目录标题
lnmp 架构
LNMP是指一组通常一起使用来运行动态网站或者服务器的自由软件名称首字母缩写。L指Linux,N指Nginx,M一般指MySQL,也可以指MariaDB,P一般指PHP,也可以指Perl或Python。
Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP 、 POP3、SMTP 代理服务器。
Mysql是一个小型关系型数据库管理系统
PHP是一种在服务器端执行的嵌入HTML文档的脚本语言
这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统
部署lnmp 环境
系统平台 | IP | 部署服务 |
---|---|---|
centos8/redhat8 | 192.168.229.150 | lnmp nginx mysql PHP |
准备工作
## 配置 yum源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# rm -rf *
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
## 清除 缓存
[root@localhost yum.repos.d]# dnf clean all
0 files removed
## 建立缓存
[root@localhost yum.repos.d]# dnf makecache
[root@localhost yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@localhost yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
## 清除 缓存
[root@localhost yum.repos.d]# dnf clean all
0 files removed
## 建立缓存
[root@localhost yum.repos.d]# dnf makecache
## 关闭防火墙跟SElinux
[root@localhost ~]# sed -i '/SELINUX=enforcing/c SELINUX=disabled' /etc/selinux/config
[root@localhost ~]# grep '^SELINUX=' /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
## 重启
[root@localhost ~]# reboot
部署nginx
## 下载 nginx
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://nginx.org/download/nginx-1.22.0.tar.gz
## 下载 依赖包
[root@localhost ~]# dnf -y install boost-devel --allowerasing pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make
[root@localhost ~]# yum -y groups mark install 'Development Tools'
## 创建系统用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
[root@localhost ~]# id nginx
uid=995(nginx) gid=992(nginx) groups=992(nginx)
## 创建日志存放目录
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx/
[root@localhost ~]# ll -d /var/log/nginx/
drwxr-xr-x 2 nginx nginx 6 Aug 31 10:21 /var/log/nginx/
## 编译安装
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug kernels nginx-1.22.0.tar.gz
[root@localhost src]# tar xf nginx-1.22.0.tar.gz
[root@localhost src]# cd nginx-1.22.0
[root@localhost nginx-1.22.0]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
[root@localhost nginx-1.22.0]# nproc ## 查看核心数
2
[root@localhost nginx-1.22.0]# make -j 2 && make install
## 设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# source /etc/profile.d/nginx.sh
[root@localhost ~]# which nginx
/usr/local/nginx/sbin/nginx
## 启动 nginx
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//服务控制方式,使用nginx命令
-t //检查配置文件语法
-v //输出nginx的版本
-c //指定配置文件的路径
-s //发送服务控制信号,可选值有{stop|quit|reopen|reload}
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
// 还没有开启 反向代理之前
## 开启反向代理
[root@localhost ~]# sed -i '/pass the PHP/{N;/#/{n;s/#//g}}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/^ location ~ \\.php/{N;s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/fastcgi_pass/{s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/fastcgi_index/{s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/SCRIPT_FILENAME/c \ fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/fastcgi_params/{s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/fastcgi_params/{n;s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/^ index/c \ index index.php index.html index.htm;' /usr/local/nginx/conf/nginx.conf
### 修改之后的内容
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;
include fastcgi_params;
}
配置 PHP 网页
[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# cat index.php
<?php
phpinfo();
?>
## 停掉之后立马启动
[root@localhost ~]# nginx -s stop;nginx
[root@localhost ~]# nginx -s reload // 推荐使用
## 设置开机自启
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# cp sshd.service nginxd.service
[root@localhost system]# vim nginxd.service
[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@localhost system]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now nginxd
访问 nginx
部署 mysql
# 安装依赖包
[root@localhost ~]# dnf -y install ncurses-compat-libs openssl-devel openssl cmake mariadb-devel
# 创建mysql系统用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin mysql
[root@localhost ~]# id mysql
uid=994(mysql) gid=991(mysql) groups=991(mysql)
# 下载二进制格式的mysql软件包
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz
[root@localhost src]# ls
debug kernels mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz nginx-1.22.0 nginx-1.22.0.tar.gz
