sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ansible Script 추가

Browse Source
This commit is contained in:
ByeonJungHun
2023-12-19 13:36:16 +09:00
parent 0273450ff6
commit 05cb8d9269
2610 changed files with 281893 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
ansible/zabbix_agent/roles/zabbix-agent/tasks/Debian.yml Normal file
View File

@@ -0,0 +1,151 @@
---
# Tasks specific for Debian/Ubuntu Systems
- name: "Debian | Set some variables"
ansible.builtin.set_fact:
zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}"
zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}"
tags:
- always
- name: "Debian | Repo URL"
ansible.builtin.set_fact:
zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}{{ '-arm64' if ansible_machine == 'aarch64' else ''}}"
when:
- zabbix_repo_deb_url is undefined
tags:
- always
- name: "Debian | Installing gnupg"
ansible.builtin.apt:
pkg: gnupg
update_cache: true
cache_valid_time: 3600
force: true
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: gnupg_installed
until: gnupg_installed is succeeded
become: true
tags:
- install
# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
- name: "Debian | Create /etc/apt/keyrings/ on older versions"
ansible.builtin.file:
path: /etc/apt/keyrings/
state: directory
mode: "0755"
become: true
when:
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
tags:
- install
- name: "Debian | Installing repository {{ ansible_distribution }}"
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/zabbix.sources
owner: root
group: root
mode: 0644
content: |
Types: deb deb-src
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Components: {{ zabbix_repo_deb_component }}
Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- install
- name: "Debian | Create /etc/apt/preferences.d/"
ansible.builtin.file:
path: /etc/apt/preferences.d/
state: directory
mode: "0755"
when:
- zabbix_agent_apt_priority | int
become: true
tags:
- install
- name: "Debian | Configuring the weight for APT"
ansible.builtin.copy:
dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}"
content: |
Package: {{ zabbix_agent_package }}
Pin: origin repo.zabbix.com
Pin-Priority: {{ zabbix_agent_apt_priority | int }}
owner: root
mode: "0644"
when:
- zabbix_agent_apt_priority | int
become: true
tags:
- install
- name: "Debian | Installing zabbix-agent"
ansible.builtin.apt:
pkg: "{{ zabbix_agent_package }}"
state: "{{ zabbix_agent_package_state }}"
update_cache: true
cache_valid_time: 0
force_apt_get: "{{ zabbix_apt_force_apt_get }}"
install_recommends: "{{ zabbix_apt_install_recommends }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
tags:
- install
- name: "Debian | Installing zabbix-{sender,get}"
ansible.builtin.apt:
pkg:
- "{{ zabbix_sender_package }}"
- "{{ zabbix_get_package }}"
state: "{{ zabbix_agent_package_state }}"
update_cache: true
cache_valid_time: 0
force_apt_get: "{{ zabbix_apt_force_apt_get }}"
install_recommends: "{{ zabbix_apt_install_recommends }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
when:
- not zabbix_agent_install_agent_only
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
check_mode: false
tags:
- install
- name: "Debian | Enable the service"
ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
enabled: true
use: service
become: true
tags:
- service

32
ansible/zabbix_agent/roles/zabbix-agent/tasks/Docker.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- name: "Create volume mount string"
ansible.builtin.set_fact:
volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile"
tls_key:
ZBX_TLSPSKFILE: tlspskfile
when:
- zabbix_agent_tlspskfile is defined
- name: "Add zabbix_agent_tlspskfile to volume mount"
ansible.builtin.set_fact:
zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}"
zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}"
when:
- zabbix_agent_tlspskfile is defined
- name: "Ensure Zabbix Docker container is running"
community.docker.docker_container:
name: "{{ zabbix_agent_docker_name }}"
image: "{{ zabbix_agent_docker_image }}:{{ zabbix_agent_docker_image_tag }}"
state: "{{ zabbix_agent_docker_state }}"
restart_policy: "{{ zabbix_agent_docker_restart_policy }}"
network_mode: "{{ zabbix_agent_docker_network_mode }}"
published_ports: "{{ zabbix_agent_docker_ports }}"
privileged: "{{ zabbix_agent_docker_privileged }}"
security_opts: "{{ zabbix_agent_docker_security_opts }}"
volumes: "{{ zabbix_agent_docker_volumes }}"
env: "{{ zabbix_agent_docker_env }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true

239
ansible/zabbix_agent/roles/zabbix-agent/tasks/Linux.yml Normal file
View File

