ansible add

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+stdout_callback = debug

inventory

@@ -0,0 +1,7 @@
+[server]
+10.10.43.210
+10.10.43.211
+10.10.43.212
+
+[all:children]
+server

roles/zabbix-agent/defaults/main.yml

@@ -0,0 +1,292 @@
+---
+# defaults file for zabbix_agent
+
+zabbix_agent2: false
+# zabbix_agent_version: 6.4
+zabbix_agent_version_minor: "*"
+zabbix_version_patch: 0
+zabbix_agent_package_remove: false
+zabbix_agent_package: zabbix-agent
+zabbix_sender_package: zabbix-sender
+zabbix_get_package: zabbix-get
+zabbix_agent_package_state: present
+zabbix_agent_server:
+zabbix_agent_serveractive:
+zabbix_agent2_server: "{{ zabbix_agent_server }}"
+zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive }}"
+zabbix_selinux: false
+zabbix_agent_apt_priority:
+zabbix_agent_conf_mode: "0644"
+zabbix_agent_dont_detect_ip: false
+zabbix_agent_allow_key: []
+zabbix_agent_deny_key: []
+zabbix_agent2_allow_key: "{{ zabbix_agent_allow_key }}"
+zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}"
+
+# Selinux related vars
+selinux_allow_zabbix_run_sudo: false
+
+zabbix_agent_install_agent_only: false
+zabbix_agent_packages:
+  - "{{ zabbix_agent_package }}"
+  - "{{ zabbix_sender_package }}"
+  - "{{ zabbix_get_package }}"
+
+# Zabbix role related vars
+zabbix_apt_force_apt_get: true
+zabbix_apt_install_recommends: false
+
+# Override Ansible specific facts
+zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}"
+zabbix_agent_distribution_release: "{{ ansible_distribution_release }}"
+zabbix_repo_yum_gpgcheck: 0
+zabbix_repo_yum_schema: https
+zabbix_agent_disable_repo:
+  - epel
+zabbix_repo_yum:
+  - name: zabbix
+    description: Zabbix Official Repository - $basearch
+    baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/"
+    mode: "0644"
+    gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
+    gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
+    state: present
+  - name: zabbix-non-supported
+    description: Zabbix Official Repository non-supported - $basearch
+    baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/"
+    mode: "0644"
+    gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
+    gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
+    state: present
+  - name: zabbix-agent2-plugins
+    description: Zabbix Official Repository (Agent2 Plugins) - $basearch
+    baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/"
+    mode: "0644"
+    gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
+    gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
+    state: present
+
+zabbix_repo_deb_component: main
+
+# Zabbix API stuff
+zabbix_api_server_host: localhost
+# zabbix_api_server_port: 80
+zabbix_api_login_user: Admin
+zabbix_api_use_ssl: false
+zabbix_api_login_pass: !unsafe zabbix
+zabbix_api_validate_certs: false
+ansible_httpapi_pass: "{{ zabbix_api_login_pass }}"
+ansible_httpapi_port: "{{ zabbix_api_server_port }}"
+ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}"
+zabbix_api_timeout: 30
+zabbix_api_create_hostgroup: false
+zabbix_api_create_hosts: false
+zabbix_agent_hostgroups_state: present # or absent
+zabbix_agent_host_state: present # or absent
+zabbix_agent_host_update: true
+zabbix_host_status: enabled # or disabled
+zabbix_agent_proxy: null
+zabbix_agent_inventory_mode: disabled
+zabbix_useuip: 1
+zabbix_host_groups:
+  - Linux servers
+zabbix_agent_link_templates:
+  - Template Linux by Zabbix agent
+
+zabbix_agent_interfaces:
+  - type: 1
+    main: 1
+    useip: "{{ zabbix_useuip }}"
+    ip: "{{ zabbix_agent_ip }}"
+    dns: "{{ ansible_fqdn }}"
+    port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}"
+
+# Zabbix configuration variables
+zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid
+zabbix_agent_logtype: file
+zabbix_agent_logfile: /var/log/zabbix/zabbix_agentd.log
+zabbix_agent_logfilesize: 100
+zabbix_agent_debuglevel: 3
+zabbix_agent_sourceip:
+zabbix_agent_enableremotecommands: 0
+zabbix_agent_allowkeys:
+zabbix_agent_denykeys:
+zabbix_agent_logremotecommands: 0
+zabbix_agent_listenport: 10050
+zabbix_agent_jmx_listenport:
+zabbix_agent_listeninterface:
+zabbix_agent_listenip:
+zabbix_agent_startagents: 3
+zabbix_agent_hostname: "{{ inventory_hostname }}"
+zabbix_agent_hostnameitem:
+zabbix_agent_hostmetadata:
+zabbix_agent_hostmetadataitem:
+zabbix_agent_refreshactivechecks: 120
+zabbix_agent_buffersend: 5
+zabbix_agent_buffersize: 100
+zabbix_agent_maxlinespersecond: 100
+zabbix_agent_allowroot: 0
+zabbix_agent_zabbix_alias:
+zabbix_agent_timeout: 3
+zabbix_agent_include: /etc/zabbix/zabbix_agentd.d
+zabbix_agent_include_pattern:
+zabbix_agent_include_mode: "0750"
+zabbix_agent_unsafeuserparameters: 0
+zabbix_agent_userparameters: []
+zabbix_agent_userparameters_templates_src: "userparameters"
+zabbix_agent_userparameters_scripts_src: "scripts"
+zabbix_agent_custom_scripts: false
+zabbix_agent_loadmodulepath: ${libdir}/modules
+zabbix_agent_loadmodule:
+zabbix_agent_become_on_localhost: true
+zabbix_agent_description:
+zabbix_agent_inventory_zabbix: {}
+zabbix_agent_heartbeatfrequency: 60
+zabbix_agent_macros: []
+zabbix_agent_tags: []
+zabbix_agent_chassis: false
+
+# TLS settings
+zabbix_agent_tlsconnect:
+zabbix_agent_tlsaccept:
+zabbix_agent_tlscafile:
+zabbix_agent_tlscrlfile:
+zabbix_agent_tlsservercertissuer:
+zabbix_agent_tlsservercertsubject:
+zabbix_agent_tls_subject: "{{ zabbix_agent_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
+zabbix_agent_tlscertfile:
+zabbix_agent_tlskeyfile:
+zabbix_agent_tlspskidentity:
+zabbix_agent_tlspsk_auto: false
+
+zabbix_agent_tls_config:
+  unencrypted: "1"
+  psk: "2"
+  cert: "4"
+
+# IPMI settings
+zabbix_agent_ipmi_authtype: 2
+zabbix_agent_ipmi_password:
+zabbix_agent_ipmi_privilege: 2
+zabbix_agent_ipmi_username:
+
+# Zabbix Agent2
+zabbix_agent2_pidfile: /var/run/zabbix/zabbix_agent2.pid
+zabbix_agent2_logfile: /var/log/zabbix/zabbix_agent2.log
+zabbix_agent2_logtype: file
+zabbix_agent2_statusport: 9999
+zabbix_agent2_include: /etc/zabbix/zabbix_agent2.d
+zabbix_agent2_include_pattern:
+zabbix_agent2_logfilesize: 100
+zabbix_agent2_debuglevel: 3
+zabbix_agent2_sourceip:
+zabbix_agent2_listenport: 10050
+zabbix_agent2_listenip:
+zabbix_agent2_hostname: "{{ inventory_hostname }}"
+zabbix_agent2_hostnameitem:
+zabbix_agent2_hostmetadata:
+zabbix_agent2_hostmetadataitem:
+zabbix_agent2_hostinterface:
+zabbix_agent2_hostinterfaceitem:
+zabbix_agent2_enablepersistentbuffer: 0
+zabbix_agent2_persistentbufferperiod: 1h
+zabbix_agent2_persistentbufferfile:
+zabbix_agent2_refreshactivechecks: 120
+zabbix_agent2_buffersend: 5
+zabbix_agent2_buffersize: 100
+zabbix_agent2_zabbix_alias:
+zabbix_agent2_timeout: 3
+zabbix_agent2_include_mode: "0750"
+zabbix_agent2_unsafeuserparameters: 0
+zabbix_agent2_controlsocket: /tmp/agent.sock
+zabbix_agent2_plugins: []
+
+# Zabbix Agent2 TLS settings
+zabbix_agent2_tlsconnect:
+zabbix_agent2_tlsaccept:
+zabbix_agent2_tlscafile:
+zabbix_agent2_tlscrlfile:
+zabbix_agent2_tlsservercertissuer:
+zabbix_agent2_tlsservercertsubject:
+zabbix_agent2_tls_subject: "{{ zabbix_agent2_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
+zabbix_agent2_tlscertfile:
+zabbix_agent2_tlskeyfile:
+zabbix_agent2_tlspskidentity:
+zabbix_agent2_tlspsk_auto: false
+
+# Windows/macOS Related
+zabbix_version_long: 5.2.4
+
+# Windows Related
+zabbix_win_package: zabbix_agent-{{ zabbix_version_long }}-windows-amd64-openssl.zip
+zabbix2_win_package: zabbix_agent2-{{ zabbix_version_long }}-windows-amd64-openssl-static.zip
+zabbix_win_download_url: https://cdn.zabbix.com/zabbix/binaries/stable
+zabbix_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix_win_package }}"
+zabbix2_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix2_win_package }}"
+zabbix_win_install_dir: 'C:\Zabbix'
+zabbix_win_install_dir_conf: '{{ zabbix_win_install_dir }}\\conf'
+zabbix_win_install_dir_bin: '{{ zabbix_win_install_dir }}\\bin'
+zabbix_agent_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agentd.log"
+zabbix_agent_win_include: "{{ zabbix_win_install_dir }}\\zabbix_agent.d\\"
+zabbix_agent2_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agent2.log"
+zabbix_agent_win_svc_recovery: true
+zabbix_win_firewall_management: true
+
+# macOS Related
+zabbix_mac_package: zabbix_agent-{{ zabbix_version_long }}-macos-amd64-openssl.pkg
+zabbix_mac_download_url: https://cdn.zabbix.com/zabbix/binaries/stable
+zabbix_mac_download_link: "{{ zabbix_mac_download_url }}/{{ zabbix_agent_version }}/{{ zabbix_version_long }}/{{ zabbix_mac_package }}"
+
+# Zabbix Agent Docker facts
+zabbix_agent_docker: false
+zabbix_agent_docker_state: started
+zabbix_agent_docker_name: zabbix-agent
+zabbix_agent_docker_image: "zabbix/zabbix-agent"
+zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_agent_version }}.{{ zabbix_version_patch }}"
+zabbix_agent_docker_user_gid: 101
+zabbix_agent_docker_user_uid: 101
+zabbix_agent_docker_network_mode: host
+zabbix_agent_docker_restart_policy: unless-stopped
+zabbix_agent_docker_privileged: false
+zabbix_agent_docker_ports:
+  - 10050:10050
+zabbix_agent_docker_security_opts:
+  - apparmor:unconfined
+zabbix_agent_docker_volumes:
+  - /etc/zabbix/zabbix_agentd.d:{{ zabbix_agent_include }}
+  - /:/hostfs:ro
+  - /etc:/hostfs/etc:ro
+  - /proc:/hostfs/proc:ro
+  - /sys:/hostfs/sys:ro
+  - /var/run:/var/run
+zabbix_agent_docker_env:
+  ZBX_HOSTNAME: "{{ zabbix_agent_hostname }}"
+  ZBX_SERVER_HOST: "{{ zabbix_agent_server }}"
+  ZBX_PASSIVE_ALLOW: "{{ zabbix_agent_serverpassive_allow | default(omit) }}"
+  ZBX_PASSIVESERVERS: "{{ zabbix_agent_serverpassive | default(omit) }}"
+  ZBX_ACTIVE_ALLOW: "{{ zabbix_agent_serveractive_allow | default(omit) }}"
+  ZBX_LOADMODULE: "{{ zabbix_agent_loadmodule | default(omit) }}"
+  ZBX_DEBUGLEVEL: "{{ zabbix_agent_debuglevel }}"
+  ZBX_TIMEOUT: "{{ zabbix_agent_timeout }}"
+  ZBX_SOURCEIP: "{{ zabbix_agent_sourceip | default(omit) }}"
+  ZBX_ENABLEREMOTECOMMANDS: "{{ zabbix_agent_enableremotecommands | default(omit) }}"
+  ZBX_LOGREMOTECOMMANDS: "{{ zabbix_agent_logremotecommands | default(omit) }}"
+  ZBX_STARTAGENTS: "{{ zabbix_agent_startagents | default(omit) }}"
+  ZBX_HOSTNAMEITEM: "{{ zabbix_agent_hostnameitem | default(omit) }}"
+  ZBX_METADATA: "{{ zabbix_agent_hostmetadata | default(omit) }}"
+  ZBX_METADATAITEM: "{{ zabbix_agent_hostmetadataitem | default(omit) }}"
+  ZBX_REFRESHACTIVECHECKS: "{{ zabbix_agent_refreshactivechecks | default(omit) }}"
+  ZBX_BUFFERSEND: "{{ zabbix_agent_buffersend | default(omit) }}"
+  ZBX_BUFFERSIZE: "{{ zabbix_agent_buffersize | default(omit) }}"
+  ZBX_MAXLINESPERSECOND: "{{ zabbix_agent_maxlinespersecond | default(omit) }}"
+  ZBX_LISTENIP: "{{ zabbix_agent_listenip }}"
+  ZBX_UNSAFEUSERPARAMETERS: "{{ zabbix_agent_unsafeuserparameters | default(omit) }}"
+  ZBX_TLSCONNECT: "{{ zabbix_agent_tlsconnect | default(omit) }}"
+  ZBX_TLSACCEPT: "{{ zabbix_agent_tlsaccept | default(omit) }}"
+  ZBX_TLSCAFILE: "{{ zabbix_agent_tlscafile | default(omit) }}"
+  ZBX_TLSCRLFILE: "{{ zabbix_agent_tlscrlfile | default(omit) }}"
+  ZBX_TLSSERVERCERTISSUER: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}"
+  ZBX_TLSSERVERCERTSUBJECT: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}"
+  ZBX_TLSCERTFILE: "{{ zabbix_agent_tlscertfile | default(omit) }}"
+  ZBX_TLSKEYFILE: "{{ zabbix_agent_tlskeyfile | default(omit) }}"
+  ZBX_TLSPSKIDENTITY: "{{ zabbix_agent_tlspskidentity | default(omit) }}"