# 解压软件至/usr/local/
[root@localhost src]# tar xf mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@localhost src]# cd /usr/local/
[root@localhost local]# mv mysql-5.7.37-linux-glibc2.12-x86_64 mysql # 重命名为 mysql
[root@localhost local]# ll -d mysql/
drwxr-xr-x 9 root root 129 Aug 31 12:49 mysql/
# 修改目录/usr/local/mysql的属主属组
[root@localhost local]# chown -R mysql.mysql mysql/
[root@localhost local]# ll -d mysql/
drwxr-xr-x 9 mysql mysql 129 Aug 31 12:49 mysql/
# 添加环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost ~]# . /etc/profile.d/mysql.sh
[root@localhost ~]# which mysqld
/usr/local/mysql/bin/mysqld
# 配置include
## 软链接到/usr/include/mysql,叫mysql
[root@localhost ~]# ln -s /usr/local/mysql/include /usr/include/mysql
# 配置 man 文档
[root@localhost ~]# sed -i '/MANDATORY_MANPATH.*.\/local\/share\/man/a MANDATORY_MANPATH\t\t\t/usr/local/mysql/man' /etc/man_db.conf
\t 表示一个tab
# 映射库文件
[root@localhost ~]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
[root@localhost ~]# ldconfig # 让其生效
# 建立数据存放目录
[root@localhost ~]# mkdir -p /opt/data
[root@localhost ~]# chown -R mysql.mysql /opt/data/
[root@localhost ~]# ll /opt/data/ -d
drwxr-xr-x 2 mysql mysql 6 Aug 31 12:59 /opt/data/
# 初始化数据库
[root@localhost ~]# /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/
......省略
root@localhost: zzWcsjwx9:-B
# 请注意,这个命令的最后会生成一个临时密码,此处密码是 zzWcsjwx9:-B
# 再次注意,这个密码是随机的,你的不会跟我一样,一定要记住这个密码,因为一会登录时会用到
# 生成配置文件
[root@localhost ~]# cat /etc/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
# 配置服务启动脚本
[root@localhost ~]# cd /usr/local/mysql/support-files/
[root@localhost support-files]# cp mysql.server /etc/init.d/mysqld
[root@localhost support-files]# ll /etc/init.d/mysqld
-rwxr-xr-x 1 root root 10576 Aug 31 13:04 /etc/init.d/mysqld
# 设置所有者所属组为mysql
[root@localhost support-files]# chown -R mysql.mysql /etc/init.d/mysqld
[root@localhost support-files]# ll /etc/init.d/mysqld
-rwxr-xr-x 1 mysql mysql 10576 Aug 31 13:04 /etc/init.d/mysqld
[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqld
basedir= // 需要添加MySQL 路径
[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqld
datadir= // 数据存放路径
[root@localhost ~]# sed -i '/^basedir=/c basedir=/usr/local/mysql' /etc/init.d/mysqld
[root@localhost ~]# sed -i '/^datadir=/c datadir=/opt/data' /etc/init.d/mysqld
[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqld
basedir=/usr/local/mysql
[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqld
datadir=/opt/data
# 启动mysql 、 并开机自启
[root@localhost ~]# chkconfig --add mysqld
[root@localhost ~]# chkconfig mysqld on
[root@localhost ~]# service mysqld start
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]#
## 查看mysql 进程
[root@localhost ~]# ps -ef | grep mysqld
root 33663 33589 0 13:06 pts/0 00:00:00 vim /etc/init.d/mysqld
root 33695 1 0 13:09 pts/2 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/opt/data --pid-file=/opt/data/mysql.pid
mysql 33883 33695 0 13:09 pts/2 00:00:00 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/opt/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=localhost.localdomain.err --pid-file=/opt/data/mysql.pid --socket=/tmp/mysql.sock --port=3306
root 33914 10200 0 13:09 pts/2 00:00:00 grep --color=auto mysqld
[root@localhost ~]#
# 修改密码
# 使用临时密码登录
[root@localhost ~]# mysql -uroot -p'zzWcsjwx9:-B'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.37
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password = password('runtime123!'); # 设置新密码
mysql> quit
Bye
# 退出登录验证密码
[root@localhost ~]# mysql -uroot -pruntime123!
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.37 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
部署 PHP
# 下载 PHP
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://www.php.net/distributions/php-7.4.29.tar.xz
........省略
[root@localhost src]# ls
debug mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz nginx-1.22.0.tar.gz
kernels nginx-1.22.0 php-7.4.29.tar.xz
[root@localhost src]# tar xf php-7.4.29.tar.xz # 解压
# 这是查找MySQL跟PHP打交道的包名
[root@localhost ~]# dnf list all | grep mysql | grep php
php-mysqlnd.x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66 AppStream
# 安装依赖包
[root@localhost ~]# dnf -y install libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd
安装过程略....