@@ -0,0 +1,239 @@
---
- name: "Set default ip address for zabbix_agent_ip"
ansible.builtin.set_fact:
zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}"
when:
- zabbix_agent_ip is not defined
- "'ansible_default_ipv4' in hostvars[inventory_hostname]"
tags:
- config
- name: "Get Total Private IP Addresses"
ansible.builtin.set_fact:
total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}"
when:
- ansible_all_ipv4_addresses is defined
- not (zabbix_agent_dont_detect_ip)
tags:
- config
- name: "Set first public ip address for zabbix_agent_ip"
ansible.builtin.set_fact:
zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}"
zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}"
zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}"
zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}"
zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}"
when:
- zabbix_agent_ip is not defined
- total_private_ip_addresses is defined
- total_private_ip_addresses == '0'
tags:
- config
- name: "Set first private ip address for zabbix_agent_ip"
ansible.builtin.set_fact:
zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}"
when:
- zabbix_agent_ip is not defined
- total_private_ip_addresses is defined
- total_private_ip_addresses != '0'
tags:
- config
- name: "Fail invalid specified agent_listeninterface"
ansible.builtin.fail:
msg: "The specified network interface does not exist"
when:
- (zabbix_agent_listeninterface)
- (zabbix_agent_listeninterface not in ansible_interfaces)
tags:
- config
- name: "Set network interface"
ansible.builtin.set_fact:
network_interface: ansible_{{ zabbix_agent_listeninterface }}
when:
- (zabbix_agent_listeninterface)
- not zabbix_agent_listenip
tags:
- config
- name: "Get IP of agent_listeninterface when no agent_listenip specified"
ansible.builtin.set_fact:
zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}"
when:
- (zabbix_agent_listeninterface)
- not zabbix_agent_listenip
tags:
- config
- api
- name: "Default agent_listenip to all when not specified"
ansible.builtin.set_fact:
zabbix_agent_listenip: "0.0.0.0"
when:
- not (zabbix_agent_listenip)
tags:
- config
- name: "Fail invalid specified agent_listenip"
ansible.builtin.fail:
msg: "The agent_listenip does not exist"
when:
- zabbix_agent_listenip != '0.0.0.0'
- zabbix_agent_listenip != '127.0.0.1'
- (zabbix_agent_listenip not in ansible_all_ipv4_addresses)
tags:
- config
- name: "Configure SELinux when enabled"
ansible.builtin.include_tasks: selinux.yml
when:
- zabbix_selinux | bool
- name: "Adding zabbix group"
ansible.builtin.group:
name: zabbix
state: present
gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}"
become: true
when:
- zabbix_agent_docker | bool
tags:
- config
- name: "Adding zabbix user"
ansible.builtin.user:
name: zabbix
group: zabbix
state: present
create_home: false
home: /etc/zabbix
uid: "{{ zabbix_agent_docker_user_uid | default(omit) }}"
system: true
become: true
when:
- zabbix_agent_docker | bool
tags:
- config
- name: "Configure zabbix-agent"
ansible.builtin.template:
src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}"
dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}"
owner: root
group: root
mode: "{{ zabbix_agent_conf_mode }}"
notify:
- restart zabbix-agent
become: true
when:
- not (zabbix_agent_docker | bool)
tags:
- config
- name: "Create directory for PSK file if not exist."
ansible.builtin.file:
path: "{{ zabbix_agent_tlspskfile | dirname }}"
mode: 0755
state: directory
become: true
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- not (zabbix_agent2 | bool)
tags:
- config
- name: "Create directory for PSK file if not exist (zabbix-agent2)"
ansible.builtin.file:
path: "{{ zabbix_agent2_tlspskfile | dirname }}"
mode: 0755
state: directory
become: true
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent2 | bool
tags:
- config
- name: "Place TLS PSK File"
ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent_tlspsk_secret is defined
- not (zabbix_agent2 | bool)
notify:
- restart zabbix-agent
tags:
- config
- name: "Place TLS PSK File (zabbix-agent2)"
ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent2_tlspsk_secret is defined
- zabbix_agent2 | bool
notify:
- restart zabbix-agent
tags:
- config
- name: "Create include dir zabbix-agent"
ansible.builtin.file:
path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}"
owner: root
group: zabbix
mode: "{{ zabbix_agent_include_mode if not zabbix_agent2 else zabbix_agent2_include_mode }}"
state: directory
become: true
tags:
- config
- name: "Install the Docker container"
ansible.builtin.include_tasks: Docker.yml
when:
- zabbix_agent_docker | bool
- name: "Remove zabbix-agent installation when zabbix-agent2 is used."
ansible.builtin.include_tasks: remove.yml
when:
- zabbix_agent2 | bool
- zabbix_agent_package_remove
- name: "Make sure the zabbix-agent service is running"
ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
state: started
enabled: true
become: true
when:
- not (zabbix_agent_docker | bool)
tags:
- service
- name: "Give zabbix-agent access to system.hw.chassis info"
ansible.builtin.file:
path: /sys/firmware/dmi/tables/DMI
owner: root
group: zabbix
become: true
when: zabbix_agent_chassis | bool
tags:
- config

70
ansible/zabbix_agent/roles/zabbix-agent/tasks/RedHat.yml Normal file
View File

@@ -0,0 +1,70 @@
---
# Tasks specific for RedHat systems
- name: "RedHat | Install basic repo file"
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
notify:
- "clean repo files from proxy creds"
tags:
- install
- name: Check if warn parameter can be used for shell module
ansible.builtin.set_fact:
produce_warn: False
when: ansible_version.full is version("2.14", "<")
tags:
- always
- name: "RedHat | Installing zabbix-agent"
ansible.builtin.package:
pkg:
- "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
tags:
- install
- name: "RedHat | Installing zabbix-{sender,get}"
ansible.builtin.package:
pkg:
- "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
when:
- not zabbix_agent_install_agent_only
become: true
tags:
- install
- name: "RedHat | Enable the service"
ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
enabled: true
use: service
become: true
tags:
- service

