Update to 2020-07-28 12:00

master
Daniel Berteaud 4 years ago
parent 592e3d1a37
commit b19c5f776c
  1. 28
      roles/zabbix_agent/defaults/main.yml
  2. 13
      roles/zabbix_agent/tasks/psk.yml
  3. 2
      roles/zabbix_agent/tasks/selinux.yml
  4. 16
      roles/zabbix_agent/templates/zabbix_agentd.conf.j2

@ -1,8 +1,30 @@
--- ---
zabbix_agent_servers: [ '212.129.1.224' ] zabbix_agent_port: 10050
zabbix_agent_encryption: psk # List of servers allowed to connect to the agent (passive checks)
zabbix_agent_port: '10050' zabbix_agent_servers:
- 51.91.175.34
# List of IP allowed to access TCP port 10050
zabbix_agent_src_ip: "{{ zabbix_agent_servers }}" zabbix_agent_src_ip: "{{ zabbix_agent_servers }}"
# List of servers the agent will push active checks to
zabbix_agent_server_active: []
zabbix_agent_base_conf:
PidFile: /var/run/zabbix/zabbix_agentd.pid
LogType: system
Server: "{{ zabbix_agent_servers | join(',') }}"
ListenPort: "{{ zabbix_agent_port }}"
ServerActive: "{{ zabbix_agent_server_active | join(',') }}"
HostnameItem: 'system.hostname'
Timeout: 30
Include: '/etc/zabbix/zabbix_agentd.conf.d/*.conf'
TLSPSKFile: '/etc/zabbix/zabbix_agentd.psk'
TLSPSKIdentity: "{{ inventory_hostname }}-agent"
TLSConnect: psk
TLSAccept: 'unencrypted,psk'
StartAgents: 5
zabbix_agent_extra_conf: {}
zabbix_agent_conf: "{{ zabbix_agent_base_conf | combine(zabbix_agent_extra_conf, recursive=True) }}"
# If update is set to False, the role will only ensure packages are installed # If update is set to False, the role will only ensure packages are installed
# If set to True, it will update components to their latest version # If set to True, it will update components to their latest version
zabbix_agent_update: False zabbix_agent_update: False

@ -1,21 +1,12 @@
--- ---
- name: Check if a TLS PSK key exists
stat: path=/etc/zabbix/zabbix_agentd.psk
register: zbx_psk
tags: zabbix
- name: Generate random PSK key for TLS encryption - name: Generate random PSK key for TLS encryption
shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
when: args:
- not zbx_psk.stat.exists creates: /etc/zabbix/zabbix_agentd.psk
- zabbix_agent_encryption == "psk"
tags: zabbix tags: zabbix
- name: Restrict permission on PSK file - name: Restrict permission on PSK file
file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640 file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640
when:
- not zbx_psk.stat.exists
- zabbix_agent_encryption == "psk"
tags: zabbix tags: zabbix

@ -6,7 +6,7 @@
- name: Allow Zabbix to use sudo - name: Allow Zabbix to use sudo
seboolean: name={{ item }} state=True persistent=True seboolean: name={{ item }} state=True persistent=True
with_items: loop:
- zabbix_run_sudo - zabbix_run_sudo
when: ansible_distribution != 'CentOS' or ansible_distribution_version | default(0) is version('7.6', '>=') # This bool is only available for CentOS 7.6.1810 or newer when: ansible_distribution != 'CentOS' or ansible_distribution_version | default(0) is version('7.6', '>=') # This bool is only available for CentOS 7.6.1810 or newer
tags: zabbix tags: zabbix

@ -1,13 +1,3 @@
PidFile=/var/run/zabbix/zabbix_agentd.pid {% for key in zabbix_agent_conf.keys() | list %}
Server={{ zabbix_agent_servers | join(',') }} {{ key }}={{ zabbix_agent_conf[key] }}
ServerActive= {% endfor %}
HostnameItem=system.hostname
Timeout=30
LogType=system
Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf
{% if zabbix_agent_encryption == "psk" %}
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
TLSPSKIdentity={{ inventory_hostname }}-agent
TLSConnect=psk
TLSAccept=unencrypted,psk
{% endif %}

Loading…
Cancel
Save