轉載: http://blog.51cto.com/ywzhou/1577573
**作用:Zabbix是一款強大的自動化監控軟體,通過puppet自動部署zabbix用戶端。 **
1、服務端配置zabbix子產品
(1)子產品清單
[root@puppet ~]# tree /etc/puppet/modules/zabbix/
/etc/puppet/modules/zabbix/
├── files
│ ├── discovertcpport.sh
│ └── zabbix-2.2.5.tar.gz
├── manifests
│ ├── config.pp
│ ├── init.pp
│ ├── install.pp
│ ├── params.pp
│ └── service.pp
└── templates
├── zabbix_agentd_conf.erb
└── zabbix_install_sh.erb
(2)定義參數類
[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/params.pp
class zabbix::params {
$zabbixserver = "zabbix.ewin.com" #zabbix伺服器名
$zabbixversion = 'zabbix-2.2.5' #zabbix版本
}
(3)定義安裝類
[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/install.pp
class zabbix::install {
include zabbix::install::files, zabbix::install::sh
}
#檔案子類
class zabbix::install::files {
#建立軟體存放目錄
file { "/home/zabbix":
ensure => directory,
}
#複制源碼包
file { "zabbix-agent":
name => "/home/zabbix/${zabbix::params::zabbixversion}.tar.gz",
ensure => file,
owner => 'root',
group => 'root',
source => "puppet:///modules/zabbix/${zabbix::params::zabbixversion}.tar.gz",
require => File["/home/zabbix"],
}
#複制安裝腳本,必須是unix格式
file { "zabbix-install":
name => "/home/zabbix/zabbix_install.sh",
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => template("zabbix/zabbix_install_sh.erb"),
require => File["/home/zabbix"],
}
}
#腳本子類
class zabbix::install::sh {
#安裝依賴軟體包
package { ["gcc","curl"]:#,"curl-devel","net-snmp","net-snmp-devel","perl-DBI"
ensure => installed,
before => Exec["/bin/bash zabbix_install.sh"],
}
#執行安裝腳本
exec { "/bin/bash zabbix_install.sh":
cwd => "/home/zabbix",
creates => "/etc/init.d/zabbix_agentd", #腳本執行成功後會生成這個檔案,當檔案存在了就不再執行此資源
require => Class["zabbix::install::files"],
}
}
說明:使用安裝腳本可以簡化很多代碼,簡省puppet資源,也可以使用exec來執行tar、configure、make等指令來進行部署。
(4)定義配置類
[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/config.pp
class zabbix::config {
include zabbix::config::files, zabbix::config::iptables
}
#配置檔案子類
class zabbix::config::files {
file { "/usr/local/zabbix_agent/etc/zabbix_agentd.conf":
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => template("zabbix/zabbix_agentd_conf.erb"),
require => Class["zabbix::install"],
notify => Class["zabbix::service"],
}
file { "/usr/local/zabbix_agent/sbin/discovertcpport.sh":
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => "puppet:///modules/zabbix/discovertcpport.sh",
require => Class["zabbix::install"],
}
#指定日志屬主,否則程序啟動時報錯cannot open [/var/log/zabbix_agentd.log]: [13] Permission denied
file { "/var/log/zabbix_agentd.log":
ensure => present,
owner => 'zabbix',
group => 'zabbix',
require => Class["zabbix::install"],
}
}
#防火牆設定子類
class zabbix::config::iptables {
service { "iptables":
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
}
exec { 'iptables -I INPUT -p tcp --dport 10050:10051 -j ACCEPT':
unless => 'grep "tcp --dport 10050:10051" /etc/sysconfig/iptables 2>/dev/null',
require => Service["iptables"],
notify => Exec["service iptables save"],
}
exec { 'iptables -I INPUT -p udp --dport 10050:10051 -j ACCEPT':
