Zabbix 自动化入门到实战作者 : 罗辉 基于 zabbix 自动化线上实战 基础篇第 2 讲基于 saltstack 自动化部署 zabbix-client 端实践 一 软件版本操作系统 :CentOS-6.5-x86_64 salt 版本 :2015.5.2( 直接 yum 源码安装 ) zabbix 版本 :3.0.3 二 部署环境规划 名称 IP 主机名配置 Slat-master 192.168.63.205 Zabbix_server 2 核 2G Salt-client 192.168.63.184 Zabbix_client 2 核 2G 三 zabbix-server(slat-master) 架构图如下 : 图解说明 : (1) zabbix_server 和 saltstack 同时安装在同一台服务器上 (2) 通过编写配置文件和批量文档, 由 zabbix_server 这台主机进行推送 注 : 当在 centos 6.5 这样进行安装 zabbix_server 的时候注意,php 的版本必须是在 5.4 以上, 可以使用 ; Saltstack 可以使用 epel 源直接进行安装 1
Zabbix 自动化入门到实战 作者 : 罗辉 四 salt 的安装 (192.168.63.205) 1 安装 epel 源 : rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 2 安装 master 并修改配置文件启动 : yum install salt-master -y 修改配置文件 : vim /etc/salt/master auto_accept: True( 自动接口客户端 key) /etc/init.d/salt-master start 3 安装 salt-minion 并修改配置文件 (salt_client): yum install salt-minion -y 修改配置文件 : vim /etc/salt/minion master: 192.168.10.205( 指向 master 端 ) /etc/init.d/salt-minion start 4 验证客户端是否已经接收客户端 key: salt-key -L ( 如果没有接收到在客户端执行 salt-minion -l debug 检测过程 ) Accepted Keys: Minion Zabbix_client Denied Keys: Unaccepted Keys: Rejected Keys: 5 检测是否能够通讯: salt 'monitor' test.ping monitor: True ( 表示成功 ) 五 配置批量管理 ( 在 master 上操作 ): 1 修改 salt-master 配置文件 : vim /etc/salt/master file_roots: base: - /srv/salt/ ( 定义 sls 路径 ) pillar_roots: base: - /srv/salt/pillar ( 定义 pillar 路径 : 主要存放自定义变量 ) 2
2 创建存放目录 : mkdir /srv/salt/ mkdir /srv/salt/pillar Zabbix 自动化入门到实战 作者 : 罗辉 3 定义入口文件: 查看结构 : cd /srv/salt/ ls pillar top.sls zabbix tree. pillar file.sls top.sls top.sls zabbix files zabbix-3.0.3.tar.gz zabbix_agentd zabbix_agentd.conf file.sls init.sls install.sls server.s 4 入口文件 top.sls: cat top.sls ( 定义所有的主机只是 sls 的时候去 zabbix 目录查找相关操作 ) base: '*': - zabbix 5 zabbix 目录下的结构和引导文件 init.sls: cd zabbix/ ls files file.sls init.sls install.sls server.sls cat init.sls ( 定义执行是加载这几个文件 ) include: - zabbix.install - zabbix.file - zabbix.server 6 安装包文件 zabbix.install: cat install.sls zabbix.tar.gz zabbix_source: 3
Zabbix 自动化入门到实战作者 : 罗辉 file.managed: - name: /tmp/zabbix-3.0.3.tar.gz - unless: test -e /tmp/zabbix-3.0.3.tar.gz ( 检测目录下是否有这个文件 ) - source: salt://zabbix/files/zabbix-3.0.3.tar.gz ( 没有的话从 files 目录下推送一个 ) extract extract_zabbix: cmd.run: - cwd: /tmp ( 切换到 cmd 目录 ) - names: - tar zxvf zabbix-3.0.3.tar.gz ( 解压 zabbix 包 ) - unless: test -d /tmp/zabbix-3.0.3 - require: ( 表示先执行上面的 zabbix_source 操作才到下面 ) - file: zabbix_source user ( 创建一个 uid 为 1501 的用户 ) zabbix_user: user.present: - name: zabbix - uid: 1501 - createhome: False - gid_from_name: True - shell: /sbin/nologin zabbix_pkgs ( 用 yum 方式安装依赖包 ) zabbix_pkg: pkg.installed: - pkgs: - gcc - openssl-devel - pcre-devel - zlib-devel - curl-devel zabbix_compile zabbix_compile: cmd.run: - cwd: /tmp/zabbix-3.0.3 - names: -./configure --with-net-snmp --with-libcurl --enable-agent --prefix=/usr/local/zabbix - make - make install - require: ( 完成解压和依赖包之后才执行这步操作 ) - cmd: extract_zabbix - pkg: zabbix_pkg 4
- unless: test -d /usr/local/zabbix Zabbix 自动化入门到实战 作者 : 罗辉 7 配置文件推送操作: cat file.sls ( 为了配置方便我这里吧一个 zabbix_agentd.conf 事先定义好直接推送 ) include: - zabbix.install config: file.managed: - name: /usr/local/zabbix/etc/zabbix_agentd.conf ( 查看是否有这个文件 ) - user: root - mode: 644 - source: salt://zabbix/files/zabbix_agentd.conf ( 没有从 files 目录下推送一个 ) - template: jinja ( 基于 jinja 模板, 这样可以在主服务器定义一些变量 ) 8 服务配置文件也是从主服务端推送: cat server.sls include: - zabbix.install server: file.managed: - name: /etc/init.d/zabbix_agentd - user: zabbix - mode: 755 - source: salt://zabbix/files/zabbix_agentd service.running: ( 检测并启动 ) - name: zabbix_agentd - enable: True - reload: True - watch: - file: /etc/init.d/zabbix_agentd 9 查看 pillar 下面的内容, 主要存放的是 jinja 模板调用的变量 cd /srv/salt/pillar/ ls file.sls top.sls cat top.sls base: '*': - file 5
