Ansible(Zabbix40)笔记

Zabbix40的Ansible Playbook。

游民

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"
  config.vm.define "host" do |server|
    server.vm.network "private_network", ip: "192.168.33.10"
  end
  config.vm.define "server1" do |server|
    server.vm.network "private_network", ip: "192.168.33.11"
  end
  config.vm.define "server2" do |server|
    server.vm.network "private_network", ip: "192.168.33.12"
  end
end

命令历史

[vagrant@localhost zabbix40-ansible]$ history
ansible-playbook -i inventory/inventory.ini site.yml
ansible-playbook -i inventory/inventory.ini site.yml --check --start-at-task="create database zabbix" -vvv
ansible-playbook -i inventory/inventory.ini site.yml --check --start-at-task="modify file /etc/my.cnf.d/server.cnf" -vvv
ansible-playbook -i inventory/inventory.ini site.yml --check --start-at-task="yum install zabbix" -vvv
ansible-playbook -i inventory/inventory.ini site.yml --check -vvv
ansible-playbook -i inventory/inventory.ini site.yml --start-at-task="enabled and start zabbix-server" -vv
ansible-playbook -i inventory/inventory.ini site.yml --start-at-task="set firewall zabbix-agent.service" -vv
sudo ssh-copy-id -i ~/.ssh/id_rsa.pub vagrant@192.168.33.11
sudo vi inventory/inventory.ini
sudo vi roles/agent/handlers/main.yml
sudo vi roles/agent/tasks/check.yml
sudo vi roles/agent/tasks/main.yml
sudo vi roles/common/tasks/check.yml
sudo vi roles/common/tasks/main.yml
sudo vi roles/server/handlers/main.yml
sudo vi roles/server/tasks/check.yml
sudo vi roles/server/tasks/main.yml
sudo vi roles/server/vars/centos7.yml
sudo yum install ansible
sudo yum install epel-release
sudo yum install git
sudo yum update -y

樹的結果

  site.yml

├─inventory
      inventory.ini

└─roles
    ├─agent
      ├─handlers
            main.yml
      
      └─tasks
              check.yml
              main.yml
    
    ├─common
      ├─tasks
            check.yml
            main.yml
      
      └─vars
              centos7.yml
              centos8.yml
    
    └─server
        ├─handlers
              main.yml
        
        ├─tasks
              check.yml
              main.yml
        
        ├─templates
              zabbix.conf.php.j2
        
        └─vars
                centos7.yml
                centos8.yml

根源

- name: setup server
  hosts: servers
  roles:
   - common
   - server
- name: setup agent
  hosts: agents
  roles:
   - common
   - agent

库存

[servers]
server1 ansible_ssh_host=192.168.33.11 ansible_ssh_user=vagrant
[agents]
server2 ansible_ssh_host=192.168.33.12 ansible_ssh_user=vagrant
[all:vars]
timezone="Asia/Tokyo"
zabbix_server_ip="192.168.11.11"
[servers:vars]
zabbix_mysql_password="password"

