From 2dcaeada2801dc920ae2a3be37ecec3d7eefa09f Mon Sep 17 00:00:00 2001 From: root Date: Tue, 28 Nov 2023 14:51:57 +0900 Subject: [PATCH] inventory add --- ansible.cfg | 4 +- collections/requirements.yml | 4 +- inventory | 84 ++- roles/zabbix-agent/defaults/main.yml | 584 +++++++-------- roles/zabbix-agent/files/sample.conf | 6 +- roles/zabbix-agent/handlers/main.yml | 80 +- roles/zabbix-agent/meta/main.yml | 84 +-- .../molecule/with-server/Dockerfile.j2 | 28 +- .../molecule/with-server/INSTALL.rst | 52 +- .../molecule/with-server/molecule.yml | 146 ++-- .../molecule/with-server/playbook.yml | 48 +- .../molecule/with-server/prepare.yml | 228 +++--- .../molecule/with-server/requirements.yml | 10 +- .../molecule/with-server/tests/test_agent.py | 88 +-- .../with-server/tests/test_default.py | 82 +- roles/zabbix-agent/tasks/Debian.yml | 302 ++++---- roles/zabbix-agent/tasks/Docker.yml | 64 +- roles/zabbix-agent/tasks/Linux.yml | 478 ++++++------ roles/zabbix-agent/tasks/RedHat.yml | 140 ++-- roles/zabbix-agent/tasks/Windows.yml | 704 +++++++++--------- roles/zabbix-agent/tasks/Windows_conf.yml | 112 +-- roles/zabbix-agent/tasks/XCP-ng.yml | 140 ++-- roles/zabbix-agent/tasks/api.yml | 192 ++--- roles/zabbix-agent/tasks/macOS.yml | 44 +- roles/zabbix-agent/tasks/main.yml | 188 ++--- roles/zabbix-agent/tasks/remove.yml | 50 +- roles/zabbix-agent/tasks/selinux.yml | 220 +++--- roles/zabbix-agent/tasks/tlspsk_auto.yml | 28 +- .../zabbix-agent/tasks/tlspsk_auto_agent2.yml | 28 +- .../tasks/tlspsk_auto_agent2_common.yml | 106 +-- .../tasks/tlspsk_auto_agent2_linux.yml | 160 ++-- .../tasks/tlspsk_auto_agent2_windows.yml | 132 ++-- .../zabbix-agent/tasks/tlspsk_auto_common.yml | 104 +-- .../zabbix-agent/tasks/tlspsk_auto_linux.yml | 160 ++-- .../tasks/tlspsk_auto_windows.yml | 134 ++-- roles/zabbix-agent/tasks/userparameter.yml | 174 ++--- .../templates/userparameters/mysql.j2 | 6 +- .../templates/userparameters/win_sample.j2 | 2 +- .../templates/zabbix_agent2.conf.j2 | 280 +++---- .../templates/zabbix_agentd.conf.j2 | 298 ++++---- roles/zabbix-agent/vars/Debian.yml | 96 +-- roles/zabbix-agent/vars/RedHat.yml | 42 +- roles/zabbix-agent/vars/Windows.yml | 14 +- zabbix-agent.yaml | 48 +- 44 files changed, 3024 insertions(+), 2950 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index e6a96f4..381978a 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,2 +1,2 @@ -[defaults] -stdout_callback = debug +[defaults] +stdout_callback = debug diff --git a/collections/requirements.yml b/collections/requirements.yml index 8ab98a5..57a2335 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,3 +1,3 @@ -collections: - - name: ansible.utils +collections: + - name: ansible.utils - name: community.zabbix \ No newline at end of file diff --git a/inventory b/inventory index 2e89fad..548a50b 100644 --- a/inventory +++ b/inventory @@ -1,5 +1,79 @@ -[server] -10.10.34.40 ansible_port=22001 ansible_user=ai - -[all:children] -server +[server] +10.10.43.100 ansible_port=2222 ansible_user=dev2-iac +10.10.43.101 ansible_port=2222 ansible_user=dev2-iac +10.10.43.105 ansible_port=2222 ansible_user=dev2-iac +10.10.43.106 ansible_port=2222 ansible_user=dev2-iac +10.10.43.111 ansible_port=2222 ansible_user=dev2-iac +10.10.43.112 ansible_port=2222 ansible_user=dev2-iac +10.10.43.113 ansible_port=2222 ansible_user=dev2-iac +10.10.43.114 ansible_port=2222 ansible_user=dev2-iac +10.10.43.115 ansible_port=2222 ansible_user=dev2-iac +10.10.43.116 ansible_port=2222 ansible_user=dev2-iac +10.10.43.117 ansible_port=2222 ansible_user=dev2-iac +10.10.43.118 ansible_port=2222 ansible_user=dev2-iac +10.10.43.119 ansible_port=2222 ansible_user=dev2-iac +10.10.43.120 ansible_port=2222 ansible_user=dev2-iac +10.10.43.121 ansible_port=2222 ansible_user=dev2-iac +10.10.43.122 ansible_port=2222 ansible_user=dev2-iac +10.10.43.123 ansible_port=2222 ansible_user=dev2-iac +10.10.43.124 ansible_port=2222 ansible_user=dev2-iac +10.10.43.125 ansible_port=2222 ansible_user=dev2-iac +10.10.43.126 ansible_port=2222 ansible_user=dev2-iac +10.10.43.127 ansible_port=2222 ansible_user=dev2-iac +10.10.43.128 ansible_port=2222 ansible_user=dev2-iac +10.10.43.129 ansible_port=2222 ansible_user=dev2-iac +10.10.43.130 ansible_port=2222 ansible_user=dev2-iac +10.10.43.131 ansible_port=2222 ansible_user=dev2-iac +10.10.43.132 ansible_port=2222 ansible_user=dev2-iac +10.10.43.133 ansible_port=2222 ansible_user=dev2-iac +10.10.43.134 ansible_port=2222 ansible_user=dev2-iac +10.10.43.135 ansible_port=2222 ansible_user=dev2-iac +10.10.43.136 ansible_port=2222 ansible_user=dev2-iac +10.10.43.137 ansible_port=2222 ansible_user=dev2-iac +10.10.43.138 ansible_port=2222 ansible_user=dev2-iac +10.10.43.139 ansible_port=2222 ansible_user=dev2-iac +10.10.43.140 ansible_port=2222 ansible_user=dev2-iac +10.10.43.141 ansible_port=2222 ansible_user=dev2-iac +10.10.43.142 ansible_port=2222 ansible_user=dev2-iac +10.10.43.143 ansible_port=2222 ansible_user=dev2-iac +10.10.43.144 ansible_port=2222 ansible_user=dev2-iac +10.10.43.145 ansible_port=2222 ansible_user=dev2-iac +10.10.43.146 ansible_port=2222 ansible_user=dev2-iac +10.10.43.147 ansible_port=2222 ansible_user=dev2-iac +10.10.43.148 ansible_port=2222 ansible_user=dev2-iac +10.10.43.151 ansible_port=2222 ansible_user=dev2-iac +10.10.43.152 ansible_port=2222 ansible_user=dev2-iac +10.10.43.153 ansible_port=2222 ansible_user=dev2-iac +10.10.43.164 ansible_port=2222 ansible_user=dev2-iac +10.10.43.165 ansible_port=2222 ansible_user=dev2-iac +10.10.43.166 ansible_port=2222 ansible_user=dev2-iac +10.10.43.167 ansible_port=2222 ansible_user=dev2-iac +10.10.43.168 ansible_port=2222 ansible_user=dev2-iac +10.10.43.169 ansible_port=2222 ansible_user=dev2-iac +10.10.43.171 ansible_port=2222 ansible_user=dev2-iac +10.10.43.172 ansible_port=2222 ansible_user=dev2-iac +10.10.43.173 ansible_port=2222 ansible_user=dev2-iac +10.10.43.174 ansible_port=2222 ansible_user=dev2-iac +10.10.43.175 ansible_port=2222 ansible_user=dev2-iac +10.10.43.176 ansible_port=2222 ansible_user=dev2-iac +10.10.43.177 ansible_port=2222 ansible_user=dev2-iac +10.10.43.178 ansible_port=2222 ansible_user=dev2-iac +10.10.43.179 ansible_port=2222 ansible_user=dev2-iac +10.10.43.180 ansible_port=2222 ansible_user=dev2-iac +10.10.43.181 ansible_port=2222 ansible_user=dev2-iac +10.10.43.182 ansible_port=2222 ansible_user=dev2-iac +10.10.43.185 ansible_port=2222 ansible_user=dev2-iac +10.10.43.186 ansible_port=2222 ansible_user=dev2-iac +10.10.43.187 ansible_port=2222 ansible_user=dev2-iac +10.10.43.188 ansible_port=2222 ansible_user=dev2-iac +10.10.43.189 ansible_port=2222 ansible_user=dev2-iac +10.10.43.190 ansible_port=2222 ansible_user=dev2-iac +10.10.43.191 ansible_port=2222 ansible_user=dev2-iac +10.10.43.192 ansible_port=2222 ansible_user=dev2-iac +10.10.43.193 ansible_port=2222 ansible_user=dev2-iac +10.10.43.194 ansible_port=2222 ansible_user=dev2-iac +10.10.43.199 ansible_port=2222 ansible_user=dev2-iac + + +[all:children] +server diff --git a/roles/zabbix-agent/defaults/main.yml b/roles/zabbix-agent/defaults/main.yml index dbd5db5..7e57368 100644 --- a/roles/zabbix-agent/defaults/main.yml +++ b/roles/zabbix-agent/defaults/main.yml @@ -1,292 +1,292 @@ ---- -# defaults file for zabbix_agent - -zabbix_agent2: false -# zabbix_agent_version: 6.4 -zabbix_agent_version_minor: "*" -zabbix_version_patch: 0 -zabbix_agent_package_remove: false -zabbix_agent_package: zabbix-agent -zabbix_sender_package: zabbix-sender -zabbix_get_package: zabbix-get -zabbix_agent_package_state: present -zabbix_agent_server: -zabbix_agent_serveractive: -zabbix_agent2_server: "{{ zabbix_agent_server }}" -zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive }}" -zabbix_selinux: false -zabbix_agent_apt_priority: -zabbix_agent_conf_mode: "0644" -zabbix_agent_dont_detect_ip: false -zabbix_agent_allow_key: [] -zabbix_agent_deny_key: [] -zabbix_agent2_allow_key: "{{ zabbix_agent_allow_key }}" -zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}" - -# Selinux related vars -selinux_allow_zabbix_run_sudo: false - -zabbix_agent_install_agent_only: false -zabbix_agent_packages: - - "{{ zabbix_agent_package }}" - - "{{ zabbix_sender_package }}" - - "{{ zabbix_get_package }}" - -# Zabbix role related vars -zabbix_apt_force_apt_get: true -zabbix_apt_install_recommends: false - -# Override Ansible specific facts -zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}" -zabbix_agent_distribution_release: "{{ ansible_distribution_release }}" -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https -zabbix_agent_disable_repo: - - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-agent2-plugins - description: Zabbix Official Repository (Agent2 Plugins) - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_repo_deb_component: main - -# Zabbix API stuff -zabbix_api_server_host: localhost -# zabbix_api_server_port: 80 -zabbix_api_login_user: Admin -zabbix_api_use_ssl: false -zabbix_api_login_pass: !unsafe zabbix -zabbix_api_validate_certs: false -ansible_httpapi_pass: "{{ zabbix_api_login_pass }}" -ansible_httpapi_port: "{{ zabbix_api_server_port }}" -ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}" -zabbix_api_timeout: 30 -zabbix_api_create_hostgroup: false -zabbix_api_create_hosts: false -zabbix_agent_hostgroups_state: present # or absent -zabbix_agent_host_state: present # or absent -zabbix_agent_host_update: true -zabbix_host_status: enabled # or disabled -zabbix_agent_proxy: null -zabbix_agent_inventory_mode: disabled -zabbix_useuip: 1 -zabbix_host_groups: - - Linux servers -zabbix_agent_link_templates: - - Template Linux by Zabbix agent - -zabbix_agent_interfaces: - - type: 1 - main: 1 - useip: "{{ zabbix_useuip }}" - ip: "{{ zabbix_agent_ip }}" - dns: "{{ ansible_fqdn }}" - port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}" - -# Zabbix configuration variables -zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid -zabbix_agent_logtype: file -zabbix_agent_logfile: /var/log/zabbix/zabbix_agentd.log -zabbix_agent_logfilesize: 100 -zabbix_agent_debuglevel: 3 -zabbix_agent_sourceip: -zabbix_agent_enableremotecommands: 0 -zabbix_agent_allowkeys: -zabbix_agent_denykeys: -zabbix_agent_logremotecommands: 0 -zabbix_agent_listenport: 10050 -zabbix_agent_jmx_listenport: -zabbix_agent_listeninterface: -zabbix_agent_listenip: -zabbix_agent_startagents: 3 -zabbix_agent_hostname: "{{ inventory_hostname }}" -zabbix_agent_hostnameitem: -zabbix_agent_hostmetadata: -zabbix_agent_hostmetadataitem: -zabbix_agent_refreshactivechecks: 120 -zabbix_agent_buffersend: 5 -zabbix_agent_buffersize: 100 -zabbix_agent_maxlinespersecond: 100 -zabbix_agent_allowroot: 0 -zabbix_agent_zabbix_alias: -zabbix_agent_timeout: 3 -zabbix_agent_include: /etc/zabbix/zabbix_agentd.d -zabbix_agent_include_pattern: -zabbix_agent_include_mode: "0750" -zabbix_agent_unsafeuserparameters: 0 -zabbix_agent_userparameters: [] -zabbix_agent_userparameters_templates_src: "userparameters" -zabbix_agent_userparameters_scripts_src: "scripts" -zabbix_agent_custom_scripts: false -zabbix_agent_loadmodulepath: ${libdir}/modules -zabbix_agent_loadmodule: -zabbix_agent_become_on_localhost: true -zabbix_agent_description: -zabbix_agent_inventory_zabbix: {} -zabbix_agent_heartbeatfrequency: 60 -zabbix_agent_macros: [] -zabbix_agent_tags: [] -zabbix_agent_chassis: false - -# TLS settings -zabbix_agent_tlsconnect: -zabbix_agent_tlsaccept: -zabbix_agent_tlscafile: -zabbix_agent_tlscrlfile: -zabbix_agent_tlsservercertissuer: -zabbix_agent_tlsservercertsubject: -zabbix_agent_tls_subject: "{{ zabbix_agent_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression -zabbix_agent_tlscertfile: -zabbix_agent_tlskeyfile: -zabbix_agent_tlspskidentity: -zabbix_agent_tlspsk_auto: false - -zabbix_agent_tls_config: - unencrypted: "1" - psk: "2" - cert: "4" - -# IPMI settings -zabbix_agent_ipmi_authtype: 2 -zabbix_agent_ipmi_password: -zabbix_agent_ipmi_privilege: 2 -zabbix_agent_ipmi_username: - -# Zabbix Agent2 -zabbix_agent2_pidfile: /var/run/zabbix/zabbix_agent2.pid -zabbix_agent2_logfile: /var/log/zabbix/zabbix_agent2.log -zabbix_agent2_logtype: file -zabbix_agent2_statusport: 9999 -zabbix_agent2_include: /etc/zabbix/zabbix_agent2.d -zabbix_agent2_include_pattern: -zabbix_agent2_logfilesize: 100 -zabbix_agent2_debuglevel: 3 -zabbix_agent2_sourceip: -zabbix_agent2_listenport: 10050 -zabbix_agent2_listenip: -zabbix_agent2_hostname: "{{ inventory_hostname }}" -zabbix_agent2_hostnameitem: -zabbix_agent2_hostmetadata: -zabbix_agent2_hostmetadataitem: -zabbix_agent2_hostinterface: -zabbix_agent2_hostinterfaceitem: -zabbix_agent2_enablepersistentbuffer: 0 -zabbix_agent2_persistentbufferperiod: 1h -zabbix_agent2_persistentbufferfile: -zabbix_agent2_refreshactivechecks: 120 -zabbix_agent2_buffersend: 5 -zabbix_agent2_buffersize: 100 -zabbix_agent2_zabbix_alias: -zabbix_agent2_timeout: 3 -zabbix_agent2_include_mode: "0750" -zabbix_agent2_unsafeuserparameters: 0 -zabbix_agent2_controlsocket: /tmp/agent.sock -zabbix_agent2_plugins: [] - -# Zabbix Agent2 TLS settings -zabbix_agent2_tlsconnect: -zabbix_agent2_tlsaccept: -zabbix_agent2_tlscafile: -zabbix_agent2_tlscrlfile: -zabbix_agent2_tlsservercertissuer: -zabbix_agent2_tlsservercertsubject: -zabbix_agent2_tls_subject: "{{ zabbix_agent2_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression -zabbix_agent2_tlscertfile: -zabbix_agent2_tlskeyfile: -zabbix_agent2_tlspskidentity: -zabbix_agent2_tlspsk_auto: false - -# Windows/macOS Related -zabbix_version_long: 5.2.4 - -# Windows Related -zabbix_win_package: zabbix_agent-{{ zabbix_version_long }}-windows-amd64-openssl.zip -zabbix2_win_package: zabbix_agent2-{{ zabbix_version_long }}-windows-amd64-openssl-static.zip -zabbix_win_download_url: https://cdn.zabbix.com/zabbix/binaries/stable -zabbix_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix_win_package }}" -zabbix2_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix2_win_package }}" -zabbix_win_install_dir: 'C:\Zabbix' -zabbix_win_install_dir_conf: '{{ zabbix_win_install_dir }}\\conf' -zabbix_win_install_dir_bin: '{{ zabbix_win_install_dir }}\\bin' -zabbix_agent_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agentd.log" -zabbix_agent_win_include: "{{ zabbix_win_install_dir }}\\zabbix_agent.d\\" -zabbix_agent2_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agent2.log" -zabbix_agent_win_svc_recovery: true -zabbix_win_firewall_management: true - -# macOS Related -zabbix_mac_package: zabbix_agent-{{ zabbix_version_long }}-macos-amd64-openssl.pkg -zabbix_mac_download_url: https://cdn.zabbix.com/zabbix/binaries/stable -zabbix_mac_download_link: "{{ zabbix_mac_download_url }}/{{ zabbix_agent_version }}/{{ zabbix_version_long }}/{{ zabbix_mac_package }}" - -# Zabbix Agent Docker facts -zabbix_agent_docker: false -zabbix_agent_docker_state: started -zabbix_agent_docker_name: zabbix-agent -zabbix_agent_docker_image: "zabbix/zabbix-agent" -zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_agent_version }}.{{ zabbix_version_patch }}" -zabbix_agent_docker_user_gid: 101 -zabbix_agent_docker_user_uid: 101 -zabbix_agent_docker_network_mode: host -zabbix_agent_docker_restart_policy: unless-stopped -zabbix_agent_docker_privileged: false -zabbix_agent_docker_ports: - - 10050:10050 -zabbix_agent_docker_security_opts: - - apparmor:unconfined -zabbix_agent_docker_volumes: - - /etc/zabbix/zabbix_agentd.d:{{ zabbix_agent_include }} - - /:/hostfs:ro - - /etc:/hostfs/etc:ro - - /proc:/hostfs/proc:ro - - /sys:/hostfs/sys:ro - - /var/run:/var/run -zabbix_agent_docker_env: - ZBX_HOSTNAME: "{{ zabbix_agent_hostname }}" - ZBX_SERVER_HOST: "{{ zabbix_agent_server }}" - ZBX_PASSIVE_ALLOW: "{{ zabbix_agent_serverpassive_allow | default(omit) }}" - ZBX_PASSIVESERVERS: "{{ zabbix_agent_serverpassive | default(omit) }}" - ZBX_ACTIVE_ALLOW: "{{ zabbix_agent_serveractive_allow | default(omit) }}" - ZBX_LOADMODULE: "{{ zabbix_agent_loadmodule | default(omit) }}" - ZBX_DEBUGLEVEL: "{{ zabbix_agent_debuglevel }}" - ZBX_TIMEOUT: "{{ zabbix_agent_timeout }}" - ZBX_SOURCEIP: "{{ zabbix_agent_sourceip | default(omit) }}" - ZBX_ENABLEREMOTECOMMANDS: "{{ zabbix_agent_enableremotecommands | default(omit) }}" - ZBX_LOGREMOTECOMMANDS: "{{ zabbix_agent_logremotecommands | default(omit) }}" - ZBX_STARTAGENTS: "{{ zabbix_agent_startagents | default(omit) }}" - ZBX_HOSTNAMEITEM: "{{ zabbix_agent_hostnameitem | default(omit) }}" - ZBX_METADATA: "{{ zabbix_agent_hostmetadata | default(omit) }}" - ZBX_METADATAITEM: "{{ zabbix_agent_hostmetadataitem | default(omit) }}" - ZBX_REFRESHACTIVECHECKS: "{{ zabbix_agent_refreshactivechecks | default(omit) }}" - ZBX_BUFFERSEND: "{{ zabbix_agent_buffersend | default(omit) }}" - ZBX_BUFFERSIZE: "{{ zabbix_agent_buffersize | default(omit) }}" - ZBX_MAXLINESPERSECOND: "{{ zabbix_agent_maxlinespersecond | default(omit) }}" - ZBX_LISTENIP: "{{ zabbix_agent_listenip }}" - ZBX_UNSAFEUSERPARAMETERS: "{{ zabbix_agent_unsafeuserparameters | default(omit) }}" - ZBX_TLSCONNECT: "{{ zabbix_agent_tlsconnect | default(omit) }}" - ZBX_TLSACCEPT: "{{ zabbix_agent_tlsaccept | default(omit) }}" - ZBX_TLSCAFILE: "{{ zabbix_agent_tlscafile | default(omit) }}" - ZBX_TLSCRLFILE: "{{ zabbix_agent_tlscrlfile | default(omit) }}" - ZBX_TLSSERVERCERTISSUER: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" - ZBX_TLSSERVERCERTSUBJECT: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" - ZBX_TLSCERTFILE: "{{ zabbix_agent_tlscertfile | default(omit) }}" - ZBX_TLSKEYFILE: "{{ zabbix_agent_tlskeyfile | default(omit) }}" - ZBX_TLSPSKIDENTITY: "{{ zabbix_agent_tlspskidentity | default(omit) }}" +--- +# defaults file for zabbix_agent + +zabbix_agent2: false +# zabbix_agent_version: 6.4 +zabbix_agent_version_minor: "*" +zabbix_version_patch: 0 +zabbix_agent_package_remove: false +zabbix_agent_package: zabbix-agent +zabbix_sender_package: zabbix-sender +zabbix_get_package: zabbix-get +zabbix_agent_package_state: present +zabbix_agent_server: +zabbix_agent_serveractive: +zabbix_agent2_server: "{{ zabbix_agent_server }}" +zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive }}" +zabbix_selinux: false +zabbix_agent_apt_priority: +zabbix_agent_conf_mode: "0644" +zabbix_agent_dont_detect_ip: false +zabbix_agent_allow_key: [] +zabbix_agent_deny_key: [] +zabbix_agent2_allow_key: "{{ zabbix_agent_allow_key }}" +zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}" + +# Selinux related vars +selinux_allow_zabbix_run_sudo: false + +zabbix_agent_install_agent_only: false +zabbix_agent_packages: + - "{{ zabbix_agent_package }}" + - "{{ zabbix_sender_package }}" + - "{{ zabbix_get_package }}" + +# Zabbix role related vars +zabbix_apt_force_apt_get: true +zabbix_apt_install_recommends: false + +# Override Ansible specific facts +zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}" +zabbix_agent_distribution_release: "{{ ansible_distribution_release }}" +zabbix_repo_yum_gpgcheck: 0 +zabbix_repo_yum_schema: https +zabbix_agent_disable_repo: + - epel +zabbix_repo_yum: + - name: zabbix + description: Zabbix Official Repository - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + mode: "0644" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-non-supported + description: Zabbix Official Repository non-supported - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + mode: "0644" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-agent2-plugins + description: Zabbix Official Repository (Agent2 Plugins) - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + mode: "0644" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + +zabbix_repo_deb_component: main + +# Zabbix API stuff +zabbix_api_server_host: localhost +# zabbix_api_server_port: 80 +zabbix_api_login_user: Admin +zabbix_api_use_ssl: false +zabbix_api_login_pass: !unsafe zabbix +zabbix_api_validate_certs: false +ansible_httpapi_pass: "{{ zabbix_api_login_pass }}" +ansible_httpapi_port: "{{ zabbix_api_server_port }}" +ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}" +zabbix_api_timeout: 30 +zabbix_api_create_hostgroup: false +zabbix_api_create_hosts: false +zabbix_agent_hostgroups_state: present # or absent +zabbix_agent_host_state: present # or absent +zabbix_agent_host_update: true +zabbix_host_status: enabled # or disabled +zabbix_agent_proxy: null +zabbix_agent_inventory_mode: disabled +zabbix_useuip: 1 +zabbix_host_groups: + - Linux servers +zabbix_agent_link_templates: + - Template Linux by Zabbix agent + +zabbix_agent_interfaces: + - type: 1 + main: 1 + useip: "{{ zabbix_useuip }}" + ip: "{{ zabbix_agent_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}" + +# Zabbix configuration variables +zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid +zabbix_agent_logtype: file +zabbix_agent_logfile: /var/log/zabbix/zabbix_agentd.log +zabbix_agent_logfilesize: 100 +zabbix_agent_debuglevel: 3 +zabbix_agent_sourceip: +zabbix_agent_enableremotecommands: 0 +zabbix_agent_allowkeys: +zabbix_agent_denykeys: +zabbix_agent_logremotecommands: 0 +zabbix_agent_listenport: 10050 +zabbix_agent_jmx_listenport: +zabbix_agent_listeninterface: +zabbix_agent_listenip: +zabbix_agent_startagents: 3 +zabbix_agent_hostname: "{{ inventory_hostname }}" +zabbix_agent_hostnameitem: +zabbix_agent_hostmetadata: +zabbix_agent_hostmetadataitem: +zabbix_agent_refreshactivechecks: 120 +zabbix_agent_buffersend: 5 +zabbix_agent_buffersize: 100 +zabbix_agent_maxlinespersecond: 100 +zabbix_agent_allowroot: 0 +zabbix_agent_zabbix_alias: +zabbix_agent_timeout: 3 +zabbix_agent_include: /etc/zabbix/zabbix_agentd.d +zabbix_agent_include_pattern: +zabbix_agent_include_mode: "0750" +zabbix_agent_unsafeuserparameters: 0 +zabbix_agent_userparameters: [] +zabbix_agent_userparameters_templates_src: "userparameters" +zabbix_agent_userparameters_scripts_src: "scripts" +zabbix_agent_custom_scripts: false +zabbix_agent_loadmodulepath: ${libdir}/modules +zabbix_agent_loadmodule: +zabbix_agent_become_on_localhost: true +zabbix_agent_description: +zabbix_agent_inventory_zabbix: {} +zabbix_agent_heartbeatfrequency: 60 +zabbix_agent_macros: [] +zabbix_agent_tags: [] +zabbix_agent_chassis: false + +# TLS settings +zabbix_agent_tlsconnect: +zabbix_agent_tlsaccept: +zabbix_agent_tlscafile: +zabbix_agent_tlscrlfile: +zabbix_agent_tlsservercertissuer: +zabbix_agent_tlsservercertsubject: +zabbix_agent_tls_subject: "{{ zabbix_agent_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression +zabbix_agent_tlscertfile: +zabbix_agent_tlskeyfile: +zabbix_agent_tlspskidentity: +zabbix_agent_tlspsk_auto: false + +zabbix_agent_tls_config: + unencrypted: "1" + psk: "2" + cert: "4" + +# IPMI settings +zabbix_agent_ipmi_authtype: 2 +zabbix_agent_ipmi_password: +zabbix_agent_ipmi_privilege: 2 +zabbix_agent_ipmi_username: + +# Zabbix Agent2 +zabbix_agent2_pidfile: /var/run/zabbix/zabbix_agent2.pid +zabbix_agent2_logfile: /var/log/zabbix/zabbix_agent2.log +zabbix_agent2_logtype: file +zabbix_agent2_statusport: 9999 +zabbix_agent2_include: /etc/zabbix/zabbix_agent2.d +zabbix_agent2_include_pattern: +zabbix_agent2_logfilesize: 100 +zabbix_agent2_debuglevel: 3 +zabbix_agent2_sourceip: +zabbix_agent2_listenport: 10050 +zabbix_agent2_listenip: +zabbix_agent2_hostname: "{{ inventory_hostname }}" +zabbix_agent2_hostnameitem: +zabbix_agent2_hostmetadata: +zabbix_agent2_hostmetadataitem: +zabbix_agent2_hostinterface: +zabbix_agent2_hostinterfaceitem: +zabbix_agent2_enablepersistentbuffer: 0 +zabbix_agent2_persistentbufferperiod: 1h +zabbix_agent2_persistentbufferfile: +zabbix_agent2_refreshactivechecks: 120 +zabbix_agent2_buffersend: 5 +zabbix_agent2_buffersize: 100 +zabbix_agent2_zabbix_alias: +zabbix_agent2_timeout: 3 +zabbix_agent2_include_mode: "0750" +zabbix_agent2_unsafeuserparameters: 0 +zabbix_agent2_controlsocket: /tmp/agent.sock +zabbix_agent2_plugins: [] + +# Zabbix Agent2 TLS settings +zabbix_agent2_tlsconnect: +zabbix_agent2_tlsaccept: +zabbix_agent2_tlscafile: +zabbix_agent2_tlscrlfile: +zabbix_agent2_tlsservercertissuer: +zabbix_agent2_tlsservercertsubject: +zabbix_agent2_tls_subject: "{{ zabbix_agent2_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression +zabbix_agent2_tlscertfile: +zabbix_agent2_tlskeyfile: +zabbix_agent2_tlspskidentity: +zabbix_agent2_tlspsk_auto: false + +# Windows/macOS Related +zabbix_version_long: 5.2.4 + +# Windows Related +zabbix_win_package: zabbix_agent-{{ zabbix_version_long }}-windows-amd64-openssl.zip +zabbix2_win_package: zabbix_agent2-{{ zabbix_version_long }}-windows-amd64-openssl-static.zip +zabbix_win_download_url: https://cdn.zabbix.com/zabbix/binaries/stable +zabbix_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix_win_package }}" +zabbix2_win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix2_win_package }}" +zabbix_win_install_dir: 'C:\Zabbix' +zabbix_win_install_dir_conf: '{{ zabbix_win_install_dir }}\\conf' +zabbix_win_install_dir_bin: '{{ zabbix_win_install_dir }}\\bin' +zabbix_agent_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agentd.log" +zabbix_agent_win_include: "{{ zabbix_win_install_dir }}\\zabbix_agent.d\\" +zabbix_agent2_win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agent2.log" +zabbix_agent_win_svc_recovery: true +zabbix_win_firewall_management: true + +# macOS Related +zabbix_mac_package: zabbix_agent-{{ zabbix_version_long }}-macos-amd64-openssl.pkg +zabbix_mac_download_url: https://cdn.zabbix.com/zabbix/binaries/stable +zabbix_mac_download_link: "{{ zabbix_mac_download_url }}/{{ zabbix_agent_version }}/{{ zabbix_version_long }}/{{ zabbix_mac_package }}" + +# Zabbix Agent Docker facts +zabbix_agent_docker: false +zabbix_agent_docker_state: started +zabbix_agent_docker_name: zabbix-agent +zabbix_agent_docker_image: "zabbix/zabbix-agent" +zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_agent_version }}.{{ zabbix_version_patch }}" +zabbix_agent_docker_user_gid: 101 +zabbix_agent_docker_user_uid: 101 +zabbix_agent_docker_network_mode: host +zabbix_agent_docker_restart_policy: unless-stopped +zabbix_agent_docker_privileged: false +zabbix_agent_docker_ports: + - 10050:10050 +zabbix_agent_docker_security_opts: + - apparmor:unconfined +zabbix_agent_docker_volumes: + - /etc/zabbix/zabbix_agentd.d:{{ zabbix_agent_include }} + - /:/hostfs:ro + - /etc:/hostfs/etc:ro + - /proc:/hostfs/proc:ro + - /sys:/hostfs/sys:ro + - /var/run:/var/run +zabbix_agent_docker_env: + ZBX_HOSTNAME: "{{ zabbix_agent_hostname }}" + ZBX_SERVER_HOST: "{{ zabbix_agent_server }}" + ZBX_PASSIVE_ALLOW: "{{ zabbix_agent_serverpassive_allow | default(omit) }}" + ZBX_PASSIVESERVERS: "{{ zabbix_agent_serverpassive | default(omit) }}" + ZBX_ACTIVE_ALLOW: "{{ zabbix_agent_serveractive_allow | default(omit) }}" + ZBX_LOADMODULE: "{{ zabbix_agent_loadmodule | default(omit) }}" + ZBX_DEBUGLEVEL: "{{ zabbix_agent_debuglevel }}" + ZBX_TIMEOUT: "{{ zabbix_agent_timeout }}" + ZBX_SOURCEIP: "{{ zabbix_agent_sourceip | default(omit) }}" + ZBX_ENABLEREMOTECOMMANDS: "{{ zabbix_agent_enableremotecommands | default(omit) }}" + ZBX_LOGREMOTECOMMANDS: "{{ zabbix_agent_logremotecommands | default(omit) }}" + ZBX_STARTAGENTS: "{{ zabbix_agent_startagents | default(omit) }}" + ZBX_HOSTNAMEITEM: "{{ zabbix_agent_hostnameitem | default(omit) }}" + ZBX_METADATA: "{{ zabbix_agent_hostmetadata | default(omit) }}" + ZBX_METADATAITEM: "{{ zabbix_agent_hostmetadataitem | default(omit) }}" + ZBX_REFRESHACTIVECHECKS: "{{ zabbix_agent_refreshactivechecks | default(omit) }}" + ZBX_BUFFERSEND: "{{ zabbix_agent_buffersend | default(omit) }}" + ZBX_BUFFERSIZE: "{{ zabbix_agent_buffersize | default(omit) }}" + ZBX_MAXLINESPERSECOND: "{{ zabbix_agent_maxlinespersecond | default(omit) }}" + ZBX_LISTENIP: "{{ zabbix_agent_listenip }}" + ZBX_UNSAFEUSERPARAMETERS: "{{ zabbix_agent_unsafeuserparameters | default(omit) }}" + ZBX_TLSCONNECT: "{{ zabbix_agent_tlsconnect | default(omit) }}" + ZBX_TLSACCEPT: "{{ zabbix_agent_tlsaccept | default(omit) }}" + ZBX_TLSCAFILE: "{{ zabbix_agent_tlscafile | default(omit) }}" + ZBX_TLSCRLFILE: "{{ zabbix_agent_tlscrlfile | default(omit) }}" + ZBX_TLSSERVERCERTISSUER: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" + ZBX_TLSSERVERCERTSUBJECT: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" + ZBX_TLSCERTFILE: "{{ zabbix_agent_tlscertfile | default(omit) }}" + ZBX_TLSKEYFILE: "{{ zabbix_agent_tlskeyfile | default(omit) }}" + ZBX_TLSPSKIDENTITY: "{{ zabbix_agent_tlspskidentity | default(omit) }}" diff --git a/roles/zabbix-agent/files/sample.conf b/roles/zabbix-agent/files/sample.conf index 6408777..70df285 100644 --- a/roles/zabbix-agent/files/sample.conf +++ b/roles/zabbix-agent/files/sample.conf @@ -1,3 +1,3 @@ -# This is an sample userparameters file. - -UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive +# This is an sample userparameters file. + +UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive diff --git a/roles/zabbix-agent/handlers/main.yml b/roles/zabbix-agent/handlers/main.yml index 9f04b1a..46fa0a8 100644 --- a/roles/zabbix-agent/handlers/main.yml +++ b/roles/zabbix-agent/handlers/main.yml @@ -1,40 +1,40 @@ ---- -# handlers file for zabbix-agent - -- name: restart zabbix-agent - ansible.builtin.service: - name: "{{ zabbix_agent_service }}" - state: restarted - enabled: true - become: true - when: - - not zabbix_agent_docker - - ansible_os_family != "Windows" and ansible_os_family != "Darwin" - -- name: firewalld-reload - ansible.builtin.command: "firewall-cmd --reload" - become: true - when: - - ansible_facts.services["firewalld"] is defined - - ansible_facts.services["firewalld"].state == "running" - -- name: restart win zabbix agent - win_service: - name: "{{ zabbix_win_svc_name }}" - state: restarted - when: - - ansible_os_family == "Windows" - -- name: restart mac zabbix agent - ansible.builtin.command: "launchctl kickstart -k system/{{ zabbix_agent_service }}" - become: true - when: - - not zabbix_agent_docker - - ansible_os_family == "Darwin" - -- name: "clean repo files from proxy creds" - ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true - become: true - when: - - ansible_os_family == 'RedHat' - - zabbix_http_proxy is defined or zabbix_https_proxy is defined +--- +# handlers file for zabbix-agent + +- name: restart zabbix-agent + ansible.builtin.service: + name: "{{ zabbix_agent_service }}" + state: restarted + enabled: true + become: true + when: + - not zabbix_agent_docker + - ansible_os_family != "Windows" and ansible_os_family != "Darwin" + +- name: firewalld-reload + ansible.builtin.command: "firewall-cmd --reload" + become: true + when: + - ansible_facts.services["firewalld"] is defined + - ansible_facts.services["firewalld"].state == "running" + +- name: restart win zabbix agent + win_service: + name: "{{ zabbix_win_svc_name }}" + state: restarted + when: + - ansible_os_family == "Windows" + +- name: restart mac zabbix agent + ansible.builtin.command: "launchctl kickstart -k system/{{ zabbix_agent_service }}" + become: true + when: + - not zabbix_agent_docker + - ansible_os_family == "Darwin" + +- name: "clean repo files from proxy creds" + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + become: true + when: + - ansible_os_family == 'RedHat' + - zabbix_http_proxy is defined or zabbix_https_proxy is defined diff --git a/roles/zabbix-agent/meta/main.yml b/roles/zabbix-agent/meta/main.yml index c71c861..22803e0 100644 --- a/roles/zabbix-agent/meta/main.yml +++ b/roles/zabbix-agent/meta/main.yml @@ -1,42 +1,42 @@ ---- -galaxy_info: - author: Werner Dijkerman - description: Installing and maintaining zabbix-agent for RedHat/Debian/Ubuntu/Windows/Suse. - company: myCompany.Dotcom - license: MIT - min_ansible_version: 2.7 - platforms: - - name: EL - versions: - - 5 - - 6 - - 7 - - name: Ubuntu - versions: - - lucid - - precise - - trusty - - xenial - - bionic - - name: Debian - versions: - - squeeze - - wheezy - - jessie - - stretch - - buster - - name: opensuse - versions: - - 12.1 - - 12.2 - - 12.3 - - 13.1 - - 13.2 - - name: Windows - versions: - - all - - galaxy_tags: - - zabbix - - monitoring -dependencies: [] +--- +galaxy_info: + author: Werner Dijkerman + description: Installing and maintaining zabbix-agent for RedHat/Debian/Ubuntu/Windows/Suse. + company: myCompany.Dotcom + license: MIT + min_ansible_version: 2.7 + platforms: + - name: EL + versions: + - 5 + - 6 + - 7 + - name: Ubuntu + versions: + - lucid + - precise + - trusty + - xenial + - bionic + - name: Debian + versions: + - squeeze + - wheezy + - jessie + - stretch + - buster + - name: opensuse + versions: + - 12.1 + - 12.2 + - 12.3 + - 13.1 + - 13.2 + - name: Windows + versions: + - all + + galaxy_tags: + - zabbix + - monitoring +dependencies: [] diff --git a/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 b/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 index e6aa95d..1df5be7 100644 --- a/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 +++ b/roles/zabbix-agent/molecule/with-server/Dockerfile.j2 @@ -1,14 +1,14 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/zabbix-agent/molecule/with-server/INSTALL.rst b/roles/zabbix-agent/molecule/with-server/INSTALL.rst index 071b995..3c2ae97 100644 --- a/roles/zabbix-agent/molecule/with-server/INSTALL.rst +++ b/roles/zabbix-agent/molecule/with-server/INSTALL.rst @@ -1,26 +1,26 @@ -******************************** -Docker driver installation guide -******************************** - -Requirements -============ - -* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) -* Docker Engine -* docker-py -* docker - -Install -======= - -Ansible < 2.6 - -.. code-block:: bash - - $ sudo pip install docker-py - -Ansible >= 2.6 - -.. code-block:: bash - - $ sudo pip install docker +******************************** +Docker driver installation guide +******************************** + +Requirements +============ + +* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) +* Docker Engine +* docker-py +* docker + +Install +======= + +Ansible < 2.6 + +.. code-block:: bash + + $ sudo pip install docker-py + +Ansible >= 2.6 + +.. code-block:: bash + + $ sudo pip install docker diff --git a/roles/zabbix-agent/molecule/with-server/molecule.yml b/roles/zabbix-agent/molecule/with-server/molecule.yml index 137eac3..7795860 100644 --- a/roles/zabbix-agent/molecule/with-server/molecule.yml +++ b/roles/zabbix-agent/molecule/with-server/molecule.yml @@ -1,73 +1,73 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: zabbix-server-centos - image: milcom/centos7-systemd:latest - groups: - - zabbix_server - - mysql - privileged: true - networks: - - name: zabbix - published_ports: - - "80:80" - - name: zabbix-agent-centos - image: milcom/centos7-systemd:latest - groups: - - zabbix_agent - privileged: true - networks: - - name: zabbix - - name: zabbix-agent-debian - image: minimum2scp/systemd-stretch:latest - command: /sbin/init - groups: - - zabbix_agent - privileged: true - networks: - - name: zabbix - - name: zabbix-agent-ubuntu - image: solita/ubuntu-systemd:bionic - groups: - - zabbix_agent - privileged: true - networks: - - name: zabbix - -provisioner: - name: ansible - playbooks: - docker: - create: ../default/create.yml - destroy: ../default/destroy.yml - inventory: - group_vars: - all: - zabbix_api_create_hosts: true - zabbix_api_create_hostgroup: true - zabbix_api_server_url: http://zabbix-server-centos - zabbix_apache_servername: zabbix-server-centos - mysql: - zabbix_server_database: mysql - zabbix_server_database_long: mysql - zabbix_server_dbport: 3306 - database_type: mysql - database_type_long: mysql - host_vars: - zabbix-agent-fedora: - ansible_python_interpreter: /usr/bin/python3 - zabbix-agent-ubuntu: - zabbix_agent_tlsaccept: psk - zabbix_agent_tlsconnect: psk - zabbix_agent_tlspskidentity: "myhost PSK" - zabbix_agent_tlspsk_secret: b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d - zabbix_agent_tlspskfile: /etc/zabbix/zabbix_agent_pskfile.psk - -scenario: - name: with-server - -verifier: - name: testinfra +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: zabbix-server-centos + image: milcom/centos7-systemd:latest + groups: + - zabbix_server + - mysql + privileged: true + networks: + - name: zabbix + published_ports: + - "80:80" + - name: zabbix-agent-centos + image: milcom/centos7-systemd:latest + groups: + - zabbix_agent + privileged: true + networks: + - name: zabbix + - name: zabbix-agent-debian + image: minimum2scp/systemd-stretch:latest + command: /sbin/init + groups: + - zabbix_agent + privileged: true + networks: + - name: zabbix + - name: zabbix-agent-ubuntu + image: solita/ubuntu-systemd:bionic + groups: + - zabbix_agent + privileged: true + networks: + - name: zabbix + +provisioner: + name: ansible + playbooks: + docker: + create: ../default/create.yml + destroy: ../default/destroy.yml + inventory: + group_vars: + all: + zabbix_api_create_hosts: true + zabbix_api_create_hostgroup: true + zabbix_api_server_url: http://zabbix-server-centos + zabbix_apache_servername: zabbix-server-centos + mysql: + zabbix_server_database: mysql + zabbix_server_database_long: mysql + zabbix_server_dbport: 3306 + database_type: mysql + database_type_long: mysql + host_vars: + zabbix-agent-fedora: + ansible_python_interpreter: /usr/bin/python3 + zabbix-agent-ubuntu: + zabbix_agent_tlsaccept: psk + zabbix_agent_tlsconnect: psk + zabbix_agent_tlspskidentity: "myhost PSK" + zabbix_agent_tlspsk_secret: b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d + zabbix_agent_tlspskfile: /etc/zabbix/zabbix_agent_pskfile.psk + +scenario: + name: with-server + +verifier: + name: testinfra diff --git a/roles/zabbix-agent/molecule/with-server/playbook.yml b/roles/zabbix-agent/molecule/with-server/playbook.yml index 2f07954..21c3ea0 100644 --- a/roles/zabbix-agent/molecule/with-server/playbook.yml +++ b/roles/zabbix-agent/molecule/with-server/playbook.yml @@ -1,24 +1,24 @@ ---- -- name: Converge - hosts: all:!zabbix_server - pre_tasks: - - name: "Get IP Server" - ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 - register: ip_address - delegate_to: zabbix-server-centos - changed_when: false - tags: - - skip_ansible_lint - - - name: "Get IP hosts" - ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 - register: ip_address_host - changed_when: false - tags: - - skip_ansible_lint - - roles: - - role: zabbix_agent - zabbix_agent_ip: "{{ ip_address_host.stdout }}" - zabbix_agent_server: "{{ ip_address.stdout }}" - zabbix_agent_serveractive: "{{ ip_address.stdout }}" +--- +- name: Converge + hosts: all:!zabbix_server + pre_tasks: + - name: "Get IP Server" + ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + register: ip_address + delegate_to: zabbix-server-centos + changed_when: false + tags: + - skip_ansible_lint + + - name: "Get IP hosts" + ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + register: ip_address_host + changed_when: false + tags: + - skip_ansible_lint + + roles: + - role: zabbix_agent + zabbix_agent_ip: "{{ ip_address_host.stdout }}" + zabbix_agent_server: "{{ ip_address.stdout }}" + zabbix_agent_serveractive: "{{ ip_address.stdout }}" diff --git a/roles/zabbix-agent/molecule/with-server/prepare.yml b/roles/zabbix-agent/molecule/with-server/prepare.yml index 582006d..a08d0fa 100644 --- a/roles/zabbix-agent/molecule/with-server/prepare.yml +++ b/roles/zabbix-agent/molecule/with-server/prepare.yml @@ -1,114 +1,114 @@ ---- -- name: Prepare - hosts: zabbix_server - pre_tasks: - - name: "Installing EPEL" - ansible.builtin.yum: - name: - - epel-release - state: present - when: ansible_distribution == 'CentOS' - - - name: "Installing packages" - ansible.builtin.yum: - name: - - net-tools - - which - - libselinux-python - - python-pip - state: present - register: installation_dependencies - when: ansible_distribution == 'CentOS' - - - name: "Installing which on NON-CentOS" - ansible.builtin.apt: - name: - - net-tools - - python-pip - - curl - state: present - when: ansible_distribution != 'CentOS' - - - name: "Configure SUDO." - ansible.builtin.lineinfile: - dest: /etc/sudoers - line: "Defaults !requiretty" - state: present - - - name: "Make sure the docs are installed." - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - - - name: "Installing some python dependencies" - ansible.builtin.pip: - name: py-zabbix - state: present - - roles: - - role: geerlingguy.mysql - - role: zabbix_server - - role: zabbix_web - -- name: Prepare - hosts: all:!zabbix_server:!docker - tasks: - - name: "Installing packages on CentOS family" - ansible.builtin.yum: - name: - - net-tools - - which - state: present - when: - - ansible_os_family == 'RedHat' - - - name: "Installing packages on Debian family" - ansible.builtin.apt: - name: - - net-tools - state: present - when: - - ansible_os_family == 'Debian' - -- name: Converge - hosts: docker - tasks: - - name: "Download Docker CE repo file" - ansible.builtin.get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - mode: 0644 - register: zabbix_agent_prepare_docker_repo - until: zabbix_agent_prepare_docker_repo is succeeded - - - name: "Installing Epel" - ansible.builtin.package: - pkg: - - epel-release - state: present - register: zabbix_agent_prepare_docker_install - until: zabbix_agent_prepare_docker_install is succeeded - - - name: "Installing Docker" - ansible.builtin.package: - pkg: - - docker-ce - - python-pip - - python-setuptools - state: present - register: zabbix_agent_prepare_docker_install - until: zabbix_agent_prepare_docker_install is succeeded - - - name: "Installing Docker Python" - ansible.builtin.pip: - name: - - docker - state: present - register: zabbix_agent_prepare_docker_install - until: zabbix_agent_prepare_docker_install is succeeded - - - name: "Starting Docker service" - ansible.builtin.service: - name: docker - state: started +--- +- name: Prepare + hosts: zabbix_server + pre_tasks: + - name: "Installing EPEL" + ansible.builtin.yum: + name: + - epel-release + state: present + when: ansible_distribution == 'CentOS' + + - name: "Installing packages" + ansible.builtin.yum: + name: + - net-tools + - which + - libselinux-python + - python-pip + state: present + register: installation_dependencies + when: ansible_distribution == 'CentOS' + + - name: "Installing which on NON-CentOS" + ansible.builtin.apt: + name: + - net-tools + - python-pip + - curl + state: present + when: ansible_distribution != 'CentOS' + + - name: "Configure SUDO." + ansible.builtin.lineinfile: + dest: /etc/sudoers + line: "Defaults !requiretty" + state: present + + - name: "Make sure the docs are installed." + ansible.builtin.lineinfile: + dest: /etc/yum.conf + line: "tsflags=nodocs" + state: absent + + - name: "Installing some python dependencies" + ansible.builtin.pip: + name: py-zabbix + state: present + + roles: + - role: geerlingguy.mysql + - role: zabbix_server + - role: zabbix_web + +- name: Prepare + hosts: all:!zabbix_server:!docker + tasks: + - name: "Installing packages on CentOS family" + ansible.builtin.yum: + name: + - net-tools + - which + state: present + when: + - ansible_os_family == 'RedHat' + + - name: "Installing packages on Debian family" + ansible.builtin.apt: + name: + - net-tools + state: present + when: + - ansible_os_family == 'Debian' + +- name: Converge + hosts: docker + tasks: + - name: "Download Docker CE repo file" + ansible.builtin.get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + mode: 0644 + register: zabbix_agent_prepare_docker_repo + until: zabbix_agent_prepare_docker_repo is succeeded + + - name: "Installing Epel" + ansible.builtin.package: + pkg: + - epel-release + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker" + ansible.builtin.package: + pkg: + - docker-ce + - python-pip + - python-setuptools + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Installing Docker Python" + ansible.builtin.pip: + name: + - docker + state: present + register: zabbix_agent_prepare_docker_install + until: zabbix_agent_prepare_docker_install is succeeded + + - name: "Starting Docker service" + ansible.builtin.service: + name: docker + state: started diff --git a/roles/zabbix-agent/molecule/with-server/requirements.yml