install zabbix agent in the baseline
This commit is contained in:
parent
c7a3cb40e9
commit
1df77aa74d
7 changed files with 67 additions and 0 deletions
2
group_vars/all/zabbix.yml
Normal file
2
group_vars/all/zabbix.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
zabbix_server: "{{ lookup('file', 'passwords/zabbix_server') }}"
|
||||
zabbix_psk: "{{ lookup('file', 'passwords/zabbix_psk') }}"
|
||||
1
roles/baseline/files/zabbix-sudoers
Normal file
1
roles/baseline/files/zabbix-sudoers
Normal file
|
|
@ -0,0 +1 @@
|
|||
zabbix ALL=(ALL) NOPASSWD: /usr/sbin/smartctl
|
||||
|
|
@ -6,3 +6,8 @@
|
|||
ansible.builtin.systemd:
|
||||
name: ssh
|
||||
state: restarted
|
||||
|
||||
- name: Restart zabbix-agent2
|
||||
ansible.builtin.service:
|
||||
name: zabbix-agent2
|
||||
state: restarted
|
||||
|
|
|
|||
|
|
@ -7,5 +7,8 @@
|
|||
- name: Manage root user
|
||||
ansible.builtin.import_tasks: rootuser.yml
|
||||
|
||||
- name: Get zabbix agent installed
|
||||
ansible.builtin.import_tasks: zabbix.yml
|
||||
|
||||
- name: Ensure handlers have ran
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
|
|
|||
41
roles/baseline/tasks/zabbix.yml
Normal file
41
roles/baseline/tasks/zabbix.yml
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
- name: Install zabbix related packages
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- zabbix-agent2
|
||||
# To monitor our physical disks health, not needed for vm's.
|
||||
- smartmontools
|
||||
|
||||
- name: Zabbix firewall
|
||||
ansible.builtin.template:
|
||||
dest: /etc/firewall.d/zabbix
|
||||
group: root
|
||||
owner: root
|
||||
mode: "0755"
|
||||
src: zabbix-firewall.j2
|
||||
notify: Restart firewall
|
||||
|
||||
- name: Write psk file
|
||||
ansible.builtin.copy:
|
||||
content: "{{ zabbix_psk }}\n"
|
||||
dest: /etc/zabbix/zabbix.psk
|
||||
group: root
|
||||
owner: root
|
||||
mode: "0644"
|
||||
notify: Restart zabbix-agent2
|
||||
|
||||
- name: Zabbix agent config file
|
||||
ansible.builtin.template:
|
||||
dest: /etc/zabbix/zabbix_agent2.d/ansible.conf
|
||||
group: root
|
||||
owner: root
|
||||
mode: "0644"
|
||||
src: zabbix-agent.j2
|
||||
notify: Restart zabbix-agent2
|
||||
|
||||
- name: Zabbix sudoers file
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/sudoers.d/zabbix
|
||||
group: root
|
||||
owner: root
|
||||
mode: "0644"
|
||||
src: zabbix-sudoers
|
||||
10
roles/baseline/templates/zabbix-agent.j2
Normal file
10
roles/baseline/templates/zabbix-agent.j2
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
Server={{ zabbix_server }}
|
||||
ServerActive=
|
||||
|
||||
TLSConnect=psk
|
||||
TLSAccept=psk
|
||||
TLSPSKFile=/etc/zabbix/zabbix.psk
|
||||
TLSPSKIdentity={{ inventory_hostname }}
|
||||
|
||||
|
||||
UserParameter=smartctl.health[*],sudo /usr/sbin/smartctl -H /dev/$1 | grep 'overall-health' | awk '{print $NF}'
|
||||
5
roles/baseline/templates/zabbix-firewall.j2
Normal file
5
roles/baseline/templates/zabbix-firewall.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zabbix agent firewall
|
||||
|
||||
iptables -A INPUT -p tcp -s {{ zabbix_server }} --dport 10050 -j ACCEPT
|
||||
Loading…
Add table
Add a link
Reference in a new issue