Puppet模块(六):zabbix模块及server资源
作用:Zabbix是一款强大的自动化监控软件,通过puppet自动部署zabbix客户端。1、服务端配置zabbix模块
(1)模块清单
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# tree /etc/puppet/modules/zabbix/
/etc/puppet/modules/zabbix/
├── files
│ ├── discovertcpport.sh
│ └── zabbix-2.2.5.tar.gz
├── manifests
│ ├── config.pp
│ ├── init.pp
│ ├── install.pp
│ ├── params.pp
│ └── service.pp
└── templates
├── zabbix_agentd_conf.erb
└── zabbix_install_sh.erb
(2)定义参数类
1
2
3
4
5
# vi /etc/puppet/modules/zabbix/manifests/params.pp
class zabbix::params {
$zabbixserver = "zabbix.ewin.com" #zabbix服务器名
$zabbixversion = 'zabbix-2.2.5' #zabbix版本
}
(3)定义安装类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# vi /etc/puppet/modules/zabbix/manifests/install.pp
class zabbix::install {
include zabbix::install::files, zabbix::install::sh
}
#文件子类
class zabbix::install::files {
#创建软件存放目录
file { "/home/zabbix":
ensure => directory,
}
#复制源码包
file { "zabbix-agent":
name => "/home/zabbix/${zabbix::params::zabbixversion}.tar.gz",
ensure=> file,
owner => 'root',
group => 'root',
source=> "puppet:///modules/zabbix/${zabbix::params::zabbixversion}.tar.gz",
require => File["/home/zabbix"],
}
#复制安装脚本,必须是unix格式
file { "zabbix-install":
name => "/home/zabbix/zabbix_install.sh",
ensure=> file,
owner => 'root',
group => 'root',
mode => '0755',
content => template("zabbix/zabbix_install_sh.erb"),
require => File["/home/zabbix"],
}
}
#脚本子类
class zabbix::install::sh {
#安装依赖软件包
package { ["gcc","curl"]:#,"curl-devel","net-snmp","net-snmp-devel","perl-DBI"
ensure => installed,
before => Exec["/bin/bash zabbix_install.sh"],
}
#执行安装脚本
exec { "/bin/bash zabbix_install.sh":
cwd => "/home/zabbix",
creates => "/etc/init.d/zabbix_agentd", #脚本执行成功后会生成这个文件,当文件存在了就不再执行此资源
require => Class["zabbix::install::files"],
}
}
说明:使用安装脚本可以简化很多代码,简省puppet资源,也可以使用exec来执行tar、configure、make等命令来进行部署。
(4)定义配置类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# vi /etc/puppet/modules/zabbix/manifests/config.pp
class zabbix::config {
include zabbix::config::files, zabbix::config::iptables
}
#配置文件子类
class zabbix::config::files {
file { "/usr/local/zabbix_agent/etc/zabbix_agentd.conf":
ensure=> present,
owner => 'root',
group => 'root',
mode => '0600',
content => template("zabbix/zabbix_agentd_conf.erb"),
require => Class["zabbix::install"],
notify=> Class["zabbix::service"],
}
file { "/usr/local/zabbix_agent/sbin/discovertcpport.sh":
ensure=> present,
owner => 'root',
group => 'root',
mode => '0755',
source=> "puppet:///modules/zabbix/discovertcpport.sh",
require => Class["zabbix::install"],
}
#指定日志属主,否则进程启动时报错cannot open : Permission denied
file { "/var/log/zabbix_agentd.log":
ensure=> present,
owner => 'zabbix',
group => 'zabbix',
require => Class["zabbix::install"],
}
}
#防火墙设置子类
class zabbix::config::iptables {
service { "iptables":
ensure => running,
enable => true,
hasstatus=> true,
hasrestart => true,
}
exec { 'iptables -I INPUT -p tcp --dport 10050:10051 -j ACCEPT':
unless=> 'grep "tcp --dport 10050:10051" /etc/sysconfig/iptables 2>/dev/null',
