diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md index fe4a601b3..e4a552f85 100644 --- a/docs/ZABBIX_AGENT_ROLE.md +++ b/docs/ZABBIX_AGENT_ROLE.md @@ -28,7 +28,6 @@ * [proxy](#proxy) - [Dependencies](#dependencies) - [Example Playbook](#example-playbook) - * [zabbix_agent2_plugins](#zabbix-agent2-plugins) * [agent_interfaces](#agent-interfaces) * [Other interfaces](#other-interfaces) * [Vars in role configuration](#vars-in-role-configuration) @@ -104,24 +103,6 @@ See the following list of supported Operating systems with the Zabbix releases: You can bypass this matrix by setting `enable_version_check: false` -# Getting started - -## Minimal Configuration - -In order to get the Zabbix Agent running, you'll have to define the following properties before executing the role: - -* `zabbix_agent_version` -* `zabbix_agent(2)_server` -* `zabbix_agent(2)_serveractive` (When using active checks) - -The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 6.0`. - -The `zabbix_agent(2)_server` (and `zabbix_agent(2)_serveractive`) should contain the ip or fqdn of the host running the Zabbix Server. - -## Issues - -Due to issue discussed on [#291](https://github.com/dj-wasabi/ansible-zabbix-agent/issues/291), the Ansible Version 2.9.{0,1,2} isn't working correctly on Windows related targets. - # Role Variables ## Main variables @@ -133,6 +114,7 @@ The following is an overview of all available configuration default for this rol * `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4, 6.2, or 6.0 * `zabbix_agent_version_minor`: When you want to specify a minor version to be installed. Is also used for `zabbix_sender` and `zabbix_get`. RedHat only. Default set to: `*` (latest available) * `zabbix_repo_yum`: A list with Yum repository configuration. +* `zabbix_repo_yum_gpgcheck`: If Yum should check GPG keys on installation * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) * `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}` @@ -143,26 +125,23 @@ The following is an overview of all available configuration default for this rol ### SElinux * `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. - +* `selinux_allow_zabbix_run_sudo`: Default: `False`. Enable Zabbix root access on system. ### Zabbix Agent -* `zabbix_agent_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. * `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`.zabbix_agent_version * `zabbix_agent_listeninterface`: Interface zabbix-agent listens on. Leave blank for all. * `zabbix_agent_package_remove`: If `zabbix_agent2: True` and you want to remove the old installation. Default: `False`. -* `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent`. In case for EPEL, it is automatically renamed. -* `zabbix_sender_package`: The name of the zabbix-sender package. Default: `zabbix-sender`. In case for EPEL, it is automatically renamed. -* `zabbix_get_package`: The name of the zabbix-get package. Default: `zabbix-get`. In case for EPEL, it is automatically renamed. -* `zabbix_agent_package_state`: If Zabbix-agent needs to be `present` or `latest`. -* `zabbix_agent_interfaces`: A list that configured the interfaces you can use when configuring via API. +* `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent` if `zabbix_agent2` is fale and `zabbix-agent2` if `true`. +* `zabbix_agent_sender_package`: The name of the zabbix-sender package. Default: `zabbix-sender`. +* `zabbix_agent_get_package`: The name of the zabbix-get package. Default: `zabbix-get`. +* `zabbix_agent_package_state`: If Zabbix-agent needs to be `present` (default) or `latest`. * `zabbix_agent_install_agent_only`: Only install the Zabbix Agent and not the `zabbix-sender` and `zabbix-get` packages. Default: `False` * `zabbix_agent_userparameters`: Default: `[]]`. List of userparameter names and scripts (if any). Detailed description is given in the [Deploying Userparameters](#deploying-userparameters) section. - * `name`: Userparameter name (should be the same with userparameter template file name) - * `scripts_dir`: Directory name of the custom scripts needed for userparameters + * `name`: Userparameter name (should be the same with userparameter template file name) + * `scripts_dir`: Directory name of the custom scripts needed for userparameters * `zabbix_agent_userparameters_templates_src`: indicates the relative path (from `templates/`) where userparameter templates are searched * `zabbix_agent_userparameters_scripts_src`: indicates the relative path (from `files/`) where userparameter scripts are searched * `zabbix_agent_runas_user`: Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled. -* `zabbix_agent_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. * `zabbix_agent_apt_priority`: Add a weight (`Pin-Priority`) for the APT repository. * `zabbix_agent_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. * `zabbix_agent_dont_detect_ip`: Default `false`. When set to `true`, it won't detect available ip addresses on the host and no need for the Python module `netaddr` to be installed. @@ -170,77 +149,73 @@ The following is an overview of all available configuration default for this rol ### Zabbix Agent vs Zabbix Agent 2 configuration -The following provides an overview of all the properties that can be set in the Zabbix Agent configuration file. When `(2)` is used in the name of the property, like `zabbix_agent(2)_pidfile`, it will show that you can configure `zabbix_agent_pidfile` for the Zabbix Agent configuration file and `zabbix_agent2_pidfile` for the Zabbix Agent 2 configuration file. +The following provides an overview of all the properties that can be set in the Zabbix Agent configuration file. When `` is used in the name of the property, like `zabbix_agent_pidfile`, it will show that you can configure `zabbix_agent_pidfile` for the Zabbix Agent configuration file and `zabbix_agent2_pidfile` for the Zabbix Agent 2 configuration file. Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. -* `zabbix_agent(2)_server`: The ip address for the zabbix-server or zabbix-proxy. -* `zabbix_agent(2)_serveractive`: The ip address for the zabbix-server or zabbix-proxy for active checks. -* `zabbix_agent(2)_allow_key`: list of AllowKey configurations. -* `zabbix_agent(2)_deny_key`: list of DenyKey configurations. -* `zabbix_agent(2)_pidfile`: name of pid file. -* `zabbix_agent(2)_logfile`: name of log file. -* `zabbix_agent(2)_logfilesize`: maximum size of log file in mb. -* `zabbix_agent(2)_additional_include`: A list of additional complete paths to include in configuration -* `zabbix_agent(2)_logtype`: Specifies where log messages are written to -* `zabbix_agent(2)_debuglevel`: specifies debug level -* `zabbix_agent(2)_sourceip`: source ip address for outgoing connections. +* `zabbix_agent_server`: The ip address for the zabbix-server or zabbix-proxy. +* `zabbix_agent_serveractive`: The ip address for the zabbix-server or zabbix-proxy for active checks. +* `zabbix_agent_pidfile`: name of pid file. +* `zabbix_agent_logfile`: name of log file. +* `zabbix_agent_logfilesize`: maximum size of log file in mb. +* `zabbix_agent_logtype`: Specifies where log messages are written to +* `zabbix_agent_debuglevel`: specifies debug level +* `zabbix_agent_sourceip`: source ip address for outgoing connections. * `zabbix_agent_enableremotecommands`: whether remote commands from zabbix server are allowed. * `zabbix_agent_logremotecommands`: enable logging of executed shell commands as warnings. -* `zabbix_agent(2)_listenport`: agent will listen on this port for connections from the server. -* `zabbix_agent2_statusport`: Agent will listen on this port for HTTP status requests. -* `zabbix_agent(2)_listenip`: list of comma delimited ip addresses that the agent should listen on. +* `zabbix_agent_listenport`: agent will listen on this port for connections from the server. Default: 10050 +* `zabbix_agent_statusport`: Agent will listen on this port for HTTP status requests. Default: 9999 +* `zabbix_agent_listenip`: list of comma delimited ip addresses that the agent should listen on. * `zabbix_agent_startagents`: number of pre-forked instances of zabbix_agentd that process passive checks. -* `zabbix_agent(2)_hostname`: unique, case sensitive hostname. -* `zabbix_agent(2)_hostnameitem`: item used for generating hostname if it is undefined. -* `zabbix_agent(2)_hostmetadata`: optional parameter that defines host metadata. -* `zabbix_agent(2)_hostmetadataitem`: optional parameter that defines an item used for getting the metadata. -* `zabbix_agent(2)_refreshactivechecks`: how often list of active checks is refreshed, in seconds. -* `zabbix_agent(2)_buffersend`: do not keep data longer than n seconds in buffer. -* `zabbix_agent(2)_buffersize`: maximum number of values in a memory buffer. the agent will send all collected data to zabbix server or proxy if the buffer is full. -* `zabbix_agent2_enablepersistentbuffer`: 0 - disabled, in-memory buffer is used (default); 1 - use persistent buffer -* `zabbix_agent2_persistentbufferperiod`: Zabbix Agent2 will keep data for this time period in case of no connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved. -* `zabbix_agent2_persistentbufferfile`: Zabbix Agent2 will keep SQLite database in this file * n is valid if `EnablePersistentBuffer=1` +* `zabbix_agent_hostname`: unique, case sensitive hostname. Default `{{ inventory_hostname }}` +* `zabbix_agent_hostnameitem`: item used for generating hostname if it is undefined. +* `zabbix_agent_hostmetadata`: optional parameter that defines host metadata. +* `zabbix_agent_hostmetadataitem`: optional parameter that defines an item used for getting the metadata. +* `zabbix_agent_refreshactivechecks`: how often list of active checks is refreshed, in seconds. +* `zabbix_agent_buffersend`: do not keep data longer than n seconds in buffer. +* `zabbix_agent_buffersize`: maximum number of values in a memory buffer. the agent will send all collected data to zabbix server or proxy if the buffer is full. +* `zabbix_agent_persistentbufferperiod`: Zabbix Agent2 will keep data for this time period in case of no connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved. Default: 1hr +* `zabbix_agent_persistentbufferfile`: Zabbix Agent2 will keep SQLite database in this file * n is valid if `EnablePersistentBuffer=1` * `zabbix_agent_maxlinespersecond`: maximum number of new lines the agent will send per second to zabbix server or proxy processing 'log' and 'logrt' active checks. * `zabbix_agent_allowroot`: allow the agent to run as 'root'. if disabled and the agent is started by 'root', the agent will try to switch to user 'zabbix' instead. has no effect if started under a regular user. -* `zabbix_agent(2)_zabbix_alias`: sets an alias for parameter. it can be useful to substitute long and complex parameter name with a smaller and simpler one. Can be both a string as an list. -* `zabbix_agent(2)_timeout`: spend no more than timeout seconds on processing -* `zabbix_agent(2)_include`: you may include individual files or all files in a directory in the configuration file. -* `zabbix_agent(2)_include_pattern`: Optional file pattern used for included files. -* `zabbix_agent(2)_include_mode`: The mode for the directory mentioned above. -* `zabbix_agent(2)_unsafeuserparameters`: allow all characters to be passed in arguments to user-defined parameters. +* `zabbix_agent_aliases`: sets an alias for parameter. it can be useful to substitute long and complex parameter name with a smaller and simpler one. Can be both a string as an list. +* `zabbix_agent_timeout`: spend no more than timeout seconds on processing. Default: 3 +* `zabbix_agent_include`: you may include individual files or all files in a directory in the configuration file. +* `zabbix_agent_include_mode`: The mode for the directory mentioned above. +* `zabbix_agent_unsafeuserparameters`: allow all characters to be passed in arguments to user-defined parameters. * `zabbix_agent_loadmodulepath`: Full path to location of agent modules. * `zabbix_agent_loadmodule`: Module to load at agent startup. Modules are used to extend functionality of the agent. * `zabbix_agent2_controlsocket`: The control socket, used to send runtime commands with '-R' option. -* `zabbix_agent_allowroot`: Allow the agent to run as 'root'. 0 - do not allow, 1 - allow -* `zabbix_agent2_plugins`: A list containing plugin configuration. -* `zabbix_agent(2)_listenbacklog`: The maximum number of pending connections in the queue. + * `zabbix_agent_listenbacklog`: The maximum number of pending connections in the queue. ## TLS Specific configuration -These variables are specific for Zabbix 3.0 and higher. When `(2)` is used in the name of the property, like `zabbix_agent(2)_tlsconnect`, it will show that you can configure `zabbix_agent_tlsconnect` for the Zabbix Agent configuration file and `zabbix_agent2_tlsconnect` for the Zabbix Agent 2 configuration file. +When `` is used in the name of the property, like `zabbix_agent_tlsconnect`, it will show that you can configure `zabbix_agent_tlsconnect` for the Zabbix Agent configuration file and `zabbix_agent2_tlsconnect` for the Zabbix Agent 2 configuration file. -* `zabbix_agent(2)_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. +* `zabbix_agent_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. Possible values: * unencrypted * psk * cert -* `zabbix_agent(2)_tlsaccept`: What incoming connections to accept. +* `zabbix_agent_tlsaccept`: What incoming connections to accept. Possible values: * unencrypted * psk * cert -* `zabbix_agent(2)_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. -* `zabbix_agent(2)_tlscrlfile`: Full pathname of a file containing revoked certificates. -* `zabbix_agent(2)_tlsservercertissuer`: Allowed server certificate issuer. -* `zabbix_agent(2)_tlsservercertsubject`: Allowed server certificate subject. -* `zabbix_agent(2)_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. -* `zabbix_agent(2)_tlskeyfile`: Full pathname of a file containing the agent private key. -* `zabbix_agent(2)_tlspskidentity`: Unique, case sensitive string used to identify the pre-shared key. -* `zabbix_agent(2)_tlspskidentity_file`: Full pathname of a file containing the pre-shared key identity. -* `zabbix_agent(2)_tlspskfile`: Full pathname of a file containing the pre-shared key. -* `zabbix_agent(2)_tlspsk_secret`: The pre-shared secret key that should be placed in the file configured with `agent_tlspskfile`. -* `zabbix_agent(2)_tlspsk_auto`: Enables auto generation and storing of individual pre-shared keys and identities on clients. Is false