352
ansible/zabbix_agent/roles/zabbix-agent/tasks/Windows.yml Normal file
View File

@@ -0,0 +1,352 @@
---
- name: "Windows | Set default architecture"
ansible.builtin.set_fact:
windows_arch: 32
tags:
- always
- name: "Windows | Override architecture if 64-bit"
ansible.builtin.set_fact:
windows_arch: 64
when:
- ansible_architecture == "64-bit"
tags:
- always
- name: "Windows | Set path to zabbix.exe"
ansible.builtin.set_fact:
zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe'
tags:
- always
- name: "Windows | Set variables specific to Zabbix"
ansible.builtin.set_fact:
zabbix_win_svc_name: Zabbix Agent
zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe'
zabbix_win_config_name: "zabbix_agentd.conf"
zabbix2_win_svc_name: Zabbix Agent 2
zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe'
zabbix2_win_config_name: "zabbix_agent2.conf"
tags:
- always
- name: "Windows | Check if Zabbix agent is present"
ansible.windows.win_stat:
path: "{{ item }}"
with_items:
- "{{ zabbix_win_exe_path }}"
- "{{ zabbix2_win_exe_path }}"
register: agent_file_info
tags:
- always
- name: "Windows | Get Installed Zabbix Agent Version"
community.windows.win_file_version:
path: "{{ item.item }}"
register: zabbix_win_exe_info
when:
- item.stat.exists | bool
with_items: "{{ agent_file_info.results }}"
tags:
- always
- name: "Windows | Set facts current zabbix agent installation"
ansible.builtin.set_fact:
zabbix_agent_1_binary_exist: true
zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version
when:
- zabbix_win_exe_info.results[0] is defined
- zabbix_win_exe_info.results[0].item.stat.exists
- zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path
- zabbix_win_exe_info.results[0].win_file_version.product_version
tags:
- always
- name: "Windows | Set facts current zabbix agent installation (agent 2)"
ansible.builtin.set_fact:
zabbix_agent_2_binary_exist: true
zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version
when:
- zabbix_win_exe_info.results[1] is defined
- zabbix_win_exe_info.results[1].item.stat.exists
- zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path
- zabbix_win_exe_info.results[1].win_file_version.product_version
tags:
- always
- name: "Windows | Check Zabbix service"
ansible.windows.win_service:
name: "{{ (item.item.stat.path == zabbix_win_exe_path ) | ternary(zabbix_win_svc_name,zabbix2_win_svc_name) }}"
register: zabbix_service_info
when: item.item.stat.exists
with_items: "{{ zabbix_win_exe_info.results }}"
tags:
- always
- name: "Windows | Set facts about current zabbix agent service state"
ansible.builtin.set_fact:
zabbix_agent_1_service_exist: true
when:
- zabbix_service_info.results[0].exists is defined
- zabbix_service_info.results[0].exists
- zabbix_service_info.results[0].display_name == zabbix_win_svc_name
tags:
- always
- name: "Windows | Set facts about current zabbix agent service state (agent 2)"
ansible.builtin.set_fact:
zabbix_agent_2_service_exist: true
when:
- zabbix_service_info.results[1].exists is defined
- zabbix_service_info.results[1].exists
- zabbix_service_info.results[1].display_name == zabbix2_win_svc_name
tags:
- always
- name: "Windows | Set fact about version change requirement"
ansible.builtin.set_fact:
zabbix_agent_version_change: true
when: >
(zabbix_agent_1_binary_exist | default(false) and
zabbix_win_exe_info.results[0].win_file_version.product_version is version(zabbix_version_long, '<>'))
or
(zabbix_agent_2_binary_exist | default(false) and
zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>'))
or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2)
or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2)
tags:
- always
##################
# delete section #
##################
- name: "Windows | Stop Zabbix agent v1"
ansible.windows.win_service:
name: "{{ zabbix_win_svc_name }}"
start_mode: auto
state: stopped
when:
- zabbix_agent_version_change | default(false) or zabbix_agent2
- zabbix_agent_1_service_exist | default(false)
- name: "Windows | Stop Zabbix agent v2"
ansible.windows.win_service:
name: "{{ zabbix2_win_svc_name }}"
start_mode: auto
state: stopped
when:
- zabbix_agent_version_change | default(false) or not zabbix_agent2
- zabbix_agent_2_service_exist | default(false)
- name: "Windows | Uninstall Zabbix v1"
ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --uninstall'
when:
- zabbix_agent_version_change | default(false) or zabbix_agent2
- zabbix_agent_1_service_exist | default(false)
- name: "Windows | Uninstall Zabbix v2"
ansible.windows.win_command: '"{{ zabbix2_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix2_win_config_name }}" --uninstall'
when:
- zabbix_agent_version_change | default(false) or not zabbix_agent2
- zabbix_agent_2_service_exist | default(false)
- name: "Windows | Removing Zabbix Directory"
ansible.windows.win_file:
path: "{{ zabbix_win_install_dir }}"
