用 Ansible 无须在被管理的机器上安装代理,所以不存在如何升级远程守护进程的问题,也不存在由于卸载了守护进程而无法管理系统的问题。
1、部署密钥认证:参考:Xshell生成密钥对并配置服务器密钥登陆
2、安装依赖epel源和ansible软件
[root@zabbix-server ~]# yum install epel-release
[root@zabbix-server ~]# yum install ansible -y
3、解除ssh远程连接交互模式
[root@zabbix-server ~]# mkdir /root/.ssh/
[root@zabbix-server ~]# echo "StrictHostKeyChecking no" > /root/.ssh/config
4、把服务器组规划为 [zc7] 和 [zc8] :
[注意:私钥必须是/root/.ssh/id_rsa 并且权限设置成600 chmod 600 /root/.ssh/id_rsa]
[root@zabbix-server ~]# vi /etc/ansible/hosts
#[zc7]和[zc8]为分组标签(标签是自定义) [zc7]为centos7系统 [zc8]为centos8系统 IP 用户 端口
[zc7]
80.78.x.x ansible_ssh_user=root ansible_ssh_port=22
168.138.x.x ansible_ssh_user=root ansible_ssh_port=22
140.238.x.x ansible_ssh_user=root ansible_ssh_port=22
140.238.x.x ansible_ssh_user=root ansible_ssh_port=22
129.146.x.x ansible_ssh_user=root ansible_ssh_port=22
158.101.x.x ansible_ssh_user=root ansible_ssh_port=22
185.45.x.x ansible_ssh_user=root ansible_ssh_port=22
129.226.x.x ansible_ssh_user=root ansible_ssh_port=22
150.109.x.x ansible_ssh_user=root ansible_ssh_port=22
[zc8]
173.82.x.x ansible_ssh_user=root ansible_ssh_port=22
91.199.x.x ansible_ssh_user=root ansible_ssh_port=22
204.13.x.x ansible_ssh_user=root ansible_ssh_port=22
5、[zc7] 和 [zc8]分组完成以后,进行ping测试
[root@zabbix-server ~]# ansible zc7 -m ping
129.146.x.x | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
158.101.x.x | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
.....
6、开始在 [zc7] 和 [zc8]
服务器组的每一台部署zabbix-agent
### 开启[zc7] 和 [zc8] 组每台的10050端口
[root@zabbix-server ~]# ansible zc7 -m shell -a "firewall-cmd --zone=public --add-port=10050/tcp --permanent"
[root@zabbix-server ~]# ansible zc7 -m shell -a "firewall-cmd --reload"
### 删除原有的zabbix-agent 【zc7】 是在 /etc/ansible/hosts 自定义的分组名称
[root@zabbix-server ~]# ansible zc7 -m shell -a "yum remove zabbix-agent -y"
### 查看系统版本是否一致,大版本一致即可,比如用centos7都用centos7版本
[root@zabbix-server ~]# ansible zc7 -m shell -a "cat /etc/redhat-release"
### [c7] 此组为centos7系统安装zabbix源
[root@zabbix-server ~]# ansible zc7 -m shell -a "rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm"
### [zc8] 此组为 centos8 系统安装zabbix源
[root@zabbix-server ~]# ansible zc8 -m shell -a "rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm"
### 在【zc7】安装zabbix-agent
[root@zabbix-server ~]# ansible zc7 -m shell -a "yum install zabbix-agent -y"
### 查看是否安装成功
[root@zabbix-server ~]# ansible zc7 -m shell -a "rpm -qa zabbix-agent"
### 创建/zabbix_agentd.conf模板,并拷贝到zabbix服务器组 (篇尾附带)
[root@zabbix-server ~]# ansible zc7 -m copy -a "src=/root/zabbix_agentd.conf dest=/etc/zabbix/"
### 创建并查看zabbix-agent使用的psk密钥文件
[root@zabbix-server ~]# ansible zc7 -m shell -a "openssl rand -hex 32 |tee /etc/zabbix/zabbix.psk"
[root@zabbix-server ~]# ansible zc7 -m shell -a "ls -al /etc/zabbix/zabbix.psk"
7、创建脚本,批量修改 [zc7] 和 [zc8] 服务器组中每一台的 zabbix_agentd.conf
文件
### 把[zabbix]服务器组复制到临时文件中
[root@zabbix-server ~]# cat zhost.txt
80.78.x.x ansible_ssh_user=root ansible_ssh_port=22
168.138.x.x ansible_ssh_user=root ansible_ssh_port=22
140.238.x.x ansible_ssh_user=root ansible_ssh_port=22
140.238.x.x ansible_ssh_user=root ansible_ssh_port=22
129.146.x.x ansible_ssh_user=root ansible_ssh_port=22
158.101.x.x ansible_ssh_user=root ansible_ssh_port=22
185.45.x.x ansible_ssh_user=root ansible_ssh_port=22
129.226.x.x ansible_ssh_user=root ansible_ssh_port=22
