[Ansible] 7. Ansible Playbook을 활용한 Zabbix Agent 자동 설치

[Ansible]7. Ansible Playbook을 활용한 Zabbix Agent 자동 설치

Ansible Playbook을 활용하여 Zabbix Agent 3.4.9 버전을 자동 설치

[Ansible]7. Ansible Playbook을 활용한 Zabbix Agent 자동 설치1. 자동화 관련 Flow2. 관련 Command 및 실행 결과1) 실행 Command2) 명령어 매개변수3) 실행 결과3. 관련 파일1) zabbix-agent.yml2) hosts3) zabbix-agentd.conf.j2

1. 자동화 관련 Flow

1. Zabbix Agent 3.4.9 RPM을 원격지로 파일 전송

2. Zabbix Agent 설치

3. Zabbix Agent 관련 Config 파일 설정

   zabbix-agentd.conf.j2 파일의 템플릿을 활용하며

   기본적인 Log 옵션 및 Server/Agent 의 정보 입력을 자동화 했다.

4. Zabbix Agent 서비스 Start

Ansible Server 실행 디렉토리 내에 rpm 파일이 있어야 함

 

2. 관련 Command 및 실행 결과

1) 실행 Command

1
[test@server1 ansible]$ ansible-playbook -k -i hosts zabbix-agent.yml -K -e 'zabbix_server_ipaddr=X.X.X.X target=server4 target_userid=test' --ask-become-pass

2) 명령어 매개변수

zabbix_server_ipaddr	zabbix server 의 IP Address, 지정 시 zabbix-agentd.conf.j2 내 입력 된다.
target	설치 대상, hosts inventory 파일 내 있는 대상이어야 한다.
target_userid	원격지 접속 시 사용할 계정, su 를 통해 root 권한 획득이 가능한 계정이어야 한다.

3) 실행 결과

1
[test@server1 ansible]$ ansible-playbook -k -i hosts zabbix-agent.yml -K -e 'zabbix_server_ipaddr=X.X.X.X target=server4 target_userid=test' --ask-become-pass
2
SSH password: 
3
SUDO password[defaults to SSH password]: 
4
​
5
PLAY [Install zabbix-agent-3.4.9] *************************************************************************************
6
​
7
TASK [Gathering Facts] ************************************************************************************************
8
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
9
​
10
ok: [server4]
11
​
12
TASK [1. Test connection] *********************************************************************************************
13
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
14
​
15
ok: [server4]
16
​
17
TASK [2. Copy Zabbix Agent rpm to Remote host] ************************************************************************
18
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
19
​
20
changed: [server4]
21
​
22
TASK [3. Install Zabbix Agent] ****************************************************************************************
23
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
24
​
25
changed: [server4]
26
​
27
TASK [4. Configure Zabbix Agent] **************************************************************************************
28
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
29
​
30
changed: [server4]
31
​
32
TASK [5. Restart Zabbix Agent] ****************************************************************************************
33
 [WARNING]: sftp transfer mechanism failed on [server4]. Use ANSIBLE_DEBUG=1 to see detailed information
34
​
35
changed: [server4]
36
​
37
PLAY RECAP ************************************************************************************************************
38
server4                    : ok=6    changed=4    unreachable=0    failed=0   

 

 

3. 관련 파일

1) zabbix-agent.yml

1
---
2
- name: Install zabbix-agent-3.4.9
3
  hosts: "{{ target }}"
4
  remote_user: "{{ target_userid }}"   
5
  gather_facts: yes   
6
  become: yes
7
  become_user : root
8
  tasks:
9
    - name: 1. Test connection
10
      ping:
11
​
12
    - name: 2. Copy Zabbix Agent rpm to Remote host
13
      copy: 
14
        src: zabbix-agent-3.4.9-1.el7.x86_64.rpm
15
        dest: zabbix-agent-3.4.9-1.el7.x86_64.rpm
16
        owner: "{{ target_userid }}"
17
        group: "{{ target_userid }}"
18
        mode: 0644
19
        backup: yes     
20
​
21
    - name: 3. Install Zabbix Agent 
22
      yum:
23
        name: zabbix-agent-3.4.9-1.el7.x86_64.rpm
24
        state: present
25
​
26
    - name: 4. Configure Zabbix Agent
27
      template: 
28
        src: zabbix-agentd.conf.j2
29
        dest: /etc/zabbix/zabbix_agentd.conf 
30
        owner: root
31
        group: root
32
        backup: yes
33
​
34
    - name: 5. Start Zabbix Agent
35
      service:
36
        name: zabbix-agent
37
        state: started
38
        enabled: yes

