Zabbixの環境をローカルでサクッと作るためVagrantとAnsibleを書きました。
github
使い方
$ vagrant up
Bringing machine 'zabbix_server' up with 'virtualbox' provider...
==> zabbix_server: Importing base box 'centos/7'...
==> zabbix_server: Matching MAC address for NAT networking...
==> zabbix_server: Checking if box 'centos/7' is up to date...
==> zabbix_server: Setting the name of the VM: zabbix_zabbix_server_1516743638207_85490
==> zabbix_server: Clearing any previously set network interfaces...
==> zabbix_server: Preparing network interfaces based on configuration...
zabbix_server: Adapter 1: nat
zabbix_server: Adapter 2: hostonly
==> zabbix_server: Forwarding ports...
zabbix_server: 22 (guest) => 2221 (host) (adapter 1)
zabbix_server: 80 (guest) => 8080 (host) (adapter 1)
==> zabbix_server: Booting VM...
==> zabbix_server: Waiting for machine to boot. This may take a few minutes...
zabbix_server: SSH address: 127.0.0.1:2221
zabbix_server: SSH username: vagrant
zabbix_server: SSH auth method: private key
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server: Warning: Connection reset. Retrying...
zabbix_server: Warning: Remote connection disconnect. Retrying...
zabbix_server:
zabbix_server: Vagrant insecure key detected. Vagrant will automatically replace
zabbix_server: this with a newly generated keypair for better security.
zabbix_server:
zabbix_server: Inserting generated public key within guest...
zabbix_server: Removing insecure key from the guest if it's present...
zabbix_server: Key inserted! Disconnecting and reconnecting using new SSH key...
==> zabbix_server: Machine booted and ready!
==> zabbix_server: Checking for guest additions in VM...
zabbix_server: No guest additions were detected on the base box for this VM! Guest
zabbix_server: additions are required for forwarded ports, shared folders, host only
zabbix_server: networking, and more. If SSH fails on this machine, please install
zabbix_server: the guest additions and repackage the box to continue.
zabbix_server:
zabbix_server: This is not an error message; everything may continue to work properly,
zabbix_server: in which case you may ignore this message.
==> zabbix_server: Setting hostname...
==> zabbix_server: Configuring and enabling network interfaces...
==> zabbix_server: Running provisioner: ansible...
zabbix_server: Running ansible-playbook...
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [zabbix01]
TASK [common_packages : install common packages] *******************************
changed: [zabbix01] => (item=[u'git', u'dstat', u'tcpdump', u'sysstat', u'iotop', u'tree', u'tmux', u'policycoreutils-python'])
PLAY [zabbix_server] ***********************************************************
TASK [Gathering Facts] *********************************************************
ok: [zabbix01]
TASK *************************************************
ok: [zabbix01]
TASK ******************************************************
fatal: [zabbix01]: FAILED! => {"changed": false, "cmd": "which pip", "delta": "0:00:00.005008", "end": "2018-01-23 21:42:25.837602", "msg": "non-zero return code", "rc": 1, "start": "2018-01-23 21:42:25.832594", "stderr": "which: no pip in (/usr/local/bin:/usr/bin)", "stderr_lines": ["which: no pip in (/usr/local/bin:/usr/bin)"], "stdout": "", "stdout_lines": []}
...ignoring
TASK ***************************************************
changed: [zabbix01]
TASK ****************************************************
changed: [zabbix01]
TASK ************************************************
changed: [zabbix01]
TASK [mariadb_server : copy mariadb repository] ********************************
changed: [zabbix01]
TASK [mariadb_server : install mariadb server] *********************************
changed: [zabbix01] => (item=[u'MariaDB-server', u'MariaDB-client', u'MySQL-python'])
TASK [mariadb_server : start mariadb server] ***********************************
changed: [zabbix01]
TASK [mariadb_server : remove anonymous user] **********************************
changed: [zabbix01]
TASK [mariadb_server : disallow root login remotely] ***************************
changed: [zabbix01]
TASK [mariadb_server : remove test database and access] ************************
changed: [zabbix01]
TASK [mariadb_server : change root password] ***********************************
changed: [zabbix01] => (item=127.0.0.1)
changed: [zabbix01] => (item=::1)
changed: [zabbix01] => (item=localhost)
TASK [zabbix_server : install requirement modules for selinux] *****************
