1、 ansible 常用指令總結,並附有相關示例。
Ansible 是一種強大的自動化工具,可以用來管理遠端主機的配置和部署。
ansible:
格式:
ansible <host-pattern> [-m module_name] [-a args]
選項說明:
--version #顯示版本
-m module #指定模組,預設為command
-v #詳細過程 -vv -vvv更詳細
--list-hosts #顯示主機列表,可簡寫 --list
-C, --check #檢查,並不執行
-T, --timeout=TIMEOUT #執行命令的超時時間,預設10s
-k, --ask-pass #提示輸入ssh連線密碼,預設Key驗證
-u, --user=REMOTE_USER #執行遠端執行的使用者,預設root
-b, --become #代替舊版的sudo實現透過sudo機制實現提升許可權
--become-user=USERNAME #指定sudo的runas使用者,預設為root
-K, --ask-become-pass #提示輸入sudo時的口令
-f FORKS, --forks FORKS #指定併發同時執行ansible任務的主機數
-i INVENTORY, --inventory INVENTORY #指定主機清單檔案
列如:向所有主機傳送 ping 指令,以確認它們是否可達。
[09:33:52 root@ansible ~]#ansible -m ping all
10.0.0.34 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
10.0.0.18 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
ansible-playbook:
用於執行 Ansible Playbooks,Playbooks 是包含一系列任務的 YAML 檔案,用於配置和部署主機。
ansible-playbook site.yml
ansible-doc:
用於檢視 Ansible 模組的文件
ansible-doc command
ansible-vault:
用於加密和解密敏感資料,如密碼和金鑰。
ansible-vault create secrets.yml
ansible-galaxy:
用於管理 Ansible 角色。
ansible-galaxy install username.role_name #安裝名為 username.role_name 的角色
ansible-config:
用於檢視和設定 Ansible 的配置選項
ansible-config view
ansible-lint:
用於檢查 Ansible Playbooks 的語法和最佳實踐
ansible-lint playbook.yml
ansible-pull:
用於在受控節點上從版本控制庫中拉取配置並應用。
ansible-pull -U https://github.com/your_username/your_repository.git
2、總結ansible playbook目錄結構及檔案用途。
Ansible Playbook的目錄結構通常是按照專案的需要進行組織的,但是通常包含以下一些標準的檔案和目錄:
playbooks/: 這是存放Ansible Playbooks的主目錄,通常包含一個或多個YAML檔案,每個檔案對應一個Playbook,用於定義任務和配置。
inventory/: 存放主機清單檔案,這些清單檔案列出了Ansible要管理的所有主機及其分組資訊。可以是INI格式或者YAML格式。
roles/: 這個目錄存放著Ansible角色,角色是對任務和配置的邏輯組織,可以在多個Playbook中重複使用。每個角色通常包含tasks、handlers、vars、defaults、files、templates等目錄,用於存放任務、處理程式、變數、預設值、檔案和模板等內容。
group_vars/: 這個目錄存放著針對不同主機組的變數檔案,以YAML格式儲存。這些變數可以在Playbook中被引用,用於根據不同的主機組執行不同的任務或配置。
host_vars/: 類似於group_vars,但是是針對單個主機的變數檔案存放目錄。
filter_plugins/: 存放自定義的Ansible過濾器外掛,這些外掛可以在Playbook中被引用,用於對資料進行轉換或過濾。
library/: 存放自定義的Ansible模組,這些模組可以在Playbook中被引用,用於執行特定的操作或任務。
files/: 存放需要複製到目標主機上的檔案。
templates/: 存放用於生成配置檔案的模板檔案,模板檔案通常使用Jinja2語法。
vars/: 存放全域性變數檔案,這些變數可以在Playbook中被引用,用於儲存通用的配置資訊。
3、使用ansible playbook實現一個mysql角色。
###mysql角色的目錄結構
[14:58:13 root@ansible ansible]#tree
.