2) hosts

1
[test]
2
server2
3
server3
4
server4

 

3) zabbix-agentd.conf.j2

1
# This is a configuration file for Zabbix agent daemon (Unix)
2
# To get more information about Zabbix, visit http://www.zabbix.com
3
​
4
############ GENERAL PARAMETERS #################
5
​
6
### Option: PidFile
7
#       Name of PID file.
8
#
9
# Mandatory: no
10
# Default:
11
# PidFile=/tmp/zabbix_agentd.pid
12
​
13
PidFile=/var/run/zabbix/zabbix_agentd.pid
14
​
15
### Option: LogType
16
#       Specifies where log messages are written to:
17
#               system  - syslog
18
#               file    - file specified with LogFile parameter
19
#               console - standard output
20
#
21
# Mandatory: no
22
# Default:
23
# LogType=file
24
​
25
### Option: LogFile
26
#       Log file name for LogType 'file' parameter.
27
#
28
# Mandatory: no
29
# Default:
30
# LogFile=
31
​
32
LogFile=/var/log/zabbix/zabbix_agentd.log
33
​
34
### Option: LogFileSize
35
#       Maximum size of log file in MB.
36
#       0 - disable automatic log rotation.
37
#
38
# Mandatory: no
39
# Range: 0-1024
40
# Default:
41
# LogFileSize=1
42
​
43
LogFileSize=100
44
​
45
### Option: DebugLevel
46
#       Specifies debug level:
47
#       0 - basic information about starting and stopping of Zabbix processes
48
#       1 - critical information
49
#       2 - error information
50
#       3 - warnings
51
#       4 - for debugging (produces lots of information)
52
#       5 - extended debugging (produces even more information)
53
#
54
# Mandatory: no
55
# Range: 0-5
56
# Default:
57
# DebugLevel=3
58
​
59
### Option: SourceIP
60
#       Source IP address for outgoing connections.
61
#
62
# Mandatory: no
63
# Default:
64
# SourceIP=
65
​
66
### Option: EnableRemoteCommands
67
#       Whether remote commands from Zabbix server are allowed.
68
#       0 - not allowed
69
#       1 - allowed
70
#
71
# Mandatory: no
72
# Default:
73
# EnableRemoteCommands=0
74
​
75
### Option: LogRemoteCommands
76
#       Enable logging of executed shell commands as warnings.
77
#       0 - disabled
78
#       1 - enabled
79
#
80
# Mandatory: no
81
# Default:
82
# LogRemoteCommands=0
83
​
84
##### Passive checks related
85
​
86
### Option: Server
87
#       List of comma delimited IP addresses (or hostnames) of Zabbix servers.
88
#       Incoming connections will be accepted only from the hosts listed here.
89
#       If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
90
#
91
# Mandatory: no
92
# Default:
93
# Server=
94
​
95
Server={{ zabbix_server_ipaddr }}
96
​
97
### Option: ListenPort
98
#       Agent will listen on this port for connections from the server.
99
#
100
# Mandatory: no
101
# Range: 1024-32767
102
# Default:
103
# ListenPort=10050
104
​
105
### Option: ListenIP
106
#       List of comma delimited IP addresses that the agent should listen on.
107
#       First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
108
#
109
# Mandatory: no
110
# Default:
111
# ListenIP=0.0.0.0
112
ListenIP={{ ansible_all_ipv4_addresses[0] }}
113
​
114
### Option: StartAgents
115
#       Number of pre-forked instances of zabbix_agentd that process passive checks.
116
#       If set to 0, disables passive checks and the agent will not listen on any TCP port.
117
#
118
# Mandatory: no
119
# Range: 0-100
120
# Default:
121
# StartAgents=3
122
​
123
##### Active checks related
124
​
125
### Option: ServerActive
126
#       List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
127
#       If port is not specified, default port is used.
128
#       IPv6 addresses must be enclosed in square brackets if port for that host is specified.
129
#       If port is not specified, square brackets for IPv6 addresses are optional.
130
#       If this parameter is not specified, active checks are disabled.
131
#       Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
132
#
133
# Mandatory: no
134
# Default:
135
# ServerActive=
136
​
137
ServerActive={{ zabbix_server_ipaddr }}
138
​
139
### Option: Hostname
140
#       Unique, case sensitive hostname.
141
