diff --git a/roles/zabbix-agent/CHANGELOG.md b/roles/zabbix-agent/CHANGELOG.md new file mode 100644 index 000000000..e2fc1d098 --- /dev/null +++ b/roles/zabbix-agent/CHANGELOG.md @@ -0,0 +1,294 @@ +# Ansible Zabbix Agent release + +Below an overview of all changes in the releases. + +Version (Release date) + +FINAL and LAST release for this role in this repository. This role will be transferred to: https://github.com/ansible-collections/community.zabbix/ + +2.3.0 (2020-05-05) + + * Prevent to run multiple time installation on localhost #334 (By pull request: SimBou (Thanks!)) + * Add support for XCP-ng as a dialect of RHEL7 #335 (By pull request: KurtSchluss (Thanks!)) + * Fix: Changed apt state to present from installed. #336 (By pull request: sebedh (Thanks!)) + * Selinux boolean to allow zabbix to run sudo commands #340 (By pull request: Vinclame (Thanks!)) + * Added performance userparameter.yml on Windows #342 (By pull request: ComradeAx0n (Thanks!)) + * Added some missing ubuntu ids #344 + +2.2.0 (2020-03-07) + + * Add weight for apt #333 + * Added property zabbix_agent_src_reinstall so it will succeed the idem… #332 + * Set the correct until which had a wrong value #330 + * Partly reverting change for Debian #329 + * Added debian #327 + * Reorder task based on issue #326 + * Removing deprication warnings #325 + * Removed the as it will add a proxy line that blocks everything #324 + * adding empty dict to zabbix_agent_inventory_zabbix #323 (By pull request: tobiasehlert (Thanks!)) + * setting value for zabbix_agent_ipmi_authtype and zabbix_agent_ipmi_privilege #319 (By pull request: tobiasehlert (Thanks!)) + * Preventing of adding empty ListenIP= to the config file #318 (By pull request: ddyugaev (Thanks!)) + * Use proxy if defined (Windows) #316 (By pull request: lingfish (Thanks!)) + * RedHat proxy set in repo file #315 (By pull request: lingfish (Thanks!)) + * Windows agent download link fix #313 (By pull request: ddyugaev (Thanks!)) + * Apply proxy settings when installing deb-src repositories #312 (By pull request: KurtSchluss (Thanks!)) + * added additional zabbix_host parameter #307 (By pull request: pugnacity (Thanks!)) + * fix check mode on Windows #305 (By pull request: Poil (Thanks!)) + * Move up task 'Override architecture if 64-bit' #304 (By pull request: Gati0 (Thanks!)) + * Avoid conflicts with the zabbix_version and zabbix_url variables #303 (By pull request: santiagomr (Thanks!)) + * Fix incorrect handler names #299 (By pull request: gunnarbeutner (Thanks!)) + * Implement support for macOS #298 (By pull request: gunnarbeutner (Thanks!)) + * Improving readability and avoiding repeated code #296 (By pull request: santiagomr (Thanks!)) + * 'Template OS Linux' doesn't exist in Zabbix 4.4 #295 + * Add follow_redirects for download Windows-Agent on Windows #294 (By pull request: Gati0 (Thanks!)) + +2.1.0 (2019-11-25) + + * Fix typos #274 (By pull request: akamch (Thanks!)) + * Added retry for API related tasks #275 + * Added missing task for adding a TLS-PSK file #280 + * Remove the host running Docker from Molecule for now #281 + * Updating to Zabbix 4.4 #282 + * Trying to use a Matrix in Travis and see what happens.. :-) + * Pass params to Ansible Zabbix modules used by role to allow HTTP Basi… #285 (By pull request: nadley (Thanks!)) + * RHEL8 specific changes for SELinux #286 (By pull request: bdekker-routit (Thanks!)) + * userparameters from parametizable sources #287 (By pull request: santiagomr (Thanks!)) + * Added cosmic to the zabbix.yml vars file. + +2.0.0 (2019-09-29) + + * Using Ansible 2.7 as minimal version; + * fix repository problem #236 (By pull request: kmonticolo (Thanks!)) + * Added ansible_python_interpreter for Fedora #238 + * Allow to use a (http|https) proxy for downloading of packages #239 + * fix repository problem #240 (By pull request: kmonticolo (Thanks!)) + * Add Debian 10 (buster) for Zabbix 4.2,4.0 and 3.0 #243 (By pull request: patede (Thanks!)) + * Add "vars" tag to include variables #247 (By pull request: j8r (Thanks!)) + * Introduce AutoPSK for easy encryption; Closes dj-wasabi/ansible-zabbix-agent#250 #251 (By pull request: kr4ut (Thanks!)) + * Install selinux-policy-targeted (dependency) #255 (By pull request: Maelstrom96 (Thanks!)) + * Add support to FreePBX #261 (By pull request: darco1991 (Thanks!)) + * Add support for firewalld zone #262 (By pull request: darco1991 (Thanks!)) + * Fix group membership zabbix_agent.d dir according to #246 #264 + * According to #263 1100 needs to be added to the sc.exe call #265 + * Changing gpg keys #267 + * Added suggested task for correct installation of Zabbix on Amazon #270 + * Added some properties for configuring iptables #271 + * Bare variable deprecation #272 (By pull request: average-joe (Thanks!)) + * Moving zabbix_agent_ip to Linux.yml and create a new one for Windows.yml #268 + +1.7.1 (2019-06-04) + + * Revert breaking changes #232 (By pull request: crazikPL (Thanks!)) + +1.7.0 (2019-05-30) + + * Updated to Zabbix 4.2 to default installations #221 + * Fixed for the default scenario the warnings #222 + * Add Windows Agent update and service auto-recovery #223 (By pull request: pimooss (Thanks!)) + * Added Docker image #224 + * Add details on requiring sudo access for python-netaddr #226 (By pull request: willhallonline (Thanks!)) + * Defining different jmx port number to configuring firewall #227 (By pull request: 0utsider (Thanks!)) + * Update syntax to ansible 2.8 #228 (By pull request: crazikPL (Thanks!)) + * Use EPEL 7 when Amazon 2 #230 (By pull request: bkmeneguello (Thanks!)) + +1.6.1 (2019-04-12) + + * Update userparameter.yml #215 (By pull request: Jookadin (Thanks!)) + * Pip packages install variable #217 (By pull request: rnsc (Thanks!)) + * Added task that was previously in role #219 + +1.6.0 (2019-03-13) + + * Added task for installation of the zabbix-api package #191 + * Restart agent when PSK file changes (fixes #193) #194 (By pull request: pigulla (Thanks!)) + * Added a until loop to retry installations as suggested by ansible-lint #195 + * Add fedora 29 support #199 (By pull request: average-joe (Thanks!)) + * Set default values if property is undefined #203 + * Add installation of pip package netaddr #204 + * Add option not to elevate privileges locally #206 (By pull request: dennisse (Thanks!)) + * Windows zabbix agent handler #209 (By pull request: rnsc (Thanks!)) + * Add Bionic to sign keys for zabbix-agent v3.0 and v3.2 #211 (By pull request: mamedin (Thanks!)) + * Fix for: zabbix_agent_tlsconnect and zabbix_agent_tlsaccept are mixed #205 + * Fix for: Role Should NOT Smash Ansible Facts #207 + +1.5.0 (2018-10-19) + + * Added installation on Windows + * Firewalld #166 (By pull request: 0utsider (Thanks!)) + * Using same container as with the server #167 + * Zabbix 4.0 now default installation + * enable support for https enabled zabbix frontends/apis #173 (By pull request: rolfvreijdenberger (Thanks!)) + +1.4.0 (2018-09-11) + + * Add configuration to prevent host updating via zabbix api #150 (By pull request: sblaisot (Thanks!)) + * Handle encryption when adding host to zabbix server #151 (By pull request: sblaisot (Thanks!)) + * Removed the warning message #156 + * Updating versions to be installed #157 + * Added 2nd Molecule Scenario #158 + * Parameterizing userparameter deployment #159 (By pull request: rubentsirunyan (Thanks!)) + * fix typo #160 (By pull request: kmonticolo (Thanks!)) + * Reflect changed license in README #161 (By pull request: stephankn (Thanks!)) + * remove deprecated loop #162 (By pull request: stephankn (Thanks!)) + * Fix when running ansible in --check mode #163 (By pull request: AlbanAndrieu (Thanks!)) + +1.3.0 (2018-06-23) + + * fixes issue "Configure iptables task fail" #128 (By pull request: andreagrax (Thanks!)) + * Fix travis docker #131 + * Added several 'become: yes' to tasks #133 + * Added gpg key id for agent version 3.0 in Debian Stretch #135 (By pull request: hatifnatt (Thanks!)) + * Upgrade minimum Ansible version from 1.9 --> 2.4 + * Added a License, Code of Conduct and some more files + * Fix for Misleading repo name #147 + * fixes for the userparameter task #138 (By pull request: HNKNTA (Thanks!)) + * Support for Debian 9 and Ubuntu 18.04 + * Added fix for: Host autoregistered in zabbix with IP 0.0.0.0 when Lis… #141 + +1.2.0 (2018-01-25) + + * Fix for: Some RedHat subtask are missing become option #116 + * Delete option "run_once" from task "Create hostgroups" #119 (By pull request: mgornikov (Thanks!)) + * Fix the CI Travis build again. + * Fix for: Changing zabbix_version breaks role #117 + * Added sonya #120 + * Add clean all #121 + * allow 127.0.0.1 for listenip #124 (By pull request: blodone (Thanks!)) + * Get selinux status #125 (By pull request: andreagrax (Thanks!)) + * Add new variable zabbix_visible_hostname #126 (By pull request: samyscoub (Thanks!)) + * Replaced `yum` with `package` #127 (By pull request: average-joe (Thanks!)) + +1.1.0 (2017-11-13) + + * Add zabbix_ to agent_serveractive and agent_server #101 (By pull request: asosso (Thanks!)) + * Fix typo #102 (By pull request: asosso (Thanks!)) + * Added support for Zabbix host inventory mode #103 (By pull request: mgornikov (Thanks!)) + * Trying to fix mint #105 + * Do not report as change when update an existing host's info #107 (By pull request: asosso (Thanks!)) + * Add default value for zabbix_inventory_mode #108 (By pull request: asosso (Thanks!)) + * Added IPtables #111 + * Added when for enabling repo when zabbix_repo==zabbix #112 + * Added stretch for Zabbix 3.2 #115 + +1.0.3 (2017-09-07) + + * Fix attempt two for: zabbix_agent_listenip not working as expected #98 + * Updated Molecule V1 test to Molecule V2. + +1.0.2 (2017-09-03) + + * Fix for: zabbix_agent_listenip not working as expected #98 + * Fix for: s/agent_interfaces/zabbix_agent_interfaces #95 && 'agent_interfaces' is undefined #94 + * Forgot to update documentation with the new variable names (Added the `zabbix_` prefixes.) + +1.0.1 (2017-08-31) + + * Fix for: Error in: Create directory for PSK file if not exist + +1.0.0 (2017-08-30) + + * From ini to yml style. + * Used yum instead of apt #78 + * Installing default 3.4. + * Prefixed all properties that started with `agent_` with the value `zabbix_`. + * [DOCS] Fix readme for zabbix_api_create_hosts #82 (By pull request: Logan2211 (Thanks!)) + * Workaround https://github.com/ansible/ansible-modules-core/issues/3764 #85 (By pull request: ma-tty (Thanks!)) + * Added Mint #88 + * Include Debian stretch in 3.4 #89 (By pull request: rtgibbons (Thanks!)) + * Add creation of PSK file #90 + * Fix for: Key-dependent repository installed before the key #80 + * Set Molecule to V1 for now since V2 is released. + +0.10.0 (2017-07-25) + + * Added run_once to only execute the task once #77 + * Adds zabbix_selinux variable to README #75 + * Adding tasks for selinux #74 + * Fix type number of jmx/ipmi #65 (By pull request: fazelgh (Thanks!)) + * zabbix_hostmacro fix #64 (By pull request: dguihal (Thanks!)) + * Does not confuse with zabbix_api_use setting. #61 (By pull request: i5513 (Thanks!)) + * get gpg key over https #60 (By pull request: sjugge (Thanks!)) + * Using the same version handling as with the zabbix-server #59 + +0.9.0 (2016-12-30) + + * Fix hostname mistmatch when updating macros #54 (By pull request: tahajahangir (Thanks!)) + * Update main.yml #52 (By pull request: envrm (Thanks!)) + * Added zabbix.yml vars for correct apt_key id #48 + * Updated to Zabbix 3.2.0 #47 + * Fix missed tag #43 (By pull request: leominov (Thanks!)) + * Set everything the same with agent_hostname + +0.8.0 (2016-08-24) + + * Added more tests for Molecule + * Configured Travis to execute the Molecule tests + * specified become for local tasks #33 (By pull request: kam1kaze (Thanks!)) + * add proxy param to zabbix api #34 (By pull request: kam1kaze (Thanks!)) + * Fix for: zabbix 3 JMX interface Added property `agent_interfaces` to configure the interfaces via the API. + * Fix for: skip zabbix_group module (Replaced `zabbix_api_use` by the properties `zabbix_api_create_hostgroup` and `zabbix_api_create_hosts`) + +0.7.0 (2016-07-11) + + * Fix for: zabbix_repo - inconsistent use between server and agent roles. #17 + * Fix for: apache 2.2. and 2.4 #15 + * Removed Test Kitchen tests and added Molecule tests. + * remove deprecated py scripts in library dir #32 (By pull request: mescanef (Thanks!)) + +0.6.0 (2016-05-12) + + * Changed sudo to become. #30 (By pull request: UnderGreen (Thanks!)) + * No reason for zabbix to able to change its own config #25 (By pull request: burner1024 (Thanks!)) + * Updated documentation for Zabbix 3.0 + * Updated Zabbix 3.0 OS list + * Fixed tests + +0.5.0 (2016-02-16) + + * Zabbix 3.0 + * Moved "set_facts" to var files. + * Added basic travis-si test. + +0.4.0 (2016-01-31) + + * zabbix_host_groups not working as expected #4 (By pull request: Pion (Thanks!)) + * set cache_valid_time=0 to ensure an apt-get update after the added repo-key (By pull request: lhoss (Thanks!)) + * Add api tag to set_fact. Fixes #19 (By pull request: kostyrevaa (Thanks!)) + * add sudo, and add zabbix-api dependency to readme.md (By pull request: Savemech (Thanks!)) + * default zabbix_agent to all interfaces #14 (By pull request: dlbewley (Thanks!)) + * enable use of EPEL packages #11 (By pull request: dlbewley (Thanks!)) + * Fixed kitchen test setup + * Removed zabbix_group (is already in Ansible), updated zabbix_host + * Added tag: zabbix-agent + +0.3.0 (2015-08-25) + + * Fixes for RHEL 6 Server on ansible 1.9.2 #10 (By pull request: bwaters (Thanks!)) + * remove macros from defaults fixes issue #7 (By pull request: kostyrevaa (Thanks!)) + * defaults/main.yml is not in line with the README #5 (By pull request: dhxgit (Thanks!)) + * Added empty dependencies list to meta/main.yml #3 (By pull request: neneko-mun (Thanks!)) + * Ubuntu is uppercase in ansible_distribution #2 (By pull request: wascheck (Thanks!)) + +0.2.1 (2015-03-20) + + * Create hostgroups requires zabbix_api #1 (By pull request: wascheck (Thanks!)) + +0.2.0 (2015-03-06) + + * Added some "cove" modules for automatically creating agents in webinterface via api + * Updated template for correct listeninterface + +0.1.0 (2015-02-01) + + * Updated readme; added double quotes on names; added var zabbix_repo; + +0.0.2 (2014-11-05) + + * Added suse as operating system + * Updated documentation + * Updated the name for the debian repositories for including deb or deb-src + + +0.0.1 (2014-11-01) + + * Initial Version diff --git a/roles/zabbix-agent/CODE_OF_CONDUCT.md b/roles/zabbix-agent/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..26e4badb1 --- /dev/null +++ b/roles/zabbix-agent/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at github@werner-dijkerman.nl. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/roles/zabbix-agent/CONTRIBUTING.md b/roles/zabbix-agent/CONTRIBUTING.md new file mode 100644 index 000000000..1571f1fcf --- /dev/null +++ b/roles/zabbix-agent/CONTRIBUTING.md @@ -0,0 +1,88 @@ +# Contributing to this role + +**Table of contents** + +- [Contributing to this role](#contributing-to-this-role) + * [Contributing](#contributing) + * [(local) Development](#-local--development) + + [Requirements](#requirements) + + [Execution](#execution) +- [Other](#other) + * [Virtualenv](#virtualenv) + * [Links](#links) + +Thank you very much for making time to improve this Ansible role. + +## Contributing + +Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). + +1. Fork the repo + +2. Create a branch and apply your changes to this branch. + + a. Make sure you have updated the documentation when adding new variables; + + b. Don't forget to add/update tests so we can test the functionality during each Pull Request; + + c. Make sure the tests succeed. + +3. Push the branch to your fork and submit a pull request. + +**Note** + +Pull Requests that fail during the tests will not be merged. + +## Coding Guidelines + +Style guides are important because they ensure consistency in the content, look, and feel of a book or a website. + +* [Ansible Style Guide](http://docs.ansible.com/ansible/latest/dev_guide/style_guide/) +* It's "Ansible" when referring to the product and ``ansible`` when referring to the command line tool, package, etc +* Playbooks should be written in multi-line YAML with ``key: value``. The form ``key=value`` is only for ``ansible`` ad-hoc, not for ``ansible-playbook``. +* Tasks should always have a ``name:`` + +## (local) Development + +This role makes use of Molecule to test the execution of the role and verify it. In the root of the repository https://github.com/dj-wasabi/ansible-ci-base, a file named `requirements.txt` exists and contains the versions used by the tests. + +### Requirements + +You can install them with the following command: + +``` +pip install -r requirements.txt +``` + +Once the dependencies are installed, please install Docker as Molecule is configured in this repository to create Docker containers. See [this](https://docs.docker.com/install/) link to install Docker on your system. + +### Execution + +Once everything is installed, you can validate your changes by executing: +``` +molecule test +``` + +It should run without any issues. + +# Other + +## Virtualenv + +Suggestion is to create a virtualenv so you won't have issues with other projects. + +Some web pages describing virtualenvs: + +* http://thepythonguru.com/python-virtualenv-guide/ +* https://realpython.com/python-virtual-environments-a-primer/ +* https://www.dabapps.com/blog/introduction-to-pip-and-virtualenv-python/ + +## Links + +[Molecule](https://molecule.readthedocs.io/) + +[Ansible](https://www.ansible.com/) + +[Molecule V2 with your own role](https://werner-dijkerman.nl/2017/09/05/using-molecule-v2-to-test-ansible-roles/) + +**End note**: Have fun making changes. If a feature helps you, then others find it helpful too and I will happily have it merged. diff --git a/roles/zabbix-agent/LICENSE b/roles/zabbix-agent/LICENSE new file mode 100644 index 000000000..6922fb326 --- /dev/null +++ b/roles/zabbix-agent/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Werner Dijkerman + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/zabbix-agent/PULL_REQUEST_TEMPLATE.md b/roles/zabbix-agent/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000..70c5edefc --- /dev/null +++ b/roles/zabbix-agent/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +**Description of PR** + + +**Type of change** + + +Feature Pull Request +Bugfix Pull Request +Docs Pull Request + +**Fixes an issue** + diff --git a/roles/zabbix-agent/README.md b/roles/zabbix-agent/README.md new file mode 100644 index 000000000..742cea4db --- /dev/null +++ b/roles/zabbix-agent/README.md @@ -0,0 +1,604 @@ +Table of Contents + +- [Overview](#overview) +- [Requirements](#requirements) + * [Operating systems](#operating-systems) + * [Local system access](#local-system-access) + * [Zabbix Versions](#zabbix-versions) + + [Zabbix 4.4](#zabbix-44) + + [Zabbix 4.2](#zabbix-42) + + [Zabbix 4.0](#zabbix-40) + + [Zabbix 3.4](#zabbix-34) + + [Zabbix 3.2](#zabbix-32) + + [Zabbix 3.0](#zabbix-30) + + [Zabbix 2.4](#zabbix-24) + + [Zabbix 2.2](#zabbix-22) +- [Getting started](#getting-started) + * [Installation](#installation) + * [Minimal Configuration](#minimal-configuration) + * [Issues](#issues) +- [Role Variables](#role-variables) + * [Main variables](#main-variables) + * [TLS Specific configuration](#tls-specific-configuration) + * [Zabbix API variables](#zabbix-api-variables) + * [Windows Variables](#windows-variables) + * [Docker Variables](#docker-variables) + * [Other variables](#other-variables) + * [proxy](#proxy) +- [Dependencies](#dependencies) +- [Example Playbook](#example-playbook) + * [agent_interfaces](#agent-interfaces) + * [Other interfaces](#other-interfaces) + * [Vars in role configuration](#vars-in-role-configuration) + * [Combination of group_vars and playbook](#combination-of-group-vars-and-playbook) + * [Example for TLS PSK encrypted agent communication](#example-for-tls-psk-encrypted-agent-communication) +- [Molecule](#molecule) + * [default](#default) + * [with-server](#with-server) + * [before-last-version](#before-last-version) +- [Deploying Userparameters](#deploying-userparameters) +- [License](#license) +- [Author Information](#author-information) + +# Introduction + +This role is migrated to: https://github.com/ansible-collections/community.zabbix/ +In this repository, a read only version is/will be available for those who can not make use of collections (yet). Changes/updates will only be applied to the collection and not in this repository. + +# Requirements +## Operating systems +This role will work on the following operating systems: + + * Red Hat + * Fedora + * Debian + * Ubuntu + * opensuse + * Windows (Best effort) + * macOS + +So, you'll need one of those operating systems.. :-) +Please sent Pull Requests or suggestions when you want to use this role for other Operating systems. + +## Local system access + +To successfully complete the install the role requires `python-netaddr` on the controller to be able to manage IP addresses. This requires that the library is available on your local machine (or that `pip` is installed to be able to run). This will likely mean that running the role will require `sudo` access to your local machine and therefore you may need the `-K` flag to be able to enter your local machine password if you are not running under root. + +## Zabbix Versions + +See the following list of supported Operating systems with the Zabbix releases: + +### Zabbix 4.4 + + * CentOS 7.x, 8.x + * Amazon 7.x + * RedHat 7.x, 8.x + * Fedora 27, 29 + * OracleLinux 7.x, 8.x + * Scientific Linux 7.x, 8.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9, 10 + * macOS 10.14, 10.15 + +### Zabbix 4.2 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * Fedora 27, 29 + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9, 10 + * macOS 10.14, 10.15 + +### Zabbix 4.0 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * Fedora 27, 29 + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9, 10 + * macOS 10.14, 10.15 + +### Zabbix 3.4 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * Fedora 27, 29 + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 7, 8, 9 + +### Zabbix 3.2 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * Fedora 27, 29 + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04 + * Debian 7, 8 + +### Zabbix 3.0 + + * CentOS 5.x, 6.x, 7.x + * Amazon 5.x, 6.x, 7.x + * RedHat 5.x, 6.x, 7.x + * OracleLinux 5.x, 6.x, 7.x + * Scientific Linux 5.x, 6.x, 7.x + * Ubuntu 14.04 + * Debian 7, 8 + +### Zabbix 2.4 + + * CentOS 6.x, 7.x + * Amazon 6.x, 7.x + * RedHat 6.x, 7.x + * OracleLinux 6.x, 7.x + * Scientific Linux 6.x, 7.x + * Ubuntu 12.04 14.04 + * Debian 7 + +### Zabbix 2.2 + + * CentOS 5.x, 6.x + * RedHat 5.x, 6.x + * OracleLinux 5.x, 6.x + * Scientific Linux 5.x, 6.x + * Ubuntu 12.04 + * Debian 7 + * xenserver 6 + +# Getting started + +## Installation + +Installing this role is very simple: `ansible-galaxy install dj-wasabi.zabbix-agent` + +This will install the zabbix-agent role into your `roles` directory. + +## Minimal Configuration + +In order to get the Zabbix Agent running, you'll have to define the following properties before executing the role: + +* zabbix_agent_version +* zabbix_agent_server +* zabbix_agent_serveractive (When using active checks) + +The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 4.0`, `zabbix_agent_version: 3.4` or `zabbix_agent_version: 2.2`. + +The `zabbix_agent_server` (and `zabbix_agent_serveractive`) should contain the ip or fqdn of the host running the Zabbix Server. + +## Issues + +Due to issue discussed on [#291](https://github.com/dj-wasabi/ansible-zabbix-agent/issues/291), the Ansible Version 2.9.{0,1,2} isn't working correctly on Windows related targets. + +# Role Variables + +## Main variables + +There are some variables in default/main.yml which can (or need to) be overridden: + +* `zabbix_agent_server`: The ip address for the zabbix-server or zabbix-proxy. + +* `zabbix_agent_serveractive`: The ip address for the zabbix-server or zabbix-proxy for active checks. + +* `zabbix_agent_version`: This is the version of zabbix. Default it is 4.4, but can be overridden to one of the versions mentioned in [Zabbix Versions](#zabbix-versions). Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. + +* `zabbix_repo`: Default: _zabbix_ + * _epel_ install agent from EPEL repo + * _zabbix_ (default) install agent from Zabbix repo + * _other_ install agent from pre-existing or other repo + +* `zabbix_agent_listeninterface`: Interface zabbix-agent listens on. Leave blank for all. + +* `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent`. In case for EPEL, it is automatically renamed. + +* `zabbix_sender_package`: The name of the zabbix-sender package. Default: `zabbix-sender`. In case for EPEL, it is automatically renamed. + +* `zabbix_get_package`: The name of the zabbix-get package. Default: `zabbix-get`. In case for EPEL, it is automatically renamed. + +* `zabbix_agent_package_state`: If Zabbix-agent needs to be present or latest. + +* `zabbix_agent_interfaces`: A list that configured the interfaces you can use when configuring via API. + +* `zabbix_selinux`: Enables an SELinux policy so that the agent will run. Default: False. + +* `zabbix_agent_userparameters`: List of userparameter names and scripts (if any). Detailed description is given in the [Deploying Userparameters](#deploying-userparameters) section. Default: `[]` (Empty list). + * `name`: Userparameter name (should be the same with userparameter template file name) + * `scripts_dir`: Directory name of the custom scripts needed for userparameters + +* `zabbix_agent_userparameters_templates_src`: indicates the relative path (from `templates/`) where userparameter templates are searched + +* `zabbix_agent_userparameters_scripts_src`: indicates the relative path (from `files/`) where userparameter scripts are searched + +* `zabbix_agent_allowroot`: Allow the agent to run as 'root'. 0 - do not allow, 1 - allow + +* `zabbix_agent_runas_user`: Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled. + +* `zabbix_agent_become_on_localhost`: Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. Default: True + +* `zabbix_install_pip_packages`: Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. Default: True + +* `zabbix_agent_apt_priority`: Add a weight (`Pin-Priority`) for the APT repository. + +## TLS Specific configuration + +These variables are specific for Zabbix 3.0 and higher: + +* `zabbix_agent_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. + + Possible values: + + * unencrypted + * psk + * cert + +* `zabbix_agent_tlsaccept`: What incoming connections to accept. + + Possible values: + + * unencrypted + * psk + * cert + +* `zabbix_agent_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. + +* `zabbix_agent_tlscrlfile`: Full pathname of a file containing revoked certificates. + +* `zabbix_agent_tlsservercertissuer`: Allowed server certificate issuer. + +* `zabbix_agent_tlsservercertsubject`: Allowed server certificate subject. + +* `zabbix_agent_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. + +* `zabbix_agent_tlskeyfile`: Full pathname of a file containing the agent private key. + +* `zabbix_agent_tlspskidentity`: Unique, case sensitive string used to identify the pre-shared key. + +* `zabbix_agent_tlspskidentity_file`: Full pathname of a file containing the pre-shared key identity. + +* `zabbix_agent_tlspskfile`: Full pathname of a file containing the pre-shared key. + +* `zabbix_agent_tlspsk_secret`: The pre-shared secret key that should be placed in the file configured with `agent_tlspskfile`. + +* `zabbix_agent_tlspsk_auto`: Enables auto generation and storing of individual pre-shared keys and identities on clients. + +## Zabbix API variables + +These variables need to be overridden when you want to make use of the zabbix-api for automatically creating and or updating hosts. + +Host encryption configuration will be set to match agent configuration. + +When `zabbix_api_create_hostgroup` or `zabbix_api_create_hosts` is set to `True`, it will install on the host executing the Ansible playbook the `zabbix-api` python module. + +* `zabbix_url`: The url on which the Zabbix webpage is available. Example: http://zabbix.example.com + +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth + +* `zabbix_api_create_hosts`: When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_create_host`. Default: `False` + +* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_create_hostgroup`.Default: `False` + +* `zabbix_api_user`: Username of user which has API access. + +* `zabbix_api_pass`: Password for the user which has API access. + +* `zabbix_create_hostgroup`: present (Default) if the hostgroup needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_hostgroup` is set to `True`. + +* `zabbix_host_status`: enabled (Default) when host in monitored, disabled when host is disabled for monitoring. + +* `zabbix_create_host`: present (Default) if the host needs to be created or absent is you want to delete it. This only works when `zabbix_api_create_hosts` is set to `True`. + +* `zabbix_update_host`: yes (Default) if the host should be updated if already present. This only works when `zabbix_api_create_hosts` is set to `True`. + +* `zabbix_useuip`: 1 if connection to zabbix-agent is made via ip, 0 for fqdn. + +* `zabbix_host_groups`: A list of hostgroups which this host belongs to. + +* `zabbix_link_templates`: A list of templates which needs to be link to this host. The templates should exist. + +* `zabbix_macros`: A list with macro_key and macro_value for creating hostmacro's. + +* `zabbix_inventory_mode`: Configure Zabbix inventory mode. Needed for building inventory data, manually when configuring a host or automatically by using some automatic population options. This has to be set to `automatic` if you want to make automatically building inventory data. + +* `zabbix_visible_hostname` : Configure Zabbix visible name inside Zabbix web UI for the node. + +* `zabbix_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used + +## Windows Variables + +**NOTE** + +_Supporting Windows is a best effort (I don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ + +* `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_win_download_link` link and for Zabbix Agent update if `zabbix_agent_package_state: latest`. + +* `zabbix_win_download_link`: The download url to the `win.zip` file. + +* `zabbix_win_install_dir`: The directory where Zabbix needs to be installed. + +* `zabbix_agent_win_logfile`: The full path to the logfile for the Zabbix Agent. + +* `zabbix_agent_win_include`: The directory in which the Zabbix specific configuration files are stored. + +* `zabbix_agent_win_svc_recovery`: Enable Zabbix Agent service auto-recovery settings. + +## macOS Variables + +* `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_mac_download_link` link. + +* `zabbix_mac_download_link`: The download url to the `pkg` file. + +## Docker Variables + +When you don't want to install the Zabbix Agent on the host, but would like to run it in a container then these properties are useful. When `zabbix_agent_docker` is set to `True`, then a +Docker image will be downloaded and a Container will be started. No other installations will be done on the host, with the exception of the PSK file and the "Zabbix Include Directory". + +The following directories are mounted in the Container: + +``` + - /etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d + - /:/hostfs:ro + - /etc:/hostfs/etc:ro + - /proc:/hostfs/proc:ro + - /sys:/hostfs/sys:ro + - /var/run:/var/run +``` + +Keep in mind that using the Zabbix Agent in a Container requires changes to the Zabbix Template for Linux as `/proc`, `/sys` and `/etc` are mounted in a directory `/hostfs`. + +* `zabbix_agent_docker`: When set to `True`, it will install a Docker container on the target host instead of installation on the target. Default: `False` + +* `zabbix_agent_docker_state`: Default: `started` + +* `zabbix_agent_docker_name`: The name of the Container. Default: `zabbix-agent` + +* `zabbix_agent_docker_image`: The name of the Docker image. Default: `zabbix/zabbix-agent` + +* `zabbix_agent_docker_image_tag`: The tag of the Docker image. + +* `zabbix_agent_docker_user_gid`: The group id of the zabbix user in the Container. + +* `zabbix_agent_docker_user_uid`: The user id of the zabbix user in the Container. + +* `zabbix_agent_docker_network_mode`: The name of the (Docker) network that should be used for the Container. Default `host`. + +* `zabbix_agent_docker_restart_policy`: The restart policy of the Container. Default: `unless-stopped` + +* `zabbix_agent_docker_privileged`: When set to `True`, the container is running in privileged mode. + +* `zabbix_agent_docker_ports`: A list with `:` values to open ports to the container. + +* `zabbix_agent_docker_security_opts`: A list with available security options. + +* `zabbix_agent_docker_volumes`: A list with all directories that needs to be available in the Container. + +* `zabbix_agent_docker_env`: A dict with all environment variables that needs to be set for the Container. + +## Other variables + +* `zabbix_agent_firewall_enable`: If IPtables needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport`. + +* `zabbix_agent_firewall_source`: When provided, IPtables will be configuring to only allow traffic from this IP address/range. + +* `zabbix_agent_firewalld_enable`: If firewalld needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport` and `zabbix_agent_jmx_listenport` if defined. + +* `zabbix_agent_firewalld_source`: When provided, firewalld will be configuring to only allow traffic for IP configured in `zabbix_agent_server`. + +* `zabbix_agent_firewalld_zone`: When provided, the firewalld rule will be attached to this zone (only if zabbix_agent_firewalld_enable is set to true). The default behavior is to use the default zone define by the remote host firewalld configuration. + +* `zabbix_agent_firewall_action`: When to `insert` the rule or to `append` to IPTables. Default: `insert`. + +* `zabbix_agent_firewall_chain`: Which `chain` to add the rule to IPTables. Default `INPUT` + +* `zabbix_agent_description`: Description of the host in Zabbix. + +* `zabbix_agent_inventory_zabbix`: Adds Facts for a zabbix inventory + +## IPMI variables + +* `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default. + +* `zabbix_agent_ipmi_password`: IPMI password. + +* `zabbix_agent_ipmi_privilege`: IPMI privilege level. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default. + +* `zabbix_agent_ipmi_username`: IPMI username. + +## proxy + +When the target host does not have access to the internet, but you do have a proxy available then the following properties needs to be set to download the packages via the proxy: + +* `zabbix_http_proxy` +* `zabbix_https_proxy` + +# Dependencies + +There are no dependencies on other roles. + +# Example Playbook + +## agent_interfaces + +This will configure the Zabbix Agent interface on the host. +``` +zabbix_agent_interfaces: + - type: 1 + main: 1 + useip: "{{ zabbix_useuip }}" + ip: "{{ zabbix_agent_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ zabbix_agent_listenport }}" +``` + +## Other interfaces + +You can also configure the `zabbix_agent_interfaces` to add/configure snmp, jmx and ipmi interfaces. + +You'll have to use one of the following type numbers when configuring it: + +| Type Interface | Nr | +|-----------------|-------| +| Zabbix Agent | 1 | +| snmp | 2 | +| ipmi | 3 | +| jmx | 4 | + +Configuring a snmp interface will look like this: + +``` +zabbix_agent_interfaces: + - type: 2 + main: 1 + useip: "{{ zabbix_useuip }}" + ip: "{{ agent_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ agent_listenport }}" +``` + +## Vars in role configuration +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: all + roles: + - role: dj-wasabi.zabbix-agent + zabbix_agent_server: 192.168.33.30 + zabbix_agent_serveractive: 192.168.33.30 + zabbix_url: http://zabbix.example.com + zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_user: Admin + zabbix_api_pass: zabbix + zabbix_create_host: present + zabbix_host_groups: + - Linux Servers + zabbix_link_templates: + - Template OS Linux + - Apache APP Template + zabbix_macros: + - macro_key: apache_type + macro_value: reverse_proxy + +## Combination of group_vars and playbook +You can also use the group_vars or the host_vars files for setting the variables needed for this role. File you should change: `group_vars/all` or `host_vars/` (Where is the hostname of the machine running Zabbix Server) + + zabbix_agent_server: 192.168.33.30 + zabbix_agent_serveractive: 192.168.33.30 + zabbix_url: http://zabbix.example.com + zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_user: Admin + zabbix_api_pass: zabbix + zabbix_create_host: present + zabbix_host_groups: + - Linux Servers + zabbix_link_templates: + - Template OS Linux + - Apache APP Template + zabbix_macros: + - macro_key: apache_type + macro_value: reverse_proxy + +and in the playbook only specifying: + + - hosts: all + roles: + - role: dj-wasabi.zabbix-agent + +## Example for TLS PSK encrypted agent communication + +Variables e.g. in the playbook or in `host_vars/myhost`: + + zabbix_agent_tlsaccept: psk + zabbix_agent_tlsconnect: psk + zabbix_agent_tlspskidentity: "myhost PSK" + zabbix_agent_tlspsk_secret: b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d + zabbix_agent_tlspskfile: /etc/zabbix/zabbix_agent_pskfile.psk + +# Molecule + +This role is configured to be tested with Molecule. You can find on this page some more information regarding Molecule: https://werner-dijkerman.nl/2016/07/10/testing-ansible-roles-with-molecule-testinfra-and-docker/ + +With each Pull Request, Molecule will be executed via travis.ci. Pull Requests will only be merged once these tests run successfully. + +There are 2 scenarios that are executed with Travis. + +## default + +With the first scenario, Molecule will boot 5 Docker containers with the following OS'es: + +* Debian 8 +* CentOS 7 +* Ubuntu 16.04 +* Ubuntu 18.04 +* Mint + +This scenario will be doing a basic installation/configuration, without registering the host via the Zabbix API to the server. + +## with-server + +The 2nd scenario will boot 4 Docker containers with the following OS'es: + +* CentOS 7 (Zabbix Server) +* Debian 8 +* CentOS 7 +* Ubuntu 18.04 + +First, a Zabbix Server will be installed on a container. This installation make uses of other dj-wasabi roles to install/configure a Zabbix Server. Once this instance is running, the 3 other agents are installed. + +Each host will register itself on the Zabbix Server and the status should be 0 (This means the Zabbix Server and Zabbix Agent are connected). + +The Ubuntu agent will register itself via a PSK, so that communication between the Zabbix Server and Zabbix Agent is encrypted with e Pre-Shared Key. + +## before-last-version + +The 3rd and last scenario is the `before-last-version`. This is the same scenario like the `default`, but uses the previous Zabbix version. + +# Deploying Userparameters + +The following steps are required to install custom userparameters and/or scripts: + +* Put the desired userparameter file in the `templates/userparameters` directory and name it as `.j2`. For example: `templates/userparameters/mysql.j2`. You can change the default directory to a custom one modifying `zabbix_agent_userparameters_templates_src` variable. +* Put the scripts directory (if any) in the `files/scripts` directory. For example: `files/scripts/mysql`. You can change the default directory to a custom one modifying `zabbix_agent_userparameters_scripts_src` variable. +* Add `zabbix_agent_userparameters` variable to the playbook as a list of dictionaries and define userparameter name and scripts directory name (if there are no scripts just no not specify the `scripts_dir` variable). + +Example: + +``` +- hosts: mysql_servers + tasks: + - include_role: + name: dj-wasabi.zabbix-agent + vars: + zabbix_agent_server: zabbix.mydomain.com + zabbix_agent_userparameters: + - name: mysql + scripts_dir: mysql + - name: galera + +``` + +Example of the "templates/userparameters/mysql.j2" file: + +``` +UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive +``` + +# License + +MIT + +# Author Information + +Please send suggestion or pull requests to make this role better. Also let me know if you encounter any issues installing or using this role. + +Github: https://github.com/dj-wasabi/ansible-zabbix-agent + +mail: ikben [ at ] werner-dijkerman . nl diff --git a/roles/zabbix-agent/defaults/main.yml b/roles/zabbix-agent/defaults/main.yml new file mode 100644 index 000000000..1bdc837d3 --- /dev/null +++ b/roles/zabbix-agent/defaults/main.yml @@ -0,0 +1,217 @@ +--- +# defaults file for zabbix-agent + +zabbix_agent_version: 4.4 +zabbix_version: "{{ zabbix_agent_version }}" +zabbix_version_patch: 0 +zabbix_repo: zabbix +zabbix_agent_package: zabbix-agent +zabbix_sender_package: zabbix-sender +zabbix_get_package: zabbix-get +zabbix_agent_package_state: present +zabbix_agent_server: +zabbix_agent_serveractive: +zabbix_selinux: False +zabbix_agent_src_reinstall: True +zabbix_agent_apt_priority: + +# Selinux related vars +selinux_allow_zabbix_run_sudo: False + +zabbix_agent_packages: + - zabbix-agent + - zabbix-sender + - zabbix-get + +# Zabbix role related vars +zabbix_install_pip_packages: true +zabbix_apt_force_apt_get: yes +zabbix_apt_install_recommends: no + +# Override Ansible specific facts +zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}" +zabbix_agent_distribution_release: "{{ ansible_distribution_release }}" +zabbix_agent_os_family: "{{ ansible_os_family }}" + +zabbix_repo_yum: + - name: zabbix + description: Zabbix Official Repository - $basearch + baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/ + priority: 1 + gpgcheck: 0 + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-non-supported + description: Zabbix Official Repository non-supported - $basearch + baseurl: http://repo.zabbix.com/non-supported/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/ + priority: 1 + gpgcheck: 0 + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + +# Zabbix API stuff +zabbix_agent_server_url: "http://zabbix.dj-wasabi.local" +zabbix_url: "{{ zabbix_agent_server_url }}" +# zabbix_api_http_user: admin +# zabbix_api_http_password: admin +zabbix_api_user: Admin +zabbix_api_pass: zabbix +zabbix_api_create_hostgroup: False +zabbix_api_create_hosts: False +zabbix_create_hostgroup: present # or absent +zabbix_create_host: present # or absent +zabbix_update_host: yes +zabbix_host_status: enabled # or disabled +zabbix_proxy: null +zabbix_inventory_mode: disabled +zabbix_useuip: 1 +zabbix_host_groups: + - Linux servers +zabbix_link_templates: + - Template OS Linux by Zabbix agent + +zabbix_agent_interfaces: + - type: 1 + main: 1 + useip: "{{ zabbix_useuip }}" + ip: "{{ zabbix_agent_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ zabbix_agent_listenport }}" + +zabbix_agent_firewall_enable: False +zabbix_agent_firewalld_enable: False +zabbix_agent_firewalld_source: "{{ zabbix_agent_server }}" +zabbix_agent_firewall_action: insert +zabbix_agent_firewall_chain: INPUT + +# By default, a null zone will trigger the use of the default zone on the remote host +zabbix_agent_firewalld_zone: +# Zabbix configuration variables +zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid +zabbix_agent_logfile: /var/log/zabbix/zabbix_agentd.log +zabbix_agent_logfilesize: 100 +zabbix_agent_debuglevel: 3 +zabbix_agent_sourceip: +zabbix_agent_enableremotecommands: 0 +zabbix_agent_logremotecommands: 0 +zabbix_agent_listenport: 10050 +zabbix_agent_jmx_listenport: +zabbix_agent_listeninterface: +zabbix_agent_listenip: +zabbix_agent_startagents: 3 +zabbix_agent_hostname: "{{ inventory_hostname }}" +zabbix_agent_hostnameitem: +zabbix_agent_hostmetadata: +zabbix_agent_hostmetadataitem: +zabbix_agent_refreshactivechecks: 120 +zabbix_agent_buffersend: 5 +zabbix_agent_buffersize: 100 +zabbix_agent_maxlinespersecond: 100 +zabbix_agent_allowroot: 0 +zabbix_agent_zabbix_alias: +zabbix_agent_timeout: 3 +zabbix_agent_include: /etc/zabbix/zabbix_agentd.d +zabbix_agent_unsafeuserparameters: 0 +zabbix_agent_userparameters: [] +zabbix_agent_userparameters_templates_src: "userparameters" +zabbix_agent_userparameters_scripts_src: "scripts" +zabbix_agent_custom_scripts: false +zabbix_agent_loadmodulepath: ${libdir}/modules +zabbix_agent_loadmodule: +zabbix_agent_become_on_localhost: True +zabbix_agent_description: +zabbix_agent_inventory_zabbix: {} + +# TLS settings +zabbix_agent_tlsconnect: +zabbix_agent_tlsaccept: +zabbix_agent_tlscafile: +zabbix_agent_tlscrlfile: +zabbix_agent_tlsservercertissuer: +zabbix_agent_tlsservercertsubject: +zabbix_agent_tlscertfile: +zabbix_agent_tlskeyfile: +zabbix_agent_tlspskidentity: +zabbix_agent_tlspsk_auto: False + +zabbix_agent_tls_config: + unencrypted: '1' + psk: '2' + cert: '4' + +# IPMI settings +zabbix_agent_ipmi_authtype: 2 +zabbix_agent_ipmi_password: +zabbix_agent_ipmi_privilege: 2 +zabbix_agent_ipmi_username: + +# Windows/macOS Related +zabbix_version_long: 4.4.4 + +# Windows Related +zabbix_win_package: zabbix_agent-{{ zabbix_version_long }}-windows-i386.zip +zabbix_win_download_url: https://www.zabbix.com/downloads +zabbix_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long }}/{{ zabbix_win_package }}" +zabbix_win_install_dir: 'C:\Zabbix' +zabbix_agent_win_logfile: 'C:\Zabbix\zabbix_agentd.log' +zabbix_agent_win_include: 'C:\Zabbix\zabbix_agent.d\' +zabbix_agent_win_svc_recovery: True + +# macOS Related +zabbix_mac_package: zabbix_agent-{{ zabbix_version_long }}-macos-amd64-openssl.pkg +zabbix_mac_download_url: https://www.zabbix.com/downloads +zabbix_mac_download_link: "{{ zabbix_mac_download_url }}/{{ zabbix_version_long }}/{{ zabbix_mac_package }}" + +# Zabbix Agent Docker facts +zabbix_agent_docker: False +zabbix_agent_docker_state: started +zabbix_agent_docker_name: zabbix-agent +zabbix_agent_docker_image: "zabbix/zabbix-agent" +zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_version }}.{{ zabbix_version_patch }}" +zabbix_agent_docker_user_gid: 101 +zabbix_agent_docker_user_uid: 101 +zabbix_agent_docker_network_mode: host +zabbix_agent_docker_restart_policy: unless-stopped +zabbix_agent_docker_privileged: False +zabbix_agent_docker_ports: + - 10050:10050 +zabbix_agent_docker_security_opts: + - apparmor:unconfined +zabbix_agent_docker_volumes: + - /etc/zabbix/zabbix_agentd.d:{{ zabbix_agent_include }} + - /:/hostfs:ro + - /etc:/hostfs/etc:ro + - /proc:/hostfs/proc:ro + - /sys:/hostfs/sys:ro + - /var/run:/var/run +zabbix_agent_docker_env: + ZBX_HOSTNAME: "{{ zabbix_agent_hostname }}" + ZBX_SERVER_HOST: "{{ zabbix_agent_server }}" + ZBX_PASSIVE_ALLOW: "{{ zabbix_agent_serverpassive_allow | default(omit) }}" + ZBX_PASSIVESERVERS: "{{ zabbix_agent_serverpassive | default(omit) }}" + ZBX_ACTIVE_ALLOW: "{{ zabbix_agent_serveractive_allow | default(omit) }}" + ZBX_LOADMODULE: "{{ zabbix_agent_loadmodule | default(omit) }}" + ZBX_DEBUGLEVEL: '{{ zabbix_agent_debuglevel }}' + ZBX_TIMEOUT: '{{ zabbix_agent_timeout }}' + ZBX_SOURCEIP: "{{ zabbix_agent_sourceip | default(omit) }}" + ZBX_ENABLEREMOTECOMMANDS: "{{ zabbix_agent_enableremotecommands | default(omit) }}" + ZBX_LOGREMOTECOMMANDS: "{{ zabbix_agent_logremotecommands | default(omit) }}" + ZBX_STARTAGENTS: "{{ zabbix_agent_startagents | default(omit) }}" + ZBX_HOSTNAMEITEM: "{{ zabbix_agent_hostnameitem | default(omit) }}" + ZBX_METADATA: "{{ zabbix_agent_hostmetadata | default(omit) }}" + ZBX_METADATAITEM: "{{ zabbix_agent_hostmetadataitem | default(omit) }}" + ZBX_REFRESHACTIVECHECKS: "{{ zabbix_agent_refreshactivechecks | default(omit) }}" + ZBX_BUFFERSEND: "{{ zabbix_agent_buffersend | default(omit) }}" + ZBX_BUFFERSIZE: "{{ zabbix_agent_buffersize | default(omit) }}" + ZBX_MAXLINESPERSECOND: "{{ zabbix_agent_maxlinespersecond | default(omit) }}" + ZBX_LISTENIP: "{{ zabbix_agent_listenip }}" + ZBX_UNSAFEUSERPARAMETERS: "{{ zabbix_agent_unsafeuserparameters | default(omit) }}" + ZBX_TLSCONNECT: "{{ zabbix_agent_tlsconnect | default(omit) }}" + ZBX_TLSACCEPT: "{{ zabbix_agent_tlsaccept | default(omit) }}" + ZBX_TLSCAFILE: "{{ zabbix_agent_tlscafile | default(omit) }}" + ZBX_TLSCRLFILE: "{{ zabbix_agent_tlscrlfile | default(omit) }}" + ZBX_TLSSERVERCERTISSUER: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" + ZBX_TLSSERVERCERTSUBJECT: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" + ZBX_TLSCERTFILE: "{{ zabbix_agent_tlscertfile | default(omit) }}" + ZBX_TLSKEYFILE: "{{ zabbix_agent_tlskeyfile | default(omit) }}" + ZBX_TLSPSKIDENTITY: "{{ zabbix_agent_tlspskidentity | default(omit) }}" diff --git a/roles/zabbix-agent/files/sample.conf