Zabbix 自动化入门到实战作者 : 罗辉 cat file.sls server: 192.168.63.205 ( 定义 zabbix-server 的 IP 地址 ) 10 查看 files 目录下面被推送的几个文件 : cd /srv/salt/zabbix/files/ ls zabbix-3.0.3.tar.gz zabbix_agentd zabbix_agentd.conf 11 zabbix_agentd 启动文件 : cat zabbix_agentd!/bin/bash /etc/rc.d/init.d/zabbix_agentd Starts the zabbix_agentd daemon chkconfig: - 95 5 description: Zabbix Monitoring Agent processname: zabbix_agentd pidfile: /tmp/zabbix_agentd.pid Modified for Zabbix 2.0.0 May 2012, Zabbix SIA Source function library.. /etc/init.d/functions RETVAL=0 prog="zabbix Agent" ZABBIX_BIN="/usr/local/zabbix/sbin/zabbix_agentd" if [! -x ${ZABBIX_BIN} ] ; then echo -n "${ZABBIX_BIN} not installed! " Tell the user this has skipped exit 5 fi start() { echo -n $"Starting $prog: " 6
} Zabbix 自动化入门到实战作者 : 罗辉 daemon $ZABBIX_BIN RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/zabbix_agentd echo stop() { echo -n $"Stopping $prog: " killproc $ZABBIX_BIN RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/zabbix_agentd echo } case "$1" in start) start ;; stop) stop ;; reload restart) stop sleep 10 start RETVAL=$? ;; condrestart) if [ -f /var/lock/subsys/zabbix_agentd ]; then stop start fi ;; status) status $ZABBIX_BIN RETVAL=$? ;; *) echo $"Usage: $0 {condrestart start stop restart reload status}" exit 1 esac exit $RETVAL 7
Zabbix 自动化入门到实战 作者 : 罗辉 12 zabbix_agentd.conf 配置文件 ( 为了方便配置 zabbis_serverip 地址这里从 server 端推送 ): [root@xiaoluo files] cat zabbix_agentd.conf This is a configuration file for Zabbix agent daemon (Unix) To get more information about Zabbix, visit http://www.zabbix.com GENERAL PARAMETERS Option: PidFile Name of PID file. Mandatory: no Default: PidFile=/tmp/zabbix_agentd.pid Option: LogType Specifies where log messages are written to: system - syslog file - file specified with LogFile parameter console - standard output Mandatory: no Default: LogType=file Option: LogFile Log file name for LogType 'file' parameter. Mandatory: no Default: LogFile= LogFile=/tmp/zabbix_agentd.log Option: LogFileSize Maximum size of log file in MB. 0 - disable automatic log rotation. Mandatory: no Range: 0-1024 Default: LogFileSize=1 8
Zabbix 自动化入门到实战 作者 : 罗辉 Option: DebugLevel Specifies debug level: 0 - basic information about starting and stopping of Zabbix processes 1 - critical information 2 - error information 3 - warnings 4 - for debugging (produces lots of information) 5 - extended debugging (produces even more information) Mandatory: no Range: 0-5 Default: DebugLevel=3 Option: SourceIP Source IP address for outgoing connections. Mandatory: no Default: SourceIP= Option: EnableRemoteCommands Whether remote commands from Zabbix server are allowed. 0 - not allowed 1 - allowed Mandatory: no Default: EnableRemoteCommands=0 Option: LogRemoteCommands Enable logging of executed shell commands as warnings. 0 - disabled 1 - enabled Mandatory: no Default: LogRemoteCommands=0 Passive checks related Option: Server List of comma delimited IP addresses (or hostnames) of Zabbix servers. 9