unless => 'grep "udp --dport 10050:10051" /etc/sysconfig/iptables 2>/dev/null',
require => Service["iptables"],
notify => Exec["service iptables save"],
}
exec { 'service iptables save':
refreshonly => true,
}
}
說明:這裡的防火牆規則配置可以應用到很多地方,首先要保證iptables服務啟動,否則規則儲存不進檔案,然後添加臨時規則,通知iptables服務儲存,unless和refreshonly保證了Exec資源隻執行一次就完成任務。
(5)定義配置檔案模闆
[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_agentd_conf.erb
### puppet config ###
LogFile=/var/log/zabbix_agentd.log
Server=<%= scope.lookupvar('zabbix::params::zabbixserver') %> #參數類中定義的伺服器名稱
Hostname=<%= fqdn %> #使用facter fqdn擷取用戶端的計算機全名
UnsafeUserParameters=1
EnableRemoteCommands=1
UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh "$1"
說明:關于zabbix的配置就不詳述了,可以看我關于zabbix的相關博文。
(6)定義安裝檔案模闆
[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb
#!/bin/bash
cd /home/zabbix
useradd zabbix -s /sbin/nologin
tar zvxf <%= scope.lookupvar('zabbix::params::zabbixversion') %>.tar.gz
cd <%= scope.lookupvar('zabbix::params::zabbixversion') %>
./configure --prefix=/usr/local/zabbix_agent --enable-agent
make install
cp /usr/local/zabbix_agent/sbin/zabbix_agentd /etc/init.d/
chmod +x /etc/init.d/zabbix_agentd
fi
說明:通過參數定義軟體版本和伺服器位址,模闆檔案就不用因為這兩個值的不同再修改了。
注意:windows下編輯的檔案格式是doc,在linux下無法執行(.sh檔案),要轉換成unix格式。
在linux下轉換檔案格式方法:
[root@puppet ~]# vi /etc/puppet/modules/zabbix/template/zabbix_install_sh.erb
:set ff? #顯示fileforma=dos就是windows格式
:set fileformat=unix #轉換成unix格式
:wq! #儲存退出
在windows下轉換檔案格式方法(推薦):
UltraEdit編輯器:檔案File-->轉換Conversions-->DOS轉UNIX
http://s3.51cto.com/wyfs02/M01/53/82/wKioL1RprVyR4lwvAAPSVJn3-cA942.jpg
(7)定義服務類
[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/service.pp
class zabbix::service {
service { "zabbix_agentd":
ensure => running,
start => "/etc/init.d/zabbix_agentd start",
stop => "ps ax|grep zabbix_agentd|grep -v grep |awk '{print \$1}'|xargs kill -9", #$1前要加個\進行轉義,否則被認為是puppet變量而無效
require => Class["zabbix::config"],
}
}
說明:用戶端zabbix_agentd服務的service restart|stop|status沒有反應,是以自定義啟動和關閉指令來實作重新開機效果。
(8)定義zabbix主類
[root@puppet ~]# vi /etc/puppet/modules/zabbix/manifests/init.pp
class zabbix {
Exec { path => "/usr/bin:/bin:/usr/sbin:/sbin" }
include zabbix::params
include zabbix::install, zabbix::config, zabbix::service
}
(9)定義節點檔案,調用子產品
[root@puppet ~]# vi /etc/puppet/manifests/centostest.pp
node "centostest.ewin.com" {
include ntp, yum, puppet, host, ssh, zabbix
}
(10)應用節點檔案
[root@puppet ~]# vi /etc/puppet/manifests/site.pp
import "centostest.pp"
(11)下載下傳zabbix源碼包
官方下載下傳地位址:
http://www.zabbix.com/download.php下載下傳Zabbix Sources中的源碼包,目前是2.4.2和2.2.7版本
我的zabbix伺服器安裝的2.2.5版本
[root@puppet ~]# cd /etc/puppet/modules/zabbix/files/
[root@puppet files]# wget http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/2.2.5/zabbix-2.2.5.tar.gz
(12)編寫自動監控"監聽端口"腳本
[root@puppet ~]# vi /etc/puppet/modules/zabbix/files/discovertcpport.sh
#!/bin/bash
portarray=(`netstat -tnlp|egrep -i "$1"|awk {'print $4'}|awk -F':' '{if ($NF~/^[0-9]*$/) print $NF}'|sort |uniq 2>/dev/null`)
length=${#portarray[@]}
printf "{\n"