roles/zabbix-agent/files/sample.conf

@@ -0,0 +1,3 @@
+# This is an sample userparameters file.
+
+UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive

roles/zabbix-agent/handlers/main.yml

@@ -0,0 +1,40 @@
+---
+# handlers file for zabbix-agent
+
+- name: restart zabbix-agent
+  ansible.builtin.service:
+    name: "{{ zabbix_agent_service }}"
+    state: restarted
+    enabled: true
+  become: true
+  when:
+    - not zabbix_agent_docker
+    - ansible_os_family != "Windows" and ansible_os_family != "Darwin"
+
+- name: firewalld-reload
+  ansible.builtin.command: "firewall-cmd --reload"
+  become: true
+  when:
+    - ansible_facts.services["firewalld"] is defined
+    - ansible_facts.services["firewalld"].state == "running"
+
+- name: restart win zabbix agent
+  win_service:
+    name: "{{ zabbix_win_svc_name }}"
+    state: restarted
+  when:
+    - ansible_os_family == "Windows"
+
+- name: restart mac zabbix agent
+  ansible.builtin.command: "launchctl kickstart -k system/{{ zabbix_agent_service }}"
+  become: true
+  when:
+    - not zabbix_agent_docker
+    - ansible_os_family == "Darwin"
+
+- name: "clean repo files from proxy creds"
+  ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+  become: true
+  when:
+    - ansible_os_family == 'RedHat'
+    - zabbix_http_proxy is defined or zabbix_https_proxy is defined

roles/zabbix-agent/meta/main.yml

@@ -0,0 +1,42 @@
+---
+galaxy_info:
+  author: Werner Dijkerman
+  description: Installing and maintaining zabbix-agent for RedHat/Debian/Ubuntu/Windows/Suse.
+  company: myCompany.Dotcom
+  license: MIT
+  min_ansible_version: 2.7
+  platforms:
+    - name: EL
+      versions:
+        - 5
+        - 6
+        - 7
+    - name: Ubuntu
+      versions:
+        - lucid
+        - precise
+        - trusty
+        - xenial
+        - bionic
+    - name: Debian
+      versions:
+        - squeeze
+        - wheezy
+        - jessie
+        - stretch
+        - buster
+    - name: opensuse
+      versions:
+        - 12.1
+        - 12.2
+        - 12.3
+        - 13.1
+        - 13.2
+    - name: Windows
+      versions:
+        - all
+
+  galaxy_tags:
+    - zabbix
+    - monitoring
+dependencies: []

roles/zabbix-agent/molecule/with-server/Dockerfile.j2

@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi

roles/zabbix-agent/molecule/with-server/INSTALL.rst

@@ -0,0 +1,26 @@
+********************************
+Docker driver installation guide
+********************************
+
+Requirements
+============
+
+* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
+* Docker Engine
+* docker-py
+* docker
+
+Install
+=======
+
+Ansible < 2.6
+
+.. code-block:: bash
+
+    $ sudo pip install docker-py
+
+Ansible >= 2.6
+
+.. code-block:: bash
+
+    $ sudo pip install docker

roles/zabbix-agent/molecule/with-server/molecule.yml

@@ -0,0 +1,73 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: zabbix-server-centos
+    image: milcom/centos7-systemd:latest
+    groups:
+      - zabbix_server
+      - mysql
+    privileged: true
+    networks:
+      - name: zabbix
+    published_ports:
+      - "80:80"
+  - name: zabbix-agent-centos
+    image: milcom/centos7-systemd:latest
+    groups:
+      - zabbix_agent
+    privileged: true
+    networks:
+      - name: zabbix
+  - name: zabbix-agent-debian
+    image: minimum2scp/systemd-stretch:latest
+    command: /sbin/init
+    groups:
+      - zabbix_agent
+    privileged: true
+    networks:
+      - name: zabbix
+  - name: zabbix-agent-ubuntu
+    image: solita/ubuntu-systemd:bionic
+    groups:
+      - zabbix_agent
+    privileged: true
+    networks:
+      - name: zabbix
+
+provisioner:
+  name: ansible
+  playbooks:
+    docker:
+      create: ../default/create.yml
+      destroy: ../default/destroy.yml
+  inventory:
+    group_vars:
+      all:
+        zabbix_api_create_hosts: true
+        zabbix_api_create_hostgroup: true
+        zabbix_api_server_url: http://zabbix-server-centos
+        zabbix_apache_servername: zabbix-server-centos
+      mysql:
+        zabbix_server_database: mysql
+        zabbix_server_database_long: mysql
+        zabbix_server_dbport: 3306
+        database_type: mysql
+        database_type_long: mysql
+    host_vars:
+      zabbix-agent-fedora:
+        ansible_python_interpreter: /usr/bin/python3
+      zabbix-agent-ubuntu:
+        zabbix_agent_tlsaccept: psk
+        zabbix_agent_tlsconnect: psk
+        zabbix_agent_tlspskidentity: "myhost PSK"
+        zabbix_agent_tlspsk_secret: b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d
+        zabbix_agent_tlspskfile: /etc/zabbix/zabbix_agent_pskfile.psk
+
+scenario:
+  name: with-server
+
+verifier:
+  name: testinfra

roles/zabbix-agent/molecule/with-server/playbook.yml

@@ -0,0 +1,24 @@
+---
+- name: Converge
+  hosts: all:!zabbix_server
+  pre_tasks:
+    - name: "Get IP Server"
+      ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
+      register: ip_address
+      delegate_to: zabbix-server-centos
+      changed_when: false
+      tags:
+        - skip_ansible_lint
+
+    - name: "Get IP hosts"
+      ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
+      register: ip_address_host
+      changed_when: false
+      tags:
+        - skip_ansible_lint
+
+  roles:
+    - role: zabbix_agent
+      zabbix_agent_ip: "{{ ip_address_host.stdout }}"
+      zabbix_agent_server: "{{ ip_address.stdout }}"
+      zabbix_agent_serveractive: "{{ ip_address.stdout }}"

roles/zabbix-agent/molecule/with-server/prepare.yml

@@ -0,0 +1,114 @@
+---
+- name: Prepare
+  hosts: zabbix_server
+  pre_tasks:
+    - name: "Installing EPEL"
+      ansible.builtin.yum:
+        name:
+          - epel-release
+        state: present
+      when: ansible_distribution == 'CentOS'
+
+    - name: "Installing packages"
+      ansible.builtin.yum:
+        name:
+          - net-tools
+          - which
+          - libselinux-python
+          - python-pip
+        state: present
+      register: installation_dependencies
+      when: ansible_distribution == 'CentOS'
+
+    - name: "Installing which on NON-CentOS"
+      ansible.builtin.apt:
+        name:
+          - net-tools
+          - python-pip
+          - curl
+        state: present
+      when: ansible_distribution != 'CentOS'
+
+    - name: "Configure SUDO."
+      ansible.builtin.lineinfile:
+        dest: /etc/sudoers
+        line: "Defaults    !requiretty"
+        state: present
+
+    - name: "Make sure the docs are installed."
+      ansible.builtin.lineinfile:
+        dest: /etc/yum.conf
+        line: "tsflags=nodocs"
+        state: absent
+
+    - name: "Installing some python dependencies"
+      ansible.builtin.pip:
+        name: py-zabbix
+        state: present
+
+  roles:
+    - role: geerlingguy.mysql
+    - role: zabbix_server
+    - role: zabbix_web
+
+- name: Prepare
+  hosts: all:!zabbix_server:!docker
+  tasks:
+    - name: "Installing packages on CentOS family"
+      ansible.builtin.yum:
+        name:
+          - net-tools
+          - which
+        state: present
+      when:
+        - ansible_os_family == 'RedHat'
+
+    - name: "Installing packages on Debian family"
+      ansible.builtin.apt:
+        name:
+          - net-tools
+        state: present
+      when:
+        - ansible_os_family == 'Debian'
+
+- name: Converge
+  hosts: docker
+  tasks:
+    - name: "Download Docker CE repo file"
+      ansible.builtin.get_url:
+        url: https://download.docker.com/linux/centos/docker-ce.repo
+        dest: /etc/yum.repos.d/docker-ce.repo
+        mode: 0644
+      register: zabbix_agent_prepare_docker_repo
+      until: zabbix_agent_prepare_docker_repo is succeeded
+
+    - name: "Installing Epel"
+      ansible.builtin.package:
+        pkg:
+          - epel-release
+        state: present
+      register: zabbix_agent_prepare_docker_install
+      until: zabbix_agent_prepare_docker_install is succeeded
+
+    - name: "Installing Docker"
+      ansible.builtin.package:
+        pkg:
+          - docker-ce
+          - python-pip
+          - python-setuptools
+        state: present
+      register: zabbix_agent_prepare_docker_install
+      until: zabbix_agent_prepare_docker_install is succeeded
+
+    - name: "Installing Docker Python"
+      ansible.builtin.pip:
+        name:
+          - docker
+        state: present
+      register: zabbix_agent_prepare_docker_install
+      until: zabbix_agent_prepare_docker_install is succeeded
+
+    - name: "Starting Docker service"
+      ansible.builtin.service:
+        name: docker
+        state: started

