手动安装zabbix-agent
少量linux客户机的情况下,手动安装zabbix-agent:
登录https://repo.zabbix.com/zabbix,这里以3.4版,CentOS7为例:
#rpm -i https://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
#yum install -y zabbix-agent
#vi /etc/zabbix/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=10.3.8.100
ServerActive=10.3.8.100
HostMetadataItem=system.uname
Include=/etc/zabbix/zabbix_agentd.d/*.conf
注:Hostname可不用写,它包含在HostMetadataItem里面,除非要设置Hostname与系统的主机名不一样。如果HostMeatadata不存在,它的值就从HostMetadataItem里面获取,如果HostMeatadata存在,那HostMetadataItem就不起作用。
system.uname的值包含了Linux开头及主机名等信息,如下(需要安装zabbix-get包):
#zabbix_get -s 127.0.0.1 -k system.uname
Linux zabbix.example.com 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64
结果开头的Linux关键字可以用来代表Linux系统,作为自动注册的匹配条件,即“元数据 似 Linux”,或英文网页的”metadata like Linux”
如果配置了StartAgents=0,那是纯主动模式,只能搭配主动模板使用,在Linux客户端太多,ZabbixServer压力大时,可以考虑改为纯主动模式。
#systemctl enable zabbix-agentd
#systemctl start zabbix-agentd
#firewall-cmd –permanent –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
#firewall-cmd –reload
此外,Selinux关闭,不然麻烦非常大,调试困难。
自动化部署zabbix-agent
当要监控的linux客户机很多时,适合用ansible进行自动化运维部署。
安装ansible
找一台管理用的CentOS7机器,安装ansible:
#yum -y install ansible
#ls /etc/ansible
ansible.cfg hosts roles
ansible.cfg 是 Ansible 工具的配置文件;
hosts 用来配置被管理的机器;
roles 是一个目录,playbook将使用它;
配置主机信任
Ansible 管理机与被管理机做秘钥认证
#ssh-keygen
#ssh-copy-id root 10.3.8.63
#ssh-copy-id root 10.3.8.64
从这里可以看出,对这台管理用的主机,必须严格控制用户使用,不然非法用户能用它登录所有信任过的主机。
配置ansible
Host文件添加被管理机
#vi /etc/ansible/hosts
[Client]
10.3.8.63
10.3.8.64
Ping测试:
#ansible Client -m ping
10.3.8.64 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
编写YML文件,由于wordpress对行首空格支持很不友好,这里行产用 来表示空格,一个 代表2个空格。
#cd /etc/ansible/roles
#mkdir -p install_zabbix_agent/{files,handlers,tasks}
#vi install_zabbix_agent.yml
- hosts: zabbix-agent
remote_user: root
gather_facts: true
roles:
- install_zabbix_agent
#cd install_zabbix_agent/
先看files目录,它是存放一些安装包之类的文件用的。
#ll files/
total 768
-rw-r–r– 1 root root 370932 Sep 14 16:40 zabbix-agent-3.4.14-1.el6.x86_64.rpm
-rw-r–r– 1 root root 375400 Sep 14 16:40 zabbix-agent-3.4.14-1.el7.x86_64.rpm
-rw-r–r– 1 root root 199 Sep 19 15:31 zabbix_agentd.conf
第一个rpm文件是要复制给cent/rhel6用的zabbix-agent安装包。第二个rpm文件是要复制给cent/rhel7用的zabbix-agent安装包。第三个文件是复制到客户机上的zabbix-agent配置文件。
zabbix-agentd.conf文件内容如下:
#cat files/zabbix_agentd.conf
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
Server=10.3.8.100
ServerActive=10.3.8.100
HostMetadataItem=system.uname
Include=/etc/zabbix/zabbix_agentd.d/*.conf
再来看看tasks目录:
ll tasks/
total 12
-rw-r–r– 1 root root 1284 Sep 18 22:48 install.yml
-rw-r–r– 1 root root 56 Sep 18 22:35 main.yml
-rw-r–r– 1 root root 755 Sep 18 20:41 setport.yml
tasks目录内必须有一个主配置文件main.yml,如果还有其它的yml文件,必须被包含进main.yml文件内。install.yml是安装zabbix-agent,setport.yml是设置防火墙。
#cat tasks/main.yml
- import_tasks: install.yml
- import_tasks: setport.yml
#cat tasks/install.yml
- block:
- name: “copy zabbix_agent to Clients”
copy:
src=zabbix-agent-3.4.14-1.el6.x86_64.rpm
dest=/tmp
- name: “yum install zabbix_agent”
yum:
name: /tmp/zabbix-agent-3.4.14-1.el6.x86_64.rpm
state: present
- name: “copy zabbix_agentd.conf”
copy:
src=zabbix_agentd.conf
dest=/etc/zabbix/zabbix_agentd.conf
- name: “start zabbix,enable zabbix”
service:
name=zabbix-agent
state=started
enabled=yes
notify:
- restart zabbix-agent
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “6”
– block:
- name: “copy zabbix_agent to Clients”
copy:
src=zabbix-agent-3.4.14-1.el7.x86_64.rpm
dest=/tmp
- name: “yum install zabbix_agent”
yum:
name: /tmp/zabbix-agent-3.4.14-1.el7.x86_64.rpm
state: present
- name: “copy zabbix_agentd.conf”
copy:
src=zabbix_agentd.conf
dest=/etc/zabbix/zabbix_agentd.conf
- name: “start zabbix,enable zabbix”
service:
name=zabbix-agent
state=started
enabled=yes
notify:
- restart zabbix-agent
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “7”
- name: Unexpected OS family
debug: msg="OS Family {{ ansible_os_family }} is not supported" fail=yes
when: not ansible_os_family == "RedHat" or ansible_os_family == "CentOS"
#cat tasks/setport.yml
- block:
- name: add iptables
shell: iptables -I INPUT 1 -s 10.3.8.100/32 -p tcp –dport 10050 -j ACCEPT
- name: save iptables
shell: service iptables save
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “6”
– block:
- name: add firewalld running
shell: firewall-cmd –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
- name: add firewalld permanent
shell: firewall-cmd –permanent –add-rich-rule ‘rule family=ipv4 source address=10.3.8.100/32 port port=10050 protocol=tcp accept’
when: (ansible_distribution == “CentOS” or ansible_distribution == “RedHat”) and ansible_distribution_major_version == “7”
这里对centos/rhel7的防火墙设定并不严谨,机器上并不一定都是firewalld,有可能是iptables。不知ansible的防火墙模块有没有类似service模块的设定,只要提供name和state,ansible自动判断是执行service zabbix-agent start/restart/stop 还是执行systemctl start/restart/stop zabbix-agent。
handlers目录下定义了配置文件发生变化后触发的重启进程(notify)
#ll handlers/
total 4
-rw-r–r– 1 root root 75 Sep 19 10:14 main.yml
#cat handlers/main.yml
- name: restart zabbix-agent
service: name=zabbix_agentd state=restarted
执行任务
语法检查:
#ansible-playbook /etc/ansible/roles/install_zabbix_agent.yml –syntax-check
没有提示错误就OK,正式执行任务就去掉–syntax-check:
#ansible-playbook /etc/ansible/roles/install_zabbix_agent.yml
观察执行结果,成功后等两分钟左右,到web页,管理——主机下面可看到自动注册的Linux客户机。