b/roles/zabbix-agent/files/sample.conf new file mode 100644 index 000000000..64087779f --- /dev/null +++ b/roles/zabbix-agent/files/sample.conf @@ -0,0 +1,3 @@ +# This is an sample userparameters file. + +UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive diff --git a/roles/zabbix-agent/files/win_sample/doSomething.ps1 b/roles/zabbix-agent/files/win_sample/doSomething.ps1 new file mode 100644 index 000000000..e69de29bb diff --git a/roles/zabbix-agent/handlers/main.yml b/roles/zabbix-agent/handlers/main.yml new file mode 100644 index 000000000..de8191015 --- /dev/null +++ b/roles/zabbix-agent/handlers/main.yml @@ -0,0 +1,30 @@ +--- +# handlers file for zabbix-agent + +- name: restart zabbix-agent + service: + name: "{{ zabbix_agent_service }}" + state: restarted + enabled: yes + become: yes + when: + - not zabbix_agent_docker + - zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin" + +- name: firewalld-reload + command: "firewall-cmd --reload" + +- name: restart win zabbix agent + win_service: + name: "{{ zabbix_win_agent_service }}" + state: restarted + enabled: yes + when: + - zabbix_agent_os_family == "Windows" + +- name: restart mac zabbix agent + command: "launchctl kickstart -k system/{{ zabbix_agent_service }}" + become: true + when: + - not zabbix_agent_docker + - zabbix_agent_os_family == "Darwin" diff --git a/roles/zabbix-agent/meta/main.yml b/roles/zabbix-agent/meta/main.yml new file mode 100644 index 000000000..c71c861be --- /dev/null +++ b/roles/zabbix-agent/meta/main.yml @@ -0,0 +1,42 @@ +--- +galaxy_info: + author: Werner Dijkerman + description: Installing and maintaining zabbix-agent for RedHat/Debian/Ubuntu/Windows/Suse. + company: myCompany.Dotcom + license: MIT + min_ansible_version: 2.7 + platforms: + - name: EL + versions: + - 5 + - 6 + - 7 + - name: Ubuntu + versions: + - lucid + - precise + - trusty + - xenial + - bionic + - name: Debian + versions: + - squeeze + - wheezy + - jessie + - stretch + - buster + - name: opensuse + versions: + - 12.1 + - 12.2 + - 12.3 + - 13.1 + - 13.2 + - name: Windows + versions: + - all + + galaxy_tags: + - zabbix + - monitoring +dependencies: [] diff --git a/roles/zabbix-agent/molecule/before-last-version/Dockerfile.j2 b/roles/zabbix-agent/molecule/before-last-version/Dockerfile.j2 new file mode 100644 index 000000000..e6aa95d30 --- /dev/null +++ b/roles/zabbix-agent/molecule/before-last-version/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/zabbix-agent/molecule/before-last-version/INSTALL.rst b/roles/zabbix-agent/molecule/before-last-version/INSTALL.rst new file mode 100644 index 000000000..3904805e2 --- /dev/null +++ b/roles/zabbix-agent/molecule/before-last-version/INSTALL.rst @@ -0,0 +1,26 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) +* Docker Engine +* docker-py +* docker + +Install +======= + +Ansible < 2.6 + +.. code-block:: bash + + $ sudo pip install docker-py + +Ansible >= 2.6 + +.. code-block:: bash + + $ sudo pip install docker diff --git a/roles/zabbix-agent/molecule/before-last-version/molecule.yml b/roles/zabbix-agent/molecule/before-last-version/molecule.yml new file mode 100644 index 000000000..ce304ad1d --- /dev/null +++ b/roles/zabbix-agent/molecule/before-last-version/molecule.yml @@ -0,0 +1,69 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + +platforms: + - name: zabbix-agent-centos + image: milcom/centos7-systemd:latest + groups: + - group1 + privileged: True + - name: zabbix-agent-fedora + image: jrei/systemd-fedora:latest + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + groups: + - group1 + privileged: True + - name: zabbix-agent-debian-stretch + image: minimum2scp/systemd-stretch:latest + command: /sbin/init + groups: + - group1 + privileged: True + - name: zabbix-agent-mint + image: vcatechnology/linux-mint + groups: + - group1 + privileged: True + - name: zabbix-agent-ubuntu-bionic + image: solita/ubuntu-systemd:bionic + groups: + - group1 + privileged: True + +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + lint: + name: ansible-lint + inventory: + host_vars: + zabbix-agent-fedora: + ansible_python_interpreter: /usr/bin/python3 + group_vars: + all: + zabbix_version: 4.2 + zabbix_agent_src_reinstall: False + +scenario: + name: before-last-version + test_sequence: + - lint + - destroy + - create + - converge + - verify + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/zabbix-agent/molecule/before-last-version/playbook.yml b/roles/zabbix-agent/molecule/before-last-version/playbook.yml new file mode 100644 index 000000000..66edba24e --- /dev/null +++ b/roles/zabbix-agent/molecule/before-last-version/playbook.yml @@ -0,0 +1,38 @@ +--- +- name: Converge + hosts: all + pre_tasks: + - name: "Installing packages on CentOS family" + package: + pkg: + - net-tools + - which + state: present + when: + - ansible_os_family == 'RedHat' + + - name: "Installing packages on Debian family" + apt: + name: + - net-tools + state: present + when: + - ansible_os_family == 'Debian' + + - name: "Installing packages on Suse family" + shell: zypper install -y python-xml python-libxml2 net-tools which + changed_when: False + when: ansible_os_family == 'Suse' + tags: + - skip_ansible_lint + + roles: + - role: ansible-zabbix-agent + zabbix_agent_server: 192.168.3.33 + zabbix_agent_serveractive: 192.168.3.33 + zabbix_agent_listenip: 0.0.0.0 + zabbix_agent_tlsconnect: psk + zabbix_agent_tlsaccept: psk + zabbix_agent_tlspskidentity: my_Identity + zabbix_agent_tlspskfile: /data/certs/zabbix.psk + zabbix_agent_tlspsk_secret: 97defd6bd126d5ba7fa5f296595f82eac905d5eda270207a580ab7c0cb9e8eab diff --git a/roles/zabbix-agent/molecule/before-last-version/tests/test_default.py b/roles/zabbix-agent/molecule/before-last-version/tests/test_default.py new file mode 100644 index 000000000..3fb13ea59 --- /dev/null +++ b/roles/zabbix-agent/molecule/before-last-version/tests/test_default.py @@ -0,0 +1,66 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_zabbixagent_running_and_enabled(host): + zabbixagent = host.service("zabbix-agent") + # Find out why this is not working for linuxmint and opensuse + if host.system_info.distribution not in ['linuxmint', 'opensuse', 'ubuntu']: + assert zabbixagent.is_running + assert zabbixagent.is_enabled + + +def test_zabbix_agent_dot_conf(host): + if host.system_info.distribution in ['opensuse']: + passwd = host.file("/etc/zabbix/zabbix-agentd.conf") + else: + passwd = host.file("/etc/zabbix/zabbix_agentd.conf") + assert passwd.user == "root" + assert passwd.group == "root" + assert passwd.mode == 0o644 + + assert passwd.contains("Server=192.168.3.33") + assert passwd.contains("ServerActive=192.168.3.33") + assert passwd.contains("DebugLevel=3") + assert passwd.contains("TLSAccept=psk") + assert passwd.contains("TLSPSKIdentity=my_Identity") + assert passwd.contains("TLSPSKFile=/data/certs/zabbix.psk") + + +def test_zabbix_agent_psk(host): + psk_file = host.file("/data/certs/zabbix.psk") + assert psk_file.user == "zabbix" + assert psk_file.group == "zabbix" + assert psk_file.mode == 0o400 + assert psk_file.contains("97defd6bd126d5ba7fa5f296595f82eac905d5eda270207a580ab7c0cb9e8eab") + + +def test_zabbix_include_dir(host): + zabbixagent = host.file("/etc/zabbix/zabbix_agentd.d") + assert zabbixagent.is_directory + assert zabbixagent.user == "root" + assert zabbixagent.group == "zabbix" + + +def test_socket(host): + # Find out why this is not working for linuxmint and opensus + if host.system_info.distribution not in ['linuxmint', 'opensuse']: + assert host.socket("tcp://0.0.0.0:10050").is_listening + + +@pytest.mark.parametrize("zabbix_packages", [ + ("zabbix-agent"), +]) +def test_zabbix_package(host, zabbix_packages): + zabbixagent = host.package(zabbix_packages) + assert zabbixagent.is_installed + + if host.system_info.distribution == 'debian': + assert zabbixagent.version.startswith("1:4.2") + if host.system_info.distribution == 'centos': + assert zabbixagent.version.startswith("4.2") diff --git a/roles/zabbix-agent/molecule/default/Dockerfile.j2 b/roles/zabbix-agent/molecule/default/Dockerfile.j2 new file mode 100644 index 000000000..e6aa95d30 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/zabbix-agent/molecule/default/INSTALL.rst b/roles/zabbix-agent/molecule/default/INSTALL.rst new file mode 100644 index 000000000..09e87359c --- /dev/null +++ b/roles/zabbix-agent/molecule/default/INSTALL.rst @@ -0,0 +1,46 @@ +******* +Install +******* + +This set of playbooks have specific dependencies on Ansible due to the modules +being used. + +Requirements +============ + +* Ansible 2.2 +* Docker Engine +* docker-py + +Install OS dependencies on CentOS 7 + +.. code-block:: bash + + $ sudo yum install -y epel-release + $ sudo yum install -y gcc python-pip python-devel openssl-devel + # If installing Molecule from source. + $ sudo yum install libffi-devel git + +Install OS dependencies on Ubuntu 16.x + +.. code-block:: bash + + $ sudo apt-get update + $ sudo apt-get install -y python-pip libssl-dev docker-engine + # If installing Molecule from source. + $ sudo apt-get install -y libffi-dev git + +Install OS dependencies on Mac OS + +.. code-block:: bash + + $ brew install python + $ brew install git + +Install using pip: + +.. code-block:: bash + + $ sudo pip install ansible + $ sudo pip install docker-py + $ sudo pip install molecule --pre diff --git a/roles/zabbix-agent/molecule/default/create.yml b/roles/zabbix-agent/molecule/default/create.yml new file mode 100644 index 000000000..5b453efbb --- /dev/null +++ b/roles/zabbix-agent/molecule/default/create.yml @@ -0,0 +1,84 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + tasks: + - name: Log into a Docker registry + docker_login: + username: "{{ item.registry.credentials.username }}" + password: "{{ item.registry.credentials.password }}" + email: "{{ item.registry.credentials.email | default(omit) }}" + registry: "{{ item.registry.url }}" + docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + with_items: "{{ molecule_yml.platforms }}" + when: + - item.registry is defined + - item.registry.credentials is defined + - item.registry.credentials.username is defined + + - name: Create Dockerfiles from image names + template: + src: "{{ molecule_scenario_directory }}/Dockerfile.j2" + dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}" + with_items: "{{ molecule_yml.platforms }}" + register: platforms + + - name: Discover local Docker images + docker_image_facts: + name: "molecule_local/{{ item.item.name }}" + docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + with_items: "{{ platforms.results }}" + register: docker_images + + - name: Build an Ansible compatible image + docker_image: + path: "{{ molecule_ephemeral_directory }}" + name: "molecule_local/{{ item.item.image }}" + docker_host: "{{ item.item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}" + force: "{{ item.item.force | default(true) }}" + pull: "{{ item.item.pull | default(omit) }}" + with_items: "{{ platforms.results }}" + when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0 + + - name: Create docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + state: present + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + hostname: "{{ item.hostname | default(item.name) }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: false + log_driver: json-file + command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}" + privileged: "{{ item.privileged | default(omit) }}" + security_opts: "{{ item.security_opts | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + tmpfs: "{{ item.tmpfs | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + exposed_ports: "{{ item.exposed_ports | default(omit) }}" + published_ports: "{{ item.published_ports | default(omit) }}" + ulimits: "{{ item.ulimits | default(omit) }}" + networks: "{{ item.networks | default(omit) }}" + dns_servers: "{{ item.dns_servers | default(omit) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" diff --git a/roles/zabbix-agent/molecule/default/destroy.yml b/roles/zabbix-agent/molecule/default/destroy.yml new file mode 100644 index 000000000..fa48f36a2 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/destroy.yml @@ -0,0 +1,32 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + state: absent + force_kill: "{{ item.force_kill | default(true) }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: docker_jobs + until: docker_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + - name: Delete docker network(s) + docker_network: + name: "{{ item }}" + docker_host: "{{ item.docker_host | default(lookup('env', 'DOCKER_HOST') or 'unix://var/run/docker.sock') }}" + state: absent + with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" diff --git a/roles/zabbix-agent/molecule/default/molecule.yml b/roles/zabbix-agent/molecule/default/molecule.yml new file mode 100644 index 000000000..dbb1c0790 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/molecule.yml @@ -0,0 +1,79 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + +platforms: + - name: zabbix-agent-centos + image: milcom/centos7-systemd:latest + groups: + - agent + privileged: True + - name: zabbix-agent-fedora + image: jrei/systemd-fedora:latest + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + groups: + - agent + privileged: True + - name: zabbix-agent-debian-stretch + image: minimum2scp/systemd-stretch:latest + command: /sbin/init + groups: + - agent + privileged: True + - name: zabbix-agent-mint + image: vcatechnology/linux-mint + groups: + - agent + privileged: True + - name: zabbix-agent-ubuntu-bionic + image: solita/ubuntu-systemd:bionic + groups: + - agent + privileged: True + +provisioner: + name: ansible + lint: + name: ansible-lint + inventory: + host_vars: + zabbix-agent-ubuntu-bionic: + ansible_python_interpreter: /usr/bin/python3 + zabbix-agent-debian-stretch: + ansible_python_interpreter: /usr/bin/python + zabbix_agent_apt_priority: 600 + zabbix-agent-fedora: + ansible_python_interpreter: /usr/bin/python3 + group_vars: + all: + zabbix_agent_src_reinstall: False + zabbix_install_pip_packages: False + zabbix_agent_server: 192.168.3.33 + zabbix_agent_serveractive: 192.168.3.33 + zabbix_agent_listenip: 0.0.0.0 + zabbix_agent_tlsconnect: psk + zabbix_agent_tlsaccept: psk + zabbix_agent_tlspskidentity: my_Identity + zabbix_agent_tlspskfile: /data/certs/zabbix.psk + zabbix_agent_tlspsk_secret: 97defd6bd126d5ba7fa5f296595f82eac905d5eda270207a580ab7c0cb9e8eab + +scenario: + name: default + test_sequence: + - lint + - destroy + - create + - prepare + - converge + - verify + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/zabbix-agent/molecule/default/playbook.yml b/roles/zabbix-agent/molecule/default/playbook.yml new file mode 100644 index 000000000..71f2b8db2 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-zabbix-agent diff --git a/roles/zabbix-agent/molecule/default/prepare.yml b/roles/zabbix-agent/molecule/default/prepare.yml new file mode 100644 index 000000000..f505ab22d --- /dev/null +++ b/roles/zabbix-agent/molecule/default/prepare.yml @@ -0,0 +1,87 @@ +--- + +- name: Converge + hosts: all + tasks: + - name: "Installing packages on CentOS family" + package: + pkg: + - net-tools + - which + state: present + register: zabbix_agent_prepare_packages_install + until: zabbix_agent_prepare_packages_install is succeeded + when: + - ansible_os_family == 'RedHat' + + - name: "Installing packages on CentOS (Sangoma) family" + package: + pkg: + - net-tools + - which + state: present + register: zabbix_agent_prepare_packages_install + until: zabbix_agent_prepare_packages_install is succeeded + when: + - ansible_os_family == 'Sangoma' + + - name: "Installing packages on Debian family" + apt: + name: + - net-tools + - gnupg2 + state: present + register: zabbix_agent_prepare_packages_install + until: zabbix_agent_prepare_packages_install is succeeded + when: + - ansible_os_family == 'Debian' + + - name: "Installing packages on Suse family" + shell: zypper install -y python-xml python-libxml2 net-tools which + register: zabbix_agent_prepare_packages_install + until: zabbix_agent_prepare_packages_install is succeeded + when: ansible_os_family == 'Suse' + tags: + - skip_ansible_lint + +- name: Converge + hosts: docker + tasks: + - name: "Download Docker CE repo file" + get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + mode: 0644 + register: zabbix_agent_prepare_docker_repo + until: zabbix_agent_prepare_docker_repo is succeeded + + - name: "Installing Epel" + package: + pkg: + - epel-release + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker" + package: + pkg: + - docker-ce + - python-pip + - python-setuptools + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker Python" + pip: + name: + - docker + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Starting Docker service" + service: + name: docker + state: started diff --git a/roles/zabbix-agent/molecule/default/tests/test_agent.py b/roles/zabbix-agent/molecule/default/tests/test_agent.py new file mode 100644 index 000000000..836137230 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/tests/test_agent.py @@ -0,0 +1,66 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('agent') + + +def test_zabbixagent_running_and_enabled(host): + zabbixagent = host.service("zabbix-agent") + # Find out why this is not working for linuxmint and opensuse + if host.system_info.distribution not in ['linuxmint', 'opensuse', 'ubuntu']: + assert zabbixagent.is_running + assert zabbixagent.is_enabled + + +def test_zabbix_agent_dot_conf(host): + if host.system_info.distribution in ['opensuse']: + passwd = host.file("/etc/zabbix/zabbix-agentd.conf") + else: + passwd = host.file("/etc/zabbix/zabbix_agentd.conf") + assert passwd.user == "root" + assert passwd.group == "root" + assert passwd.mode == 0o644 + + assert passwd.contains("Server=192.168.3.33") + assert passwd.contains("ServerActive=192.168.3.33") + assert passwd.contains("DebugLevel=3") + assert passwd.contains("TLSAccept=psk") + assert passwd.contains("TLSPSKIdentity=my_Identity") + assert passwd.contains("TLSPSKFile=/data/certs/zabbix.psk") + + +def test_zabbix_agent_psk(host): + psk_file = host.file("/data/certs/zabbix.psk") + assert psk_file.user == "zabbix" + assert psk_file.group == "zabbix" + assert psk_file.mode == 0o400 + assert psk_file.contains("97defd6bd126d5ba7fa5f296595f82eac905d5eda270207a580ab7c0cb9e8eab") + + +def test_zabbix_include_dir(host): + zabbixagent = host.file("/etc/zabbix/zabbix_agentd.d") + assert zabbixagent.is_directory + assert zabbixagent.user == "root" + assert zabbixagent.group == "zabbix" + + +def test_socket(host): + # Find out why this is not working for linuxmint and opensus + if host.system_info.distribution not in ['linuxmint', 'opensuse']: + assert host.socket("tcp://0.0.0.0:10050").is_listening + + +@pytest.mark.parametrize("zabbix_packages", [ + ("zabbix-agent"), +]) +def test_zabbix_package(host, zabbix_packages): + zabbixagent = host.package(zabbix_packages) + assert zabbixagent.is_installed + + if host.system_info.distribution == 'debian': + assert zabbixagent.version.startswith("1:4.4") + if host.system_info.distribution == 'centos': + assert zabbixagent.version.startswith("4.4") diff --git a/roles/zabbix-agent/molecule/default/tests/test_docker.py b/roles/zabbix-agent/molecule/default/tests/test_docker.py new file mode 100644 index 000000000..a3b96d0b2 --- /dev/null +++ b/roles/zabbix-agent/molecule/default/tests/test_docker.py @@ -0,0 +1,22 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('docker') + + +def test_docker_running(host): + zabbixagent = host.docker("zabbix-agent") + zabbixagent.is_running + + +def test_zabbix_include_dir(host): + zabbixagent = host.file("/etc/zabbix/zabbix_agentd.d") + assert zabbixagent.is_directory + assert zabbixagent.user == "root" + assert zabbixagent.group == "zabbix" + + +def test_socket(host): + assert host.socket("tcp://0.0.0.0:10050").is_listening diff --git a/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 b/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 new file mode 100644 index 000000000..e6aa95d30 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/zabbix-agent/molecule/with-server/INSTALL.rst b/roles/zabbix-agent/molecule/with-server/INSTALL.rst new file mode 100644 index 000000000..3904805e2 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/INSTALL.rst @@ -0,0 +1,26 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) +* Docker Engine +* docker-py +* docker + +Install +======= + +Ansible < 2.6 + +.. code-block:: bash + + $ sudo pip install docker-py + +Ansible >= 2.6 + +.. code-block:: bash + + $ sudo pip install docker diff --git a/roles/zabbix-agent/molecule/with-server/molecule.yml b/roles/zabbix-agent/molecule/with-server/molecule.yml new file mode 100644 index 000000000..90a9e43c0 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/molecule.yml @@ -0,0 +1,81 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + +platforms: + - name: zabbix-server-centos + image: milcom/centos7-systemd:latest + groups: + - zabbix_server + - mysql + privileged: True + networks: + - name: zabbix + published_ports: + - "80:80" + - name: zabbix-agent-centos + image: milcom/centos7-systemd:latest + groups: + - zabbix_agent + privileged: True + networks: + - name: zabbix + - name: zabbix-agent-debian + image: minimum2scp/systemd-stretch:latest + command: /sbin/init + groups: + - zabbix_agent + privileged: True + networks: + - name: zabbix + - name: zabbix-agent-ubuntu + image: solita/ubuntu-systemd:bionic + groups: + - zabbix_agent + privileged: True + networks: + - name: zabbix + +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + lint: + name: ansible-lint + inventory: + group_vars: + all: + zabbix_agent_src_reinstall: False + zabbix_api_create_hosts: True + zabbix_api_create_hostgroup: True + zabbix_url: http://zabbix-server-centos + zabbix_apache_servername: zabbix-server-centos + mysql: + zabbix_server_database: mysql + zabbix_server_database_long: mysql + zabbix_server_dbport: 3306 + database_type: mysql + database_type_long: mysql + host_vars: + zabbix-agent-fedora: + ansible_python_interpreter: /usr/bin/python3 + zabbix-agent-ubuntu: + zabbix_agent_tlsaccept: psk + zabbix_agent_tlsconnect: psk + zabbix_agent_tlspskidentity: "myhost PSK" + zabbix_agent_tlspsk_secret: b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d + zabbix_agent_tlspskfile: /etc/zabbix/zabbix_agent_pskfile.psk + +scenario: + name: with-server + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/zabbix-agent/molecule/with-server/playbook.yml b/roles/zabbix-agent/molecule/with-server/playbook.yml new file mode 100644 index 000000000..2161b9164 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/playbook.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all:!zabbix_server + pre_tasks: + - name: "Get IP Server" + shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + register: ip_address + delegate_to: zabbix-server-centos + changed_when: False + tags: + - skip_ansible_lint + + - name: "Get IP hosts" + shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + register: ip_address_host + changed_when: False + tags: + - skip_ansible_lint + + roles: + - role: ansible-zabbix-agent + zabbix_agent_ip: "{{ ip_address_host.stdout }}" + zabbix_agent_server: "{{ ip_address.stdout }}" + zabbix_agent_serveractive: "{{ ip_address.stdout }}" diff --git a/roles/zabbix-agent/molecule/with-server/prepare.yml b/roles/zabbix-agent/molecule/with-server/prepare.yml new file mode 100644 index 000000000..1776105c0 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/prepare.yml @@ -0,0 +1,114 @@ +--- +- name: Prepare + hosts: zabbix_server + pre_tasks: + - name: "Installing EPEL" + yum: + name: + - epel-release + state: present + when: ansible_distribution == 'CentOS' + + - name: "Installing packages" + yum: + name: + - net-tools + - which + - libselinux-python + - python-pip + state: present + register: installation_dependencies + when: ansible_distribution == 'CentOS' + + - name: "Installing which on NON-CentOS" + apt: + name: + - net-tools + - python-pip + - curl + state: present + when: ansible_distribution != 'CentOS' + + - name: "Configure SUDO." + lineinfile: + dest: /etc/sudoers + line: "Defaults !requiretty" + state: present + + - name: "Make sure the docs are installed." + lineinfile: + dest: /etc/yum.conf + line: "tsflags=nodocs" + state: absent + + - name: "Installing some python dependencies" + pip: + name: py-zabbix + state: present + + roles: + - role: geerlingguy.mysql + - role: dj-wasabi.zabbix-server + - role: dj-wasabi.zabbix-web + +- name: Prepare + hosts: all:!zabbix_server:!docker + tasks: + - name: "Installing packages on CentOS family" + yum: + name: + - net-tools + - which + state: present + when: + - ansible_os_family == 'RedHat' + + - name: "Installing packages on Debian family" + apt: + name: + - net-tools + state: present + when: + - ansible_os_family == 'Debian' + +- name: Converge + hosts: docker + tasks: + - name: "Download Docker CE repo file" + get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + mode: 0644 + register: zabbix_agent_prepare_docker_repo + until: zabbix_agent_prepare_docker_repo is succeeded + + - name: "Installing Epel" + package: + pkg: + - epel-release + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker" + package: + pkg: + - docker-ce + - python-pip + - python-setuptools + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker Python" + pip: + name: + - docker + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Starting Docker service" + service: + name: docker + state: started diff --git a/roles/zabbix-agent/molecule/with-server/requirements.yml b/roles/zabbix-agent/molecule/with-server/requirements.yml new file mode 100644 index 000000000..da9d004bc --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/requirements.yml @@ -0,0 +1,5 @@ +--- +- src: geerlingguy.apache +- src: geerlingguy.mysql +- src: dj-wasabi.zabbix-server +- src: dj-wasabi.zabbix-web diff --git a/roles/zabbix-agent/molecule/with-server/tests/test_agent.py b/roles/zabbix-agent/molecule/with-server/tests/test_agent.py new file mode 100644 index 000000000..5f373ca89 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/tests/test_agent.py @@ -0,0 +1,44 @@ +import os +from zabbix_api import ZabbixAPI + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_agent') + + +def authenticate(): + zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') + zapi.login("Admin", "zabbix") + return zapi + + +def test_psk_host(host): + zapi = authenticate() + hostname = host.check_output('hostname -s') + host_name = "zabbix-agent-ubuntu" + + server_data = zapi.host.get({'output': 'extend', 'selectInventory': 'extend', 'filter': {'host': [hostname]}}) + + if hostname == host_name: + assert server_data[0]['tls_psk'] == "b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d" + assert server_data[0]['tls_psk_identity'] == "myhost PSK" + assert server_data[0]['tls_accept'] == "2" + else: + assert server_data[0]['tls_psk'] == "" + assert server_data[0]['tls_psk_identity'] == "" + assert server_data[0]['tls_accept'] == "1" + + +def test_zabbix_agent_psk(host): + hostname = host.check_output('hostname -s') + host_name = "zabbix-agent-ubuntu" + + psk_file = host.file("/etc/zabbix/zabbix_agent_pskfile.psk") + if hostname == host_name: + assert psk_file.user == "zabbix" + assert psk_file.group == "zabbix" + assert psk_file.mode == 0o400 + assert psk_file.contains("b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d") + else: + assert not psk_file.exists diff --git a/roles/zabbix-agent/molecule/with-server/tests/test_default.py b/roles/zabbix-agent/molecule/with-server/tests/test_default.py new file mode 100644 index 000000000..cbedaa170 --- /dev/null +++ b/roles/zabbix-agent/molecule/with-server/tests/test_default.py @@ -0,0 +1,41 @@ +import os +from zabbix_api import ZabbixAPI + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_server') + + +def authenticate(): + zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') + zapi.login("Admin", "zabbix") + return zapi + + +def get_hosts(): + return [ + "zabbix-agent-debian", + "zabbix-agent-ubuntu", + "zabbix-agent-centos", + "zabbix-agent-docker-centos" + ] + + +def test_hosts(): + zapi = authenticate() + hosts = get_hosts() + servers = zapi.host.get({'output': ["hostid", "name"]}) + + for server in servers: + if server['name'] != 'Zabbix server': + assert server['name'] in hosts + + +def test_hosts_status(): + zapi = authenticate() + servers = zapi.host.get({'output': ["status", "name"]}) + + for server in servers: + if server['name'] != 'Zabbix server': + assert int(server['status']) == 0 diff --git a/roles/zabbix-agent/setup.cfg b/roles/zabbix-agent/setup.cfg new file mode 100644 index 000000000..1fd489337 --- /dev/null +++ b/roles/zabbix-agent/setup.cfg @@ -0,0 +1,2 @@ +[flake8] +max-line-length = 160 diff --git a/roles/zabbix-agent/tasks/Darwin.yml b/roles/zabbix-agent/tasks/Darwin.yml new file mode 100644 index 000000000..243fd0ffc --- /dev/null +++ b/roles/zabbix-agent/tasks/Darwin.yml @@ -0,0 +1,170 @@ +--- + +- name: "Set default ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" + when: + - zabbix_agent_ip is not defined + - "'ansible_default_ipv4' in hostvars[inventory_hostname]" + +- name: "Get Total Private IP Addresses" + set_fact: + total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ipaddr('private') | length }}" + when: + - ansible_all_ipv4_addresses is defined + +- name: "Set first public ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ipaddr('public') | first }}" + zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" + zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses == '0' + +- name: "Set first private ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ipaddr('private') | first }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses != '0' + +- name: "Fail invalid specified agent_listeninterface" + fail: + msg: "The specified network interface does not exist" + when: + - zabbix_agent_listeninterface + - (zabbix_agent_listeninterface not in ansible_all_ipv4_addresses) + tags: + - zabbix-agent + - config + +- name: "Set network interface" + set_fact: + network_interface: ansible_{{ zabbix_agent_listeninterface }} + when: + - zabbix_agent_listeninterface + - not zabbix_agent_listenip + +- name: "Get IP of agent_listeninterface when no agent_listenip specified" + set_fact: + zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" + zabbix_agent_ip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" + when: + - zabbix_agent_listeninterface + - not zabbix_agent_listenip + tags: + - zabbix-agent + - config + - api + +- name: "Default agent_listenip to all when not specified" + set_fact: + zabbix_agent_listenip: '0.0.0.0' + when: + - not zabbix_agent_listenip + tags: + - zabbix-agent + - config + +- name: "Fail invalid specified agent_listenip" + fail: + msg: "The agent_listenip does not exist" + when: + - zabbix_agent_listenip != '0.0.0.0' + - zabbix_agent_listenip != '127.0.0.1' + - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) + tags: + - zabbix-agent + - config + +- name: "Configure zabbix-agent" + template: + src: zabbix_agentd.conf.j2 + dest: "/usr/local/etc/zabbix/{{ zabbix_agent_conf }}" + owner: root + group: wheel + mode: 0644 + notify: + - restart mac zabbix agent + become: yes + when: + - not (zabbix_agent_docker | bool) + tags: + - zabbix-agent + - config + - init + +- name: "Create directory for PSK file if not exist." + file: + path: "{{ zabbix_agent_tlspskfile | dirname }}" + mode: 0755 + state: directory + become: yes + when: + - zabbix_agent_tlspskfile is defined + +- name: "Place TLS PSK File" + copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: yes + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspsk_secret is defined + notify: + - restart mac zabbix agent + +- name: "Create include dir zabbix-agent" + file: + path: "{{ zabbix_agent_include }}" + owner: root + group: zabbix + mode: 0750 + state: directory + become: yes + tags: + - config + - include + +- name: "Create pid file directory for zabbix-agent" + file: + path: /var/run/zabbix + state: directory + owner: zabbix + group: zabbix + mode: 0755 + become: yes + +- name: "Install the Docker container" + include: Docker.yml + when: + - zabbix_agent_docker | bool + +- name: "Check if zabbix-agent service is running" + shell: | + set -o pipefail + launchctl list | grep com.zabbix.zabbix_agentd | awk '{print $1}' + register: launchctl_pid + check_mode: no + changed_when: false + failed_when: launchctl_pid.rc == 2 + become: yes + tags: + - init + - service + +- name: "Make sure the zabbix-agent service