#       Required for active checks and must match hostname as configured on the server.
142
#       Value is acquired from HostnameItem if undefined.
143
#
144
# Mandatory: no
145
# Default:
146
# Hostname=
147
​
148
Hostname={{ ansible_hostname }} 
149
​
150
### Option: HostnameItem
151
#       Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
152
#       Does not support UserParameters or aliases.
153
#
154
# Mandatory: no
155
# Default:
156
# HostnameItem=system.hostname
157
​
158
### Option: HostMetadata
159
#       Optional parameter that defines host metadata.
160
#       Host metadata is used at host auto-registration process.
161
#       An agent will issue an error and not start if the value is over limit of 255 characters.
162
#       If not defined, value will be acquired from HostMetadataItem.
163
#
164
# Mandatory: no
165
# Range: 0-255 characters
166
# Default:
167
# HostMetadata=
168
​
169
### Option: HostMetadataItem
170
#       Optional parameter that defines an item used for getting host metadata.
171
#       Host metadata is used at host auto-registration process.
172
#       During an auto-registration request an agent will log a warning message if
173
#       the value returned by specified item is over limit of 255 characters.
174
#       This option is only used when HostMetadata is not defined.
175
#
176
# Mandatory: no
177
# Default:
178
# HostMetadataItem=
179
​
180
### Option: RefreshActiveChecks
181
#       How often list of active checks is refreshed, in seconds.
182
#
183
# Mandatory: no
184
# Range: 60-3600
185
# Default:
186
# RefreshActiveChecks=120
187
RefreshActiveChecks=300
188
​
189
### Option: BufferSend
190
#       Do not keep data longer than N seconds in buffer.
191
#
192
# Mandatory: no
193
# Range: 1-3600
194
# Default:
195
# BufferSend=5
196
​
197
### Option: BufferSize
198
#       Maximum number of values in a memory buffer. The agent will send
199
#       all collected data to Zabbix Server or Proxy if the buffer is full.
200
#
201
# Mandatory: no
202
# Range: 2-65535
203
# Default:
204
# BufferSize=100
205
​
206
### Option: MaxLinesPerSecond
207
#       Maximum number of new lines the agent will send per second to Zabbix Server
208
#       or Proxy processing 'log' and 'logrt' active checks.
209
#       The provided value will be overridden by the parameter 'maxlines',
210
#       provided in 'log' or 'logrt' item keys.
211
#
212
# Mandatory: no
213
# Range: 1-1000
214
# Default:
215
# MaxLinesPerSecond=20
216
​
217
############ ADVANCED PARAMETERS #################
218
​
219
### Option: Alias
220
#       Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
221
#       Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
222
#       Different Alias keys may reference the same item key.
223
#       For example, to retrieve the ID of user 'zabbix':
224
#       Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
225
#       Now shorthand key zabbix.userid may be used to retrieve data.
226
#       Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
227
#
228
# Mandatory: no
229
# Range:
230
# Default:
231
​
232
### Option: Timeout
233
#       Spend no more than Timeout seconds on processing
234
#
235
# Mandatory: no
236
# Range: 1-30
237
# Default:
238
# Timeout=3
239
Timeout=10
240
​
241
### Option: AllowRoot
242
#       Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
243
#       will try to switch to the user specified by the User configuration option instead.
244
#       Has no effect if started under a regular user.
245
#       0 - do not allow
246
#       1 - allow
247
#
248
# Mandatory: no
249
# Default:
250
# AllowRoot=0
251
​
252
### Option: User
253
#       Drop privileges to a specific, existing user on the system.
254
#       Only has effect if run as 'root' and AllowRoot is disabled.
255
#
256
# Mandatory: no
257
# Default:
258
# User=zabbix
259
​
260
### Option: Include
261
#       You may include individual files or all files in a directory in the configuration file.
262
#       Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
263
#
264
# Mandatory: no
265
# Default:
266
# Include=
267