by default. If set to true and if `zabbix_agent_tlspskfile` and `zabbix_agent_tlspsk_secret` are undefined, it generates the files `/etc/zabbix/tls_psk_auto.identity` and `/etc/zabbix/tls_psk_auto.secret`, which are populated by values automatically (identity is set to hostname, underscore and 4 random alphanumeric digits; secret is 64 random alphanumeric digits) in such a way that the values are generated once and are never overwritten. +* `zabbix_agent_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. +* `zabbix_agent_tlscrlfile`: Full pathname of a file containing revoked certificates. +* `zabbix_agent_visible_hostname` : Configure Zabbix visible name inside Zabbix web UI for the node. + +* `zabbix_agent_tlsservercertissuer`: Allowed server certificate issuer. +* `zabbix_agent_tlsservercertsubject`: Allowed server certificate subject. +* `zabbix_agent_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. +* `zabbix_agent_tlskeyfile`: Full pathname of a file containing the agent private key. +* `zabbix_agent_tlspskidentity`: Unique, case sensitive string used to identify the pre-shared key. +* `zabbix_agent_tls_subject`: The subject of the TLS certificate. +* `zabbix_agent_tlspskidentity_file`: Full pathname of a file containing the pre-shared key identity. +* `zabbix_agent_tlspskfile`: Full pathname of a file containing the pre-shared key. +* `zabbix_agent_tlspsk_secret`: The pre-shared secret key for the agent. +* `zabbix_agent_tlspsk_auto`: Enables auto generation and storing of individual pre-shared keys and identities on clients. Is false by default. If set to true and if `zabbix_agent_tlspskfile` and `zabbix_agent_tlspsk_secret` are undefined, it generates the files `/etc/zabbix/tls_psk_auto.identity` and `/etc/zabbix/tls_psk_auto.secret`, which are populated by values automatically (identity is set to hostname, underscore and 4 random alphanumeric digits; secret is 64 random alphanumeric digits) in such a way that the values are generated once and are never overwritten. The results are stored in the Ansible variables `zabbix_agent_tlspskidentity` and `zabbix_agent_tlspsk_secret`, so that they may be used later in the code, for example with [zabbix_host](https://docs.ansible.com/ansible/latest/collections/community/zabbix/zabbix_host_module.html) to configure the Zabbix server or with `debug: msg:` to display them to the user. @@ -257,43 +232,41 @@ Host encryption configuration will be set to match agent configuration. * `zabbix_api_login_pass`: Password for the user which has API access. * `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). * `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). -* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used. -* `zabbix_api_timeout`: How many seconds to wait for API response (default 30s). +* `zabbix_api_validate_certs`: `True` if we need to validate tls certificates of the API. Use `False` in case self-signed certificates are used. Default: `False` * `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`. -* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False` -* `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http:///zabbixeu then set to `zabbixeu` -* `zabbix_agent_hostgroups_state`: present (Default) if the hostgroup needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_hostgroup` is set to `True`. +* `zabbix_agent_interfaces`: A list of interfaces and their configurations you can use when configuring via API. +* `zabbix_agent_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. +* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. Default: `False` * `zabbix_host_status`: enabled (Default) when host in monitored, disabled when host is disabled for monitoring. * `zabbix_agent_host_state`: present (Default) if the host needs to be created or absent is you want to delete it. This only works when `zabbix_api_create_hosts` is set to `True`. * `zabbix_agent_host_update`: yes (Default) if the host should be updated if already present. This only works when `zabbix_api_create_hosts` is set to `True`. * `zabbix_useuip`: 1 if connection to zabbix-agent is made via ip, 0 for fqdn. -* `zabbix_host_groups`: A list of hostgroups which this host belongs to. -* `zabbix_agent_link_templates`: A list of templates which needs to be link to this host. The templates should exist. +* `zabbix_host_groups`: A list of hostgroups which this host belongs to. Default: "Linux Servers" +* `zabbix_agent_proxy`: The name of the Zabbix proxy (if used). Default `null` +* `zabbix_agent_link_templates`: A list of templates which needs to be link to this host. The templates should exist. Default: "Templated Linux by Zabbix agent" * `zabbix_agent_macros`: A list with macro_key and macro_value for creating hostmacro's. * `zabbix_agent_tags`: A list with tag and (optionally) value for creating host tags. -* `zabbix_agent_inventory_mode`: Configure Zabbix inventory mode. Needed for building inventory data, manually when configuring a host or automatically by using some automatic population options. This has to be set to `automatic` if you want to make automatically building inventory data. -* `zabbix_agent_visible_hostname` : Configure Zabbix visible name inside Zabbix web UI for the node. +* `zabbix_agent_inventory_mode`: Configure Zabbix inventory mode. Needed for building inventory data, manually when configuring a host or automatically by using some automatic population options. This has to be set to `automatic` if you want to make automatically building inventory data. Default `disabled` * `zabbix_agent_description`: Description of the host in Zabbix. -* `zabbix_agent_inventory_zabbix`: Adds Facts for a zabbix inventory +* `zabbix_agent_inventory_zabbix`: Adds Facts for a zabbix inventory. Default `{}` ## Windows Variables **NOTE** -_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ -When `(2)` is used in the name of the property, like `zabbix_agent(2)_win_logfile`, it will show that you can configure `zabbix_agent_win_logfile` for the Zabbix Agent configuration file and `zabbix_agent2_win_logfile` for the Zabbix Agent 2 configuration file. +Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ +When `` is used in the name of the property, like `zabbix_agent_win_logfile`, it will show that you can configure `zabbix_agent_win_logfile` for the Zabbix Agent configuration file and `zabbix_agent2_win_logfile` for the Zabbix Agent 2 configuration file. Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. -* `zabbix(2)_win_package`: file name pattern (zip only). This will be used to generate the `zabbix(2)_win_download_link` variable. -* `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix(2)_win_package` and `zabbix(2)_win_download_link` variables. This takes precedence over `zabbix_agent_version`. -* `zabbix(2)_win_download_link`: The download url to the `win.zip` file. +* `zabbix_win_package`: file name pattern (zip only). This will be used to generate the `zabbix_win_download_link` variable. +* `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_win_package` and `zabbix_win_download_link` variables. This takes precedence over `zabbix_agent_version`. +* `zabbix_win_download_link`: The download url to the `win.zip` file. * `zabbix_win_install_dir`: The directory where Zabbix needs to be installed. * `zabbix_win_install_dir_conf`: The directory where Zabbix configuration file needs to be installed. * `zabbix_win_install_dir_bin`: The directory where Zabbix binary file needs to be installed. -* `zabbix_agent(2)_win_logfile`: The full path to the logfile for the Zabbix Agent. +* `zabbix_agent_win_logfile`: The full path to the logfile for the Zabbix Agent. * `zabbix_agent_win_include`: The directory in which the Zabbix Agent specific configuration files are stored. -* `zabbix_agent_win_svc_recovery`: Enable Zabbix Agent service auto-recovery settings. * `zabbix_win_firewall_management`: Enable Windows firewall management (add service and port to allow rules). Default: `True` ## macOS Variables @@ -302,8 +275,10 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. _Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ +* `zabbix_mac_package`: The name of the mac install package. Default `zabbix_agent-{{ zabbix_version_long }}-macos-amd64-openssl.pkg` * `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_mac_download_link` link. * `zabbix_mac_download_link`: The download url to the `pkg` file. +* `zabbix_mac_download_url`: The download url. Default `https://cdn.zabbix.com/zabbix/binaries/stable` ## Docker Variables @@ -332,8 +307,8 @@ Keep in mind that using the Zabbix Agent in a Container requires changes to the * `zabbix_agent_docker_user_uid`: The user id of the zabbix user in the Container. * `zabbix_agent_docker_network_mode`: The name of the (Docker) network that should be used for the Container. Default `host`. * `zabbix_agent_docker_restart_policy`: Default: `unless-stopped`. The restart policy of the Container. -* `zabbix_agent_docker_privileged`: When set to `True`, the container is running in privileged mode. -* `zabbix_agent_docker_ports`: A list with `:` values to open ports to the container. +* `zabbix_agent_docker_privileged`: When set to `True`, the container is running in privileged mode. Default `false` +* `zabbix_agent_docker_ports`: A list with `:` values to open ports to the container. Default `10050` * `zabbix_agent_docker_security_opts`: A list with available security options. * `zabbix_agent_docker_volumes`: A list with all directories that needs to be available in the Container. * `zabbix_agent_docker_env`: A dict with all environment variables that needs to be set for the Container. @@ -369,18 +344,6 @@ There are no dependencies on other roles. # Example Playbook -## zabbix_agent2_plugins - -Specifically for the Zabbix Agent 2, a list of extra plugins can be configured. The following provides an overview of configuring the `SystemRun` plugin by setting the `LogRemoteCommands` to `0`: - -```yaml -zabbix_agent2_plugins: - - name: SystemRun - options: - - parameter: LogRemoteCommands - value: 0 -``` - In the `zabbix_agent2.conf` an entry will be created with the following content: ``` diff --git a/molecule/zabbix_agent_tests/common/molecule.yml b/molecule/zabbix_agent_tests/common/molecule.yml index a48b6ae60..4666f0192 100644 --- a/molecule/zabbix_agent_tests/common/molecule.yml +++ b/molecule/zabbix_agent_tests/common/molecule.yml @@ -28,8 +28,6 @@ provisioner: inventory: group_vars: all: - zabbix_agent_src_reinstall: false - zabbix_install_pip_packages: false zabbix_agent_server: 192.168.3.33 zabbix_agent_serveractive: 192.168.3.33 zabbix_agent_listenip: 0.0.0.0 diff --git a/molecule/zabbix_agent_tests/molecule/agent2/molecule.yml b/molecule/zabbix_agent_tests/molecule/agent2/molecule.yml index 76edc902e..3d28d94c9 100644 --- a/molecule/zabbix_agent_tests/molecule/agent2/molecule.yml +++ b/molecule/zabbix_agent_tests/molecule/agent2/molecule.yml @@ -9,6 +9,7 @@ provisioner: zabbix_agent2: true zabbix_agent2_tlsconnect: psk zabbix_agent2_tlsaccept: psk + zabbix_agent2_tlspsk_auto: True zabbix_agent2_tlspskidentity: my_Identity zabbix_agent2_tlspskfile: /data/certs/zabbix.psk zabbix_agent2_tlspsk_secret: 97defd6bd126d5ba7fa5f296595f82eac905d5eda270207a580ab7c0cb9e8eab @@ -16,4 +17,4 @@ provisioner: - name: SystemRun options: - parameter: LogRemoteCommands - value: 0 \ No newline at end of file + value: 0 diff --git a/molecule/zabbix_agent_tests/molecule/agent2/tests/conftest.py b/molecule/zabbix_agent_tests/molecule/agent2/tests/conftest.py index 05afef10e..5d7087ab2 100644 --- a/molecule/zabbix_agent_tests/molecule/agent2/tests/conftest.py +++ b/molecule/zabbix_agent_tests/molecule/agent2/tests/conftest.py @@ -13,7 +13,7 @@ def zabbix_agent_conf(host): if host.system_info.distribution in ["opensuse"]: passwd = host.file("/etc/zabbix/zabbix-agentd.conf") else: - passwd = host.file("/etc/zabbix/zabbix_agent2d.conf") + passwd = host.file("/etc/zabbix/zabbix_agent2.conf") return passwd diff --git a/molecule/zabbix_agent_tests/molecule/agent2autopsk/tests/conftest.py b/molecule/zabbix_agent_tests/molecule/agent2autopsk/tests/conftest.py index 05afef10e..5d7087ab2 100644 --- a/molecule/zabbix_agent_tests/molecule/agent2autopsk/tests/conftest.py +++ b/molecule/zabbix_agent_tests/molecule/agent2autopsk/tests/conftest.py @@ -13,7 +13,7 @@ def zabbix_agent_conf(host): if host.system_info.distribution in ["opensuse"]: passwd = host.file("/etc/zabbix/zabbix-agentd.conf") else: - passwd = host.file("/etc/zabbix/zabbix_agent2d.conf") + passwd = host.file("/etc/zabbix/zabbix_agent2.conf") return passwd diff --git a/roles/zabbix_agent/defaults/main.yml b/roles/zabbix_agent/defaults/main.yml index c44aec0ac..bbcaea291 100644 --- a/roles/zabbix_agent/defaults/main.yml +++ b/roles/zabbix_agent/defaults/main.yml @@ -2,40 +2,33 @@ # defaults file for zabbix_agent zabbix_agent2: false -# zabbix_agent_version: 6.4 zabbix_agent_version_minor: "*" zabbix_version_patch: 0 zabbix_agent_package_remove: false -# zabbix_agent_package: zabbix-agent -zabbix_sender_package: zabbix-sender -zabbix_get_package: zabbix-get +zabbix_sender_package: zabbix-sender # Depricate in 3.0 +zabbix_agent_sender_package: "{{ zabbix_sender_package }}" +zabbix_get_package: zabbix-get # Depricate in 3.0 +zabbox_agent_get_package: "{{ zabbix_get_package }}" zabbix_agent_package_state: present zabbix_selinux: false -zabbix_agent_apt_priority: zabbix_agent_conf_mode: "0644" zabbix_agent_dont_detect_ip: false -zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" -zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" -# Selinux related vars +zabbix_agent_tlspskidentity_file: + "/etc/zabbix/tls_psk_auto.identity" + # Selinux related vars selinux_allow_zabbix_run_sudo: false zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key zabbix_repo_deb_include_deb_src: true zabbix_agent_install_agent_only: false -zabbix_agent_packages: - - "{{ zabbix_agent_package }}" - - "{{ zabbix_sender_package }}" - - "{{ zabbix_get_package }}" # Zabbix role related vars zabbix_apt_force_apt_get: true zabbix_apt_install_recommends: false # Override Ansible specific facts -zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}" -zabbix_agent_distribution_release: "{{ ansible_distribution_release }}" zabbix_repo_yum_gpgcheck: 0 zabbix_repo_yum_schema: https zabbix_agent_disable_repo: @@ -43,21 +36,21 @@ zabbix_agent_disable_repo: zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" mode: "0644" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present - name: zabbix-non-supported