is running" + command: launchctl start com.zabbix.zabbix_agentd + become: yes + when: + - not (zabbix_agent_docker | bool) + - launchctl_pid.stdout == "-" + tags: + - init + - service diff --git a/roles/zabbix-agent/tasks/Debian.yml b/roles/zabbix-agent/tasks/Debian.yml new file mode 100644 index 000000000..640c30755 --- /dev/null +++ b/roles/zabbix-agent/tasks/Debian.yml @@ -0,0 +1,197 @@ +--- +# Tasks specific for Debian/Ubuntu Systems + +- name: "Include Zabbix gpg ids" + include_vars: zabbix.yml + +- name: "Set short version name" + set_fact: + zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" + zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" + +- name: "Debian | Install gpg key" + apt_key: + id: "{{ sign_keys[zabbix_short_version][zabbix_agent_distribution_release]['sign_key'] }}" + url: http://repo.zabbix.com/zabbix-official-repo.key + when: + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Check for zabbix repositories" + find: + paths: /etc/apt/sources.list.d + patterns: repo_zabbix_com_zabbix*.list + excludes: "repo_zabbix_com_zabbix_{{ zabbix_underscore_version }}_ubuntu.list" + register: repositories + become: yes + when: + - ansible_distribution in ['Ubuntu', 'Debian'] + - zabbix_repo == "zabbix" + tags: + - zabbix-agent + - init + +- name: "Debian | Remove unecessary zabbix repositories" + file: + path: "{{ item.path }}" + state: absent + loop: "{{ repositories.files }}" + when: + - ansible_distribution in ['Ubuntu', 'Debian'] + - zabbix_repo == "zabbix" + - zabbix_agent_src_reinstall + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Installing deb-src repository Debian" + apt_repository: + repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - ansible_distribution == "Debian" + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Installing deb repository Debian" + apt_repository: + repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - ansible_distribution == "Debian" + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Installing deb-src repository Ubuntu" + apt_repository: + repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - ansible_distribution == "Ubuntu" + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Installing deb repository Ubuntu" + apt_repository: + repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - ansible_distribution == "Ubuntu" + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Debian | Create /etc/apt/preferences.d/" + file: + path: /etc/apt/preferences.d/ + state: directory + when: + - zabbix_agent_apt_priority | int + +- name: "Debian | Configuring the weight for APT" + copy: + dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" + content: | + Package: zabbix-agent + Pin: origin repo.zabbix.com + Pin-Priority: {{ zabbix_agent_apt_priority | int }} + owner: root + when: + - zabbix_agent_apt_priority | int + +# Note: set cache_valid_time=0 to ensure that an apt-get update after the added repo-key +# else you often get 'WARNING: The following packages cannot be authenticated! +# See also: +# http://askubuntu.com/questions/75565/why-am-i-getting-authentication-errors-for-packages-from-an-ubuntu-repository +- name: "Debian | Installing zabbix-agent" + apt: + pkg: "{{ zabbix_agent_packages }}" + state: "{{ zabbix_agent_package_state }}" + update_cache: yes + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: ansible_distribution in ['Ubuntu', 'Debian'] + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: yes + check_mode: no + tags: + - zabbix-agent + - init + +- name: "Mint | Installing zabbix-agent" + apt: + pkg: "zabbix-agent" + state: "{{ zabbix_agent_package_state }}" + update_cache: yes + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: ansible_distribution not in ['Ubuntu', 'Debian'] + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: yes + tags: + - zabbix-agent + - init + +- name: "Install policycoreutils-python" + apt: + pkg: policycoreutils-python-utils + state: present + update_cache: yes + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_package_installed is succeeded + become: yes + when: zabbix_selinux | bool + +- name: "Debian | Enable the service" + service: + name: "{{ zabbix_agent_service }}" + enabled: yes + use: service + become: yes + tags: + - zabbix-agent + - init + - service diff --git a/roles/zabbix-agent/tasks/Docker.yml b/roles/zabbix-agent/tasks/Docker.yml new file mode 100644 index 000000000..0980ded47 --- /dev/null +++ b/roles/zabbix-agent/tasks/Docker.yml @@ -0,0 +1,32 @@ +--- + +- name: "Create volume mount string" + set_fact: + volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile" + tls_key: + ZBX_TLSPSKFILE: tlspskfile + when: + - zabbix_agent_tlspskfile is defined + +- name: "Add zabbix_agent_tlspskfile to volume mount" + set_fact: + zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}" + zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}" + when: + - zabbix_agent_tlspskfile is defined + +- name: "Ensure Zabbix Docker container is running" + docker_container: + name: "{{ zabbix_agent_docker_name }}" + image: "{{ zabbix_agent_docker_image }}:{{ zabbix_agent_docker_image_tag }}" + state: "{{ zabbix_agent_docker_state }}" + restart_policy: "{{ zabbix_agent_docker_restart_policy }}" + network_mode: "{{ zabbix_agent_docker_network_mode }}" + published_ports: "{{ zabbix_agent_docker_ports }}" + privileged: "{{ zabbix_agent_docker_privileged }}" + security_opts: "{{ zabbix_agent_docker_security_opts }}" + volumes: "{{ zabbix_agent_docker_volumes }}" + env: "{{ zabbix_agent_docker_env }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" diff --git a/roles/zabbix-agent/tasks/Linux.yml b/roles/zabbix-agent/tasks/Linux.yml new file mode 100644 index 000000000..ecf32380a --- /dev/null +++ b/roles/zabbix-agent/tasks/Linux.yml @@ -0,0 +1,246 @@ +--- + +- name: "Set default ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" + when: + - zabbix_agent_ip is not defined + - "'ansible_default_ipv4' in hostvars[inventory_hostname]" + +- name: "Get Total Private IP Addresses" + set_fact: + total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ipaddr('private') | length }}" + when: + - ansible_all_ipv4_addresses is defined + +- name: "Set first public ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ipaddr('public') | first }}" + zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" + zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses == '0' + +- name: "Set first private ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ipaddr('private') | first }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses != '0' + +- name: "Fail invalid specified agent_listeninterface" + fail: + msg: "The specified network interface does not exist" + when: + - zabbix_agent_listeninterface | bool + - (zabbix_agent_listeninterface not in ansible_all_ipv4_addresses) + tags: + - zabbix-agent + - config + +- name: "Set network interface" + set_fact: + network_interface: ansible_{{ zabbix_agent_listeninterface }} + when: + - zabbix_agent_listeninterface | bool + - not zabbix_agent_listenip + +- name: "Get IP of agent_listeninterface when no agent_listenip specified" + set_fact: + zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" + zabbix_agent_ip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" + when: + - zabbix_agent_listeninterface | bool + - not zabbix_agent_listenip + tags: + - zabbix-agent + - config + - api + +- name: "Default agent_listenip to all when not specified" + set_fact: + zabbix_agent_listenip: '0.0.0.0' + when: + - not zabbix_agent_listenip + tags: + - zabbix-agent + - config + +- name: "Fail invalid specified agent_listenip" + fail: + msg: "The agent_listenip does not exist" + when: + - zabbix_agent_listenip != '0.0.0.0' + - zabbix_agent_listenip != '127.0.0.1' + - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) + tags: + - zabbix-agent + - config + +# straight to getenforce binary , workaround for missing python_selinux library +- name: "Get getenforce binary" + stat: + path: /usr/sbin/getenforce + register: getenforce_bin + become: yes + +- name: "Collect getenforce output" + command: getenforce + register: sestatus + when: 'getenforce_bin.stat.exists' + changed_when: false + become: yes + check_mode: no + +- name: "Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" + set_fact: + zabbix_selinux: "{{ true }}" + when: 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' + +- name: "Allow zabbix_agent to start (SELinux)" + selinux_permissive: + name: zabbix_agent_t + permissive: true + become: yes + when: + - zabbix_selinux | bool + +- name: "Adding zabbix group" + group: + name: zabbix + state: present + gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}" + become: yes + when: + - zabbix_agent_docker | bool + +- name: "Adding zabbix user" + user: + name: zabbix + group: zabbix + state: present + create_home: False + home: /etc/zabbix + uid: "{{ zabbix_agent_docker_user_uid | default(omit) }}" + system: True + become: yes + when: + - zabbix_agent_docker | bool + +- name: "Configure zabbix-agent" + template: + src: zabbix_agentd.conf.j2 + dest: "/etc/zabbix/{{ zabbix_agent_conf }}" + owner: root + group: root + mode: 0644 + notify: + - restart zabbix-agent + become: yes + when: + - not (zabbix_agent_docker | bool) + tags: + - zabbix-agent + - config + - init + +- name: "Create directory for PSK file if not exist." + file: + path: "{{ zabbix_agent_tlspskfile | dirname }}" + mode: 0755 + state: directory + become: yes + when: + - zabbix_agent_tlspskfile is defined + +- name: "Place TLS PSK File" + copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: yes + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspsk_secret is defined + notify: + - restart zabbix-agent + +- name: "Create include dir zabbix-agent" + file: + path: "{{ zabbix_agent_include }}" + owner: root + group: zabbix + mode: 0750 + state: directory + become: yes + tags: + - config + - include + +- name: "Install the Docker container" + include: Docker.yml + when: + - zabbix_agent_docker | bool + +- name: "Configure IPTables (zabbix_agent_listenport)" + iptables: + action: "{{ zabbix_agent_firewall_action }}" + destination_port: "{{ zabbix_agent_listenport | string }}" + source: "{{ zabbix_agent_firewall_source | default(omit) }}" + protocol: tcp + chain: "{{ zabbix_agent_firewall_chain }}" + jump: ACCEPT + become: yes + when: zabbix_agent_firewall_enable | bool + +- name: "Configure IPTables (zabbix_agent_jmx_listenport)" + iptables: + action: "{{ zabbix_agent_firewall_action }}" + destination_port: "{{ zabbix_agent_listenport | string }}" + source: "{{ zabbix_agent_firewall_source | default(omit) }}" + protocol: tcp + chain: "{{ zabbix_agent_firewall_chain }}" + jump: ACCEPT + become: yes + when: (zabbix_agent_firewall_enable | bool) and (zabbix_agent_jmx_listenport | bool) + +- name: "Configure firewalld (zabbix_agent_listenport)" + firewalld: + rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_listenport }}" accept' + zone: "{{ zabbix_agent_firewalld_zone }}" + permanent: true + state: enabled + become: yes + when: zabbix_agent_firewalld_enable | bool + notify: + - firewalld-reload + tags: zabbix_agent_firewalld_enable + +- name: "Configure firewalld (zabbix_agent_jmx_listenport)" + firewalld: + rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_jmx_listenport }}" accept' + zone: "{{ zabbix_agent_firewalld_zone }}" + permanent: true + state: enabled + become: yes + when: (zabbix_agent_firewalld_enable | bool) and (zabbix_agent_jmx_listenport | bool) + notify: + - firewalld-reload + tags: zabbix_agent_firewalld_enable + +- name: "Make sure the zabbix-agent service is running" + service: + name: "{{ zabbix_agent_service }}" + state: started + enabled: yes + become: yes + when: + - not (zabbix_agent_docker | bool) + tags: + - init + - service diff --git a/roles/zabbix-agent/tasks/RedHat.yml b/roles/zabbix-agent/tasks/RedHat.yml new file mode 100644 index 000000000..5f018a306 --- /dev/null +++ b/roles/zabbix-agent/tasks/RedHat.yml @@ -0,0 +1,153 @@ +--- +# Tasks specific for RedHat systems + +- name: "RedHat | Use EPEL package name" + set_fact: + zabbix_agent_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-agent" + zabbix_sender_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-sender" + zabbix_get_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-get" + when: + - zabbix_repo == "epel" + tags: + - zabbix-agent + - init + +- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Amazon" + set_fact: + zabbix_agent_distribution_major_version: 6 + when: + - ansible_distribution == "Amazon" + - ansible_distribution_major_version == "NA" + +- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Major Version is 2018.03" + set_fact: + zabbix_agent_distribution_major_version: 6 + when: + - ansible_distribution == "Amazon" + - ansible_distribution_major_version == "2018" + +- name: "RedHat | Set zabbix_agent_distribution_major_version to 7 when Amazon 2" + set_fact: + zabbix_agent_distribution_major_version: 7 + when: + - ansible_distribution == "Amazon" + - ansible_distribution_major_version == "2" + +- name: "Fedora | Override zabbix_agent_distribution_major_version for Fedora" + set_fact: + zabbix_agent_distribution_major_version: 7 + when: + - ansible_distribution == "Fedora" + +- name: "XCP-ng | Override zabbix_agent_distribution_major_version for XCP-ng" + set_fact: + zabbix_agent_distribution_major_version: 7 + when: + - ansible_distribution == "XCP-ng" + +- name: "RedHat | Install basic repo file" + yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: "{{ item.gpgcheck }}" + gpgkey: "{{ item.gpgkey }}" + priority: "{{ item.priority | default('99') }}" + state: "{{ item.state | default('present') }}" + proxy: "{{ zabbix_http_proxy | default(omit) }}" + with_items: "{{ zabbix_repo_yum }}" + register: yum_repo_installed + become: yes + when: + zabbix_repo == "zabbix" + tags: + - zabbix-agent + +- name: "Do a yum clean" + shell: yum clean all + args: + warn: False + when: yum_repo_installed.changed + become: yes + tags: + - skip_ansible_lint + +- name: "RedHat | Installing zabbix-agent" + package: + pkg: + - "{{ zabbix_agent_package }}" + - "{{ zabbix_sender_package }}" + - "{{ zabbix_get_package }}" + state: "{{ zabbix_agent_package_state }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: yes + tags: + - init + - zabbix-agent + +- name: "Install policycoreutils-python" + package: + name: policycoreutils-python + state: installed + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_policycoreutils_installed is succeeded + when: (zabbix_selinux | bool) and (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7") + become: yes + tags: + - init + - zabbix-agent + +- name: "Install python3-policycoreutils on RHEL8" + package: + name: python3-policycoreutils + state: installed + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_policycoreutils_installed is succeeded + when: (zabbix_selinux | bool) and ansible_distribution_major_version == "8" + become: yes + tags: + - init + - zabbix-agent + +- name: "Install selinux-policy-targeted" + package: + name: selinux-policy-targeted + state: installed + register: zabbix_agent_selinuxpolicytargeted_installed + until: zabbix_agent_selinuxpolicytargeted_installed is succeeded + when: zabbix_selinux | bool + become: yes + tags: + - init + - zabbix-agent + +- name: "RedHat | Enable the service" + service: + name: "{{ zabbix_agent_service }}" + enabled: yes + use: service + become: yes + tags: + - zabbix-agent + - init + - service + +- name: "Allow zabbix to run sudo commands (SELinux)" + seboolean: + name: zabbix_run_sudo + persistent: yes + state: yes + when: + - ansible_selinux.status == "enabled" + - selinux_allow_zabbix_run_sudo|bool + tags: selinux diff --git a/roles/zabbix-agent/tasks/Suse.yml b/roles/zabbix-agent/tasks/Suse.yml new file mode 100644 index 000000000..25ccc7352 --- /dev/null +++ b/roles/zabbix-agent/tasks/Suse.yml @@ -0,0 +1,46 @@ +--- +# Tasks specific for OpenSuse Systems + +- name: "Include Zabbix gpg ids" + include_vars: zabbix.yml + +- name: "Install zypper repo dependency" + zypper: + name: ["python-libxml2", "python-xml"] + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: yes + register: zabbix_agent_package_dependency + until: zabbix_agent_package_dependency is succeeded + +- name: "Suse | Install basic repo