# 安装 oniguruma 包
[root@localhost ~]# dnf -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
# 编译安装php
[root@localhost ~]# cd /usr/src/php-7.4.29
[root@localhost php-7.4.29]# ./configure --prefix=/usr/local/php7 \
--with-config-file-path=/etc \
--enable-fpm \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-json \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix
# make
[root@localhost php-7.4.29]# make
编译过程略
[root@localhost php-7.4.29]# make install
安装过程略
# 安装后配置
[root@localhost ~]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
[root@localhost ~]# source /etc/profile.d/php7.sh
[root@localhost ~]# which php
/usr/local/php7/bin/php
# 配置头文件
[root@localhost ~]# ln -s /usr/local/php7/include /usr/include/php7
# 配置库文件
[root@localhost ~]# echo '/usr/local/php7/lib' > /etc/ld.so.conf.d/php7.conf
[root@localhost ~]# ldconfig
# 查看版本
[root@localhost ~]# php -v
PHP 7.4.29 (cli) (built: Jul 4 2022 21:07:32) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
# 配置php-fpm
[root@localhost ~]# cd /usr/src/php-7.4.29
[root@localhost php-7.4.29]# \cp php.ini-production /etc/php.ini # 这个文件已存在所以要加上\表示覆盖
[root@localhost php-7.4.29]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm
-rw-r--r-- 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm
[root@localhost php-7.4.29]# chmod +x /etc/init.d/php-fpm
[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm
-rwxr-xr-x 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm
[root@localhost ~]# cd /usr/local/php7/etc
[root@localhost etc]# cp php-fpm.conf.default php-fpm.conf
[root@localhost etc]# cd php-fpm.d
[root@localhost php-fpm.d]# cp www.conf.default www.conf
[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.conf
user = nobody
[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.conf
group = nobody
[root@localhost ~]# sed -i '/^user = nobody/c user = nginx' /usr/local/php7/etc/php-fpm.d/www.conf
[root@localhost ~]# sed -i '/^group = nobody/c group = nginx' /usr/local/php7/etc/php-fpm.d/www.conf
[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.conf
user = nginx
[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.conf
group = nginx
# 编辑php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf):
# 配置fpm的相关选项为你所需要的值:
[root@localhost ~]# vim /usr/local/php7/etc/php-fpm.conf
.....
.....
pm.max_children = 50 ;最多同时提供50个进程提供50个并发服务
pm.start_servers = 5 ;启动时启动5个进程
pm.min_spare_servers = 2 ;最小空闲进程数
pm.max_spare_servers = 8 ;最大空闲进程数
[root@localhost ~]# tail /usr/local/php7/etc/php-fpm.conf
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8
# 查看端口号是否监听在9000上
[root@localhost php-fpm.d]# pwd
/usr/local/php7/etc/php-fpm.d
[root@localhost php-fpm.d]# vim www.conf
listen = 127.0.0.1:9000 # 查看端口号是否监听在9000上
# 启动php-fpm 、 并开机自启
[root@localhost ~]# service php-fpm start
[root@localhost ~]# chkconfig --add php-fpm
[root@localhost ~]# chkconfig php-fpm on
# 默认情况下,fpm监听在127.0.0.1的9000端口,也可以使用如下命令验证其是否已经监听在相应的套接字
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]#
### 查看 PHP 进程
[root@localhost ~]# ps -ef | grep php
root 164486 1 0 13:43 ? 00:00:00 php-fpm: master process (/usr/localphp7/etc/php-fpm.conf)
nobody 164487 164486 0 13:43 ? 00:00:00 php-fpm: pool www
nobody 164488 164486 0 13:43 ? 00:00:00 php-fpm: pool www
root 164499 33589 0 13:44 pts/0 00:00:00 grep --color=auto php
## 最后可以重启是否可以开机自启
[root@localhost ~]# reboot
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port
LISTEN 0 128 0.0.0.0:22
LISTEN 0 128 127.0.0.1:9000
LISTEN 0 128 0.0.0.0:80
LISTEN 0 128 [::]:22
LISTEN 0 80 *:3306
访问
使用Ansible 部署 zabbix6.0版本
环境
系统平台 | IP | 主机名 | 服务 |
---|---|---|---|
centos8/redhat8 | 192.168.229.152 | ansible | ansible |
centos8/redhat8 | 192.168.229.148 | zabbix(lnmp) | nginx1.22版本 MySQL8.0版本 PHP8.0版本 |
准备工作
// 设置免密登录
[root@ansible ~]# ssh-keygen -t rsa // 创建公钥和私钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rHnSIQpodwovKVscIJmL4STrMm9tWyKG0cf1zhrosRw root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| |
| o |
|B. . |
|*B . . o |
|*++.o.. S |
|o+=+oo B . |
|=+=+E * = |
|o*o+o* = |
|....=.. |
+----[SHA256]-----+
//使用 ssh-copy-id 将公钥复制到远程系统上的正确位置
[root@ansible ~]# ssh-copy-id root@zabbix
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'zabbix (192.168.229.148)' can't be established.
