install zabbix agent in the baseline
This commit is contained in:
parent
c7a3cb40e9
commit
1df77aa74d
7 changed files with 67 additions and 0 deletions
2
group_vars/all/zabbix.yml
Normal file
2
group_vars/all/zabbix.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
zabbix_server: "{{ lookup('file', 'passwords/zabbix_server') }}"
|
||||||
|
zabbix_psk: "{{ lookup('file', 'passwords/zabbix_psk') }}"
|
||||||
1
roles/baseline/files/zabbix-sudoers
Normal file
1
roles/baseline/files/zabbix-sudoers
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl
|
||||||
|
|
@ -6,3 +6,8 @@
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: ssh
|
name: ssh
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart zabbix-agent2
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: zabbix-agent2
|
||||||
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -7,5 +7,8 @@
|
||||||
- name: Manage root user
|
- name: Manage root user
|
||||||
ansible.builtin.import_tasks: rootuser.yml
|
ansible.builtin.import_tasks: rootuser.yml
|
||||||
|
|
||||||
|
- name: Get zabbix agent installed
|
||||||
|
ansible.builtin.import_tasks: zabbix.yml
|
||||||
|
|
||||||
- name: Ensure handlers have ran
|
- name: Ensure handlers have ran
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
|
||||||
41
roles/baseline/tasks/zabbix.yml
Normal file
41
roles/baseline/tasks/zabbix.yml
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
- name: Install zabbix related packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- zabbix-agent2
|
||||||
|
# To monitor our physical disks health, not needed for vm's.
|
||||||
|
- smartmontools
|
||||||
|
|
||||||
|
- name: Zabbix firewall
|
||||||
|
ansible.builtin.template:
|
||||||
|
dest: /etc/firewall.d/zabbix
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
mode: "0755"
|
||||||
|
src: zabbix-firewall.j2
|
||||||
|
notify: Restart firewall
|
||||||
|
|
||||||
|
- name: Write psk file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: "{{ zabbix_psk }}\n"
|
||||||
|
dest: /etc/zabbix/zabbix.psk
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart zabbix-agent2
|
||||||
|
|
||||||
|
- name: Zabbix agent config file
|
||||||
|
ansible.builtin.template:
|
||||||
|
dest: /etc/zabbix/zabbix_agent2.d/ansible.conf
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
mode: "0644"
|
||||||
|
src: zabbix-agent.j2
|
||||||
|
notify: Restart zabbix-agent2
|
||||||
|
|
||||||
|
- name: Zabbix sudoers file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /etc/sudoers.d/zabbix
|
||||||
|
group: root
|
||||||
|
owner: root
|
||||||
|
mode: "0644"
|
||||||
|
src: zabbix-sudoers
|
||||||
10
roles/baseline/templates/zabbix-agent.j2
Normal file
10
roles/baseline/templates/zabbix-agent.j2
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
Server={{ zabbix_server }}
|
||||||
|
ServerActive=
|
||||||
|
|
||||||
|
TLSConnect=psk
|
||||||
|
TLSAccept=psk
|
||||||
|
TLSPSKFile=/etc/zabbix/zabbix.psk
|
||||||
|
TLSPSKIdentity={{ inventory_hostname }}
|
||||||
|
|
||||||
|
|
||||||
|
UserParameter=smartctl.health[*],sudo /usr/sbin/smartctl -H /dev/$1 | grep 'overall-health' | awk '{print $NF}'
|
||||||
5
roles/baseline/templates/zabbix-firewall.j2
Normal file
5
roles/baseline/templates/zabbix-firewall.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Zabbix agent firewall
|
||||||
|
|
||||||
|
iptables -A INPUT -p tcp -s {{ zabbix_server }} --dport 10050 -j ACCEPT
|
||||||
Loading…
Add table
Add a link
Reference in a new issue