拓扑
环境说明
1 2 3 4 5 6 7 Centos7.9 root密码皆为1 10.163.2.100 master 10.163.2.138 zabbix-server 10.163.2.139 zabbix-agent 10.163.2.140 zabbix-agent2 salt 3006LTS zabbix 5
参考步骤:Zabbix5.0安装与部署 · Akemi
环境准备 1 2 3 4 5 6 7 8 9 10 11 12 13 14 echo "10.163.2.138 zabbix-server 10.163.2.139 zabbix-agent 10.163.2.140 zabbix-agent2 10.163.2.141 zabbix-db 10.163.2.142 zabbix-web" >> /etc/hostsyum -y install sshpass ssh-keygen -N '' -f ~/.ssh/id_rsa for i in {zabbix-server,zabbix-agent,zabbix-agent2,zabbix-db,zabbix-web}do ssh $i 'curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo && yum makecache && yum -y install sshpass' done
脚本部署salt-minion
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 vim salt-minion-centos.sh sshpass -p1 ssh-copy-id $1 -f ssh $1 "hostnamectl set-hostname $1 " ssh $1 'export http_proxy="http://192.168.10.238:7897" && export http_proxy="https://192.168.10.238:7897" && curl -fsSL https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.repo | sudo tee /etc/yum.repos.d/salt.repo' ssh $1 "yum -y install salt-minion" ssh $1 "systemctl enable salt-minion --now" ssh $1 "echo '10.163.2.100 salt' >> /etc/hosts" ssh $1 "systemctl restart salt-minion" 直接改解析,这样就不需要改minion配置文件了 chmod +x salt-minion-centos.sh./salt-minion-centos.sh zabbix-server ./salt-minion-centos.sh zabbix-agent ./salt-minion-centos.sh zabbix-agent2 ./salt-minion-centos.sh zabbix-db ./salt-minion-centos.sh zabbix-web salt-key -L ... salt-key -A
Salt分组件部署zabbix-server 准备变量与软件源 定义zabbix pillar变量 1 2 3 4 5 6 7 8 9 10 11 12 vim /srv/pillar/zabbix.sls zabbix_db_ip: 10.163.2.141 zabbix_db_name: zabbix zabbix_db_user: zabbix zabbix_db_password: zabbix zabbix_server_ip: 10.163.2.138 zabbix_web_ip: 10.163.2.142 vim /srv/pillar/top.sls base: 'zabbix-*' : - zabbix
准备zabbix的软件源 在prod环境下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 mkdir -p /srv/salt/prod/files/cat > /srv/salt/prod/files/Centos7-SCLo.repo<<'EOF' [centos-sclo-rh] name=CentOS-7 - SCLo rh baseurl=http://mirrors.aliyun.com/centos/7/sclo/$basearch /rh/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo [centos-sclo-rh-testing] name=CentOS-7 - SCLo rh Testing baseurl=http://mirrors.aliyun.com/centos/7/sclo/$basearch /rh/ gpgcheck=0 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo [centos-sclo-rh-source] name=CentOS-7 - SCLo rh Sources baseurl=http://vault.centos.org/centos/7/sclo/Source/rh/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo [centos-sclo-rh-debuginfo] name=CentOS-7 - SCLo rh Debuginfo baseurl=http://debuginfo.centos.org/centos/7/sclo/$basearch / gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo EOF
准备zabbix-server配置文件jinja模板 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 cat > /srv/salt/prod/files/zabbix_server.conf.j2 <<EOF LogFile=/var/log/zabbix/zabbix_server.log LogFileSize=0 PidFile=/var/run/zabbix/zabbix_server.pid SocketDir=/var/run/zabbix DBHost={{ pillar.zabbix_db_ip }} DBName={{ pillar.zabbix_db_name }} DBUser={{ pillar.zabbix_db_user }} DBPassword={{ pillar.zabbix_db_password }} SNMPTrapperFile=/var/log/snmptrap/snmptrap.log Timeout=4 AlertScriptsPath=/usr/lib/zabbix/alertscripts ExternalScripts=/usr/lib/zabbix/externalscripts LogSlowQueries=3000 StatsAllowedIP=127.0.0.1 EOF