state: absent
when:
((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or
((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false))
###################
# install section #
###################
- name: "Windows | Create directory structure"
ansible.windows.win_file:
path: "{{ item }}"
state: directory
with_items:
- "{{ zabbix_win_install_dir }}"
tags:
- install
- name: "Windows | Create directory structure, includes"
ansible.windows.win_file:
path: "{{ item }}"
state: directory
with_items:
- "{{ zabbix_agent_win_include }}"
when:
- ('.conf' not in zabbix_agent_win_include)
tags:
- install
- name: "Windows | Set installation settings (agent 2)"
ansible.builtin.set_fact:
zabbix_win_package: "{{ zabbix2_win_package }}"
zabbix_win_download_link: "{{ zabbix2_win_download_link }}"
zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}"
zabbix_win_config_name: "{{ zabbix2_win_config_name }}"
zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}"
when: zabbix_agent2 | bool
tags:
- install
- name: "Windows | Check if agent file is already downloaded"
ansible.windows.win_stat:
path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
register: file_info
tags:
- install
- name: "Windows | Check if agent binaries in place"
ansible.windows.win_stat:
path: "{{ zabbix_win_exe_path }}"
register: zabbix_windows_binaries
tags:
- install
- name: "Windows | Download Zabbix Agent Zip file"
ansible.windows.win_get_url:
url: "{{ zabbix_win_download_link }}"
dest: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
url_username: "{{ zabbix_download_user | default(omit) }}"
url_password: "{{ zabbix_download_pass | default(omit) }}"
force: false
follow_redirects: all
proxy_url: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
validate_certs: "{{ zabbix_download_validate_certs | default(False) | bool }}"
timeout: "{{ zabbix_download_timeout | default(120) | int }}"
when:
- not file_info.stat.exists
- not zabbix_windows_binaries.stat.exists
register: zabbix_agent_win_download_zip
until: zabbix_agent_win_download_zip is succeeded
throttle: "{{ zabbix_download_throttle | default(5) | int }}"
tags:
- install
- name: "Windows | Unzip file"
community.windows.win_unzip:
src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
dest: "{{ zabbix_win_install_dir }}"
creates: "{{ zabbix_win_exe_path }}"
tags:
- install
- name: "Windows | Cleanup downloaded Zabbix Agent Zip file"
ansible.windows.win_file:
path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
state: absent
when:
- zabbix_agent_win_download_zip.changed
tags:
- install
- name: "Windows | Copy binary files to expected location"
ansible.windows.win_copy:
src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}"
dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}"
remote_src: yes
loop:
- zabbix_agentd.exe
- zabbix_sender.exe
when:
- zabbix_win_install_dir_bin is defined
- not (zabbix_agent2 | bool)
tags:
- install
- name: "Windows | Copy binary files to expected location (zabbix-agent2)"
ansible.windows.win_copy:
src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}"
dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}"
remote_src: yes
loop:
- zabbix_agent2.exe
when:
- zabbix_win_install_dir_bin is defined
- zabbix_agent2 | bool
tags:
- install
- set_fact:
zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe"
when:
- zabbix_win_install_dir_bin is defined
- not (zabbix_agent2 | bool)
tags:
- install
- set_fact:
zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe"
when:
- zabbix_win_install_dir_bin is defined
- zabbix_agent2 | bool
tags:
- install
- name: "Create directory for PSK file if not exist."
ansible.windows.win_file:
path: "{{ zabbix_agent_tlspskfile | win_dirname }}"
state: directory
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspskfile
- not (zabbix_agent2 | bool)
tags:
- config
- name: "Create directory for PSK file if not exist (zabbix-agent2)"
ansible.windows.win_file:
path: "{{ zabbix_agent2_tlspskfile | win_dirname }}"
state: directory
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspskfile
- zabbix_agent2 | bool
tags:
- config
- name: "Place TLS PSK File"
ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspskfile
- zabbix_agent_tlspsk_secret is defined
- not (zabbix_agent2 | bool)
notify:
- restart win zabbix agent
tags:
- config
- name: "Place TLS PSK File (zabbix-agent2)"
ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspskfile
- zabbix_agent2_tlspsk_secret is defined
- zabbix_agent2 | bool
notify:
- restart win zabbix agent
tags:
- config
- name: "Windows | Check if windows service exist"
ansible.windows.win_service:
name: "{{ zabbix_win_svc_name }}"
register: zabbix_windows_service
tags:
- service
- name: "Windows | Register Service"
ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install'
when: not zabbix_windows_service.exists
tags:
- service