description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" mode: "0644" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present - name: zabbix-agent2-plugins description: Zabbix Official Repository (Agent2 Plugins) - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ ansible_distribution_major_version }}/$basearch/" mode: "0644" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX @@ -65,10 +58,9 @@ zabbix_repo_yum: zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" zabbix_repo_deb_component: main -# zabbix_agent_tlsservercertsubject: + # Zabbix API stuff zabbix_api_server_host: localhost -# zabbix_api_server_port: 80 zabbix_api_login_user: Admin zabbix_api_use_ssl: false zabbix_api_login_pass: !unsafe zabbix @@ -76,10 +68,10 @@ zabbix_api_validate_certs: false ansible_httpapi_pass: "{{ zabbix_api_login_pass }}" ansible_httpapi_port: "{{ zabbix_api_server_port }}" ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}" -zabbix_api_timeout: 30 + +# API Related Variables zabbix_api_create_hostgroup: false zabbix_api_create_hosts: false -zabbix_agent_hostgroups_state: present # or absent zabbix_agent_host_state: present # or absent zabbix_agent_host_update: true zabbix_host_status: enabled # or disabled @@ -100,54 +92,32 @@ zabbix_agent_interfaces: port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}" # Zabbix configuration variables -# zabbix_agent_enableremotecommands: 0 -# zabbix_agent_allowkeys: -# zabbix_agent_denykeys: -# zabbix_agent_logremotecommands: 0 -# zabbix_agent_jmx_listenport: zabbix_agent_listeninterface: -# zabbix_agent_startagents: 3 -# zabbix_agent_maxlinespersecond: 100 -# zabbix_agent_allowroot: 0 -zabbix_agent_zabbix_alias: # Deprecate after 3.0 -zabbix_agent_alias: "{{ zabbix_agent_zabbix_alias }}" -# zabbix_agent_timeout: 3 -# zabbix_agent_userparameters: [] -# zabbix_agent_userparameters_templates_src: "userparameters" -# zabbix_agent_userparameters_scripts_src: "scripts" -# zabbix_agent_custom_scripts: false -# zabbix_agent_loadmodulepath: ${libdir}/modules -# zabbix_agent_loadmodule: -# zabbix_agent_become_on_localhost: true -# zabbix_agent_description: -# zabbix_agent_inventory_zabbix: {} -# zabbix_agent_heartbeatfrequency: 60 -# zabbix_agent_macros: [] -# zabbix_agent_tags: [] -# zabbix_agent_chassis: false + +# statusportzabbix_agent_zabbix_alias: # Deprecate after 3.0 +zabbix_agent_alias: "{{ statusportzabbix_agent_zabbix_alias is defined | ternary(statusportzabbix_agent_zabbix_alias, zabbix_agent_alias) | default(omit) }}" +zabbix_agent_userparameters_templates_src: "userparameters" +zabbix_agent_userparameters_scripts_src: "scripts" +zabbix_agent_chassis: false zabbix_agent_tls_config: unencrypted: "1" psk: "2" - cert: "4" + cert: + "4" -# IPMI settings + # IPMI settings zabbix_agent_ipmi_authtype: -1 zabbix_agent_ipmi_password: zabbix_agent_ipmi_privilege: 2 zabbix_agent_ipmi_username: -# Zabbix Agent2 -# zabbix_agent2_statusport: 9999 -# zabbix_agent2_hostinterface: -# zabbix_agent2_hostinterfaceitem: -# zabbix_agent2_enablepersistentbuffer: 0 -# zabbix_agent2_persistentbufferperiod: 1h -# zabbix_agent2_persistentbufferfile: -# zabbix_agent2_zabbix_alias: -# zabbix_agent2_timeout: 3 -# zabbix_agent2_controlsocket: /tmp/agent.sock -# zabbix_agent2_plugins: [] +####### Agent 1 Stuff Only + +zabbix_agent_loadmodulepath: ${libdir}/modules +zabbix_agent_logremotecommands: 0 +zabbix_agent_maxlinespersecond: 100 +zabbix_agent_startagents: 3 # Windows/macOS Related zabbix_version_long: 5.2.4 @@ -158,7 +128,6 @@ zabbix_win_install_dir: 'C:\Zabbix' zabbix_win_install_dir_conf: '{{ zabbix_win_install_dir }}\\conf' zabbix_win_install_dir_bin: '{{ zabbix_win_install_dir }}\\bin' zabbix_agent_win_include: "{{ zabbix_win_install_dir }}\\zabbix_agent.d\\" -zabbix_agent_win_svc_recovery: true zabbix_win_firewall_management: true # macOS Related diff --git a/roles/zabbix_agent/tasks/Debian.yml b/roles/zabbix_agent/tasks/Debian.yml index 92d56b179..2840d0a12 100644 --- a/roles/zabbix_agent/tasks/Debian.yml +++ b/roles/zabbix_agent/tasks/Debian.yml @@ -38,7 +38,7 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. + when: not ansible_check_mode # Because get_url always has changed status in check_mode. ansible.builtin.get_url: url: "{{ zabbix_repo_deb_gpg_key_url }}" dest: "{{ zabbix_gpg_key }}" @@ -69,29 +69,28 @@ tags: - install -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" +- name: Configure APT Prefrence when: + - zabbix_agent_apt_priority is defined - zabbix_agent_apt_priority | int - become: true - tags: - - install + ansible.builtin.block: + - name: "Debian | Create /etc/apt/preferences.d/" + ansible.builtin.file: + path: /etc/apt/preferences.d/ + state: directory + mode: "0755" + become: true -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" - content: | - Package: {{ zabbix_agent_package }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_agent_apt_priority | int }} - owner: root - mode: "0644" - when: - - zabbix_agent_apt_priority | int - become: true + - name: "Debian | Configuring the weight for APT" + ansible.builtin.copy: + dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" + content: | + Package: {{ zabbix_agent_package }} + Pin: origin repo.zabbix.com + Pin-Priority: {{ zabbix_agent_apt_priority | int }} + owner: root + mode: "0644" + become: true tags: - install @@ -115,8 +114,8 @@ - name: "Debian | Installing zabbix-{sender,get}" ansible.builtin.apt: pkg: - - "{{ zabbix_sender_package }}" - - "{{ zabbix_get_package }}" + - "{{ zabbix_agent_sender_package }}" + - "{{ zabbox_agent_get_package }}" state: "{{ zabbix_agent_package_state }}" update_cache: true cache_valid_time: 0 diff --git a/roles/zabbix_agent/tasks/Linux.yml b/roles/zabbix_agent/tasks/Linux.yml index 35c8436db..52aea3305 100644 --- a/roles/zabbix_agent/tasks/Linux.yml +++ b/roles/zabbix_agent/tasks/Linux.yml @@ -21,7 +21,6 @@ ansible.builtin.set_fact: zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}" # zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" - # zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" # zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}" # zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}" when: @@ -121,7 +120,7 @@ - name: "Configure zabbix-agent" ansible.builtin.template: src: agent.conf.j2 - dest: "/etc/zabbix/zabbix_agentd{{ '2' if zabbix_agent2 | bool }}.conf" + dest: "/etc/zabbix/zabbix_agent{{ (zabbix_agent2 | bool) | ternary('2', 'd') }}.conf" owner: root group: root mode: "{{ zabbix_agent_conf_mode }}" @@ -141,23 +140,7 @@ become: true when: - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - not (zabbix_agent2 | bool) - tags: - - config - -- name: "Create directory for PSK file if not exist (zabbix-agent2)" - ansible.builtin.file: - path: "{{ zabbix_agent2_tlspskfile | dirname }}" - mode: 0755 - state: directory - become: true - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - zabbix_agent2 | bool - tags: - - config + - zabbix_agent_tlspskfile - name: "Place TLS PSK File" ansible.builtin.copy: @@ -169,27 +152,8 @@ become: true when: - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent_tlspskfile - zabbix_agent_tlspsk_secret is defined - - not (zabbix_agent2 | bool) - notify: - - restart zabbix-agent - tags: - - config - -- name: "Place TLS PSK