Zabbix 自动化入门到实战作者 : 罗辉 Incoming connections will be accepted only from the hosts listed here. If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally. Mandatory: no Default: Server= Server={{ pillar['server'] }} Option: ListenPort Agent will listen on this port for connections from the server. Mandatory: no Range: 1024-32767 Default: ListenPort=10050 Option: ListenIP List of comma delimited IP addresses that the agent should listen on. First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. Mandatory: no Default: ListenIP=0.0.0.0 Option: StartAgents Number of pre-forked instances of zabbix_agentd that process passive checks. If set to 0, disables passive checks and the agent will not listen on any TCP port. Mandatory: no Range: 0-100 Default: StartAgents=3 Active checks related Option: ServerActive List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks. If port is not specified, default port is used. IPv6 addresses must be enclosed in square brackets if port for that host is specified. If port is not specified, square brackets for IPv6 addresses are optional. 10
Zabbix 自动化入门到实战作者 : 罗辉 If this parameter is not specified, active checks are disabled. Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] Mandatory: no Default: ServerActive= ServerActive={{pillar['server']}} ( 调用 pillar 的 server 里面的 IP, 推送到客户端 ) Option: Hostname Unique, case sensitive hostname. Required for active checks and must match hostname as configured on the server. Value is acquired from HostnameItem if undefined. Mandatory: no Default: Hostname= Hostname=Zabbix server Option: HostnameItem Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. Does not support UserParameters or aliases. Mandatory: no Default: HostnameItem=system.hostname Option: HostMetadata Optional parameter that defines host metadata. Host metadata is used at host auto-registration process. An agent will issue an error and not start if the value is over limit of 255 characters. If not defined, value will be acquired from HostMetadataItem. Mandatory: no Range: 0-255 characters Default: HostMetadata= Option: HostMetadataItem Optional parameter that defines an item used for getting host metadata. Host metadata is used at host auto-registration process. During an auto-registration request an agent will log a warning message if the value returned by specified item is over limit of 255 characters. 11
Zabbix 自动化入门到实战作者 : 罗辉 This option is only used when HostMetadata is not defined. Mandatory: no Default: HostMetadataItem= Option: RefreshActiveChecks How often list of active checks is refreshed, in seconds. Mandatory: no Range: 60-3600 Default: RefreshActiveChecks=120 Option: BufferSend Do not keep data longer than N seconds in buffer. Mandatory: no Range: 1-3600 Default: BufferSend=5 Option: BufferSize Maximum number of values in a memory buffer. The agent will send all collected data to Zabbix Server or Proxy if the buffer is full. Mandatory: no Range: 2-65535 Default: BufferSize=100 Option: MaxLinesPerSecond Maximum number of new lines the agent will send per second to Zabbix Server or Proxy processing 'log' and 'logrt' active checks. The provided value will be overridden by the parameter 'maxlines', provided in 'log' or 'logrt' item keys. Mandatory: no Range: 1-1000 Default: MaxLinesPerSecond=20 ADVANCED PARAMETERS 12
Zabbix 自动化入门到实战作者 : 罗辉 Option: Alias Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. Different Alias keys may reference the same item key. For example, to retrieve the ID of user 'zabbix': Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] Now shorthand key zabbix.userid may be used to retrieve data. Aliases can be used in HostMetadataItem but not in HostnameItem parameters. Mandatory: no Range: Default: Option: Timeout Spend no more than Timeout seconds on processing Mandatory: no Range: 1-30 Default: Timeout=3 Option: AllowRoot Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent will try to switch to the user specified by the User configuration option instead. Has no effect if started under a regular user. 0 - do not allow 1 - allow Mandatory: no Default: AllowRoot=0 Option: User Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled. Mandatory: no Default: User=zabbix Option: Include 13