ECDSA key fingerprint is SHA256:n2ckGGr820b4Fez6NUHXuOApoQ3oCuf3POTLfTxOsS4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@zabbix's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@zabbix'"
and check to make sure that only the key(s) you wanted were added.
ansible 操作
[root@ansible ~]# mkdir zabbix // 创建跟部署同名的目录
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat inventory // 清单
[web]
zabbix
// 复制ansible.cfg 到当前目录
[root@ansible zabbix]# cp /etc/ansible/ansible.cfg .
[root@ansible zabbix]#
[root@ansible zabbix]# ls
ansible.cfg inventory
[root@ansible zabbix]# vim ansible.cfg
inventory = inventory // 修改为inventory
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
// 创建files目录放软件或放文件。创建vars 目录用来放变量
[root@ansible zabbix]# mkdir files vars
[root@ansible zabbix]# ls
ansible.cfg files inventory vars
// 测试ping 是否能ping 通
[root@ansible zabbix]# ansible zabbix -m ping
zabbix | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
考虑一个问题:
对面是否有 yum 源和是否已关闭防火墙跟SElinux
所以需要编写 配置yum 的playbook,如果对面的受控机没有yum 源就引用已编写好的playbook
// 使用临时 命令查看对面是否有yum 源
[root@ansible zabbix]# ansible zabbix -m shell -a "ls /etc/yum.repos.d"
zabbix | CHANGED | rc=0 >>
[root@ansible zabbix]#
// 编写配置 yum 源的 playbook
[root@ansible zabbix]# pwd
/root/zabbix
[root@ansible zabbix]# cat files/yum.sh // 安装yum 的脚本
#!/bin/bash
cd /etc/yum.repos.d
if [ ! -f CentOS-Base.repo ];then
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
fi
if [ ! -f epel ];then
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
fi
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# chmod +x yum.sh // 给执行权限
[root@ansible files]# ll
total 4
-rwxr-xr-x. 1 root root 566 Sep 4 09:46 yum.sh
[root@ansible zabbix]# cat yum.yml // 安装yum 源的playbook
- name: config yum
script: files/yum.sh
[root@ansible zabbix]# cat mail.yml // 主配置文件
---
- hosts: zabbix
tasks:
- include_tasks: yum.yml // 引用
// 执行 playbook
[root@ansible zabbix]# ansible-playbook mail.yml
...省略N
// 查看对面是否已有yum 源
[root@ansible zabbix]# ansible zabbix -m shell -a 'ls /etc/yum.repos.d/'
zabbix | CHANGED | rc=0 >>
CentOS-Base.repo
epel-modular.repo
epel.repo
epel-testing-modular.repo
epel-testing.repo
配置关闭防火墙跟SElinux的playbook
// 关闭防火墙
[root@ansible zabbix]# cat firewalld.yml
- name: stop firewalld
service:
name: firewalld
state: stopped
enabled: no
// 关闭SElinux
[root@ansible zabbix]# cat selinux.yml
- name: Ensure SELinux is set to disabled mode
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
// 引用 关闭防火墙跟SElinux的playbook
[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
// 执行 playbook
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N
// 查看是否已关闭firewalld
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status firewalld'
zabbix | FAILED | rc=3 >>
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
// 查看是否已关闭SElinux
[root@ansible zabbix]# ansible zabbix -m shell -a "grep '^SELINUX=' /etc/selinux/config"
zabbix | CHANGED | rc=0 >>
SELINUX=disabled
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# ls
mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz nginx-1.22.0.tar.gz php-8.0.23.tar.gz yum.sh
部署nginx 的playbook
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim nginx.yml
- name: create user nginx // 创建用户
user:
name: nginx
state: present
create_home: no
system: yes
shell: /sbin/nologin
- name: install pkgs // 安装依赖包
dnf:
name: "{{ item }}" // 依赖包有多个的情况下建议用变量
state: present
loop: "{{ nginx_depend_pkgs }}"
- name: copy software nginx-1.22.0.tar.gz // 传软件到受控机
copy:
src: files/nginx-1.22.0.tar.gz
dest: /usr/src/
- name: exec script // 执行脚本
script: files/nginx.sh
// vars目录下面的nginx.yml
[root@ansible zabbix]# cat vars/nginx.yml
nginx_depend_pkgs:
- pcre-devel
- openssl
- openssl-devel
- gd-devel
- gcc
- gcc-c++
- make
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat nginx.sh
#!/bin/bash
nginx_install_dir=/usr/local/nginx
# 创建日志存放目录
if [ !-d /var/log/nginx ];then
mkdir -p /var/log/nginx
chown -R nginx.nginx /var/log/nginx/
fi
# 编译安装
if [ ! -d $nginx_install_dir ];then
cd /usr/src/
tar xf nginx-1.22.0.tar.gz
cd nginx-1.22.0
