编写Linux初始化剧本
初始化剧本环节,主要用户实现关闭Selinux关闭防火墙,一起配置一下阿里云的YUM源地址,和安装EPEL源,为后期的zabbix安装做好铺垫工作.
1.在安装Zabbix之前,我们需要创建一些东西,也就是一些初始化工作,首先我们先来同步一下密钥对.
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xZxM9bunwBsS03gGT5HGT4LvOnJHdr5Bwl/Iit7qQN8 root@localhost.localdomain
The keys randomart image is:
+---[RSA 2048]----+
| .+o. |
| =..=o. |
| Bo.+. |
| . B...o |
| S +.B = .|
| . . O+=.o |
| . ++Eo+ .|
| .o+o.+.+ |
| +++o o. |
+----[SHA256]-----+
[root@localhost ~]# ssh-copy-id root@192.168.10.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.20 (192.168.10.20) can t be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.20 s password:
[root@localhost ~]# ssh-copy-id root@192.168.10.30
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.30 (192.168.10.30) cant be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.30's password:
2.其次创建一个目录用于存放剧本中需要用到的数据文件等,如果你有一些配置文件需要拷贝,此时应该放在本目录下方便剧本调用.
[root@localhost ~]# mkdir playbook
[root@localhost ~]# cd playbook/
[root@localhost playbook]# ls -lh
total 8.0K
-rw-r--r--. 1 root root 30 Dec 3 10:45 hosts
-rw-r--r--. 1 root root 30 Dec 3 10:45 main.yml
3.接着创建一个用户主机列表,这里我们就在当前目录下创建一个Hosts文件即可,如果有很多太主机可以使用简写.
[root@localhost playbook]# vim hosts
[root@localhost playbook]# cat hosts
[zabbix_server]
192.168.10.20
192.168.10.30
#[test] #此处注释,只做说明,定义从20-100网段的主机
#192.168.10.2[0:100]
4.其次我们开始编写一个剧本,用户给目标主机初始化工作,下面我们来看一下代码片段:
---
#----------------------------------------------------------
# 初始化,关闭防火墙,和SELinux
- hosts: zabbix_server
tasks:
- name: off selinux
shell: setenforce 0
- name: seline modify enforcing
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name: off iptables
shell: iptables -F
- name: off iptables
lineinfile:
dest: /etc/bashrc
line: 'iptables -F'
#----------------------------------------------------------
# 安装部署LAMP环境,通过YUM模块快速安装
- hosts: zabbix_server
tasks:
- name: install LAMP
yum: name={{item}} state=installed
with_items:
- httpd
- httpd-devel
- mariadb
- mariadb-server
- php
- php-mysql
- name: start httpd
shell: systemctl restart httpd
- name: start mariadb
shell: systemctl restart mariadb
#----------------------------------------------------------
以上片段,有几个关键地方需要说明一下:
name: seline modify enforcing这个标签下方,lineinfile语句主要实现了,正则替换的目的,如果在/etc/selinux/config目录下搜索到开头是SELINUX=的字母,则自动替换成SELINUX=disabled
name: off iptables这个标签下方,lineinfile语句主要实现了,在/etc/bashrc最下面添加一个新字段iptables -F,目的是开机后自动清除防火墙规则.
好了,上方的剧本片段就可以实现初始化工作,关闭防火墙等,接着安装LAMP环境.
编写Zabbix服务端剧本
zabbix-Server 安装的 tasks 比较多,因为它涉及数据库的安装以及配置,这里就不介绍了,还有 MySQL 没有使用 Ansible 自带的模块进行 MySQL 数据库和用户的管理,建议编写 task 的时候尽量使用 Ansible 自带的模块进行配置管理,不仅仅是方便使用,而且 Ansible 官方的模块对整个状态管理做得很好.
# 下载YUM源地址,更新EPEL源,安装Zabbix
- hosts: zabbix_server
tasks:
- name: clear YUM
shell: rm -fr /etc/yum.repos.d/*
- name: install YUM EPEL
get_url: 'url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo'
- name: yum install EPEL
yum: name=epel-release state=installed
- name: install zabbix.repo
shell: rpm -i http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
- name: install zabbix
yum: name={{item}} state=installed
with_items:
- zabbix-server-mysql
- zabbix-web-mysql
- zabbix-agent
- name: start zabbix-server
shell: systemctl restart zabbix-server
- name: start zabbix-agent
shell: systemctl restart zabbix-agent
#----------------------------------------------------------
# 安装配置数据库权限,导入zabbix数据库.
- hosts: zabbix_server
tasks:
- name: set mariadb password
shell: mysqladmin -u root password 'ansible'
- name: create zabbix master databases
shell: mysql -uroot -pansible -e 'create database zabbix character set utf8 collate utf8_bin;'
- name: set zabbix master databases grant
shell: mysql -uroot -pansible -e 'grant all privileges on zabbix.* to zabbix@localhost identified by "zabbix";'
- name: import zabbix initial data SQL shell
shell: zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix
最后一部分内容,配置Zabbix配置文件,和配置相关的操作,比如PHP的调优等.