角色

服务器

任务

- include: tasks/check.yml
- name: set firewall http.service
  become: yes
  firewalld:
    service: http
    permanent: true
    immediate: yes
    state: enabled
- name: set firewall snmptrap.service
  become: yes
  firewalld:
    service: snmptrap
    permanent: true
    immediate: yes
    state: enabled
- name: set firewall zabbix-server.service
  become: yes
  firewalld:
    port: 10051/tcp
    permanent: true
    immediate: yes
    state: enabled
- name: yum install zabbix
  become: yes
  yum:
    name: "{{ yum_list }}"
#- name: modify file {{ mysql_server_file }}
#  become: yes
#  lineinfile:
#    path: "{{ mysql_server_file }}"
#    regexp: ^innodb_file_per_table
#    insertafter: '^\[mysqld\]'
#    line: innodb_file_per_table = 1
#  notify: restart mysqld
- name: enabled and start {{ mysql_name }}
  become: yes
  service:
    name: "{{ mysql_name }}"
    state: started
    enabled: yes
- name: create database zabbix
  become: yes
  mysql_db:
    name: zabbix
    encoding: utf8
    collation: utf8_bin
    state: present
- name: create dbuser zabbix
  become: yes
  mysql_user:
    name: zabbix
    password: "{{ vars.zabbix_mysql_password }}"
    priv: 'zabbix.*:ALL,GRANT'
    state: present
  no_log: true
- name: check to exist zabbix table. ignore status is OK.
  become: yes
  shell: mysql -u root -s zabbix -e "select count(*) from users"
  ignore_errors: yes
  register: count_users
- debug: var=count_users
- name: insert zabbix DB
  become: yes
  shell: zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql zabbix -u root
  when: count_users.rc != 0
- name: modify file /etc/php-fpm.d/zabbix.conf  centos8-only
  become: yes
  lineinfile:
    dest='/etc/php-fpm.d/zabbix.conf'
    state=present
    backrefs=no
    regexp='date.timezone'
    line='php_value[date.timezone] = Asia/Tokyo' 
  notify:
    - restart php-fpm
  when: ansible_distribution_major_version == '8'
- name: modify httpd config centos7-only
  become: yes
  lineinfile:
    dest='/etc/httpd/conf.d/zabbix.conf'
    state=present
    backrefs=no
    regexp='php_value date.timezone'
    line='        php_value date.timezone Asia/Tokyo' 
  notify:
    - restart httpd
  when: ansible_distribution_major_version == '7'
- name: enabled and start httpd
  become: yes
  service:
    name: httpd
    state: started
    enabled: yes
- name: modify file /etc/zabbix/zabbix_server.conf
  become: yes
  lineinfile:
    dest='/etc/zabbix/zabbix_server.conf'
    state=present
    backrefs=no
    regexp='DBPassword=$'
    line="DBPassword={{ vars.zabbix_mysql_password }}"
  no_log: true
  notify:
    - restart zabbix-server
- name: modify file /etc/zabbix/web/zabbix.conf.php
  become: yes
  template: >
    src=zabbix.conf.php.j2
    dest=/etc/zabbix/web/zabbix.conf.php
    owner=apache
    group=apache
    mode=0644
- name: enabled and start zabbix-server
  become: yes
  service:
    name: zabbix-server
    state: started
    enabled: yes
- name: check OS distribution
  become: yes
  fail: msg="Sorry. the playbook can only on Centos7 or Centos8."
  when: 
    - ( ansible_distribution != 'CentOS' ) or
      (( ansible_distribution_major_version != '8' ) and
      ( ansible_distribution_major_version != '7' ))
- name: include CentOS7 yml
  become: yes
  include_vars:
    file: centos7.yml
  when: ansible_distribution_major_version == '7'
- name: include CentOS8 yml
  become: yes
  include_vars:
    file: centos8.yml
  when: ansible_distribution_major_version == '8'

处理程序

- name: restart httpd
  service: name=httpd state=restarted enabled=yes
  become: yes
- name: restart php-fpm
  service: name=php-fpm state=restarted enabled=yes
  become: yes
- name: restart mariadb
  service: name=mariadb state=restarted enabled=yes
  become: yes
- name: restart mysqld
  service: name=mysqld state=restarted enabled=yes
  become: yes
- name: restart zabbix-server
  service: name=zabbix-server state=restarted enabled=yes
  become: yes

模板

<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE']     = 'MYSQL';
$DB['SERVER']   = 'localhost';
$DB['PORT']     = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER']     = 'zabbix';
$DB['PASSWORD'] = '{{ vars.zabbix_mysql_password }}';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
$ZBX_SERVER      = 'localhost';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = '';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