./configure \
--prefix=$nginx_install_dir \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
make && make install
fi
echo "export PATH=$nginx_install_dir/sbin:\$PATH" > /etc/profile.d/nginx.sh
# 开启反向代理。先注释,看访问效果,是否能访问
#sed -i '/pass the PHP/{N;/#/{n;s/#//g}}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^ location ~ \\.php/{N;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_pass/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_index/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/SCRIPT_FILENAME/c \ fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{n;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^ index/c \ index index.php index.html index.htm;' $nginx_install_dir/conf/nginx.conf
cat > $nginx_install_dir/html/index.php <<EOF
<?php
phpinfo();
?>
EOF
cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=$nginx_install_dir/sbin/nginx
ExecStop=$nginx_install_dir/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
[root@ansible files]# chmod +x nginx.sh // 添加执行权限
[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
vars_files: // 有变量需要设置
- vars/nginx.yml
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: nginx.yml // 引用
// 执行。执行完成之后验证是否能正常访问
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N
// 查看状态
[root@ansible zabbix]# ansible zabbix -m shell -a "systemctl status nginx"
zabbix | CHANGED | rc=0 >>
● nginx.service - nginx server daemon
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-09-04 12:01:05 CST; 1min 55s ago
Process: 45038 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
访问IP 192.168.229.148
部署 MySQL8.0版本
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat mysql.yml
- name: create user myslq // 创建用户
user:
name: mysql
state: present
system: yes
create_home: no
shell: /sbin/nologin
- name: install pkgs // 安装依赖包
dnf:
name: "{{ item }}"
state: present
loop: "{{ mysql_depend_pkgs }}" // 多个依赖的情况下使用变量
- name: copy software pkg // 传递软件包到受控主机
copy:
src: files/mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz
dest: /usr/src/
- name: exec script // 执行脚本
script: files/mysql.sh
[root@ansible zabbix]# cat vars/mysql.yml // 定义的变量,下载依赖包
mysql_depend_pkgs:
- ncurses-compat-libs
- cmake
- mariadb-devel
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat mysql.sh // 脚本内容
#!/bin/bash
mysql_install_dir=/usr/local/mysql
mysql_datadir=/opt/data
if [ ! -d $mysql_install_dir ];then
cd /usr/src
tar xf mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz
mv mysql-8.0.12-linux-glibc2.12-x86_64 $mysql_install_dir
chown -R mysql.mysql $mysql_install_dir
fi
echo "export PATH=$mysql_install_dir/bin:\$PATH" > /etc/profile.d/mysql.sh
ln -s $mysql_install_dir/include /usr/include/mysql &> /dev/null
grep "$mysql_install_dir/man" /etc/man_db.conf
if [ $? -ne 0 ];then
sed -i "/MANDATORY_MANPATH.*.\/local\/share\/man/a MANDATORY_MANPATH\t\t\t$mysql_install_dir/man" /etc/man_db.conf
fi
echo "$mysql_install_dir/lib" > /etc/ld.so.conf.d/mysql.conf
ldconfig
if [ !-d $mysql_datadir ];then
mkdir -p $mysql_datadir
fi
result=$(ls $mysql_datadir/|wc -l)
if [ $result -eq 0 ];then
$mysql_install_dir/bin/mysqld --initialize-insecure --user=mysql --datadir=$mysql_datadir
fi
cat > /etc/my.cnf <<EOF
[mysqld]
basedir = $mysql_install_dir
datadir = $mysql_datadir
socket = /tmp/mysql.sock
port = 3306
pid-file = $mysql_datadir/mysql.pid
user = mysql
skip-name-resolve
EOF
cp $mysql_install_dir/support-files/mysql.server /etc/init.d/mysqld
chown -R mysql.mysql /etc/init.d/mysqld
sed -i "/^basedir=/c basedir=$mysql_install_dir" /etc/init.d/mysqld
sed -i "/^datadir=/c datadir=$mysql_datadir" /etc/init.d/mysqld
ss -antl|grep 3306
if [ $? -ne 0 ];then
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
$mysql_install_dir/bin/mysql -uroot -e "alter user 'root'@'localhost' identified by 'runtime123';"
fi
[root@ansible files]# chmod +x mysql.sh // 添加执行权限
// 主配置文件
[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
vars_files:
- vars/nginx.yml
- vars/mysql.yml // 变量
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: nginx.yml
