lnmp部署&&Ansible部署zabbix6.0版本

最新推荐文章于 2024-08-23 16:35:18 发布
最新推荐文章于 2024-08-23 16:35:18 发布
阅读量1.1k 收藏 4
点赞数 2
文章标签: ansible 服务器 php
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_58805648/article/details/126736325
版权

目录标题

lnmp 架构

LNMP是指一组通常一起使用来运行动态网站或者服务器的自由软件名称首字母缩写。L指Linux,N指Nginx,M一般指MySQL,也可以指MariaDB,P一般指PHP,也可以指Perl或Python。

Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP 、 POP3、SMTP 代理服务器。

Mysql是一个小型关系型数据库管理系统

PHP是一种在服务器端执行的嵌入HTML文档的脚本语言

这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统

nginx官网

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YRXzYvuG-1662478604404)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661825211379.png)]

mysql官网

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-J59OktHd-1662478604405)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661825258127.png)]

PHP官网

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WDeolP0X-1662478604406)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661825303829.png)]

部署lnmp 环境

系统平台IP部署服务
centos8/redhat8192.168.229.150lnmp
nginx
mysql
PHP
准备工作
## 配置 yum源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# rm -rf *
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo


## 清除 缓存
[root@localhost yum.repos.d]# dnf clean all
0 files removed

## 建立缓存
[root@localhost yum.repos.d]# dnf makecache


[root@localhost yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm

[root@localhost yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*

## 清除 缓存
[root@localhost yum.repos.d]# dnf clean all
0 files removed

## 建立缓存
[root@localhost yum.repos.d]# dnf makecache


## 关闭防火墙跟SElinux
[root@localhost ~]# sed -i '/SELINUX=enforcing/c SELINUX=disabled' /etc/selinux/config
[root@localhost ~]# grep '^SELINUX=' /etc/selinux/config
SELINUX=disabled

[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.


## 重启
[root@localhost ~]# reboot
部署nginx
## 下载 nginx
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://nginx.org/download/nginx-1.22.0.tar.gz

## 下载 依赖包
[root@localhost ~]# dnf -y install  boost-devel --allowerasing pcre-devel openssl openssl-devel gd-devel  gcc gcc-c++ make

[root@localhost ~]# yum -y groups mark install 'Development Tools'


## 创建系统用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx
[root@localhost ~]# id nginx
uid=995(nginx) gid=992(nginx) groups=992(nginx)


 ## 创建日志存放目录
[root@localhost ~]# mkdir -p /var/log/nginx
[root@localhost ~]# chown -R nginx.nginx /var/log/nginx/
[root@localhost ~]# ll -d /var/log/nginx/
drwxr-xr-x 2 nginx nginx 6 Aug 31 10:21 /var/log/nginx/


## 编译安装
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug  kernels  nginx-1.22.0.tar.gz
[root@localhost src]# tar xf nginx-1.22.0.tar.gz
[root@localhost src]# cd nginx-1.22.0
[root@localhost nginx-1.22.0]# ./configure \
 --prefix=/usr/local/nginx \
 --user=nginx \
 --group=nginx \
 --with-debug \
 --with-http_ssl_module \
 --with-http_realip_module \
 --with-http_image_filter_module \
 --with-http_gunzip_module \
 --with-http_gzip_static_module \
 --with-http_stub_status_module \
 --http-log-path=/var/log/nginx/access.log \
 --error-log-path=/var/log/nginx/error.log

[root@localhost nginx-1.22.0]# nproc  ## 查看核心数
2
[root@localhost nginx-1.22.0]# make -j 2 && make install


## 设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# source /etc/profile.d/nginx.sh
[root@localhost ~]# which nginx
/usr/local/nginx/sbin/nginx


## 启动 nginx
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State   Recv-Q  Send-Q    Local Address:Port     Peer Address:Port  Process
LISTEN  0       128             0.0.0.0:80            0.0.0.0:*
LISTEN  0       128             0.0.0.0:22            0.0.0.0:*
LISTEN  0       128                [::]:22               [::]:*

//服务控制方式,使用nginx命令
    -t  //检查配置文件语法
    -v  //输出nginx的版本
    -c  //指定配置文件的路径
    -s  //发送服务控制信号,可选值有{stop|quit|reopen|reload}



        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

// 还没有开启 反向代理之前


## 开启反向代理
[root@localhost ~]# sed -i '/pass the PHP/{N;/#/{n;s/#//g}}'  /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/^        location ~ \\.php/{N;s/#//g}' /usr/local/nginx/conf/nginx.conf 
[root@localhost ~]# sed -i '/fastcgi_pass/{s/#//g}' /usr/local/nginx/conf/nginx.conf

[root@localhost ~]# sed -i '/fastcgi_index/{s/#//g}' /usr/local/nginx/conf/nginx.conf

[root@localhost ~]# sed -i '/SCRIPT_FILENAME/c \            fastcgi_param  SCRIPT_FILENAME  /$document_root$fastcgi_script_name;' /usr/local/nginx/conf/nginx.conf

[root@localhost ~]# sed -i '/fastcgi_params/{s/#//g}' /usr/local/nginx/conf/nginx.conf
[root@localhost ~]# sed -i '/fastcgi_params/{n;s/#//g}' /usr/local/nginx/conf/nginx.conf


[root@localhost ~]# sed -i '/^            index/c \            index index.php index.html index.htm;' /usr/local/nginx/conf/nginx.conf



### 修改之后的内容

        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /$document_root$fastcgi_script_name;
            include        fastcgi_params;
        }


配置 PHP 网页
[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# cat index.php
<?php
        phpinfo();
?>

 ## 停掉之后立马启动
[root@localhost ~]# nginx -s stop;nginx
[root@localhost ~]# nginx -s reload   // 推荐使用

## 设置开机自启
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# cp sshd.service nginxd.service
[root@localhost system]# vim nginxd.service

[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

[root@localhost system]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now nginxd

访问 nginx

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-QFcRYtsg-1662478604406)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661826451780.png)]

部署 mysql
# 安装依赖包
[root@localhost ~]# dnf -y install ncurses-compat-libs openssl-devel openssl cmake mariadb-devel

# 创建mysql系统用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin mysql
[root@localhost ~]# id mysql
uid=994(mysql) gid=991(mysql) groups=991(mysql)


# 下载二进制格式的mysql软件包
[root@localhost ~]# cd /usr/src/
[root@localhost src]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz
[root@localhost src]# ls
debug  kernels  mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz  nginx-1.22.0  nginx-1.22.0.tar.gz