56
ansible/zabbix_agent/roles/zabbix-agent/tasks/Windows_conf.yml Normal file
View File

@@ -0,0 +1,56 @@
---
- name: "Set default ip address for zabbix_agent_ip"
ansible.builtin.set_fact:
zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}"
when:
- zabbix_agent_ip is not defined
- "'ansible_ip_addresses' in hostvars[inventory_hostname]"
tags:
- config
- name: "Windows | Configure zabbix-agent"
ansible.windows.win_template:
src: "{{ zabbix_win_config_name }}.j2"
dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}"
notify: restart win zabbix agent
tags:
- config
- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery"
ansible.windows.win_service:
name: "{{ zabbix_win_svc_name }}"
start_mode: auto
state: started
failure_actions:
- type: restart
delay_ms: 5000
- type: restart
delay_ms: 10000
- type: restart
delay_ms: 20000
failure_reset_period_sec: 86400
tags:
- config
- name: "Windows | Check firewall service"
ansible.windows.win_service_info:
name: MpsSvc
register: firewall_info
when: zabbix_win_firewall_management
tags:
- config
- name: "Windows | Firewall rule"
community.windows.win_firewall_rule:
name: "{{ zabbix_win_svc_name }}"
localport: "{{ zabbix_agent_listenport }}"
action: allow
direction: in
protocol: tcp
state: present
enabled: true
when:
- zabbix_win_firewall_management
- firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto'
tags:
- config

70
ansible/zabbix_agent/roles/zabbix-agent/tasks/XCP-ng.yml Normal file
View File

@@ -0,0 +1,70 @@
---
# Tasks specific for RedHat systems
- name: "RedHat | Install basic repo file"
ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
notify:
- "clean repo files from proxy creds"
tags:
- install
- name: Check if warn parameter can be used for shell module
ansible.builtin.set_fact:
produce_warn: False
when: ansible_version.full is version("2.14", "<")
tags:
- always
- name: "RedHat | Installing zabbix-agent"
ansible.builtin.package:
pkg:
- "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
tags:
- install
- name: "RedHat | Installing zabbix-{sender,get}"
ansible.builtin.package:
pkg:
- "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
when:
- not zabbix_agent_install_agent_only
become: true
tags:
- install
- name: "RedHat | Enable the service"
ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
enabled: true
use: service
become: true
tags:
- service

96
ansible/zabbix_agent/roles/zabbix-agent/tasks/api.yml Normal file
View File

@@ -0,0 +1,96 @@
---
- name: "API | Create host groups"
community.zabbix.zabbix_group:
host_group: "{{ zabbix_host_groups }}"
state: "{{ zabbix_agent_hostgroups_state }}"
when:
- zabbix_api_create_hostgroup | bool
register: zabbix_api_hostgroup_created
until: zabbix_api_hostgroup_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
tags:
- api
- name: "API | Create a new host or update an existing host's info"
community.zabbix.zabbix_host:
host_name: "{{ zabbix_agent_hostname }}"
host_groups: "{{ zabbix_host_groups }}"
link_templates: "{{ zabbix_agent_link_templates }}"
status: "{{ zabbix_host_status }}"
state: "{{ zabbix_agent_host_state }}"
force: "{{ zabbix_agent_host_update }}"
proxy: "{{ zabbix_agent_proxy }}"
inventory_mode: "{{ zabbix_agent_inventory_mode }}"
interfaces: "{{ zabbix_agent_interfaces }}"
visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent_hostname) }}"
tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}"
tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}"
tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}"
tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}"
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}"
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}"
description: "{{ zabbix_agent_description | default(omit) }}"
inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}"
ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}"
ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}"
tags: "{{ zabbix_agent_tags }}"
when:
- not zabbix_agent2
register: zabbix_api_host_created
until: zabbix_api_host_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
changed_when: false
tags:
- api
- name: "API | Create a new host using agent2 or update an existing host's info"
community.zabbix.zabbix_host:
host_name: "{{ zabbix_agent2_hostname }}"
host_groups: "{{ zabbix_host_groups }}"
link_templates: "{{ zabbix_agent_link_templates }}"
status: "{{ zabbix_host_status }}"
state: "{{ zabbix_agent_host_state }}"
force: "{{ zabbix_agent_host_update }}"
proxy: "{{ zabbix_agent_proxy }}"
inventory_mode: "{{ zabbix_agent_inventory_mode }}"
interfaces: "{{ zabbix_agent_interfaces }}"
visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent2_hostname) }}"
tls_psk: "{{ zabbix_agent2_tlspsk_secret | default(omit) }}"
tls_psk_identity: "{{ zabbix_agent2_tlspskidentity | default(omit) }}"
tls_issuer: "{{ zabbix_agent2_tlsservercertissuer | default(omit) }}"
tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}"
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}"
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}"
description: "{{ zabbix_agent_description | default(omit) }}"
inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}"
ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}"
ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}"
tags: "{{ zabbix_agent_tags }}"
when:
- zabbix_agent2 | bool
register: zabbix_api_host_created
until: zabbix_api_host_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
changed_when: false
tags:
- api
- name: "API | Updating host configuration with macros"
community.zabbix.zabbix_hostmacro:
host_name: "{{ (zabbix_agent2 | bool) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname) }}"
macro_name: "{{ item.macro_key }}"
macro_value: "{{ item.macro_value }}"
macro_type: "{{ item.macro_type|default('text') }}"
with_items: "{{ zabbix_agent_macros | default([]) }}"
when:
- zabbix_agent_macros is defined
- item.macro_key is defined
register: zabbix_api_hostmarcro_created
until: zabbix_api_hostmarcro_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
tags:
- api