#----------------------------------------------------------
# 修改并拷贝配置文件,给予权限
---
- hosts: zabbix_server
tasks:
- name: edit zabbix dbhost
lineinfile:
dest: /etc/zabbix/zabbix_server.conf
regexp: '# DBHost=localhost'
line: 'DBHost=localhost'
- name: edit zabbix dbpasswd
lineinfile:
dest: /etc/zabbix/zabbix_server.conf
regexp: '# DBPassword='
line: 'DBPassword=zabbix'
- name: cp zabbix web
shell: cp -a /usr/share/zabbix/* /var/www/html/
- name: chmod web
shell: chmod 755 -R /var/www/html/*
- name: chown web
shell: chown apache.apache -R /var/www/html/*
- name: set php
shell: echo "date.timezone = Asia/Shanghai" >> /etc/php.ini
- name: set php
shell: echo "max_execution_time = 300" >> /etc/php.ini
- name: set php
shell: echo "max_input_time = 300" >> /etc/php.ini
- name: set php
shell: echo "post_max_size = 32M" >> /etc/php.ini
- name: set php
shell: echo "memory_limit = 128M" >> /etc/php.ini
- name: set php
shell: echo "mbstring.func_overload = 0" >> /etc/php.ini
- name: start http mysql zabbix
shell: systemctl restart httpd ; systemctl restart mariadb
- name: start http mysql zabbix
shell: systemctl restart zabbix-server ; systemctl restart zabbix-agent
- name: enabled http mysql zabbix
shell: systemctl enable httpd ; systemctl enable mariadb
- name: start http mysql zabbix
shell: systemctl enable zabbix-server ; systemctl enable zabbix-agent
好了,最后我们把这三块内容整合到一起就是一个完整的剧本啦,这里需要说明的是,本人并没有按照标准化流程来编写剧本,因为如果那样的话看上去反而不容易入门,毕竟生产环境中,下面这些东西相信也足够使用啦.
---
#----------------------------------------------------------
# 初始化,关闭防火墙,和SELinux
- hosts: zabbix_server
tasks:
- name: off selinux
shell: setenforce 0
- name: seline modify enforcing
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- name: off iptables
shell: iptables -F
- name: off iptables
lineinfile:
dest: /etc/bashrc
line: 'iptables -F'
#----------------------------------------------------------
# 安装部署LAMP环境,通过YUM模块快速安装
- hosts: zabbix_server
tasks:
- name: install LAMP
yum: name={{item}} state=installed
with_items:
- httpd
- httpd-devel
- mariadb
- mariadb-server
- php
- php-mysql
- name: start httpd
shell: systemctl restart httpd
- name: start mariadb
shell: systemctl restart mariadb
#----------------------------------------------------------
# 下载YUM源地址,更新EPEL源,安装Zabbix
- hosts: zabbix_server
tasks:
- name: clear YUM
shell: rm -fr /etc/yum.repos.d/*
- name: install YUM EPEL
get_url: 'url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo'
- name: yum install EPEL
yum: name=epel-release state=installed
- name: install zabbix.repo
shell: rpm -i http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
- name: install zabbix
yum: name={{item}} state=installed
with_items:
- zabbix-server-mysql
- zabbix-web-mysql
- zabbix-agent
- name: start zabbix-server
shell: systemctl restart zabbix-server
- name: start zabbix-agent
shell: systemctl restart zabbix-agent
#----------------------------------------------------------
# 安装配置数据库权限,导入zabbix数据库.
- hosts: zabbix_server
tasks:
- name: set mariadb password
shell: mysqladmin -u root password 'ansible'
- name: create zabbix master databases
shell: mysql -uroot -pansible -e 'create database zabbix character set utf8 collate utf8_bin;'
- name: set zabbix master databases grant
shell: mysql -uroot -pansible -e 'grant all privileges on zabbix.* to zabbix@localhost identified by "zabbix";'
- name: import zabbix initial data SQL shell
shell: zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix
#----------------------------------------------------------
# 修改并拷贝配置文件,给予权限
- hosts: zabbix_server
tasks:
- name: edit zabbix dbhost
lineinfile:
dest: /etc/zabbix/zabbix_server.conf
regexp: '# DBHost=localhost'
line: 'DBHost=localhost'
- name: edit zabbix dbpasswd
lineinfile:
dest: /etc/zabbix/zabbix_server.conf
regexp: '# DBPassword='
line: 'DBPassword=zabbix'
- name: cp zabbix web
shell: cp -a /usr/share/zabbix/* /var/www/html/
- name: chmod web
shell: chmod 755 -R /var/www/html/*
- name: chown web
shell: chown apache.apache -R /var/www/html/*
- name: set php
shell: echo "date.timezone = Asia/Shanghai" >> /etc/php.ini
- name: set php
shell: echo "max_execution_time = 300" >> /etc/php.ini
- name: set php
shell: echo "max_input_time = 300" >> /etc/php.ini
- name: set php
shell: echo "post_max_size = 32M" >> /etc/php.ini
- name: set php
shell: echo "memory_limit = 128M" >> /etc/php.ini
- name: set php
shell: echo "mbstring.func_overload = 0" >> /etc/php.ini
- name: start http mysql zabbix
shell: systemctl restart httpd ; systemctl restart mariadb
- name: start http mysql zabbix
shell: systemctl restart zabbix-server ; systemctl restart zabbix-agent
- name: enabled http mysql zabbix
shell: systemctl enable httpd ; systemctl enable mariadb
- name: start http mysql zabbix
shell: systemctl enable zabbix-server ; systemctl enable zabbix-agent
接着写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
pattern: [u'zabbix_server']
hosts (2):
192.168.10.20
192.168.10.30
执行剧本: 确认过以后,直接使用下面的命令一键部署,我们写好的PlayBook剧本,此时我们等它一会.