# 解压软件至/usr/local/
[root@localhost src]# tar xf mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@localhost src]# cd /usr/local/
[root@localhost local]# mv mysql-5.7.37-linux-glibc2.12-x86_64 mysql  # 重命名为 mysql
[root@localhost local]# ll -d mysql/
drwxr-xr-x 9 root root 129 Aug 31 12:49 mysql/                        




# 修改目录/usr/local/mysql的属主属组
[root@localhost local]# chown -R mysql.mysql mysql/
[root@localhost local]# ll -d mysql/
drwxr-xr-x 9 mysql mysql 129 Aug 31 12:49 mysql/



# 添加环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost ~]# . /etc/profile.d/mysql.sh
[root@localhost ~]# which mysqld
/usr/local/mysql/bin/mysqld


# 配置include
## 软链接到/usr/include/mysql,叫mysql
[root@localhost ~]# ln -s /usr/local/mysql/include /usr/include/mysql

# 配置 man 文档
[root@localhost ~]# sed -i '/MANDATORY_MANPATH.*.\/local\/share\/man/a MANDATORY_MANPATH\t\t\t/usr/local/mysql/man' /etc/man_db.conf

\t 表示一个tab

# 映射库文件
[root@localhost ~]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
[root@localhost ~]# ldconfig # 让其生效


# 建立数据存放目录
[root@localhost ~]# mkdir -p /opt/data
[root@localhost ~]# chown -R mysql.mysql /opt/data/
[root@localhost ~]# ll /opt/data/ -d
drwxr-xr-x 2 mysql mysql 6 Aug 31 12:59 /opt/data/



# 初始化数据库
[root@localhost ~]# /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/
......省略
root@localhost: zzWcsjwx9:-B
# 请注意,这个命令的最后会生成一个临时密码,此处密码是 zzWcsjwx9:-B
# 再次注意,这个密码是随机的,你的不会跟我一样,一定要记住这个密码,因为一会登录时会用到


# 生成配置文件
[root@localhost ~]# cat  /etc/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve



# 配置服务启动脚本
[root@localhost ~]# cd /usr/local/mysql/support-files/
[root@localhost support-files]# cp mysql.server /etc/init.d/mysqld
[root@localhost support-files]# ll /etc/init.d/mysqld
-rwxr-xr-x 1 root root 10576 Aug 31 13:04 /etc/init.d/mysqld



# 设置所有者所属组为mysql
[root@localhost support-files]# chown -R mysql.mysql  /etc/init.d/mysqld
[root@localhost support-files]# ll /etc/init.d/mysqld
-rwxr-xr-x 1 mysql mysql 10576 Aug 31 13:04 /etc/init.d/mysqld

[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqld
basedir=    // 需要添加MySQL 路径
[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqld
datadir=    // 数据存放路径
[root@localhost ~]# sed -i '/^basedir=/c basedir=/usr/local/mysql' /etc/init.d/mysqld
[root@localhost ~]# sed -i '/^datadir=/c datadir=/opt/data' /etc/init.d/mysqld
[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqld
basedir=/usr/local/mysql
[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqld
datadir=/opt/data


# 启动mysql 、 并开机自启
[root@localhost ~]# chkconfig --add mysqld
[root@localhost ~]# chkconfig mysqld on
[root@localhost ~]# service mysqld start
[root@localhost ~]# ss -antl
State   Recv-Q  Send-Q    Local Address:Port     Peer Address:Port  Process
LISTEN  0       128             0.0.0.0:80            0.0.0.0:*
LISTEN  0       128             0.0.0.0:22            0.0.0.0:*
LISTEN  0       80                    *:3306                *:*
LISTEN  0       128                [::]:22               [::]:*
[root@localhost ~]#

## 查看mysql 进程
[root@localhost ~]# ps -ef | grep mysqld
root       33663   33589  0 13:06 pts/0    00:00:00 vim /etc/init.d/mysqld
root       33695       1  0 13:09 pts/2    00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/opt/data --pid-file=/opt/data/mysql.pid
mysql      33883   33695  0 13:09 pts/2    00:00:00 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/opt/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=localhost.localdomain.err --pid-file=/opt/data/mysql.pid --socket=/tmp/mysql.sock --port=3306
root       33914   10200  0 13:09 pts/2    00:00:00 grep --color=auto mysqld
[root@localhost ~]#



# 修改密码
# 使用临时密码登录
[root@localhost ~]# mysql -uroot -p'zzWcsjwx9:-B'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.37

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set password = password('runtime123!');  # 设置新密码

mysql> quit
Bye


# 退出登录验证密码
[root@localhost ~]# mysql -uroot -pruntime123!
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.37 MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
部署 PHP
# 下载 PHP
[root@localhost ~]# cd /usr/src/
[root@localhost src]#  wget https://www.php.net/distributions/php-7.4.29.tar.xz
........省略
[root@localhost src]# ls
debug    mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz  nginx-1.22.0.tar.gz
kernels  nginx-1.22.0                                php-7.4.29.tar.xz
[root@localhost src]# tar xf php-7.4.29.tar.xz  # 解压


# 这是查找MySQL跟PHP打交道的包名
[root@localhost ~]# dnf list all | grep mysql | grep php
php-mysqlnd.x86_64                                                7.2.24-1.module_el8.2.0+313+b04d0a66                   AppStream


# 安装依赖包
[root@localhost ~]# dnf -y install  libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel  pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd
安装过程略....

# 安装 oniguruma 包
[root@localhost ~]# dnf -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm


# 编译安装php
[root@localhost ~]# cd /usr/src/php-7.4.29
[root@localhost php-7.4.29]# ./configure --prefix=/usr/local/php7  \
--with-config-file-path=/etc \
--enable-fpm \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif  \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-json \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix

# make
[root@localhost php-7.4.29]# make
编译过程略

[root@localhost php-7.4.29]# make install
安装过程略


# 安装后配置
[root@localhost ~]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
[root@localhost ~]# source /etc/profile.d/php7.sh
[root@localhost ~]# which php
/usr/local/php7/bin/php

# 配置头文件
[root@localhost ~]# ln -s /usr/local/php7/include /usr/include/php7

# 配置库文件
[root@localhost ~]# echo '/usr/local/php7/lib' > /etc/ld.so.conf.d/php7.conf
[root@localhost ~]# ldconfig


# 查看版本
[root@localhost ~]# php -v
PHP 7.4.29 (cli) (built: Jul  4 2022 21:07:32) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies



# 配置php-fpm
[root@localhost ~]# cd /usr/src/php-7.4.29
[root@localhost php-7.4.29]# \cp php.ini-production /etc/php.ini  # 这个文件已存在所以要加上\表示覆盖

