使用Jumpserver 作业中心批量安装 Zabbix-agent

使用Jumpserver 作业中心批量安装 Zabbix-agent,主要使用了 Jumpserver 内置的 Ansible 功能来实现
Jumpserver 操作可以参考官方文档：
https://kb.fit2cloud.com/?p=519e53ae-4b29-4dad-9ad4-10d5f81244a7

1、主机实现免密登陆，这个是前提条件。这个就不过多介绍了

2、模板管理，创建playbook,如图两个文件

我提供两个文件给大家，已亲测可以实现部署
main.yml文件(注意修改自己的环境 zabbix_server_ip zabbix_agent_url )
`

• name: 安装并配置Zabbix Agent（带启动检测和开机自启）
  hosts: all
  become: yes
  vars:
  zabbix_server_ip: "10.x.x.x"
  zabbix_agent_listen_port: 10050
  zabbix_agent_hostname: "{{ ansible_hostname }}"
  zabbix_agent_version: "7.0.10"
  zabbix_agent_url: "https://xxx.xxx.cn/downloads/zabbix/7.0/{{ zabbix_agent_version }}/zabbix_agent-{{ zabbix_agent_version }}-linux-3.0-amd64-static.tar.gz"
  install_dir: "/usr/local/zabbix"
  default_conf_path: "/usr/local/etc"
  default_conf_file: "{{ default_conf_path }}/zabbix_agentd.conf"
  log_dir: "/var/log/zabbix"
  pid_dir: "/var/run/zabbix"
  temp_tar_path: "/tmp/zabbix_agent.tar.gz"
  zabbix_user: "zabbix"
  zabbix_group: "zabbix"

  tasks:

  安装依赖包

  • name: 安装必要依赖（含policycoreutils-python）
    yum:
    name:
    - wget
    - tar
    - gzip
    - policycoreutils-python
    state: present

  创建用户和组

  • name: 创建zabbix用户组
    group:
    name: "{{ zabbix_group }}"
    state: present
    system: yes

  • name: 创建zabbix用户
    user:
    name: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"
    state: present
    system: yes
    shell: /sbin/nologin
    create_home: no
    home: "{{ install_dir }}"

  创建目录结构

  • name: 创建安装目录
    file:
    path: "{{ install_dir }}"
    state: directory
    mode: '0750'
    owner: root
    group: "{{ zabbix_group }}"

  • name: 创建默认配置目录
    file:
    path: "{{ default_conf_path }}"
    state: directory
    mode: '0755'
    owner: root
    group: root

  • name: 创建日志目录
    file:
    path: "{{ log_dir }}"
    state: directory
    mode: '0750'
    owner: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"

  • name: 创建PID目录
    file:
    path: "{{ pid_dir }}"
    state: directory
    mode: '0750'
    owner: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"

  • name: 确保PID目录重启后自动重建
    copy:
    content: "d {{ pid_dir }} 0750 {{ zabbix_user }} {{ zabbix_group }} -"
    dest: /etc/tmpfiles.d/zabbix.conf
    mode: '0644'

  • name: 创建扩展配置目录
    file:
    path: "{{ install_dir }}/conf/zabbix_agentd"
    state: directory
    mode: '0750'
    owner: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"

  下载和解压

  • name: 下载Zabbix Agent静态包
    command: >
    wget --retry-connrefused --waitretry=5 --read-timeout=30 --timeout=20 -t 5
    -O {{ temp_tar_path }} {{ zabbix_agent_url }}
    args:
    creates: "{{ temp_tar_path }}"
    register: download_result
    retries: 3
    until: download_result is succeeded

  • name: 解压压缩包
    command: >
    tar -zxvf {{ temp_tar_path }} -C {{ install_dir }} --strip-components=1
    args:
    creates: "{{ install_dir }}/sbin/zabbix_agentd"

  设置文件权限

  • name: 设置二进制文件权限
    file:
    path: "{{ install_dir }}/sbin/zabbix_agentd"
    mode: '0750'
    owner: root
    group: "{{ zabbix_group }}"

  配置文件处理

  • name: 生成临时配置文件
    template:
    src: zabbix_agentd.conf.j2
    dest: "{{ install_dir }}/conf/zabbix_agentd.conf"
    mode: '0640'
    owner: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"

  • name: 拷贝配置文件到默认路径
    copy:
    src: "{{ install_dir }}/conf/zabbix_agentd.conf"
    dest: "{{ default_conf_file }}"
    remote_src: yes
    mode: '0640'
    owner: "{{ zabbix_user }}"
    group: "{{ zabbix_group }}"

  配置systemd服务

  • name: 创建systemd服务文件
    copy:
    content: |
    [Unit]
    Description=Zabbix Agent
    After=network.target

    [Service]
    Type=forking
    ExecStart={{ install_dir }}/sbin/zabbix_agentd -c {{ default_conf_file }}
    Restart=always
    User={{ zabbix_user }}
    Group={{ zabbix_group }}
    PrivateTmp=true
    ProtectSystem=full
    NoNewPrivileges=true[Install]
    WantedBy=multi-user.target
    

    dest: /etc/systemd/system/zabbix-agent.service
    mode: '0644'
    owner: root
    group: root
    notify: 重新加载systemd

  SELinux配置

  • name: 配置SELinux允许Zabbix端口
    seport:
    ports: "{{ zabbix_agent_listen_port }}"
    proto: tcp
    setype: zabbix_agent_port_t
    state: present
    when: ansible_selinux.status == 'enabled'

  重启服务并检测

  • name: 重启Zabbix Agent服务
    service:
    name: zabbix-agent
    state: restarted

  • name: 等待服务启动（最多10秒）
    wait_for:
    path: "{{ pid_dir }}/zabbix_agentd.pid"
    state: present
    timeout: 10
    register: pid_check

  • name: 检测服务是否启动成功
    fail:
    msg: "Zabbix Agent启动失败，未找到PID文件"
    when: pid_check is failed

  • name: 验证服务状态
    command: systemctl is-active zabbix-agent
    register: service_status
    failed_when: service_status.stdout != 'active'

  • name: 检查防火墙状态
    service:
    name: firewalld
    state: started
    register: firewall_status
    check_mode: yes
    ignore_errors: yes

  • name: 防火墙运行时放行10050/tcp端口
    firewalld:
    port: "{{ zabbix_agent_listen_port }}/tcp"
    state: enabled
    immediate: yes
    permanent: yes
    when: firewall_status is succeeded

  配置开机自启

  • name: 确保Zabbix Agent开机自启
    service:
    name: zabbix-agent
    enabled: yes

  • name: 验证开机自启配置
    command: systemctl is-enabled zabbix-agent
    register: enable_status
    failed_when: enable_status.stdout != 'enabled'

  • name: 安装成功提示
    debug:
    msg: "Zabbix Agent已成功启动并配置开机自启！"

  handlers:

  • name: 重新加载systemd
    command: systemctl daemon-reload`

zabbix_agentd.conf.j2 文件
PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server=10.8.9.5
ServerActive=10.8.9.5
Hostname={{ zabbix_agent_hostname }}
ListenPort=10050

Include=/usr/local/zabbix/conf/zabbix_agentd/*.conf

UnsafeUserParameters=0