22
ansible/zabbix_agent/roles/zabbix-agent/tasks/macOS.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# Tasks specific for macOS
- name: "macOS | Check installed package version"
ansible.builtin.shell: |
set -o pipefail
pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2
register: pkgutil_version
check_mode: false
changed_when: false
failed_when: pkgutil_version.rc == 2
- name: "macOS | Download the Zabbix package"
ansible.builtin.get_url:
url: "{{ zabbix_mac_download_link }}"
dest: "/tmp/{{ zabbix_mac_package }}"
mode: 0644
when: pkgutil_version.stdout != zabbix_version_long
- name: "macOS | Install the Zabbix package"
ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target /
become: true
when: pkgutil_version.stdout != zabbix_version_long

94
ansible/zabbix_agent/roles/zabbix-agent/tasks/main.yml Normal file
View File

@@ -0,0 +1,94 @@
---
# tasks file for zabbix_agent
- name: "Include OS-specific variables"
ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
tags:
- always
- name: Determine Latest Supported Zabbix Version
ansible.builtin.set_fact:
zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}"
when: zabbix_agent_version is not defined or zabbix_agent_version is none
tags:
- always
- name: Set More Variables
ansible.builtin.set_fact:
zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}"
tags:
- always
- name: Stopping Install of Invalid Version
ansible.builtin.fail:
msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
when: not zabbix_valid_version
tags:
- always
- name: Setting Zabbix API Server Port
ansible.builtin.set_fact:
zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}"
when: zabbix_api_server_port is undefined
- name: "Set variables specific for Zabbix Agent 2"
ansible.builtin.set_fact:
zabbix_agent_service: zabbix-agent2
zabbix_agent_package: zabbix-agent2
when:
- zabbix_agent2 is defined
- zabbix_agent2
tags:
- always
- name: "Install the correct repository"
ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
when:
- not (zabbix_agent_docker | bool)
- name: "Encrypt with TLS PSK auto management"
ansible.builtin.include_tasks: tlspsk_auto.yml
when:
- not zabbix_agent2
- zabbix_agent_tlspsk_auto | bool
- (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0')
- (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0')
- name: "Encrypt with TLS PSK auto management"
ansible.builtin.include_tasks: tlspsk_auto_agent2.yml
when:
- zabbix_agent2 | bool
- zabbix_agent2_tlspsk_auto | bool
- (zabbix_agent2_tlspskfile is undefined) or (zabbix_agent2_tlspskfile | length == '0')
- (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0')
- name: "Configure Agent"
ansible.builtin.include_tasks: Windows_conf.yml
when:
- ansible_os_family == "Windows"
- name: "Configure Agent"
ansible.builtin.include_tasks: Linux.yml
when:
- (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool)
- name: "Run the API calls to Zabbix Server"
vars:
gather_facts: false
ansible_user: "{{ zabbix_api_login_user }}"
ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}"
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
# Can't think of a way to make http_login_* vars be undefined -(
http_login_user: "{{ zabbix_api_http_user | default(-42) }}"
http_login_password: "{{ zabbix_api_http_password | default(-42) }}"
ansible.builtin.include_tasks: api.yml
when:
- (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool)
tags:
- api
- name: "Including userparameters"
ansible.builtin.include_tasks: "userparameter.yml"
when: zabbix_agent_userparameters|length > 0
tags:
- config

25
ansible/zabbix_agent/roles/zabbix-agent/tasks/remove.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- name: Pull service facts
ansible.builtin.service_facts:
- name: 'Remove | Make sure the "old" zabbix-agent service stopped'
ansible.builtin.service:
name: "zabbix-agent"
state: stopped
enabled: false
become: true
when: |
ansible_facts.services["zabbix-agent.service"] is defined or
ansible_facts.services["zabbix-agent"] is defined
- name: "Remove | Package removal"
ansible.builtin.package:
name: "zabbix-agent"
state: absent
become: true
- name: "Remove | Remove the agent-include-dir"
ansible.builtin.file:
path: "{{ zabbix_agent_include }}"
state: absent
become: true

110
ansible/zabbix_agent/roles/zabbix-agent/tasks/selinux.yml Normal file
View File

