3182235786a
作用:Zabbix是一款强大的自动化监控软件,通过puppet自动部署zabbix客户端1、服务端配置zabbix模块(1)模块清单1234567891011121314[root@puppet ~]# tree /etc/puppet/modules/zabbix/。
/etc/puppet/modules/zabbix/├── files│ ├── discovertcpport.sh│ └── zabbix-2.2.5.tar.gz├── manifests
│ ├── config.pp│ ├── init.pp│ ├── install.pp│ ├── params.pp│ └── service.pp└── templates ├── zabbix_agentd_conf.erb
└── zabbix_install_sh.erb(2)定义参数类12345[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/params.pp
class zabbix::params { $zabbixserver = “zabbix.ewin.com” #zabbix服务器名 $zabbixversion = zabbix-2.2.5 #zabbix版本
}(3)定义安装类1234567891011121314151617181920212223242526272829303132333435363738394041424344[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/install.pp
class zabbix::install { include zabbix::install::files, zabbix::install::sh}#文件子类class zabbix::install::files {
#创建软件存放目录 file { “/home/zabbix”: ensure => directory, } #复制源码包 file { “zabbix-agent”: name => “/home/zabbix/${zabbix::params::zabbixversion}.tar.gz”,
ensure => file, owner => root, group => root, source => “puppet:///modules/zabbix/${zabbix::params::zabbixversion}.tar.gz”,
require => File[“/home/zabbix”], } #复制安装脚本,必须是unix格式 file { “zabbix-install”: name => “/home/zabbix/zabbix_install.sh”,
ensure => file, owner => root, group => root, mode => 0755, content => template(“zabbix/zabbix_install_sh.erb”),
require => File[“/home/zabbix”], }}#脚本子类class zabbix::install::sh { #安装依赖软件包 package { [“gcc”,”curl”]:#,”curl-devel”,”net-snmp”,”net-snmp-devel”,”perl-DBI”
ensure => installed, before => Exec[“/bin/bash zabbix_install.sh”], } #执行安装脚本 exec { “/bin/bash zabbix_install.sh”:
cwd => “/home/zabbix”, creates => “/etc/init.d/zabbix_agentd”, #脚本执行成功后会生成这个文件,当文件存在了就不再执行此资源
require => Class[“zabbix::install::files”], }}说明:使用安装脚本可以简化很多代码,简省puppet资源,也可以使用exec来执行tar、configure、make等命令来进行部署。
(4)定义配置类123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
5253[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/config.ppclass zabbix::config { include zabbix::config::files, zabbix::config::iptables
}#配置文件子类class zabbix::config::files { file { “/usr/local/zabbix_agent/etc/zabbix_agentd.conf”: ensure => present,
owner => root, group => root, mode => 0600, content => template(“zabbix/zabbix_agentd_conf.erb”),
require => Class[“zabbix::install”], notify => Class[“zabbix::service”], } file { “/usr/local/zabbix_agent/sbin/discovertcpport.sh”:
ensure => present, owner => root, group => root, mode => 0755, source => “puppet:///modules/zabbix/discovertcpport.sh”,
require => Class[“zabbix::install”], } #指定日志属主,否则进程启动时报错cannot open [/var/log/zabbix_agentd.log]: [13] Permission denied
file { “/var/log/zabbix_agentd.log”: ensure => present, owner => zabbix, group => zabbix,
require => Class[“zabbix::install”], }}#防火墙设置子类class zabbix::config::iptables { service { “iptables”:
ensure => running, enable => true, hasstatus => true, hasrestart => true, } exec { iptables -I INPUT -p tcp –dport 10050:10051 -j ACCEPT:
unless => grep “tcp –dport 10050:10051” /etc/sysconfig/iptables 2>/dev/null, require => Service[“iptables”],
notify => Exec[“service iptables save”], } exec { iptables -I INPUT -p udp –dport 10050:10051 -j ACCEPT:
unless => grep “udp –dport 10050:10051” /etc/sysconfig/iptables 2>/dev/null, require => Service[“iptables”],
notify => Exec[“service iptables save”], } exec { service iptables save: refreshonly => true,
}}说明:这里的防火墙规则配置可以应用到很多地方,首先要保证iptables服务启动,否则规则保存不进文件,然后添加临时规则,通知iptables服务保存,unless和refreshonly保证了Exec资源只执行一次就完成任务。
(5)定义配置文件模板12345678[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_agentd_conf.erb### puppet config ###
LogFile=/var/log/zabbix_agentd.logServer= #参数类中定义的服务器名称
Hostname= #使用facter fqdn获取客户端的计算机全名UnsafeUserParameters=1EnableRemoteCommands=1UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh “$1”
说明:关于zabbix的配置就不详述了,可以看我关于zabbix的相关博文(6)定义安装文件模板1234567891011[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb。
#!/bin/bashcd /home/zabbixuseradd zabbix -s /sbin/nologintar zvxf .tar.gz
