Table of contents
Introduction
Details about good practice and examples around managing Zabbix in version control and configuration management
CMDB
Puppet
Puppet Control Repo
Configuration Structure
-
puppet-control-repo/heiradata/<OS Version>/nodescontains a list of YAML files for each node configuration. Inside will be a list of roles (under classes) of the role(s) which this server will fill. Specific server parameter overrides are defined here to differentiate this server from passive/active, master/slave or dev/prod. Details of Puppet Heira can be found on their website -
puppet-control-repo/site/role/manifests/zabbixcontains the file that define what is needed to fulfil a role. For example, a MySQL master server in an active site of and active/standby resilience solution may define a role called zabbix_db_primary.pp which uses profiles for mysql_server for generic MySQL settings and mysql_master for MySQL master settings. -
puppet-control-repo/site/profile/manifests/zabbixdefinitions of what a generic profile will look like. For example, zabbix_server.pp defines a class for a Zabbix Server which contains other classes that define its use of mysql client and zabbix server modules and what parameters, within these modules, to override or set at a profile level.
Configuration Parameters
Voxpopuli puppet-zabbix Module
https://github.com/voxpupuli/puppet-zabbix is a Puppet module for creating and maintaining a Zabbix infrastructure through Puppet.
Configuration Structure
- Monitored host configuration can be managed through the Puppet web interface (when
manage_resource = true). When you add anzabbix::agentto an host, it first install the agent onto the host. It will send some data to the puppetdb and when puppet runs on the zabbix-server it will create this new host via the zabbix-api
Although, making use of Zabbix’s auto-registration or discovery function is recommended
- You will need to supply one parameter:
zabbix_url. This is the url on which the zabbix instance will be available. - Important directories
-
puppet-zabbix/manifestsfiles here define what and how to set up a Zabbix process. It is also where the module, default, daemon configuration parameters are found (params.pp) -
puppet-zabbix/templatesis where the module, default, daemon configuration templates are found (e.g. zabbix_server.conf). They are used to construct the final files to be deployed -
puppet-zabbix/manifests/resourcesused if you want to manage Zabbix through the Puppet GUI
-
- individual server, proxy, db nodes, there needs to be:
-
classes:
- role::zabbix::zabbix_webor _server, _db, _proxy
-
Configuration Parameters
- setting database parameters in class
profile::zabbix::zabbix_proxyautomatically handles overrides in classmysql::server. E.g. setting zabbix::proxy::database_password will automatically set mysql::params::root_password - under heiradata structure, in common.yaml:
-
profile::zabbix::agent::server: 'proxy1.example.com, proxy2.example.com' -
profile::zabbix::agent::serverActive: 'proxy1.example.com, proxy2.example.com'
-
- For Zabbix DB node (e.g. hieradata/redhat/nodes/zabbix-db.example.com.yaml):
-
profile::zabbix::zabbix_db::zabbix_server: 'zabbix-server.example.com' -
profile::zabbix::zabbix_web::zabbix_server: 'zabbix-web.example.com'
-
- For Zabbix Server node (e.g. hieradata/redhat/nodes/zabbix-server.example.com.yaml):
-
profile::zabbix::zabbix_server::zabbix_db: 'zabbix-db.example.com'This should be removed from the host configuration and moved into a profile but using a DNS address that resolves to a different host by DNS
-
- For Zabbix Proxy node (e.g. hieradata/redhat/nodes/zabbix-proxy.example.com.yaml):
Puppet Labs MySQL Module
Using the Puppet labs core MySQL module
Configuration
Examples
Zabbix Puppet - Node Definition
Zabbix Puppet - Role Configuration
Zabbix Puppet - Site Params Configuration
Zabbix Puppet - Profile Configuration
Further reading
- Using double colons. NB. classes starting with a double colon are referencing just the top level and are exactly the same as if the first double colon didn’t exist. This is recommended against.
- A Puppetfile allows you to specify what content you want in each environment, what version of that content you want, and where you want to get the content from. For example, what module repository to use for apache:
- mod ‘apache’,
:git => ‘ssh://git@some.gitserver.com/puppet/puppetlabs-apache.git’,
:tag => ‘1.10.0’
- mod ‘apache’,
- Puppet handles encryption of passwords in a similar way to Ansible and recognises
ENC[PKCS7,some_encrypted_string]but with eyaml. Filenames by default must end in .eyaml. It has similar functions and defaults to keys being stored in ./keys/ (e.g. /etc/puppetlabs/puppet), therefore encrypting keys needs to happen in the direct parent directory or using--pkcs7-private-key=<s> - puppetlabs-mysql currently doesn’t work for mysql-community-server-5.7 and returns the following error
Error: Execution of '/usr/bin/mysql_install_db --basedir=/usr --datadir=/var/lib/mysql --user=mysql' returned 1: 2016-12-08 12:55:21 [WARNING] mysql_install_db is deprecated. Please consider switching to mysqld --initialize 2016-12-08 12:55:26 [ERROR] Child process: /usr/sbin/mysqldterminated prematurely with errno= 32 2016-12-08 12:55:26 [ERROR] Failed to execute /usr/sbin/mysqld --bootstrap --datadir=/var/lib/mysql --lc-messages-dir=/usr/share/mysql --lc-messages=en_US --basedir=/usr -- server log begin -- -- server log end -- Error: /Stage[main]/Mysql::Server::Installdb/Mysql_datadir[/var/lib/mysql]/ensure: change from absent to present failed: Execution of '/usr/bin/mysql_install_db --basedir=/usr --datadir=/var/lib/mysql --user=mysql' returned 1: 2016-12-08 12:55:21 [WARNING] mysql_install_db is deprecated. Please consider switching to mysqld --initialize 2016-12-08 12:55:26 [ERROR] Child process: /usr/sbin/mysqldterminated prematurely with errno= 32 2016-12-08 12:55:26 [ERROR] Failed to execute /usr/sbin/mysqld --bootstrap --datadir=/var/lib/mysql --lc-messages-dir=/usr/share/mysql --lc-messages=en_US --basedir=/usr -- server log begin -- -- server log end --