变量

yum_list:
  - httpd
  - mariadb-server
  - MySQL-python
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-server-mysql-4.0.9-3.el7.x86_64.rpm
# - zabbix-server-mysql
# - zabbix-web-mysql
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-web-mysql-4.0.9-3.el7.noarch.rpm
# - zabbix-web-japanese
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-web-japanese-4.0.9-3.el7.noarch.rpm
# - zabbix-get
# - zabbix-get-4.0.9-3.el7.x86_64.rpm
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-get-4.0.44-1.el7.x86_64.rpm
# - zabbix-agent
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-agent-4.0.9-3.el7.x86_64.rpm
# - zabbix-sender
  - https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-sender-4.0.44-1.el7.x86_64.rpm
  - MySQL-python
mysql_server_file: /etc/my.cnf.d/server.cnf
mysql_name: mariadb
yum_list:
  - httpd
  - mysql-server
  - zabbix-server-mysql
  - zabbix-web
  - zabbix-get
  - python3-PyMySQL
mysql_server_file: /etc/my.cnf.d/mysql-server.cnf
mysql_name: mysqld

常见的

任务

- include: tasks/check.yml
- name: disable selinux
  become: yes
  selinux:
   state: disabled
- name: set hostname
  become: yes
  hostname:
    name: "{{ inventory_hostname }}"
- name: set timezone
  become: yes
  timezone:
    name: "{{ vars.timezone }}"
- name: Install Zabbix Repo
  become: yes
  yum:
    name: "{{repo_url}}"
    state: present
- name: check OS distribution
  become: yes
  fail: msg="Sorry. the playbook can only on Centos7 or Centos8."
  when: 
    - ( ansible_distribution != 'CentOS' ) or
      (( ansible_distribution_major_version != '8' ) and
      ( ansible_distribution_major_version != '7' ))
- name: include CentOS7 yml
  become: yes
  include_vars:
    file: centos7.yml
  when: ansible_distribution_major_version == '7'
- name: include CentOS8 yml
  become: yes
  include_vars:
    file: centos8.yml
  when: ansible_distribution_major_version == '8'

变量

repo_url: https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-2.el7.noarch.rpm
repo_url: https://repo.zabbix.com/zabbix/4.0/rhel/8/x86_64/zabbix-release-4.0-2.el8.noarch.rpm

代理人

处理者

- name: restart zabbix-agent
  service: name=zabbix-agent state=restarted enabled=yes
  become: yes

任务

- include: tasks/check.yml
- name: set firewall zabbix-agent.service
  become: yes
  firewalld:
    port: 10050/tcp
    permanent: true
    immediate: yes
    state: enabled
- name: yum install zabbix-agent
  become: yes
  yum:
    name:
    - zabbix-agent
- name: modify file /etc/zabbix/zabbix_agentd.conf
  become: yes
  lineinfile:
    dest='/etc/zabbix/zabbix_agentd.conf'
    state=present
    backrefs=no
    regexp='^Hostname'
    line='#Hostname='
  notify:
    - restart zabbix-agent
- name: modify file /etc/zabbix/zabbix_agentd.conf
  become: yes
  lineinfile:
    dest='/etc/zabbix/zabbix_agentd.conf'
    state=present
    backrefs=no
    regexp='^HostnameItem'
    line='HostnameItem=system.hostname'
  notify:
    - restart zabbix-agent
- name: modify file /etc/zabbix/zabbix_agentd.conf
  become: yes
  lineinfile:
    dest='/etc/zabbix/zabbix_agentd.conf'
    state=present
    backrefs=no
    regexp='^Server='
    line='Server={{ vars.zabbix_server_ip }}'
  notify:
    - restart zabbix-agent
- name: modify file /etc/zabbix/zabbix_agentd.conf
  become: yes
  lineinfile:
    dest='/etc/zabbix/zabbix_agentd.conf'
    state=present
    backrefs=no
    regexp='^ServerActive='
    line='ServerActive={{ vars.zabbix_server_ip }}'
  notify:
    - restart zabbix-agent
- name: enabled and start zabbix-agent
  become: yes
  service:
    name: zabbix-agent
    state: started
    enabled: yes
- name: check OS distribution
  become: yes
  fail: msg="Sorry. the playbook can only on Centos7 or Centos8."
  when: 
    - ( ansible_distribution != 'CentOS' ) or
      (( ansible_distribution_major_version != '8' ) and
      ( ansible_distribution_major_version != '7' ))
广告
将在 10 秒后关闭
bannerAds