@@ -0,0 +1,110 @@
---
- name: "SELinux | Debian | Install policycoreutils-python"
ansible.builtin.apt:
pkg: policycoreutils-python-utils
state: present
update_cache: true
cache_valid_time: 0
force_apt_get: "{{ zabbix_apt_force_apt_get }}"
install_recommends: "{{ zabbix_apt_install_recommends }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_policycoreutils_installed
until: zabbix_agent_package_installed is succeeded
become: true
when:
- ansible_os_family == "Debian"
tags:
- install
- name: "SELinux | RedHat | Install policycoreutils-python"
ansible.builtin.package:
name: policycoreutils-python
state: installed
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_policycoreutils_installed
until: zabbix_agent_policycoreutils_installed is succeeded
when:
- ansible_os_family == "RedHat"
- (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7")
become: true
tags:
- install
- name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8"
ansible.builtin.package:
name: python3-policycoreutils
state: installed
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_policycoreutils_installed
until: zabbix_agent_policycoreutils_installed is succeeded
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
become: true
tags:
- install
- name: "SELinux | RedHat | Install selinux-policy-targeted"
ansible.builtin.package:
name: selinux-policy-targeted
state: installed
register: zabbix_agent_selinuxpolicytargeted_installed
until: zabbix_agent_selinuxpolicytargeted_installed is succeeded
when:
- ansible_os_family == "RedHat"
become: true
tags:
- install
# straight to getenforce binary , workaround for missing python_selinux library
- name: "SELinux | Get getenforce binary"
ansible.builtin.stat:
path: /usr/sbin/getenforce
register: getenforce_bin
become: true
tags:
- always
- name: "SELinux | Collect getenforce output"
ansible.builtin.command: /usr/sbin/getenforce
register: sestatus
when: "getenforce_bin.stat.exists"
changed_when: false
become: true
check_mode: false
tags:
- always
- name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive"
ansible.builtin.set_fact:
zabbix_selinux: "{{ true }}"
when:
- 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)'
tags:
- always
- name: "SELinux | Allow zabbix_agent to start (SELinux)"
community.general.selinux_permissive:
name: zabbix_agent_t
permissive: true
become: true
tags:
- config
- name: "SELinux | Allow zabbix to run sudo commands (SELinux)"
ansible.posix.seboolean:
name: zabbix_run_sudo
persistent: true
state: true
become: true
when:
- ansible_selinux.status == "enabled"
- selinux_allow_zabbix_run_sudo|bool
tags:
- config

14
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- ansible.builtin.include_tasks: tlspsk_auto_linux.yml
when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
- ansible.builtin.include_tasks: tlspsk_auto_windows.yml
when: ansible_os_family == "Windows"
- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
ansible.builtin.set_fact:
zabbix_agent_tlsaccept: psk
zabbix_agent_tlsconnect: psk
when: zabbix_api_create_hosts
tags:
- config

14
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- include_tasks: tlspsk_auto_agent2_linux.yml
when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
- include_tasks: tlspsk_auto_agent2_windows.yml
when: ansible_os_family == "Windows"
- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
ansible.builtin.set_fact:
zabbix_agent2_tlsaccept: psk
zabbix_agent2_tlsconnect: psk
when: zabbix_api_create_hosts
tags:
- config

53
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml Normal file
View File

@@ -0,0 +1,53 @@
---
# Process PSK Secret
- name: AutoPSK | Save existing TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}"
when: zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Use existing TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}"
when:
- zabbix_agent2_tlspskcheck.stat.exists
- zabbix_agent2_tlspsk_read|length >= 32
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Generate new TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
when:
- not zabbix_agent2_tlspskcheck.stat.exists
- (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32)
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
# Process PSK Identity
- name: AutoPSK | Use existing TLS PSK identity
ansible.builtin.set_fact:
zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}"
when:
- zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Generate new TLS PSK identity
ansible.builtin.set_fact:
zabbix_agent2_tlspskidentity: >-
{{
zabbix_agent_visible_hostname
| default(((zabbix_agent2 == True) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname)))
+ '_'
+ lookup('password', '/dev/null chars=hexdigits length=4')
}}
when: not zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config

80
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml Normal file
View File

@@ -0,0 +1,80 @@
---
- name: AutoPSK | Set default path variables (Linux)
ansible.builtin.set_fact:
zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
tags:
- config
- name: AutoPSK | Check for existing TLS PSK file (Linux)
ansible.builtin.stat:
path: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspskcheck
become: true
tags:
- config
- name: AutoPSK | Check for existing TLS PSK identity (Linux)
ansible.builtin.stat:
path: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_check
become: true
tags:
- config
- name: AutoPSK | read existing TLS PSK file (Linux)
ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspsk_base64
become: true
when:
- zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Read existing TLS PSK identity file (Linux)
ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_base64
become: true
when: zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- include_tasks: tlspsk_auto_agent2_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Linux)
ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskidentity_file }}"
content: "{{ zabbix_agent2_tlspskidentity }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent2_tlspskidentity_file is defined
- zabbix_agent2_tlspskidentity is defined
notify:
- restart zabbix-agent
- restart mac zabbix agent
tags:
- config
- name: AutoPSK | Template TLS PSK secret in file (Linux)
ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspsk_secret is defined
notify:
- restart zabbix-agent
- restart mac zabbix agent
tags:
- config

66
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml Normal file
View File

@@ -0,0 +1,66 @@
---
- name: AutoPSK | Set default path variables for Windows
ansible.builtin.set_fact:
zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
tags:
- config
- name: AutoPSK | Check for existing TLS PSK file (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspskcheck
tags:
- config
- name: AutoPSK | Check for existing TLS PSK identity (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_check
tags:
- config
- name: AutoPSK | read existing TLS PSK file (Windows)
ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspsk_base64
when:
- zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Read existing TLS PSK identity file (Windows)
ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_base64
when: zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml
- name: Windows | AutoPSK | Template TLS PSK identity in file (Windows)
ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskidentity_file }}"
content: "{{ zabbix_agent2_tlspskidentity }}"
when:
- zabbix_agent2_tlspskidentity_file is defined
- zabbix_agent2_tlspskidentity is defined
notify:
- restart win zabbix agent
tags:
- config
- name: AutoPSK | Template TLS PSK secret in file (Windows)
ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspsk_secret is defined
notify:
- restart win zabbix agent
tags:
- config