file" + zypper_repository: + repo: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['url'] }}" + name: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['name'] }}" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-agent + - init + +- name: "Suse | Install zabbix-agent" + zypper: + name: "{{ zabbix_agent_packages }}" + state: "{{ zabbix_agent_package_state }}" + disable_gpg_check: yes + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: yes + tags: + - zabbix-agent + - init diff --git a/roles/zabbix-agent/tasks/Windows.yml b/roles/zabbix-agent/tasks/Windows.yml new file mode 100644 index 000000000..000db12c6 --- /dev/null +++ b/roles/zabbix-agent/tasks/Windows.yml @@ -0,0 +1,164 @@ +--- + +- name: "Set default ip address for zabbix_agent_ip" + set_fact: + zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'][0] }}" + when: + - zabbix_agent_ip is not defined + - "'ansible_ip_addresses' in hostvars[inventory_hostname]" + +- name: "Windows | Set default architecture" + set_fact: + windows_arch: 32 + +- name: "Windows | Override architecture if 64-bit" + set_fact: + windows_arch: 64 + when: + - ansible_architecture == "64-bit" + +- name: "Windows | Set path to zabbix.exe" + set_fact: + zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe' + +- name: "Windows | Set variables specific to Zabbix 4.0" + set_fact: + zabbix_win_package: zabbix_agent-{{ zabbix_version_long }}-windows-amd64.zip + zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe' + when: + - zabbix_version_long is version('4.0.0', '>=') + +- name: "Windows | Check if Zabbix agent is present" + win_stat: + path: '{{ zabbix_win_exe_path }}' + register: agent_file_info + +- name: "Windows | Get Installed Zabbix Agent Version" + win_file_version: + path: "{{ zabbix_win_exe_path }}" + register: zabbix_win_exe_info + when: + - agent_file_info.stat.exists + +- name: "Windows | Checking Update (Set default)" + set_fact: + update_zabbix_agent: False + when: + - agent_file_info.stat.exists + +- name: "Windows | Checking Update" + set_fact: + update_zabbix_agent: True + when: + - agent_file_info.stat.exists + - zabbix_win_exe_info.win_file_version.product_version is version(zabbix_version_long, '<') + - zabbix_agent_package_state == 'latest' + +- name: "Windows | Create directory structure" + win_file: + path: "{{ item }}" + state: directory + with_items: + - "{{ zabbix_win_install_dir }}" + - "{{ zabbix_agent_win_include }}" + +- name: "Windows | Place TLS-PSK file" + win_copy: + content: "{{ zabbix_agent_tlspsk_secret }}" + dest: "{{ zabbix_agent_tlspskfile }}" + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspsk_secret is defined + notify: restart win zabbix agent + +- name: "Windows | Stop Zabbix (Update)" + win_service: + name: Zabbix Agent + start_mode: auto + state: stopped + when: + - update_zabbix_agent | default(false) + - agent_file_info.stat.exists + +- name: "Windows | Uninstall Zabbix (Update)" + win_command: '{{ zabbix_win_exe_path }} --config {{ zabbix_win_install_dir }}\zabbix_agentd.conf --uninstall' + register: zabbix_windows_install + when: + - update_zabbix_agent | default(false) + - agent_file_info.stat.exists + +- name: "Windows | Removing Zabbix Directory (Update)" + win_file: + path: '{{ zabbix_win_install_dir }}' + state: absent + when: + - update_zabbix_agent | default(false) + - agent_file_info.stat.exists + +- name: "Windows | Check if file is already downloaded" + win_stat: + path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + register: file_info + +- name: "Windows | Download Zabbix Agent Zip file" + win_get_url: + url: "{{ zabbix_win_download_link }}" + dest: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + force: False + follow_redirects: all + proxy_url: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_win_download_zip + until: zabbix_agent_win_download_zip is succeeded + +- name: "Windows | Unzip file" + win_unzip: + src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + dest: "{{ zabbix_win_install_dir }}" + creates: '{{ zabbix_win_exe_path }}' + +- name: "Windows | Configure zabbix-agent" + win_template: + src: zabbix_agentd.conf.j2 + dest: '{{ zabbix_win_install_dir }}\zabbix_agentd.conf' + notify: restart win zabbix agent + +- name: "Windows | Register Service" + win_command: '{{ zabbix_win_exe_path }} --config {{ zabbix_win_install_dir }}\zabbix_agentd.conf --install' + register: zabbix_windows_install + args: + creates: '{{ zabbix_win_install_dir }}\.installed' + +- name: "Windows | Create done file so it won't register itself again" + win_file: + path: '{{ zabbix_win_install_dir }}\.installed' + state: touch + when: zabbix_windows_install is changed + +- name: "Windows | Set service startup mode to auto and ensure it is started" + win_service: + name: Zabbix Agent + start_mode: auto + state: started + +- name: "Windows | Getting Zabbix Service Recovery Settings" + win_shell: sc.exe qfailure "Zabbix Agent" 1100 + register: svc_recovery + changed_when: false + check_mode: false + when: zabbix_agent_win_svc_recovery + +- name: "Windows | Setting Zabbix Service Recovery" + win_shell: sc.exe failure "Zabbix Agent" actions= restart/5000/restart/10000/restart/20000 reset= 86400 + when: + - "'RESTART -- Delay' not in svc_recovery.stdout" + - zabbix_agent_win_svc_recovery + +- name: "Windows | Firewall rule" + win_firewall_rule: + name: Zabbix Agent + localport: "{{ zabbix_agent_listenport }}" + action: allow + direction: in + protocol: tcp + state: present + enabled: yes diff --git a/roles/zabbix-agent/tasks/macOS.yml b/roles/zabbix-agent/tasks/macOS.yml new file mode 100644 index 000000000..ef73dbeb9 --- /dev/null +++ b/roles/zabbix-agent/tasks/macOS.yml @@ -0,0 +1,24 @@ +--- +# Tasks specific for macOS +- name: "macOS | Check installed package version" + shell: | + set -o pipefail + pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2 + register: pkgutil_version + check_mode: no + changed_when: false + failed_when: pkgutil_version.rc == 2 + +- name: "macOS | Download the Zabbix package" + get_url: + url: "{{ zabbix_mac_download_link }}" + dest: "/tmp/{{ zabbix_mac_package }}" + mode: 0644 + when: pkgutil_version.stdout != zabbix_version_long + +- name: "macOS | Install the Zabbix package" + command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target / + become: true + when: pkgutil_version.stdout != zabbix_version_long + tags: + - zabbix-agent diff --git a/roles/zabbix-agent/tasks/main.yml b/roles/zabbix-agent/tasks/main.yml new file mode 100644 index 000000000..8e8fb7327 --- /dev/null +++ b/roles/zabbix-agent/tasks/main.yml @@ -0,0 +1,174 @@ +--- +# tasks file for dj-wasabi.zabbix-agent + +- name: "Fix facts for linuxmint - distribution release" + set_fact: + zabbix_agent_distribution_release: xenial + when: + - ansible_os_family == "Linuxmint" + - ansible_distribution_release == "sonya" or ansible_distribution_release == "serena" + +- name: "Fix facts for linuxmint - family" + set_fact: + zabbix_agent_os_family: Debian + when: + - ansible_os_family == "Linuxmint" + +- name: "Fix facts for XCP-ng - family" + set_fact: + zabbix_agent_os_family: RedHat + when: + - ansible_os_family == "XCP-ng" + +- name: "Include OS-specific variables" + include_vars: "{{ zabbix_agent_os_family }}.yml" + tags: + - vars + - zabbix-agent + +- name: "Install the correct repository" + include_tasks: "{{ zabbix_agent_os_family if (zabbix_agent_os_family not in ['Sangoma']) else 'RedHat' }}.yml" + when: + - not (zabbix_agent_docker | bool) + tags: + - zabbix-agent + - init + - config + - service + +- name: "Install local python-netaddr package" + pip: + name: netaddr + state: present + register: zabbix_python_netaddr_package_installed + until: zabbix_python_netaddr_package_installed is succeeded + delegate_to: localhost + run_once: True + become: "{{ zabbix_agent_become_on_localhost }}" + when: + - zabbix_install_pip_packages | bool + - ansible_all_ipv4_addresses is defined or (zabbix_agent_ip is not defined and total_private_ip_addresses is defined) + +- name: "Encrypt with TLS PSK auto management" + include_tasks: tlspsk_auto.yml + when: + - zabbix_agent_tlspsk_auto | bool + - (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0') + - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0') + +- name: "Install the correct repository" + include_tasks: Windows.yml + when: + - zabbix_agent_os_family == "Windows" + +- name: "Install the correct repository" + include_tasks: Linux.yml + when: + - (zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin") or (zabbix_agent_docker | bool) + +- name: "Install the correct repository" + include_tasks: macOS.yml + when: + - zabbix_agent_os_family == "Darwin" + +- name: "Installing the Zabbix-api package on localhost" + pip: + name: zabbix-api + state: present + register: zabbix_api_package_installed + until: zabbix_api_package_installed is succeeded + delegate_to: localhost + run_once: True + become: "{{ zabbix_agent_become_on_localhost }}" + when: + - zabbix_install_pip_packages | bool + - (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool) + +- name: "Create hostgroups" + zabbix_group: + server_url: "{{ zabbix_url }}" + http_login_user: "{{ zabbix_api_http_user | default(omit) }}" + http_login_password: "{{ zabbix_api_http_password | default(omit) }}" + login_user: "{{ zabbix_api_user }}" + login_password: "{{ zabbix_api_pass }}" + host_group: "{{ zabbix_host_groups }}" + state: "{{ zabbix_create_hostgroup }}" + validate_certs: "{{ zabbix_validate_certs|default(omit) }}" + when: + - zabbix_api_create_hostgroup | bool + register: zabbix_api_hostgroup_created + until: zabbix_api_hostgroup_created is succeeded + delegate_to: localhost + become: no + tags: + - api + +- name: "Create a new host or update an existing host's info" + zabbix_host: + server_url: "{{ zabbix_url }}" + http_login_user: "{{ zabbix_api_http_user | default(omit) }}" + http_login_password: "{{ zabbix_api_http_password | default(omit) }}" + login_user: "{{ zabbix_api_user }}" + login_password: "{{ zabbix_api_pass }}" + host_name: "{{ zabbix_agent_hostname }}" + host_groups: "{{ zabbix_host_groups }}" + link_templates: "{{ zabbix_link_templates }}" + status: "{{ zabbix_host_status }}" + state: "{{ zabbix_create_host }}" + force: "{{ zabbix_update_host }}" + proxy: "{{ zabbix_proxy }}" + inventory_mode: "{{ zabbix_inventory_mode }}" + interfaces: "{{ zabbix_agent_interfaces }}" + visible_name: "{{ zabbix_visible_hostname | default(zabbix_agent_hostname) }}" + tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}" + tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}" + tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" + tls_subject: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" + tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}" + tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}" + validate_certs: "{{ zabbix_validate_certs | default(omit) }}" + description: "{{ zabbix_agent_description | default(omit) }}" + inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" + ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" + ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" + ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" + ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" + when: + - zabbix_api_create_hosts | bool + register: zabbix_api_host_created + until: zabbix_api_host_created is succeeded + delegate_to: localhost + become: no + changed_when: false + tags: + - api + +- name: "Updating host configuration with macros" + zabbix_hostmacro: + server_url: "{{ zabbix_url }}" + http_login_user: "{{ zabbix_api_http_user | default(omit) }}" + http_login_password: "{{ zabbix_api_http_password | default(omit) }}" + login_user: "{{ zabbix_api_user }}" + login_password: "{{ zabbix_api_pass }}" + host_name: "{{ zabbix_agent_hostname }}" + macro_name: "{{ item.macro_key }}" + macro_value: "{{ item.macro_value }}" + validate_certs: "{{ zabbix_validate_certs | default(omit) }}" + with_items: "{{ zabbix_macros | default([]) }}" + when: + - zabbix_api_create_hosts | bool + - zabbix_macros is defined + - item.macro_key is defined + register: zabbix_api_hostmarcro_created + until: zabbix_api_hostmarcro_created is succeeded + delegate_to: localhost + become: no + tags: + - api + +- name: "Including userparameters" + include_tasks: "userparameter.yml" + when: zabbix_agent_userparameters|length > 0 + tags: + - zabbix-agent + - userparameter diff --git a/roles/zabbix-agent/tasks/tlspsk_auto.yml b/roles/zabbix-agent/tasks/tlspsk_auto.yml new file mode 100644 index 000000000..d9d882717 --- /dev/null +++ b/roles/zabbix-agent/tasks/tlspsk_auto.yml @@ -0,0 +1,80 @@ +--- +- name: AutoPSK | Set default path variables for Linux + set_fact: + zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" + zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" + when: (zabbix_agent_os_family != "Windows") or (zabbix_agent_docker | bool) + +- name: AutoPSK | Set default path variables for Windows + set_fact: + zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\tls_psk_auto.secret.txt" + zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\tls_psk_auto.identity.txt" + when: zabbix_agent_os_family == "Windows" + +- name: AutoPSK | Check for existing TLS PSK file + stat: + path: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspskcheck + +- name: AutoPSK | read existing TLS PSK file + slurp: + src: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspsk_base64 + when: zabbix_agent_tlspskcheck.stat.exists + +- name: AutoPSK | Save existing TLS PSK secret + set_fact: + zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}" + when: zabbix_agent_tlspskcheck.stat.exists + +- name: AutoPSK | Use existing TLS PSK secret + set_fact: + zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}" + when: zabbix_agent_tlspskcheck.stat.exists and zabbix_agent_tlspsk_read|length >= 32 + +- name: AutoPSK | Generate new TLS PSK secret + set_fact: + zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" + when: not zabbix_agent_tlspskcheck.stat.exists or zabbix_agent_tlspsk_read|length < 32 + +- name: AutoPSK | Check for existing TLS PSK identity + stat: + path: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_check + +- name: AutoPSK | Read existing TLS PSK identity file + slurp: + src: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_base64 + when: zabbix_agent_tlspskidentity_check.stat.exists + +- name: AutoPSK | Use existing TLS PSK identity + set_fact: + zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}" + when: zabbix_agent_tlspskidentity_check.stat.exists + +- name: AutoPSK | Generate new TLS PSK identity + set_fact: + zabbix_agent_tlspskidentity: "{{ zabbix_visible_hostname + '_' + lookup('password', '/dev/null chars=hexdigits length=4') }}" + when: not zabbix_agent_tlspskidentity_check.stat.exists + +- name: AutoPSK | Template TLS PSK identity in file + copy: + dest: "{{ zabbix_agent_tlspskidentity_file }}" + content: "{{ zabbix_agent_tlspskidentity }}" + owner: zabbix + group: zabbix + mode: 0400 + when: + - zabbix_agent_tlspskidentity_file is defined + - zabbix_agent_tlspskidentity is defined + notify: + - restart zabbix-agent + - restart win zabbix agent + - restart mac zabbix agent + +- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK + set_fact: + zabbix_agent_tlsaccept: psk + zabbix_agent_tlsconnect: psk + when: zabbix_api_create_hosts diff --git a/roles/zabbix-agent/tasks/userparameter.yml b/roles/zabbix-agent/tasks/userparameter.yml new file mode 100644 index 000000000..baecf1ce7 --- /dev/null +++ b/roles/zabbix-agent/tasks/userparameter.yml @@ -0,0 +1,51 @@ +--- +- block: + - name: "Windows | Installing user-defined userparameters" + win_template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + + - name: "Windows | Installing user-defined scripts" + win_copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: '{{ zabbix_win_install_dir }}\scripts\' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + + when: zabbix_agent_os_family == "Windows" + + +- block: + - name: "Installing user-defined userparameters" + template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf" + owner: zabbix + group: zabbix + mode: 0644 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: yes + with_items: "{{ zabbix_agent_userparameters }}" + + - name: "Installing user-defined