roles/zabbix-agent/molecule/with-server/requirements.yml

@@ -0,0 +1,5 @@
+---
+- src: geerlingguy.apache
+- src: geerlingguy.mysql
+- src: dj-wasabi.zabbix-server
+- src: dj-wasabi.zabbix-web

roles/zabbix-agent/molecule/with-server/tests/test_agent.py

@@ -0,0 +1,44 @@
+import os
+from zabbix_api import ZabbixAPI
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_agent')
+
+
+def authenticate():
+    zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php')
+    zapi.login("Admin", "zabbix")
+    return zapi
+
+
+def test_psk_host(host):
+    zapi = authenticate()
+    hostname = host.check_output('hostname -s')
+    host_name = "zabbix-agent-ubuntu"
+
+    server_data = zapi.host.get({'output': 'extend', 'selectInventory': 'extend', 'filter': {'host': [hostname]}})
+
+    if hostname == host_name:
+        assert server_data[0]['tls_psk'] == "b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d"
+        assert server_data[0]['tls_psk_identity'] == "myhost PSK"
+        assert server_data[0]['tls_accept'] == "2"
+    else:
+        assert server_data[0]['tls_psk'] == ""
+        assert server_data[0]['tls_psk_identity'] == ""
+        assert server_data[0]['tls_accept'] == "1"
+
+
+def test_zabbix_agent_psk(host):
+    hostname = host.check_output('hostname -s')
+    host_name = "zabbix-agent-ubuntu"
+
+    psk_file = host.file("/etc/zabbix/zabbix_agent_pskfile.psk")
+    if hostname == host_name:
+        assert psk_file.user == "zabbix"
+        assert psk_file.group == "zabbix"
+        assert psk_file.mode == 0o400
+        assert psk_file.contains("b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d")
+    else:
+        assert not psk_file.exists

roles/zabbix-agent/molecule/with-server/tests/test_default.py

@@ -0,0 +1,41 @@
+import os
+from zabbix_api import ZabbixAPI
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_server')
+
+
+def authenticate():
+    zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php')
+    zapi.login("Admin", "zabbix")
+    return zapi
+
+
+def get_hosts():
+    return [
+        "zabbix-agent-debian",
+        "zabbix-agent-ubuntu",
+        "zabbix-agent-centos",
+        "zabbix-agent-docker-centos"
+    ]
+
+
+def test_hosts():
+    zapi = authenticate()
+    hosts = get_hosts()
+    servers = zapi.host.get({'output': ["hostid", "name"]})
+
+    for server in servers:
+        if server['name'] != 'Zabbix server':
+            assert server['name'] in hosts
+
+
+def test_hosts_status():
+    zapi = authenticate()
+    servers = zapi.host.get({'output': ["status", "name"]})
+
+    for server in servers:
+        if server['name'] != 'Zabbix server':
+            assert int(server['status']) == 0

roles/zabbix-agent/tasks/Debian.yml

@@ -0,0 +1,151 @@
+---
+# Tasks specific for Debian/Ubuntu Systems
+
+- name: "Debian | Set some variables"
+  ansible.builtin.set_fact:
+    zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}"
+    zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}"
+  tags:
+    - always
+
+- name: "Debian | Repo URL"
+  ansible.builtin.set_fact:
+    zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}{{ '-arm64' if ansible_machine == 'aarch64' else ''}}"
+  when:
+    - zabbix_repo_deb_url is undefined
+  tags:
+    - always
+
+- name: "Debian | Installing gnupg"
+  ansible.builtin.apt:
+    pkg: gnupg
+    update_cache: true
+    cache_valid_time: 3600
+    force: true
+    state: present
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: gnupg_installed
+  until: gnupg_installed is succeeded
+  become: true
+  tags:
+    - install
+
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+  ansible.builtin.file:
+    path: /etc/apt/keyrings/
+    state: directory
+    mode: "0755"
+  become: true
+  when:
+    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+      (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
+
+- name: "Debian | Download gpg key"
+  ansible.builtin.get_url:
+    url: http://repo.zabbix.com/zabbix-official-repo.key
+    dest: "{{ zabbix_gpg_key }}"
+    mode: "0644"
+    force: true
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  become: true
+  tags:
+    - install
+
+- name: "Debian | Installing repository {{ ansible_distribution }}"
+  ansible.builtin.copy:
+    dest: /etc/apt/sources.list.d/zabbix.sources
+    owner: root
+    group: root
+    mode: 0644
+    content: |
+      Types: deb deb-src
+      Enabled: yes
+      URIs: {{ zabbix_repo_deb_url }}
+      Suites: {{ ansible_distribution_release }}
+      Components: {{ zabbix_repo_deb_component }}
+      Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+      Signed-By: {{ zabbix_gpg_key }}
+  become: true
+  tags:
+    - install
+
+- name: "Debian | Create /etc/apt/preferences.d/"
+  ansible.builtin.file:
+    path: /etc/apt/preferences.d/
+    state: directory
+    mode: "0755"
+  when:
+    - zabbix_agent_apt_priority | int
+  become: true
+  tags:
+    - install
+
+- name: "Debian | Configuring the weight for APT"
+  ansible.builtin.copy:
+    dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}"
+    content: |
+      Package: {{ zabbix_agent_package }}
+      Pin: origin repo.zabbix.com
+      Pin-Priority: {{ zabbix_agent_apt_priority | int }}
+    owner: root
+    mode: "0644"
+  when:
+    - zabbix_agent_apt_priority | int
+  become: true
+  tags:
+    - install
+
+- name: "Debian | Installing zabbix-agent"
+  ansible.builtin.apt:
+    pkg: "{{ zabbix_agent_package }}"
+    state: "{{ zabbix_agent_package_state }}"
+    update_cache: true
+    cache_valid_time: 0
+    force_apt_get: "{{ zabbix_apt_force_apt_get }}"
+    install_recommends: "{{ zabbix_apt_install_recommends }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_package_installed
+  until: zabbix_agent_package_installed is succeeded
+  become: true
+  tags:
+    - install
+
+- name: "Debian | Installing zabbix-{sender,get}"
+  ansible.builtin.apt:
+    pkg:
+      - "{{ zabbix_sender_package }}"
+      - "{{ zabbix_get_package }}"
+    state: "{{ zabbix_agent_package_state }}"
+    update_cache: true
+    cache_valid_time: 0
+    force_apt_get: "{{ zabbix_apt_force_apt_get }}"
+    install_recommends: "{{ zabbix_apt_install_recommends }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  when:
+    - not zabbix_agent_install_agent_only
+  register: zabbix_agent_package_installed
+  until: zabbix_agent_package_installed is succeeded
+  become: true
+  check_mode: false
+  tags:
+    - install
+
+- name: "Debian | Enable the service"
+  ansible.builtin.service:
+    name: "{{ zabbix_agent_service }}"
+    enabled: true
+    use: service
+  become: true
+  tags:
+    - service

roles/zabbix-agent/tasks/Docker.yml

@@ -0,0 +1,32 @@
+---
+- name: "Create volume mount string"
+  ansible.builtin.set_fact:
+    volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile"
+    tls_key:
+      ZBX_TLSPSKFILE: tlspskfile
+  when:
+    - zabbix_agent_tlspskfile is defined
+
+- name: "Add zabbix_agent_tlspskfile to volume mount"
+  ansible.builtin.set_fact:
+    zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}"
+    zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}"
+  when:
+    - zabbix_agent_tlspskfile is defined
+
+- name: "Ensure Zabbix Docker container is running"
+  community.docker.docker_container:
+    name: "{{ zabbix_agent_docker_name }}"
+    image: "{{ zabbix_agent_docker_image }}:{{ zabbix_agent_docker_image_tag }}"
+    state: "{{ zabbix_agent_docker_state }}"
+    restart_policy: "{{ zabbix_agent_docker_restart_policy }}"
+    network_mode: "{{ zabbix_agent_docker_network_mode }}"
+    published_ports: "{{ zabbix_agent_docker_ports }}"
+    privileged: "{{ zabbix_agent_docker_privileged }}"
+    security_opts: "{{ zabbix_agent_docker_security_opts }}"
+    volumes: "{{ zabbix_agent_docker_volumes }}"
+    env: "{{ zabbix_agent_docker_env }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  become: true

roles/zabbix-agent/tasks/Linux.yml

@@ -0,0 +1,239 @@
+---
+- name: "Set default ip address for zabbix_agent_ip"
+  ansible.builtin.set_fact:
+    zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}"
+  when:
+    - zabbix_agent_ip is not defined
+    - "'ansible_default_ipv4' in hostvars[inventory_hostname]"
+  tags:
+    - config
+
+- name: "Get Total Private IP Addresses"
+  ansible.builtin.set_fact:
+    total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}"
+  when:
+    - ansible_all_ipv4_addresses is defined
+    - not (zabbix_agent_dont_detect_ip)
+  tags:
+    - config
+
+- name: "Set first public ip address for zabbix_agent_ip"
+  ansible.builtin.set_fact:
+    zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}"
+    zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}"
+    zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}"
+    zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}"
+    zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}"
+  when:
+    - zabbix_agent_ip is not defined
+    - total_private_ip_addresses is defined
+    - total_private_ip_addresses == '0'
+  tags:
+    - config
+
+- name: "Set first private ip address for zabbix_agent_ip"
+  ansible.builtin.set_fact:
+    zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}"
+  when:
+    - zabbix_agent_ip is not defined
+    - total_private_ip_addresses is defined
+    - total_private_ip_addresses != '0'
+  tags:
+    - config
+
+- name: "Fail invalid specified agent_listeninterface"
+  ansible.builtin.fail:
+    msg: "The specified network interface does not exist"
+  when:
+    - (zabbix_agent_listeninterface)
+    - (zabbix_agent_listeninterface not in ansible_interfaces)
+  tags:
+    - config
+
+- name: "Set network interface"
+  ansible.builtin.set_fact:
+    network_interface: ansible_{{ zabbix_agent_listeninterface }}
+  when:
+    - (zabbix_agent_listeninterface)
+    - not zabbix_agent_listenip
+  tags:
+    - config
+
+- name: "Get IP of agent_listeninterface when no agent_listenip specified"
+  ansible.builtin.set_fact:
+    zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}"
+  when:
+    - (zabbix_agent_listeninterface)
+    - not zabbix_agent_listenip
+  tags:
+    - config
+    - api
+
+- name: "Default agent_listenip to all when not specified"
+  ansible.builtin.set_fact:
+    zabbix_agent_listenip: "0.0.0.0"
+  when:
+    - not (zabbix_agent_listenip)
+  tags:
+    - config
+
+- name: "Fail invalid specified agent_listenip"
+  ansible.builtin.fail:
+    msg: "The agent_listenip does not exist"
+  when:
+    - zabbix_agent_listenip != '0.0.0.0'
+    - zabbix_agent_listenip != '127.0.0.1'
+    - (zabbix_agent_listenip not in ansible_all_ipv4_addresses)
+  tags:
+    - config
+
+- name: "Configure SELinux when enabled"
+  ansible.builtin.include_tasks: selinux.yml
+  when:
+    - zabbix_selinux | bool
+
+- name: "Adding zabbix group"
+  ansible.builtin.group:
+    name: zabbix
+    state: present
+    gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}"
+  become: true
+  when:
+    - zabbix_agent_docker | bool
+  tags:
+    - config
+
+- name: "Adding zabbix user"
+  ansible.builtin.user:
+    name: zabbix
+    group: zabbix
+    state: present
+    create_home: false
+    home: /etc/zabbix
+    uid: "{{ zabbix_agent_docker_user_uid | default(omit) }}"
+    system: true
+  become: true
+  when:
+    - zabbix_agent_docker | bool
+  tags:
+    - config
+
+- name: "Configure zabbix-agent"
+  ansible.builtin.template:
+    src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}"
+    dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}"
+    owner: root
+    group: root
+    mode: "{{ zabbix_agent_conf_mode }}"
+  notify:
+    - restart zabbix-agent
+  become: true
+  when:
+    - not (zabbix_agent_docker | bool)
+  tags:
+    - config
+
+- name: "Create directory for PSK file if not exist."
+  ansible.builtin.file:
+    path: "{{ zabbix_agent_tlspskfile | dirname }}"
+    mode: 0755
+    state: directory
+  become: true
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+    - not (zabbix_agent2 | bool)
+  tags:
+    - config
+
+- name: "Create directory for PSK file if not exist (zabbix-agent2)"
+  ansible.builtin.file:
+    path: "{{ zabbix_agent2_tlspskfile | dirname }}"
+    mode: 0755
+    state: directory
+  become: true
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+    - zabbix_agent2 | bool
+  tags:
+    - config
+
+- name: "Place TLS PSK File"
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent_tlspskfile }}"
+    content: "{{ zabbix_agent_tlspsk_secret }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+    - zabbix_agent_tlspsk_secret is defined
+    - not (zabbix_agent2 | bool)
+  notify:
+    - restart zabbix-agent
+  tags:
+    - config
+
+- name: "Place TLS PSK File (zabbix-agent2)"
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent2_tlspskfile }}"
+    content: "{{ zabbix_agent2_tlspsk_secret }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+    - zabbix_agent2_tlspsk_secret is defined
+    - zabbix_agent2 | bool
+  notify:
+    - restart zabbix-agent
+  tags:
+    - config
+
+- name: "Create include dir zabbix-agent"
+  ansible.builtin.file:
+    path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}"
+    owner: root
+    group: zabbix
+    mode: "{{ zabbix_agent_include_mode if not zabbix_agent2 else zabbix_agent2_include_mode }}"
+    state: directory
+  become: true
+  tags:
+    - config
+
+- name: "Install the Docker container"
+  ansible.builtin.include_tasks: Docker.yml
+  when:
+    - zabbix_agent_docker | bool
+
+- name: "Remove zabbix-agent installation when zabbix-agent2 is used."
+  ansible.builtin.include_tasks: remove.yml
+  when:
+    - zabbix_agent2 | bool
+    - zabbix_agent_package_remove
+
+- name: "Make sure the zabbix-agent service is running"
+  ansible.builtin.service:
+    name: "{{ zabbix_agent_service }}"
+    state: started
+    enabled: true
+  become: true
+  when:
+    - not (zabbix_agent_docker | bool)
+  tags:
+    - service
+
+- name: "Give zabbix-agent access to system.hw.chassis info"
+  ansible.builtin.file:
+    path: /sys/firmware/dmi/tables/DMI
+    owner: root
+    group: zabbix
+  become: true
+  when: zabbix_agent_chassis | bool
+  tags:
+    - config