52
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_common.yml Normal file
View File

@@ -0,0 +1,52 @@
---
# Process PSK Secret
- name: AutoPSK | Save existing TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}"
when: zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Use existing TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}"
when:
- zabbix_agent_tlspskcheck.stat.exists
- zabbix_agent_tlspsk_read|length >= 32
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Generate new TLS PSK secret
ansible.builtin.set_fact:
zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
when:
- (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32)
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
# Process PSK Identity
- name: AutoPSK | Use existing TLS PSK identity
ansible.builtin.set_fact:
zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}"
when:
- zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Generate new TLS PSK identity
ansible.builtin.set_fact:
zabbix_agent_tlspskidentity: >-
{{
zabbix_agent_visible_hostname
| default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname)))
+ '_'
+ lookup('password', '/dev/null chars=hexdigits length=4')
}}
when: not zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config

80
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_linux.yml Normal file
View File

@@ -0,0 +1,80 @@
---
- name: AutoPSK | Set default path variables (Linux)
ansible.builtin.set_fact:
zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
tags:
- config
- name: AutoPSK | Check for existing TLS PSK file (Linux)
ansible.builtin.stat:
path: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspskcheck
become: true
tags:
- config
- name: AutoPSK | Check for existing TLS PSK identity (Linux)
ansible.builtin.stat:
path: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_check
become: true
tags:
- config
- name: AutoPSK | read existing TLS PSK file (Linux)
ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspsk_base64
become: true
when:
- zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Read existing TLS PSK identity file (Linux)
ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_base64
become: true
when: zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- include_tasks: tlspsk_auto_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Linux)
ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskidentity_file }}"
content: "{{ zabbix_agent_tlspskidentity }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent_tlspskidentity_file is defined
- zabbix_agent_tlspskidentity is defined
notify:
- restart zabbix-agent
- restart mac zabbix agent
tags:
- config
- name: AutoPSK | Template TLS PSK secret in file (Linux)
ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
owner: zabbix
group: zabbix
mode: 0400
become: true
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspsk_secret is defined
notify:
- restart zabbix-agent
- restart mac zabbix agent
tags:
- config

67
ansible/zabbix_agent/roles/zabbix-agent/tasks/tlspsk_auto_windows.yml Normal file
View File

@@ -0,0 +1,67 @@
---
- name: AutoPSK | Set default path variables for Windows
ansible.builtin.set_fact:
zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
tags:
- config
- name: AutoPSK | Check for existing TLS PSK file (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspskcheck
tags:
- config
- name: AutoPSK | Check for existing TLS PSK identity (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_check
tags:
- config
- name: AutoPSK | read existing TLS PSK file (Windows)
ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspsk_base64
when:
- zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- name: AutoPSK | Read existing TLS PSK identity file (Windows)
ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_base64
when: zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
tags:
- config
- include_tasks: tlspsk_auto_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Windows)
ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskidentity_file }}"
content: "{{ zabbix_agent_tlspskidentity }}"
when:
- zabbix_agent_tlspskidentity_file is defined
- zabbix_agent_tlspskidentity is defined
notify:
- restart win zabbix agent
tags:
- config
- name: AutoPSK | Template TLS PSK secret in file (Windows)
ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspsk_secret is defined
- ansible_os_family == "Windows"
notify:
- restart win zabbix agent
tags:
- config

87
ansible/zabbix_agent/roles/zabbix-agent/tasks/userparameter.yml Normal file
View File

@@ -0,0 +1,87 @@
---
- block:
- name: "Windows | Installing user-defined userparameters"
ansible.windows.win_template:
src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf'
notify:
- restart win zabbix agent
with_items: "{{ zabbix_agent_userparameters }}"
- name: "Windows | Installing user-defined scripts"
ansible.windows.win_copy:
src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
dest: '{{ zabbix_win_install_dir }}\scripts\'
notify:
- restart win zabbix agent
with_items: "{{ zabbix_agent_userparameters }}"
when: item.scripts_dir is defined
when: ansible_os_family == "Windows"
tags:
- config
- block:
- name: "Installing user-defined userparameters"
ansible.builtin.template:
src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf"
owner: zabbix
group: zabbix
mode: 0644
notify:
- restart zabbix-agent
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
- name: "Installing user-defined scripts"
ansible.builtin.copy:
src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
dest: "/etc/zabbix/scripts/"
owner: zabbix
group: zabbix
mode: 0755
notify:
- restart zabbix-agent
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
when: item.scripts_dir is defined
when:
- ansible_os_family != "Windows"
- not zabbix_agent2
tags:
- config
- block:
- name: "Installing user-defined userparameters"
ansible.builtin.template:
src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf"
owner: zabbix
group: zabbix
mode: 0644
notify:
- restart zabbix-agent
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
- name: "Installing user-defined scripts"
ansible.builtin.copy:
src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
dest: "/etc/zabbix/scripts/"
owner: zabbix
group: zabbix
mode: 0755
notify:
- restart zabbix-agent
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
when: item.scripts_dir is defined
when:
- ansible_os_family != "Windows"
- zabbix_agent2
tags:
- config