├── ansible.cfg
├── hosts
├── role_httpd.yml
├── role_mysql.yml
├── role_nginx.yml
└── roles
├── httpd
│ ├── files
│ │ ├── httpd.conf
│ │ └── index.html
│ ├── handlers
│ │ └── main.yml
│ └── tasks
│ ├── config.yml
│ ├── group.yml
│ ├── index.yml
│ ├── install.yml
│ ├── main.yml
│ ├── service.yml
│ └── user.yml
├── mysql
│ ├── files
│ │ └── mysql-8.0.27-linux-glibc2.12-x86_64.tar.xz
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ └── my.cnf.j2
└── nginx
├── handers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── index.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ └── nginx.conf.j2
└── vars
└── main.yml
###定義主機及變數
[webapp]
10.0.0.18
[webapp:vars]
db_group=mysql
db_gid=306
db_user=mysql
db_uid=306
db_version=8.0.27
db_file="mysql-{{db_version}}-linux-glibc2.12-x86_64.tar.xz"
db_data_dir="/data/mysql"
db_root_passwd="123456"
###下載準備mysql原始檔包
[15:00:12 root@ansible ansible]#ls roles/mysql/files/
mysql-8.0.27-linux-glibc2.12-x86_64.tar.xz
###建立task檔案
[15:00:55 root@ansible ansible]#cat roles/mysql/tasks/main.yml
- name: install dependent package
yum:
name: "{{ item }}"
loop:
- libaio
- numactl-libs
- name: create mysql group
group: name="{{db_group}}" gid="{{db_gid}}"
- name: create mysql user
user: name="{{db_user}}" uid="{{db_uid}}" system=yes shell="/sbin/nologin" create_home=no group="{{db_group}}"
- name: copy tar to remote host and file mode
unarchive:
src: "{{ db_file }}"
dest: "/usr/local/"
owner: root
group: root
- name: create lingfile /usr/local/mysql
file:
src: "/usr/local/mysql-{{ db_version }}-linux-glibc2.12-x86_64"
dest: "/usr/local/mysql"
state: link
- name: path file
copy:
content: "PATH=/usr/local/mysql/bin:$PATH"
dest: "/etc/profile.d/mysql.sh"
- name: config file
template:
src: my.cnf.j2
dest: "/etc/my.cnf"
- name: create directory
file:
name: "/data"
state: directory
- name: init mysql data
shell:
cmd: "/usr/local/mysql/bin/mysqld --initialize-insecure --user={{ db_user }} --datadir={{ db_data_dir }}"
tags:
- init
- name: service script
copy:
src: "/usr/local/mysql/support-files/mysql.server"
dest: "/etc/init.d/mysqld"
remote_src: yes
mode: '+x'
- name: start service
shell:
cmd: chkconfig --add mysqld;chkconfig mysqld on;service mysqld start
- name: change root password
shell:
cmd: "/usr/local/mysql/bin/mysqladmin -uroot password {{ db_root_passwd }}"
###準備MySQL 配置檔案模板
[15:02:00 root@ansible ansible]#cat roles/mysql/templates/my.cnf.j2
[mysqld]
server-id=1
log-bin
datadir={{ db_data_dir }}
socket={{ db_data_dir }}/mysql.sock
log-error={{ db_data_dir }}/mysql.log
pid-file={{ db_data_dir }}/mysql.pid
[client]
socket={{ db_data_dir }}/mysql.sock
###準備MySQL角色playbook檔案
[15:04:21 root@ansible ansible]#cat role_mysql.yml
- hosts: 10.0.0.18
remote_user: root
gather_facts: no
roles:
- mysql
###部署mysql
[15:08:35 root@ansible ansible]#ansible-playbook -i hosts role_mysql.yml
4、基於角色完成部署LNMP架構,並支援一鍵釋出,回滾應用。同時基於zabbix角色批次部署zabbix
4.1部署LNMP架構
4.1.1目錄結構
[18:57:47 root@ansible-rocky opt]$ tree /opt/
/opt/
├── ansible.cfg
├── hosts
├── lnmp_role.yml
├── mysql_role.yml
├── nginx_role.yml
├── php-fpm_role.yml
├── roles
│ ├── mysql
│ │ ├── files
│ │ │ └── mysql-8.0.31-linux-glibc2.12-x86_64.tar.xz
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── my.cnf.j2
│ ├── nginx
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ ├── nginx.conf.j2
│ │ └── nginx.service.j2
│ ├── php-fpm