roles/zabbix-agent/tasks/RedHat.yml

@@ -0,0 +1,70 @@
+---
+# Tasks specific for RedHat systems
+
+- name: "RedHat | Install basic repo file"
+  ansible.builtin.yum_repository:
+    name: "{{ item.name }}"
+    description: "{{ item.description }}"
+    baseurl: "{{ item.baseurl }}"
+    gpgcheck: "{{ item.gpgcheck }}"
+    gpgkey: "{{ item.gpgkey }}"
+    mode: "{{ item.mode | default('0644') }}"
+    priority: "{{ item.priority | default('99') }}"
+    state: "{{ item.state | default('present') }}"
+    proxy: "{{ zabbix_http_proxy | default(omit) }}"
+  with_items: "{{ zabbix_repo_yum }}"
+  register: yum_repo_installed
+  become: true
+  notify:
+    - "clean repo files from proxy creds"
+  tags:
+    - install
+
+- name: Check if warn parameter can be used for shell module
+  ansible.builtin.set_fact:
+    produce_warn: False
+  when: ansible_version.full is version("2.14", "<")
+  tags:
+    - always
+
+- name: "RedHat | Installing zabbix-agent"
+  ansible.builtin.package:
+    pkg:
+      - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
+    disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
+    state: "{{ zabbix_agent_package_state }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_package_installed
+  until: zabbix_agent_package_installed is succeeded
+  become: true
+  tags:
+    - install
+
+- name: "RedHat | Installing zabbix-{sender,get}"
+  ansible.builtin.package:
+    pkg:
+      - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
+      - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
+    disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
+    state: "{{ zabbix_agent_package_state }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_package_installed
+  until: zabbix_agent_package_installed is succeeded
+  when:
+    - not zabbix_agent_install_agent_only
+  become: true
+  tags:
+    - install
+
+- name: "RedHat | Enable the service"
+  ansible.builtin.service:
+    name: "{{ zabbix_agent_service }}"
+    enabled: true
+    use: service
+  become: true
+  tags:
+    - service

roles/zabbix-agent/tasks/Windows.yml

@@ -0,0 +1,352 @@
+---
+- name: "Windows | Set default architecture"
+  ansible.builtin.set_fact:
+    windows_arch: 32
+  tags:
+    - always
+
+- name: "Windows | Override architecture if 64-bit"
+  ansible.builtin.set_fact:
+    windows_arch: 64
+  when:
+    - ansible_architecture == "64-bit"
+  tags:
+    - always
+
+- name: "Windows | Set path to zabbix.exe"
+  ansible.builtin.set_fact:
+    zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe'
+  tags:
+    - always
+
+- name: "Windows | Set variables specific to Zabbix"
+  ansible.builtin.set_fact:
+    zabbix_win_svc_name: Zabbix Agent
+    zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe'
+    zabbix_win_config_name: "zabbix_agentd.conf"
+    zabbix2_win_svc_name: Zabbix Agent 2
+    zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe'
+    zabbix2_win_config_name: "zabbix_agent2.conf"
+  tags:
+    - always
+
+- name: "Windows | Check if Zabbix agent is present"
+  ansible.windows.win_stat:
+    path: "{{ item }}"
+  with_items:
+    - "{{ zabbix_win_exe_path }}"
+    - "{{ zabbix2_win_exe_path }}"
+  register: agent_file_info
+  tags:
+    - always
+
+- name: "Windows | Get Installed Zabbix Agent Version"
+  community.windows.win_file_version:
+    path: "{{ item.item }}"
+  register: zabbix_win_exe_info
+  when:
+    - item.stat.exists | bool
+  with_items: "{{ agent_file_info.results }}"
+  tags:
+    - always
+
+- name: "Windows | Set facts current zabbix agent installation"
+  ansible.builtin.set_fact:
+    zabbix_agent_1_binary_exist: true
+    zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version
+  when:
+    - zabbix_win_exe_info.results[0] is defined
+    - zabbix_win_exe_info.results[0].item.stat.exists
+    - zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path
+    - zabbix_win_exe_info.results[0].win_file_version.product_version
+  tags:
+    - always
+
+- name: "Windows | Set facts current zabbix agent installation (agent 2)"
+  ansible.builtin.set_fact:
+    zabbix_agent_2_binary_exist: true
+    zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version
+  when:
+    - zabbix_win_exe_info.results[1] is defined
+    - zabbix_win_exe_info.results[1].item.stat.exists
+    - zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path
+    - zabbix_win_exe_info.results[1].win_file_version.product_version
+  tags:
+    - always
+
+- name: "Windows | Check Zabbix service"
+  ansible.windows.win_service:
+    name: "{{ (item.item.stat.path == zabbix_win_exe_path ) | ternary(zabbix_win_svc_name,zabbix2_win_svc_name) }}"
+  register: zabbix_service_info
+  when: item.item.stat.exists
+  with_items: "{{ zabbix_win_exe_info.results }}"
+  tags:
+    - always
+
+- name: "Windows | Set facts about current zabbix agent service state"
+  ansible.builtin.set_fact:
+    zabbix_agent_1_service_exist: true
+  when:
+    - zabbix_service_info.results[0].exists is defined
+    - zabbix_service_info.results[0].exists
+    - zabbix_service_info.results[0].display_name == zabbix_win_svc_name
+  tags:
+    - always
+
+- name: "Windows | Set facts about current zabbix agent service state (agent 2)"
+  ansible.builtin.set_fact:
+    zabbix_agent_2_service_exist: true
+  when:
+    - zabbix_service_info.results[1].exists is defined
+    - zabbix_service_info.results[1].exists
+    - zabbix_service_info.results[1].display_name == zabbix2_win_svc_name
+  tags:
+    - always
+
+- name: "Windows | Set fact about version change requirement"
+  ansible.builtin.set_fact:
+    zabbix_agent_version_change: true
+  when: >
+    (zabbix_agent_1_binary_exist | default(false) and
+     zabbix_win_exe_info.results[0].win_file_version.product_version is version(zabbix_version_long, '<>'))
+    or
+    (zabbix_agent_2_binary_exist | default(false) and
+     zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>'))
+    or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2)
+    or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2)
+  tags:
+    - always
+
+##################
+# delete section #
+##################
+
+- name: "Windows | Stop Zabbix agent v1"
+  ansible.windows.win_service:
+    name: "{{ zabbix_win_svc_name }}"
+    start_mode: auto
+    state: stopped
+  when:
+    - zabbix_agent_version_change | default(false) or zabbix_agent2
+    - zabbix_agent_1_service_exist | default(false)
+
+- name: "Windows | Stop Zabbix agent v2"
+  ansible.windows.win_service:
+    name: "{{ zabbix2_win_svc_name }}"
+    start_mode: auto
+    state: stopped
+  when:
+    - zabbix_agent_version_change | default(false) or not zabbix_agent2
+    - zabbix_agent_2_service_exist | default(false)
+
+- name: "Windows | Uninstall Zabbix v1"
+  ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --uninstall'
+  when:
+    - zabbix_agent_version_change | default(false) or zabbix_agent2
+    - zabbix_agent_1_service_exist | default(false)
+
+- name: "Windows | Uninstall Zabbix v2"
+  ansible.windows.win_command: '"{{ zabbix2_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix2_win_config_name }}" --uninstall'
+  when:
+    - zabbix_agent_version_change | default(false) or not zabbix_agent2
+    - zabbix_agent_2_service_exist | default(false)
+
+- name: "Windows | Removing Zabbix Directory"
+  ansible.windows.win_file:
+    path: "{{ zabbix_win_install_dir }}"
+    state: absent
+  when:
+    ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or
+    ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false))
+
+###################
+# install section #
+###################
+
+- name: "Windows | Create directory structure"
+  ansible.windows.win_file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ zabbix_win_install_dir }}"
+  tags:
+    - install
+
+- name: "Windows | Create directory structure, includes"
+  ansible.windows.win_file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ zabbix_agent_win_include }}"
+  when:
+    - ('.conf' not in zabbix_agent_win_include)
+  tags:
+    - install
+
+- name: "Windows | Set installation settings (agent 2)"
+  ansible.builtin.set_fact:
+    zabbix_win_package: "{{ zabbix2_win_package }}"
+    zabbix_win_download_link: "{{ zabbix2_win_download_link }}"
+    zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}"
+    zabbix_win_config_name: "{{ zabbix2_win_config_name }}"
+    zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}"
+  when: zabbix_agent2 | bool
+  tags:
+    - install
+
+- name: "Windows | Check if agent file is already downloaded"
+  ansible.windows.win_stat:
+    path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
+  register: file_info
+  tags:
+    - install
+
+- name: "Windows | Check if agent binaries in place"
+  ansible.windows.win_stat:
+    path: "{{ zabbix_win_exe_path }}"
+  register: zabbix_windows_binaries
+  tags:
+    - install
+
+- name: "Windows | Download Zabbix Agent Zip file"
+  ansible.windows.win_get_url:
+    url: "{{ zabbix_win_download_link }}"
+    dest: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
+    url_username: "{{ zabbix_download_user | default(omit) }}"
+    url_password: "{{ zabbix_download_pass | default(omit) }}"
+    force: false
+    follow_redirects: all
+    proxy_url: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+    validate_certs: "{{ zabbix_download_validate_certs | default(False) | bool }}"
+    timeout: "{{ zabbix_download_timeout | default(120) | int }}"
+  when:
+    - not file_info.stat.exists
+    - not zabbix_windows_binaries.stat.exists
+  register: zabbix_agent_win_download_zip
+  until: zabbix_agent_win_download_zip is succeeded
+  throttle: "{{ zabbix_download_throttle | default(5) | int }}"
+  tags:
+    - install
+
+- name: "Windows | Unzip file"
+  community.windows.win_unzip:
+    src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
+    dest: "{{ zabbix_win_install_dir }}"
+    creates: "{{ zabbix_win_exe_path }}"
+  tags:
+    - install
+
+- name: "Windows | Cleanup downloaded Zabbix Agent Zip file"
+  ansible.windows.win_file:
+    path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
+    state: absent
+  when:
+    - zabbix_agent_win_download_zip.changed
+  tags:
+    - install
+
+- name: "Windows | Copy binary files to expected location"
+  ansible.windows.win_copy:
+    src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}"
+    dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}"
+    remote_src: yes
+  loop:
+    - zabbix_agentd.exe
+    - zabbix_sender.exe
+  when:
+    - zabbix_win_install_dir_bin is defined
+    - not (zabbix_agent2 | bool)
+  tags:
+    - install
+
+- name: "Windows | Copy binary files to expected location (zabbix-agent2)"
+  ansible.windows.win_copy:
+    src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}"
+    dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}"
+    remote_src: yes
+  loop:
+    - zabbix_agent2.exe
+  when:
+    - zabbix_win_install_dir_bin is defined
+    - zabbix_agent2 | bool
+  tags:
+    - install
+
+- set_fact:
+    zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe"
+  when:
+    - zabbix_win_install_dir_bin is defined
+    - not (zabbix_agent2 | bool)
+  tags:
+    - install
+
+- set_fact:
+    zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe"
+  when:
+    - zabbix_win_install_dir_bin is defined
+    - zabbix_agent2 | bool
+  tags:
+    - install
+
+- name: "Create directory for PSK file if not exist."
+  ansible.windows.win_file:
+    path: "{{ zabbix_agent_tlspskfile | win_dirname }}"
+    state: directory
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspskfile
+    - not (zabbix_agent2 | bool)
+  tags:
+    - config
+
+- name: "Create directory for PSK file if not exist (zabbix-agent2)"
+  ansible.windows.win_file:
+    path: "{{ zabbix_agent2_tlspskfile | win_dirname }}"
+    state: directory
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspskfile
+    - zabbix_agent2 | bool
+  tags:
+    - config
+
+- name: "Place TLS PSK File"
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent_tlspskfile }}"
+    content: "{{ zabbix_agent_tlspsk_secret }}"
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspskfile
+    - zabbix_agent_tlspsk_secret is defined
+    - not (zabbix_agent2 | bool)
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config
+
+- name: "Place TLS PSK File (zabbix-agent2)"
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent2_tlspskfile }}"
+    content: "{{ zabbix_agent2_tlspsk_secret }}"
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspskfile
+    - zabbix_agent2_tlspsk_secret is defined
+    - zabbix_agent2 | bool
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config
+
+- name: "Windows | Check if windows service exist"
+  ansible.windows.win_service:
+    name: "{{ zabbix_win_svc_name }}"
+  register: zabbix_windows_service
+  tags:
+    - service
+
+- name: "Windows | Register Service"
+  ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install'
+  when: not zabbix_windows_service.exists
+  tags:
+    - service