150.109.x.x ansible_ssh_user=root ansible_ssh_port=22
[root@zabbix-server ~]# cat zabbix-agent.sh
#!/bin/bash
for i in $(cat zhost.txt |awk '{print $1}');
do
### 生成psk密钥
###tmp=$(openssl rand -hex 32)
### 把生成的密钥重定向到 [zc7] 和 [zc8] 的每台主机的/etc/zabbix/zabbix.psk文件
###ansible $i -m shell -a "echo $tmp >/etc/zabbix/zabbix.psk"
### 把生成的密钥重定向到 [zc7] 和 [zc8] 的每台主机的/etc/zabbix/zabbix.psk文件,并查看psk密钥
ansible $i -m shell -a "openssl rand -hex 32 |tee /etc/zabbix/zabbix.psk"
ansible $i -m shell -a "cat /etc/zabbix/zabbix.psk"
### 修改 [zc7] 和 [zc8] 服务器组的PSK密钥名称,不能使用统一名称把 PSK-milcdn1 修改为PSK-ip 对应篇尾的zabbix_agentd.conf的psk文件
ansible $i -m shell -a "sed -i s/PSK-milcdn1/PSK-$i/g /etc/zabbix/zabbix_agentd.conf"
### 把 [zc7] 和 [zc8] 服务器组的IP和psk密钥 保存到psk文件方便在zabbix server web页面添加。
echo "$i -- $tmp" >> psk.txt
### 设置zabbix-agent开始自启动,并启动和查看zabbix-agent服务状态
ansible $i -m shell -a "systemctl enable zabbix-agent"
ansible $i -m shell -a "systemctl restart zabbix-agent"
ansible $i -m shell -a "systemctl status zabbix-agent"
done
### 给脚本加执行权限并执行
[root@zabbix-server ~]# chmod +x zabbix-agent.sh
[root@zabbix-server ~]# ./zabbix-agent.sh
### 检查[zc7] 和 [zc8] 服务器组的psk文件
[root@zabbix-server ~]# ansible zc7 -m shell -a "cat /etc/zabbix/zabbix.psk"
### 把zabbix-agent 加入开机启动并启动zabbix-agent
[root@zabbix-server ~]# ansible zc7 -m shell -a "systemctl enable zabbix-agent"
[root@zabbix-server ~]# ansible zc7 -m shell -a "systemctl restart zabbix-agent"
[root@zabbix-server ~]# ansible zc7 -m shell -a "systemctl status zabbix-agent"
8、在zabbix server web 加入[zc7]和[zc8]服务器组的每一台主机进行监控。
参考:安装Zabbix监控服务器及邮件/短信/微信报警
附件:zabbix_agentd.conf模板
# This is a configuration file for Zabbix agent daemon (Unix)
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid
PidFile=/var/run/zabbix/zabbix_agentd.pid
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes, if StartAgents is not explicitly set to 0
# Default:
# Server=
# zabbix server 端IP地址 (改为你自己的IP)
Server=1.1.1.1
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050
### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3
##### Active checks related
### Option: ServerActive
# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
#ServerActive=
# zabbix server 端IP地址 (改为你自己的IP)
ServerActive= 1.1.1.1
### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=milcdn1
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostMetadata=
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=20
############ ADVANCED PARAMETERS #################
### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user 'zabbix':
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: AllowRoot
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
Include=/etc/zabbix/zabbix_agentd.d/*.conf
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=,
# See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_agentd --help".
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Formats:
# LoadModule=
# LoadModule=
# LoadModule=
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
TLSConnect=psk
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
TLSAccept=psk
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# 步骤7中脚本 sed操作的PSK文件名称
TLSPSKIdentity=PSK-milcdn1
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# 步骤7中脚本写入的psk文件
TLSPSKFile=/etc/zabbix/zabbix.psk
还没有任何评论,你来说两句吧