[root@localhost php-7.4.29]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm
-rw-r--r-- 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm
[root@localhost php-7.4.29]# chmod +x /etc/init.d/php-fpm
[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm
-rwxr-xr-x 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm

[root@localhost ~]# cd /usr/local/php7/etc
[root@localhost etc]# cp php-fpm.conf.default php-fpm.conf
[root@localhost etc]# cd  php-fpm.d
[root@localhost php-fpm.d]# cp www.conf.default www.conf


[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.conf
user = nobody
[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.conf
group = nobody

[root@localhost ~]# sed -i '/^user = nobody/c user = nginx' /usr/local/php7/etc/php-fpm.d/www.conf
[root@localhost ~]# sed -i '/^group = nobody/c group = nginx' /usr/local/php7/etc/php-fpm.d/www.conf

[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.conf
user = nginx
[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.conf
group = nginx


# 编辑php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf):
# 配置fpm的相关选项为你所需要的值:
[root@localhost ~]# vim /usr/local/php7/etc/php-fpm.conf
.....
.....
pm.max_children = 50    ;最多同时提供50个进程提供50个并发服务
pm.start_servers = 5    ;启动时启动5个进程
pm.min_spare_servers = 2    ;最小空闲进程数
pm.max_spare_servers = 8    ;最大空闲进程数

[root@localhost ~]# tail /usr/local/php7/etc/php-fpm.conf
; file.
; Relative path can also be used. They will be prefixed by:
;  - the global prefix if it's been set (-p argument)
;  - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8

#  查看端口号是否监听在9000上
[root@localhost php-fpm.d]# pwd
/usr/local/php7/etc/php-fpm.d
[root@localhost php-fpm.d]# vim www.conf
listen = 127.0.0.1:9000 # 查看端口号是否监听在9000上


# 启动php-fpm 、 并开机自启
[root@localhost ~]# service php-fpm start
[root@localhost ~]# chkconfig --add php-fpm
[root@localhost ~]# chkconfig php-fpm on

# 默认情况下,fpm监听在127.0.0.1的9000端口,也可以使用如下命令验证其是否已经监听在相应的套接字
[root@localhost ~]# ss -antl
State   Recv-Q  Send-Q    Local Address:Port     Peer Address:Port  Process
LISTEN  0       128           127.0.0.1:9000          0.0.0.0:*
LISTEN  0       128             0.0.0.0:80            0.0.0.0:*
LISTEN  0       128             0.0.0.0:22            0.0.0.0:*
LISTEN  0       80                    *:3306                *:*
LISTEN  0       128                [::]:22               [::]:*
[root@localhost ~]#


### 查看 PHP 进程
[root@localhost ~]# ps -ef | grep php
root      164486       1  0 13:43 ?        00:00:00 php-fpm: master process (/usr/localphp7/etc/php-fpm.conf)
nobody    164487  164486  0 13:43 ?        00:00:00 php-fpm: pool www
nobody    164488  164486  0 13:43 ?        00:00:00 php-fpm: pool www
root      164499   33589  0 13:44 pts/0    00:00:00 grep --color=auto php

## 最后可以重启是否可以开机自启
[root@localhost ~]# reboot

[root@localhost ~]# ss -antl
State          Recv-Q         Send-Q                   Local Address:Port
LISTEN         0              128                            0.0.0.0:22
LISTEN         0              128                          127.0.0.1:9000
LISTEN         0              128                            0.0.0.0:80
LISTEN         0              128                               [::]:22
LISTEN         0              80                                   *:3306

访问

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-lrXzCkA7-1662478604407)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661838892699.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4wV72ayn-1662478604408)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1661839224735.png)]

使用Ansible 部署 zabbix6.0版本

环境

系统平台IP主机名服务
centos8/redhat8192.168.229.152ansibleansible
centos8/redhat8192.168.229.148zabbix(lnmp)nginx1.22版本
MySQL8.0版本
PHP8.0版本
准备工作
// 设置免密登录
[root@ansible ~]# ssh-keygen -t rsa   // 创建公钥和私钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rHnSIQpodwovKVscIJmL4STrMm9tWyKG0cf1zhrosRw root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|                 |
| o               |
|B.    .          |
|*B . . o         |
|*++.o.. S        |
|o+=+oo B .       |
|=+=+E * =        |
|o*o+o* =         |
|....=..          |
+----[SHA256]-----+
//使用 ssh-copy-id 将公钥复制到远程系统上的正确位置
[root@ansible ~]# ssh-copy-id root@zabbix
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'zabbix (192.168.229.148)' can't be established.
ECDSA key fingerprint is SHA256:n2ckGGr820b4Fez6NUHXuOApoQ3oCuf3POTLfTxOsS4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@zabbix's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@zabbix'"
and check to make sure that only the key(s) you wanted were added.
ansible 操作
[root@ansible ~]# mkdir zabbix  // 创建跟部署同名的目录
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat inventory  // 清单
[web]
zabbix

// 复制ansible.cfg 到当前目录
[root@ansible zabbix]# cp /etc/ansible/ansible.cfg .
[root@ansible zabbix]#
[root@ansible zabbix]# ls
ansible.cfg  inventory

[root@ansible zabbix]# vim ansible.cfg
inventory      = inventory  // 修改为inventory
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/

// 创建files目录放软件或放文件。创建vars 目录用来放变量
[root@ansible zabbix]# mkdir files vars
[root@ansible zabbix]# ls
ansible.cfg  files  inventory  vars

// 测试ping  是否能ping 通
[root@ansible zabbix]# ansible zabbix -m ping
zabbix | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

考虑一个问题:

​ 对面是否有 yum 源和是否已关闭防火墙跟SElinux

所以需要编写 配置yum 的playbook,如果对面的受控机没有yum 源就引用已编写好的playbook

// 使用临时 命令查看对面是否有yum 源
[root@ansible zabbix]# ansible zabbix -m shell -a "ls /etc/yum.repos.d"
zabbix | CHANGED | rc=0 >>

[root@ansible zabbix]#

// 编写配置 yum 源的 playbook
[root@ansible zabbix]# pwd
/root/zabbix
[root@ansible zabbix]# cat files/yum.sh  // 安装yum 的脚本
#!/bin/bash

cd /etc/yum.repos.d
if [ ! -f CentOS-Base.repo ];then
    curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
    sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
fi

if [ ! -f epel ];then
    yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
    sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
    sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
fi
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# chmod +x yum.sh  // 给执行权限
[root@ansible files]# ll
total 4
-rwxr-xr-x. 1 root root 566 Sep  4 09:46 yum.sh