File (zabbix-agent2)" - ansible.builtin.copy: - dest: "{{ zabbix_agent2_tlspskfile }}" - content: "{{ zabbix_agent2_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - - zabbix_agent2_tlspsk_secret is defined - - zabbix_agent2 | bool notify: - restart zabbix-agent tags: diff --git a/roles/zabbix_agent/tasks/Windows.yml b/roles/zabbix_agent/tasks/Windows.yml index ddf24d3d2..8ae1a9058 100644 --- a/roles/zabbix_agent/tasks/Windows.yml +++ b/roles/zabbix_agent/tasks/Windows.yml @@ -32,7 +32,7 @@ zabbix_win_config_name: "zabbix_agentd.conf" zabbix2_win_svc_name: Zabbix Agent 2 zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe' - zabbix2_win_config_name: "zabbix_agent2d.conf" + zabbix2_win_config_name: "zabbix_agentd2.conf" tags: - always diff --git a/roles/zabbix_agent/tasks/api.yml b/roles/zabbix_agent/tasks/api.yml index a358e1bd0..0013f1783 100644 --- a/roles/zabbix_agent/tasks/api.yml +++ b/roles/zabbix_agent/tasks/api.yml @@ -1,8 +1,8 @@ --- - name: "API | Create host groups" community.zabbix.zabbix_group: - host_group: "{{ zabbix_host_groups }}" - state: "{{ zabbix_agent_hostgroups_state }}" + host_groups: "{{ zabbix_host_groups }}" + state: present when: - zabbix_api_create_hostgroup | bool register: zabbix_api_hostgroup_created @@ -35,7 +35,7 @@ ipmi_password: "{{ zabbix_agent_ipmi_password| default(omit) }}" ipmi_privilege: "{{ zabbix_agent_ipmi_privilege | default(omit) }}" ipmi_username: "{{ zabbix_agent_ipmi_username | default(omit) }}" - tags: "{{ zabbix_agent_tags }}" + tags: "{{ zabbix_agent_tags | default(omit) }}" register: zabbix_api_host_created until: zabbix_api_host_created is succeeded delegate_to: "{{ zabbix_api_server_host }}" @@ -51,7 +51,6 @@ macro_type: "{{ item.macro_type|default('text') }}" with_items: "{{ zabbix_agent_macros | default([]) }}" when: - - zabbix_agent_macros is defined - item.macro_key is defined register: zabbix_api_hostmarcro_created until: zabbix_api_hostmarcro_created is succeeded diff --git a/roles/zabbix_agent/tasks/main.yml b/roles/zabbix_agent/tasks/main.yml index 2b028c40e..bbeb52a9c 100644 --- a/roles/zabbix_agent/tasks/main.yml +++ b/roles/zabbix_agent/tasks/main.yml @@ -26,53 +26,47 @@ - name: Set Variables ansible.builtin.set_fact: - zabbix_agent_buffersend: "{{ zabbix_agent_buffersend is defined | ternary(zabbix_agent_buffersend, zabbix_agent2_buffersend) | default(_buffersend) }}" - zabbix_agent_buffersize: "{{ zabbix_agent_buffersize is defined | ternary(zabbix_agent_buffersize, zabbix_agent2_buffersize) | default(_buffersize) }}" - zabbix_agent_debuglevel: "{{ zabbix_agent_debuglevel is defined | ternary(zabbix_agent_debuglevel, zabbix_agent2_debuglevel) | default(_debuglevel) }}" - zabbix_agent_hostname: "{{ zabbix_agent_hostname is defined | ternary(zabbix_agent_hostname, zabbix_agent2_hostname) | default(_hostname) }}" zabbix_agent_include: "{{ zabbix_agent_include is defined | ternary(zabbix_agent_include, zabbix_agent2_include) | default(_include) }}" - zabbix_agent_include_mode: "{{ zabbix_agent_include_mode is defined | ternary(zabbix_agent_include_mode, zabbix_agent2_include_mode) | default(_include_mode) }}" - zabbix_agent_listenport: "{{ zabbix_agent_listenport is defined | ternary(zabbix_agent_listenport, zabbix_agent2_listenport) | default(_listenport) }}" - zabbix_agent_logtype: "{{ zabbix_agent_logtype is defined | ternary(zabbix_agent_logtype, zabbix_agent2_logtype) | default(_logtype) }}" zabbix_agent_logfile: "{{ zabbix_agent_logfilee is defined | ternary(zabbix_agent_logfile, zabbix_agent2_logfile) | default(_logfile) }}" - zabbix_agent_logfilesize: "{{ zabbix_agent_logfilesize is defined | ternary(zabbix_agent_logfilesize, zabbix_agent2_logfilesize) | default(_logfilesize) }}" zabbix_agent_package: "{{ zabbix_agent_package is defined | ternary(zabbix_agent_package, zabbix_agent2_package) | default(_agent_package) }}" zabbix_agent_pidfile: "{{ zabbix_agent_pidfile is defined | ternary(zabbix_agent_pidfile, zabbix_agent2_pidfile) | default(_pidfile) }}" - zabbix_agent_refreshactivechecks: "{{ zabbix_agent_refreshactivechecks is defined | ternary(zabbix_agent_refreshactivechecks, zabbix_agent2_refreshactivechecks) | default(_refreshactivechecks) }}" zabbix_agent_service: "{{ zabbix_agent_service is defined | ternary(zabbix_agent_service, zabbix_agent2_service) | default(_agent_service) }}" zabbix_agent_tls_subject: "{{ zabbix_agent_tls_subject is defined | ternary(zabbix_agent_tls_subject, zabbix_agent2_tls_subject) | default(_tls_subject) }}" - zabbix_agent_tlspsk_auto: "{{ zabbix_agent_tlspsk_auto is defined | ternary(zabbix_agent_tlspsk_auto, zabbix_agent2_tlspsk_auto) | default(_tlspsk_auto) }}" - zabbix_agent_unsafeuserparameters: "{{ zabbix_agent_unsafeuserparameters is defined | ternary(zabbix_agent_unsafeuserparameters, zabbix_agent2_unsafeuserparameters) | default(_unsafeuserparameters) }}" + +- name: Set More Varaibles # Move to defaults after 3.0 + ansible.builtin.set_fact: + zabbix_agent_buffersend: "{{ zabbix_agent_buffersend is defined | ternary(zabbix_agent_buffersend, zabbix_agent2_buffersend) | default(5) }}" + zabbix_agent_buffersize: "{{ zabbix_agent_buffersize is defined | ternary(zabbix_agent_buffersize, zabbix_agent2_buffersize) | default(100) }}" + zabbix_agent_controlsocket: "{{ zabbix_agent_controlsocket is defined | ternary(zabbix_agent_controlsocket, zabbix_agent2_controlsocket) | default('/tmp/agent.sock') }}" + zabbix_agent_debuglevel: "{{ zabbix_agent_debuglevel is defined | ternary(zabbix_agent_debuglevel, zabbix_agent2_debuglevel) | default(3) }}" + zabbix_agent_enableremotecommands: "{{ zabbix_agent_enableremotecommands is defined | ternary(zabbix_agent_enableremotecommands, zabbix_agent2_enableremotecommands) | default(0) }}" + zabbix_agent_heartbeatfrequency: "{{ zabbix_agent_heartbeatfrequency is defined | ternary(zabbix_agent_heartbeatfrequency, zabbix_agent2_heartbeatfrequency) | default(60) }}" + zabbix_agent_hostname: "{{ zabbix_agent_hostname is defined | ternary(zabbix_agent_hostname, zabbix_agent2_hostname) | default(inventory_hostname) }}" + zabbix_agent_include_mode: "{{ zabbix_agent_include_mode is defined | ternary(zabbix_agent_include_mode, zabbix_agent2_include_mode) | default('0750') }}" + zabbix_agent_listenport: "{{ zabbix_agent_listenport is defined | ternary(zabbix_agent_listenport, zabbix_agent2_listenport) | default(10050) }}" + zabbix_agent_logfilesize: "{{ zabbix_agent_logfilesize is defined | ternary(zabbix_agent_logfilesize, zabbix_agent2_logfilesize) | default(100) }}" + zabbix_agent_logtype: "{{ zabbix_agent_logtype is defined | ternary(zabbix_agent_logtype, zabbix_agent2_logtype) | default('file') }}" + zabbix_agent_persistentbufferperiod: "{{ zabbix_agent_persistentbufferperiod is defined | ternary(zabbix_agent_persistentbufferperiod, zabbix_agent2_persistentbufferperiod) | default('1h') }}" + zabbix_agent_refreshactivechecks: "{{ zabbix_agent_refreshactivechecks is defined | ternary(zabbix_agent_refreshactivechecks, zabbix_agent2_refreshactivechecks) | default(120) }}" + zabbix_agent_statusport: "{{ zabbix_agent_statusport is defined | ternary(zabbix_agent_statusport, zabbix_agent2_statusport) | default(9999) }}" + zabbix_agent_timeout: "{{ zabbix_agent_timeout is defined | ternary(zabbix_agent_timeout, zabbix_agent2_timeout) | default(3) }}" + zabbix_agent_tlspsk_auto: "{{ zabbix_agent_tlspsk_auto is defined | ternary(zabbix_agent_tlspsk_auto, zabbix_agent2_tlspsk_auto) | default(false) }}" + zabbix_agent_unsafeuserparameters: "{{ zabbix_agent_unsafeuserparameters is defined | ternary(zabbix_agent_unsafeuserparameters, zabbix_agent2_unsafeuserparameters) | default(0) }}" - name: Set More Variables # Remove for 3.0 release ansible.builtin.set_fact: zabbix_agent_allowkeys: "{{ zabbix_agent_allowkeys is defined | ternary(zabbix_agent_allowkeys, zabbix_agent2_allow_key) | default(omit) }}" - zabbix_agent_allowroot: "{{ zabbix_agent_allowroot is defined | ternary(zabbix_agent_allowroot, zabbix_agent2_allowroot) | default(omit) }}" - zabbix_agent_controlsocket: "{{ zabbix_agent_controlsocket is defined | ternary(zabbix_agent_controlsocket, zabbix_agent2_controlsocket) | default(omit) }}" zabbix_agent_denykeys: "{{ zabbix_agent_denykeys is defined | ternary(zabbix_agent_denykeys, zabbix_agent2_deny_key) | default(omit) }}" - zabbix_agent_enableremotecommands: "{{ zabbix_agent_enableremotecommands is defined | ternary(zabbix_agent_enableremotecommands, zabbix_agent2_enableremotecommands) | default(omit) }}" - zabbix_agent_heartbeatfrequency: "{{ zabbix_agent_heartbeatfrequency is defined | ternary(zabbix_agent_heartbeatfrequency, zabbix_agent2_heartbeatfrequency) | default(omit) }}" zabbix_agent_hostinterface: "{{ zabbix_agent_hostinterface is defined | ternary(zabbix_agent_hostinterface, zabbix_agent2_hostinterface) | default(omit) }}" - zabbix_agent_hostmetadataitem: "{{ zabbix_agent_hostmetadataitem is defined | ternary(zabbix_agent_hostmetadataitem, zabbix_agent2_hostmetadataitem) | default(omit) }}" + zabbix_agent_hostinterfaceitem: "{{ zabbix_agent_hostinterfaceitem is defined | ternary(zabbix_agent_hostinterfaceitem, zabbix_agent2_hostinterfaceitem) | default(omit) }}" zabbix_agent_hostmetadata: "{{ zabbix_agent_hostmetadata is defined | ternary(zabbix_agent_hostmetadata, zabbix_agent2_hostmetadata) | default(omit) }}" + zabbix_agent_hostmetadataitem: "{{ zabbix_agent_hostmetadataitem is defined | ternary(zabbix_agent_hostmetadataitem, zabbix_agent2_hostmetadataitem) | default(omit) }}" zabbix_agent_hostnameitem: "{{ zabbix_agent_hostnameitem is defined | ternary(zabbix_agent_hostnameitem, zabbix_agent2_hostnameitem) | default(omit) }}" - zabbix_agent_hostinterfaceitem: "{{ zabbix_agent_hostinterfaceitem is defined | ternary(zabbix_agent_hostinterfaceitem, zabbix_agent2_hostinterfaceitem) | default(omit) }}" - zabbix_agent_listenbacklog: "{{ zabbix_agent_listenbacklog is defined | ternary(zabbix_agent_listenbacklog, zabbix_agent2_listenbacklog) | default(omit) }}" zabbix_agent_listenip: "{{ zabbix_agent_listenip is defined | ternary(zabbix_agent_listenip, zabbix_agent2_listenip) | default(omit) }}" - zabbix_agent_loadmodule: "{{ zabbix_agent_loadmodule is defined | ternary(zabbix_agent_loadmodule, zabbix_agent2_loadmodule) | default(omit) }}" - zabbix_agent_loadmodulepath: "{{ zabbix_agent_loadmodulepath is defined | ternary(zabbix_agent_loadmodulepath, zabbix_agent2_loadmodulepath) | default(omit) }}" - zabbix_agent_logremotecommands: "{{ zabbix_agent_logremotecommands is defined | ternary(zabbix_agent_logremotecommands, zabbix_agent2_logremotecommands) | default(omit) }}" - zabbix_agent_maxlinespersecond: "{{ zabbix_agent_maxlinespersecond is defined | ternary(zabbix_agent_maxlinespersecond, zabbix_agent2_maxlinespersecond) | default(omit) }}" zabbix_agent_persistentbufferfile: "{{ zabbix_agent_persistentbufferfile is defined | ternary(zabbix_agent_persistentbufferfile, zabbix_agent2_persistentbufferfile) | default(omit) }}" - zabbix_agent_persistentbufferperiod: "{{ zabbix_agent_persistentbufferperiod is defined | ternary(zabbix_agent_persistentbufferperiod, zabbix_agent2_persistentbufferperiod) | default(omit) }}" - zabbix_agent_refreshactivechecks: "{{ zabbix_agent_refreshactivechecks is defined | ternary(zabbix_agent_refreshactivechecks, zabbix_agent2_refreshactivechecks) | default(omit) }}" - zabbix_agent_runas_user: "{{ zabbix_agent_runas_user is defined | ternary(zabbix_agent_runas_user, zabbix_agent2_runas_user) | default(omit) }}" zabbix_agent_server: "{{ zabbix_agent_server is defined | ternary(zabbix_agent_server, zabbix_agent2_server) | default(omit) }}" zabbix_agent_serveractive: "{{ zabbix_agent_serveractive is defined | ternary(zabbix_agent_serveractive, zabbix_agent2_serveractive) | default(omit) }}" zabbix_agent_sourceip: "{{ zabbix_agent_sourceip is defined | ternary(zabbix_agent_sourceip, zabbix_agent2_sourceip) | default(omit) }}" - zabbix_agent_startagents: "{{ zabbix_agent_startagents is defined | ternary(zabbix_agent_startagents, zabbix_agent2_startagents) | default(omit) }}" - zabbix_agent_statusport: "{{ zabbix_agent_statusport is defined | ternary(zabbix_agent_statusport, zabbix_agent2_statusport) | default(omit) }}" - zabbix_agent_timeout: "{{ zabbix_agent_timeout is defined | ternary(zabbix_agent_timeout, zabbix_agent2_timeout) | default(omit) }}" zabbix_agent_tlsaccept: "{{ zabbix_agent_tlsaccept is defined | ternary(zabbix_agent_tlsaccept, zabbix_agent2_tlsaccept) | default(omit) }}" zabbix_agent_tlscafile: "{{ zabbix_agent_tlscafile is defined | ternary(zabbix_agent_tlscafile, zabbix_agent2_tlscafile) | default(omit) }}" zabbix_agent_tlscertfile: "{{ zabbix_agent_tlscertfile is defined | ternary(zabbix_agent_tlscertfile, zabbix_agent2_tlscertfile) | default(omit) }}" @@ -80,16 +74,10 @@ zabbix_agent_tlscrlfile: "{{ zabbix_agent_tlscrlfile is defined | ternary(zabbix_agent_tlscrlfile, zabbix_agent2_tlscrlfile) | default(omit) }}" zabbix_agent_tlskeyfile: "{{ zabbix_agent_tlskeyfile is defined | ternary(zabbix_agent_tlskeyfile, zabbix_agent2_tlskeyfile) | default(omit) }}" zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity is defined | ternary(zabbix_agent_tlspskidentity, zabbix_agent2_tlspskidentity) | default(omit) }}" - zabbix_agent_tlspskfile: "{{ zabbix_agent_tlspskfile is defined | ternary(zabbix_agent_tlspskfile, zabbix_agent2_tlspskfile) | default(omit) }}" + zabbix_agent_tlspskfile: "{{ zabbix_agent_tlspskfile is defined | ternary(zabbix_agent_tlspskfile, zabbix_agent2_tlspskfile) | default('/etc/zabbix/tls_psk_auto.secret') }}" zabbix_agent_tlsservercertissuer: "{{ zabbix_agent_tlsservercertissuer is defined | ternary(zabbix_agent_tlsservercertissuer, zabbix_agent2_tlsservercertissuer) | default(omit) }}" zabbix_agent_tlsservercertsubject: "{{ zabbix_agent_tlsservercertsubject is defined | ternary(zabbix_agent_tlsservercertsubject, zabbix_agent2_tlsservercertsubject) | default(omit) }}" - zabbix_agent_unsafeuserparameters: "{{ zabbix_agent_unsafeuserparameters is defined | ternary(zabbix_agent_unsafeuserparameters, zabbix_agent2_unsafeuserparameters) | default(omit) }}" - zabbix_agent_zabbix_alias: "{{ zabbix_agent_zabbix_alias is defined | ternary(zabbix_agent_zabbix_alias, zabbix_agent2_zabbix_alias) | default(omit) }}" - -- name: Set More Variables # Remove for 3.0 release - ansible.builtin.set_fact: - zabbix_agent_aliases: "{{ zabbix_agent_zabbix_alias | default(omit) }}" - when: zabbix_agent_alias is undefined + zabbix_agent_aliases: "{{ zabbix_agent_aliases is defined | ternary(zabbix_agent_aliases, zabbix_agent_zabbix_alias) | default(omit) }}" - name: Setting Zabbix API Server Port ansible.builtin.set_fact: @@ -118,8 +106,6 @@ - config when: - zabbix_agent_tlspsk_auto | bool - # - (zabbix_agent_tlspskfile is undefined) or (zabbix_agent_tlspskfile | length == '0') - # - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0') - name: "Configure Agent" ansible.builtin.include_tasks: Windows_conf.yml diff --git a/roles/zabbix_agent/tasks/selinux.yml b/roles/zabbix_agent/tasks/selinux.yml index 2b11d1a47..21e176db6 100644 --- a/roles/zabbix_agent/tasks/selinux.yml +++ b/roles/zabbix_agent/tasks/selinux.yml @@ -29,7 +29,7 @@ until: zabbix_agent_policycoreutils_installed is succeeded when: - ansible_os_family == "RedHat" - - (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7") + - ansible_distribution_major_version == "7" become: true tags: - install diff --git a/roles/zabbix_agent/tasks/tlspsk_auto_common.yml b/roles/zabbix_agent/tasks/tlspsk_auto_common.yml index 05ef24d0e..dc76fc007 100644 --- a/roles/zabbix_agent/tasks/tlspsk_auto_common.yml +++ b/roles/zabbix_agent/tasks/tlspsk_auto_common.yml @@ -42,11 +42,13 @@ zabbix_agent_tlspskidentity: >- {{ zabbix_agent_visible_hostname - | default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname))) + | default(zabbix_agent_hostname) + '_' + lookup('password', '/dev/null chars=hexdigits length=4') }} - when: not zabbix_agent_tlspskidentity_check.stat.exists - no_log: "{{ ansible_verbosity < 3 }}" + when: + - not zabbix_agent_tlspskidentity_check.stat.exists + - zabbix_agent_tlspskidentity is undefined + # no_log: "{{ ansible_verbosity < 3 }}" tags: - config diff --git a/roles/zabbix_agent/templates/agent.conf.j2 b/roles/zabbix_agent/templates/agent.conf.j2 index f562d7e47..5353ef175 100644 --- a/roles/zabbix_agent/templates/agent.conf.j2 +++ b/roles/zabbix_agent/templates/agent.conf.j2 @@ -48,7 +48,9 @@ DenyKey={{ item }} {% else %} # DenyKey= {% endif %} +{% if not zabbix_agent2 %} {{ (zabbix_agent_enableremotecommands is defined and zabbix_agent_enableremotecommands is not none) | ternary('', '# ') }}EnableRemoteCommands={{ zabbix_agent_enableremotecommands | default('') }} +{% endif %} {% if zabbix_agent2 %} {{ (zabbix_agent_forceactivechecksonstart is defined and zabbix_agent_forceactivechecksonstart is not none) | ternary('', '# ') }}ForceActiveChecksOnStart={{ zabbix_agent_forceactivechecksonstart | default('') }} {% endif %} diff --git a/roles/zabbix_agent/templates/zabbix_agent2.conf.j2_ b/roles/zabbix_agent/templates/zabbix_agent2.conf.j2_ deleted file mode 100644 index 8f80f0bd3..000000000 --- a/roles/zabbix_agent/templates/zabbix_agent2.conf.j2_ +++ /dev/null @@ -1,44 +0,0 @@ -{{ ansible_managed | comment }} -# This is a configuration file for Zabbix Agent 2 -# To get more information about Zabbix, visit http://www.zabbix.com - -# This configuration file is "minimalized", which means all the original comments -# are removed. The full documentation for your Zabbix Agent 2 can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }} - - -{% if ansible_os_family == "Windows" %} -LogFile={{ zabbix_agent2_win_logfile }} -{% else %} -LogFile={{ zabbix_agent2_logfile }} -{% endif %} - - - -{% if zabbix_agent2_enablepersistentbuffer is defined and zabbix_agent2_enablepersistentbuffer %} -EnablePersistentBuffer={{ zabbix_agent2_enablepersistentbuffer }} -{% endif %} - -{% if ansible_os_family == "Windows" %} -Include={{ zabbix_agent_win_include }} -{% else %} -Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }} -{% endif %} -{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %} -{% for include in zabbix_agent2_additional_include %} -Include={{ include }} -{% endfor %} -{% endif %} - - -{% if zabbix_agent2_plugins is defined and zabbix_agent2_plugins is iterable %} -{% for entry in zabbix_agent2_plugins %} -{% set my_name = entry['name'] %} -{% for property in entry['options'] %} -{% set param = property['parameter'] %} -{% set value = property['value'] %} -Plugins.{{ my_name }}.{{ param }}={{ value }} -{% endfor %} -{% endfor %} -{% endif %} - diff --git a/roles/zabbix_agent/templates/zabbix_agentd.conf.j2_ b/roles/zabbix_agent/templates/zabbix_agentd.conf.j2_ deleted file mode 100644 index 8e923ecc1..000000000 --- a/roles/zabbix_agent/templates/zabbix_agentd.conf.j2_ +++ /dev/null @@ -1,44 +0,0 @@ -{{ ansible_managed | comment }} -# This is a configuration file for Zabbix Agent -# To get more information about Zabbix, visit http://www.zabbix.com - -# This configuration file is "minimalized", which means all the original comments -# are removed. The full documentation for your Zabbix Agent can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }} - - - -{% if ansible_os_family == "Windows" %} -LogFile={{ zabbix_agent_win_logfile }} -{% else %} -LogFile={{ zabbix_agent_logfile }} -{% endif %} - -{% if zabbix_agent_version is version('6.0', '<=') %} -{% else %} - - - - - - - -{% if ansible_os_family == "Windows" %} -Include={{ zabbix_agent_win_include }} -{% else %} -Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }} -{% endif %} -{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %} -{% for include in zabbix_agent_additional_include %} -Include={{ include }} -{% endfor %} -{% endif %} -{% if zabbix_agent_version is version_compare('2.2', '>=') %} - -{% endif %} - -{% if zabbix_agent_version is version_compare('3.0', '>=') %} - - -{% endif %} - diff --git a/roles/zabbix_agent/vars/agent2_vars.yml b/roles/zabbix_agent/vars/agent2_vars.yml index c0c482607..8c03fa23b 100644 --- a/roles/zabbix_agent/vars/agent2_vars.yml +++ b/roles/zabbix_agent/vars/agent2_vars.yml @@ -1,18 +1,7 @@ _pidfile: /var/run/zabbix/zabbix_agent2.pid -_logtype: file _logfile: /var/log/zabbix/zabbix_agent2.log -_logfilesize: 100 -_debuglevel: 3 _include: /etc/zabbix/zabbix_agent2.d -_listenport: 10050 _tls_subject: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression -_tlspsk_auto: false -_hostname: "{{ inventory_hostname }}" -_include_mode: "0750" -_unsafeuserparameters: 0 -_buffersend: 5 -_buffersize: 100 -_refreshactivechecks: 120 _win_package: zabbix_agent2-{{ zabbix_version_long }}-windows-amd64-openssl-static.zip _win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix2_win_package }}" _win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agent2.log" diff --git a/roles/zabbix_agent/vars/agent_vars.yml b/roles/zabbix_agent/vars/agent_vars.yml index 1e129d0c6..c37a5ecc3 100644 --- a/roles/zabbix_agent/vars/agent_vars.yml +++ b/roles/zabbix_agent/vars/agent_vars.yml @@ -1,18 +1,7 @@ _pidfile: /var/run/zabbix/zabbix_agentd.pid -_logtype: file _logfile: /var/log/zabbix/zabbix_agentd.log -_logfilesize: 100 -_debuglevel: 3 _include: /etc/zabbix/zabbix_agentd.d -_listenport: 10050 _tls_subject: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression -_tlspsk_auto: false -_hostname: "{{ inventory_hostname }}" -_include_mode: "0750" -_unsafeuserparameters: 0 -_buffersend: 5 -_buffersize: 100 -_refreshactivechecks: 120 _win_package: zabbix_agent-{{ zabbix_version_long }}-windows-amd64-openssl.zip _win_download_link: "{{ zabbix_win_download_url }}/{{ zabbix_version_long | regex_search('^\\d+\\.\\d+') }}/{{ zabbix_version_long }}/{{ zabbix_win_package }}" _win_logfile: "{{ zabbix_win_install_dir }}\\zabbix_agentd.log"