public/zabbix-agent
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

+Public first commit

Browse Source
This commit is contained in:
pmj
2019-12-19 20:36:21 +01:00
commit ac94980413
16 changed files with 312 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
# ---> Ansible
*.retry

5
LICENSE Normal file
View File

@@ -0,0 +1,5 @@
"THE BEER-WARE LICENSE" (Revision 42):
PMJ wrote this file. As long as you retain this notice you can
do whatever you want with this stuff. If we meet some day, and you think this
stuff is worth it, you can buy me a beer in return PMJ

58
README.md Normal file
View File

@@ -0,0 +1,58 @@
Zabbix Agent ansible role
=========
This role can be used to deploy Zabbix agents via Ansible automation tool
Requirements
------------
This role is only for Debian distributions. It will install 4.4 version of Zabbix agents from Zabbix official repo.\
To use TLS encryption with Auto-Registration, your server needs to be on 4.4 version as well.
Role Variables
--------------
Each variable is set with a default value in 'defaults/main.conf'. You could change the file or overide them when calling the role.
- zabbix_server: "zabbix.example.net"\
FQDN or IP address of Zabbix server. This variable is used to set 'ServerActive' parameter, so use only one FQDN/IP.
- zabbix_proxies: "127.0.0.1"\
Comma separated list of proxies or other hosts which should be able to poll passive Zabbix agent. It is used to set the 'Server' parameter along with the 'zabbix_server' variable.
- zabbix_psk: False\
PSK for TLS encryption. If set to 'False', TLS parameters won't be set in Zabbix agent configuration file.
- zabbix_psk_id: "PSKAR"\
PSK Identity for TLS encryption. See how to configure Auto-Registration with TLS here [#zabbix-auto-registration-with-tls]
Zabbix Auto-Registration with TLS
---------------------------------
In Zabbix Web interface, go to 'Administration/General/Auto-Registration' ($ZABBIX_SERVER_URL/zabbix.php?action=autoreg.edit).\
Check the PSK option and fill the two field with your PSK Identity and PSK and save.
![Zabbix GUI Auto Registration configuration](pskar_gui.png)
Example Playbook
----------------
Here is an example of how to use this role in a playbook:
- hosts: servers
gather_facts: yes
become: yes
become_user: root
roles:
- { role: zabbix-agent, tags: zabbix } # when not using TLS
- { role: zabbix-agent, tags: zabbix, zabbix_psk_id: PSKAR, zabbix_psk: jdkjnckdsjncdskncsdkcldsoijds } # when using TLS
License
-------
"THE BEER-WARE LICENSE" (Revision 42):
PMJ wrote this file. As long as you retain this notice you can
do whatever you want with this stuff. If we meet some day, and you think this
stuff is worth it, you can buy me a beer in return. PMJ

6
defaults/main.yml Executable file
View File

@@ -0,0 +1,6 @@
---
# defaults file for zabbix-agent
zabbix_server: "zabbix.example.net"
zabbix_proxies: "127.0.0.1"
zabbix_psk: False
zabbix_psk_id: "PSKAR"

7
handlers/main.yml Executable file
View File

@@ -0,0 +1,7 @@
---
# handlers file for zabbix-agent
- name: zabbix-agent restart
systemd:
name: zabbix-agent
state: restarted
enabled: yes

57
meta/main.yml Executable file
View File

@@ -0,0 +1,57 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# platforms is a list of platforms, and each platform has a name and a list of versions.
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

BIN
pskar_gui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

81
tasks/main.yml Executable file
View File

@@ -0,0 +1,81 @@
---
# tasks file for zabbix-agent
- name: Deploy zabbix repo
template:
src: templates/zabbix.list.j2
dest: /etc/apt/sources.list.d/zabbix.list
force: yes
owner: root
group: root
mode: '0644'
when: ansible_distribution == 'Debian'
- name: Deploy zabbix repo GPG
copy:
src: templates/zabbix-official-repo.gpg
dest: /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg
force: yes
owner: root
group: root
mode: '0644'
when: ansible_distribution == 'Debian'
- name: Install zabbix_agent Debian
apt:
name:
- zabbix-agent
- zabbix-get
- zabbix-sender
state: latest
update_cache: yes
when: ansible_distribution == 'Debian'
- name: Deploy custom config
template:
src: templates/custom.conf.j2
dest: /etc/zabbix/zabbix_agentd.d/custom.conf
owner: root
group: root
mode: '0644'
notify: zabbix-agent restart
- name: Deploy custom TLS config
template:
src: templates/tls.conf.j2
dest: /etc/zabbix/zabbix_agentd.d/tls.conf
owner: root
group: root
mode: '0644'
when: zabbix_psk != False
notify: zabbix-agent restart
- name: Deploy zabbix PSK
template:
src: templates/zabbix_agentd.psk.j2
dest: /etc/zabbix/zabbix_agentd.psk
force: yes
owner: zabbix
group: zabbix
mode: '0600'
when: zabbix_psk != False
notify: zabbix-agent restart
# Using system hostname
- name: Change default config
lineinfile:
path: /etc/zabbix/zabbix_agentd.conf
regex: "^Hostname="
line: "#Hostname=Zabbix server"
notify: zabbix-agent restart
# Using ansible hostname
# - name: Change default config
# lineinfile:
# path: /etc/zabbix/zabbix_agentd.conf
# regex: "^Hostname="
# line: "Hostname={{inventory_hostname | lower}}"
# notify: zabbix-agent restart

38
templates/custom.conf.j2 Normal file
View File

@@ -0,0 +1,38 @@
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
#
# Mandatory: no
# Default:
# Server=
Server={{zabbix_server}},{{zabbix_proxies}}
### Option: ServerActive
# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
# ServerActive=
ServerActive={{zabbix_server}}
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
HostMetadataItem=system.uname

45
templates/tls.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
TLSConnect=psk
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
TLSAccept=psk
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
TLSPSKIdentity={{zabbix_psk_id}}
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

BIN
templates/zabbix-official-repo.gpg Normal file
View File

Binary file not shown.

2
templates/zabbix.list.j2 Normal file
View File

@@ -0,0 +1,2 @@
deb http://repo.zabbix.com/zabbix/4.4/debian {{ansible_distribution_release}} main
deb-src http://repo.zabbix.com/zabbix/4.4/debian {{ansible_distribution_release}} main

1
templates/zabbix_agentd.psk.j2 Normal file
View File

@@ -0,0 +1 @@
{{zabbix_psk}}

2
tests/inventory Executable file
View File

@@ -0,0 +1,2 @@
localhost

5
tests/test.yml Executable file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- zabbix-agent

2
vars/main.yml Executable file
View File

@@ -0,0 +1,2 @@
---
# vars file for zabbix-agent