scripts" + copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: "/etc/zabbix/scripts/" + owner: zabbix + group: zabbix + mode: 0755 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: yes + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + + when: zabbix_agent_os_family != "Windows" diff --git a/roles/zabbix-agent/templates/userparameters/mysql.j2 b/roles/zabbix-agent/templates/userparameters/mysql.j2 new file mode 100644 index 000000000..64087779f --- /dev/null +++ b/roles/zabbix-agent/templates/userparameters/mysql.j2 @@ -0,0 +1,3 @@ +# This is an sample userparameters file. + +UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive diff --git a/roles/zabbix-agent/templates/userparameters/win_sample.j2 b/roles/zabbix-agent/templates/userparameters/win_sample.j2 new file mode 100644 index 000000000..2a27b634d --- /dev/null +++ b/roles/zabbix-agent/templates/userparameters/win_sample.j2 @@ -0,0 +1 @@ +UserParameter=do.something, powershell -NoProfile -ExecutionPolicy Bypass -File {{ zabbix_win_install_dir }}\scripts\{{ item.name }}\doSomething.ps1 diff --git a/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 b/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 new file mode 100644 index 000000000..00518481e --- /dev/null +++ b/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 @@ -0,0 +1,366 @@ +{{ ansible_managed | comment }} +# this is a config file for zabbix agent +# to get more information about zabbix, visit http://www.zabbix.com + +############ general parameters ################# + +### option: pidfile +# name of pid file. +# +{% if zabbix_agent_os_family != "Windows" %} +PidFile={{ zabbix_agent_pidfile }} +{% endif %} + +### option: logfile +# name of log file. +# if not set, syslog is used. +# +{% if zabbix_agent_os_family == "Windows" %} +LogFile={{ zabbix_agent_win_logfile }} +{% else %} +LogFile={{ zabbix_agent_logfile }} +{% endif %} + +### option: logfilesize +# maximum size of log file in mb. +# 0 - disable automatic log rotation. +# +LogFileSize={{ zabbix_agent_logfilesize }} + +### option: debuglevel +# specifies debug level +# 0 - no debug +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# +DebugLevel={{ zabbix_agent_debuglevel }} + + +### option: sourceip +# source ip address for outgoing connections. +# +{% if zabbix_agent_sourceip is defined and zabbix_agent_sourceip %} +SourceIP={{ zabbix_agent_sourceip }} +{% endif %} + +### option: enableremotecommands +# whether remote commands from zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +EnableRemoteCommands={{ zabbix_agent_enableremotecommands }} + +### option: logremotecommands +# enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +LogRemoteCommands={{ zabbix_agent_logremotecommands }} + +##### passive checks related + +### option: server +# list of comma delimited ip addresses (or hostnames) of zabbix servers. +# incoming connections will be accepted only from the hosts listed here. +# no spaces allowed. +# if ipv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally. +# +# mandatory: yes +# default: +# server= +Server={{ zabbix_agent_server }} + +### option: listenport +# agent will listen on this port for connections from the server. +# +ListenPort={{ zabbix_agent_listenport }} + + +### option: listenip +# list of comma delimited ip addresses that the agent should listen on. +# first ip address is sent to zabbix server if connecting to it to retrieve list of active checks. +# +{% if zabbix_agent_listenip is defined and zabbix_agent_listenip !='0.0.0.0' and zabbix_agent_listenip %} +ListenIP={{ zabbix_agent_listenip }} +{% endif %} + +### option: startagents +# number of pre-forked instances of zabbix_agentd that process passive checks. +# if set to 0, disables passive checks and the agent will not listen on any tcp port. +# +StartAgents={{ zabbix_agent_startagents }} + +##### active checks related +### option: serveractive +# list of comma delimited ip:port (or hostname:port) pairs of zabbix servers for active checks. +# if port is not specified, default port is used. +# ipv6 addresses must be enclosed in square brackets if port for that host is specified. +# if port is not specified, square brackets for ipv6 addresses are optional. +# if this parameter is not specified, active checks are disabled. +# example: serveractive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# +ServerActive={{ zabbix_agent_serveractive }} + +### option: hostname +# unique, case sensitive hostname. +# required for active checks and must match hostname as configured on the server. +# value is acquired from hostnameitem if undefined. +# +{% if zabbix_agent_hostname is defined and zabbix_agent_hostname %} +Hostname={{ zabbix_agent_hostname }} +{% endif %} + +### option: hostnameitem +# item used for generating hostname if it is undefined. +# ignored if hostname is defined. +# +{% if zabbix_agent_hostnameitem is defined and zabbix_agent_hostnameitem %} +HostnameItem={{ zabbix_agent_hostnameitem }} +{% endif %} + +### option: hostmetadata +# optional parameter that defines host metadata. +# host metadata is used at host auto-registration process. +# an agent will issue an error and not start if the value is over limit of 255 characters. +# if not defined, value will be acquired from hostmetadataitem. +# +{% if zabbix_agent_hostmetadata is defined and zabbix_agent_hostmetadata %} +HostMetadata={{ zabbix_agent_hostmetadata }} +{% endif %} + +### option: hostmetadataitem +# optional parameter that defines an item used for getting host metadata. +# host metadata is used at host auto-registration process. +# during an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# this option is only used when hostmetadata is not defined. +# +{% if zabbix_agent_hostmetadataitem is defined and zabbix_agent_hostmetadataitem %} +HostMetadataItem={{ zabbix_agent_hostmetadataitem }} +{% endif %} + +### option: refreshactivechecks +# how often list of active checks is refreshed, in seconds. +# +RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }} + +### option: buffersend +# do not keep data longer than n seconds in buffer. +# +BufferSend={{ zabbix_agent_buffersend }} + +### option: buffersize +# maximum number of values in a memory buffer. the agent will send +# all collected data to zabbix server or proxy if the buffer is full. +# +BufferSize={{ zabbix_agent_buffersize }} + +### option: maxlinespersecond +# maximum number of new lines the agent will send per second to zabbix server +# or proxy processing 'log' and 'logrt' active checks. +# the provided value will be overridden by the parameter 'maxlines', +# provided in 'log' or 'logrt' item keys. +# +MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }} + +############ advanced parameters ################# + +### option: alias +# sets an alias for parameter. it can be useful to substitute long and complex parameter name with a smaller and simpler one. +# +{% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %} +Alias={{ zabbix_agent_zabbix_alias }} +{% endif %} + +### option: timeout +# spend no more than timeout seconds on processing +# +Timeout={{ zabbix_agent_timeout }} + +{% if zabbix_agent_os_family != "Windows" %} +### option: allowroot +# allow the agent to run as 'root'. if disabled and the agent is started by 'root', the agent +# will try to switch to user 'zabbix' instead. has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +AllowRoot={{ zabbix_agent_allowroot }} +{% endif %} + +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +# Mandatory: no +# Default: + +{% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %} +User={{ zabbix_agent_runas_user }} +{% endif %} + +### option: include +# you may include individual files or all files in a directory in the configuration file. +# installing zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +{% if zabbix_agent_os_family == "Windows" %} +Include={{ zabbix_agent_win_include }} +{% else %} +Include={{ zabbix_agent_include }} +{% endif %} + +####### user-defined monitored parameters ####### + +### option: unsafeuserparameters +# allow all characters to be passed in arguments to user-defined parameters. +# 0 - do not allow +# 1 - allow +# +UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }} + +### option: userparameter +# user-defined parameter to monitor. there can be several user-defined parameters. +# format: userparameter=, +# note that shell command must not return empty string or eol only. +# see 'zabbix_agentd' directory for examples. +# +# mandatory: no +# default: +# userparameter= + +# disabled. an configuration file should be placed on directory: {{ zabbix_agent_include }} + +####### LOADABLE MODULES ####### +{% if zabbix_version is version_compare('2.2', '>=') %} +### Option: LoadModulePath +# Full path to location of agent modules. +# Default depends on compilation options. +# +{% if zabbix_agent_os_family != "Windows" %} +LoadModulePath={{ zabbix_agent_loadmodulepath }} +{% endif %} +{% endif %} + +### Option: LoadModule +# Module to load at agent startup. Modules are used to extend functionality of the agent. +# Format: LoadModule= +# The modules must be located in directory specified by LoadModulePath. +# It is allowed to include multiple LoadModule parameters. +# +{% if zabbix_agent_loadmodule is defined and zabbix_agent_loadmodule %} +LoadModule={{ zabbix_agent_loadmodule }} +{% endif %} + +{% if zabbix_version is version_compare('3.0', '>=') %} +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the agent should connect to server or proxy. Used for active checks. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted +{% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %} +TLSConnect={{ zabbix_agent_tlsconnect }} +{% endif %} + +### Option: TLSAccept +# What incoming connections to accept. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted +{% if zabbix_agent_tlsaccept is defined and zabbix_agent_tlsaccept %} +TLSAccept={{ zabbix_agent_tlsaccept }} +{% endif %} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= +{% if zabbix_agent_tlscafile is defined and zabbix_agent_tlscafile %} +TLSCAFile={{ zabbix_agent_tlscafile }} +{% endif %} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= +{% if zabbix_agent_tlscrlfile is defined and zabbix_agent_tlscrlfile %} +TLSCRLFile={{ zabbix_agent_tlscrlfile }} +{% endif %} + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= +{% if zabbix_agent_tlsservercertissuer is defined and zabbix_agent_tlsservercertissuer %} +TLSServerCertIssuer={{ zabbix_agent_tlsservercertissuer }} +{% endif %} + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= +{% if zabbix_agent_tlsservercertsubject is defined and zabbix_agent_tlsservercertsubject %} +TLSServerCertSubject={{ zabbix_agent_tlsservercertsubject }} +{% endif %} + +### Option: TLSCertFile +# Full pathname of a file containing the agent certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= +{% if zabbix_agent_tlscertfile is defined and zabbix_agent_tlscertfile %} +TLSCertFile={{ zabbix_agent_tlscertfile }} +{% endif %} + +### Option: TLSKeyFile +# Full pathname of a file containing the agent private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= +{% if zabbix_agent_tlskeyfile is defined and zabbix_agent_tlskeyfile %} +TLSKeyFile={{ zabbix_agent_tlskeyfile }} +{% endif %} + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= +{% if zabbix_agent_tlspskidentity is defined and zabbix_agent_tlspskidentity %} +TLSPSKIdentity={{ zabbix_agent_tlspskidentity }} +{% endif %} + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= +{% if zabbix_agent_tlspskfile is defined and zabbix_agent_tlspskfile %} +TLSPSKFile={{ zabbix_agent_tlspskfile }} +{% endif %} +{% endif %} diff --git a/roles/zabbix-agent/upgrade.md b/roles/zabbix-agent/upgrade.md new file mode 100644 index 000000000..b257082e8 --- /dev/null +++ b/roles/zabbix-agent/upgrade.md @@ -0,0 +1,11 @@ +# Upgrade + +## 1.0.0 + +With this 1.0.0 release, the following is changed: + +* All configuration properties starts with `zabbix_` now. Example, property named `agent_tlsaccept` is now `zabbix_agent_tlsaccept`. + +## 0.8.0 + +As of version 0.8.0, the property `zabbix_api_use` isn't available anymore. It is replaced by the properties `zabbix_api_create_hostgroup` and `zabbix_api_create_hosts` diff --git a/roles/zabbix-agent/vars/Darwin.yml b/roles/zabbix-agent/vars/Darwin.yml new file mode 100644 index 000000000..fa271bbf5 --- /dev/null +++ b/roles/zabbix-agent/vars/Darwin.yml @@ -0,0 +1,6 @@ +--- +# vars file for zabbix-agent (Debian) + +zabbix_agent: zabbix-agent +zabbix_agent_service: com.zabbix.zabbix_agentd +zabbix_agent_conf: zabbix_agentd.conf diff --git a/roles/zabbix-agent/vars/Debian.yml b/roles/zabbix-agent/vars/Debian.yml new file mode 100644 index 000000000..2e9bc1f43 --- /dev/null +++ b/roles/zabbix-agent/vars/Debian.yml @@ -0,0 +1,6 @@ +--- +# vars file for zabbix-agent (Debian) + +zabbix_agent: zabbix-agent +zabbix_agent_service: zabbix-agent +zabbix_agent_conf: zabbix_agentd.conf diff --git a/roles/zabbix-agent/vars/RedHat.yml b/roles/zabbix-agent/vars/RedHat.yml new file mode 100644 index 000000000..45ee8f215 --- /dev/null +++ b/roles/zabbix-agent/vars/RedHat.yml @@ -0,0 +1,6 @@ +--- +# vars file for zabbix-agent (RedHat) + +zabbix_agent: zabbix-agent +zabbix_agent_service: zabbix-agent +zabbix_agent_conf: zabbix_agentd.conf diff --git a/roles/zabbix-agent/vars/Sangoma.yml b/roles/zabbix-agent/vars/Sangoma.yml new file mode 100644 index 000000000..5da1067fb --- /dev/null +++ b/roles/zabbix-agent/vars/Sangoma.yml @@ -0,0 +1,6 @@ +--- +# vars file for zabbix-agent (Sangola) + +zabbix_agent: zabbix-agent +zabbix_agent_service: zabbix-agent +zabbix_agent_conf: zabbix_agentd.conf diff --git a/roles/zabbix-agent/vars/Suse.yml b/roles/zabbix-agent/vars/Suse.yml new file mode 100644 index 000000000..9b1ea40ee --- /dev/null +++ b/roles/zabbix-agent/vars/Suse.yml @@ -0,0 +1,6 @@ +--- +# vars file for zabbix-agent (Suse) + +zabbix_agent: zabbix-agentd +zabbix_agent_service: zabbix-agentd +zabbix_agent_conf: zabbix-agentd.conf diff --git a/roles/zabbix-agent/vars/Windows.yml b/roles/zabbix-agent/vars/Windows.yml new file mode 100644 index 000000000..1fe0d3ac1 --- /dev/null +++ b/roles/zabbix-agent/vars/Windows.yml @@ -0,0 +1,4 @@ +--- +# vars file for zabbix agent (Windows) + +zabbix_win_agent_service: "zabbix agent" diff --git a/roles/zabbix-agent/vars/zabbix.yml b/roles/zabbix-agent/vars/zabbix.yml new file mode 100644 index 000000000..15ff71e6c --- /dev/null +++ b/roles/zabbix-agent/vars/zabbix.yml @@ -0,0 +1,155 @@ +--- + +sign_keys: + "44": + focal: + sign_key: A14FE591 + eoan: + sign_key: A14FE591 + cosmic: + sign_key: A14FE591 + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + buster: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: A14FE591 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "42": + focal: + sign_key: A14FE591 + eoan: + sign_key: A14FE591 + cosmic: + sign_key: A14FE591 + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + buster: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: A14FE591 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "40": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + buster: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: A14FE591 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "34": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: A14FE591 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "32": + bionic: + sign_key: A14FE591 + sonya: + sign_key: 79EA5ED4 + serena: + sign_key: 79EA5ED4 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "30": + bionic: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + stretch: + sign_key: A14FE591 + buster: + sign_key: A14FE591 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "24": + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + precise: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + "22": + squeeze: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + precise: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + lucid: + sign_key: 79EA5ED4 + +suse: + "openSUSE Leap": + "42": + name: server:monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ + "openSUSE": + "12": + name: server_monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} + "SLES": + "11": + name: server_monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/