require => Service["iptables"],
notify=> Exec["service iptables save"],
}
exec { 'iptables -I INPUT -p udp --dport 10050:10051 -j ACCEPT':
unless=> 'grep "udp --dport 10050:10051" /etc/sysconfig/iptables 2>/dev/null',
require => Service["iptables"],
notify=> Exec["service iptables save"],
}
exec { 'service iptables save':
refreshonly => true,
}
}
说明:这里的防火墙规则配置可以应用到很多地方,首先要保证iptables服务启动,否则规则保存不进文件,然后添加临时规则,通知iptables服务保存,unless和refreshonly保证了Exec资源只执行一次就完成任务。
(5)定义配置文件模板
1
2
3
4
5
6
7
8
# vi /etc/puppet/modules/zabbix/template/zabbix_agentd_conf.erb
### puppet config ###
LogFile=/var/log/zabbix_agentd.log
Server=<%= scope.lookupvar('zabbix::params::zabbixserver') %> #参数类中定义的服务器名称
Hostname=<%= fqdn %> #使用facter fqdn获取客户端的计算机全名
UnsafeUserParameters=1
EnableRemoteCommands=1
UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh "$1"
说明:关于zabbix的配置就不详述了,可以看我关于zabbix的相关博文。
(6)定义安装文件模板
1
2
3
4
5
6
7
8
9
10
11
# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb
#!/bin/bash
cd /home/zabbix
useradd zabbix -s /sbin/nologin
tar zvxf <%= scope.lookupvar('zabbix::params::zabbixversion') %>.tar.gz
cd <%= scope.lookupvar('zabbix::params::zabbixversion') %>
./configure --prefix=/usr/local/zabbix_agent --enable-agent
make install
cp /usr/local/zabbix_agent/sbin/zabbix_agentd /etc/init.d/
chmod +x /etc/init.d/zabbix_agentd
fi
说明:通过参数定义软件版本和服务器地址,模板文件就不用因为这两个值的不同再修改了。
注意:windows下编辑的文件格式是doc,在linux下无法执行(.sh文件),要转换成unix格式。
在linux下转换文件格式方法:
1
2
3
4
# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb
:set ff? #显示fileforma=dos就是windows格式
:set fileformat=unix#转换成unix格式
:wq! #保存退出
在windows下转换文件格式方法(推荐):
UltraEdit编辑器:文件File-->转换Conversions-->DOS转UNIX
(7)定义服务类
1
2
3
4
5
6
7
8
9
# vi /etc/puppet/modules/zabbix/manifests/service.pp
class zabbix::service {
service { "zabbix_agentd":
ensure => running,
start => "/etc/init.d/zabbix_agentd start",
stop => "ps ax|grep zabbix_agentd|grep -v grep |awk '{print $1}'|xargs kill -9", #$1前要加个进行转义,否则被认为是puppet变量而无效
require => Class["zabbix::config"],
}
}
说明:客户端zabbix_agentd服务的service restart|stop|status没有反应,因此自定义启动和关闭命令来实现重启效果。
(8)定义zabbix主类
1
2
3
4
5
6
# vi /etc/puppet/modules/zabbix/manifests/init.pp
class zabbix {
Exec { path => "/usr/bin:/bin:/usr/sbin:/sbin" }
include zabbix::params
include zabbix::install, zabbix::config, zabbix::service
}
(9)定义节点文件,调用模块
1
2
3
4
# vi /etc/puppet/manifests/centostest.pp
node "centostest.ewin.com" {
include ntp, yum, puppet, host, ssh, zabbix
}
(10)应用节点文件
1
2
# vi /etc/puppet/manifests/site.pp
import "centostest.pp"
(11)下载zabbix源码包
官方下载地地址:http://www.zabbix.com/download.php
下载Zabbix Sources中的源码包,目前是2.4.2和2.2.7版本
我的zabbix服务器安装的2.2.5版本
1
2
# cd /etc/puppet/modules/zabbix/files/
# wget http://jaist.dl.sourceforge.net/ ... zabbix-2.2.5.tar.gz
(12)编写自动监控"监听端口"脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# vi /etc/puppet/modules/zabbix/files/discovertcpport.sh
#!/bin/bash
portarray=(`netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^*$/) print $NF}'|sort |uniq2>/dev/null`)
