在上一篇教程中我们已经实现了使用ansible-playbook批量在远程主机上部署zabbix客户端并正常运行,现在我们再次通过ansible-playbook给客户端主机批量增加zabbix监控项目配置(创建监控项目示例:自动发现远程主机监听的TCP端口、监控远程主机的TCP连接数状态)。
Ansible-playbook 配置
在原有的基础目录上创建一个configure角色以及ansible的各个模块任务目录列表,通过ansible-playbook调用入口文件zabbix_configure.yml,使得configure能够调用各个模块功能来完成同步所有zabbix的配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@ansible
/etc/ansible/zabbix_rhel/zabbix_agent
]
# tree roles/configure/
roles
/configure/
├── files
│ └── zabbix_scripts
│ ├── discovery_tcp_port.sh
│ └── tcp_connect_status.sh
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── 01-
sync
-clock.yml
│ ├── 02-allow-
sudo
.yml
│ ├── 03-
sync
-conf_files.yml
│ └── main.yml
├── templates
│ ├── Userparameter_script.conf
│ └── zabbix_agentd.conf
└── vars
└── main.yml
7 directories, 10 files
[root@ansible
/etc/ansible/zabbix_rhel/zabbix_agent
]
# ls
roles zabbix_configure.yml zabbix_delete.yml zabbix_install.yml
|
1、定义ansible程序入口调用文件
>> zabbix_configure.yml
|
1
2
3
4
5
6
|
---
- hosts: testhosts
remote_user: root
gather_facts: True
roles:
- configure
|
2、定义tasks任务列表
>> 同步时钟并添加计划任务(01-sync-clock.yml )
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
---
- name: Install ntpdate software
yum: name=ntpdate state=present
- name: Synchronization clock
cron
job
cron
:
name: Sync clock
job:
/usr/sbin/ntpdate
{{ ntpserver }} &>
/dev/null
&& hwclock -w
minute: 30
hour: 7
- name: Restart crond
service: name=crond state=restarted
- name: Running ntpdate to synchronization
time
shell:
/usr/sbin/ntpdate
{{ ntpserver }} && hwclock -w
|
>> 定义允许zabbix用户使用sudo执行命令的task任务(02-allow-sudo.yml)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
---
- name: Add allow zabbix user to nopasswd
exec
sudo
lineinfile:
dest:
/etc/sudoers
regexp:
"^zabbix"
insertafter:
"^root"
line:
"zabbix ALL=(ALL) NOPASSWD: ALL"
- name: Add allow zabbix user to nopasswd
exec
sudo
lineinfile:
dest:
/etc/sudoers
regexp:
"^Defaults:zabbix"
line:
"Defaults:zabbix !requiretty"
|
修改zabbix用户允许使用sudo执行命令,并且不需要输入密码,该task任务可以重复执行,并且不会增加重复的配置
>> 定义同步所有zabbix配置文件的task任务(03-sync-conf_files.yml)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
---
- name: Create zabbix scripts directory
file
: dest={{ zabbix_basedir }}
/scripts
state=directory owner=root group=root mode=0755 recurse=
yes
- name: Copy zabbix monitor scripts
copy: src=zabbix_scripts/ dest={{ zabbix_basedir }}
/scripts/
owner=root group=root mode=0755
- name: Copy zabbix_agentd.conf
file
template: src=zabbix_agentd.conf dest={{ zabbix_basedir }}
/etc/zabbix_agentd
.conf
owner=root group=root mode=0644
notify: restart zabbix_agentd
- name: Copy Userparameter_script.conf
file
template: src=Userparameter_script.conf dest={{ zabbix_basedir }}
/etc/zabbix_agentd
.conf.d
/Userparameter_script
.conf
owner=root group=root mode=0644
notify: restart zabbix_agentd
|
>> 定义tasks任务列表调用接口文件(main.yml)
|
1
2
3
4
|
---
- include: 01-
sync
-clock.yml
- include: 02-allow-
sudo
.yml
- include: 03-
sync
-conf_files.yml
|
3、定义vars变量文件
在这里定义zabbix服务端主机名或IP地址,ntp服务器地址等
|
1
2
3
4
|
# cat roles/configure/vars/main.yml
ntpserver: 10.17.87.8
zabbix_basedir:
/usr/local/zabbix
zabbix_server_ip: 10.17.81.120
|
4、定义handlers任务文件
handlers任务在同步配置文件时重启zabbix_agentd服务使配置生效
|
1
2
3
4
|
# cat roles/configure/handlers/main.yml
---
- name: restart zabbix_agentd
service: name=zabbix_agentd state=restarted
|
5、将zabbix脚本统一放到files/zabbix_scripts/目录下
|
1
2
|
# ls roles/configure/files/zabbix_scripts/
discovery_tcp_port.sh tcp_connect_status.sh
|
>> discovery_tcp_port.sh为自动发现客户端主机TCP端口脚本
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#!/bin/bash
#Author: HMLinux Email: mail@huangming.org
#port_array=`netstat -tnlp | sed -e '1,2d' -e '/-/d' | awk '{print $4}' | awk -F':' '{if($NF~/^[0-9]*$/) print $NF}' | sort -n | u
niq`
port_array=`
netstat
-ntlp |
sed
-e
'1,2d'
-e
'/-/d'
|
awk
'{print $4" "$NF}'
|
awk
-F
'[:/ ]+'
'($NF !~ /^[0-9]*$/) && ($2>18) {pri
nt $2
" "
$NF}' |
sort
-g|
uniq
`
tcp_ports=(`
echo
"$port_array"
|
cut
-d
" "
-f1`)
proc_name=(`
echo
"$port_array"
|
cut
-d
" "
-f2`)
length=${
#tcp_ports[@]}
printf
"{\n"
printf
'\t'
"\"data\":["
for
((i=0;i<$length;i++))
do
printf