roles/zabbix-agent/tasks/Windows_conf.yml

@@ -0,0 +1,56 @@
+---
+- name: "Set default ip address for zabbix_agent_ip"
+  ansible.builtin.set_fact:
+    zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}"
+  when:
+    - zabbix_agent_ip is not defined
+    - "'ansible_ip_addresses' in hostvars[inventory_hostname]"
+  tags:
+    - config
+
+- name: "Windows | Configure zabbix-agent"
+  ansible.windows.win_template:
+    src: "{{ zabbix_win_config_name }}.j2"
+    dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}"
+  notify: restart win zabbix agent
+  tags:
+    - config
+
+- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery"
+  ansible.windows.win_service:
+    name: "{{ zabbix_win_svc_name }}"
+    start_mode: auto
+    state: started
+    failure_actions:
+      - type: restart
+        delay_ms: 5000
+      - type: restart
+        delay_ms: 10000
+      - type: restart
+        delay_ms: 20000
+    failure_reset_period_sec: 86400
+  tags:
+    - config
+
+- name: "Windows | Check firewall service"
+  ansible.windows.win_service_info:
+    name: MpsSvc
+  register: firewall_info
+  when: zabbix_win_firewall_management
+  tags:
+    - config
+
+- name: "Windows | Firewall rule"
+  community.windows.win_firewall_rule:
+    name: "{{ zabbix_win_svc_name }}"
+    localport: "{{ zabbix_agent_listenport }}"
+    action: allow
+    direction: in
+    protocol: tcp
+    state: present
+    enabled: true
+  when:
+    - zabbix_win_firewall_management
+    - firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto'
+  tags:
+    - config

roles/zabbix-agent/tasks/api.yml

@@ -0,0 +1,96 @@
+---
+- name: "API | Create host groups"
+  community.zabbix.zabbix_group:
+    host_group: "{{ zabbix_host_groups }}"
+    state: "{{ zabbix_agent_hostgroups_state }}"
+  when:
+    - zabbix_api_create_hostgroup | bool
+  register: zabbix_api_hostgroup_created
+  until: zabbix_api_hostgroup_created is succeeded
+  delegate_to: "{{ zabbix_api_server_host }}"
+  tags:
+    - api
+
+- name: "API | Create a new host or update an existing host's info"
+  community.zabbix.zabbix_host:
+    host_name: "{{ zabbix_agent_hostname }}"
+    host_groups: "{{ zabbix_host_groups }}"
+    link_templates: "{{ zabbix_agent_link_templates }}"
+    status: "{{ zabbix_host_status }}"
+    state: "{{ zabbix_agent_host_state }}"
+    force: "{{ zabbix_agent_host_update }}"
+    proxy: "{{ zabbix_agent_proxy }}"
+    inventory_mode: "{{ zabbix_agent_inventory_mode }}"
+    interfaces: "{{ zabbix_agent_interfaces }}"
+    visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent_hostname) }}"
+    tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}"
+    tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}"
+    tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}"
+    tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}"
+    tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}"
+    tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}"
+    description: "{{ zabbix_agent_description | default(omit) }}"
+    inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
+    ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
+    ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}"
+    ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}"
+    ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}"
+    tags: "{{ zabbix_agent_tags }}"
+  when:
+    - not zabbix_agent2
+  register: zabbix_api_host_created
+  until: zabbix_api_host_created is succeeded
+  delegate_to: "{{ zabbix_api_server_host }}"
+  changed_when: false
+  tags:
+    - api
+
+- name: "API | Create a new host using agent2 or update an existing host's info"
+  community.zabbix.zabbix_host:
+    host_name: "{{ zabbix_agent2_hostname }}"
+    host_groups: "{{ zabbix_host_groups }}"
+    link_templates: "{{ zabbix_agent_link_templates }}"
+    status: "{{ zabbix_host_status }}"
+    state: "{{ zabbix_agent_host_state }}"
+    force: "{{ zabbix_agent_host_update }}"
+    proxy: "{{ zabbix_agent_proxy }}"
+    inventory_mode: "{{ zabbix_agent_inventory_mode }}"
+    interfaces: "{{ zabbix_agent_interfaces }}"
+    visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent2_hostname) }}"
+    tls_psk: "{{ zabbix_agent2_tlspsk_secret | default(omit) }}"
+    tls_psk_identity: "{{ zabbix_agent2_tlspskidentity | default(omit) }}"
+    tls_issuer: "{{ zabbix_agent2_tlsservercertissuer | default(omit) }}"
+    tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}"
+    tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}"
+    tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}"
+    description: "{{ zabbix_agent_description | default(omit) }}"
+    inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
+    ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
+    ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}"
+    ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}"
+    ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}"
+    tags: "{{ zabbix_agent_tags }}"
+  when:
+    - zabbix_agent2 | bool
+  register: zabbix_api_host_created
+  until: zabbix_api_host_created is succeeded
+  delegate_to: "{{ zabbix_api_server_host }}"
+  changed_when: false
+  tags:
+    - api
+
+- name: "API | Updating host configuration with macros"
+  community.zabbix.zabbix_hostmacro:
+    host_name: "{{ (zabbix_agent2 | bool) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname) }}"
+    macro_name: "{{ item.macro_key }}"
+    macro_value: "{{ item.macro_value }}"
+    macro_type: "{{ item.macro_type|default('text') }}"
+  with_items: "{{ zabbix_agent_macros | default([]) }}"
+  when:
+    - zabbix_agent_macros is defined
+    - item.macro_key is defined
+  register: zabbix_api_hostmarcro_created
+  until: zabbix_api_hostmarcro_created is succeeded
+  delegate_to: "{{ zabbix_api_server_host }}"
+  tags:
+    - api

roles/zabbix-agent/tasks/macOS.yml

@@ -0,0 +1,22 @@
+---
+# Tasks specific for macOS
+- name: "macOS | Check installed package version"
+  ansible.builtin.shell: |
+    set -o pipefail
+    pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2
+  register: pkgutil_version
+  check_mode: false
+  changed_when: false
+  failed_when: pkgutil_version.rc == 2
+
+- name: "macOS | Download the Zabbix package"
+  ansible.builtin.get_url:
+    url: "{{ zabbix_mac_download_link }}"
+    dest: "/tmp/{{ zabbix_mac_package }}"
+    mode: 0644
+  when: pkgutil_version.stdout != zabbix_version_long
+
+- name: "macOS | Install the Zabbix package"
+  ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target /
+  become: true
+  when: pkgutil_version.stdout != zabbix_version_long