cd ./configure –prefix=/usr/local/zabbix_agent –enable-agent
make installcp /usr/local/zabbix_agent/sbin/zabbix_agentd /etc/init.d/chmod +x /etc/init.d/zabbix_agentd
fi说明:通过参数定义软件版本和服务器地址,模板文件就不用因为这两个值的不同再修改了注意:windows下编辑的文件格式是doc,在linux下无法执行(.sh文件),要转换成unix格式在linux下转换文件格式方法:。
1234[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb:set ff? #显示fileforma=dos就是windows格式
:set fileformat=unix #转换成unix格式:wq! #保存退出在windows下转换文件格式方法(推荐):UltraEdit编辑器:文件File–>转换Conversions–>DOS转UNIX
(7)定义服务类123456789[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/service.ppclass zabbix::service {
service { “zabbix_agentd”: ensure => running, start => “/etc/init.d/zabbix_agentd start”, stop => “ps ax|grep zabbix_agentd|grep -v grep |awk {print \$1}|xargs kill -9”, #$1前要加个\进行转义,否则被认为是puppet变量而无效
require => Class[“zabbix::config”], }}说明:客户端zabbix_agentd服务的service restart|stop|status没有反应,因此自定义启动和关闭命令来实现重启效果。
(8)定义zabbix主类123456[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/init.ppclass zabbix { Exec { path => “/usr/bin:/bin:/usr/sbin:/sbin” }
include zabbix::params include zabbix::install, zabbix::config, zabbix::service}(9)定义节点文件,调用模块1234
[root@puppet ~]# vi /etc/puppet/manifests/centostest.ppnode “centostest.ewin.com” { include ntp, yum, puppet, host, ssh, zabbix
}(10)应用节点文件12[root@puppet ~]# vi /etc/puppet/manifests/site.ppimport “centostest.pp”(11)下载zabbix源码包官方下载地地址:http://www.zabbix.com/download.php
下载Zabbix Sources中的源码包,目前是2.4.2和2.2.7版本我的zabbix服务器安装的2.2.5版本12[root@puppet ~]# cd /etc/puppet/modules/zabbix/files/
[root@puppet files]# wget http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/2.2.5/zabbix-2.2.5.tar.gz
(12)编写自动监控”监听端口”脚本12345678910111213141516[root@puppet ~]# vi /etc/puppet/modules/zabbix/files/discovertcpport.sh
#!/bin/bashportarray=(`netstat -tnlp|egrep -i “$1″|awk {print $4}|awk -F: {if ($NF~/^[0-9]*$/) print $NF}|sort |uniq 2>/dev/null`)
length=${#portarray[@]}printf “{\n”printf \t”\”data\”:[“for ((i=0;i<$length;i++))do printf \n\t\t{
printf “\”{#TCP_PORT}\”:\”${portarray[$i]}\”};” if [ $i -lt $[$length-1] ];then printf ,
fidoneprintf “\n\t]\n”printf “}\n”说明:这是给zabbix用来监控客户端正在监听的端口用的脚本,详见我的zabbix相关博文注意:.sh脚本文件,格式必须是unix格式才能执行,按第(5)节中的方法修改。
2、测试(1)客户端执行puppet agent -t同时查看日志1234567891011121314151617181920212223242526[root@centostest ~]# tailf /var/log/messages
Nov 13 11:45:40 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[/home/zabbix]/ensure) created
Nov 13 11:45:40 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[zabbix-install]/ensure) defined content as {md5}dd528a657456fdf527df0fc341f437d0
Nov 13 11:45:44 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[zabbix-agent]/ensure) defined content as {md5}e7b74a0208743f743585d9cc1d46eccf
#以上显示安装脚本和配置文件复制成功Nov 13 11:45:45 centostest kernel: ip_tables: (C) 2000-2006 Netfilter Core TeamNov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Service[iptables]/ensure) ensure changed stopped to running
Nov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[iptables -I INPUT -p tcp –dport 10050:10051 -j ACCEPT]/returns) executed successfully
Nov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[iptables -I INPUT -p udp –dport 10050:10051 -j ACCEPT]/returns) executed successfully
Nov 13 11:45:46 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[service iptables save]) Triggered refresh from 2 events
#以上显示防火墙由关闭转为启动,添加两条规则,触发了save两次Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) useradd: user zabbix already exists
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/Makefile.in
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/Makefile.in
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/zabbix_trap_receiver.pl
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/snmptrap.sh
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/README
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/png_to_xml.sh
#运行安装脚本,zabbix源码包解压缩,接近200行的样子,这里省略#脚本中的其他命令不在日志中显示Nov 13 11:46:19 centostest rsyslogd-2177: imuxsock begins to drop messages from pid 33875 due to rate-limiting