[root@ansible zabbix]# cat yum.yml  // 安装yum 源的playbook
- name: config yum
  script: files/yum.sh
[root@ansible zabbix]# cat mail.yml  // 主配置文件
---
- hosts: zabbix
  tasks:
    - include_tasks: yum.yml  // 引用

// 执行 playbook
[root@ansible zabbix]# ansible-playbook mail.yml
...省略N
// 查看对面是否已有yum 源
[root@ansible zabbix]# ansible zabbix -m shell -a 'ls /etc/yum.repos.d/'
zabbix | CHANGED | rc=0 >>
CentOS-Base.repo
epel-modular.repo
epel.repo
epel-testing-modular.repo
epel-testing.repo
配置关闭防火墙跟SElinux的playbook
//  关闭防火墙
[root@ansible zabbix]# cat firewalld.yml
- name: stop firewalld
  service:
    name: firewalld
    state: stopped
    enabled: no
// 关闭SElinux
[root@ansible zabbix]# cat selinux.yml
- name: Ensure SELinux is set to disabled mode
  lineinfile:
    path: /etc/selinux/config
    regexp: '^SELINUX='
    line: SELINUX=disabled

// 引用 关闭防火墙跟SElinux的playbook
[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
// 执行 playbook    
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N

// 查看是否已关闭firewalld
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status firewalld'
zabbix | FAILED | rc=3 >>
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
     
     
// 查看是否已关闭SElinux
[root@ansible zabbix]# ansible zabbix -m shell -a "grep '^SELINUX=' /etc/selinux/config"
zabbix | CHANGED | rc=0 >>
SELINUX=disabled

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZcbKoLHZ-1662478604410)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662275220752.png)]

[root@ansible ~]# cd zabbix/files/
[root@ansible files]# ls
mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz  nginx-1.22.0.tar.gz  php-8.0.23.tar.gz  yum.sh
部署nginx 的playbook
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim nginx.yml
- name: create user nginx  // 创建用户
  user:
    name: nginx
    state: present
    create_home: no
    system: yes
    shell: /sbin/nologin

- name: install pkgs  // 安装依赖包
  dnf: 
    name: "{{ item }}"  // 依赖包有多个的情况下建议用变量
    state: present
  loop: "{{ nginx_depend_pkgs }}"

- name: copy software nginx-1.22.0.tar.gz  // 传软件到受控机
  copy:
    src: files/nginx-1.22.0.tar.gz
    dest: /usr/src/ 

- name: exec script  // 执行脚本
  script: files/nginx.sh

// vars目录下面的nginx.yml
[root@ansible zabbix]# cat vars/nginx.yml
nginx_depend_pkgs:
  - pcre-devel
  - openssl
  - openssl-devel
  - gd-devel
  - gcc
  - gcc-c++ 
  - make
  
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat nginx.sh
#!/bin/bash

nginx_install_dir=/usr/local/nginx

# 创建日志存放目录
if [ !-d /var/log/nginx ];then
    mkdir -p /var/log/nginx
    chown -R nginx.nginx /var/log/nginx/
fi

# 编译安装
if [ ! -d $nginx_install_dir ];then
    cd /usr/src/
    tar xf nginx-1.22.0.tar.gz
    cd nginx-1.22.0
    ./configure \
         --prefix=$nginx_install_dir \
         --user=nginx \
         --group=nginx \
         --with-debug \
         --with-http_ssl_module \
         --with-http_realip_module \
         --with-http_image_filter_module \
         --with-http_gunzip_module \
         --with-http_gzip_static_module \
         --with-http_stub_status_module \
         --http-log-path=/var/log/nginx/access.log \
         --error-log-path=/var/log/nginx/error.log
     make && make install
fi

echo "export PATH=$nginx_install_dir/sbin:\$PATH" > /etc/profile.d/nginx.sh

# 开启反向代理。先注释,看访问效果,是否能访问
#sed -i '/pass the PHP/{N;/#/{n;s/#//g}}'  $nginx_install_dir/conf/nginx.conf
#sed -i '/^        location ~ \\.php/{N;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_pass/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_index/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/SCRIPT_FILENAME/c \            fastcgi_param  SCRIPT_FILENAME  /$document_root$fastcgi_script_name;' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{n;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^            index/c \            index index.php index.html index.htm;' $nginx_install_dir/conf/nginx.conf

cat > $nginx_install_dir/html/index.php <<EOF
<?php
        phpinfo();
?>
EOF

cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=$nginx_install_dir/sbin/nginx
ExecStop=$nginx_install_dir/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now nginx
[root@ansible files]# chmod +x nginx.sh  // 添加执行权限

[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
  vars_files:  // 有变量需要设置
    - vars/nginx.yml
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: nginx.yml  // 引用
    
// 执行。执行完成之后验证是否能正常访问
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N

// 查看状态
[root@ansible zabbix]# ansible zabbix -m shell -a "systemctl status nginx"
zabbix | CHANGED | rc=0 >>
● nginx.service - nginx server daemon
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-09-04 12:01:05 CST; 1min 55s ago
  Process: 45038 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)


[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*
LISTEN 0      128             [::]:22           [::]:*

访问IP 192.168.229.148

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ftRqzCkr-1662478604412)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662264127789.png)]

部署 MySQL8.0版本
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat mysql.yml
- name: create user myslq  // 创建用户
  user:
    name: mysql
    state: present
    system: yes
    create_home: no
    shell: /sbin/nologin

- name: install pkgs  // 安装依赖包
  dnf:
    name: "{{ item }}"
    state: present
  loop: "{{ mysql_depend_pkgs }}"  // 多个依赖的情况下使用变量
 
- name: copy software pkg  // 传递软件包到受控主机
  copy:
    src: files/mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz
    dest: /usr/src/

- name: exec script  // 执行脚本
  script: files/mysql.sh

[root@ansible zabbix]# cat vars/mysql.yml  // 定义的变量,下载依赖包
mysql_depend_pkgs:    
  - ncurses-compat-libs
  - cmake
  - mariadb-devel

