使用Ansible在Centos7上安装nagios

2 年 ago
科, 雅
4 minutes

总结

    • Ansibleの練習のためにこの記事を書きました

 

    • yumでApacheとNagiosのインストールをし、コンフィグの修正を行います

 

    • デフォルトのコンフィグとの差分を管理するためにRCSを利用しています

 

    Ansibleサーバの構築から行い、ローカルホストに対して実行します

试验环境

    • Centos7 (minimalインストール)

 

    • Ansible 2.7 (EPEL)

 

    Nagios 4.4 (EPEL)
# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

# uname -r
3.10.0-957.10.1.el7.x86_64

安装Ansible

# yum -y install epel-release
# yum -y install ansible
# ansible --version
ansible 2.7.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Apr  9 2019, 14:30:50) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Ansible的配置

准备Ansible的主机

[nagios-server]
127.0.0.1

准备Playbook

- hosts: nagios-server
  remote_user: root
  tasks:
   - name: yum install nagios
     yum:
       name: "{{item.name}}"
       enablerepo: "{{item.repo}}"
       state: present
     with_items:
       - {name: httpd, repo: }
       - {name: nagios, repo: epel}
       - {name: nagios-plugins, repo: epel}
     notify:
       - Start & Enable Apache
       - Start & Enable Nagios

   - name: Install RCS
     yum:
       name: "{{item.name}}"
       enablerepo: "{{item.repo}}"
       state: present
     with_items:
       - {name: rcs, repo: }
   - shell: |

       ci -l /etc/php.ini << EOS
       .
       EOS
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;date.timezone =$"
       replace: "date.timezone =Asia/Tokyo"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^expose_php = On$"
       replace: "expose_php = Off"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^session.hash_function = 0$"
       replace: "session.hash_function = sha512"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;session.entropy_file = /dev/urandom$"
       replace: "session.entropy_file = /dev/urandom"
   - name: Setting php.ini
     replace:
       path: /etc/php.ini
       regexp: "^;session.entropy_length = 32$"
       replace: "session.entropy_length = 128"
     notify:
       - Start & Enable Apache
       - Start & Enable Nagios

   - shell: |
       ci -l /etc/httpd/conf/httpd.conf << EOS
       .
       EOS
   - name: 特定の場所に追加
     blockinfile:
       dest: /etc/httpd/conf/httpd.conf
       insertafter: '^IncludeOptional conf.d/*.conf$'
       content: |
         ServerTokens Prod
         ServerSignature Off
         TraceEnable Off
     notify:
       - Start & Enable Apache

   - shell: |
       ci -l /etc/httpd/conf.d/welcome.conf << EOS
       .
       EOS
   - name: Setting Apache welcom.conf
     replace:
       path: /etc/httpd/conf.d/welcome.conf
       regexp: "^    ErrorDocument 403 /.noindex.html$"
       replace: "#   ErrorDocument 403 /.noindex.html"
     notify:
       - Start & Enable Apache

  handlers:
    -  name: Start & Enable Apache
       systemd:
         name: httpd.service
         state: restarted
         enabled: yes
    - name: Start & Enable Nagios
      systemd:
        name: nagios.service
        state: restarted
        enabled: yes

运行Ansible

进行语法检查。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --syntax-check

playbook: /etc/ansible/nagios.yml

因为似乎没有特别的问题,所以我们将以不需要进行更改的检查模式进行实施。
在对话中手动输入密码。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --check
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."}
        to retry, use: --limit @/etc/ansible/nagios.retry

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=0    changed=0    unreachable=0    failed=1

由於檢測到指紋錯誤,我將手動登錄一次。

ssh 127.0.0.1

你确定要继续连接吗(是/否)?

如果问到,我会回答”yes”并再次进行检查。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass --check
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
ok: [127.0.0.1]

TASK [yum install nagios] ******************************************************************************************
changed: [127.0.0.1] => (item={u'repo': None, u'name': u'httpd'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios-plugins'})

TASK [Install RCS] *************************************************************************************************
ok: [127.0.0.1] => (item={u'repo': None, u'name': u'rcs'})

TASK [shell] *******************************************************************************************************
skipping: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Path /etc/php.ini does not exist !", "rc": 257}

RUNNING HANDLER [Start & Enable Apache] ****************************************************************************

RUNNING HANDLER [Start & Enable Nagios] ****************************************************************************
        to retry, use: --limit @/etc/ansible/nagios.retry

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=3    changed=1    unreachable=0    failed=1

任务【设置php.ini】*********************************************************************************************
致命错误:[127.0.0.1]:失败!=> {“changed”: false, “msg”: “路径/etc/php.ini不存在!”, “rc”: 257}

由于缺少php.ini文件,导致出现错误,但是我们可以忽略它,因为这是在安装之前。我们将执行安装。

# ansible-playbook /etc/ansible/nagios.yml --ask-pass
SSH password:

PLAY [nagios-server] ***********************************************************************************************

TASK [Gathering Facts] *********************************************************************************************
ok: [127.0.0.1]

TASK [yum install nagios] ******************************************************************************************
changed: [127.0.0.1] => (item={u'repo': None, u'name': u'httpd'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios'})
changed: [127.0.0.1] => (item={u'repo': u'epel', u'name': u'nagios-plugins'})

TASK [Install RCS] *************************************************************************************************
ok: [127.0.0.1] => (item={u'repo': None, u'name': u'rcs'})

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [Setting php.ini] *********************************************************************************************
changed: [127.0.0.1]

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [特定の場所に追加] ****************************************************************************************************
changed: [127.0.0.1]

TASK [shell] *******************************************************************************************************
changed: [127.0.0.1]

TASK [Setting Apache welcom.conf] **********************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [Start & Enable Apache] ****************************************************************************
changed: [127.0.0.1]

RUNNING HANDLER [Start & Enable Nagios] ****************************************************************************
changed: [127.0.0.1]

PLAY RECAP *********************************************************************************************************
127.0.0.1                  : ok=15   changed=13   unreachable=0    failed=0

执行后的确认

我会检查服务的启动情况。

    • apachectl status

 

    • nagiostats

 

    • systemctl list-unit-files | grep -E ‘httpd|nagios’

 

    ブラウザでの表示確認(アカウントは nagiosadmin/nagiosadmin です)

杂感

之后,由于升级了Ansible版本,出现了错误。
幂等性是这种工具的特点,但考虑到Ansible版本可能导致操作发生变化的风险,我也强烈感受到了使用shell脚本进行管理的优势。
通常的shell脚本需要对每台机器进行执行,而不是管理多台机器,所以在这方面有明显的优势。

bannerAds