roles/zabbix-agent/tasks/main.yml

@@ -0,0 +1,94 @@
+---
+# tasks file for zabbix_agent
+- name: "Include OS-specific variables"
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+  tags:
+    - always
+
+- name: Determine Latest Supported Zabbix Version
+  ansible.builtin.set_fact:
+    zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}"
+  when: zabbix_agent_version is not defined or zabbix_agent_version is none
+  tags:
+    - always
+
+- name: Set More Variables
+  ansible.builtin.set_fact:
+    zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}"
+  tags:
+    - always
+
+- name: Stopping Install of Invalid Version
+  ansible.builtin.fail:
+    msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+  when: not zabbix_valid_version
+  tags:
+    - always
+
+- name: Setting Zabbix API Server Port
+  ansible.builtin.set_fact:
+    zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}"
+  when: zabbix_api_server_port is undefined
+
+- name: "Set variables specific for Zabbix Agent 2"
+  ansible.builtin.set_fact:
+    zabbix_agent_service: zabbix-agent2
+    zabbix_agent_package: zabbix-agent2
+  when:
+    - zabbix_agent2 is defined
+    - zabbix_agent2
+  tags:
+    - always
+
+- name: "Install the correct repository"
+  ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
+  when:
+    - not (zabbix_agent_docker | bool)
+
+- name: "Encrypt with TLS PSK auto management"
+  ansible.builtin.include_tasks: tlspsk_auto.yml
+  when:
+    - not zabbix_agent2
+    - zabbix_agent_tlspsk_auto | bool
+    - (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0')
+    - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0')
+
+- name: "Encrypt with TLS PSK auto management"
+  ansible.builtin.include_tasks: tlspsk_auto_agent2.yml
+  when:
+    - zabbix_agent2 | bool
+    - zabbix_agent2_tlspsk_auto | bool
+    - (zabbix_agent2_tlspskfile is undefined) or (zabbix_agent2_tlspskfile | length == '0')
+    - (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0')
+
+- name: "Configure Agent"
+  ansible.builtin.include_tasks: Windows_conf.yml
+  when:
+    - ansible_os_family == "Windows"
+
+- name: "Configure Agent"
+  ansible.builtin.include_tasks: Linux.yml
+  when:
+    - (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool)
+
+- name: "Run the API calls to Zabbix Server"
+  vars:
+    gather_facts: false
+    ansible_user: "{{ zabbix_api_login_user }}"
+    ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}"
+    ansible_network_os: community.zabbix.zabbix
+    ansible_connection: httpapi
+    # Can't think of a way to make http_login_* vars be undefined -(
+    http_login_user: "{{ zabbix_api_http_user | default(-42) }}"
+    http_login_password: "{{ zabbix_api_http_password | default(-42) }}"
+  ansible.builtin.include_tasks: api.yml
+  when:
+    - (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool)
+  tags:
+    - api
+
+- name: "Including userparameters"
+  ansible.builtin.include_tasks: "userparameter.yml"
+  when: zabbix_agent_userparameters|length > 0
+  tags:
+    - config

roles/zabbix-agent/tasks/remove.yml

@@ -0,0 +1,25 @@
+---
+- name: Pull service facts
+  ansible.builtin.service_facts:
+
+- name: 'Remove | Make sure the "old" zabbix-agent service stopped'
+  ansible.builtin.service:
+    name: "zabbix-agent"
+    state: stopped
+    enabled: false
+  become: true
+  when: |
+    ansible_facts.services["zabbix-agent.service"] is defined or
+    ansible_facts.services["zabbix-agent"] is defined
+
+- name: "Remove | Package removal"
+  ansible.builtin.package:
+    name: "zabbix-agent"
+    state: absent
+  become: true
+
+- name: "Remove | Remove the agent-include-dir"
+  ansible.builtin.file:
+    path: "{{ zabbix_agent_include }}"
+    state: absent
+  become: true

roles/zabbix-agent/tasks/selinux.yml

@@ -0,0 +1,110 @@
+---
+- name: "SELinux | Debian | Install policycoreutils-python"
+  ansible.builtin.apt:
+    pkg: policycoreutils-python-utils
+    state: present
+    update_cache: true
+    cache_valid_time: 0
+    force_apt_get: "{{ zabbix_apt_force_apt_get }}"
+    install_recommends: "{{ zabbix_apt_install_recommends }}"
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_policycoreutils_installed
+  until: zabbix_agent_package_installed is succeeded
+  become: true
+  when:
+    - ansible_os_family == "Debian"
+  tags:
+    - install
+
+- name: "SELinux | RedHat | Install policycoreutils-python"
+  ansible.builtin.package:
+    name: policycoreutils-python
+    state: installed
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_policycoreutils_installed
+  until: zabbix_agent_policycoreutils_installed is succeeded
+  when:
+    - ansible_os_family == "RedHat"
+    - (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7")
+  become: true
+  tags:
+    - install
+
+- name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8"
+  ansible.builtin.package:
+    name: python3-policycoreutils
+    state: installed
+  environment:
+    http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+    https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+  register: zabbix_agent_policycoreutils_installed
+  until: zabbix_agent_policycoreutils_installed is succeeded
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version == "8"
+  become: true
+  tags:
+    - install
+
+- name: "SELinux | RedHat | Install selinux-policy-targeted"
+  ansible.builtin.package:
+    name: selinux-policy-targeted
+    state: installed
+  register: zabbix_agent_selinuxpolicytargeted_installed
+  until: zabbix_agent_selinuxpolicytargeted_installed is succeeded
+  when:
+    - ansible_os_family == "RedHat"
+  become: true
+  tags:
+    - install
+
+# straight to getenforce binary , workaround for missing python_selinux library
+- name: "SELinux | Get getenforce binary"
+  ansible.builtin.stat:
+    path: /usr/sbin/getenforce
+  register: getenforce_bin
+  become: true
+  tags:
+    - always
+
+- name: "SELinux | Collect getenforce output"
+  ansible.builtin.command: /usr/sbin/getenforce
+  register: sestatus
+  when: "getenforce_bin.stat.exists"
+  changed_when: false
+  become: true
+  check_mode: false
+  tags:
+    - always
+
+- name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive"
+  ansible.builtin.set_fact:
+    zabbix_selinux: "{{ true }}"
+  when:
+    - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)'
+  tags:
+    - always
+
+- name: "SELinux | Allow zabbix_agent to start (SELinux)"
+  community.general.selinux_permissive:
+    name: zabbix_agent_t
+    permissive: true
+  become: true
+  tags:
+    - config
+
+- name: "SELinux | Allow zabbix to run sudo commands (SELinux)"
+  ansible.posix.seboolean:
+    name: zabbix_run_sudo
+    persistent: true
+    state: true
+  become: true
+  when:
+    - ansible_selinux.status == "enabled"
+    - selinux_allow_zabbix_run_sudo|bool
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto.yml

@@ -0,0 +1,14 @@
+---
+- ansible.builtin.include_tasks: tlspsk_auto_linux.yml
+  when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
+
+- ansible.builtin.include_tasks: tlspsk_auto_windows.yml
+  when: ansible_os_family == "Windows"
+
+- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
+  ansible.builtin.set_fact:
+    zabbix_agent_tlsaccept: psk
+    zabbix_agent_tlsconnect: psk
+  when: zabbix_api_create_hosts
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml

@@ -0,0 +1,14 @@
+---
+- include_tasks: tlspsk_auto_agent2_linux.yml
+  when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
+
+- include_tasks: tlspsk_auto_agent2_windows.yml
+  when: ansible_os_family == "Windows"
+
+- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlsaccept: psk
+    zabbix_agent2_tlsconnect: psk
+  when: zabbix_api_create_hosts
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml

@@ -0,0 +1,53 @@
+---
+# Process PSK Secret
+- name: AutoPSK | Save existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}"
+  when: zabbix_agent2_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Use existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}"
+  when:
+    - zabbix_agent2_tlspskcheck.stat.exists
+    - zabbix_agent2_tlspsk_read|length >= 32
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
+  when:
+    - not zabbix_agent2_tlspskcheck.stat.exists
+    - (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32)
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+# Process PSK Identity
+- name: AutoPSK | Use existing TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}"
+  when:
+    - zabbix_agent2_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspskidentity: >-
+      {{
+        zabbix_agent_visible_hostname
+        | default(((zabbix_agent2 == True) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname)))
+        + '_'
+        + lookup('password', '/dev/null chars=hexdigits length=4')
+      }}
+  when: not zabbix_agent2_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml

@@ -0,0 +1,80 @@
+---
+- name: AutoPSK | Set default path variables (Linux)
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
+    zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK file (Linux)
+  ansible.builtin.stat:
+    path: "{{ zabbix_agent2_tlspskfile }}"
+  register: zabbix_agent2_tlspskcheck
+  become: true
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK identity (Linux)
+  ansible.builtin.stat:
+    path: "{{ zabbix_agent2_tlspskidentity_file }}"
+  register: zabbix_agent2_tlspskidentity_check
+  become: true
+  tags:
+    - config
+
+- name: AutoPSK | read existing TLS PSK file (Linux)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent2_tlspskfile }}"
+  register: zabbix_agent2_tlspsk_base64
+  become: true
+  when:
+    - zabbix_agent2_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Read existing TLS PSK identity file (Linux)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent2_tlspskidentity_file }}"
+  register: zabbix_agent2_tlspskidentity_base64
+  become: true
+  when: zabbix_agent2_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- include_tasks: tlspsk_auto_agent2_common.yml
+
+- name: AutoPSK | Template TLS PSK identity in file (Linux)
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent2_tlspskidentity_file }}"
+    content: "{{ zabbix_agent2_tlspskidentity }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent2_tlspskidentity_file is defined
+    - zabbix_agent2_tlspskidentity is defined
+  notify:
+    - restart zabbix-agent
+    - restart mac zabbix agent
+  tags:
+    - config
+
+- name: AutoPSK | Template TLS PSK secret in file (Linux)
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent2_tlspskfile }}"
+    content: "{{ zabbix_agent2_tlspsk_secret }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspsk_secret is defined
+  notify:
+    - restart zabbix-agent
+    - restart mac zabbix agent
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml

@@ -0,0 +1,66 @@
+---
+- name: AutoPSK | Set default path variables for Windows
+  ansible.builtin.set_fact:
+    zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
+    zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK file (Windows)
+  ansible.windows.win_stat:
+    path: "{{ zabbix_agent2_tlspskfile }}"
+  register: zabbix_agent2_tlspskcheck
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK identity (Windows)
+  ansible.windows.win_stat:
+    path: "{{ zabbix_agent2_tlspskidentity_file }}"
+  register: zabbix_agent2_tlspskidentity_check
+  tags:
+    - config
+
+- name: AutoPSK | read existing TLS PSK file (Windows)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent2_tlspskfile }}"
+  register: zabbix_agent2_tlspsk_base64
+  when:
+    - zabbix_agent2_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Read existing TLS PSK identity file (Windows)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent2_tlspskidentity_file }}"
+  register: zabbix_agent2_tlspskidentity_base64
+  when: zabbix_agent2_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml
+
+- name: Windows | AutoPSK | Template TLS PSK identity in file (Windows)
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent2_tlspskidentity_file }}"
+    content: "{{ zabbix_agent2_tlspskidentity }}"
+  when:
+    - zabbix_agent2_tlspskidentity_file is defined
+    - zabbix_agent2_tlspskidentity is defined
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config
+
+- name: AutoPSK | Template TLS PSK secret in file (Windows)
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent2_tlspskfile }}"
+    content: "{{ zabbix_agent2_tlspsk_secret }}"
+  when:
+    - zabbix_agent2_tlspskfile is defined
+    - zabbix_agent2_tlspsk_secret is defined
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_common.yml

@@ -0,0 +1,52 @@
+---
+# Process PSK Secret
+- name: AutoPSK | Save existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}"
+  when: zabbix_agent_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Use existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}"
+  when:
+    - zabbix_agent_tlspskcheck.stat.exists
+    - zabbix_agent_tlspsk_read|length >= 32
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
+  when:
+    - (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32)
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+# Process PSK Identity
+- name: AutoPSK | Use existing TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}"
+  when:
+    - zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskidentity: >-
+      {{
+        zabbix_agent_visible_hostname
+        | default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname)))
+        + '_'
+        + lookup('password', '/dev/null chars=hexdigits length=4')
+      }}
+  when: not zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_linux.yml