ok: [zabbix01] => (item=[u'libselinux-python', u'libsemanage-python'])
TASK [zabbix_server : install zabbix repository] *******************************
changed: [zabbix01]
TASK [zabbix_server : install zabbix-server] ***********************************
changed: [zabbix01] => (item=[u'zabbix-server-mysql', u'zabbix-web-mysql'])
TASK [zabbix_server : setup database] ******************************************
changed: [zabbix01]
TASK [zabbix_server : create zabbix user] **************************************
changed: [zabbix01]
TASK [zabbix_server : import initial schema and data] **************************
changed: [zabbix01]
TASK [zabbix_server : copy zabbix config file] *********************************
changed: [zabbix01]
TASK [zabbix_server : setsebool -P item on] ************************************
changed: [zabbix01] => (item=httpd_can_connect_zabbix)
changed: [zabbix01] => (item=zabbix_can_network)
TASK [zabbix_server : check semodule zabbix_setrlimit] *************************
changed: [zabbix01]
TASK [zabbix_server : copy selinux policy] *************************************
changed: [zabbix01]
TASK [zabbix_server : make module of selinux policy] ***************************
changed: [zabbix01]
TASK [zabbix_server : make package of selinux policy] **************************
changed: [zabbix01]
TASK [zabbix_server : install package of selinux policy] ***********************
changed: [zabbix01]
TASK [zabbix_server : start zabbix server] *************************************
changed: [zabbix01]
TASK [zabbix_server : copy httpd config file] **********************************
changed: [zabbix01]
TASK [zabbix_server : start httpd server] **************************************
changed: [zabbix01]
TASK [zabbix_agent : install zabbix repository] ********************************
ok: [zabbix01]
TASK [zabbix_agent : install zabbix-agent] *************************************
changed: [zabbix01] => (item=[u'zabbix-agent'])
TASK [zabbix_agent : start zabbix-agent] ***************************************
changed: [zabbix01]
PLAY RECAP *********************************************************************
zabbix01 : ok=34 changed=28 unreachable=0 failed=0
$
やってること
VagrantでCentOS7のVM作成してAnsible実行
- host名設定
- ssh/zabbix管理画面用のPortForward設定
- ローカルIP設定
- AnsiblePlaybook実行
Vagrant.configure(2) do |config|
ENV['ANSIBLE_ROLES_PATH'] = "../../ansible/roles"
config.vm.define "zabbix_server" do |clm|
clm.vm.box = "centos/7"
clm.vm.hostname = "zabbix01.local"
clm.vm.synced_folder ".", "/vagrant", disabled: true
clm.vm.network :forwarded_port, id: "ssh", guest: 22, host: "2221"
clm.vm.network :forwarded_port, id: "zabbix", guest: 80, host: "8080"
clm.vm.network :private_network, ip: "192.168.33.11"
clm.vm.provision "ansible" do |ansible|
ansible.playbook = "../../ansible/playbooks/zabbix.yml"
ansible.inventory_path = "../../ansible/inventory/hostlist"
ansible.limit = 'zabbix01'
end
end
end
Ansibleでやってること
- 全環境共通で実行しておきたいplaybook(common.yml)をimport_playbookで実行
- pythonインストール
- MariaDBインストールと設定
- ZabbixServerインストールと設定
- ZabbxiAgentインストール
MariaDBインストールと設定について
MariaDBインストールする後、 mysql_secure_installation を実行しますが、下記同等のことをansibleで実施しています。
1. 匿名ユーザの削除
2. rootログインはローカルのみ許可
3. testデータベース削除
4. rootパスワード変更
mysql_secure_installation を expect モジュール使って設定してく方法も試してみたのですが、バージョンアップなどで応答内容に変更あると辛そうなのでやめました。
その他、 ansibleからmysqlモジュール使うには MySQL-python が必要っぽいです。
Zabbixインストールと設定について
基本公式のマニュアル通りですが、selinuxに拒否られてzabbixプロセス起動できなかったので、selinuxポリシー設定を追加してます。
selinuxポリシー追加
- name: check semodule zabbix_setrlimit
shell: semodule -l | grep zabbix_setrlimit
register: selinux_zabbix_setrlimit
failed_when: false
- name: copy selinux policy
copy:
src: tmp/zabbix_setrlimit.te
dest: /tmp/zabbix_setrlimit.te
when:
- selinux_zabbix_setrlimit.rc == 1
- name: make module of selinux policy
shell: /bin/checkmodule -M -m -o /tmp/zabbix_setrlimit.mod /tmp/zabbix_setrlimit.te
register: mkmodule_zabbix_setrlimit
when:
- selinux_zabbix_setrlimit.rc == 1
- name: make package of selinux policy
shell: /bin/semodule_package -o /tmp/zabbix_setrlimit.pp -m /tmp/zabbix_setrlimit.mod
register: mkpackage_zabbix_setrlimit
when:
- mkmodule_zabbix_setrlimit.changed == true
- name: install package of selinux policy
shell: /sbin/semodule -i /tmp/zabbix_setrlimit.pp
when:
- mkpackage_zabbix_setrlimit.changed == true
become: true
初回接続
-
http://127.0.0.1:8080/zabbix にアクセスします。
-
環境情報チェックされるので問題なければ NestStep
-
DBのパスワード入力します (デフォルトpassword)
-
そのままNextStep
-
内容確認してNextStep
-
完了!
-
ログインして確認(Admin/zabbix)