│ │ ├── files
│ │ │ ├── test.php
│ │ │ └── www.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ ├── php-fpm.conf.j2
│ │ └── php.ini.j2
│ └── wordpress
│ ├── files
│ │ └── wordpress-6.1.1-zh_CN.zip
│ └── tasks
│ └── main.yml
└── wordpress_role.yml
4.1.2LNMP架構所需主機清單以及變數設定
[18:58:15 root@ansible-rocky opt]$ cat hosts
[websrvs]
10.0.0.18
10.0.0.28
[websrvs:vars]
version="1.20.2"
url="http://nginx.org/download/nginx-{{ version }}.tar.gz"
install_dir="/apps/nginx"
fqdn="www.yanlinux.org"
root_path="/data/wordpress"
app="wordpress-6.1.1-zh_CN"
[dbsrvs]
10.0.0.38
[dbsrvs:vars]
db_group=mysql
db_gid=306
db_user=mysql
db_uid=306
db_version=8.0.31
db_file="mysql-{{db_version}}-linux-glibc2.12-x86_64.tar.xz"
db_data_dir="/data/mysql"
db_root_passwd="123456**"
4.1.3實現編譯安裝nginx角色
#task檔案
[17:55:17 root@ansible-rocky roles]$ cat nginx/tasks/main.yml
- name: add group nginx
group: name=nginx system=yes gid=80
- name: add user nginx
user: name=nginx group=nginx uid=80 system=yes shell="/sbin/nologin" create_home=no
- name: install dependent package
yum: name={{item}} state=latest
loop:
- gcc
- make
- pcre-devel
- openssl-devel
- zlib-devel
- perl-ExtUtils-Embed
- name: get nginx source
unarchive:
src: "{{ url }}"
dest: "/usr/local/src"
remote_src: yes
- name: compile and install
shell:
cmd: "./configure --prefix={{install_dir}} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module && make && make install"
chdir: "/usr/local/src/nginx-{{ version }}"
creates: "{{install_dir}}/sbin/nginx"
- name: config file
template:
src: nginx.conf.j2
dest: "{{install_dir}}/conf/nginx.conf"
owner: nginx
group: nginx
notify: restart service
tags:
- config
- name: create directory
file:
path: "{{install_dir}}/conf/conf.d"
state: directory
owner: nginx
group: nginx
- name: change install directory owner
file:
path: "{{install_dir}}"
owner: nginx
group: nginx
recurse: yes
- name: copy service file
template:
src: nginx.service.j2
dest: "/lib/systemd/system/nginx.service"
- name: check config
shell:
cmd: "{{install_dir}}/sbin/nginx -t"
register: check_nginx_config
changed_when:
- check_nginx_config.stdout.find('successful')
- false
- name: start service
systemd:
daemon_reload: yes
name: nginx.service
state: started
enabled: yes
#建立handler檔案
[17:59:27 root@ansible-rocky roles]$ cat nginx/handlers/main.yml
- name: restart service
service:
name: nginx
state: restarted
#準備兩個template檔案
[17:59:51 root@ansible-rocky roles]$ cat nginx/templates/nginx.conf.j2
#user nobody;
user nginx;
worker_processes {{ ansible_processor_vcpus*2 }};
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
# logging
access_log {{install_dir}}/logs/access-json.log access_json;
error_log {{install_dir}}/logs/error.log warn;
keepalive_timeout 65;
include {{install_dir}}/conf/conf.d/*.conf;
}
[18:00:28 root@ansible-rocky roles]$ cat nginx/templates/nginx.service.j2
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile={{install_dir}}/logs/nginx.pid
ExecStartPre=/bin/rm -f {{install_dir}}/logs/nginx.pid
ExecStartPre={{install_dir}}/sbin/nginx -t
ExecStart={{install_dir}}/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
#總入口playbook檔案
[18:09:50 root@ansible-rocky opt]$ cat /opt/nginx_role.yml
- hosts: websrvs
remote_user: root
roles:
- nginx
4.1.4實現php-fpm角色
#首先準備php.ini.j2和www.conf檔案
#修改php上傳限制配置
[17:04:11 root@ansible-rocky ~]$ vi /opt/roles/php-fpm/templates/php.ini.j2