b/roles/zabbix-agent/molecule/with-server/requirements.yml index da9d004..793f925 100644 --- a/roles/zabbix-agent/molecule/with-server/requirements.yml +++ b/roles/zabbix-agent/molecule/with-server/requirements.yml @@ -1,5 +1,5 @@ ---- -- src: geerlingguy.apache -- src: geerlingguy.mysql -- src: dj-wasabi.zabbix-server -- src: dj-wasabi.zabbix-web +--- +- src: geerlingguy.apache +- src: geerlingguy.mysql +- src: dj-wasabi.zabbix-server +- src: dj-wasabi.zabbix-web diff --git a/roles/zabbix-agent/molecule/with-server/tests/test_agent.py b/roles/zabbix-agent/molecule/with-server/tests/test_agent.py index 5f373ca..b6fbb22 100644 --- a/roles/zabbix-agent/molecule/with-server/tests/test_agent.py +++ b/roles/zabbix-agent/molecule/with-server/tests/test_agent.py @@ -1,44 +1,44 @@ -import os -from zabbix_api import ZabbixAPI - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_agent') - - -def authenticate(): - zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') - zapi.login("Admin", "zabbix") - return zapi - - -def test_psk_host(host): - zapi = authenticate() - hostname = host.check_output('hostname -s') - host_name = "zabbix-agent-ubuntu" - - server_data = zapi.host.get({'output': 'extend', 'selectInventory': 'extend', 'filter': {'host': [hostname]}}) - - if hostname == host_name: - assert server_data[0]['tls_psk'] == "b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d" - assert server_data[0]['tls_psk_identity'] == "myhost PSK" - assert server_data[0]['tls_accept'] == "2" - else: - assert server_data[0]['tls_psk'] == "" - assert server_data[0]['tls_psk_identity'] == "" - assert server_data[0]['tls_accept'] == "1" - - -def test_zabbix_agent_psk(host): - hostname = host.check_output('hostname -s') - host_name = "zabbix-agent-ubuntu" - - psk_file = host.file("/etc/zabbix/zabbix_agent_pskfile.psk") - if hostname == host_name: - assert psk_file.user == "zabbix" - assert psk_file.group == "zabbix" - assert psk_file.mode == 0o400 - assert psk_file.contains("b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d") - else: - assert not psk_file.exists +import os +from zabbix_api import ZabbixAPI + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_agent') + + +def authenticate(): + zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') + zapi.login("Admin", "zabbix") + return zapi + + +def test_psk_host(host): + zapi = authenticate() + hostname = host.check_output('hostname -s') + host_name = "zabbix-agent-ubuntu" + + server_data = zapi.host.get({'output': 'extend', 'selectInventory': 'extend', 'filter': {'host': [hostname]}}) + + if hostname == host_name: + assert server_data[0]['tls_psk'] == "b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d" + assert server_data[0]['tls_psk_identity'] == "myhost PSK" + assert server_data[0]['tls_accept'] == "2" + else: + assert server_data[0]['tls_psk'] == "" + assert server_data[0]['tls_psk_identity'] == "" + assert server_data[0]['tls_accept'] == "1" + + +def test_zabbix_agent_psk(host): + hostname = host.check_output('hostname -s') + host_name = "zabbix-agent-ubuntu" + + psk_file = host.file("/etc/zabbix/zabbix_agent_pskfile.psk") + if hostname == host_name: + assert psk_file.user == "zabbix" + assert psk_file.group == "zabbix" + assert psk_file.mode == 0o400 + assert psk_file.contains("b7e3d380b9d400676d47198ecf3592ccd4795a59668aa2ade29f0003abbbd40d") + else: + assert not psk_file.exists diff --git a/roles/zabbix-agent/molecule/with-server/tests/test_default.py b/roles/zabbix-agent/molecule/with-server/tests/test_default.py index cbedaa1..f81cca3 100644 --- a/roles/zabbix-agent/molecule/with-server/tests/test_default.py +++ b/roles/zabbix-agent/molecule/with-server/tests/test_default.py @@ -1,41 +1,41 @@ -import os -from zabbix_api import ZabbixAPI - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_server') - - -def authenticate(): - zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') - zapi.login("Admin", "zabbix") - return zapi - - -def get_hosts(): - return [ - "zabbix-agent-debian", - "zabbix-agent-ubuntu", - "zabbix-agent-centos", - "zabbix-agent-docker-centos" - ] - - -def test_hosts(): - zapi = authenticate() - hosts = get_hosts() - servers = zapi.host.get({'output': ["hostid", "name"]}) - - for server in servers: - if server['name'] != 'Zabbix server': - assert server['name'] in hosts - - -def test_hosts_status(): - zapi = authenticate() - servers = zapi.host.get({'output': ["status", "name"]}) - - for server in servers: - if server['name'] != 'Zabbix server': - assert int(server['status']) == 0 +import os +from zabbix_api import ZabbixAPI + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('zabbix_server') + + +def authenticate(): + zapi = ZabbixAPI(server='http://zabbix-server-centos/api_jsonrpc.php') + zapi.login("Admin", "zabbix") + return zapi + + +def get_hosts(): + return [ + "zabbix-agent-debian", + "zabbix-agent-ubuntu", + "zabbix-agent-centos", + "zabbix-agent-docker-centos" + ] + + +def test_hosts(): + zapi = authenticate() + hosts = get_hosts() + servers = zapi.host.get({'output': ["hostid", "name"]}) + + for server in servers: + if server['name'] != 'Zabbix server': + assert server['name'] in hosts + + +def test_hosts_status(): + zapi = authenticate() + servers = zapi.host.get({'output': ["status", "name"]}) + + for server in servers: + if server['name'] != 'Zabbix server': + assert int(server['status']) == 0 diff --git a/roles/zabbix-agent/tasks/Debian.yml b/roles/zabbix-agent/tasks/Debian.yml index 35391a5..3a56b8e 100644 --- a/roles/zabbix-agent/tasks/Debian.yml +++ b/roles/zabbix-agent/tasks/Debian.yml @@ -1,151 +1,151 @@ ---- -# Tasks specific for Debian/Ubuntu Systems - -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Repo URL" - ansible.builtin.set_fact: - zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}{{ '-arm64' if ansible_machine == 'aarch64' else ''}}" - when: - - zabbix_repo_deb_url is undefined - tags: - - always - -- name: "Debian | Installing gnupg" - ansible.builtin.apt: - pkg: gnupg - update_cache: true - cache_valid_time: 3600 - force: true - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - tags: - - install - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - ansible.builtin.get_url: - url: http://repo.zabbix.com/zabbix-official-repo.key - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb deb-src - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - when: - - zabbix_agent_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" - content: | - Package: {{ zabbix_agent_package }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_agent_apt_priority | int }} - owner: root - mode: "0644" - when: - - zabbix_agent_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Installing zabbix-agent" - ansible.builtin.apt: - pkg: "{{ zabbix_agent_package }}" - state: "{{ zabbix_agent_package_state }}" - update_cache: true - cache_valid_time: 0 - force_apt_get: "{{ zabbix_apt_force_apt_get }}" - install_recommends: "{{ zabbix_apt_install_recommends }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - tags: - - install - -- name: "Debian | Installing zabbix-{sender,get}" - ansible.builtin.apt: - pkg: - - "{{ zabbix_sender_package }}" - - "{{ zabbix_get_package }}" - state: "{{ zabbix_agent_package_state }}" - update_cache: true - cache_valid_time: 0 - force_apt_get: "{{ zabbix_apt_force_apt_get }}" - install_recommends: "{{ zabbix_apt_install_recommends }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - not zabbix_agent_install_agent_only - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - check_mode: false - tags: - - install - -- name: "Debian | Enable the service" - ansible.builtin.service: - name: "{{ zabbix_agent_service }}" - enabled: true - use: service - become: true - tags: - - service +--- +# Tasks specific for Debian/Ubuntu Systems + +- name: "Debian | Set some variables" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}" + zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}" + tags: + - always + +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}{{ '-arm64' if ansible_machine == 'aarch64' else ''}}" + when: + - zabbix_repo_deb_url is undefined + tags: + - always + +- name: "Debian | Installing gnupg" + ansible.builtin.apt: + pkg: gnupg + update_cache: true + cache_valid_time: 3600 + force: true + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: gnupg_installed + until: gnupg_installed is succeeded + become: true + tags: + - install + +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" + become: true + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") + +- name: "Debian | Download gpg key" + ansible.builtin.get_url: + url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + tags: + - install + +- name: "Debian | Installing repository {{ ansible_distribution }}" + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} + become: true + tags: + - install + +- name: "Debian | Create /etc/apt/preferences.d/" + ansible.builtin.file: + path: /etc/apt/preferences.d/ + state: directory + mode: "0755" + when: + - zabbix_agent_apt_priority | int + become: true + tags: + - install + +- name: "Debian | Configuring the weight for APT" + ansible.builtin.copy: + dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" + content: | + Package: {{ zabbix_agent_package }} + Pin: origin repo.zabbix.com + Pin-Priority: {{ zabbix_agent_apt_priority | int }} + owner: root + mode: "0644" + when: + - zabbix_agent_apt_priority | int + become: true + tags: + - install + +- name: "Debian | Installing zabbix-agent" + ansible.builtin.apt: + pkg: "{{ zabbix_agent_package }}" + state: "{{ zabbix_agent_package_state }}" + update_cache: true + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: true + tags: + - install + +- name: "Debian | Installing zabbix-{sender,get}" + ansible.builtin.apt: + pkg: + - "{{ zabbix_sender_package }}" + - "{{ zabbix_get_package }}" + state: "{{ zabbix_agent_package_state }}" + update_cache: true + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + when: + - not zabbix_agent_install_agent_only + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: true + check_mode: false + tags: + - install + +- name: "Debian | Enable the service" + ansible.builtin.service: + name: "{{ zabbix_agent_service }}" + enabled: true + use: service + become: true + tags: + - service diff --git a/roles/zabbix-agent/tasks/Docker.yml b/roles/zabbix-agent/tasks/Docker.yml index 031a5fe..90656fc 100644 --- a/roles/zabbix-agent/tasks/Docker.yml +++ b/roles/zabbix-agent/tasks/Docker.yml @@ -1,32 +1,32 @@ ---- -- name: "Create volume mount string" - ansible.builtin.set_fact: - volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile" - tls_key: - ZBX_TLSPSKFILE: tlspskfile - when: - - zabbix_agent_tlspskfile is defined - -- name: "Add zabbix_agent_tlspskfile to volume mount" - ansible.builtin.set_fact: - zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}" - zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}" - when: - - zabbix_agent_tlspskfile is defined - -- name: "Ensure Zabbix Docker container is running" - community.docker.docker_container: - name: "{{ zabbix_agent_docker_name }}" - image: "{{ zabbix_agent_docker_image }}:{{ zabbix_agent_docker_image_tag }}" - state: "{{ zabbix_agent_docker_state }}" - restart_policy: "{{ zabbix_agent_docker_restart_policy }}" - network_mode: "{{ zabbix_agent_docker_network_mode }}" - published_ports: "{{ zabbix_agent_docker_ports }}" - privileged: "{{ zabbix_agent_docker_privileged }}" - security_opts: "{{ zabbix_agent_docker_security_opts }}" - volumes: "{{ zabbix_agent_docker_volumes }}" - env: "{{ zabbix_agent_docker_env }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true +--- +- name: "Create volume mount string" + ansible.builtin.set_fact: + volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile" + tls_key: + ZBX_TLSPSKFILE: tlspskfile + when: + - zabbix_agent_tlspskfile is defined + +- name: "Add zabbix_agent_tlspskfile to volume mount" + ansible.builtin.set_fact: + zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}" + zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}" + when: + - zabbix_agent_tlspskfile is defined + +- name: "Ensure Zabbix Docker container is running" + community.docker.docker_container: + name: "{{ zabbix_agent_docker_name }}" + image: "{{ zabbix_agent_docker_image }}:{{ zabbix_agent_docker_image_tag }}" + state: "{{ zabbix_agent_docker_state }}" + restart_policy: "{{ zabbix_agent_docker_restart_policy }}" + network_mode: "{{ zabbix_agent_docker_network_mode }}" + published_ports: "{{ zabbix_agent_docker_ports }}" + privileged: "{{ zabbix_agent_docker_privileged }}" + security_opts: "{{ zabbix_agent_docker_security_opts }}" + volumes: "{{ zabbix_agent_docker_volumes }}" + env: "{{ zabbix_agent_docker_env }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true diff --git a/roles/zabbix-agent/tasks/Linux.yml b/roles/zabbix-agent/tasks/Linux.yml index c4c8fc4..de06858 100644 --- a/roles/zabbix-agent/tasks/Linux.yml +++ b/roles/zabbix-agent/tasks/Linux.yml @@ -1,239 +1,239 @@ ---- -- name: "Set default ip address for zabbix_agent_ip" - ansible.builtin.set_fact: - zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" - when: - - zabbix_agent_ip is not defined - - "'ansible_default_ipv4' in hostvars[inventory_hostname]" - tags: - - config - -- name: "Get Total Private IP Addresses" - ansible.builtin.set_fact: - total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}" - when: - - ansible_all_ipv4_addresses is defined - - not (zabbix_agent_dont_detect_ip) - tags: - - config - -- name: "Set first public ip address for zabbix_agent_ip" - ansible.builtin.set_fact: - zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}" - zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" - zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" - zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}" - zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}" - when: - - zabbix_agent_ip is not defined - - total_private_ip_addresses is defined - - total_private_ip_addresses == '0' - tags: - - config - -- name: "Set first private ip address for zabbix_agent_ip" - ansible.builtin.set_fact: - zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}" - when: - - zabbix_agent_ip is not defined - - total_private_ip_addresses is defined - - total_private_ip_addresses != '0' - tags: - - config - -- name: "Fail invalid specified agent_listeninterface" - ansible.builtin.fail: - msg: "The specified network interface does not exist" - when: - - (zabbix_agent_listeninterface) - - (zabbix_agent_listeninterface not in ansible_interfaces) - tags: - - config - -- name: "Set network interface" - ansible.builtin.set_fact: - network_interface: ansible_{{ zabbix_agent_listeninterface }} - when: - - (zabbix_agent_listeninterface) - - not zabbix_agent_listenip - tags: - - config - -- name: "Get IP of agent_listeninterface when no agent_listenip specified" - ansible.builtin.set_fact: - zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" - when: - - (zabbix_agent_listeninterface) - - not zabbix_agent_listenip - tags: - - config - - api - -- name: "Default agent_listenip to all when not specified" - ansible.builtin.set_fact: - zabbix_agent_listenip: "0.0.0.0" - when: - - not (zabbix_agent_listenip) - tags: - - config - -- name: "Fail invalid specified agent_listenip" - ansible.builtin.fail: - msg: "The agent_listenip does not exist" - when: - - zabbix_agent_listenip != '0.0.0.0' - - zabbix_agent_listenip != '127.0.0.1' - - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) - tags: - - config - -- name: "Configure SELinux when enabled" - ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_selinux | bool - -- name: "Adding zabbix group" - ansible.builtin.group: - name: zabbix - state: present - gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}" - become: true - when: - - zabbix_agent_docker | bool - tags: - - config - -- name: "Adding zabbix user" - ansible.builtin.user: - name: zabbix - group: zabbix - state: present - create_home: false - home: /etc/zabbix - uid: "{{ zabbix_agent_docker_user_uid | default(omit) }}" - system: true - become: true - when: - - zabbix_agent_docker | bool - tags: - - config - -- name: "Configure zabbix-agent" - ansible.builtin.template: - src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}" - dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}" - owner: root - group: root - mode: "{{ zabbix_agent_conf_mode }}" - notify: - - restart zabbix-agent - become: true - when: - - not (zabbix_agent_docker | bool) - tags: - - config - -- name: "Create directory for PSK file if not exist." - ansible.builtin.file: - path: "{{ zabbix_agent_tlspskfile | dirname }}" - mode: 0755 - state: directory - become: true - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - not (zabbix_agent2 | bool) - tags: - - config - -- name: "Create directory for PSK file if not exist (zabbix-agent2)" - ansible.builtin.file: - path: "{{ zabbix_agent2_tlspskfile | dirname }}" - mode: 0755 - state: directory - become: true - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - zabbix_agent2 | bool - tags: - - config - -- name: "Place TLS PSK File" - ansible.builtin.copy: - dest: "{{ zabbix_agent_tlspskfile }}" - content: "{{ zabbix_agent_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - zabbix_agent_tlspsk_secret is defined - - not (zabbix_agent2 | bool) - notify: - - restart zabbix-agent - tags: - - config - -- name: "Place TLS PSK File (zabbix-agent2)" - ansible.builtin.copy: - dest: "{{ zabbix_agent2_tlspskfile }}" - content: "{{ zabbix_agent2_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - zabbix_agent2_tlspsk_secret is defined - - zabbix_agent2 | bool - notify: - - restart zabbix-agent - tags: - - config - -- name: "Create include dir zabbix-agent" - ansible.builtin.file: - path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}" - owner: root - group: zabbix - mode: "{{ zabbix_agent_include_mode if not zabbix_agent2 else zabbix_agent2_include_mode }}" - state: directory - become: true - tags: - - config - -- name: "Install the Docker container" - ansible.builtin.include_tasks: Docker.yml - when: - - zabbix_agent_docker | bool - -- name: "Remove zabbix-agent installation when zabbix-agent2 is used." - ansible.builtin.include_tasks: remove.yml - when: - - zabbix_agent2 | bool - - zabbix_agent_package_remove - -- name: "Make sure the zabbix-agent service is running" - ansible.builtin.service: - name: "{{ zabbix_agent_service }}" - state: started - enabled: true - become: true - when: - - not (zabbix_agent_docker | bool) - tags: - - service - -- name: "Give zabbix-agent access to system.hw.chassis info" - ansible.builtin.file: - path: /sys/firmware/dmi/tables/DMI - owner: root - group: zabbix - become: true - when: zabbix_agent_chassis | bool - tags: - - config +--- +- name: "Set default ip address for zabbix_agent_ip" + ansible.builtin.set_fact: + zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" + when: + - zabbix_agent_ip is not defined + - "'ansible_default_ipv4' in hostvars[inventory_hostname]" + tags: + - config + +- name: "Get Total Private IP Addresses" + ansible.builtin.set_fact: + total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}" + when: + - ansible_all_ipv4_addresses is defined + - not (zabbix_agent_dont_detect_ip) + tags: + - config + +- name: "Set first public ip address for zabbix_agent_ip" + ansible.builtin.set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}" + zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" + zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" + zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}" + zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses == '0' + tags: + - config + +- name: "Set first private ip address for zabbix_agent_ip" + ansible.builtin.set_fact: + zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}" + when: + - zabbix_agent_ip is not defined + - total_private_ip_addresses is defined + - total_private_ip_addresses != '0' + tags: + - config + +- name: "Fail invalid specified agent_listeninterface" + ansible.builtin.fail: + msg: "The specified network interface does not exist" + when: + - (zabbix_agent_listeninterface) + - (zabbix_agent_listeninterface not in ansible_interfaces) + tags: + - config + +- name: "Set network interface" + ansible.builtin.set_fact: + network_interface: ansible_{{ zabbix_agent_listeninterface }} + when: + - (zabbix_agent_listeninterface) + - not zabbix_agent_listenip + tags: + - config + +- name: "Get IP of agent_listeninterface when no agent_listenip specified" + ansible.builtin.set_fact: + zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" + when: + - (zabbix_agent_listeninterface) + - not zabbix_agent_listenip + tags: + - config + - api + +- name: "Default agent_listenip to all when not specified" + ansible.builtin.set_fact: + zabbix_agent_listenip: "0.0.0.0" + when: + - not (zabbix_agent_listenip) + tags: + - config + +- name: "Fail invalid specified agent_listenip" + ansible.builtin.fail: + msg: "The agent_listenip does not exist" + when: + - zabbix_agent_listenip != '0.0.0.0' + - zabbix_agent_listenip != '127.0.0.1' + - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) + tags: + - config + +- name: "Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: + - zabbix_selinux | bool + +- name: "Adding zabbix group" + ansible.builtin.group: + name: zabbix + state: present + gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}" + become: true + when: + - zabbix_agent_docker | bool + tags: + - config + +- name: "Adding zabbix user" + ansible.builtin.user: + name: zabbix + group: zabbix + state: present + create_home: false + home: /etc/zabbix + uid: "{{ zabbix_agent_docker_user_uid | default(omit) }}" + system: true + become: true + when: + - zabbix_agent_docker | bool + tags: + - config + +- name: "Configure zabbix-agent" + ansible.builtin.template: + src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}" + dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}" + owner: root + group: root + mode: "{{ zabbix_agent_conf_mode }}" + notify: + - restart zabbix-agent + become: true + when: + - not (zabbix_agent_docker | bool) + tags: + - config + +- name: "Create directory for PSK file if not exist." + ansible.builtin.file: + path: "{{ zabbix_agent_tlspskfile | dirname }}" + mode: 0755 + state: directory + become: true + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - not (zabbix_agent2 | bool) + tags: + - config + +- name: "Create directory for PSK file if not exist (zabbix-agent2)" + ansible.builtin.file: + path: "{{ zabbix_agent2_tlspskfile | dirname }}" + mode: 0755 + state: directory + become: true + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent2 | bool + tags: + - config + +- name: "Place TLS PSK File" + ansible.builtin.copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent_tlspsk_secret is defined + - not (zabbix_agent2 | bool) + notify: + - restart zabbix-agent + tags: + - config + +- name: "Place TLS PSK File (zabbix-agent2)" + ansible.builtin.copy: + dest: "{{ zabbix_agent2_tlspskfile }}" + content: "{{ zabbix_agent2_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent2_tlspsk_secret is defined + - zabbix_agent2 | bool + notify: + - restart zabbix-agent + tags: + - config + +- name: "Create include dir zabbix-agent" + ansible.builtin.file: + path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}" + owner: root + group: zabbix + mode: "{{ zabbix_agent_include_mode if not zabbix_agent2 else zabbix_agent2_include_mode }}" + state: directory + become: true + tags: + - config + +- name: "Install the Docker container" + ansible.builtin.include_tasks: Docker.yml + when: + - zabbix_agent_docker | bool + +- name: "Remove zabbix-agent installation when zabbix-agent2 is used." + ansible.builtin.include_tasks: remove.yml + when: + - zabbix_agent2 | bool + - zabbix_agent_package_remove + +- name: "Make sure the zabbix-agent service is running" + ansible.builtin.service: + name: "{{ zabbix_agent_service }}" + state: started + enabled: true + become: true + when: + - not (zabbix_agent_docker | bool) + tags: + - service + +- name: "Give zabbix-agent access to system.hw.chassis info" + ansible.builtin.file: + path: /sys/firmware/dmi/tables/DMI + owner: root + group: zabbix + become: true + when: zabbix_agent_chassis | bool + tags: + - config diff --git a/roles/zabbix-agent/tasks/RedHat.yml b/roles/zabbix-agent/tasks/RedHat.yml index f23cb46..c85d8e5 100644 --- a/roles/zabbix-agent/tasks/RedHat.yml +++ b/roles/zabbix-agent/tasks/RedHat.yml @@ -1,70 +1,70 @@ ---- -# Tasks specific for RedHat systems - -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - -- name: Check if warn parameter can be used for shell module - ansible.builtin.set_fact: - produce_warn: False - when: ansible_version.full is version("2.14", "<") - tags: - - always - -- name: "RedHat | Installing zabbix-agent" - ansible.builtin.package: - pkg: - - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - state: "{{ zabbix_agent_package_state }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - tags: - - install - -- name: "RedHat | Installing zabbix-{sender,get}" - ansible.builtin.package: - pkg: - - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - state: "{{ zabbix_agent_package_state }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - when: - - not zabbix_agent_install_agent_only - become: true - tags: - - install - -- name: "RedHat | Enable the service" - ansible.builtin.service: - name: "{{ zabbix_agent_service }}" - enabled: true - use: service - become: true - tags: - - service +--- +# Tasks specific for RedHat systems + +- name: "RedHat | Install basic repo file" + ansible.builtin.yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: "{{ item.gpgcheck }}" + gpgkey: "{{ item.gpgkey }}" + mode: "{{ item.mode | default('0644') }}" + priority: "{{ item.priority | default('99') }}" + state: "{{ item.state | default('present') }}" + proxy: "{{ zabbix_http_proxy | default(omit) }}" + with_items: "{{ zabbix_repo_yum }}" + register: yum_repo_installed + become: true + notify: + - "clean repo files from proxy creds" + tags: + - install + +- name: Check if warn parameter can be used for shell module + ansible.builtin.set_fact: + produce_warn: False + when: ansible_version.full is version("2.14", "<") + tags: + - always + +- name: "RedHat | Installing zabbix-agent" + ansible.builtin.package: + pkg: + - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + state: "{{ zabbix_agent_package_state }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: true + tags: + - install + +- name: "RedHat | Installing zabbix-{sender,get}" + ansible.builtin.package: + pkg: + - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + state: "{{ zabbix_agent_package_state }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + when: + - not zabbix_agent_install_agent_only + become: true + tags: + - install + +- name: "RedHat | Enable the service" + ansible.builtin.service: + name: "{{ zabbix_agent_service }}" + enabled: true + use: service + become: true + tags: + - service diff --git a/roles/zabbix-agent/tasks/Windows.yml b/roles/zabbix-agent/tasks/Windows.yml index 9b7501d..177db17 100644 --- a/roles/zabbix-agent/tasks/Windows.yml +++ b/roles/zabbix-agent/tasks/Windows.yml @@ -1,352 +1,352 @@ ---- -- name: "Windows | Set default architecture" - ansible.builtin.set_fact: - windows_arch: 32 - tags: - - always - -- name: "Windows | Override architecture if 64-bit" - ansible.builtin.set_fact: - windows_arch: 64 - when: - - ansible_architecture == "64-bit" - tags: - - always - -- name: "Windows | Set path to zabbix.exe" - ansible.builtin.set_fact: - zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe' - tags: - - always - -- name: "Windows | Set variables specific to Zabbix" - ansible.builtin.set_fact: - zabbix_win_svc_name: Zabbix Agent - zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe' - zabbix_win_config_name: "zabbix_agentd.conf" - zabbix2_win_svc_name: Zabbix Agent 2 - zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe' - zabbix2_win_config_name: "zabbix_agent2.conf" - tags: - - always - -- name: "Windows | Check if Zabbix agent is present" - ansible.windows.win_stat: - path: "{{ item }}" - with_items: - - "{{ zabbix_win_exe_path }}" - - "{{ zabbix2_win_exe_path }}" - register: agent_file_info - tags: - - always - -- name: "Windows | Get Installed Zabbix Agent Version" - community.windows.win_file_version: - path: "{{ item.item }}" - register: zabbix_win_exe_info - when: - - item.stat.exists | bool - with_items: "{{ agent_file_info.results }}" - tags: - - always - -- name: "Windows | Set facts current zabbix agent installation" - ansible.builtin.set_fact: - zabbix_agent_1_binary_exist: true - zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version - when: - - zabbix_win_exe_info.results[0] is defined - - zabbix_win_exe_info.results[0].item.stat.exists - - zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path - - zabbix_win_exe_info.results[0].win_file_version.product_version - tags: - - always - -- name: "Windows | Set facts current zabbix agent installation (agent 2)" - ansible.builtin.set_fact: - zabbix_agent_2_binary_exist: true - zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version - when: - - zabbix_win_exe_info.results[1] is defined - - zabbix_win_exe_info.results[1].item.stat.exists - - zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path - - zabbix_win_exe_info.results[1].win_file_version.product_version - tags: - - always - -- name: "Windows | Check Zabbix service" - ansible.windows.win_service: - name: "{{ (item.item.stat.path == zabbix_win_exe_path ) | ternary(zabbix_win_svc_name,zabbix2_win_svc_name) }}" - register: zabbix_service_info - when: item.item.stat.exists - with_items: "{{ zabbix_win_exe_info.results }}" - tags: - - always - -- name: "Windows | Set facts about current zabbix agent service state" - ansible.builtin.set_fact: - zabbix_agent_1_service_exist: true - when: - - zabbix_service_info.results[0].exists is defined - - zabbix_service_info.results[0].exists - - zabbix_service_info.results[0].display_name == zabbix_win_svc_name - tags: - - always - -- name: "Windows | Set facts about current zabbix agent service state (agent 2)" - ansible.builtin.set_fact: - zabbix_agent_2_service_exist: true - when: - - zabbix_service_info.results[1].exists is defined - - zabbix_service_info.results[1].exists - - zabbix_service_info.results[1].display_name == zabbix2_win_svc_name - tags: - - always - -- name: "Windows | Set fact about version change requirement" - ansible.builtin.set_fact: - zabbix_agent_version_change: true - when: > - (zabbix_agent_1_binary_exist | default(false) and - zabbix_win_exe_info.results[0].win_file_version.product_version is version(zabbix_version_long, '<>')) - or - (zabbix_agent_2_binary_exist | default(false) and - zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>')) - or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2) - or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2) - tags: - - always - -################## -# delete section # -################## - -- name: "Windows | Stop Zabbix agent v1" - ansible.windows.win_service: - name: "{{ zabbix_win_svc_name }}" - start_mode: auto - state: stopped - when: - - zabbix_agent_version_change | default(false) or zabbix_agent2 - - zabbix_agent_1_service_exist | default(false) - -- name: "Windows | Stop Zabbix agent v2" - ansible.windows.win_service: - name: "{{ zabbix2_win_svc_name }}" - start_mode: auto - state: stopped - when: - - zabbix_agent_version_change | default(false) or not zabbix_agent2 - - zabbix_agent_2_service_exist | default(false) - -- name: "Windows | Uninstall Zabbix v1" - ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --uninstall' - when: - - zabbix_agent_version_change | default(false) or zabbix_agent2 - - zabbix_agent_1_service_exist | default(false) - -- name: "Windows | Uninstall Zabbix v2" - ansible.windows.win_command: '"{{ zabbix2_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix2_win_config_name }}" --uninstall' - when: - - zabbix_agent_version_change | default(false) or not zabbix_agent2 - - zabbix_agent_2_service_exist | default(false) - -- name: "Windows | Removing Zabbix Directory" - ansible.windows.win_file: - path: "{{ zabbix_win_install_dir }}" - state: absent - when: - ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or - ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false)) - -################### -# install section # -################### - -- name: "Windows | Create directory structure" - ansible.windows.win_file: - path: "{{ item }}" - state: directory - with_items: - - "{{ zabbix_win_install_dir }}" - tags: - - install - -- name: "Windows | Create directory structure, includes" - ansible.windows.win_file: - path: "{{ item }}" - state: directory - with_items: - - "{{ zabbix_agent_win_include }}" - when: - - ('.conf' not in zabbix_agent_win_include) - tags: - - install - -- name: "Windows | Set installation settings (agent 2)" - ansible.builtin.set_fact: - zabbix_win_package: "{{ zabbix2_win_package }}" - zabbix_win_download_link: "{{ zabbix2_win_download_link }}" - zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}" - zabbix_win_config_name: "{{ zabbix2_win_config_name }}" - zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}" - when: zabbix_agent2 | bool - tags: - - install - -- name: "Windows | Check if agent file is already downloaded" - ansible.windows.win_stat: - path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' - register: file_info - tags: - - install - -- name: "Windows | Check if agent binaries in place" - ansible.windows.win_stat: - path: "{{ zabbix_win_exe_path }}" - register: zabbix_windows_binaries - tags: - - install - -- name: "Windows | Download Zabbix Agent Zip file" - ansible.windows.win_get_url: - url: "{{ zabbix_win_download_link }}" - dest: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' - url_username: "{{ zabbix_download_user | default(omit) }}" - url_password: "{{ zabbix_download_pass | default(omit) }}" - force: false - follow_redirects: all - proxy_url: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - validate_certs: "{{ zabbix_download_validate_certs | default(False) | bool }}" - timeout: "{{ zabbix_download_timeout | default(120) | int }}" - when: - - not file_info.stat.exists - - not zabbix_windows_binaries.stat.exists - register: zabbix_agent_win_download_zip - until: zabbix_agent_win_download_zip is succeeded - throttle: "{{ zabbix_download_throttle | default(5) | int }}" - tags: - - install - -- name: "Windows | Unzip file" - community.windows.win_unzip: - src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' - dest: "{{ zabbix_win_install_dir }}" - creates: "{{ zabbix_win_exe_path }}" - tags: - - install - -- name: "Windows | Cleanup downloaded Zabbix Agent Zip file" - ansible.windows.win_file: - path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' - state: absent - when: - - zabbix_agent_win_download_zip.changed - tags: - - install - -- name: "Windows | Copy binary files to expected location" - ansible.windows.win_copy: - src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}" - dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}" - remote_src: yes - loop: - - zabbix_agentd.exe - - zabbix_sender.exe - when: - - zabbix_win_install_dir_bin is defined - - not (zabbix_agent2 | bool) - tags: - - install - -- name: "Windows | Copy binary files to expected location (zabbix-agent2)" - ansible.windows.win_copy: - src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}" - dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}" - remote_src: yes - loop: - - zabbix_agent2.exe - when: - - zabbix_win_install_dir_bin is defined - - zabbix_agent2 | bool - tags: - - install - -- set_fact: - zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe" - when: - - zabbix_win_install_dir_bin is defined - - not (zabbix_agent2 | bool) - tags: - - install - -- set_fact: - zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe" - when: - - zabbix_win_install_dir_bin is defined - - zabbix_agent2 | bool - tags: - - install - -- name: "Create directory for PSK file if not exist." - ansible.windows.win_file: - path: "{{ zabbix_agent_tlspskfile | win_dirname }}" - state: directory - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile - - not (zabbix_agent2 | bool) - tags: - - config - -- name: "Create directory for PSK file if not exist (zabbix-agent2)" - ansible.windows.win_file: - path: "{{ zabbix_agent2_tlspskfile | win_dirname }}" - state: directory - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile - - zabbix_agent2 | bool - tags: - - config - -- name: "Place TLS PSK File" - ansible.windows.win_copy: - dest: "{{ zabbix_agent_tlspskfile }}" - content: "{{ zabbix_agent_tlspsk_secret }}" - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile - - zabbix_agent_tlspsk_secret is defined - - not (zabbix_agent2 | bool) - notify: - - restart win zabbix agent - tags: - - config - -- name: "Place TLS PSK File (zabbix-agent2)" - ansible.windows.win_copy: - dest: "{{ zabbix_agent2_tlspskfile }}" - content: "{{ zabbix_agent2_tlspsk_secret }}" - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile - - zabbix_agent2_tlspsk_secret is defined - - zabbix_agent2 | bool - notify: - - restart win zabbix agent - tags: - - config - -- name: "Windows | Check if windows service exist" - ansible.windows.win_service: - name: "{{ zabbix_win_svc_name }}" - register: zabbix_windows_service - tags: - - service - -- name: "Windows | Register Service" - ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install' - when: not zabbix_windows_service.exists - tags: - - service +--- +- name: "Windows | Set default architecture" + ansible.builtin.set_fact: + windows_arch: 32 + tags: + - always + +- name: "Windows | Override architecture if 64-bit" + ansible.builtin.set_fact: + windows_arch: 64 + when: + - ansible_architecture == "64-bit" + tags: + - always + +- name: "Windows | Set path to zabbix.exe" + ansible.builtin.set_fact: + zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe' + tags: + - always + +- name: "Windows | Set variables specific to Zabbix" + ansible.builtin.set_fact: + zabbix_win_svc_name: Zabbix Agent + zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe' + zabbix_win_config_name: "zabbix_agentd.conf" + zabbix2_win_svc_name: Zabbix Agent 2 + zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe' + zabbix2_win_config_name: "zabbix_agent2.conf" + tags: + - always + +- name: "Windows | Check if Zabbix agent is present" + ansible.windows.win_stat: + path: "{{ item }}" + with_items: + - "{{ zabbix_win_exe_path }}" + - "{{ zabbix2_win_exe_path }}" + register: agent_file_info + tags: + - always + +- name: "Windows | Get Installed Zabbix Agent Version" + community.windows.win_file_version: + path: "{{ item.item }}" + register: zabbix_win_exe_info + when: + - item.stat.exists | bool + with_items: "{{ agent_file_info.results }}" + tags: + - always + +- name: "Windows | Set facts current zabbix agent installation" + ansible.builtin.set_fact: + zabbix_agent_1_binary_exist: true + zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version + when: + - zabbix_win_exe_info.results[0] is defined + - zabbix_win_exe_info.results[0].item.stat.exists + - zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path + - zabbix_win_exe_info.results[0].win_file_version.product_version + tags: + - always + +- name: "Windows | Set facts current zabbix agent installation (agent 2)" + ansible.builtin.set_fact: + zabbix_agent_2_binary_exist: true + zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version + when: + - zabbix_win_exe_info.results[1] is defined + - zabbix_win_exe_info.results[1].item.stat.exists + - zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path + - zabbix_win_exe_info.results[1].win_file_version.product_version + tags: + - always + +- name: "Windows | Check Zabbix service" + ansible.windows.win_service: + name: "{{ (item.item.stat.path == zabbix_win_exe_path ) | ternary(zabbix_win_svc_name,zabbix2_win_svc_name) }}" + register: zabbix_service_info + when: item.item.stat.exists + with_items: "{{ zabbix_win_exe_info.results }}" + tags: + - always + +- name: "Windows | Set facts about current zabbix agent service state" + ansible.builtin.set_fact: + zabbix_agent_1_service_exist: true + when: + - zabbix_service_info.results[0].exists is defined + - zabbix_service_info.results[0].exists + - zabbix_service_info.results[0].display_name == zabbix_win_svc_name + tags: + - always + +- name: "Windows | Set facts about current zabbix agent service state (agent 2)" + ansible.builtin.set_fact: + zabbix_agent_2_service_exist: true + when: + - zabbix_service_info.results[1].exists is defined + - zabbix_service_info.results[1].exists + - zabbix_service_info.results[1].display_name == zabbix2_win_svc_name + tags: + - always + +- name: "Windows | Set fact about version change requirement" + ansible.builtin.set_fact: + zabbix_agent_version_change: true + when: > + (zabbix_agent_1_binary_exist | default(false) and + zabbix_win_exe_info.results[0].win_file_version.product_version is version(zabbix_version_long, '<>')) + or + (zabbix_agent_2_binary_exist | default(false) and + zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>')) + or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2) + or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2) + tags: + - always + +################## +# delete section # +################## + +- name: "Windows | Stop Zabbix agent v1" + ansible.windows.win_service: + name: "{{ zabbix_win_svc_name }}" + start_mode: auto + state: stopped + when: + - zabbix_agent_version_change | default(false) or zabbix_agent2 + - zabbix_agent_1_service_exist | default(false) + +- name: "Windows | Stop Zabbix agent v2" + ansible.windows.win_service: + name: "{{ zabbix2_win_svc_name }}" + start_mode: auto + state: stopped + when: + - zabbix_agent_version_change | default(false) or not zabbix_agent2 + - zabbix_agent_2_service_exist | default(false) + +- name: "Windows | Uninstall Zabbix v1" + ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --uninstall' + when: + - zabbix_agent_version_change | default(false) or zabbix_agent2 + - zabbix_agent_1_service_exist | default(false) + +- name: "Windows | Uninstall Zabbix v2" + ansible.windows.win_command: '"{{ zabbix2_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix2_win_config_name }}" --uninstall' + when: + - zabbix_agent_version_change | default(false) or not zabbix_agent2 + - zabbix_agent_2_service_exist | default(false) + +- name: "Windows | Removing Zabbix Directory" + ansible.windows.win_file: + path: "{{ zabbix_win_install_dir }}" + state: absent + when: + ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or + ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false)) + +################### +# install section # +################### + +- name: "Windows | Create directory structure" + ansible.windows.win_file: + path: "{{ item }}" + state: directory + with_items: + - "{{ zabbix_win_install_dir }}" + tags: + - install + +- name: "Windows | Create directory structure, includes" + ansible.windows.win_file: + path: "{{ item }}" + state: directory + with_items: + - "{{ zabbix_agent_win_include }}" + when: + - ('.conf' not in zabbix_agent_win_include) + tags: + - install + +- name: "Windows | Set installation settings (agent 2)" + ansible.builtin.set_fact: + zabbix_win_package: "{{ zabbix2_win_package }}" + zabbix_win_download_link: "{{ zabbix2_win_download_link }}" + zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}" + zabbix_win_config_name: "{{ zabbix2_win_config_name }}" + zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}" + when: zabbix_agent2 | bool + tags: + - install + +- name: "Windows | Check if agent file is already downloaded" + ansible.windows.win_stat: + path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + register: file_info + tags: + - install + +- name: "Windows | Check if agent binaries in place" + ansible.windows.win_stat: + path: "{{ zabbix_win_exe_path }}" + register: zabbix_windows_binaries + tags: + - install + +- name: "Windows | Download Zabbix Agent Zip file" + ansible.windows.win_get_url: + url: "{{ zabbix_win_download_link }}" + dest: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + url_username: "{{ zabbix_download_user | default(omit) }}" + url_password: "{{ zabbix_download_pass | default(omit) }}" + force: false + follow_redirects: all + proxy_url: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + validate_certs: "{{ zabbix_download_validate_certs | default(False) | bool }}" + timeout: "{{ zabbix_download_timeout | default(120) | int }}" + when: + - not file_info.stat.exists + - not zabbix_windows_binaries.stat.exists + register: zabbix_agent_win_download_zip + until: zabbix_agent_win_download_zip is succeeded + throttle: "{{ zabbix_download_throttle | default(5) | int }}" + tags: + - install + +- name: "Windows | Unzip file" + community.windows.win_unzip: + src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + dest: "{{ zabbix_win_install_dir }}" + creates: "{{ zabbix_win_exe_path }}" + tags: + - install + +- name: "Windows | Cleanup downloaded Zabbix Agent Zip file" + ansible.windows.win_file: + path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' + state: absent + when: + - zabbix_agent_win_download_zip.changed + tags: + - install + +- name: "Windows | Copy binary files to expected location" + ansible.windows.win_copy: + src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}" + dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}" + remote_src: yes + loop: + - zabbix_agentd.exe + - zabbix_sender.exe + when: + - zabbix_win_install_dir_bin is defined + - not (zabbix_agent2 | bool) + tags: + - install + +- name: "Windows | Copy binary files to expected location (zabbix-agent2)" + ansible.windows.win_copy: + src: "{{ zabbix_win_install_dir }}\\bin\\{{ item }}" + dest: "{{ zabbix_win_install_dir_bin }}\\{{ item }}" + remote_src: yes + loop: + - zabbix_agent2.exe + when: + - zabbix_win_install_dir_bin is defined + - zabbix_agent2 | bool + tags: + - install + +- set_fact: + zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe" + when: + - zabbix_win_install_dir_bin is defined + - not (zabbix_agent2 | bool) + tags: + - install + +- set_fact: + zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe" + when: + - zabbix_win_install_dir_bin is defined + - zabbix_agent2 | bool + tags: + - install + +- name: "Create directory for PSK file if not exist." + ansible.windows.win_file: + path: "{{ zabbix_agent_tlspskfile | win_dirname }}" + state: directory + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspskfile + - not (zabbix_agent2 | bool) + tags: + - config + +- name: "Create directory for PSK file if not exist (zabbix-agent2)" + ansible.windows.win_file: + path: "{{ zabbix_agent2_tlspskfile | win_dirname }}" + state: directory + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspskfile + - zabbix_agent2 | bool + tags: + - config + +- name: "Place TLS PSK File" + ansible.windows.win_copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspskfile + - zabbix_agent_tlspsk_secret is defined + - not (zabbix_agent2 | bool) + notify: + - restart win zabbix agent + tags: + - config + +- name: "Place TLS PSK File (zabbix-agent2)" + ansible.windows.win_copy: + dest: "{{ zabbix_agent2_tlspskfile }}" + content: "{{ zabbix_agent2_tlspsk_secret }}" + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspskfile + - zabbix_agent2_tlspsk_secret is defined + - zabbix_agent2 | bool + notify: + - restart win zabbix agent + tags: + - config + +- name: "Windows | Check if windows service exist" + ansible.windows.win_service: + name: "{{ zabbix_win_svc_name }}" + register: zabbix_windows_service + tags: + - service + +- name: "Windows | Register Service" + ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install' + when: not zabbix_windows_service.exists + tags: + - service diff --git a/roles/zabbix-agent/tasks/Windows_conf.yml b/roles/zabbix-agent/tasks/Windows_conf.yml index 72dee23..c59e3bc 100644 --- a/roles/zabbix-agent/tasks/Windows_conf.yml +++ b/roles/zabbix-agent/tasks/Windows_conf.yml @@ -1,56 +1,56 @@ ---- -- name: "Set default ip address for zabbix_agent_ip" - ansible.builtin.set_fact: - zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}" - when: - - zabbix_agent_ip is not defined - - "'ansible_ip_addresses' in hostvars[inventory_hostname]" - tags: - - config - -- name: "Windows | Configure zabbix-agent" - ansible.windows.win_template: - src: "{{ zabbix_win_config_name }}.j2" - dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}" - notify: restart win zabbix agent - tags: - - config - -- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery" - ansible.windows.win_service: - name: "{{ zabbix_win_svc_name }}" - start_mode: auto - state: started - failure_actions: - - type: restart - delay_ms: 5000 - - type: restart - delay_ms: 10000 - - type: restart - delay_ms: 20000 - failure_reset_period_sec: 86400 - tags: - - config - -- name: "Windows | Check firewall service" - ansible.windows.win_service_info: - name: MpsSvc - register: firewall_info - when: zabbix_win_firewall_management - tags: - - config - -- name: "Windows | Firewall rule" - community.windows.win_firewall_rule: - name: "{{ zabbix_win_svc_name }}" - localport: "{{ zabbix_agent_listenport }}" - action: allow - direction: in - protocol: tcp - state: present - enabled: true - when: - - zabbix_win_firewall_management - - firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto' - tags: - - config +--- +- name: "Set default ip address for zabbix_agent_ip" + ansible.builtin.set_fact: + zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}" + when: + - zabbix_agent_ip is not defined + - "'ansible_ip_addresses' in hostvars[inventory_hostname]" + tags: + - config + +- name: "Windows | Configure zabbix-agent" + ansible.windows.win_template: + src: "{{ zabbix_win_config_name }}.j2" + dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}" + notify: restart win zabbix agent + tags: + - config + +- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery" + ansible.windows.win_service: + name: "{{ zabbix_win_svc_name }}" + start_mode: auto + state: started + failure_actions: + - type: restart + delay_ms: 5000 + - type: restart + delay_ms: 10000 + - type: restart + delay_ms: 20000 + failure_reset_period_sec: 86400 + tags: + - config + +- name: "Windows | Check firewall service" + ansible.windows.win_service_info: + name: MpsSvc + register: firewall_info + when: zabbix_win_firewall_management + tags: + - config + +- name: "Windows | Firewall rule" + community.windows.win_firewall_rule: + name: "{{ zabbix_win_svc_name }}" + localport: "{{ zabbix_agent_listenport }}" + action: allow + direction: in + protocol: tcp + state: present + enabled: true + when: + - zabbix_win_firewall_management + - firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto' + tags: + - config diff --git a/roles/zabbix-agent/tasks/XCP-ng.yml b/roles/zabbix-agent/tasks/XCP-ng.yml index f23cb46..c85d8e5 100644 --- a/roles/zabbix-agent/tasks/XCP-ng.yml +++ b/roles/zabbix-agent/tasks/XCP-ng.yml @@ -1,70 +1,70 @@ ---- -# Tasks specific for RedHat systems - -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - -- name: Check if warn parameter can be used for shell module - ansible.builtin.set_fact: - produce_warn: False - when: ansible_version.full is version("2.14", "<") - tags: - - always - -- name: "RedHat | Installing zabbix-agent" - ansible.builtin.package: - pkg: - - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - state: "{{ zabbix_agent_package_state }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - tags: - - install - -- name: "RedHat | Installing zabbix-{sender,get}" - ansible.builtin.package: - pkg: - - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - state: "{{ zabbix_agent_package_state }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - when: - - not zabbix_agent_install_agent_only - become: true - tags: - - install - -- name: "RedHat | Enable the service" - ansible.builtin.service: - name: "{{ zabbix_agent_service }}" - enabled: true - use: service - become: true - tags: - - service +--- +# Tasks specific for RedHat systems + +- name: "RedHat | Install basic repo file" + ansible.builtin.yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: "{{ item.gpgcheck }}" + gpgkey: "{{ item.gpgkey }}" + mode: "{{ item.mode | default('0644') }}" + priority: "{{ item.priority | default('99') }}" + state: "{{ item.state | default('present') }}" + proxy: "{{ zabbix_http_proxy | default(omit) }}" + with_items: "{{ zabbix_repo_yum }}" + register: yum_repo_installed + become: true + notify: + - "clean repo files from proxy creds" + tags: + - install + +- name: Check if warn parameter can be used for shell module + ansible.builtin.set_fact: + produce_warn: False + when: ansible_version.full is version("2.14", "<") + tags: + - always + +- name: "RedHat | Installing zabbix-agent" + ansible.builtin.package: + pkg: + - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + state: "{{ zabbix_agent_package_state }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + become: true + tags: + - install + +- name: "RedHat | Installing zabbix-{sender,get}" + ansible.builtin.package: + pkg: + - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + state: "{{ zabbix_agent_package_state }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_package_installed + until: zabbix_agent_package_installed is succeeded + when: + - not zabbix_agent_install_agent_only + become: true + tags: + - install + +- name: "RedHat | Enable the service" + ansible.builtin.service: + name: "{{ zabbix_agent_service }}" + enabled: true + use: service + become: true + tags: + - service diff --git a/roles/zabbix-agent/tasks/api.yml b/roles/zabbix-agent/tasks/api.yml index 4de3426..3487971 100644 --- a/roles/zabbix-agent/tasks/api.yml +++ b/roles/zabbix-agent/tasks/api.yml @@ -1,96 +1,96 @@ ---- -- name: "API | Create host groups" - community.zabbix.zabbix_group: - host_group: "{{ zabbix_host_groups }}" - state: "{{ zabbix_agent_hostgroups_state }}" - when: - - zabbix_api_create_hostgroup | bool - register: zabbix_api_hostgroup_created - until: zabbix_api_hostgroup_created is succeeded - delegate_to: "{{ zabbix_api_server_host }}" - tags: - - api - -- name: "API | Create a new host or update an existing host's info" - community.zabbix.zabbix_host: - host_name: "{{ zabbix_agent_hostname }}" - host_groups: "{{ zabbix_host_groups }}" - link_templates: "{{ zabbix_agent_link_templates }}" - status: "{{ zabbix_host_status }}" - state: "{{ zabbix_agent_host_state }}" - force: "{{ zabbix_agent_host_update }}" - proxy: "{{ zabbix_agent_proxy }}" - inventory_mode: "{{ zabbix_agent_inventory_mode }}" - interfaces: "{{ zabbix_agent_interfaces }}" - visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent_hostname) }}" - tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}" - tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}" - tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" - tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}" - tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}" - tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}" - description: "{{ zabbix_agent_description | default(omit) }}" - inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" - ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" - ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" - ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" - ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" - tags: "{{ zabbix_agent_tags }}" - when: - - not zabbix_agent2 - register: zabbix_api_host_created - until: zabbix_api_host_created is succeeded - delegate_to: "{{ zabbix_api_server_host }}" - changed_when: false - tags: - - api - -- name: "API | Create a new host using agent2 or update an existing host's info" - community.zabbix.zabbix_host: - host_name: "{{ zabbix_agent2_hostname }}" - host_groups: "{{ zabbix_host_groups }}" - link_templates: "{{ zabbix_agent_link_templates }}" - status: "{{ zabbix_host_status }}" - state: "{{ zabbix_agent_host_state }}" - force: "{{ zabbix_agent_host_update }}" - proxy: "{{ zabbix_agent_proxy }}" - inventory_mode: "{{ zabbix_agent_inventory_mode }}" - interfaces: "{{ zabbix_agent_interfaces }}" - visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent2_hostname) }}" - tls_psk: "{{ zabbix_agent2_tlspsk_secret | default(omit) }}" - tls_psk_identity: "{{ zabbix_agent2_tlspskidentity | default(omit) }}" - tls_issuer: "{{ zabbix_agent2_tlsservercertissuer | default(omit) }}" - tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}" - tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}" - tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}" - description: "{{ zabbix_agent_description | default(omit) }}" - inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" - ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" - ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" - ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" - ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" - tags: "{{ zabbix_agent_tags }}" - when: - - zabbix_agent2 | bool - register: zabbix_api_host_created - until: zabbix_api_host_created is succeeded - delegate_to: "{{ zabbix_api_server_host }}" - changed_when: false - tags: - - api - -- name: "API | Updating host configuration with macros" - community.zabbix.zabbix_hostmacro: - host_name: "{{ (zabbix_agent2 | bool) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname) }}" - macro_name: "{{ item.macro_key }}" - macro_value: "{{ item.macro_value }}" - macro_type: "{{ item.macro_type|default('text') }}" - with_items: "{{ zabbix_agent_macros | default([]) }}" - when: - - zabbix_agent_macros is defined - - item.macro_key is defined - register: zabbix_api_hostmarcro_created - until: zabbix_api_hostmarcro_created is succeeded - delegate_to: "{{ zabbix_api_server_host }}" - tags: - - api +--- +- name: "API | Create host groups" + community.zabbix.zabbix_group: + host_group: "{{ zabbix_host_groups }}" + state: "{{ zabbix_agent_hostgroups_state }}" + when: + - zabbix_api_create_hostgroup | bool + register: zabbix_api_hostgroup_created + until: zabbix_api_hostgroup_created is succeeded + delegate_to: "{{ zabbix_api_server_host }}" + tags: + - api + +- name: "API | Create a new host or update an existing host's info" + community.zabbix.zabbix_host: + host_name: "{{ zabbix_agent_hostname }}" + host_groups: "{{ zabbix_host_groups }}" + link_templates: "{{ zabbix_agent_link_templates }}" + status: "{{ zabbix_host_status }}" + state: "{{ zabbix_agent_host_state }}" + force: "{{ zabbix_agent_host_update }}" + proxy: "{{ zabbix_agent_proxy }}" + inventory_mode: "{{ zabbix_agent_inventory_mode }}" + interfaces: "{{ zabbix_agent_interfaces }}" + visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent_hostname) }}" + tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}" + tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}" + tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}" + tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}" + tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}" + tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}" + description: "{{ zabbix_agent_description | default(omit) }}" + inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" + ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" + ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" + ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" + ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" + tags: "{{ zabbix_agent_tags }}" + when: + - not zabbix_agent2 + register: zabbix_api_host_created + until: zabbix_api_host_created is succeeded + delegate_to: "{{ zabbix_api_server_host }}" + changed_when: false + tags: + - api + +- name: "API | Create a new host using agent2 or update an existing host's info" + community.zabbix.zabbix_host: + host_name: "{{ zabbix_agent2_hostname }}" + host_groups: "{{ zabbix_host_groups }}" + link_templates: "{{ zabbix_agent_link_templates }}" + status: "{{ zabbix_host_status }}" + state: "{{ zabbix_agent_host_state }}" + force: "{{ zabbix_agent_host_update }}" + proxy: "{{ zabbix_agent_proxy }}" + inventory_mode: "{{ zabbix_agent_inventory_mode }}" + interfaces: "{{ zabbix_agent_interfaces }}" + visible_name: "{{ zabbix_agent_visible_hostname | default(zabbix_agent2_hostname) }}" + tls_psk: "{{ zabbix_agent2_tlspsk_secret | default(omit) }}" + tls_psk_identity: "{{ zabbix_agent2_tlspskidentity | default(omit) }}" + tls_issuer: "{{ zabbix_agent2_tlsservercertissuer | default(omit) }}" + tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}" + tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}" + tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}" + description: "{{ zabbix_agent_description | default(omit) }}" + inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" + ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" + ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" + ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" + ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" + tags: "{{ zabbix_agent_tags }}" + when: + - zabbix_agent2 | bool + register: zabbix_api_host_created + until: zabbix_api_host_created is succeeded + delegate_to: "{{ zabbix_api_server_host }}" + changed_when: false + tags: + - api + +- name: "API | Updating host configuration with macros" + community.zabbix.zabbix_hostmacro: + host_name: "{{ (zabbix_agent2 | bool) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname) }}" + macro_name: "{{ item.macro_key }}" + macro_value: "{{ item.macro_value }}" + macro_type: "{{ item.macro_type|default('text') }}" + with_items: "{{ zabbix_agent_macros | default([]) }}" + when: + - zabbix_agent_macros is defined + - item.macro_key is defined + register: zabbix_api_hostmarcro_created + until: zabbix_api_hostmarcro_created is succeeded + delegate_to: "{{ zabbix_api_server_host }}" + tags: + - api diff --git a/roles/zabbix-agent/tasks/macOS.yml b/roles/zabbix-agent/tasks/macOS.yml index 7bcdd6f..f8fd97b 100644 --- a/roles/zabbix-agent/tasks/macOS.yml +++ b/roles/zabbix-agent/tasks/macOS.yml @@ -1,22 +1,22 @@ ---- -# Tasks specific for macOS -- name: "macOS | Check installed package version" - ansible.builtin.shell: | - set -o pipefail - pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2 - register: pkgutil_version - check_mode: false - changed_when: false - failed_when: pkgutil_version.rc == 2 - -- name: "macOS | Download the Zabbix package" - ansible.builtin.get_url: - url: "{{ zabbix_mac_download_link }}" - dest: "/tmp/{{ zabbix_mac_package }}" - mode: 0644 - when: pkgutil_version.stdout != zabbix_version_long - -- name: "macOS | Install the Zabbix package" - ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target / - become: true - when: pkgutil_version.stdout != zabbix_version_long +--- +# Tasks specific for macOS +- name: "macOS | Check installed package version" + ansible.builtin.shell: | + set -o pipefail + pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2 + register: pkgutil_version + check_mode: false + changed_when: false + failed_when: pkgutil_version.rc == 2 + +- name: "macOS | Download the Zabbix package" + ansible.builtin.get_url: + url: "{{ zabbix_mac_download_link }}" + dest: "/tmp/{{ zabbix_mac_package }}" + mode: 0644 + when: pkgutil_version.stdout != zabbix_version_long + +- name: "macOS | Install the Zabbix package" + ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target / + become: true + when: pkgutil_version.stdout != zabbix_version_long diff --git a/roles/zabbix-agent/tasks/main.yml b/roles/zabbix-agent/tasks/main.yml index f5f87d1..5b12ec6 100644 --- a/roles/zabbix-agent/tasks/main.yml +++ b/roles/zabbix-agent/tasks/main.yml @@ -1,94 +1,94 @@ ---- -# tasks file for zabbix_agent -- name: "Include OS-specific variables" - ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" - tags: - - always - -- name: Determine Latest Supported Zabbix Version - ansible.builtin.set_fact: - zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}" - when: zabbix_agent_version is not defined or zabbix_agent_version is none - tags: - - always - -- name: Set More Variables - ansible.builtin.set_fact: - zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}" - tags: - - always - -- name: Stopping Install of Invalid Version - ansible.builtin.fail: - msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} - when: not zabbix_valid_version - tags: - - always - -- name: Setting Zabbix API Server Port - ansible.builtin.set_fact: - zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" - when: zabbix_api_server_port is undefined - -- name: "Set variables specific for Zabbix Agent 2" - ansible.builtin.set_fact: - zabbix_agent_service: zabbix-agent2 - zabbix_agent_package: zabbix-agent2 - when: - - zabbix_agent2 is defined - - zabbix_agent2 - tags: - - always - -- name: "Install the correct repository" - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - when: - - not (zabbix_agent_docker | bool) - -- name: "Encrypt with TLS PSK auto management" - ansible.builtin.include_tasks: tlspsk_auto.yml - when: - - not zabbix_agent2 - - zabbix_agent_tlspsk_auto | bool - - (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0') - - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0') - -- name: "Encrypt with TLS PSK auto management" - ansible.builtin.include_tasks: tlspsk_auto_agent2.yml - when: - - zabbix_agent2 | bool - - zabbix_agent2_tlspsk_auto | bool - - (zabbix_agent2_tlspskfile is undefined) or (zabbix_agent2_tlspskfile | length == '0') - - (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0') - -- name: "Configure Agent" - ansible.builtin.include_tasks: Windows_conf.yml - when: - - ansible_os_family == "Windows" - -- name: "Configure Agent" - ansible.builtin.include_tasks: Linux.yml - when: - - (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool) - -- name: "Run the API calls to Zabbix Server" - vars: - gather_facts: false - ansible_user: "{{ zabbix_api_login_user }}" - ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}" - ansible_network_os: community.zabbix.zabbix - ansible_connection: httpapi - # Can't think of a way to make http_login_* vars be undefined -( - http_login_user: "{{ zabbix_api_http_user | default(-42) }}" - http_login_password: "{{ zabbix_api_http_password | default(-42) }}" - ansible.builtin.include_tasks: api.yml - when: - - (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool) - tags: - - api - -- name: "Including userparameters" - ansible.builtin.include_tasks: "userparameter.yml" - when: zabbix_agent_userparameters|length > 0 - tags: - - config +--- +# tasks file for zabbix_agent +- name: "Include OS-specific variables" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always + +- name: Determine Latest Supported Zabbix Version + ansible.builtin.set_fact: + zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}" + when: zabbix_agent_version is not defined or zabbix_agent_version is none + tags: + - always + +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}" + tags: + - always + +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version + tags: + - always + +- name: Setting Zabbix API Server Port + ansible.builtin.set_fact: + zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" + when: zabbix_api_server_port is undefined + +- name: "Set variables specific for Zabbix Agent 2" + ansible.builtin.set_fact: + zabbix_agent_service: zabbix-agent2 + zabbix_agent_package: zabbix-agent2 + when: + - zabbix_agent2 is defined + - zabbix_agent2 + tags: + - always + +- name: "Install the correct repository" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + when: + - not (zabbix_agent_docker | bool) + +- name: "Encrypt with TLS PSK auto management" + ansible.builtin.include_tasks: tlspsk_auto.yml + when: + - not zabbix_agent2 + - zabbix_agent_tlspsk_auto | bool + - (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0') + - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0') + +- name: "Encrypt with TLS PSK auto management" + ansible.builtin.include_tasks: tlspsk_auto_agent2.yml + when: + - zabbix_agent2 | bool + - zabbix_agent2_tlspsk_auto | bool + - (zabbix_agent2_tlspskfile is undefined) or (zabbix_agent2_tlspskfile | length == '0') + - (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0') + +- name: "Configure Agent" + ansible.builtin.include_tasks: Windows_conf.yml + when: + - ansible_os_family == "Windows" + +- name: "Configure Agent" + ansible.builtin.include_tasks: Linux.yml + when: + - (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool) + +- name: "Run the API calls to Zabbix Server" + vars: + gather_facts: false + ansible_user: "{{ zabbix_api_login_user }}" + ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}" + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + # Can't think of a way to make http_login_* vars be undefined -( + http_login_user: "{{ zabbix_api_http_user | default(-42) }}" + http_login_password: "{{ zabbix_api_http_password | default(-42) }}" + ansible.builtin.include_tasks: api.yml + when: + - (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool) + tags: + - api + +- name: "Including userparameters" + ansible.builtin.include_tasks: "userparameter.yml" + when: zabbix_agent_userparameters|length > 0 + tags: + - config diff --git a/roles/zabbix-agent/tasks/remove.yml b/roles/zabbix-agent/tasks/remove.yml index 181329a..f825067 100644 --- a/roles/zabbix-agent/tasks/remove.yml +++ b/roles/zabbix-agent/tasks/remove.yml @@ -1,25 +1,25 @@ ---- -- name: Pull service facts - ansible.builtin.service_facts: - -- name: 'Remove | Make sure the "old" zabbix-agent service stopped' - ansible.builtin.service: - name: "zabbix-agent" - state: stopped - enabled: false - become: true - when: | - ansible_facts.services["zabbix-agent.service"] is defined or - ansible_facts.services["zabbix-agent"] is defined - -- name: "Remove | Package removal" - ansible.builtin.package: - name: "zabbix-agent" - state: absent - become: true - -- name: "Remove | Remove the agent-include-dir" - ansible.builtin.file: - path: "{{ zabbix_agent_include }}" - state: absent - become: true +--- +- name: Pull service facts + ansible.builtin.service_facts: + +- name: 'Remove | Make sure the "old" zabbix-agent service stopped' + ansible.builtin.service: + name: "zabbix-agent" + state: stopped + enabled: false + become: true + when: | + ansible_facts.services["zabbix-agent.service"] is defined or + ansible_facts.services["zabbix-agent"] is defined + +- name: "Remove | Package removal" + ansible.builtin.package: + name: "zabbix-agent" + state: absent + become: true + +- name: "Remove | Remove the agent-include-dir" + ansible.builtin.file: + path: "{{ zabbix_agent_include }}" + state: absent + become: true diff --git a/roles/zabbix-agent/tasks/selinux.yml b/roles/zabbix-agent/tasks/selinux.yml index 2b11d1a..ca29e77 100644 --- a/roles/zabbix-agent/tasks/selinux.yml +++ b/roles/zabbix-agent/tasks/selinux.yml @@ -1,110 +1,110 @@ ---- -- name: "SELinux | Debian | Install policycoreutils-python" - ansible.builtin.apt: - pkg: policycoreutils-python-utils - state: present - update_cache: true - cache_valid_time: 0 - force_apt_get: "{{ zabbix_apt_force_apt_get }}" - install_recommends: "{{ zabbix_apt_install_recommends }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_policycoreutils_installed - until: zabbix_agent_package_installed is succeeded - become: true - when: - - ansible_os_family == "Debian" - tags: - - install - -- name: "SELinux | RedHat | Install policycoreutils-python" - ansible.builtin.package: - name: policycoreutils-python - state: installed - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_policycoreutils_installed - until: zabbix_agent_policycoreutils_installed is succeeded - when: - - ansible_os_family == "RedHat" - - (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7") - become: true - tags: - - install - -- name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8" - ansible.builtin.package: - name: python3-policycoreutils - state: installed - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_policycoreutils_installed - until: zabbix_agent_policycoreutils_installed is succeeded - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "8" - become: true - tags: - - install - -- name: "SELinux | RedHat | Install selinux-policy-targeted" - ansible.builtin.package: - name: selinux-policy-targeted - state: installed - register: zabbix_agent_selinuxpolicytargeted_installed - until: zabbix_agent_selinuxpolicytargeted_installed is succeeded - when: - - ansible_os_family == "RedHat" - become: true - tags: - - install - -# straight to getenforce binary , workaround for missing python_selinux library -- name: "SELinux | Get getenforce binary" - ansible.builtin.stat: - path: /usr/sbin/getenforce - register: getenforce_bin - become: true - tags: - - always - -- name: "SELinux | Collect getenforce output" - ansible.builtin.command: /usr/sbin/getenforce - register: sestatus - when: "getenforce_bin.stat.exists" - changed_when: false - become: true - check_mode: false - tags: - - always - -- name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" - ansible.builtin.set_fact: - zabbix_selinux: "{{ true }}" - when: - - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' - tags: - - always - -- name: "SELinux | Allow zabbix_agent to start (SELinux)" - community.general.selinux_permissive: - name: zabbix_agent_t - permissive: true - become: true - tags: - - config - -- name: "SELinux | Allow zabbix to run sudo commands (SELinux)" - ansible.posix.seboolean: - name: zabbix_run_sudo - persistent: true - state: true - become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_zabbix_run_sudo|bool - tags: - - config +--- +- name: "SELinux | Debian | Install policycoreutils-python" + ansible.builtin.apt: + pkg: policycoreutils-python-utils + state: present + update_cache: true + cache_valid_time: 0 + force_apt_get: "{{ zabbix_apt_force_apt_get }}" + install_recommends: "{{ zabbix_apt_install_recommends }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_package_installed is succeeded + become: true + when: + - ansible_os_family == "Debian" + tags: + - install + +- name: "SELinux | RedHat | Install policycoreutils-python" + ansible.builtin.package: + name: policycoreutils-python + state: installed + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_policycoreutils_installed is succeeded + when: + - ansible_os_family == "RedHat" + - (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7") + become: true + tags: + - install + +- name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8" + ansible.builtin.package: + name: python3-policycoreutils + state: installed + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_agent_policycoreutils_installed + until: zabbix_agent_policycoreutils_installed is succeeded + when: + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == "8" + become: true + tags: + - install + +- name: "SELinux | RedHat | Install selinux-policy-targeted" + ansible.builtin.package: + name: selinux-policy-targeted + state: installed + register: zabbix_agent_selinuxpolicytargeted_installed + until: zabbix_agent_selinuxpolicytargeted_installed is succeeded + when: + - ansible_os_family == "RedHat" + become: true + tags: + - install + +# straight to getenforce binary , workaround for missing python_selinux library +- name: "SELinux | Get getenforce binary" + ansible.builtin.stat: + path: /usr/sbin/getenforce + register: getenforce_bin + become: true + tags: + - always + +- name: "SELinux | Collect getenforce output" + ansible.builtin.command: /usr/sbin/getenforce + register: sestatus + when: "getenforce_bin.stat.exists" + changed_when: false + become: true + check_mode: false + tags: + - always + +- name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" + ansible.builtin.set_fact: + zabbix_selinux: "{{ true }}" + when: + - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' + tags: + - always + +- name: "SELinux | Allow zabbix_agent to start (SELinux)" + community.general.selinux_permissive: + name: zabbix_agent_t + permissive: true + become: true + tags: + - config + +- name: "SELinux | Allow zabbix to run sudo commands (SELinux)" + ansible.posix.seboolean: + name: zabbix_run_sudo + persistent: true + state: true + become: true + when: + - ansible_selinux.status == "enabled" + - selinux_allow_zabbix_run_sudo|bool + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto.yml b/roles/zabbix-agent/tasks/tlspsk_auto.yml index ad7d49a..6a1870e 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto.yml @@ -1,14 +1,14 @@ ---- -- ansible.builtin.include_tasks: tlspsk_auto_linux.yml - when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) - -- ansible.builtin.include_tasks: tlspsk_auto_windows.yml - when: ansible_os_family == "Windows" - -- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK - ansible.builtin.set_fact: - zabbix_agent_tlsaccept: psk - zabbix_agent_tlsconnect: psk - when: zabbix_api_create_hosts - tags: - - config +--- +- ansible.builtin.include_tasks: tlspsk_auto_linux.yml + when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) + +- ansible.builtin.include_tasks: tlspsk_auto_windows.yml + when: ansible_os_family == "Windows" + +- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK + ansible.builtin.set_fact: + zabbix_agent_tlsaccept: psk + zabbix_agent_tlsconnect: psk + when: zabbix_api_create_hosts + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml b/roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml index 6e5f8dc..6dc4ec6 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_agent2.yml @@ -1,14 +1,14 @@ ---- -- include_tasks: tlspsk_auto_agent2_linux.yml - when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) - -- include_tasks: tlspsk_auto_agent2_windows.yml - when: ansible_os_family == "Windows" - -- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK - ansible.builtin.set_fact: - zabbix_agent2_tlsaccept: psk - zabbix_agent2_tlsconnect: psk - when: zabbix_api_create_hosts - tags: - - config +--- +- include_tasks: tlspsk_auto_agent2_linux.yml + when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) + +- include_tasks: tlspsk_auto_agent2_windows.yml + when: ansible_os_family == "Windows" + +- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK + ansible.builtin.set_fact: + zabbix_agent2_tlsaccept: psk + zabbix_agent2_tlsconnect: psk + when: zabbix_api_create_hosts + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml index 3f6e0d2..436eb42 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_common.yml @@ -1,53 +1,53 @@ ---- -# Process PSK Secret -- name: AutoPSK | Save existing TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}" - when: zabbix_agent2_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Use existing TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}" - when: - - zabbix_agent2_tlspskcheck.stat.exists - - zabbix_agent2_tlspsk_read|length >= 32 - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Generate new TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" - when: - - not zabbix_agent2_tlspskcheck.stat.exists - - (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32) - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -# Process PSK Identity -- name: AutoPSK | Use existing TLS PSK identity - ansible.builtin.set_fact: - zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}" - when: - - zabbix_agent2_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Generate new TLS PSK identity - ansible.builtin.set_fact: - zabbix_agent2_tlspskidentity: >- - {{ - zabbix_agent_visible_hostname - | default(((zabbix_agent2 == True) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname))) - + '_' - + lookup('password', '/dev/null chars=hexdigits length=4') - }} - when: not zabbix_agent2_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config +--- +# Process PSK Secret +- name: AutoPSK | Save existing TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}" + when: zabbix_agent2_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Use existing TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}" + when: + - zabbix_agent2_tlspskcheck.stat.exists + - zabbix_agent2_tlspsk_read|length >= 32 + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Generate new TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" + when: + - not zabbix_agent2_tlspskcheck.stat.exists + - (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32) + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +# Process PSK Identity +- name: AutoPSK | Use existing TLS PSK identity + ansible.builtin.set_fact: + zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}" + when: + - zabbix_agent2_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Generate new TLS PSK identity + ansible.builtin.set_fact: + zabbix_agent2_tlspskidentity: >- + {{ + zabbix_agent_visible_hostname + | default(((zabbix_agent2 == True) | ternary(zabbix_agent2_hostname, zabbix_agent_hostname))) + + '_' + + lookup('password', '/dev/null chars=hexdigits length=4') + }} + when: not zabbix_agent2_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml index aaff361..98fa652 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_linux.yml @@ -1,80 +1,80 @@ ---- -- name: AutoPSK | Set default path variables (Linux) - ansible.builtin.set_fact: - zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" - zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK file (Linux) - ansible.builtin.stat: - path: "{{ zabbix_agent2_tlspskfile }}" - register: zabbix_agent2_tlspskcheck - become: true - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK identity (Linux) - ansible.builtin.stat: - path: "{{ zabbix_agent2_tlspskidentity_file }}" - register: zabbix_agent2_tlspskidentity_check - become: true - tags: - - config - -- name: AutoPSK | read existing TLS PSK file (Linux) - ansible.builtin.slurp: - src: "{{ zabbix_agent2_tlspskfile }}" - register: zabbix_agent2_tlspsk_base64 - become: true - when: - - zabbix_agent2_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Read existing TLS PSK identity file (Linux) - ansible.builtin.slurp: - src: "{{ zabbix_agent2_tlspskidentity_file }}" - register: zabbix_agent2_tlspskidentity_base64 - become: true - when: zabbix_agent2_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- include_tasks: tlspsk_auto_agent2_common.yml - -- name: AutoPSK | Template TLS PSK identity in file (Linux) - ansible.builtin.copy: - dest: "{{ zabbix_agent2_tlspskidentity_file }}" - content: "{{ zabbix_agent2_tlspskidentity }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent2_tlspskidentity_file is defined - - zabbix_agent2_tlspskidentity is defined - notify: - - restart zabbix-agent - - restart mac zabbix agent - tags: - - config - -- name: AutoPSK | Template TLS PSK secret in file (Linux) - ansible.builtin.copy: - dest: "{{ zabbix_agent2_tlspskfile }}" - content: "{{ zabbix_agent2_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspsk_secret is defined - notify: - - restart zabbix-agent - - restart mac zabbix agent - tags: - - config +--- +- name: AutoPSK | Set default path variables (Linux) + ansible.builtin.set_fact: + zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" + zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK file (Linux) + ansible.builtin.stat: + path: "{{ zabbix_agent2_tlspskfile }}" + register: zabbix_agent2_tlspskcheck + become: true + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK identity (Linux) + ansible.builtin.stat: + path: "{{ zabbix_agent2_tlspskidentity_file }}" + register: zabbix_agent2_tlspskidentity_check + become: true + tags: + - config + +- name: AutoPSK | read existing TLS PSK file (Linux) + ansible.builtin.slurp: + src: "{{ zabbix_agent2_tlspskfile }}" + register: zabbix_agent2_tlspsk_base64 + become: true + when: + - zabbix_agent2_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Read existing TLS PSK identity file (Linux) + ansible.builtin.slurp: + src: "{{ zabbix_agent2_tlspskidentity_file }}" + register: zabbix_agent2_tlspskidentity_base64 + become: true + when: zabbix_agent2_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- include_tasks: tlspsk_auto_agent2_common.yml + +- name: AutoPSK | Template TLS PSK identity in file (Linux) + ansible.builtin.copy: + dest: "{{ zabbix_agent2_tlspskidentity_file }}" + content: "{{ zabbix_agent2_tlspskidentity }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent2_tlspskidentity_file is defined + - zabbix_agent2_tlspskidentity is defined + notify: + - restart zabbix-agent + - restart mac zabbix agent + tags: + - config + +- name: AutoPSK | Template TLS PSK secret in file (Linux) + ansible.builtin.copy: + dest: "{{ zabbix_agent2_tlspskfile }}" + content: "{{ zabbix_agent2_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspsk_secret is defined + notify: + - restart zabbix-agent + - restart mac zabbix agent + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml index 3e1529e..2549249 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_agent2_windows.yml @@ -1,66 +1,66 @@ ---- -- name: AutoPSK | Set default path variables for Windows - ansible.builtin.set_fact: - zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" - zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK file (Windows) - ansible.windows.win_stat: - path: "{{ zabbix_agent2_tlspskfile }}" - register: zabbix_agent2_tlspskcheck - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK identity (Windows) - ansible.windows.win_stat: - path: "{{ zabbix_agent2_tlspskidentity_file }}" - register: zabbix_agent2_tlspskidentity_check - tags: - - config - -- name: AutoPSK | read existing TLS PSK file (Windows) - ansible.builtin.slurp: - src: "{{ zabbix_agent2_tlspskfile }}" - register: zabbix_agent2_tlspsk_base64 - when: - - zabbix_agent2_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Read existing TLS PSK identity file (Windows) - ansible.builtin.slurp: - src: "{{ zabbix_agent2_tlspskidentity_file }}" - register: zabbix_agent2_tlspskidentity_base64 - when: zabbix_agent2_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml - -- name: Windows | AutoPSK | Template TLS PSK identity in file (Windows) - ansible.windows.win_copy: - dest: "{{ zabbix_agent2_tlspskidentity_file }}" - content: "{{ zabbix_agent2_tlspskidentity }}" - when: - - zabbix_agent2_tlspskidentity_file is defined - - zabbix_agent2_tlspskidentity is defined - notify: - - restart win zabbix agent - tags: - - config - -- name: AutoPSK | Template TLS PSK secret in file (Windows) - ansible.windows.win_copy: - dest: "{{ zabbix_agent2_tlspskfile }}" - content: "{{ zabbix_agent2_tlspsk_secret }}" - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspsk_secret is defined - notify: - - restart win zabbix agent - tags: - - config +--- +- name: AutoPSK | Set default path variables for Windows + ansible.builtin.set_fact: + zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" + zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK file (Windows) + ansible.windows.win_stat: + path: "{{ zabbix_agent2_tlspskfile }}" + register: zabbix_agent2_tlspskcheck + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK identity (Windows) + ansible.windows.win_stat: + path: "{{ zabbix_agent2_tlspskidentity_file }}" + register: zabbix_agent2_tlspskidentity_check + tags: + - config + +- name: AutoPSK | read existing TLS PSK file (Windows) + ansible.builtin.slurp: + src: "{{ zabbix_agent2_tlspskfile }}" + register: zabbix_agent2_tlspsk_base64 + when: + - zabbix_agent2_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Read existing TLS PSK identity file (Windows) + ansible.builtin.slurp: + src: "{{ zabbix_agent2_tlspskidentity_file }}" + register: zabbix_agent2_tlspskidentity_base64 + when: zabbix_agent2_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml + +- name: Windows | AutoPSK | Template TLS PSK identity in file (Windows) + ansible.windows.win_copy: + dest: "{{ zabbix_agent2_tlspskidentity_file }}" + content: "{{ zabbix_agent2_tlspskidentity }}" + when: + - zabbix_agent2_tlspskidentity_file is defined + - zabbix_agent2_tlspskidentity is defined + notify: + - restart win zabbix agent + tags: + - config + +- name: AutoPSK | Template TLS PSK secret in file (Windows) + ansible.windows.win_copy: + dest: "{{ zabbix_agent2_tlspskfile }}" + content: "{{ zabbix_agent2_tlspsk_secret }}" + when: + - zabbix_agent2_tlspskfile is defined + - zabbix_agent2_tlspsk_secret is defined + notify: + - restart win zabbix agent + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_common.yml b/roles/zabbix-agent/tasks/tlspsk_auto_common.yml index 05ef24d..a933692 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_common.