使用Jumpserver 作业中心Ansible批量安装 Zabbix-agent
使用Jumpserver 作业中心批量安装 Zabbix-agent,主要使用了 Jumpserver 内置的 Ansible 功能来实现
Ansible 是一个强大的开源自动化工具,广泛应用于配置管理、应用部署、任务自动化和 IT 编排等领域。其简洁、高效和无代理的特性使其成为 DevOps 实践中的热门选择。
Ansible 以其简单性、无代理架构、强大的自动化与编排能力、幂等性以及丰富的生态系统,成为实现 IT 自动化、提高运维效率、保障系统一致性和可靠性的理想选择。无论是小型团队还是大型企业,都能从中受益
Jumpserver 操作可以参考官方文档:
https://kb.fit2cloud.com/?p=519e53ae-4b29-4dad-9ad4-10d5f81244a7
1、主机实现免密登陆,这个是前提条件。这个就不过多介绍了
堡垒机纳管了主机,jumpserver又集成了Ansible功能,所有实现批量安装 还是很容易的
2、模板管理,创建playbook,如图两个文件
提供两个文件给大家,给出了两个剧本(Centos7、Rockyliux9),已亲测可以实现部署。剧本比较基础,对于复杂的运维 环境来说需要去完善。此脚本不涉及操作系统本身的参数变更和优化,安全风险较小。
main.yml文件(Centos7 注意修改成自己的环境 zabbix_server_ip zabbix_agent_url)
- name: 安装并配置Zabbix Agent(带启动检测和开机自启)
hosts: all
become: yes
vars:
zabbix_server_ip: "10.x.x.x"
zabbix_agent_listen_port: 10050
zabbix_agent_hostname: "{{ ansible_hostname }}"
zabbix_agent_version: "7.0.10"
zabbix_agent_url: "https://xxx.xxx.cn/downloads/zabbix/7.0/{{ zabbix_agent_version }}/zabbix_agent-{{ zabbix_agent_version }}-linux-3.0-amd64-static.tar.gz"
install_dir: "/usr/local/zabbix"
default_conf_path: "/usr/local/etc"
default_conf_file: "{{ default_conf_path }}/zabbix_agentd.conf"
log_dir: "/var/log/zabbix"
pid_dir: "/var/run/zabbix"
temp_tar_path: "/tmp/zabbix_agent.tar.gz"
zabbix_user: "zabbix"
zabbix_group: "zabbix"
tasks:
# 安装依赖包
- name: 安装必要依赖(含policycoreutils-python)
yum:
name:
- wget
- tar
- gzip
- policycoreutils-python
state: present
# 创建用户和组
- name: 创建zabbix用户组
group:
name: "{{ zabbix_group }}"
state: present
system: yes
- name: 创建zabbix用户
user:
name: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
state: present
system: yes
shell: /sbin/nologin
create_home: no
home: "{{ install_dir }}"
# 创建目录结构
- name: 创建安装目录
file:
path: "{{ install_dir }}"
state: directory
mode: '0750'
owner: root
group: "{{ zabbix_group }}"
- name: 创建默认配置目录
file:
path: "{{ default_conf_path }}"
state: directory
mode: '0755'
owner: root
group: root
- name: 创建日志目录
file:
path: "{{ log_dir }}"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 创建PID目录
file:
path: "{{ pid_dir }}"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 确保PID目录重启后自动重建
copy:
content: "d {{ pid_dir }} 0750 {{ zabbix_user }} {{ zabbix_group }} -"
dest: /etc/tmpfiles.d/zabbix.conf
mode: '0644'
- name: 创建扩展配置目录
file:
path: "{{ install_dir }}/conf/zabbix_agentd"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
# 下载和解压
- name: 下载Zabbix Agent静态包
command: >