length=${#portarray[@]}
printf "{"
printf' '"\"data\":["
for ((i=0;i<$length;i++))
do
printf ' {'
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"};"
if [ $i -lt $[$length-1] ];then
printf ','
fi
done
printf" ]"
printf "}"
说明:这是给zabbix用来监控客户端正在监听的端口用的脚本,详见我的zabbix相关博文。
注意:.sh脚本文件,格式必须是unix格式才能执行,按第(5)节中的方法修改。
2、测试
(1)客户端执行puppet agent -t同时查看日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# tailf /var/log/messages
Nov 13 11:45:40 centostest puppet-agent: (/Stage/Zabbix::Install::Files/File/ensure) created
Nov 13 11:45:40 centostest puppet-agent: (/Stage/Zabbix::Install::Files/File/ensure) defined content as '{md5}dd528a657456fdf527df0fc341f437d0'
Nov 13 11:45:44 centostest puppet-agent: (/Stage/Zabbix::Install::Files/File/ensure) defined content as '{md5}e7b74a0208743f743585d9cc1d46eccf'
#以上显示安装脚本和配置文件复制成功
Nov 13 11:45:45 centostest kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Nov 13 11:45:45 centostest puppet-agent: (/Stage/Zabbix::Config::Iptables/Service/ensure) ensure changed 'stopped' to 'running'
Nov 13 11:45:45 centostest puppet-agent: (/Stage/Zabbix::Config::Iptables/Exec/returns) executed successfully
Nov 13 11:45:45 centostest puppet-agent: (/Stage/Zabbix::Config::Iptables/Exec/returns) executed successfully
Nov 13 11:45:46 centostest puppet-agent: (/Stage/Zabbix::Config::Iptables/Exec) Triggered 'refresh' from 2 events
#以上显示防火墙由关闭转为启动,添加两条规则,触发了save两次
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) useradd: user 'zabbix' already exists
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/Makefile.in
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/Makefile.in
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/snmptrap/
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/snmptrap/zabbix_trap_receiver.pl
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/snmptrap/snmptrap.sh
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/images/
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/images/README
Nov 13 11:46:19 centostest puppet-agent: (/Stage/Zabbix::Install::Sh/Exec/returns) zabbix-2.2.5/misc/images/png_to_xml.sh
#运行安装脚本,zabbix源码包解压缩,接近200行的样子,这里省略
#脚本中的其他命令不在日志中显示
Nov 13 11:46:19 centostest rsyslogd-2177: imuxsock begins to drop messages from pid 33875 due to rate-limiting
Nov 13 11:46:38 centostest puppet-agent: Finished catalog run in 2.76 seconds
(2)查看安装文件是否复制到位
1
2
3
4
5
# ll /home/zabbix/
总用量 14620
drwxrwxr-x. 13 1000 1000 4096 11月 13 11:46 zabbix-2.2.5
-rw-r--r--.1 root root 14960556 11月 13 11:45 zabbix-2.2.5.tar.gz
-rwxr-xr-x.1 root root 276 11月 13 11:45 zabbix_install.sh
(3)查看启动进程是否复制到位
1
2
# ll /etc/init.d/zabbix_agentd
-rwxr-xr-x. 1 root root 862771 11月 12 16:36 /etc/init.d/zabbix_agentd
(4)查看配置文件内容
1
2
3
4
5
6
7
8
# cat /usr/local/zabbix_agent/etc/zabbix_agentd.conf
### puppet config ###
LogFile=/var/log/zabbix_agentd.log
Server=zabbix.ewin.com
Hostname=centostest.ewin.com
UnsafeUserParameters=1
EnableRemoteCommands=1
UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh "$1"