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_common.yml @@ -1,52 +1,52 @@ ---- -# Process PSK Secret -- name: AutoPSK | Save existing TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}" - when: zabbix_agent_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Use existing TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}" - when: - - zabbix_agent_tlspskcheck.stat.exists - - zabbix_agent_tlspsk_read|length >= 32 - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Generate new TLS PSK secret - ansible.builtin.set_fact: - zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" - when: - - (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32) - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -# Process PSK Identity -- name: AutoPSK | Use existing TLS PSK identity - ansible.builtin.set_fact: - zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}" - when: - - zabbix_agent_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Generate new TLS PSK identity - ansible.builtin.set_fact: - zabbix_agent_tlspskidentity: >- - {{ - zabbix_agent_visible_hostname - | default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname))) - + '_' - + lookup('password', '/dev/null chars=hexdigits length=4') - }} - when: not zabbix_agent_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config +--- +# Process PSK Secret +- name: AutoPSK | Save existing TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}" + when: zabbix_agent_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Use existing TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}" + when: + - zabbix_agent_tlspskcheck.stat.exists + - zabbix_agent_tlspsk_read|length >= 32 + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Generate new TLS PSK secret + ansible.builtin.set_fact: + zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" + when: + - (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32) + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +# Process PSK Identity +- name: AutoPSK | Use existing TLS PSK identity + ansible.builtin.set_fact: + zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}" + when: + - zabbix_agent_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Generate new TLS PSK identity + ansible.builtin.set_fact: + zabbix_agent_tlspskidentity: >- + {{ + zabbix_agent_visible_hostname + | default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname))) + + '_' + + lookup('password', '/dev/null chars=hexdigits length=4') + }} + when: not zabbix_agent_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_linux.yml b/roles/zabbix-agent/tasks/tlspsk_auto_linux.yml index 8cc711f..906ccb0 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_linux.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_linux.yml @@ -1,80 +1,80 @@ ---- -- name: AutoPSK | Set default path variables (Linux) - ansible.builtin.set_fact: - zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" - zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK file (Linux) - ansible.builtin.stat: - path: "{{ zabbix_agent_tlspskfile }}" - register: zabbix_agent_tlspskcheck - become: true - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK identity (Linux) - ansible.builtin.stat: - path: "{{ zabbix_agent_tlspskidentity_file }}" - register: zabbix_agent_tlspskidentity_check - become: true - tags: - - config - -- name: AutoPSK | read existing TLS PSK file (Linux) - ansible.builtin.slurp: - src: "{{ zabbix_agent_tlspskfile }}" - register: zabbix_agent_tlspsk_base64 - become: true - when: - - zabbix_agent_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Read existing TLS PSK identity file (Linux) - ansible.builtin.slurp: - src: "{{ zabbix_agent_tlspskidentity_file }}" - register: zabbix_agent_tlspskidentity_base64 - become: true - when: zabbix_agent_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- include_tasks: tlspsk_auto_common.yml - -- name: AutoPSK | Template TLS PSK identity in file (Linux) - ansible.builtin.copy: - dest: "{{ zabbix_agent_tlspskidentity_file }}" - content: "{{ zabbix_agent_tlspskidentity }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent_tlspskidentity_file is defined - - zabbix_agent_tlspskidentity is defined - notify: - - restart zabbix-agent - - restart mac zabbix agent - tags: - - config - -- name: AutoPSK | Template TLS PSK secret in file (Linux) - ansible.builtin.copy: - dest: "{{ zabbix_agent_tlspskfile }}" - content: "{{ zabbix_agent_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspsk_secret is defined - notify: - - restart zabbix-agent - - restart mac zabbix agent - tags: - - config +--- +- name: AutoPSK | Set default path variables (Linux) + ansible.builtin.set_fact: + zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" + zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK file (Linux) + ansible.builtin.stat: + path: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspskcheck + become: true + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK identity (Linux) + ansible.builtin.stat: + path: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_check + become: true + tags: + - config + +- name: AutoPSK | read existing TLS PSK file (Linux) + ansible.builtin.slurp: + src: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspsk_base64 + become: true + when: + - zabbix_agent_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Read existing TLS PSK identity file (Linux) + ansible.builtin.slurp: + src: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_base64 + become: true + when: zabbix_agent_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- include_tasks: tlspsk_auto_common.yml + +- name: AutoPSK | Template TLS PSK identity in file (Linux) + ansible.builtin.copy: + dest: "{{ zabbix_agent_tlspskidentity_file }}" + content: "{{ zabbix_agent_tlspskidentity }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent_tlspskidentity_file is defined + - zabbix_agent_tlspskidentity is defined + notify: + - restart zabbix-agent + - restart mac zabbix agent + tags: + - config + +- name: AutoPSK | Template TLS PSK secret in file (Linux) + ansible.builtin.copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: true + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspsk_secret is defined + notify: + - restart zabbix-agent + - restart mac zabbix agent + tags: + - config diff --git a/roles/zabbix-agent/tasks/tlspsk_auto_windows.yml b/roles/zabbix-agent/tasks/tlspsk_auto_windows.yml index b9289ac..db2aedf 100644 --- a/roles/zabbix-agent/tasks/tlspsk_auto_windows.yml +++ b/roles/zabbix-agent/tasks/tlspsk_auto_windows.yml @@ -1,67 +1,67 @@ ---- -- name: AutoPSK | Set default path variables for Windows - ansible.builtin.set_fact: - zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" - zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK file (Windows) - ansible.windows.win_stat: - path: "{{ zabbix_agent_tlspskfile }}" - register: zabbix_agent_tlspskcheck - tags: - - config - -- name: AutoPSK | Check for existing TLS PSK identity (Windows) - ansible.windows.win_stat: - path: "{{ zabbix_agent_tlspskidentity_file }}" - register: zabbix_agent_tlspskidentity_check - tags: - - config - -- name: AutoPSK | read existing TLS PSK file (Windows) - ansible.builtin.slurp: - src: "{{ zabbix_agent_tlspskfile }}" - register: zabbix_agent_tlspsk_base64 - when: - - zabbix_agent_tlspskcheck.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- name: AutoPSK | Read existing TLS PSK identity file (Windows) - ansible.builtin.slurp: - src: "{{ zabbix_agent_tlspskidentity_file }}" - register: zabbix_agent_tlspskidentity_base64 - when: zabbix_agent_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" - tags: - - config - -- include_tasks: tlspsk_auto_common.yml - -- name: AutoPSK | Template TLS PSK identity in file (Windows) - ansible.windows.win_copy: - dest: "{{ zabbix_agent_tlspskidentity_file }}" - content: "{{ zabbix_agent_tlspskidentity }}" - when: - - zabbix_agent_tlspskidentity_file is defined - - zabbix_agent_tlspskidentity is defined - notify: - - restart win zabbix agent - tags: - - config - -- name: AutoPSK | Template TLS PSK secret in file (Windows) - ansible.windows.win_copy: - dest: "{{ zabbix_agent_tlspskfile }}" - content: "{{ zabbix_agent_tlspsk_secret }}" - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspsk_secret is defined - - ansible_os_family == "Windows" - notify: - - restart win zabbix agent - tags: - - config +--- +- name: AutoPSK | Set default path variables for Windows + ansible.builtin.set_fact: + zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" + zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK file (Windows) + ansible.windows.win_stat: + path: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspskcheck + tags: + - config + +- name: AutoPSK | Check for existing TLS PSK identity (Windows) + ansible.windows.win_stat: + path: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_check + tags: + - config + +- name: AutoPSK | read existing TLS PSK file (Windows) + ansible.builtin.slurp: + src: "{{ zabbix_agent_tlspskfile }}" + register: zabbix_agent_tlspsk_base64 + when: + - zabbix_agent_tlspskcheck.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- name: AutoPSK | Read existing TLS PSK identity file (Windows) + ansible.builtin.slurp: + src: "{{ zabbix_agent_tlspskidentity_file }}" + register: zabbix_agent_tlspskidentity_base64 + when: zabbix_agent_tlspskidentity_check.stat.exists + no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config + +- include_tasks: tlspsk_auto_common.yml + +- name: AutoPSK | Template TLS PSK identity in file (Windows) + ansible.windows.win_copy: + dest: "{{ zabbix_agent_tlspskidentity_file }}" + content: "{{ zabbix_agent_tlspskidentity }}" + when: + - zabbix_agent_tlspskidentity_file is defined + - zabbix_agent_tlspskidentity is defined + notify: + - restart win zabbix agent + tags: + - config + +- name: AutoPSK | Template TLS PSK secret in file (Windows) + ansible.windows.win_copy: + dest: "{{ zabbix_agent_tlspskfile }}" + content: "{{ zabbix_agent_tlspsk_secret }}" + when: + - zabbix_agent_tlspskfile is defined + - zabbix_agent_tlspsk_secret is defined + - ansible_os_family == "Windows" + notify: + - restart win zabbix agent + tags: + - config diff --git a/roles/zabbix-agent/tasks/userparameter.yml b/roles/zabbix-agent/tasks/userparameter.yml index a80be17..c683f9e 100644 --- a/roles/zabbix-agent/tasks/userparameter.yml +++ b/roles/zabbix-agent/tasks/userparameter.yml @@ -1,87 +1,87 @@ ---- -- block: - - name: "Windows | Installing user-defined userparameters" - ansible.windows.win_template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf' - notify: - - restart win zabbix agent - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Windows | Installing user-defined scripts" - ansible.windows.win_copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: '{{ zabbix_win_install_dir }}\scripts\' - notify: - - restart win zabbix agent - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined - when: ansible_os_family == "Windows" - tags: - - config - -- block: - - name: "Installing user-defined userparameters" - ansible.builtin.template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf" - owner: zabbix - group: zabbix - mode: 0644 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Installing user-defined scripts" - ansible.builtin.copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: "/etc/zabbix/scripts/" - owner: zabbix - group: zabbix - mode: 0755 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined - when: - - ansible_os_family != "Windows" - - not zabbix_agent2 - tags: - - config - -- block: - - name: "Installing user-defined userparameters" - ansible.builtin.template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf" - owner: zabbix - group: zabbix - mode: 0644 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Installing user-defined scripts" - ansible.builtin.copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: "/etc/zabbix/scripts/" - owner: zabbix - group: zabbix - mode: 0755 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined - when: - - ansible_os_family != "Windows" - - zabbix_agent2 - tags: - - config +--- +- block: + - name: "Windows | Installing user-defined userparameters" + ansible.windows.win_template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + + - name: "Windows | Installing user-defined scripts" + ansible.windows.win_copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: '{{ zabbix_win_install_dir }}\scripts\' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + when: ansible_os_family == "Windows" + tags: + - config + +- block: + - name: "Installing user-defined userparameters" + ansible.builtin.template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf" + owner: zabbix + group: zabbix + mode: 0644 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + + - name: "Installing user-defined scripts" + ansible.builtin.copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: "/etc/zabbix/scripts/" + owner: zabbix + group: zabbix + mode: 0755 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + when: + - ansible_os_family != "Windows" + - not zabbix_agent2 + tags: + - config + +- block: + - name: "Installing user-defined userparameters" + ansible.builtin.template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf" + owner: zabbix + group: zabbix + mode: 0644 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + + - name: "Installing user-defined scripts" + ansible.builtin.copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: "/etc/zabbix/scripts/" + owner: zabbix + group: zabbix + mode: 0755 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + when: + - ansible_os_family != "Windows" + - zabbix_agent2 + tags: + - config diff --git a/roles/zabbix-agent/templates/userparameters/mysql.j2 b/roles/zabbix-agent/templates/userparameters/mysql.j2 index 6408777..70df285 100644 --- a/roles/zabbix-agent/templates/userparameters/mysql.j2 +++ b/roles/zabbix-agent/templates/userparameters/mysql.j2 @@ -1,3 +1,3 @@ -# This is an sample userparameters file. - -UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive +# This is an sample userparameters file. + +UserParameter=mysql.ping_to,mysqladmin -uroot ping | grep -c alive diff --git a/roles/zabbix-agent/templates/userparameters/win_sample.j2 b/roles/zabbix-agent/templates/userparameters/win_sample.j2 index 2a27b63..c144e46 100644 --- a/roles/zabbix-agent/templates/userparameters/win_sample.j2 +++ b/roles/zabbix-agent/templates/userparameters/win_sample.j2 @@ -1 +1 @@ -UserParameter=do.something, powershell -NoProfile -ExecutionPolicy Bypass -File {{ zabbix_win_install_dir }}\scripts\{{ item.name }}\doSomething.ps1 +UserParameter=do.something, powershell -NoProfile -ExecutionPolicy Bypass -File {{ zabbix_win_install_dir }}\scripts\{{ item.name }}\doSomething.ps1 diff --git a/roles/zabbix-agent/templates/zabbix_agent2.conf.j2 b/roles/zabbix-agent/templates/zabbix_agent2.conf.j2 index ea60d03..bbdfd26 100644 --- a/roles/zabbix-agent/templates/zabbix_agent2.conf.j2 +++ b/roles/zabbix-agent/templates/zabbix_agent2.conf.j2 @@ -1,140 +1,140 @@ -{{ ansible_managed | comment }} -# This is a configuration file for Zabbix Agent 2 -# To get more information about Zabbix, visit http://www.zabbix.com - -# This configuration file is "minimalized", which means all the original comments -# are removed. The full documentation for your Zabbix Agent 2 can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }} - -{% if ansible_os_family != "Windows" %} -PidFile={{ zabbix_agent2_pidfile }} -{% endif %} -LogType={{ zabbix_agent2_logtype }} -{% if ansible_os_family == "Windows" %} -LogFile={{ zabbix_agent2_win_logfile }} -{% else %} -LogFile={{ zabbix_agent2_logfile }} -{% endif %} -LogFileSize={{ zabbix_agent2_logfilesize }} -DebugLevel={{ zabbix_agent2_debuglevel }} -{% if zabbix_agent2_sourceip is defined and zabbix_agent2_sourceip %} -SourceIP={{ zabbix_agent2_sourceip }} -{% endif %} -Server={{ zabbix_agent2_server }} -ListenPort={{ zabbix_agent2_listenport }} -{% if zabbix_agent2_listenip is defined and zabbix_agent2_listenip !='0.0.0.0' and zabbix_agent2_listenip %} -ListenIP={{ zabbix_agent2_listenip }} -{% endif %} -{% if zabbix_agent2_statusport is defined and zabbix_agent2_statusport %} -StatusPort={{ zabbix_agent2_statusport }} -{% endif %} -ServerActive={{ zabbix_agent2_serveractive }} -{% if zabbix_agent2_hostname is defined and zabbix_agent2_hostname %} -Hostname={{ zabbix_agent2_hostname }} -{% endif %} -{% if zabbix_agent2_hostnameitem is defined and zabbix_agent2_hostnameitem %} -HostnameItem={{ zabbix_agent2_hostnameitem }} -{% endif %} -{% if zabbix_agent2_hostmetadata is defined and zabbix_agent2_hostmetadata %} -HostMetadata={{ zabbix_agent2_hostmetadata }} -{% endif %} -{% if zabbix_agent2_hostmetadataitem is defined and zabbix_agent2_hostmetadataitem %} -HostMetadataItem={{ zabbix_agent2_hostmetadataitem }} -{% endif %} -{% if zabbix_agent2_hostinterface is defined and zabbix_agent2_hostinterface %} -HostInterface={{ zabbix_agent2_hostinterface }} -{% endif %} -{% if zabbix_agent2_hostinterfaceitem is defined and zabbix_agent2_hostinterfaceitem %} -HostInterfaceItem={{ zabbix_agent2_hostinterfaceitem }} -{% endif %} -{% if zabbix_agent2_allow_key is defined and zabbix_agent2_allow_key %} -{% for item in zabbix_agent2_allow_key %} -AllowKey={{ item }} -{% endfor %} -{% endif %} -{% if zabbix_agent2_deny_key is defined and zabbix_agent2_deny_key %} -{% for item in zabbix_agent2_deny_key %} -DenyKey={{ item }} -{% endfor %} -{% endif %} -RefreshActiveChecks={{ zabbix_agent2_refreshactivechecks }} -BufferSend={{ zabbix_agent2_buffersend }} -BufferSize={{ zabbix_agent2_buffersize }} -{% if zabbix_agent2_enablepersistentbuffer is defined and zabbix_agent2_enablepersistentbuffer %} -EnablePersistentBuffer={{ zabbix_agent2_enablepersistentbuffer }} -{% endif %} -{% if zabbix_agent2_persistentbufferperiod is defined and zabbix_agent2_persistentbufferperiod %} -PersistentBufferPeriod={{ zabbix_agent2_persistentbufferperiod }} -{% endif %} -{% if zabbix_agent2_persistentbufferfile is defined and zabbix_agent2_persistentbufferfile %} -PersistentBufferFile={{ zabbix_agent2_persistentbufferfile }} -{% endif %} -{% if zabbix_agent2_zabbix_alias is defined and zabbix_agent2_zabbix_alias %} -{% if zabbix_agent2_zabbix_alias is string %} -Alias={{ zabbix_agent2_zabbix_alias }} -{% else %} -{% for item in zabbix_agent2_zabbix_alias %} -Alias={{ item }} -{% endfor %} -{% endif %} -{% endif %} -Timeout={{ zabbix_agent2_timeout }} -{% if ansible_os_family == "Windows" %} -Include={{ zabbix_agent_win_include }} -{% else %} -Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }} -{% endif %} -{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %} -{% for include in zabbix_agent2_additional_include %} -Include={{ include }} -{% endfor %} -{% endif %} -UnsafeUserParameters={{ zabbix_agent2_unsafeuserparameters }} -{% if ansible_os_family != "Windows" %} -ControlSocket={{ zabbix_agent2_controlsocket }} -{% endif %} -{% if zabbix_agent2_tlsconnect is defined and zabbix_agent2_tlsconnect %} -TLSConnect={{ zabbix_agent2_tlsconnect }} -{% endif %} -{% if zabbix_agent2_tlsaccept is defined and zabbix_agent2_tlsaccept %} -TLSAccept={{ zabbix_agent2_tlsaccept }} -{% endif %} -{% if zabbix_agent2_tlscafile is defined and zabbix_agent2_tlscafile %} -TLSCAFile={{ zabbix_agent2_tlscafile }} -{% endif %} -{% if zabbix_agent2_tlscrlfile is defined and zabbix_agent2_tlscrlfile %} -TLSCRLFile={{ zabbix_agent2_tlscrlfile }} -{% endif %} -{% if zabbix_agent2_tlsservercertissuer is defined and zabbix_agent2_tlsservercertissuer %} -TLSServerCertIssuer={{ zabbix_agent2_tlsservercertissuer }} -{% endif %} -{% if zabbix_agent2_tlsservercertsubject is defined and zabbix_agent2_tlsservercertsubject %} -TLSServerCertSubject={{ zabbix_agent2_tlsservercertsubject }} -{% endif %} -{% if zabbix_agent2_tlscertfile is defined and zabbix_agent2_tlscertfile %} -TLSCertFile={{ zabbix_agent2_tlscertfile }} -{% endif %} -{% if zabbix_agent2_tlskeyfile is defined and zabbix_agent2_tlskeyfile %} -TLSKeyFile={{ zabbix_agent2_tlskeyfile }} -{% endif %} -{% if zabbix_agent2_tlspskidentity is defined and zabbix_agent2_tlspskidentity %} -TLSPSKIdentity={{ zabbix_agent2_tlspskidentity }} -{% endif %} -{% if zabbix_agent2_tlspskfile is defined and zabbix_agent2_tlspskfile %} -TLSPSKFile={{ zabbix_agent2_tlspskfile }} -{% endif %} -{% if zabbix_agent2_plugins is defined and zabbix_agent2_plugins is iterable %} -{% for entry in zabbix_agent2_plugins %} -{% set my_name = entry['name'] %} -{% for property in entry['options'] %} -{% set param = property['parameter'] %} -{% set value = property['value'] %} -Plugins.{{ my_name }}.