Nov 13 11:46:38 centostest puppet-agent[43176]: Finished catalog run in 2.76 seconds(2)查看安装文件是否复制到位12
345[root@centostest ~]# ll /home/zabbix/总用量 14620drwxrwxr-x. 13 1000 1000 4096 11月 13 11:46 zabbix-2.2.5
-rw-r–r–. 1 root root 14960556 11月 13 11:45 zabbix-2.2.5.tar.gz-rwxr-xr-x. 1 root root 276 11月 13 11:45 zabbix_install.sh
(3)查看启动进程是否复制到位12[root@centostest ~]# ll /etc/init.d/zabbix_agentd-rwxr-xr-x. 1 root root 862771 11月 12 16:36 /etc/init.d/zabbix_agentd
(4)查看配置文件内容12345678[root@centostest ~]# cat /usr/local/zabbix_agent/etc/zabbix_agentd.conf### puppet config ###
LogFile=/var/log/zabbix_agentd.logServer=zabbix.ewin.comHostname=centostest.ewin.comUnsafeUserParameters=1
EnableRemoteCommands=1UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh “$1”
(5)查看防火墙状态1234567891011[root@centostest ~]# service iptables status表格:filterChain INPUT (policy ACCEPT)
num target prot opt source destination1 ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp dpts:10050:10051
2 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpts:10050:100513 ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp — 0.0.0.0/0 0.0.0.0/05 ACCEPT all — 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:227 REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
结论:成功启动防火墙并添加了两条规则3、测试服务重启(1)查看进程是否启动,以及进程的PID(1)123456[root@centostest ~]# ps aux|grep zabbixzabbix 45252 0.0 0.0 17592 716 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: collector [idle 1 sec]
zabbix 45253 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #1 [waiting for connection]
zabbix 45254 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #2 [waiting for connection]
zabbix 45255 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #3 [waiting for connection]
root 47201 0.0 0.0 103256 848 pts/2 S+ 09:22 0:00 grep zabbix(2)修改配置文件模板在zabbix_agentd_conf.erb中加入一行
1#test service restart(3)客户端执行puppet agent -t同时查看日志123[root@centostest ~]# tailf /var/log/messagesNov 13 09:33:28 centostest puppet-agent[62959]: (/Stage[main]/Zabbix::Config/File[/usr/local/zabbix_agent/etc/zabbix_agentd.conf]/content) content changed {md5}7f16ab238a0febff5d3330a4b4b341c4 to {md5}d2b43f63f0c101966d8ea32356e0fcdc
Nov 13 09:33:28 centostest puppet-agent[62959]: (/Stage[main]/Zabbix::Service/Service[zabbix_agentd]) Triggered refresh from 1 events
(4)再次查看启动进程的PID123456[root@centostest ~]# ps aux|grep zabbixroot 3016 0.0 0.0 103256 840 pts/2 S+ 09:36 0:00 grep zabbix
zabbix 63190 0.0 0.0 17592 748 ? S 09:33 0:00 /etc/init.d/zabbix_agentd startzabbix 63191 0.0 0.0 17592 728 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: collector [idle 1 sec]
zabbix 63192 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #1 [waiting for connection]
zabbix 63193 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #2 [waiting for connection]
zabbix 63194 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #3 [waiting for connection]
结论:可以看到进程PID改变了,配置文件的更新成功触发服务重启,使用了自定义的start和stop命令来完成重启过程总结:成功部署了Zabbix agent端,能通过puppet管理配置文件,自动重启zabbix进程,。
之后就是在zabbix服务器上添加对centostest的监控了,这里不详述,经测试监控成功4、service服务资源#默认采用/etc/init.d/下的脚本进行服务管理,自定义的脚本需要加入该目录并在脚本中定义chkconfig。
12345678service { nginx: #标题等于name参数,服务名 ensure => running,#确保服务运行 enable => true, #开机启动服务
hasrestart => true, #是否支持service nginx restart命令,重启 hasstatus => true, #是否支持service nginx status命令,查看状态,当服务未启动,会执行重启
subscribe => File[“nginx.conf”], #当nginx.conf有变更时,执行此服务资源(重启) restart => “/etc/init.d/nginx reload”, #指定重启命令,只需重新加载配置文件即可
}1234567891011121314{ binary => , #守护进程的路径 enable => true|false, #设置开机自动启动
ensure => true|false|running, #服务的状态,运行|停止|运行 hasstatus => true|false, #是否支持status hasrestart => true|false, #是否支持restart,不支持就用stop/start实现
name => sshd, #服务名称 path => “/etc/init.d”, #指定查找init脚本的路径 pattern => , #设置搜索进程的匹配字符串,用来确认服务进程的状态或重启
restart => “/etc/init.d/nginx reload”, #重启命令,可指定 start => “/etc/init.d/nginx start”, #启动命令,可指定 status => “/etc/init.d/nginx status”, #状态命令,可指定
stop => “/etc/init.d/nginx stop”, #停止命令,可指定}