'\n\t\t{'
printf
'\n\t\t\t'
printf
"\"{#TCP_PORT}\":\"${tcp_ports[$i]}\","
printf
'\n\t\t\t'
printf
"\"{#TCP_NAME}\":\"${proc_name[$i]}\"}"
if
[ $i -lt $[$length-1] ];
then
printf
','
fi
done
printf
"\n\t]\n"
printf
"}\n"
|
>> tcp_connect_status.sh为监控客户端主机TCP连接状态脚本
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/bin/bash
#Author: HMLinux Email: mail@huangming.org
parameter_l=$1
parameter_u=$(
echo
$parameter_l |
tr
'[:lower:]'
'[:upper:]'
)
ptcp_status=$(
/bin/netstat
-an|
awk
'/^tcp/{++S[$NF]}END{for(a in S) print a,S[a]}'
|
awk
'/'
''
$parameter_u
''
'/{print $2}'
)
case
$parameter_l
in
listen)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
established)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
time_wait)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
syn_sent)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
syn_recv)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
closed)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
closing)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
close_wait)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
fin_wait1)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
fin_wait2)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
lastack)
if
[
"$ptcp_status"
==
""
];
then
echo
0
else
echo
$ptcp_status
fi
;;
*)
echo
-e "\E[33mUsage: sh $0 [closed|closing|close_wait|syn_recv|syn_sent|fin_wait1|fin_wait2|listen|established|lastack|ti
me_wait]\E[0m"
esac
|
6、将zabbix相关的配置文件放到templates/目录下
|
1
2
|
# ls roles/configure/templates/
Userparameter_script.conf zabbix_agentd.con
|
>> Userparameter_script.conf配置文件,该配置文件定义zabbix监控项目键值与脚本路径
|
1
2
3
|
# cat Userparameter_script.conf
UserParameter=tcp.listen.port,
sudo
{{ zabbix_basedir }}
/scripts/discovery_tcp_port
.sh
UserParameter=tcp.connect.status[*],
sudo
{{ zabbix_basedir }}
/scripts/tcp_connect_status
.sh $1
|
>> zabbix_agentd.conf配置文件,该配置文件为zabbix客户端的主配置文件
|
1
2
3
4
5
|
Server={{ zabbix_server_ip }}
ServerActive={{ zabbix_server_ip }}:10051
Hostname={{ ansible_default_ipv4.address }}
Include={{ zabbix_basedir }}
/etc/zabbix_agentd
.conf.d
UnsafeUserParameters=1
|
7、执行zabbix_configure.yml同步zabbix配置
# ansible-playbook zabbix_configure.yml
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
[root@ansible
/etc/ansible/zabbix_rhel/zabbix_agent
]
# ansible-playbook zabbix_configure.yml
PLAY [testhosts] ***************************************************************
TASK [setup] *******************************************************************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Install ntpdate software] ************************************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Synchronization clock
cron
job] ******************************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Restart crond] ***********************************************
changed: [10.17.83.33]
changed: [10.17.83.34]
TASK [configure : Running ntpdate to synchronization
time
] *********************
changed: [10.17.83.33]
changed: [10.17.83.34]
TASK [configure : Add allow zabbix user to nopasswd
exec
sudo
] *****************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Add allow zabbix user to nopasswd
exec
sudo
] *****************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Create zabbix scripts directory] *****************************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Copy zabbix monitor scripts] *********************************
ok: [10.17.83.33]
ok: [10.17.83.34]
TASK [configure : Copy zabbix_agentd.conf
file
] ********************************
changed: [10.17.83.33]
changed: [10.17.83.34]
TASK [configure : Copy Userparameter_script.conf
file
] *************************
ok: [10.17.83.33]
ok: [10.17.83.34]
RUNNING HANDLER [configure : restart zabbix_agentd] ****************************
changed: [10.17.83.33]
changed: [10.17.83.34]
PLAY RECAP *********************************************************************
10.17.83.33 : ok=12 changed=4 unreachable=0 failed=0
10.17.83.34 : ok=12 changed=4 unreachable=0 failed=0
|
本文转自 HMLinux 51CTO博客,原文链接:http://blog.51cto.com/7424593/1945289