{{ param }}={{ value }} -{% endfor %} -{% endfor %} -{% endif %} -{% if zabbix_agent_version is version('6.0', '>=') %} -{% if zabbix_agent2_listenbacklog is defined and zabbix_agent2_listenbacklog %} -ListenBacklog={{ zabbix_agent2_listenbacklog }} -{% endif %} -{% endif %} +{{ ansible_managed | comment }} +# This is a configuration file for Zabbix Agent 2 +# To get more information about Zabbix, visit http://www.zabbix.com + +# This configuration file is "minimalized", which means all the original comments +# are removed. The full documentation for your Zabbix Agent 2 can be found here: +# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }} + +{% if ansible_os_family != "Windows" %} +PidFile={{ zabbix_agent2_pidfile }} +{% endif %} +LogType={{ zabbix_agent2_logtype }} +{% if ansible_os_family == "Windows" %} +LogFile={{ zabbix_agent2_win_logfile }} +{% else %} +LogFile={{ zabbix_agent2_logfile }} +{% endif %} +LogFileSize={{ zabbix_agent2_logfilesize }} +DebugLevel={{ zabbix_agent2_debuglevel }} +{% if zabbix_agent2_sourceip is defined and zabbix_agent2_sourceip %} +SourceIP={{ zabbix_agent2_sourceip }} +{% endif %} +Server={{ zabbix_agent2_server }} +ListenPort={{ zabbix_agent2_listenport }} +{% if zabbix_agent2_listenip is defined and zabbix_agent2_listenip !='0.0.0.0' and zabbix_agent2_listenip %} +ListenIP={{ zabbix_agent2_listenip }} +{% endif %} +{% if zabbix_agent2_statusport is defined and zabbix_agent2_statusport %} +StatusPort={{ zabbix_agent2_statusport }} +{% endif %} +ServerActive={{ zabbix_agent2_serveractive }} +{% if zabbix_agent2_hostname is defined and zabbix_agent2_hostname %} +Hostname={{ zabbix_agent2_hostname }} +{% endif %} +{% if zabbix_agent2_hostnameitem is defined and zabbix_agent2_hostnameitem %} +HostnameItem={{ zabbix_agent2_hostnameitem }} +{% endif %} +{% if zabbix_agent2_hostmetadata is defined and zabbix_agent2_hostmetadata %} +HostMetadata={{ zabbix_agent2_hostmetadata }} +{% endif %} +{% if zabbix_agent2_hostmetadataitem is defined and zabbix_agent2_hostmetadataitem %} +HostMetadataItem={{ zabbix_agent2_hostmetadataitem }} +{% endif %} +{% if zabbix_agent2_hostinterface is defined and zabbix_agent2_hostinterface %} +HostInterface={{ zabbix_agent2_hostinterface }} +{% endif %} +{% if zabbix_agent2_hostinterfaceitem is defined and zabbix_agent2_hostinterfaceitem %} +HostInterfaceItem={{ zabbix_agent2_hostinterfaceitem }} +{% endif %} +{% if zabbix_agent2_allow_key is defined and zabbix_agent2_allow_key %} +{% for item in zabbix_agent2_allow_key %} +AllowKey={{ item }} +{% endfor %} +{% endif %} +{% if zabbix_agent2_deny_key is defined and zabbix_agent2_deny_key %} +{% for item in zabbix_agent2_deny_key %} +DenyKey={{ item }} +{% endfor %} +{% endif %} +RefreshActiveChecks={{ zabbix_agent2_refreshactivechecks }} +BufferSend={{ zabbix_agent2_buffersend }} +BufferSize={{ zabbix_agent2_buffersize }} +{% if zabbix_agent2_enablepersistentbuffer is defined and zabbix_agent2_enablepersistentbuffer %} +EnablePersistentBuffer={{ zabbix_agent2_enablepersistentbuffer }} +{% endif %} +{% if zabbix_agent2_persistentbufferperiod is defined and zabbix_agent2_persistentbufferperiod %} +PersistentBufferPeriod={{ zabbix_agent2_persistentbufferperiod }} +{% endif %} +{% if zabbix_agent2_persistentbufferfile is defined and zabbix_agent2_persistentbufferfile %} +PersistentBufferFile={{ zabbix_agent2_persistentbufferfile }} +{% endif %} +{% if zabbix_agent2_zabbix_alias is defined and zabbix_agent2_zabbix_alias %} +{% if zabbix_agent2_zabbix_alias is string %} +Alias={{ zabbix_agent2_zabbix_alias }} +{% else %} +{% for item in zabbix_agent2_zabbix_alias %} +Alias={{ item }} +{% endfor %} +{% endif %} +{% endif %} +Timeout={{ zabbix_agent2_timeout }} +{% if ansible_os_family == "Windows" %} +Include={{ zabbix_agent_win_include }} +{% else %} +Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }} +{% endif %} +{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %} +{% for include in zabbix_agent2_additional_include %} +Include={{ include }} +{% endfor %} +{% endif %} +UnsafeUserParameters={{ zabbix_agent2_unsafeuserparameters }} +{% if ansible_os_family != "Windows" %} +ControlSocket={{ zabbix_agent2_controlsocket }} +{% endif %} +{% if zabbix_agent2_tlsconnect is defined and zabbix_agent2_tlsconnect %} +TLSConnect={{ zabbix_agent2_tlsconnect }} +{% endif %} +{% if zabbix_agent2_tlsaccept is defined and zabbix_agent2_tlsaccept %} +TLSAccept={{ zabbix_agent2_tlsaccept }} +{% endif %} +{% if zabbix_agent2_tlscafile is defined and zabbix_agent2_tlscafile %} +TLSCAFile={{ zabbix_agent2_tlscafile }} +{% endif %} +{% if zabbix_agent2_tlscrlfile is defined and zabbix_agent2_tlscrlfile %} +TLSCRLFile={{ zabbix_agent2_tlscrlfile }} +{% endif %} +{% if zabbix_agent2_tlsservercertissuer is defined and zabbix_agent2_tlsservercertissuer %} +TLSServerCertIssuer={{ zabbix_agent2_tlsservercertissuer }} +{% endif %} +{% if zabbix_agent2_tlsservercertsubject is defined and zabbix_agent2_tlsservercertsubject %} +TLSServerCertSubject={{ zabbix_agent2_tlsservercertsubject }} +{% endif %} +{% if zabbix_agent2_tlscertfile is defined and zabbix_agent2_tlscertfile %} +TLSCertFile={{ zabbix_agent2_tlscertfile }} +{% endif %} +{% if zabbix_agent2_tlskeyfile is defined and zabbix_agent2_tlskeyfile %} +TLSKeyFile={{ zabbix_agent2_tlskeyfile }} +{% endif %} +{% if zabbix_agent2_tlspskidentity is defined and zabbix_agent2_tlspskidentity %} +TLSPSKIdentity={{ zabbix_agent2_tlspskidentity }} +{% endif %} +{% if zabbix_agent2_tlspskfile is defined and zabbix_agent2_tlspskfile %} +TLSPSKFile={{ zabbix_agent2_tlspskfile }} +{% endif %} +{% if zabbix_agent2_plugins is defined and zabbix_agent2_plugins is iterable %} +{% for entry in zabbix_agent2_plugins %} +{% set my_name = entry['name'] %} +{% for property in entry['options'] %} +{% set param = property['parameter'] %} +{% set value = property['value'] %} +Plugins.{{ my_name }}.{{ param }}={{ value }} +{% endfor %} +{% endfor %} +{% endif %} +{% if zabbix_agent_version is version('6.0', '>=') %} +{% if zabbix_agent2_listenbacklog is defined and zabbix_agent2_listenbacklog %} +ListenBacklog={{ zabbix_agent2_listenbacklog }} +{% endif %} +{% endif %} diff --git a/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 b/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 index 24af45b..85c8c84 100644 --- a/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 +++ b/roles/zabbix-agent/templates/zabbix_agentd.conf.j2 @@ -1,149 +1,149 @@ -{{ ansible_managed | comment }} -# This is a configuration file for Zabbix Agent -# To get more information about Zabbix, visit http://www.zabbix.com - -# This configuration file is "minimalized", which means all the original comments -# are removed. The full documentation for your Zabbix Agent can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }} - -{% if ansible_os_family != "Windows" %} -PidFile={{ zabbix_agent_pidfile }} -{% endif %} -{% if zabbix_agent_version is version('3.0', '>=') %} -LogType={{ zabbix_agent_logtype }} -{% endif %} -{% if ansible_os_family == "Windows" %} -LogFile={{ zabbix_agent_win_logfile }} -{% else %} -LogFile={{ zabbix_agent_logfile }} -{% endif %} -LogFileSize={{ zabbix_agent_logfilesize }} -DebugLevel={{ zabbix_agent_debuglevel }} -{% if zabbix_agent_sourceip is defined and zabbix_agent_sourceip %} -SourceIP={{ zabbix_agent_sourceip }} -{% endif %} -{% if zabbix_agent_version is version('6.0', '<=') %} -EnableRemoteCommands={{ zabbix_agent_enableremotecommands }} -{% else %} -{% if zabbix_agent_allowkeys is defined and zabbix_agent_allowkeys %} -AllowKey={{ zabbix_agent_allowkeys }} -{% endif %} -{% if zabbix_agent_denykeys is defined and zabbix_agent_denykeys %} -DenyKey={{ zabbix_agent_denykeys }} -{% endif %} -{% endif %} -LogRemoteCommands={{ zabbix_agent_logremotecommands }} -Server={{ zabbix_agent_server }} -ListenPort={{ zabbix_agent_listenport }} -{% if zabbix_agent_listenip is defined and zabbix_agent_listenip !='0.0.0.0' and zabbix_agent_listenip %} -ListenIP={{ zabbix_agent_listenip }} -{% endif %} -StartAgents={{ zabbix_agent_startagents }} -ServerActive={{ zabbix_agent_serveractive }} -{% if zabbix_agent_hostname is defined and zabbix_agent_hostname %} -Hostname={{ zabbix_agent_hostname }} -{% endif %} -{% if zabbix_agent_hostnameitem is defined and zabbix_agent_hostnameitem %} -HostnameItem={{ zabbix_agent_hostnameitem }} -{% endif %} -{% if zabbix_agent_hostmetadata is defined and zabbix_agent_hostmetadata %} -HostMetadata={{ zabbix_agent_hostmetadata }} -{% endif %} -{% if zabbix_agent_hostmetadataitem is defined and zabbix_agent_hostmetadataitem %} -HostMetadataItem={{ zabbix_agent_hostmetadataitem }} -{% endif %} -{% if zabbix_agent_allow_key is defined and zabbix_agent_allow_key %} -{% for item in zabbix_agent_allow_key %} -AllowKey={{ item }} -{% endfor %} -{% endif %} -{% if zabbix_agent_deny_key is defined and zabbix_agent_deny_key %} -{% for item in zabbix_agent_deny_key %} -DenyKey={{ item }} -{% endfor %} -{% endif %} -RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }} -BufferSend={{ zabbix_agent_buffersend }} -BufferSize={{ zabbix_agent_buffersize }} -MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }} -{% if zabbix_agent_version is version_compare('6.2', '>=') %} -HeartbeatFrequency={{ zabbix_agent_heartbeatfrequency }} -{% endif %} -{% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %} -{% if zabbix_agent_zabbix_alias is string %} -Alias={{ zabbix_agent_zabbix_alias }} -{% else %} -{% for item in zabbix_agent_zabbix_alias %} -Alias={{ item }} -{% endfor %} -{% endif %} -{% endif %} -Timeout={{ zabbix_agent_timeout }} -{% if ansible_os_family != "Windows" %} -AllowRoot={{ zabbix_agent_allowroot }} -{% endif %} -{% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %} -User={{ zabbix_agent_runas_user }} -{% endif %} -{% if ansible_os_family == "Windows" %} -Include={{ zabbix_agent_win_include }} -{% else %} -Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }} -{% endif %} -{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %} -{% for include in zabbix_agent_additional_include %} -Include={{ include }} -{% endfor %} -{% endif %} -UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }} -{% if zabbix_agent_version is version_compare('2.2', '>=') %} -{% if ansible_os_family != "Windows" %} -LoadModulePath={{ zabbix_agent_loadmodulepath }} -{% endif %} -{% endif %} -{% if zabbix_agent_loadmodule is defined and zabbix_agent_loadmodule %} -{% if zabbix_agent_loadmodule is string %} -LoadModule={{ zabbix_agent_loadmodule }} -{% else %} -{% for module in zabbix_agent_loadmodule %} -LoadModule={{ module }} -{% endfor %} -{% endif %} -{% endif %} -{% if zabbix_agent_version is version_compare('3.0', '>=') %} -{% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %} -TLSConnect={{ zabbix_agent_tlsconnect }} -{% endif %} -{% if zabbix_agent_tlsaccept is defined and zabbix_agent_tlsaccept %} -TLSAccept={{ zabbix_agent_tlsaccept }} -{% endif %} -{% if zabbix_agent_tlscafile is defined and zabbix_agent_tlscafile %} -TLSCAFile={{ zabbix_agent_tlscafile }} -{% endif %} -{% if zabbix_agent_tlscrlfile is defined and zabbix_agent_tlscrlfile %} -TLSCRLFile={{ zabbix_agent_tlscrlfile }} -{% endif %} -{% if zabbix_agent_tlsservercertissuer is defined and zabbix_agent_tlsservercertissuer %} -TLSServerCertIssuer={{ zabbix_agent_tlsservercertissuer }} -{% endif %} -{% if zabbix_agent_tlsservercertsubject is defined and zabbix_agent_tlsservercertsubject %} -TLSServerCertSubject={{ zabbix_agent_tlsservercertsubject }} -{% endif %} -{% if zabbix_agent_tlscertfile is defined and zabbix_agent_tlscertfile %} -TLSCertFile={{ zabbix_agent_tlscertfile }} -{% endif %} -{% if zabbix_agent_tlskeyfile is defined and zabbix_agent_tlskeyfile %} -TLSKeyFile={{ zabbix_agent_tlskeyfile }} -{% endif %} -{% if zabbix_agent_tlspskidentity is defined and zabbix_agent_tlspskidentity %} -TLSPSKIdentity={{ zabbix_agent_tlspskidentity }} -{% endif %} -{% if zabbix_agent_tlspskfile is defined and zabbix_agent_tlspskfile %} -TLSPSKFile={{ zabbix_agent_tlspskfile }} -{% endif %} -{% endif %} -{% if zabbix_agent_version is version('6.0', '>=') %} -{% if zabbix_agent_listenbacklog is defined and zabbix_agent_listenbacklog %} -ListenBacklog={{ zabbix_agent_listenbacklog }} -{% endif %} -{% endif %} +{{ ansible_managed | comment }} +# This is a configuration file for Zabbix Agent +# To get more information about Zabbix, visit http://www.zabbix.com + +# This configuration file is "minimalized", which means all the original comments +# are removed. The full documentation for your Zabbix Agent can be found here: +# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }} + +{% if ansible_os_family != "Windows" %} +PidFile={{ zabbix_agent_pidfile }} +{% endif %} +{% if zabbix_agent_version is version('3.0', '>=') %} +LogType={{ zabbix_agent_logtype }} +{% endif %} +{% if ansible_os_family == "Windows" %} +LogFile={{ zabbix_agent_win_logfile }} +{% else %} +LogFile={{ zabbix_agent_logfile }} +{% endif %} +LogFileSize={{ zabbix_agent_logfilesize }} +DebugLevel={{ zabbix_agent_debuglevel }} +{% if zabbix_agent_sourceip is defined and zabbix_agent_sourceip %} +SourceIP={{ zabbix_agent_sourceip }} +{% endif %} +{% if zabbix_agent_version is version('6.0', '<=') %} +EnableRemoteCommands={{ zabbix_agent_enableremotecommands }} +{% else %} +{% if zabbix_agent_allowkeys is defined and zabbix_agent_allowkeys %} +AllowKey={{ zabbix_agent_allowkeys }} +{% endif %} +{% if zabbix_agent_denykeys is defined and zabbix_agent_denykeys %} +DenyKey={{ zabbix_agent_denykeys }} +{% endif %} +{% endif %} +LogRemoteCommands={{ zabbix_agent_logremotecommands }} +Server={{ zabbix_agent_server }} +ListenPort={{ zabbix_agent_listenport }} +{% if zabbix_agent_listenip is defined and zabbix_agent_listenip !='0.0.0.0' and zabbix_agent_listenip %} +ListenIP={{ zabbix_agent_listenip }} +{% endif %} +StartAgents={{ zabbix_agent_startagents }} +ServerActive={{ zabbix_agent_serveractive }} +{% if zabbix_agent_hostname is defined and zabbix_agent_hostname %} +Hostname={{ zabbix_agent_hostname }} +{% endif %} +{% if zabbix_agent_hostnameitem is defined and zabbix_agent_hostnameitem %} +HostnameItem={{ zabbix_agent_hostnameitem }} +{% endif %} +{% if zabbix_agent_hostmetadata is defined and zabbix_agent_hostmetadata %} +HostMetadata={{ zabbix_agent_hostmetadata }} +{% endif %} +{% if zabbix_agent_hostmetadataitem is defined and zabbix_agent_hostmetadataitem %} +HostMetadataItem={{ zabbix_agent_hostmetadataitem }} +{% endif %} +{% if zabbix_agent_allow_key is defined and zabbix_agent_allow_key %} +{% for item in zabbix_agent_allow_key %} +AllowKey={{ item }} +{% endfor %} +{% endif %} +{% if zabbix_agent_deny_key is defined and zabbix_agent_deny_key %} +{% for item in zabbix_agent_deny_key %} +DenyKey={{ item }} +{% endfor %} +{% endif %} +RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }} +BufferSend={{ zabbix_agent_buffersend }} +BufferSize={{ zabbix_agent_buffersize }} +MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }} +{% if zabbix_agent_version is version_compare('6.2', '>=') %} +HeartbeatFrequency={{ zabbix_agent_heartbeatfrequency }} +{% endif %} +{% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %} +{% if zabbix_agent_zabbix_alias is string %} +Alias={{ zabbix_agent_zabbix_alias }} +{% else %} +{% for item in zabbix_agent_zabbix_alias %} +Alias={{ item }} +{% endfor %} +{% endif %} +{% endif %} +Timeout={{ zabbix_agent_timeout }} +{% if ansible_os_family != "Windows" %} +AllowRoot={{ zabbix_agent_allowroot }} +{% endif %} +{% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %} +User={{ zabbix_agent_runas_user }} +{% endif %} +{% if ansible_os_family == "Windows" %} +Include={{ zabbix_agent_win_include }} +{% else %} +Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }} +{% endif %} +{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %} +{% for include in zabbix_agent_additional_include %} +Include={{ include }} +{% endfor %} +{% endif %} +UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }} +{% if zabbix_agent_version is version_compare('2.2', '>=') %} +{% if ansible_os_family != "Windows" %} +LoadModulePath={{ zabbix_agent_loadmodulepath }} +{% endif %} +{% endif %} +{% if zabbix_agent_loadmodule is defined and zabbix_agent_loadmodule %} +{% if zabbix_agent_loadmodule is string %} +LoadModule={{ zabbix_agent_loadmodule }} +{% else %} +{% for module in zabbix_agent_loadmodule %} +LoadModule={{ module }} +{% endfor %} +{% endif %} +{% endif %} +{% if zabbix_agent_version is version_compare('3.0', '>=') %} +{% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %} +TLSConnect={{ zabbix_agent_tlsconnect }} +{% endif %} +{% if zabbix_agent_tlsaccept is defined and zabbix_agent_tlsaccept %} +TLSAccept={{ zabbix_agent_tlsaccept }} +{% endif %} +{% if zabbix_agent_tlscafile is defined and zabbix_agent_tlscafile %} +TLSCAFile={{ zabbix_agent_tlscafile }} +{% endif %} +{% if zabbix_agent_tlscrlfile is defined and zabbix_agent_tlscrlfile %} +TLSCRLFile={{ zabbix_agent_tlscrlfile }} +{% endif %} +{% if zabbix_agent_tlsservercertissuer is defined and zabbix_agent_tlsservercertissuer %} +TLSServerCertIssuer={{ zabbix_agent_tlsservercertissuer }} +{% endif %} +{% if zabbix_agent_tlsservercertsubject is defined and zabbix_agent_tlsservercertsubject %} +TLSServerCertSubject={{ zabbix_agent_tlsservercertsubject }} +{% endif %} +{% if zabbix_agent_tlscertfile is defined and zabbix_agent_tlscertfile %} +TLSCertFile={{ zabbix_agent_tlscertfile }} +{% endif %} +{% if zabbix_agent_tlskeyfile is defined and zabbix_agent_tlskeyfile %} +TLSKeyFile={{ zabbix_agent_tlskeyfile }} +{% endif %} +{% if zabbix_agent_tlspskidentity is defined and zabbix_agent_tlspskidentity %} +TLSPSKIdentity={{ zabbix_agent_tlspskidentity }} +{% endif %} +{% if zabbix_agent_tlspskfile is defined and zabbix_agent_tlspskfile %} +TLSPSKFile={{ zabbix_agent_tlspskfile }} +{% endif %} +{% endif %} +{% if zabbix_agent_version is version('6.0', '>=') %} +{% if zabbix_agent_listenbacklog is defined and zabbix_agent_listenbacklog %} +ListenBacklog={{ zabbix_agent_listenbacklog }} +{% endif %} +{% endif %} diff --git a/roles/zabbix-agent/vars/Debian.yml b/roles/zabbix-agent/vars/Debian.yml index 88e566f..7c46c31 100644 --- a/roles/zabbix-agent/vars/Debian.yml +++ b/roles/zabbix-agent/vars/Debian.yml @@ -1,48 +1,48 @@ ---- -# vars file for zabbix_agent (Debian) - -zabbix_agent: zabbix-agent -zabbix_agent_service: zabbix-agent -zabbix_agent_conf: zabbix_agentd.conf -zabbix_agent2_conf: zabbix_agent2.conf - -zabbix_valid_agent_versions: - # Debian - "12": - - 6.4 - - 6.2 - - 6.0 - - "11": - - 6.4 - - 6.2 - - 6.0 - - "10": - - 6.4 - - 6.2 - - 6.0 - - "9": - - 6.4 - - 6.2 - - 6.0 - # Ubuntu - "22": - - 6.4 - - 6.2 - - 6.0 - - "20": - - 6.4 - - 6.2 - - 6.0 - - "18": - - 6.4 - - 6.2 - - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" -_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}" +--- +# vars file for zabbix_agent (Debian) + +zabbix_agent: zabbix-agent +zabbix_agent_service: zabbix-agent +zabbix_agent_conf: zabbix_agentd.conf +zabbix_agent2_conf: zabbix_agent2.conf + +zabbix_valid_agent_versions: + # Debian + "12": + - 6.4 + - 6.2 + - 6.0 + + "11": + - 6.4 + - 6.2 + - 6.0 + + "10": + - 6.4 + - 6.2 + - 6.0 + + "9": + - 6.4 + - 6.2 + - 6.0 + # Ubuntu + "22": + - 6.4 + - 6.2 + - 6.0 + + "20": + - 6.4 + - 6.2 + - 6.0 + + "18": + - 6.4 + - 6.2 + - 6.0 + +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}" diff --git a/roles/zabbix-agent/vars/RedHat.yml b/roles/zabbix-agent/vars/RedHat.yml index 50f0b01..2302e0f 100644 --- a/roles/zabbix-agent/vars/RedHat.yml +++ b/roles/zabbix-agent/vars/RedHat.yml @@ -1,21 +1,21 @@ ---- -# vars file for zabbix_agent (RedHat) - -zabbix_agent: zabbix-agent -zabbix_agent_service: zabbix-agent -zabbix_agent_conf: zabbix_agentd.conf -zabbix_agent2_conf: zabbix_agent2.conf - -zabbix_valid_agent_versions: - "9": - - 6.4 - - 6.2 - - 6.0 - "8": - - 6.4 - - 6.2 - - 6.0 - "7": - - 6.4 - - 6.2 - - 6.0 +--- +# vars file for zabbix_agent (RedHat) + +zabbix_agent: zabbix-agent +zabbix_agent_service: zabbix-agent +zabbix_agent_conf: zabbix_agentd.conf +zabbix_agent2_conf: zabbix_agent2.conf + +zabbix_valid_agent_versions: + "9": + - 6.4 + - 6.2 + - 6.0 + "8": + - 6.4 + - 6.2 + - 6.0 + "7": + - 6.4 + - 6.2 + - 6.0 diff --git a/roles/zabbix-agent/vars/Windows.yml b/roles/zabbix-agent/vars/Windows.yml index 4dd64ba..e4a7216 100644 --- a/roles/zabbix-agent/vars/Windows.yml +++ b/roles/zabbix-agent/vars/Windows.yml @@ -1,7 +1,7 @@ ---- -# vars file for zabbix_agent (Windows) -zabbix_valid_agent_versions: - "10": - - 6.4 - - 6.2 - - 6.0 +--- +# vars file for zabbix_agent (Windows) +zabbix_valid_agent_versions: + "10": + - 6.4 + - 6.2 + - 6.0 diff --git a/zabbix-agent.yaml b/zabbix-agent.yaml index becc522..1da757c 100644 --- a/zabbix-agent.yaml +++ b/zabbix-agent.yaml @@ -1,24 +1,24 @@ ---- -- hosts: all - roles: - - role: zabbix-agent - zabbix_api_server_host: 10.10.43.252 - zabbix_api_server_port: 80 - ansible_zabbix_url_path: "/" - zabbix_api_login_user: sa8001 - zabbix_api_login_pass: ios2011a - zabbix_api_create_hostgroup: false - zabbix_api_create_hosts: true - zabbix_agent_host_state: present - zabbix_host_groups: - - Linux servers - - Virtual machines - zabbix_agent_visible_hostname: "{{ ansible_fqdn }}" - zabbix_agent_server: 10.10.43.252 - zabbix_agent_serveractive: 10.10.43.252 - zabbix_agent_link_templates: - - Linux by Zabbix agent - zabbix_agent_version: 6.4 - zabbix_agent_unsafeuserparameters: 1 - zabbix_agent_userparameters: - - name: zombie +--- +- hosts: all + roles: + - role: zabbix-agent + zabbix_api_server_host: 10.10.43.252 + zabbix_api_server_port: 80 + ansible_zabbix_url_path: "/" + zabbix_api_login_user: sa8001 + zabbix_api_login_pass: ios2011a + zabbix_api_create_hostgroup: false + zabbix_api_create_hosts: true + zabbix_agent_host_state: present + zabbix_host_groups: + - Linux servers + - Virtual machines + zabbix_agent_visible_hostname: "{{ ansible_fqdn }}" + zabbix_agent_server: 10.10.43.252 + zabbix_agent_serveractive: 10.10.43.252 + zabbix_agent_link_templates: + - Linux by Zabbix agent + zabbix_agent_version: 6.4 + zabbix_agent_unsafeuserparameters: 1 + zabbix_agent_userparameters: + - name: zombie