printf '\t'"\"data\":["
for ((i=0;i<$length;i++))
do
printf '\n\t\t{'
printf "\"{#TCP_PORT}\":\"${portarray[$i]}\"};"
if [ $i -lt $[$length-1] ];then
printf ','
fi
done
printf "\n\t]\n"
printf "}\n"
說明:這是給zabbix用來監控用戶端正在監聽的端口用的腳本,詳見我的zabbix相關博文。
注意:.sh腳本檔案,格式必須是unix格式才能執行,按第(5)節中的方法修改。
2、測試
(1)用戶端執行puppet agent -t同時檢視日志
[root@centostest ~]# tailf /var/log/messages
Nov 13 11:45:40 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[/home/zabbix]/ensure) created
Nov 13 11:45:40 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[zabbix-install]/ensure) defined content as '{md5}dd528a657456fdf527df0fc341f437d0'
Nov 13 11:45:44 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Files/File[zabbix-agent]/ensure) defined content as '{md5}e7b74a0208743f743585d9cc1d46eccf'
#以上顯示安裝腳本和配置檔案複制成功
Nov 13 11:45:45 centostest kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Nov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Service[iptables]/ensure) ensure changed 'stopped' to 'running'
Nov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[iptables -I INPUT -p tcp --dport 10050:10051 -j ACCEPT]/returns) executed successfully
Nov 13 11:45:45 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[iptables -I INPUT -p udp --dport 10050:10051 -j ACCEPT]/returns) executed successfully
Nov 13 11:45:46 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Config::Iptables/Exec[service iptables save]) Triggered 'refresh' from 2 events
#以上顯示防火牆由關閉轉為啟動,添加兩條規則,觸發了save兩次
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) useradd: user 'zabbix' already exists
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/Makefile.in
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/Makefile.in
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/zabbix_trap_receiver.pl
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/snmptrap/snmptrap.sh
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/README
Nov 13 11:46:19 centostest puppet-agent[33875]: (/Stage[main]/Zabbix::Install::Sh/Exec[/bin/bash zabbix_install.sh]/returns) zabbix-2.2.5/misc/images/png_to_xml.sh
#運作安裝腳本,zabbix源碼包解壓縮,接近200行的樣子,這裡省略
#腳本中的其他指令不在日志中顯示
Nov 13 11:46:19 centostest rsyslogd-2177: imuxsock begins to drop messages from pid 33875 due to rate-limiting
Nov 13 11:46:38 centostest puppet-agent[43176]: Finished catalog run in 2.76 seconds
(2)檢視安裝檔案是否複制到位
[root@centostest ~]# ll /home/zabbix/
總用量 14620
drwxrwxr-x. 13 1000 1000 4096 11月 13 11:46 zabbix-2.2.5
-rw-r--r--. 1 root root 14960556 11月 13 11:45 zabbix-2.2.5.tar.gz
-rwxr-xr-x. 1 root root 276 11月 13 11:45 zabbix_install.sh
(3)檢視啟動程序是否複制到位
[root@centostest ~]# ll /etc/init.d/zabbix_agentd
-rwxr-xr-x. 1 root root 862771 11月 12 16:36 /etc/init.d/zabbix_agentd
(4)檢視配置檔案内容
[root@centostest ~]# cat /usr/local/zabbix_agent/etc/zabbix_agentd.conf
### puppet config ###
LogFile=/var/log/zabbix_agentd.log
Server=zabbix.ewin.com
Hostname=centostest.ewin.com
UnsafeUserParameters=1
EnableRemoteCommands=1
UserParameter=tcpportlisten,/usr/local/zabbix_agent/sbin/discovertcpport.sh "$1"