[root@localhost playbook]# ansible-playbook -i hosts main.yml
PLAY [zabbix_server] *********************************************************************
TASK [Gathering Facts] *******************************************************************
ok: [192.168.10.30]
ok: [192.168.10.20]
....省略....
PLAY RECAP *******************************************************************************
192.168.10.20 : ok=5 changed=4 unreachable=0 failed=0
192.168.10.30 : ok=5 changed=4 unreachable=0 failed=0
本笔记介绍了如何使用 Ansible 去快速部署 Zabbix 监控系统,从中你是不是学到了很多部署方面的技巧了呢,其实ansible也就这样.
编写Zabbix被控端剧本
1.在安装Zabbix客户端之前,我们需要创建一些东西,也就是一些初始化工作,首先我们先来同步一下密钥对.
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xZxM9bunwBsS03gGT5HGT4LvOnJHdr5Bwl/Iit7qQN8 root@localhost.localdomain
The keys randomart image is:
+---[RSA 2048]----+
| .+o. |
| =..=o. |
| Bo.+. |
| . B...o |
| S +.B = .|
| . . O+=.o |
| . ++Eo+ .|
| .o+o.+.+ |
| +++o o. |
+----[SHA256]-----+
[root@localhost ~]# ssh-copy-id root@192.168.10.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.20 (192.168.10.20) can t be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.20 s password:
[root@localhost ~]# ssh-copy-id root@192.168.10.30
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.30 (192.168.10.30) cant be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.30's password:
2.其次创建一个目录用于存放剧本中需要用到的数据文件等,如果你有一些配置文件需要拷贝,此时应该放在本目录下方便剧本调用.
[root@localhost ~]# mkdir playbook
[root@localhost ~]# cd playbook/
[root@localhost playbook]# ls -lh
total 8.0K
-rw-r--r--. 1 root root 30 Dec 3 10:45 hosts
-rw-r--r--. 1 root root 30 Dec 3 10:45 main.yml
-rw-r--r--. 1 root root 378908 Dec 4 07:04 zabbix-agent-4.0.0-1.1.el7.x86_64.rpm
3.接着创建一个用户主机列表,这里我们就在当前目录下创建一个Hosts文件即可,如果有很多太主机可以使用简写.
[root@localhost playbook]# vim hosts
[root@localhost playbook]# cat hosts
[zabbix_client]
192.168.10.20
192.168.10.30
#[test] #此处注释,只做说明,定义从20-100网段的主机
#192.168.10.2[0:100]
4.编写一个批量修改的PlayBook,这个剧本很小巧所以无需分开来介绍,直接一条道走到黑.
---
- hosts: zabbix_client
vars:
- IP: 192.168.10.10
tasks:
- name: copy zabbix-agent-4.0.0-1.1.el7.x86_64.rpm
copy: src=./zabbix-agent-4.0.0-1.1.el7.x86_64.rpm dest=/tmp/zabbix-agent.rpm
- name: install zabbix-agent
shell: rpm -i /tmp/zabbix-agent.rpm
- name: edit zabbix_agentd.conf
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: 'Server=127.0.0.1'
line: 'Server={{IP}}'
- name: edit zabbix_agentd.conf
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: 'ServerActive=127.0.0.1'
line: 'ServerActive={{IP}}'
- name: edit zabbix_agentd.conf
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: 'Hostname=Zabbix server'
line: 'Hostname={{IP}}'
- name: start zabbix
shell: /usr/sbin/zabbix_agentd
- name: enable zabbix
shell: echo "/usr/sbin/zabbix_agentd" >> /etc/bashrc
接着写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
pattern: [u'zabbix_client']
hosts (2):
192.168.10.20
192.168.10.30
执行剧本: 确认过以后,直接使用下面的命令一键部署,我们写好的PlayBook剧本,此时我们等它一会.
[root@localhost playbook]# ansible-playbook -i hosts main.yml
PLAY [zabbix_client] *********************************************************************
TASK [Gathering Facts] *******************************************************************
ok: [192.168.10.30]
ok: [192.168.10.20]
....省略....
PLAY RECAP *******************************************************************************
192.168.10.20 : ok=5 changed=4 unreachable=0 failed=0
192.168.10.30 : ok=5 changed=4 unreachable=0 failed=0
参考文献:《Ansible自动化运维:技术与最佳实践》