@@ -0,0 +1,80 @@
+---
+- name: AutoPSK | Set default path variables (Linux)
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
+    zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK file (Linux)
+  ansible.builtin.stat:
+    path: "{{ zabbix_agent_tlspskfile }}"
+  register: zabbix_agent_tlspskcheck
+  become: true
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK identity (Linux)
+  ansible.builtin.stat:
+    path: "{{ zabbix_agent_tlspskidentity_file }}"
+  register: zabbix_agent_tlspskidentity_check
+  become: true
+  tags:
+    - config
+
+- name: AutoPSK | read existing TLS PSK file (Linux)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent_tlspskfile }}"
+  register: zabbix_agent_tlspsk_base64
+  become: true
+  when:
+    - zabbix_agent_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Read existing TLS PSK identity file (Linux)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent_tlspskidentity_file }}"
+  register: zabbix_agent_tlspskidentity_base64
+  become: true
+  when: zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- include_tasks: tlspsk_auto_common.yml
+
+- name: AutoPSK | Template TLS PSK identity in file (Linux)
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent_tlspskidentity_file }}"
+    content: "{{ zabbix_agent_tlspskidentity }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent_tlspskidentity_file is defined
+    - zabbix_agent_tlspskidentity is defined
+  notify:
+    - restart zabbix-agent
+    - restart mac zabbix agent
+  tags:
+    - config
+
+- name: AutoPSK | Template TLS PSK secret in file (Linux)
+  ansible.builtin.copy:
+    dest: "{{ zabbix_agent_tlspskfile }}"
+    content: "{{ zabbix_agent_tlspsk_secret }}"
+    owner: zabbix
+    group: zabbix
+    mode: 0400
+  become: true
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspsk_secret is defined
+  notify:
+    - restart zabbix-agent
+    - restart mac zabbix agent
+  tags:
+    - config

roles/zabbix-agent/tasks/tlspsk_auto_windows.yml

@@ -0,0 +1,67 @@
+---
+- name: AutoPSK | Set default path variables for Windows
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
+    zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK file (Windows)
+  ansible.windows.win_stat:
+    path: "{{ zabbix_agent_tlspskfile }}"
+  register: zabbix_agent_tlspskcheck
+  tags:
+    - config
+
+- name: AutoPSK | Check for existing TLS PSK identity (Windows)
+  ansible.windows.win_stat:
+    path: "{{ zabbix_agent_tlspskidentity_file }}"
+  register: zabbix_agent_tlspskidentity_check
+  tags:
+    - config
+
+- name: AutoPSK | read existing TLS PSK file (Windows)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent_tlspskfile }}"
+  register: zabbix_agent_tlspsk_base64
+  when:
+    - zabbix_agent_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Read existing TLS PSK identity file (Windows)
+  ansible.builtin.slurp:
+    src: "{{ zabbix_agent_tlspskidentity_file }}"
+  register: zabbix_agent_tlspskidentity_base64
+  when: zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- include_tasks: tlspsk_auto_common.yml
+
+- name: AutoPSK | Template TLS PSK identity in file (Windows)
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent_tlspskidentity_file }}"
+    content: "{{ zabbix_agent_tlspskidentity }}"
+  when:
+    - zabbix_agent_tlspskidentity_file is defined
+    - zabbix_agent_tlspskidentity is defined
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config
+
+- name: AutoPSK | Template TLS PSK secret in file (Windows)
+  ansible.windows.win_copy:
+    dest: "{{ zabbix_agent_tlspskfile }}"
+    content: "{{ zabbix_agent_tlspsk_secret }}"
+  when:
+    - zabbix_agent_tlspskfile is defined
+    - zabbix_agent_tlspsk_secret is defined
+    - ansible_os_family == "Windows"
+  notify:
+    - restart win zabbix agent
+  tags:
+    - config

roles/zabbix-agent/tasks/userparameter.yml

@@ -0,0 +1,87 @@
+---
+- block:
+    - name: "Windows | Installing user-defined userparameters"
+      ansible.windows.win_template:
+        src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+        dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf'
+      notify:
+        - restart win zabbix agent
+      with_items: "{{ zabbix_agent_userparameters }}"
+
+    - name: "Windows | Installing user-defined scripts"
+      ansible.windows.win_copy:
+        src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+        dest: '{{ zabbix_win_install_dir }}\scripts\'
+      notify:
+        - restart win zabbix agent
+      with_items: "{{ zabbix_agent_userparameters }}"
+      when: item.scripts_dir is defined
+  when: ansible_os_family == "Windows"
+  tags:
+    - config
+
+- block:
+    - name: "Installing user-defined userparameters"
+      ansible.builtin.template:
+        src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+        dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf"
+        owner: zabbix
+        group: zabbix
+        mode: 0644
+      notify:
+        - restart zabbix-agent
+        - restart mac zabbix agent
+      become: true
+      with_items: "{{ zabbix_agent_userparameters }}"
+
+    - name: "Installing user-defined scripts"
+      ansible.builtin.copy:
+        src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+        dest: "/etc/zabbix/scripts/"
+        owner: zabbix
+        group: zabbix
+        mode: 0755
+      notify:
+        - restart zabbix-agent
+        - restart mac zabbix agent
+      become: true
+      with_items: "{{ zabbix_agent_userparameters }}"
+      when: item.scripts_dir is defined
+  when:
+    - ansible_os_family != "Windows"
+    - not zabbix_agent2
+  tags:
+    - config
+
+- block:
+    - name: "Installing user-defined userparameters"
+      ansible.builtin.template:
+        src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+        dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf"
+        owner: zabbix
+        group: zabbix
+        mode: 0644
+      notify:
+        - restart zabbix-agent
+        - restart mac zabbix agent
+      become: true
+      with_items: "{{ zabbix_agent_userparameters }}"
+
+    - name: "Installing user-defined scripts"
+      ansible.builtin.copy:
+        src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+        dest: "/etc/zabbix/scripts/"
+        owner: zabbix
+        group: zabbix
+        mode: 0755
+      notify:
+        - restart zabbix-agent
+        - restart mac zabbix agent
+      become: true
+      with_items: "{{ zabbix_agent_userparameters }}"
+      when: item.scripts_dir is defined
+  when:
+    - ansible_os_family != "Windows"
+    - zabbix_agent2
+  tags:
+    - config

roles/zabbix-agent/templates/userparameters/mysql.j2

@@ -0,0 +1,3 @@
+# This is an sample userparameters file.
+
+UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive

roles/zabbix-agent/templates/userparameters/win_sample.j2

@@ -0,0 +1 @@
+UserParameter=do.something, powershell -NoProfile -ExecutionPolicy Bypass -File {{ zabbix_win_install_dir }}\scripts\{{ item.name }}\doSomething.ps1

roles/zabbix-agent/templates/zabbix_agent2.conf.j2

@@ -0,0 +1,140 @@
+{{ ansible_managed | comment }}
+# This is a configuration file for Zabbix Agent 2
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+# This configuration file is "minimalized", which means all the original comments 
+# are removed. The full documentation for your Zabbix Agent 2 can be found here:
+# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }}
+
+{% if ansible_os_family != "Windows" %}
+PidFile={{ zabbix_agent2_pidfile }}
+{% endif %}
+LogType={{ zabbix_agent2_logtype }}
+{% if ansible_os_family == "Windows" %}
+LogFile={{ zabbix_agent2_win_logfile }}
+{% else %}
+LogFile={{ zabbix_agent2_logfile }}
+{% endif %}
+LogFileSize={{ zabbix_agent2_logfilesize }}
+DebugLevel={{ zabbix_agent2_debuglevel }}
+{% if zabbix_agent2_sourceip is defined and zabbix_agent2_sourceip %}
+SourceIP={{ zabbix_agent2_sourceip }}
+{% endif %}
+Server={{ zabbix_agent2_server }}
+ListenPort={{ zabbix_agent2_listenport }}
+{% if zabbix_agent2_listenip is defined and zabbix_agent2_listenip !='0.0.0.0' and zabbix_agent2_listenip %}
+ListenIP={{ zabbix_agent2_listenip }}
+{% endif %}
+{% if zabbix_agent2_statusport is defined and zabbix_agent2_statusport %}
+StatusPort={{ zabbix_agent2_statusport }}
+{% endif %}
+ServerActive={{ zabbix_agent2_serveractive }}
+{% if zabbix_agent2_hostname is defined and zabbix_agent2_hostname %}
+Hostname={{ zabbix_agent2_hostname }}
+{% endif %}
+{% if zabbix_agent2_hostnameitem is defined and zabbix_agent2_hostnameitem %}
+HostnameItem={{ zabbix_agent2_hostnameitem }}
+{% endif %}
+{% if zabbix_agent2_hostmetadata is defined and zabbix_agent2_hostmetadata %}
+HostMetadata={{ zabbix_agent2_hostmetadata }}
+{% endif %}
+{% if zabbix_agent2_hostmetadataitem is defined and zabbix_agent2_hostmetadataitem %}
+HostMetadataItem={{ zabbix_agent2_hostmetadataitem }}
+{% endif %}
+{% if zabbix_agent2_hostinterface is defined and zabbix_agent2_hostinterface %}
+HostInterface={{ zabbix_agent2_hostinterface }}
+{% endif %}
+{% if zabbix_agent2_hostinterfaceitem is defined and zabbix_agent2_hostinterfaceitem %}
+HostInterfaceItem={{ zabbix_agent2_hostinterfaceitem }}
+{% endif %}
+{% if zabbix_agent2_allow_key is defined and zabbix_agent2_allow_key %}
+{% for item in zabbix_agent2_allow_key %}
+AllowKey={{ item }}
+{% endfor %}
+{% endif %}
+{% if zabbix_agent2_deny_key is defined and zabbix_agent2_deny_key %}
+{% for item in zabbix_agent2_deny_key %}
+DenyKey={{ item }}
+{% endfor %}
+{% endif %}
+RefreshActiveChecks={{ zabbix_agent2_refreshactivechecks }}
+BufferSend={{ zabbix_agent2_buffersend }}
+BufferSize={{ zabbix_agent2_buffersize }}
+{% if zabbix_agent2_enablepersistentbuffer is defined and zabbix_agent2_enablepersistentbuffer %}
+EnablePersistentBuffer={{ zabbix_agent2_enablepersistentbuffer }}
+{% endif %}
+{% if zabbix_agent2_persistentbufferperiod is defined and zabbix_agent2_persistentbufferperiod %}
+PersistentBufferPeriod={{ zabbix_agent2_persistentbufferperiod }}
+{% endif %}
+{% if zabbix_agent2_persistentbufferfile is defined and zabbix_agent2_persistentbufferfile %}
+PersistentBufferFile={{ zabbix_agent2_persistentbufferfile }}
+{% endif %}
+{% if zabbix_agent2_zabbix_alias is defined and zabbix_agent2_zabbix_alias %}
+{% if zabbix_agent2_zabbix_alias is string %}
+Alias={{ zabbix_agent2_zabbix_alias }}
+{% else %}
+{% for item in zabbix_agent2_zabbix_alias %}
+Alias={{ item }}
+{% endfor %}
+{% endif %}
+{% endif %}
+Timeout={{ zabbix_agent2_timeout }}
+{% if ansible_os_family == "Windows" %}
+Include={{ zabbix_agent_win_include }}
+{% else %}
+Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }}
+{% endif %}
+{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %}
+{% for include in zabbix_agent2_additional_include %}
+Include={{ include }}
+{% endfor %}
+{% endif %}
+UnsafeUserParameters={{ zabbix_agent2_unsafeuserparameters }}
+{% if ansible_os_family != "Windows" %}
+ControlSocket={{ zabbix_agent2_controlsocket }}
+{% endif %}
+{% if zabbix_agent2_tlsconnect is defined and zabbix_agent2_tlsconnect %}
+TLSConnect={{ zabbix_agent2_tlsconnect }}
+{% endif %}
+{% if zabbix_agent2_tlsaccept is defined and zabbix_agent2_tlsaccept %}
+TLSAccept={{ zabbix_agent2_tlsaccept }}
+{% endif %}
+{% if zabbix_agent2_tlscafile is defined and zabbix_agent2_tlscafile %}
+TLSCAFile={{ zabbix_agent2_tlscafile }}
+{% endif %}
+{% if zabbix_agent2_tlscrlfile is defined and zabbix_agent2_tlscrlfile %}
+TLSCRLFile={{ zabbix_agent2_tlscrlfile }}
+{% endif %}
+{% if zabbix_agent2_tlsservercertissuer is defined and zabbix_agent2_tlsservercertissuer %}
+TLSServerCertIssuer={{ zabbix_agent2_tlsservercertissuer }}
+{% endif %}
+{% if zabbix_agent2_tlsservercertsubject is defined and zabbix_agent2_tlsservercertsubject %}
+TLSServerCertSubject={{ zabbix_agent2_tlsservercertsubject }}
+{% endif %}
+{% if zabbix_agent2_tlscertfile is defined and zabbix_agent2_tlscertfile %}
+TLSCertFile={{ zabbix_agent2_tlscertfile }}
+{% endif %}
+{% if zabbix_agent2_tlskeyfile is defined and zabbix_agent2_tlskeyfile %}
+TLSKeyFile={{ zabbix_agent2_tlskeyfile }}
+{% endif %}
+{% if zabbix_agent2_tlspskidentity is defined and zabbix_agent2_tlspskidentity %}
+TLSPSKIdentity={{ zabbix_agent2_tlspskidentity }}
+{% endif %}
+{% if zabbix_agent2_tlspskfile is defined and zabbix_agent2_tlspskfile %}
+TLSPSKFile={{ zabbix_agent2_tlspskfile }}
+{% endif %}
+{% if zabbix_agent2_plugins is defined and zabbix_agent2_plugins is iterable %}
+{% for entry in zabbix_agent2_plugins %}
+{% set my_name = entry['name'] %}
+{% for property in entry['options'] %}
+{% set param = property['parameter'] %}
+{% set value = property['value'] %}
+Plugins.{{ my_name }}.{{ param }}={{ value }}
+{% endfor %}
+{% endfor %}
+{% endif %}
+{% if zabbix_agent_version is version('6.0', '>=') %}
+{% if zabbix_agent2_listenbacklog is defined and zabbix_agent2_listenbacklog %}
+ListenBacklog={{ zabbix_agent2_listenbacklog }}
+{% endif %}
+{% endif %}