[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat mysql.sh   // 脚本内容
#!/bin/bash

mysql_install_dir=/usr/local/mysql
mysql_datadir=/opt/data

if [ ! -d $mysql_install_dir ];then
    cd /usr/src
    tar xf mysql-8.0.12-linux-glibc2.12-x86_64.tar.xz
    mv mysql-8.0.12-linux-glibc2.12-x86_64 $mysql_install_dir
    chown -R mysql.mysql $mysql_install_dir
fi

echo "export PATH=$mysql_install_dir/bin:\$PATH" > /etc/profile.d/mysql.sh
ln -s $mysql_install_dir/include /usr/include/mysql &> /dev/null

grep "$mysql_install_dir/man" /etc/man_db.conf
if [ $? -ne 0 ];then
    sed -i "/MANDATORY_MANPATH.*.\/local\/share\/man/a MANDATORY_MANPATH\t\t\t$mysql_install_dir/man" /etc/man_db.conf
fi

echo "$mysql_install_dir/lib" > /etc/ld.so.conf.d/mysql.conf
ldconfig
if [ !-d $mysql_datadir ];then
    mkdir -p $mysql_datadir
fi

result=$(ls $mysql_datadir/|wc -l)
if [ $result -eq 0 ];then
    $mysql_install_dir/bin/mysqld --initialize-insecure --user=mysql --datadir=$mysql_datadir
fi

cat > /etc/my.cnf <<EOF
[mysqld]
basedir = $mysql_install_dir
datadir = $mysql_datadir
socket = /tmp/mysql.sock
port = 3306
pid-file = $mysql_datadir/mysql.pid
user = mysql
skip-name-resolve
EOF

cp $mysql_install_dir/support-files/mysql.server /etc/init.d/mysqld
chown -R mysql.mysql  /etc/init.d/mysqld
sed -i "/^basedir=/c basedir=$mysql_install_dir" /etc/init.d/mysqld
sed -i "/^datadir=/c datadir=$mysql_datadir" /etc/init.d/mysqld

ss -antl|grep 3306
if [ $? -ne 0 ];then
    chkconfig --add mysqld
    chkconfig mysqld on
    service mysqld start
    $mysql_install_dir/bin/mysql -uroot -e "alter user 'root'@'localhost' identified by 'runtime123';"
fi
[root@ansible files]# chmod +x mysql.sh  // 添加执行权限

// 主配置文件
[root@ansible zabbix]# cat mail.yml
---
- hosts: zabbix
  vars_files:
    - vars/nginx.yml
    - vars/mysql.yml  // 变量
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: nginx.yml
    - include_tasks: mysql.yml   // 编写完后引用

// 引用进来后执行playbook
[root@ansible zabbix]# ansible-playbook mail.yml
... 省略N

// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a 'ss -antl'
zabbix | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80         0.0.0.0:*
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*
LISTEN 0      70                 *:33060            *:*  // 33060端口起来
LISTEN 0      128                *:3306             *:*  // 3306端口起来
LISTEN 0      128             [::]:22            [::]:*

// 到zabbix 查看是否能用新密码登录。不登录的情况下查看里面的数据库
[root@zabbix ~]# /usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+

####  2> /dev/null 意思是把错误的输出丢到黑洞里

// 也可以在控制主机上查看
[root@ansible zabbix]# ansible zabbix -m shell -a "/usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null"
zabbix | CHANGED | rc=0 >>
Database
information_schema   // 跟第一个数据库是一样的
mysql
performance_schema
sys
// 查看的内容是一样的
部署PHP
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim php.yml
- name: provide software pkg  // 提供软件包
  copy:
    src: files/php-8.0.23.tar.gz
    dest: /usr/src/

- name: exec script  // 执行脚本
  script: files/php.sh
  
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# vim php.sh
#!/bin/bash

dnf -y install  libxml2-devel  bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel   freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm &> /dev/null

if [ ! -d /usr/local/php8 ];then
     cd /usr/src
     tar xf php-8.0.23.tar.gz
     cd /usr/src/php-8.0.23
     ./configure --prefix=/usr/local/php8  \
        --with-config-file-path=/etc \
        --enable-fpm \
        --enable-inline-optimization \
        --disable-debug \
        --disable-rpath \
        --enable-shared \
        --enable-soap \
        --with-openssl \
        --enable-bcmath \
        --with-iconv \
        --with-bz2 \
        --enable-calendar \
        --with-curl \
        --enable-exif  \
        --enable-ftp \
        --enable-gd \
        --with-jpeg \
        --with-zlib-dir \
        --with-freetype \
        --with-gettext \
        --enable-json \
        --enable-mbstring \
        --enable-pdo \
        --with-mysqli=mysqlnd \
        --with-pdo-mysql=mysqlnd \
        --with-readline \
        --enable-shmop \
        --enable-simplexml \
        --enable-sockets \
        --with-zip \
        --enable-mysqlnd-compression-support \
        --with-pear \
        --enable-pcntl \
        --enable-posix
     make && make install
fi

echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh

ln -s /usr/local/php8/include /usr/include/php8 &> /dev/null

echo '/usr/local/php8/lib' > /etc/ld.so.conf.d/php8.conf
ldconfig

if [ ! -f /etc/init.d/php-fpm ];then
    cd /usr/src/php-8.0.23
    \cp php.ini-production /etc/php.ini
    cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
    chmod +x /etc/init.d/php-fpm
fi

if [ ! -f /usr/local/php7/etc/php-fpm.d/www.conf ];then
    cd /usr/local/php8/etc
    cp php-fpm.conf.default php-fpm.conf
    cd  php-fpm.d
    cp www.conf.default www.conf
    sed -i '/^user = nobody/c user = nginx' /usr/local/php8/etc/php-fpm.d/www.conf
    sed -i '/^group = nobody/c group = nginx' /usr/local/php8/etc/php-fpm.d/www.conf
fi

service php-fpm start
chkconfig --add php-fpm
chkconfig php-fpm on
[root@ansible files]# chmod +x php.sh


[root@ansible zabbix]# vim mail.yml
---
- hosts: zabbix
  vars_files:
    - vars/nginx.yml
    - vars/mysql.yml
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: nginx.yml
    - include_tasks: mysql.yml
    - include_tasks: php.yml  // 引用

// 执行playbook
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# ansible-playbook mail.yml
...省略N

// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128        127.0.0.1:9000       0.0.0.0:*  // 9000 端口已有
LISTEN 0      128          0.0.0.0:80         0.0.0.0:*
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*
LISTEN 0      70                 *:33060            *:*
LISTEN 0      128                *:3306             *:*
LISTEN 0      128             [::]:22            [::]:*

现在把这几行的注释取消掉

# 开启反向代理
#sed -i '/pass the PHP/{N;/#/{n;s/#//g}}'  $nginx_install_dir/conf/nginx.conf
#sed -i '/^        location ~ \\.php/{N;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_pass/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_index/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/SCRIPT_FILENAME/c \            fastcgi_param  SCRIPT_FILENAME  /$document_root$fastcgi_script_name;' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/fastcgi_params/{n;s/#//g}' $nginx_install_dir/conf/nginx.conf
#sed -i '/^            index/c \            index index.php index.html index.htm;' $nginx_install_dir/conf/nginx.conf