post_max_size = 100M #將次行從8M修改為100M
upload_max_filesize = 100M #將此行從2M改為100M
#修改配置檔案
[17:14:03 root@proxy ~]$ vi /opt/roles/php-fpm/files/www.conf
user = nginx #修改為nginx
group = nginx #修改為nginx
;listen = /run/php-fpm/www.sock #註釋此行
listen = 127.0.0.1:9000 #新增此行,監控本機的9000埠
#準備網頁配置檔案
[19:51:32 root@ansible-rocky opt]$ cat /opt/roles/php-fpm/templates/php-fpm.conf.j2
server {
listen 80;
server_name {{ fqdn }};
location / {
root {{ root_path }};
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#準備tasks檔案
[19:40:32 root@ansible-rocky opt]$ cat /opt/roles/php-fpm/tasks/main.yml
- name: install package
yum:
name: "{{ item }}"
loop:
- php-fpm
- php-mysqlnd
- php-json
- php-xml
- php-gd
- php-pecl-zip
- name: php path permissions
file:
path: /var/lib/php/
owner: nginx
group: nginx
recurse: yes
- name: config php.ini
template:
src: php.ini.j2
dest: /etc/php.ini
- name: config www.conf
copy:
src: www.conf
dest: /etc/php-fpm.d/www.conf
- name: website config
template:
src: php-fpm.conf.j2
dest: "{{ install_dir }}/conf/conf.d/php-fpm.conf"
owner: nginx
group: nginx
notify: restart nginx
- name: start service
service:
name: php-fpm
state: started
enabled: yes
#準備handler檔案
[19:53:47 root@ansible-rocky opt]$ cat /opt/roles/php-fpm/handlers/main.yml
- name: restart nginx
service:
name: nginx
state: restarted
#準備總入口playbook檔案
[19:54:48 root@ansible-rocky opt]$ cat /opt/php-fpm_role.yml
- hosts: websrvs
remote_user: root
roles:
- php-fpm
4.1.5 實現MySQL角色 注意:ansible playbook呼叫mysql系列模組需要依賴python3-mysql包和利用pip安裝pymysql
#下載準備mysql原始檔包
[18:22:54 root@ansible-rocky opt]$ ls roles/mysql/files/
mysql-8.0.31-linux-glibc2.12-x86_64.tar.xz
#建立task檔案
[18:24:40 root@ansible-rocky opt]$ cat roles/mysql/tasks/main.yml
- name: install dependent package
yum:
name: "{{ item }}"
loop:
- libaio
- numactl-libs
- python39
- python3-mysql
- name: install pymysql
pip:
name: pymysql
state: present
- name: create mysql group
group: name={{db_group}} gid={{db_gid}}
- name: create mysql user
user: name={{db_user}} uid={{db_uid}} system=yes shell="/sbin/nologin" create_home=no group={{db_group}}
- name: copy tar to remote host and file mode
unarchive:
src: "{{ db_file }}"
dest: "/usr/local/"
owner: root
group: root
- name: create lingfile /usr/local/mysql
file:
src: "/usr/local/mysql-{{ db_version }}-linux-glibc2.12-x86_64"
dest: "/usr/local/mysql"
state: link
- name: path file
copy:
content: "PATH=/usr/local/mysql/bin:$PATH"
dest: "/etc/profile.d/mysql.sh"
- name: config file
template:
src: my.cnf.j2
dest: "/etc/my.cnf"
- name: create directory
file:
name: "/data"
state: directory
- name: init mysql data
shell:
cmd: "/usr/local/mysql/bin/mysqld --initialize-insecure --user={{ db_user }} --datadir={{ db_data_dir }}"
tags:
- init
- name: service script
copy:
src: "/usr/local/mysql/support-files/mysql.server"
dest: "/etc/init.d/mysqld"
remote_src: yes
mode: '+x'
- name: start service
shell:
cmd: chkconfig --add mysqld;chkconfig mysqld on;service mysqld start
- name: change root password
shell:
cmd: "/usr/local/mysql/bin/mysqladmin -uroot password {{ db_root_passwd }}"
- name: create {{ wp_db_name }} database
mysql_db:
login_host: "localhost"
login_user: "root"
login_password: "{{ db_root_passwd }}"
login_port: 3306
login_unix_socket: "{{ db_data_dir }}/mysql.sock"
name: "{{ wp_db_name }}"
state: present
when: "{{ wp_db_name }} is defined"