roles/zabbix-agent/templates/zabbix_agentd.conf.j2

@@ -0,0 +1,149 @@
+{{ ansible_managed | comment }}
+# This is a configuration file for Zabbix Agent
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+# This configuration file is "minimalized", which means all the original comments 
+# are removed. The full documentation for your Zabbix Agent can be found here:
+# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }}
+
+{% if ansible_os_family != "Windows" %}
+PidFile={{ zabbix_agent_pidfile }}
+{% endif %}
+{% if zabbix_agent_version is version('3.0', '>=') %}
+LogType={{ zabbix_agent_logtype }}
+{% endif %}
+{% if ansible_os_family == "Windows" %}
+LogFile={{ zabbix_agent_win_logfile }}
+{% else %}
+LogFile={{ zabbix_agent_logfile }}
+{% endif %}
+LogFileSize={{ zabbix_agent_logfilesize }}
+DebugLevel={{ zabbix_agent_debuglevel }}
+{% if zabbix_agent_sourceip is defined and zabbix_agent_sourceip %}
+SourceIP={{ zabbix_agent_sourceip }}
+{% endif %}
+{% if zabbix_agent_version is version('6.0', '<=') %}
+EnableRemoteCommands={{ zabbix_agent_enableremotecommands }}
+{% else %}
+{% if zabbix_agent_allowkeys is defined and zabbix_agent_allowkeys %}
+AllowKey={{ zabbix_agent_allowkeys }}
+{% endif %}
+{% if zabbix_agent_denykeys is defined and zabbix_agent_denykeys %}
+DenyKey={{ zabbix_agent_denykeys }}
+{% endif %}
+{% endif %}
+LogRemoteCommands={{ zabbix_agent_logremotecommands }}
+Server={{ zabbix_agent_server }}
+ListenPort={{ zabbix_agent_listenport }}
+{% if zabbix_agent_listenip is defined and zabbix_agent_listenip !='0.0.0.0' and zabbix_agent_listenip %}
+ListenIP={{ zabbix_agent_listenip }}
+{% endif %}
+StartAgents={{ zabbix_agent_startagents }}
+ServerActive={{ zabbix_agent_serveractive }}
+{% if zabbix_agent_hostname is defined and zabbix_agent_hostname %}
+Hostname={{ zabbix_agent_hostname }}
+{% endif %}
+{% if zabbix_agent_hostnameitem is defined and zabbix_agent_hostnameitem %}
+HostnameItem={{ zabbix_agent_hostnameitem }}
+{% endif %}
+{% if zabbix_agent_hostmetadata is defined and zabbix_agent_hostmetadata %}
+HostMetadata={{ zabbix_agent_hostmetadata }}
+{% endif %}
+{% if zabbix_agent_hostmetadataitem is defined and zabbix_agent_hostmetadataitem %}
+HostMetadataItem={{ zabbix_agent_hostmetadataitem }}
+{% endif %}
+{% if zabbix_agent_allow_key is defined and zabbix_agent_allow_key %}
+{% for item in zabbix_agent_allow_key %}
+AllowKey={{ item }}
+{% endfor %}
+{% endif %}
+{% if zabbix_agent_deny_key is defined and zabbix_agent_deny_key %}
+{% for item in zabbix_agent_deny_key %}
+DenyKey={{ item }}
+{% endfor %}
+{% endif %}
+RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }}
+BufferSend={{ zabbix_agent_buffersend }}
+BufferSize={{ zabbix_agent_buffersize }}
+MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }}
+{% if zabbix_agent_version is version_compare('6.2', '>=') %}
+HeartbeatFrequency={{ zabbix_agent_heartbeatfrequency }}
+{% endif %}
+{% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %}
+{% if zabbix_agent_zabbix_alias is string %}
+Alias={{ zabbix_agent_zabbix_alias }}
+{% else %}
+{% for item in zabbix_agent_zabbix_alias %}
+Alias={{ item }}
+{% endfor %}
+{% endif %}
+{% endif %}
+Timeout={{ zabbix_agent_timeout }}
+{% if ansible_os_family != "Windows" %}
+AllowRoot={{ zabbix_agent_allowroot }}
+{% endif %}
+{% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %}
+User={{ zabbix_agent_runas_user }}
+{% endif %}
+{% if ansible_os_family == "Windows" %}
+Include={{ zabbix_agent_win_include }}
+{% else %}
+Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }}
+{% endif %}
+{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %}
+{% for include in zabbix_agent_additional_include %}
+Include={{ include }}
+{% endfor %}
+{% endif %}
+UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }}
+{% if zabbix_agent_version is version_compare('2.2', '>=') %}
+{% if ansible_os_family != "Windows" %}
+LoadModulePath={{ zabbix_agent_loadmodulepath }}
+{% endif %}
+{% endif %}
+{% if zabbix_agent_loadmodule is defined and zabbix_agent_loadmodule %}
+{% if zabbix_agent_loadmodule is string %}
+LoadModule={{ zabbix_agent_loadmodule }}
+{% else %}
+{% for module in zabbix_agent_loadmodule %}
+LoadModule={{ module }}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% if zabbix_agent_version is version_compare('3.0', '>=') %}
+{% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %}
+TLSConnect={{ zabbix_agent_tlsconnect }}
+{% endif %}
+{% if zabbix_agent_tlsaccept is defined and zabbix_agent_tlsaccept %}
+TLSAccept={{ zabbix_agent_tlsaccept }}
+{% endif %}
+{% if zabbix_agent_tlscafile is defined and zabbix_agent_tlscafile %}
+TLSCAFile={{ zabbix_agent_tlscafile }}
+{% endif %}
+{% if zabbix_agent_tlscrlfile is defined and zabbix_agent_tlscrlfile %}
+TLSCRLFile={{ zabbix_agent_tlscrlfile }}
+{% endif %}
+{% if zabbix_agent_tlsservercertissuer is defined and zabbix_agent_tlsservercertissuer %}
+TLSServerCertIssuer={{ zabbix_agent_tlsservercertissuer }}
+{% endif %}
+{% if zabbix_agent_tlsservercertsubject is defined and zabbix_agent_tlsservercertsubject %}
+TLSServerCertSubject={{ zabbix_agent_tlsservercertsubject }}
+{% endif %}
+{% if zabbix_agent_tlscertfile is defined and zabbix_agent_tlscertfile %}
+TLSCertFile={{ zabbix_agent_tlscertfile }}
+{% endif %}
+{% if zabbix_agent_tlskeyfile is defined and zabbix_agent_tlskeyfile %}
+TLSKeyFile={{ zabbix_agent_tlskeyfile }}
+{% endif %}
+{% if zabbix_agent_tlspskidentity is defined and zabbix_agent_tlspskidentity %}
+TLSPSKIdentity={{ zabbix_agent_tlspskidentity }}
+{% endif %}
+{% if zabbix_agent_tlspskfile is defined and zabbix_agent_tlspskfile %}
+TLSPSKFile={{ zabbix_agent_tlspskfile }}
+{% endif %}
+{% endif %}
+{% if zabbix_agent_version is version('6.0', '>=') %}
+{% if zabbix_agent_listenbacklog is defined and zabbix_agent_listenbacklog %}
+ListenBacklog={{ zabbix_agent_listenbacklog }}
+{% endif %}
+{% endif %}

roles/zabbix-agent/vars/Debian.yml

@@ -0,0 +1,48 @@
+---
+# vars file for zabbix_agent (Debian)
+
+zabbix_agent: zabbix-agent
+zabbix_agent_service: zabbix-agent
+zabbix_agent_conf: zabbix_agentd.conf
+zabbix_agent2_conf: zabbix_agent2.conf
+
+zabbix_valid_agent_versions:
+  # Debian
+  "12":
+    - 6.4
+    - 6.2
+    - 6.0
+
+  "11":
+    - 6.4
+    - 6.2
+    - 6.0
+
+  "10":
+    - 6.4
+    - 6.2
+    - 6.0
+
+  "9":
+    - 6.4
+    - 6.2
+    - 6.0
+  # Ubuntu
+  "22":
+    - 6.4
+    - 6.2
+    - 6.0
+
+  "20":
+    - 6.4
+    - 6.2
+    - 6.0
+
+  "18":
+    - 6.4
+    - 6.2
+    - 6.0
+
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}"

roles/zabbix-agent/vars/RedHat.yml

@@ -0,0 +1,21 @@
+---
+# vars file for zabbix_agent (RedHat)
+
+zabbix_agent: zabbix-agent
+zabbix_agent_service: zabbix-agent
+zabbix_agent_conf: zabbix_agentd.conf
+zabbix_agent2_conf: zabbix_agent2.conf
+
+zabbix_valid_agent_versions:
+  "9":
+    - 6.4
+    - 6.2
+    - 6.0
+  "8":
+    - 6.4
+    - 6.2
+    - 6.0
+  "7":
+    - 6.4
+    - 6.2
+    - 6.0

roles/zabbix-agent/vars/Windows.yml

@@ -0,0 +1,7 @@
+---
+# vars file for zabbix_agent (Windows)
+zabbix_valid_agent_versions:
+  "10":
+    - 6.4
+    - 6.2
+    - 6.0

zabbix-agent.yaml

@@ -0,0 +1,20 @@
+---
+- hosts: all
+  roles:
+    - role: zabbix-agent
+      zabbix_agent_server: 10.10.43.252
+      zabbix_agent_serveractive: 10.10.43.252
+      zabbix_api_server_host: 10.10.43.252
+      zabbix_api_server_port: 80
+      ansible_zabbix_url_path: "/"
+      zabbix_api_login_user: sa8001
+      zabbix_api_login_pass: ios2011a
+      zabbix_api_create_hostgroup: false
+      zabbix_api_create_hosts: true
+      zabbix_agent_host_state: present
+      zabbix_host_groups:
+        - Linux servers
+        - Virtual machines
+      zabbix_agent_link_templates:
+        - Linux by Zabbix agent
+      zabbix_agent_version: 6.4