- include_tasks: mysql.yml // 编写完后引用
// 引用进来后执行playbook
[root@ansible zabbix]# ansible-playbook mail.yml
... 省略N
// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a 'ss -antl'
zabbix | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 70 *:33060 *:* // 33060端口起来
LISTEN 0 128 *:3306 *:* // 3306端口起来
LISTEN 0 128 [::]:22 [::]:*
// 到zabbix 查看是否能用新密码登录。不登录的情况下查看里面的数据库
[root@zabbix ~]# /usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
#### 2> /dev/null 意思是把错误的输出丢到黑洞里
// 也可以在控制主机上查看
[root@ansible zabbix]# ansible zabbix -m shell -a "/usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null"
zabbix | CHANGED | rc=0 >>
Database
information_schema // 跟第一个数据库是一样的
mysql
performance_schema
sys
// 查看的内容是一样的
部署PHP
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim php.yml
- name: provide software pkg // 提供软件包
copy:
src: files/php-8.0.23.tar.gz
dest: /usr/src/
- name: exec script // 执行脚本
script: files/php.sh
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# vim php.sh
#!/bin/bash
dnf -y install libxml2-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm &> /dev/null
if [ ! -d /usr/local/php8 ];then
cd /usr/src
tar xf php-8.0.23.tar.gz
cd /usr/src/php-8.0.23
./configure --prefix=/usr/local/php8 \
--with-config-file-path=/etc \
--enable-fpm \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-json \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix
make && make install
fi
echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
ln -s /usr/local/php8/include /usr/include/php8 &> /dev/null
echo '/usr/local/php8/lib' > /etc/ld.so.conf.d/php8.conf
ldconfig
if [ ! -f /etc/init.d/php-fpm ];then
cd /usr/src/php-8.0.23
\cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
fi
if [ ! -f /usr/local/php7/etc/php-fpm.d/www.conf ];then
cd /usr/local/php8/etc
cp php-fpm.conf.default php-fpm.conf
cd php-fpm.d
cp www.conf.default www.conf
sed -i '/^user = nobody/c user = nginx' /usr/local/php8/etc/php-fpm.d/www.conf
sed -i '/^group = nobody/c group = nginx' /usr/local/php8/etc/php-fpm.d/www.conf
fi
service php-fpm start
chkconfig --add php-fpm
chkconfig php-fpm on
[root@ansible files]# chmod +x php.sh
[root@ansible zabbix]# vim mail.yml
---
- hosts: zabbix
vars_files:
- vars/nginx.yml
- vars/mysql.yml
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: nginx.yml
- include_tasks: mysql.yml
- include_tasks: php.yml // 引用
// 执行playbook
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# ansible-playbook mail.yml
...省略N
// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* // 9000 端口已有
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 70 *:33060 *:*
LISTEN 0 128 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
现在把这几行的注释取消掉
# 开启反向代理
#sed -i '/pass the PHP/{N;/#/{n;s/#//g}}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^ location ~ \\.php/{N;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_pass/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_index/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/SCRIPT_FILENAME/c \ fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{n;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^ index/c \ index index.php index.html index.htm;' $nginx_install_dir/conf/nginx.conf
// 把注释取消后执行 playbook
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N
// 如果访问不到是因为你还没有让其的nginx.conf 配置文件没有生效
访问 192.168.229.148
部署zabbix
在上面的基础上部署zabbix6.0版本
环境
系统平台 | IP | 主机名 | |
---|---|---|---|
centos8/ redhat8 | 192.168.229.152 | ansible | 控制主机 |
centos8/ redhat8 | 192.168.229.148 | zabbix | 服务端 |
centos8/ redhat8 | 192.168.229.150 | zabbix_slave | 客户端 |
部署zabbix服务端
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat zabbix_server.yml
- name: create user zabbix
user:
name: zabbix
state: present
create_home: no
system: yes
shell: /sbin/nologin
- name: copy software zabbix-6.0.8.tar.gz
copy:
src: files/zabbix-6.0.8.tar.gz
dest: /usr/src/
- name: exec script
script: files/zabbix_server.sh
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# vim zabbix_server.sh
#!/bin/bash