//  把注释取消后执行 playbook
[root@ansible zabbix]# ansible-playbook mail.yml
.... 省略N

// 如果访问不到是因为你还没有让其的nginx.conf 配置文件没有生效

访问 192.168.229.148

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-r42wRgTR-1662478604414)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662273475783.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ylOLHEZY-1662478604414)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662273501632.png)]

zabbix官网

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-GjAdyvzL-1662478604416)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662274971883.png)]

部署zabbix

在上面的基础上部署zabbix6.0版本

环境

系统平台IP主机名
centos8/ redhat8192.168.229.152ansible控制主机
centos8/ redhat8192.168.229.148zabbix服务端
centos8/ redhat8192.168.229.150zabbix_slave客户端
部署zabbix服务端
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat zabbix_server.yml
- name: create user zabbix
  user:
    name: zabbix
    state: present
    create_home: no
    system: yes
    shell: /sbin/nologin

- name: copy software zabbix-6.0.8.tar.gz
  copy:
    src: files/zabbix-6.0.8.tar.gz
    dest: /usr/src/

- name: exec script
  script: files/zabbix_server.sh

[root@ansible ~]# cd zabbix/files/
[root@ansible files]# vim zabbix_server.sh
#!/bin/bash

dnf -y install net-snmp-devel libevent-devel &> /dev/null

if [ ! -d /usr/local/zabbix ];then
    cd /usr/src/
    tar xf zabbix-6.0.8.tar.gz
    mv zabbix-6.0.8 /usr/local/zabbix
fi

if [ ! -d /usr/lib/zabbix ];then
    mkdir -p /usr/lib/zabbix
    chmod 770 /usr/lib/zabbix
    chown -R zabbix.zabbix /usr/lib/zabbix/
fi

/usr/local/mysql/bin/mysql -uroot -pruntime123 -e "show databases;" 2> /dev/null|grep 'zabbix'
if [ $? -ne 0 ];then
    /usr/local/mysql/bin/mysql -uroot -pruntime123 -e "create database zabbix character set utf8mb4 collate utf8mb4_bin;create user 'zabbix'@'localhost' identified by 'zabbix123';grant all privileges on zabbix.* to 'zabbix'@'localhost';flush privileges;" 2> /dev/null
fi

zabbix_result=$(/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 -e "use zabbix;show tables;")
if [ $zabbix_result -lt 2 ];then
    cd /usr/local/zabbix/database/mysql/
    /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < schema.sql 2> /dev/null
    /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < images.sql 2> /dev/null
    /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < data.sql 2> /dev/null
    cd /usr/local/zabbix
    ./configure --enable-server --enable-agent --with-mysql  --with-net-snmp --with-libcurl --with-libxml2 --with-openipmi
    make install
fi


sed -i '/^DBUser=/c DBUser=zabbix'  /usr/local/etc/zabbix_server.conf
sed -i '/DBPassword=/c DBPassword=zabbix123'  /usr/local/etc/zabbix_server.conf
sed -i '/DBSocket=/c DBSocket=/tmp/mysql.sock' /usr/local/etc/zabbix_server.conf

sed -i '/post_max_size =/s/8M/16M/g' /etc/php.ini
sed -i '/max_execution_time/c max_execution_time = 300' /etc/php.ini
sed -i '/max_input_time =/c max_input_time = 300' /etc/php.ini

grep 'Asia/Shanghai' /etc/php.ini
if [ $? -ne 0 ];then
    sed -i '/;date.timezone/a date.timezone = Asia/Shanghai' /etc/php.ini
fi

if [ ! -f /usr/local/nginx/html/conf ];then
    cd /usr/local/nginx/html
    rm -rf *
    cp -a /usr/local/zabbix/ui/* .
    chown -R nginx.nginx /usr/local/nginx
    chmod 777 /usr/local/nginx/html/conf
fi


cat > /usr/lib/systemd/system/zabbix-server.service <<EOF
[Unit]
Description=zabbix-server server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_server
ExecStop=ps -ef | grep zabbix_server|grep -v grep|awk '{print \$2}'|xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

cat > /usr/lib/systemd/system/zabbix-adentd.service <<EOF
[Unit]
Description=zabbix-server server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_agentd
ExecStop=ps -ef | grep zabbix_agentd|grep -v grep|awk '{print \$2}'|xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now zabbix-server
systemctl enable --now zabbix-agentd

[root@ansible files]# chmod +x zabbix_server.sh




[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# vim mail.yml
---
- hosts: zabbix
  vars_files:
    - vars/nginx.yml
    - vars/mysql.yml
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: nginx.yml
    - include_tasks: mysql.yml
    - include_tasks: php.yml
    - include_tasks: zabbix_server.yml  // 引用

// 测试
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# ansible-playbook mail.yml
....省略N


// 验证
[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"
zabbix | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80         0.0.0.0:*
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*
LISTEN 0      128          0.0.0.0:10050      0.0.0.0:*  // 客户端端口
LISTEN 0      128          0.0.0.0:10051      0.0.0.0:*  // 服务端端口
LISTEN 0      128        127.0.0.1:9000       0.0.0.0:*
LISTEN 0      128             [::]:22            [::]:*
LISTEN 0      70                 *:33060            *:*
LISTEN 0      128                *:3306             *:*

// 服务端已开机自启
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-server'
zabbix | CHANGED | rc=0 >>
● zabbix-server.service - zabbix-server server daemon
   Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-09-04 20:25:49 CST; 1min 25s ago
  Process: 2173 ExecStart=/usr/local/sbin/zabbix_server (code=exited, status=0/SUCCESS)
....省略N

// 客户端已开机自启
[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-agentd'
zabbix | CHANGED | rc=0 >>
● zabbix-agentd.service - zabbix-server server daemon
   Loaded: loaded (/usr/lib/systemd/system/zabbix-agentd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-09-04 20:19:38 CST; 8min ago
....省略N

访问验证 192.168.229.148

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cdGcWR62-1662478604417)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294607026.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-2xP47UND-1662478604419)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294639515.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-PUo7yE3e-1662478604419)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294725895.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-HucMiGBw-1662478604420)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294796243.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-cOI8IWfF-1662478604422)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294815161.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6cQfKyl7-1662478604423)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662294843024.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4dJXW9kn-1662478604424)(D:/Markdown/%E5%8D%9A%E5%AE%A2/%E7%A0%B4%E8%A7%A3%E5%AF%86%E7%A0%81/1662295247812.png)]

部署客户端
// 设置免密登录
[root@ansible ~]# ssh-copy-id root@slave
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'slave (192.168.229.150)' can't be established.
ECDSA key fingerprint is SHA256:BSCsrBDXmOy0vQCzkxthvFwA+8EIkoMVyeVV45QrFdM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@slave's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@slave'"
and check to make sure that only the key(s) you wanted were added.