​
268
Include=/etc/zabbix/zabbix_agentd.d/
269
​
270
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
271
# Include=/usr/local/etc/zabbix_agentd.conf.d/
272
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
273
​
274
####### USER-DEFINED MONITORED PARAMETERS #######
275
​
276
### Option: UnsafeUserParameters
277
#       Allow all characters to be passed in arguments to user-defined parameters.
278
#       The following characters are not allowed:
279
#       \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
280
#       Additionally, newline characters are not allowed.
281
#       0 - do not allow
282
#       1 - allow
283
#
284
# Mandatory: no
285
# Range: 0-1
286
# Default:
287
# UnsafeUserParameters=0
288
​
289
### Option: UserParameter
290
#       User-defined parameter to monitor. There can be several user-defined parameters.
291
#       Format: UserParameter=<key>,<shell command>
292
#       See 'zabbix_agentd' directory for examples.
293
#
294
# Mandatory: no
295
# Default:
296
# UserParameter=
297
​
298
####### LOADABLE MODULES #######
299
​
300
### Option: LoadModulePath
301
#       Full path to location of agent modules.
302
#       Default depends on compilation options.
303
#
304
# Mandatory: no
305
# Default:
306
# LoadModulePath=${libdir}/modules
307
​
308
### Option: LoadModule
309
#       Module to load at agent startup. Modules are used to extend functionality of the agent.
310
#       Format: LoadModule=<module.so>
311
#       The modules must be located in directory specified by LoadModulePath.
312
#       It is allowed to include multiple LoadModule parameters.
313
#
314
# Mandatory: no
315
# Default:
316
# LoadModule=
317
​
318
####### TLS-RELATED PARAMETERS #######
319
​
320
### Option: TLSConnect
321
#       How the agent should connect to server or proxy. Used for active checks.
322
#       Only one value can be specified:
323
#               unencrypted - connect without encryption
324
#               psk         - connect using TLS and a pre-shared key
325
#               cert        - connect using TLS and a certificate
326
#
327
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
328
# Default:
329
# TLSConnect=unencrypted
330
​
331
### Option: TLSAccept
332
#       What incoming connections to accept.
333
#       Multiple values can be specified, separated by comma:
334
#               unencrypted - accept connections without encryption
335
#               psk         - accept connections secured with TLS and a pre-shared key
336
#               cert        - accept connections secured with TLS and a certificate
337
#
338
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
339
# Default:
340
# TLSAccept=unencrypted
341
​
342
### Option: TLSCAFile
343
#       Full pathname of a file containing the top-level CA(s) certificates for
344
#       peer certificate verification.
345
#
346
# Mandatory: no
347
# Default:
348
# TLSCAFile=
349
​
350
### Option: TLSCRLFile
351
#       Full pathname of a file containing revoked certificates.
352
#
353
# Mandatory: no
354
# Default:
355
# TLSCRLFile=
356
​
357
### Option: TLSServerCertIssuer
358
#      Allowed server certificate issuer.
359
#
360
# Mandatory: no
361
# Default:
362
# TLSServerCertIssuer=
363
​
364
### Option: TLSServerCertSubject
365
#      Allowed server certificate subject.
366
#
367
# Mandatory: no
368
# Default:
369
# TLSServerCertSubject=
370
​
371
### Option: TLSCertFile
372
#       Full pathname of a file containing the agent certificate or certificate chain.
373
#
374
# Mandatory: no
375
# Default:
376
# TLSCertFile=
377
​
378
### Option: TLSKeyFile
379
#       Full pathname of a file containing the agent private key.
380
#
381
# Mandatory: no
382
# Default:
383
# TLSKeyFile=
384
​
385
### Option: TLSPSKIdentity
386
#       Unique, case sensitive string used to identify the pre-shared key.
387
#
388
# Mandatory: no
389
# Default:
390
# TLSPSKIdentity=
391
​
392
### Option: TLSPSKFile
393
#       Full pathname of a file containing the pre-shared key.
394
#
395
# Mandatory: no
396
# Default:
397
# TLSPSKFile=