dnf -y install net-snmp-devel libevent-devel &> /dev/null
if [ ! -d /usr/local/zabbix ];then
cd /usr/src/
tar xf zabbix-6.0.8.tar.gz
mv zabbix-6.0.8 /usr/local/zabbix
fi
if [ ! -d /usr/lib/zabbix ];then
mkdir -p /usr/lib/zabbix
chmod 770 /usr/lib/zabbix
chown -R zabbix.zabbix /usr/lib/zabbix/
fi
/usr/local/mysql/bin/mysql -uroot -pruntime123 -e "show databases;" 2> /dev/null|grep 'zabbix'
if [ $? -ne 0 ];then
/usr/local/mysql/bin/mysql -uroot -pruntime123 -e "create database zabbix character set utf8mb4 collate utf8mb4_bin;create user 'zabbix'@'localhost' identified by 'zabbix123';grant all privileges on zabbix.* to 'zabbix'@'localhost';flush privileges;" 2> /dev/null
fi
zabbix_result=$(/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 -e "use zabbix;show tables;")
if [ $zabbix_result -lt 2 ];then
cd /usr/local/zabbix/database/mysql/
/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < schema.sql 2> /dev/null
/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < images.sql 2> /dev/null
/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < data.sql 2> /dev/null
cd /usr/local/zabbix
./configure --enable-server --enable-agent --with-mysql --with-net-snmp --with-libcurl --with-libxml2 --with-openipmi
make install
fi
sed -i '/^DBUser=/c DBUser=zabbix' /usr/local/etc/zabbix_server.conf
sed -i '/DBPassword=/c DBPassword=zabbix123' /usr/local/etc/zabbix_server.conf
sed -i '/DBSocket=/c DBSocket=/tmp/mysql.sock' /usr/local/etc/zabbix_server.conf
sed -i '/post_max_size =/s/8M/16M/g' /etc/php.ini
sed -i '/max_execution_time/c max_execution_time = 300' /etc/php.ini
sed -i '/max_input_time =/c max_input_time = 300' /etc/php.ini
grep 'Asia/Shanghai' /etc/php.ini
if [ $? -ne 0 ];then
sed -i '/;date.timezone/a date.timezone = Asia/Shanghai' /etc/php.ini
fi
if [ ! -f /usr/local/nginx/html/conf ];then
cd /usr/local/nginx/html
rm -rf *
cp -a /usr/local/zabbix/ui/* .
chown -R nginx.nginx /usr/local/nginx
chmod 777 /usr/local/nginx/html/conf
fi
cat > /usr/lib/systemd/system/zabbix-server.service <<EOF
[Unit]
Description=zabbix-server server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_server
ExecStop=ps -ef | grep zabbix_server|grep -v grep|awk '{print \$2}'|xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
cat > /usr/lib/systemd/system/zabbix-adentd.service <<EOF
[Unit]
Description=zabbix-server server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_agentd
ExecStop=ps -ef | grep zabbix_agentd|grep -v grep|awk '{print \$2}'|xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now zabbix-server
systemctl enable --now zabbix-agentd
[root@ansible files]# chmod +x zabbix_server.sh
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim mail.yml
---
- hosts: zabbix
vars_files:
- vars/nginx.yml
- vars/mysql.yml
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: nginx.yml
- include_tasks: mysql.yml
- include_tasks: php.yml
- include_tasks: zabbix_server.yml // 引用
// 测试
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# ansible-playbook mail.yml
....省略N
// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:* // 客户端端口
LISTEN 0 128 0.0.0.0:10051 0.0.0.0:* // 服务端端口
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 70 *:33060 *:*
LISTEN 0 128 *:3306 *:*
// 服务端已开机自启
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-server'
zabbix | CHANGED | rc=0 >>
● zabbix-server.service - zabbix-server server daemon
Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-09-04 20:25:49 CST; 1min 25s ago
Process: 2173 ExecStart=/usr/local/sbin/zabbix_server (code=exited, status=0/SUCCESS)
....省略N
// 客户端已开机自启
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-agentd'
zabbix | CHANGED | rc=0 >>
● zabbix-agentd.service - zabbix-server server daemon
Loaded: loaded (/usr/lib/systemd/system/zabbix-agentd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-09-04 20:19:38 CST; 8min ago
....省略N
访问验证 192.168.229.148
部署客户端
// 设置免密登录
[root@ansible ~]# ssh-copy-id root@slave
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'slave (192.168.229.150)' can't be established.