// 清单文件
[root@ansible ~]# cd zabbix/
[root@ansible zabbix]# cat inventory
[web]
zabbix
[slave]
slave


// 测试
[root@ansible zabbix]# ansible slave -m ping
slave | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

// 查看对面受控主机是否有 yum源
[root@ansible zabbix]# ansible slave -m shell -a 'ls /etc/yum.repos.d/' 2> /dev/null
slave | CHANGED | rc=0 >>
CentOS-Stream-AppStream.repo
CentOS-Stream-BaseOS.repo
CentOS-Stream-Debuginfo.repo
CentOS-Stream-Extras.repo
CentOS-Stream-HighAvailability.repo
CentOS-Stream-Media.repo
CentOS-Stream-NFV.repo
CentOS-Stream-PowerTools.repo
CentOS-Stream-RealTime.repo
CentOS-Stream-ResilientStorage.repo
CentOS-Stream-Sources.repo



[root@ansible zabbix]# vim zabbix_slave.yml
- name: create user zabbix
  user:
    name: zabbix
    state: present
    create_home: no
    system: yes
    shell: /sbin/nologin

- name: copy software pkg
  copy:
    src: files/zabbix-6.0.8.tar.gz
    dest: /usr/src/

- name: exec script
  script: files/zabbix_slave.sh
  
  
// 脚本内容
[root@ansible ~]# cd zabbix/files/
[root@ansible files]# cat zabbix_slave.sh
#!/bin/bash

dnf -y install gcc gcc-c++ make vim wget pcre-devel &> /dev/null

if [ ! -d  /usr/local/zabbix ];then
    cd /usr/src
    tar xf /usr/src/zabbix-6.0.8.tar.gz
    mv zabbix-6.0.8 /usr/local/zabbix
    cd /usr/local/zabbix
    ./configure --enable-agent
    make install
fi


sed -i "/^Server=/c Server=192.168.229.152" /usr/local/etc/zabbix_agentd.conf
sed -i "/^ServerActive=/c ServerActive=192.168.229.152" /usr/local/etc/zabbix_agentd.conf
sed -i "/^Hostname=/c Hostname=zabbix_slave"  /usr/local/etc/zabbix_agentd.conf

cat > /usr/lib/systemd/system/zabbix_agentd.service <<EOF
[Unit]
Description=zabbix_agentd server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/sbin/zabbix_agentd
ExecStop=ps -ef | grep zabbix_agentd|grep -v grep | awk '{print \$2}' | xargs kill -9
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now zabbix_agentd
[root@ansible files]# chmod +x zabbix_slave.sh

// 主playbook
[root@ansible zabbix]# vim mail.yml
---
- name: deploy  zabbix_server
  hosts: zabbix
  vars_files:
    - vars/nginx.yml
    - vars/mysql.yml
  tasks:
    - include_tasks: yum.yml
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: nginx.yml
    - include_tasks: mysql.yml
    - include_tasks: php.yml
    - include_tasks: zabbix_server.yml

- name: deploy zabbix_slave  // 添加下面的
  hosts: slave
  tasks:
    - include_tasks: firewalld.yml
    - include_tasks: selinux.yml
    - include_tasks: zabbix_slave.yml

// 测试
[root@ansible zabbix]# ansible-playbook mail.yml
....省略N

// 端口号已起来
[root@ansible zabbix]# ansible slave -m shell -a 'ss -antl' 2> /dev/null
slave | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*
LISTEN 0      128          0.0.0.0:10050      0.0.0.0:*
LISTEN 0      128             [::]:22            [::]:*