wget --retry-connrefused --waitretry=5 --read-timeout=30 --timeout=20 -t 5
-O {{ temp_tar_path }} {{ zabbix_agent_url }}
args:
creates: "{{ temp_tar_path }}"
register: download_result
retries: 3
until: download_result is succeeded
- name: 解压压缩包
command: >
tar -zxvf {{ temp_tar_path }} -C {{ install_dir }} --strip-components=1
args:
creates: "{{ install_dir }}/sbin/zabbix_agentd"
# 设置文件权限
- name: 设置二进制文件权限
file:
path: "{{ install_dir }}/sbin/zabbix_agentd"
mode: '0750'
owner: root
group: "{{ zabbix_group }}"
# 配置文件处理
- name: 生成临时配置文件
template:
src: zabbix_agentd.conf.j2
dest: "{{ install_dir }}/conf/zabbix_agentd.conf"
mode: '0640'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 拷贝配置文件到默认路径
copy:
src: "{{ install_dir }}/conf/zabbix_agentd.conf"
dest: "{{ default_conf_file }}"
remote_src: yes
mode: '0640'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
# 配置systemd服务
- name: 创建systemd服务文件
copy:
content: |
[Unit]
Description=Zabbix Agent
After=network.target
[Service]
Type=forking
ExecStart={{ install_dir }}/sbin/zabbix_agentd -c {{ default_conf_file }}
Restart=always
User={{ zabbix_user }}
Group={{ zabbix_group }}
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/zabbix-agent.service
mode: '0644'
owner: root
group: root
notify: 重新加载systemd
# SELinux配置
- name: 配置SELinux允许Zabbix端口
seport:
ports: "{{ zabbix_agent_listen_port }}"
proto: tcp
setype: zabbix_agent_port_t
state: present
when: ansible_selinux.status == 'enabled'
# 重启服务并检测
- name: 重启Zabbix Agent服务
service:
name: zabbix-agent
state: restarted
- name: 等待服务启动(最多10秒)
wait_for:
path: "{{ pid_dir }}/zabbix_agentd.pid"
state: present
timeout: 10
register: pid_check
- name: 检测服务是否启动成功
fail:
msg: "Zabbix Agent启动失败,未找到PID文件"
when: pid_check is failed
- name: 验证服务状态
command: systemctl is-active zabbix-agent
register: service_status
failed_when: service_status.stdout != 'active'
- name: 检查防火墙状态
service:
name: firewalld
state: started
register: firewall_status
check_mode: yes
ignore_errors: yes
- name: 防火墙运行时放行10050/tcp端口
firewalld:
port: "{{ zabbix_agent_listen_port }}/tcp"
state: enabled
immediate: yes
permanent: yes
when: firewall_status is succeeded
# 配置开机自启
- name: 确保Zabbix Agent开机自启
service:
name: zabbix-agent
enabled: yes
- name: 验证开机自启配置
command: systemctl is-enabled zabbix-agent
register: enable_status
failed_when: enable_status.stdout != 'enabled'
- name: 安装成功提示
debug:
msg: "Zabbix Agent已成功启动并配置开机自启!"