ECDSA key fingerprint is SHA256:BSCsrBDXmOy0vQCzkxthvFwA+8EIkoMVyeVV45QrFdM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@slave's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@slave'"
and check to make sure that only the key(s) you wanted were added.
// 清单文件
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat inventory
[web]
zabbix
[slave]
slave
// 测试
[root@ansible zabbix]# ansible slave -m ping
slave | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
// 查看对面受控主机是否有 yum源
[root@ansible zabbix]# ansible slave -m shell -a 'ls /etc/yum.repos.d/' 2> /dev/null
slave | CHANGED | rc=0 >>
CentOS-Stream-AppStream.repo
CentOS-Stream-BaseOS.repo
CentOS-Stream-Debuginfo.repo
CentOS-Stream-Extras.repo
CentOS-Stream-HighAvailability.repo
CentOS-Stream-Media.repo
CentOS-Stream-NFV.repo
CentOS-Stream-PowerTools.repo
CentOS-Stream-RealTime.repo
CentOS-Stream-ResilientStorage.repo
CentOS-Stream-Sources.repo
[root@ansible zabbix]# vim zabbix_slave.yml
- name: create user zabbix
user:
name: zabbix
state: present
create_home: no
system: yes
shell: /sbin/nologin
- name: copy software pkg
copy:
src: files/zabbix-6.0.8.tar.gz
dest: /usr/src/
- name: exec script
script: files/zabbix_slave.sh
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat zabbix_slave.sh
#!/bin/bash
dnf -y install gcc gcc-c++ make vim wget pcre-devel &> /dev/null
if [ ! -d /usr/local/zabbix ];then
cd /usr/src
tar xf /usr/src/zabbix-6.0.8.tar.gz
mv zabbix-6.0.8 /usr/local/zabbix
cd /usr/local/zabbix
./configure --enable-agent
make install
fi
sed -i "/^Server=/c Server=192.168.229.152" /usr/local/etc/zabbix_agentd.conf
sed -i "/^ServerActive=/c ServerActive=192.168.229.152" /usr/local/etc/zabbix_agentd.conf
sed -i "/^Hostname=/c Hostname=zabbix_slave" /usr/local/etc/zabbix_agentd.conf
cat > /usr/lib/systemd/system/zabbix_agentd.service <<EOF
[Unit]
Description=zabbix_agentd server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_agentd
ExecStop=ps -ef | grep zabbix_agentd|grep -v grep | awk '{print \$2}' | xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now zabbix_agentd
[root@ansible files]# chmod +x zabbix_slave.sh
// 主playbook
[root@ansible zabbix]# vim mail.yml
---
- name: deploy zabbix_server
hosts: zabbix
vars_files:
- vars/nginx.yml
- vars/mysql.yml
tasks:
- include_tasks: yum.yml
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: nginx.yml
- include_tasks: mysql.yml
- include_tasks: php.yml
- include_tasks: zabbix_server.yml
- name: deploy zabbix_slave // 添加下面的
hosts: slave
tasks:
- include_tasks: firewalld.yml
- include_tasks: selinux.yml
- include_tasks: zabbix_slave.yml
// 测试
[root@ansible zabbix]# ansible-playbook mail.yml
....省略N
// 端口号已起来
[root@ansible zabbix]# ansible slave -m shell -a 'ss -antl' 2> /dev/null
slave | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
// 已开机自启
[root@ansible zabbix]# ansible slave -m shell -a 'systemctl status zabbix_agentd' 2> /dev/null
slave | CHANGED | rc=0 >>
● zabbix_agentd.service - zabbix_agentd server daemon
Loaded: loaded (/usr/lib/systemd/system/zabbix_agentd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2022-09-05 21:26:06 CST; 2min 4s ago
Process: 20730 ExecStart=/usr/local/sbin/zabbix_agentd (code=exited, status=0/SUCCESS)
Main PID: 20732 (zabbix_agentd)