(5)查看防火墙状态
1
2
3
4
5
6
7
8
9
10
11
# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
numtarget prot opt source destination
1 ACCEPT udp--0.0.0.0/0 0.0.0.0/0 udp dpts:10050:10051
2 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpts:10050:10051
3 ACCEPT all--0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp --0.0.0.0/0 0.0.0.0/0
5 ACCEPT all--0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
7 REJECT all--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
结论:成功启动防火墙并添加了两条规则
3、测试服务重启
(1)查看进程是否启动,以及进程的PID(1)
1
2
3
4
5
6
# ps aux|grep zabbix
zabbix 452520.00.017592 716 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: collector
zabbix 452530.00.017592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #1
zabbix 452540.00.017592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #2
zabbix 452550.00.017592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #3
root 472010.00.0 103256 848 pts/2 S+ 09:22 0:00 grep zabbix
(2)修改配置文件模板
在zabbix_agentd_conf.erb中加入一行
1
#test service restart
(3)客户端执行puppet agent -t同时查看日志
1
2
3
# tailf /var/log/messages
Nov 13 09:33:28 centostest puppet-agent: (/Stage/Zabbix::Config/File/content) content changed '{md5}7f16ab238a0febff5d3330a4b4b341c4' to '{md5}d2b43f63f0c101966d8ea32356e0fcdc'
Nov 13 09:33:28 centostest puppet-agent: (/Stage/Zabbix::Service/Service) Triggered 'refresh' from 1 events
(4)再次查看启动进程的PID
1
2
3
4
5
6
# ps aux|grep zabbixroot 30160.00.0 103256 840 pts/2 S+ 09:36 0:00 grep zabbix
zabbix 631900.00.017592 748 ? S 09:33 0:00 /etc/init.d/zabbix_agentd start
zabbix 631910.00.017592 728 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: collector
zabbix 631920.00.017592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #1
zabbix 631930.00.017592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #2
zabbix 631940.00.017592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #3
结论:可以看到进程PID改变了,配置文件的更新成功触发服务重启,使用了自定义的start和stop命令来完成重启过程。
总结:成功部署了Zabbix agent端,能通过puppet管理配置文件,自动重启zabbix进程,
之后就是在zabbix服务器上添加对centostest的监控了,这里不详述,经测试监控成功。
4、service服务资源
#默认采用/etc/init.d/下的脚本进行服务管理,自定义的脚本需要加入该目录并在脚本中定义chkconfig
1
2
3
4
5
6
7
8
service { 'nginx': #标题等于name参数,服务名
ensure => running,#确保服务运行
enable => true, #开机启动服务
hasrestart => true, #是否支持service nginx restart命令,重启
hasstatus=> true, #是否支持service nginx status命令,查看状态,当服务未启动,会执行重启
subscribe=> File["nginx.conf"], #当nginx.conf有变更时,执行此服务资源(重启)
restart => "/etc/init.d/nginx reload", #指定重启命令,只需重新加载配置文件即可
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
binary => , #守护进程的路径
enable => true|false, #设置开机自动启动
ensure => true|false|running, #服务的状态,运行|停止|运行
hasstatus => true|false, #是否支持status
hasrestart => true|false, #是否支持restart,不支持就用stop/start实现
name => 'sshd', #服务名称
path => "/etc/init.d", #指定查找init脚本的路径
pattern => , #设置搜索进程的匹配字符串,用来确认服务进程的状态或重启
restart => "/etc/init.d/nginx reload", #重启命令,可指定
start => "/etc/init.d/nginx start", #启动命令,可指定
status => "/etc/init.d/nginx status",#状态命令,可指定
stop => "/etc/init.d/nginx stop", #停止命令,可指定
}
页:
[1]