- name: create {{ wp_db_user }}
mysql_user:
login_host: "localhost"
login_user: "root"
login_password: "{{ db_root_passwd }}"
login_port: 3306
login_unix_socket: "{{ db_data_dir }}/mysql.sock"
name: "{{ wp_db_user}}"
password: "{{ wp_db_passwd }}"
priv: "{{ wp_db_name }}.*:ALL"
host: "10.0.0.%"
state: present
when: "{{ wp_db_user }} is defined"
#準備MySQL 配置檔案模板
[18:25:25 root@ansible-rocky opt]$ cat roles/mysql/templates/my.cnf.j2
[mysqld]
server-id=1
log-bin
datadir={{ db_data_dir }}
socket={{ db_data_dir }}/mysql.sock
log-error={{ db_data_dir }}/mysql.log
pid-file={{ db_data_dir }}/mysql.pid
[client]
socket={{ db_data_dir }}/mysql.sock
#準備總入口playbook檔案
[18:25:38 root@ansible-rocky opt]$ cat mysql_role.yml
- hosts: dbsrvs
remote_user: root
gather_facts: no
roles:
- mysql
4.2基於zabbix角色批次部署zabbix
4.2.1 部署zabbix-server
#總體目錄結構
[20:27:58 root@ansible-rocky opt]$ tree
.
├── ansible.cfg
├── hosts
├── hosts_zabbix
├── roles
│ ├── mysql
│ │ ├── files
│ │ │ ├── create.sql.gz
│ │ │ └── mysql-8.0.31-linux-glibc2.12-x86_64.tar.xz
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── my.cnf.j2
│ ├── nginx
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ ├── nginx.conf.j2
│ │ └── nginx.service.j2
│ ├── php-fpm
│ │ ├── files
│ │ │ ├── test.php
│ │ │ └── www.conf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ ├── php-fpm.conf.j2
│ │ └── php.ini.j2
│ └── zabbix_server
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ ├── zabbix.conf.j2
│ ├── zabbix_server.conf.j2
│ └── zabbix-server-ngx.conf.j2
└── zabbix_server.yml
29 directories, 26 files
#主入口playbook
[20:24:45 root@ansible-rocky opt]$ cat zabbix_server.yml
- hosts: websrvs
remote_user: root
roles:
- nginx
- php-fpm
- hosts: dbsrvs
remote_user: root
roles:
- mysql
- hosts: websrvs
remote_user: root
roles:
- zabbix_server
#tasks檔案
[20:30:01 root@ansible-rocky zabbix_server]$ cat /opt/roles/zabbix_server/tasks/main.yml
- name: config zabbix yum repo
yum_repository:
name: "ansible_zabbix"
description: "zabbix repo"
baseurl: "https://mirrors.aliyun.com/zabbix/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/"
gpgcheck: yes
gpgkey: "https://mirrors.aliyun.com/zabbix/zabbix-official-repo.key"
- name: install zabbix-server
yum:
name: "{{ item }}"
loop:
- zabbix-server-mysql
- zabbix-agent2
- zabbix-get
- zabbix-web-mysql
- name: copy zabbix_server.conf
template:
src: zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
mode: 0600
notify:
- restart zabbix-server
tags: restart zabbix-server
- name: chown zabbix-web
file:
path: /etc/zabbix/web
state: directory
owner: nginx
group: nginx
recurse: yes
- name: copy zabbix-server web conf
template:
src: zabbix-server-ngx.conf.j2
dest: "{{ install_dir }}/conf/conf.d/zabbix_server_ngx.conf"
owner: nginx
group: nginx
notify:
- restart nginx
- name: copy zabbix.conf into php-fpm.d
template:
src: zabbix.conf.j2
dest: "/etc/php-fpm.d/zabbix.conf"
notify:
- restart php-fpm
- name: start zabbix-server
service:
name: zabbix-server
state: restarted
enabled: yes
#檢視handler
[20:34:11 root@ansible-rocky zabbix_server]$ cat /opt/roles/zabbix_server/handlers/main.yml
- name: restart zabbix-server
service:
name: zabbix-server
state: restarted
- name: restart nginx
service:
name: nginx
state: restarted
- name: restart php-fpm
service:
name: php-fpm
state: restarted
#檢視template檔案