准备zabbix-web配置文件jinja模板 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 cat > /srv/salt/prod/files/zabbix_nginx.conf.j2 <<EOF server { listen 80; server_name {{ pillar.zabbix_web_ip }}; root /usr/share/zabbix; index index.php; location = /favicon.ico { log_not_found off; } location / { try_files $uri $uri/ =404; } location /assets { access_log off; expires 10d; } location ~ /\.ht { deny all; } location ~ /(api\/|conf[^\.]|include|locale|vendor) { deny all; return 404; } location ~ [^/]\.php(/|$) { fastcgi_pass unix:/var/opt/rh/rh-php72/run/php-fpm/zabbix.sock; # fastcgi_pass unix:/var/opt/rh/rh-php73/run/php-fpm/zabbix.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; include fastcgi_params; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } } EOF cat > /srv/salt/prod/files/zabbix_php.conf.j2 <<EOF [zabbix] user = apache group = apache listen = /var/opt/rh/rh-php72/run/php-fpm/zabbix.sock listen.acl_users = apache,nginx listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 pm.max_requests = 200 php_value[session.save_handler] = files php_value[session.save_path] = /var/opt/rh/rh-php72/lib/php/session/ php_value[max_execution_time] = 300 php_value[memory_limit] = 128M php_value[post_max_size] = 16M php_value[upload_max_filesize] = 2M php_value[max_input_time] = 300 php_value[max_input_vars] = 10000 ; php_value[date.timezone] = Europe/Riga EOF cat > /srv/salt/prod/files/zabbix_nginx.conf <<'EOF' user nginx; worker_processes auto; error_log /var/opt/rh/rh-nginx116/log/nginx/error.log; pid /var/opt/rh/rh-nginx116/run/nginx/nginx.pid; include /opt/rh/rh-nginx116/root/usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' ; access_log /var/opt/rh/rh-nginx116/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/opt/rh/rh-nginx116/nginx/mime.types; default_type application/octet-stream; include /etc/opt/rh/rh-nginx116/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/zabbix; include /etc/opt/rh/rh-nginx116/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } EOF
区分组件写sls文件 基础部署sls文件 写完之后可以先测试一下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 基础部署文件 /srv/salt/prod/zabbix-basic.sls disable selinux: cmd.run: - name: setenforce 0 disable firewalld: service.dead: - name: firewalld - enable : no add repo: file.managed: - name: /etc/yum.repos.d/Centos7-SCLo.repo - source : salt://files/Centos7-SCLo.repo setup repo: cmd.run: - name: rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm - unless: rpm -q zabbix-release enable repo: file.replace: - name: /etc/yum.repos.d/zabbix.repo - pattern: '^enabled=0' - repl: 'enabled=1'
db部署—写sls文件 因为我们用的是centos7.9,不支持mysql的模块,所以直接用shell来执行了,如果用cmd.run,没法保证幂等性
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 /srv/salt/prod/zabbix-db.sls install pkgs: pkg.installed: - pkgs: - zabbix-server-mysql - mariadb-server - MySQL-python start mariadb: service.running: - name: mariadb - enable : yes create db for zabbix: mysql_database.present: - name: {{ pillar.zabbix_db_name }} - character_set: utf8 - collate: utf8_bin create local user: mysql_user.present: - name: {{ pillar.zabbix_db_user }} - host: 'localhost' - password: {{ pillar.zabbix_db_password }} create remote user: mysql_user.present: - name: {{ pillar.zabbix_db_user }} - host: '%' - password: {{ pillar.zabbix_db_password }} priviileges for local user: mysql_grants.present: - name: {{ pillar.zabbix_db_name }} - user: {{ pillar.zabbix_db_user }} - database: {{ pillar.zabbix_db_name }}.* - grant: all privileges priviileges for remote user: mysql_grants.present: - name: {{ pillar.zabbix_db_name }} - user: {{ pillar.zabbix_db_user }} - database: {{ pillar.zabbix_db_name }}.* - grant: all privileges - host: '%' import db: cmd.run: - name: 'zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -u{{ pillar.zabbix_db_name }} -p{{ pillar.zabbix_db_password }} {{ pillar.zabbix_db_name }}' - onchanges: - mysql_database: create db for zabbix