(5)檢視防火牆狀态
[root@centostest ~]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:10050:10051
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:10050:10051
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
結論:成功啟動防火牆并添加了兩條規則
3、測試服務重新開機
(1)檢視程序是否啟動,以及程序的PID(1)
[root@centostest ~]# ps aux|grep zabbix
zabbix 45252 0.0 0.0 17592 716 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: collector [idle 1 sec]
zabbix 45253 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #1 [waiting for connection]
zabbix 45254 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #2 [waiting for connection]
zabbix 45255 0.0 0.0 17592 624 ? S 09:20 0:00 /etc/init.d/zabbix_agentd: listener #3 [waiting for connection]
root 47201 0.0 0.0 103256 848 pts/2 S+ 09:22 0:00 grep zabbix
(2)修改配置檔案模闆
在zabbix_agentd_conf.erb中加入一行
#test service restart
(3)用戶端執行puppet agent -t同時檢視日志
[root@centostest ~]# tailf /var/log/messages
Nov 13 09:33:28 centostest puppet-agent[62959]: (/Stage[main]/Zabbix::Config/File[/usr/local/zabbix_agent/etc/zabbix_agentd.conf]/content) content changed '{md5}7f16ab238a0febff5d3330a4b4b341c4' to '{md5}d2b43f63f0c101966d8ea32356e0fcdc'
Nov 13 09:33:28 centostest puppet-agent[62959]: (/Stage[main]/Zabbix::Service/Service[zabbix_agentd]) Triggered 'refresh' from 1 events
(4)再次檢視啟動程序的PID
[root@centostest ~]# ps aux|grep zabbixroot 3016 0.0 0.0 103256 840 pts/2 S+ 09:36 0:00 grep zabbix
zabbix 63190 0.0 0.0 17592 748 ? S 09:33 0:00 /etc/init.d/zabbix_agentd start
zabbix 63191 0.0 0.0 17592 728 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: collector [idle 1 sec]
zabbix 63192 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #1 [waiting for connection]
zabbix 63193 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #2 [waiting for connection]
zabbix 63194 0.0 0.0 17592 624 ? S 09:33 0:00 /etc/init.d/zabbix_agentd: listener #3 [waiting for connection]
結論:可以看到程序PID改變了,配置檔案的更新成功觸發服務重新開機,使用了自定義的start和stop指令來完成重新開機過程。
總結:成功部署了Zabbix agent端,能通過puppet管理配置檔案,自動重新開機zabbix程序,
之後就是在zabbix伺服器上添加對centostest的監控了,這裡不詳述,經測試監控成功。
4、service服務資源
預設采用/etc/init.d/下的腳本進行服務管理,自定義的腳本需要加入該目錄并在腳本中定義chkconfig
service { 'nginx': #标題等于name參數,服務名
ensure => running,#確定服務運作
enable => true, #開機啟動服務
hasrestart => true, #是否支援service nginx restart指令,重新開機
hasstatus => true, #是否支援service nginx status指令,檢視狀态,當服務未啟動,會執行重新開機
subscribe => File["nginx.conf"], #當nginx.conf有變更時,執行此服務資源(重新開機)
restart => "/etc/init.d/nginx reload", #指定重新開機指令,隻需重新加載配置檔案即可
}
{
binary => , #守護程序的路徑
enable => true|false, #設定開機自動啟動
ensure => true|false|running, #服務的狀态,運作|停止|運作
hasstatus => true|false, #是否支援status
hasrestart => true|false, #是否支援restart,不支援就用stop/start實作
name => 'sshd', #服務名稱
path => "/etc/init.d", #指定查找init腳本的路徑
pattern => , #設定搜尋程序的比對字元串,用來确認服務程序的狀态或重新開機
restart => "/etc/init.d/nginx reload", #重新開機指令,可指定
start => "/etc/init.d/nginx start", #啟動指令,可指定
status => "/etc/init.d/nginx status", #狀态指令,可指定
stop => "/etc/init.d/nginx stop", #停止指令,可指定
}
![終端環境之tmux[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)