[20:34:15 root@ansible-rocky zabbix_server]$ cat /opt/roles/zabbix_server/templates/zabbix.conf.j2
[zabbix]
user = nginx
group = nginx
listen = /run/php-fpm/zabbix.sock
listen.acl_users = apache,nginx
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 200
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time] = 300
php_value[memory_limit] = 128M
php_value[post_max_size] = 80M
php_value[upload_max_filesize] = 80M
php_value[max_input_time] = 300
php_value[max_input_vars] = 10000
php_value[date.timezone] = Asia/Shanghai
[20:38:05 root@ansible-rocky zabbix_server]$ grep -Ev '^$|#' /opt/roles/zabbix_server/templates/zabbix_server.conf.j2
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
SocketDir=/var/run/zabbix
DBHost=10.0.0.58
DBName=zabbix
DBUser=zabbix
DBPassword=lgq123456
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=4
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
##zabbix網頁配置檔案
[20:39:05 root@ansible-rocky zabbix_server]$ cat /opt/roles/zabbix_server/templates/zabbix-server-ngx.conf.j2
server {
listen 80;
server_name {{ zabbix_fqdn }};
root /usr/share/zabbix;
index index.php;
location = /favicon.ico {
log_not_found off;
}
location / {
try_files $uri $uri/ =404;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /\.ht {
deny all;
}
location ~ /(api\/|conf[^\.]|include|locale|vendor) {
deny all;
return 404;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php-fpm/zabbix.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}
4.2.2部署zabbix-agent
#目錄結構
[22:59:31 root@ansible-rocky zabbix_agent2]$ tree
.
├── files
│ └── zabbix_agnet2.d
│ ├── login.conf
│ ├── mem.conf
│ ├── mysql.conf
│ ├── mysql_repl_status.sh
│ ├── mysql.sh
│ ├── nginx_status.conf
│ ├── nginx_status.sh
│ └── tcp_state.conf
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── zabbix_agent2.conf.j2
5 directories, 11 files
#task檔案
[23:14:12 root@ansible-rocky opt]$ cat /opt/roles/zabbix_agent2/tasks/main.yml
- name: install repo
yum_repository:
name: "ansible_zabbix"
description: "zabbix repo"
baseurl: "https://mirrors.aliyun.com/zabbix/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/"
gpgcheck: yes
gpgkey: "https://mirrors.aliyun.com/zabbix/zabbix-official-repo.key"
- name: install agent2 for centos or rocky
yum:
name: zabbix-agent2
when:
- ansible_distribution == "Rocky" or ansible_distribution == "Centos"
- name: install agent2 for centos or ubuntu
apt:
name: zabbix-agent2
update_cache: yes
when:
- ansible_distribution == "Ubuntu"
- name: config file
template:
src: zabbix_agent2.conf.j2
dest: "/etc/zabbix/zabbix_agent2.conf"
mode: 0644
notify:
- restart zabbix-agent2
- name: copy zabbix-agent2.d content
copy:
src: zabbix_agent2.d
dest: "/etc/zabbix"
notify:
- restart zabbix-agent2
tags: zabbix_agent2.d
- name: start zabbix-agent2
service:
name: zabbix-agent2
state: started
enabled: yes
#handler檔案
[23:14:14 root@ansible-rocky opt]$ cat /opt/roles/zabbix_agent2/handlers/main.yml
- name: restart zabbix_agent2
service:
name: zabbix-agent2
state: restarted
#template檔案
[23:14:43 root@ansible-rocky opt]$ cat /opt/roles/zabbix_agent2/templates/zabbix_agent2.conf.j2
PidFile=/var/run/zabbix/zabbix_agent2.pid
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=0
Server={{ zabbix_server_ip }}
ServerActive={{ zabbix_server_ip }}
Hostname={{ ansible_default_ipv4.address }}
Include=/etc/zabbix/zabbix_agent2.d/*.conf
ControlSocket=/tmp/agent.sock