// 已开机自启
[root@ansible zabbix]# ansible slave -m shell -a 'systemctl status zabbix_agentd' 2> /dev/null
slave | CHANGED | rc=0 >>
● zabbix_agentd.service - zabbix_agentd server daemon
   Loaded: loaded (/usr/lib/systemd/system/zabbix_agentd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-09-05 21:26:06 CST; 2min 4s ago
  Process: 20730 ExecStart=/usr/local/sbin/zabbix_agentd (code=exited, status=0/SUCCESS)
 Main PID: 20732 (zabbix_agentd)
阿干tkl
关注
使用ansible部署zabbix监控
m0_64517291的博客
07-28 1137
记录ansible部署zabbix的问题以及步骤。
ansible自动部署zabbix客户端 脚本
03-09
ansible +centos7 批量安装zabbix agent
自动化运维工具ansible安装及使用
chengxuyuanyonghu的专栏
03-27 1万+
一、ansible介绍 1.ansible ansible是新出现的自动化运维工具,基于Python研发。糅合了众多老牌运维工具的优点实现了批量操作系统配置、批量程序的部署、批量运行命令等功能。仅需在管理工作站上安装ansible程序配置被管控主机的IP信息,被管控的主机无客户端。ansible应用程序存在于epel(第三方社区)源,依赖于很多python组件。主要包括:
CentOS7搭建ZABBIX6.0安装及自定义监控使用-1
最新发布
weixin_41920289的博客
08-23 748
ZABBIX6.0安装
ansible实现zabbix-server的搭建
kej_linux的博客
05-27 1017
node1:192.168.91.139:zabbix-server node2:192.168.91.137:ansible 在node2: 实现各主机间ssh无密钥通信 [root@localhost ~]#ssh-key [root@localhost ~]#ssh-copy-id root@192.168.91.137 [root@localhost ~]#ls .ssh/ autho...
Zabbix 6.0 图文安装部署讲解---LNMP环境
热门推荐
weixin_52906737的博客
12-16 1万+
Zabbix 服务端,是 Zabbix 的核心组件。它负责接收监控数据并触发告警,还负责将监控数据持久化到数据库中。:Zabbix 客户端,部署在被监控设备上,负责采集监控数据,采集后的数据发送给 Zabbix Server 处理。Zabbix Agent 目前有两个版本Zabbix agent 和 Zabbix agent 2。前者是 C 语言开发的,几乎支持所有的主流平台。而后者是 Go 开发的,优点包括:能有效降低 TCP 连接的数量;支持更高的并发;易于扩展。
【CentOS Stream 8 安装 Zabbix6.0系列】:一、安装LNMP环境(nginx-1.20,mariadb-10.6,php-7.4)
一个孤独的Coder...在需求中成长,在压力中勇进;不怕夜深人静的夜晚,不怕空无一人的街道...
02-22 9013
zabbix6.0 LTS版本出来了,前段时间刚安装了5.4,今天打算在虚拟机上安装6.0测试,安装6.0的要求php版本不低于7.2,mariadb不低于10.5。之前写过【CentOS 8.1 搭建LNMP环境(Nginx+MariaDB+PHP )】,但这个文章里面的环境版本不能满足zabbix6.0了,所有今天换新版本 一、安装NGINX 1.20 1、查看dnf提供的应用流有哪些版本: dnf module list nginx 显示如下: [root@zabbix ~]# dnf module
ANSIBLE部署ZABBIX客户端
lsysafe的博客
01-19 446
agent_vars.yml  config-agent.yml  install-agent.yml  main.ymlcat main.yml- hosts: 193.168.120.71  become: yes  vars_files:    - agent_vars.yml  tasks:     - name: complie && install zabbix_agent     
LNMP环境下zabbix6.0部署(超详细)
weixin_53893423的博客
05-17 2008
Linux、centos7主机下搭建LNMP环境(Linux+Nginx+MySQL+php),并部署zabbix6.0服务的详细步骤
zabbix6.0-rockylinux8-install 一键安装脚本
03-05
zabbix6.0_rockylinux8_install 一键安装脚本
docker部署LNMP&phpMyAdmin的方法步骤
09-29
主要介绍了docker部署LNMP&phpMyAdmin的方法步骤,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
基于 LNMP 部署 Zabbix 集中监控系统(图文详解,篇幅较长!)
Xucf1
03-19 2938
文章目录一、Zabbix 概述二、安装配置 Zabbix 服务1.环境概述2.关闭防火墙/安全机制/网络管理工具3.搭建 LNMP 架构①Nginx②MySQL(MariaDB)③PHPPHP 测试网页4.安装 Zabbix Server①建议②部署过程③登录 Web 页面完成 Zabbix 配置5.配置 Client 代理端三、使用 Zabbix 管理平台1.启用中文界面2.Zabbix 监控服务器①创建主机②链接监控模板③查看主机列表 一、Zabbix 概述 Zabbix 是一个基于 Web 管理界面
基于lnmp部署zabbix监控平台
weixin_42808782的博客
04-20 667
一、环境说明: linux centos7系统 nginx 实现前端服务器 mysql 实现数据库fuwu php 实现页面 二、安装: 安装nginx php php-mysql mariadb mariadb-server zabbix-server zabbix-web zabbix-mysql yum install nginx mariadb mariadb-server mariadb-devel php php-mysql php-devel php-fpm -y yum insta
自动化运维工具Ansible——(3)Playbook部署LNMP
w1206507055的博客
06-22 1757
通过playbook安装管理LNMP
Zabbix6.0部署、自定义监控服务
q1y2y3的博客
07-06 4973
Zabbix 是一款可监控网络的众多参数以及服务器、虚拟机、应用程序、服务、数据库、网站、云等的健康状况和完整性。Zabbix 使用灵活的通知机制,允许用户为几乎任何事件配置基于电子邮件的警报。这允许对服务器问题做出快速反应。Zabbix 基于存储的数据提供报告和数据可视化功能。这使得 Zabbix 成为容量规划的理想选择。Zabbix是一款能够监控各种网络参数以及服务器健康性和完整性的软件。Zabbix使用灵活的通知机制,允许用户为几乎任何事件配置基于邮件的告警。这样可以快速反馈服务器的问题。
CentOS7.X系统部署Zabbix6.0版本(可跟做)
秦子腾
07-13 1589
CentOS 7.X 系统默认不支持Yum方式安装Zabbix 6.0 服务端(CentOS 8.X支持),所以服务端采用编译安装方式!注意:数据库使用MariaDB和MySQL都是可以的,如果有现成的数据库也可以直接拿来用,本篇文章使用MariaDB进行演示。2、创建用户,用来启动zabbix(zabbix禁止使用root用户启动)访问地址:http://IP:9780/index.php。2、修改配置,指定zabbix-server地址。4、启动zabbix-server。
Ansible离线部署Zabbix
Linux技术宅
06-11 1221
Zabbix server可以通过SNMP、Zabbix agent、ping、端口监视等方法提供对远程服务器/网络状态的监视和数据收集等功能。总的来说,Zabbix的主要功能是提供全面的网络监控和管理解决方案,帮助管理员及时发现和解决问题,提高系统的稳定性和可靠性。如需更多关于Zabbix的信息,建议访问Zabbix官方网站或相关技术社区。使用 Ansible,您可以自动化常见的 IT 任务,如部署应用程序、配置服务器、管理网络设备等,从而提高效率并减少错误。Ansible离线部署Zabbix
最详尽------使用ansible搭建zabbix监控平台
Ghccchhh的博客
04-09 2268
ansible是非常强大的自动化运维工具,使用ansible搭建zabbix监控平台方便快捷,大大提高了工作效率
Zabbix 6.0 监控系统安装和部署
DiKL_Y的博客
07-05 1万+
zabbix的监控系统的安装和部署
使用Ansible剧本可以自动化部署Zabbix-agent,从而实现对所有主机的自动监控。
05-26
是的,使用 Ansible 剧本可以自动化部署 Zabbix-agent 实现对所有主机的自动监控。下面是一个示例剧本: ```yaml - name: Install Zabbix Agent hosts: all become: true tasks: - name: Install Zabbix Agent packages yum: name: - zabbix-agent state: latest - name: Configure Zabbix Agent lineinfile: path: /etc/zabbix/zabbix_agentd.conf regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - { regexp: '^Server=', line: 'Server=<Zabbix server IP>' } - { regexp: '^ServerActive=', line: 'ServerActive=<Zabbix server IP>:10051' } - { regexp: '^Hostname=', line: 'Hostname={{ ansible_hostname }}' } - name: Start and enable Zabbix Agent systemd: name: zabbix-agent state: started enabled: true ``` 这个剧本会在所有主机上安装最新版本Zabbix-agent 包,并配置它们以连接到指定的 Zabbix 服务器。您只需将 `<Zabbix server IP>` 替换为实际的服务器 IP 地址即可。此外,Ansible 会将每个主机的主机名作为 Zabbix-agent 的主机名进行配置。 运行剧本时,您需要将主机清单文件作为参数传递给 Ansible: ``` ansible-playbook -i hosts zabbix-agent.yml ``` 其中 `hosts` 是包含要部署 Zabbix-agent 的主机列表的文件,`zabbix-agent.yml` 是剧本文件名。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值