db部署—shell部署 我这里用了新的Mariadb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 cat > /etc/yum.repos.d/MariaDB.repo <<EOF [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.6/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF yum -y install zabbix-server-mysql MySQL-python MariaDB-server MariaDB-client systemctl enable mariadb.service --now mariadb-secure-installation mysql -uroot -e "CREATE DATABASE zabbix CHARACTER SET utf8 COLLATE utf8_general_ci;" mysql -uroot -e "grant all privileges on zabbix.* to 'zabbix'@'%' identified by 'zabbix';" mysql -uroot -e "SET GLOBAL innodb_large_prefix=ON; SET GLOBAL innodb_file_format=Barracuda;" zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix
部署zabbix-server—写sls文件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 install pkgs: pkg.installed: - pkgs: - zabbix-agent - zabbix-server-mysql set zabbix cfg: file.managed: - source : salt://files/zabbix_server.conf.j2 - name: /etc/zabbix/zabbix_server.conf - mode: 644 - tempalte: jinja start zabbix-server: service.running: - name: zabbix-server - enable : yes
部署zabbix-web—写sls文件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 install pkgs: pkg.installed: - pkgs: - zabbix-web-mysql-scl - zabbix-nginx-conf-scl set zabbix-nginx cfg: file.managed: - source : salt://files/zabbix_nginx.conf.j2 - name: /etc/opt/rh/rh-nginx116/nginx/conf.d/zabbix.conf - mode: 644 - template: jinja set zabbix-nginx cfg2: file.managed: - source : salt://files/zabbix_nginx.conf - name: /etc/opt/rh/rh-nginx116/nginx/nginx.conf set php cfg: file.managed: - source : salt://files/zabbix_php.conf.j2 - name: /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf - mode: 644 - template: jinja start nginx service: service.running: - name: rh-nginx116-nginx - enable : yes start php service: service.running: - name: rh-php72-php-fpm - enable : yes
Salt部署zabbix-agent 准备配置文件 1 2 3 4 5 6 7 8 9 cat > /srv/salt/prod/files/zabbix_agent2.conf.j2 <<EOF PidFile=/var/run/zabbix/zabbix_agent2.pid LogFile=/var/log/zabbix/zabbix_agent2.log LogFileSize=0 Server={{ pillar.zabbix_server_ip }} ServerActive={{ pillar.zabbix_server_ip }} Include=/etc/zabbix/zabbix_agent2.d/*.conf ControlSocket=/tmp/agent.sock EOF
写sls状态文件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 vim /srv/salt/prod/zabbix-agent.sls install agent: pkg.installed: - name: zabbix-agent2 set zabbix conf: file.managed: - source : salt://files/zabbix_agent2.conf.j2 - name: /etc/zabbix/zabbix_agent2.conf - mode: 644 - template: jinja start agent: service.running: - name: zabbix-agent2 - enable : yes
调整高级状态文件top.sls与应用 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 cat /srv/salt/base/top.sls... prod: "zabbix*" : - zabbix-basic "zabbix-server" : - zabbix-server "zabbix-web" : - zabbix-web "zabbix-agent*" : - zabbix-agent tree . ├── base │ ├── example.sls │ ├── test.sls │ └── top.sls ├── dev │ ├── apache2.sls │ ├── dhcp.sls │ └── httpd.sls └── prod ├── files │ ├── Centos7-SCLo.repo │ ├── zabbix_agent2.conf.j2 │ ├── zabbix_nginx.conf │ ├── zabbix_nginx.conf.j2 │ ├── zabbix_php.conf.j2 │ └── zabbix_server.conf.j2 ├── web.sls ├── zabbix-agent.sls ├── zabbix-basic.sls ├── zabbix-db.sls ├── zabbix-server.sls └── zabbix-web.sls salt 'zabbix*' state.apply