handlers:
- name: 重新加载systemd
command: systemctl daemon-reload
main.yml文件(Rocky linux9 注意修改成自己的环境 zabbix_server_ip zabbix_agent_url)
---
- name: 安装并配置 Zabbix Agent(支持 Rocky Linux 9 + 阿里云源)
hosts: all
become: yes
gather_facts: yes
vars:
zabbix_server_ip: "x.x.x.x"
zabbix_agent_listen_port: 10050
zabbix_agent_hostname: "{{ ansible_hostname }}"
zabbix_agent_version: "7.0.10"
zabbix_agent_url: "https://xxx.xxx.cn/downloads/zabbix/7.0/{{ zabbix_agent_version }}/zabbix_agent-{{ zabbix_agent_version }}-linux-3.0-amd64-static.tar.gz"
install_dir: "/usr/local/zabbix"
default_conf_path: "/usr/local/etc"
default_conf_file: "{{ default_conf_path }}/zabbix_agentd.conf"
log_dir: "/var/log/zabbix"
pid_dir: "/var/run/zabbix"
temp_tar_path: "/tmp/zabbix_agent.tar.gz"
zabbix_user: "zabbix"
zabbix_group: "zabbix"
# 仅使用稳定镜像源
aliyun_rocky9_mirrors:
- "https://mirrors.aliyun.com/rockylinux/9/BaseOS/x86_64/os/"
tasks:
- name: 检查操作系统兼容性
ansible.builtin.assert:
that:
- ansible_distribution == 'Rocky'
- ansible_distribution_major_version is version('9', '==')
success_msg: "✅ 操作系统兼容(Rocky Linux {{ ansible_distribution_major_version }})"
fail_msg: "❌ 仅支持 Rocky Linux 9"
- name: 检查阿里云 Rocky Linux 9 镜像仓库连通性
uri:
url: "{{ item }}repodata/repomd.xml"
method: HEAD
timeout: 15
status_code: [200, 302]
register: mirror_check
with_items: "{{ aliyun_rocky9_mirrors }}"
retries: 3
delay: 3
until: mirror_check is succeeded
ignore_errors: yes
- name: 验证是否找到可用的阿里云镜像
fail:
msg: "❌ 无法连接到阿里云 Rocky Linux 9 镜像源,请检查网络或 DNS"
when: mirror_check.results | selectattr('status', 'defined') | selectattr('status', 'in', [200, 302]) | list | length == 0
- name: 备份原有 Rocky Linux 仓库配置
shell: |
mkdir -p /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup/ 2>/dev/null || true
args:
creates: /etc/yum.repos.d/backup/.done
- name: 配置阿里云 Rocky Linux 9 镜像源
copy:
content: |
[BaseOS]
name=Rocky Linux 9 - BaseOS - Aliyun
baseurl=https://mirrors.aliyun.com/rockylinux/9/BaseOS/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=https://mirrors.aliyun.com/rockylinux/RPM-GPG-KEY-rockyofficial
timeout=15
retries=3
[AppStream]
name=Rocky Linux 9 - AppStream - Aliyun
baseurl=https://mirrors.aliyun.com/rockylinux/9/AppStream/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=https://mirrors.aliyun.com/rockylinux/RPM-GPG-KEY-rockyofficial
timeout=15
retries=3
[Extras]
name=Rocky Linux 9 - Extras - Aliyun
baseurl=https://mirrors.aliyun.com/rockylinux/9/extras/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=https://mirrors.aliyun.com/rockylinux/RPM-GPG-KEY-rockyofficial
timeout=15
retries=3
dest: /etc/yum.repos.d/rocky-aliyun.repo
mode: '0644'
- name: 清理 DNF 缓存
command: dnf clean all
changed_when: false
- name: 为 Rocky Linux 生成元数据缓存
command: dnf makecache
args:
creates: /var/cache/dnf/metadata_lock.pid
- name: 安装必要依赖(修复 timeout 错误)
dnf:
name:
- wget
- tar
- gzip
- policycoreutils-python-utils
- firewalld
- selinux-policy-targeted
state: present
update_cache: yes
lock_timeout: 60
retries: 3
delay: 5
until: true
- name: 创建 zabbix 用户组
group:
name: "{{ zabbix_group }}"
state: present
system: yes
- name: 创建 zabbix 用户
user:
name: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
state: present
system: yes
shell: /sbin/nologin
create_home: no
home: "{{ install_dir }}"
- name: 创建安装目录
file:
path: "{{ install_dir }}"
state: directory