Zabbix 自动化入门到实战作者 : 罗辉 You may include individual files or all files in a directory in the configuration file. Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. Mandatory: no Default: Include= Include=/usr/local/etc/zabbix_agentd.userparams.conf Include=/usr/local/etc/zabbix_agentd.conf.d/ Include=/usr/local/zabbix/etc/zabbix_agentd.conf.d/*.conf ( 自定义包含位置 ) USER-DEFINED MONITORED PARAMETERS Option: UnsafeUserParameters Allow all characters to be passed in arguments to user-defined parameters. The following characters are not allowed: \ ' " ` *? [ ] { } ~ $! & ; ( ) < > @ Additionally, newline characters are not allowed. 0 - do not allow 1 - allow Mandatory: no Range: 0-1 Default: UnsafeUserParameters=1 Option: UserParameter User-defined parameter to monitor. There can be several user-defined parameters. Format: UserParameter=<key>,<shell command> See 'zabbix_agentd' directory for examples. Mandatory: no Default: UserParameter=1 LOADABLE MODULES Option: LoadModulePath Full path to location of agent modules. Default depends on compilation options. Mandatory: no 14
Zabbix 自动化入门到实战作者 : 罗辉 Default: LoadModulePath=${libdir}/modules Option: LoadModule Module to load at agent startup. Modules are used to extend functionality of the agent. Format: LoadModule=<module.so> The modules must be located in directory specified by LoadModulePath. It is allowed to include multiple LoadModule parameters. Mandatory: no Default: LoadModule= TLS-RELATED PARAMETERS Option: TLSConnect How the agent should connect to server or proxy. Used for active checks. Only one value can be specified: unencrypted - connect without encryption psk - connect using TLS and a pre-shared key cert - connect using TLS and a certificate Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) Default: TLSConnect=unencrypted Option: TLSAccept What incoming connections to accept. Multiple values can be specified, separated by comma: unencrypted - accept connections without encryption psk - accept connections secured with TLS and a pre-shared key cert - accept connections secured with TLS and a certificate Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) Default: TLSAccept=unencrypted Option: TLSCAFile Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. 15
Mandatory: no Default: TLSCAFile= Zabbix 自动化入门到实战 作者 : 罗辉 Option: TLSCRLFile Full pathname of a file containing revoked certificates. Mandatory: no Default: TLSCRLFile= Option: TLSServerCertIssuer Allowed server certificate issuer. Mandatory: no Default: TLSServerCertIssuer= Option: TLSServerCertSubject Allowed server certificate subject. Mandatory: no Default: TLSServerCertSubject= Option: TLSCertFile Full pathname of a file containing the agent certificate or certificate chain. Mandatory: no Default: TLSCertFile= Option: TLSKeyFile Full pathname of a file containing the agent private key. Mandatory: no Default: TLSKeyFile= Option: TLSPSKIdentity Unique, case sensitive string used to identify the pre-shared key. Mandatory: no Default: 16
TLSPSKIdentity= Zabbix 自动化入门到实战 作者 : 罗辉 Option: TLSPSKFile Full pathname of a file containing the pre-shared key. Mandatory: no Default: TLSPSKFile= 七 执行批量操作 : salt 'zabbix_client' state.highstate -v 返回成功标志 : 八 登录客户端查看 : 17
查看配置文件 : Zabbix 自动化入门到实战 作者 : 罗辉 九 打开 web 界面添加 192.168.63.184 这台 web 服务器 : 添加一个简单的 linux os 模板出图 : 到此, 用 saltstack 自动化部署 zabbix_client 已经完成, 有了 salt 我们在可以帮我们在部署 zabbix 客 户端时候省去很多麻烦, 后期有同学用 ansible 的, 可以单独咨询 谢谢 更多课程信息, 请关注龙果学院官方网站 http://www.roncoo.com/ 或关注龙果微信公众号 RonCoo_com 18