mode: '0750'
owner: root
group: "{{ zabbix_group }}"
- name: 创建默认配置目录
file:
path: "{{ default_conf_path }}"
state: directory
mode: '0755'
owner: root
group: root
- name: 创建日志目录
file:
path: "{{ log_dir }}"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 创建 PID 目录
file:
path: "{{ pid_dir }}"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 确保 PID 目录重启后自动重建
copy:
content: "d {{ pid_dir }} 0750 {{ zabbix_user }} {{ zabbix_group }} -"
dest: /etc/tmpfiles.d/zabbix.conf
mode: '0644'
- name: 创建扩展配置目录
file:
path: "{{ install_dir }}/conf/zabbix_agentd"
state: directory
mode: '0750'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 下载 Zabbix Agent 静态包(原始地址)
get_url:
url: "{{ zabbix_agent_url }}"
dest: "{{ temp_tar_path }}"
mode: '0640'
timeout: 30
validate_certs: no
register: download_result
retries: 5
delay: 5
until: download_result is succeeded
- name: 解压 Zabbix Agent 包
unarchive:
src: "{{ temp_tar_path }}"
dest: "{{ install_dir }}"
remote_src: yes
extra_opts: [--strip-components=1]
creates: "{{ install_dir }}/sbin/zabbix_agentd"
- name: 设置二进制文件权限
file:
path: "{{ install_dir }}/sbin/zabbix_agentd"
mode: '0750'
owner: root
group: "{{ zabbix_group }}"
- name: 生成配置文件
template:
src: zabbix_agentd.conf.j2
dest: "{{ install_dir }}/conf/zabbix_agentd.conf"
mode: '0640'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 拷贝配置文件到默认路径
copy:
src: "{{ install_dir }}/conf/zabbix_agentd.conf"
dest: "{{ default_conf_file }}"
remote_src: yes
mode: '0640'
owner: "{{ zabbix_user }}"
group: "{{ zabbix_group }}"
- name: 创建 systemd 服务文件
copy:
content: |
[Unit]
Description=Zabbix Agent
After=network.target
[Service]
Type=forking
ExecStart={{ install_dir }}/sbin/zabbix_agentd -c {{ default_conf_file }}
Restart=always
User={{ zabbix_user }}
Group={{ zabbix_group }}
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/zabbix-agent.service
mode: '0644'
notify: 重新加载 systemd
- name: 配置 SELinux 放行端口
seport:
ports: "{{ zabbix_agent_listen_port }}"
proto: tcp
setype: zabbix_agent_port_t
state: present
when: ansible_selinux.status == 'enabled'
- name: 检测 firewalld 状态
command: systemctl is-active firewalld
register: firewalld_status
ignore_errors: yes
- name: 防火墙放行 Zabbix Agent 端口(仅当 firewalld 运行中)
firewalld:
port: "{{ zabbix_agent_listen_port }}/tcp"
state: enabled
immediate: yes
permanent: yes
when: firewalld_status.stdout == 'active'
- name: 启动 Zabbix Agent 服务
service:
name: zabbix-agent
state: restarted
enabled: yes
- name: 等待服务启动
wait_for:
path: "{{ pid_dir }}/zabbix_agentd.pid"
state: present
timeout: 10
register: pid_check
ignore_errors: yes
- name: 检查服务是否运行
fail:
msg: "❌ Zabbix Agent 启动失败,未生成 PID 文件"
when: pid_check is failed
- name: 验证服务状态
command: systemctl is-active zabbix-agent
register: service_status
failed_when: service_status.stdout != 'active'
- name: 清理临时文件
file:
path: "{{ temp_tar_path }}"
state: absent
- name: 安装成功提示
debug:
msg: "🎉 Zabbix Agent 已成功安装并启动!主机: {{ zabbix_agent_hostname }},IP: {{ zabbix_server_ip }}"
handlers:
- name: 重新加载 systemd
systemd:
daemon_reload: yes
zabbix_agentd.conf.j2 文件 (注意修改成自己的环境 Zabbix Server ServerActive )
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=x.x.x.x
ServerActive=x.x.x.x
Hostname={{ zabbix_agent_hostname }}
ListenPort=10050
# Include=/usr/local/zabbix/conf/zabbix_agentd/*.conf
UnsafeUserParameters=0
运行结果如下:
浙公网安备 33010602011771号