Update to 2020-07-28 12:00

roles/zabbix_agent/defaults/main.yml

@@ -1,8 +1,30 @@
 ---
-zabbix_agent_servers: [ '212.129.1.224' ]
+zabbix_agent_port: 10050
-zabbix_agent_encryption: psk
+# List of servers allowed to connect to the agent (passive checks)
-zabbix_agent_port: '10050'
+zabbix_agent_servers:
+  - 51.91.175.34
+# List of IP allowed to access TCP port 10050
 zabbix_agent_src_ip: "{{ zabbix_agent_servers }}"
+# List of servers the agent will push active checks to
+zabbix_agent_server_active: []
+
+zabbix_agent_base_conf:
+  PidFile: /var/run/zabbix/zabbix_agentd.pid
+  LogType: system
+  Server: "{{ zabbix_agent_servers | join(',') }}"
+  ListenPort: "{{ zabbix_agent_port }}"
+  ServerActive: "{{ zabbix_agent_server_active | join(',') }}"
+  HostnameItem: 'system.hostname'
+  Timeout: 30
+  Include: '/etc/zabbix/zabbix_agentd.conf.d/*.conf'
+  TLSPSKFile: '/etc/zabbix/zabbix_agentd.psk'
+  TLSPSKIdentity: "{{ inventory_hostname }}-agent"
+  TLSConnect: psk
+  TLSAccept: 'unencrypted,psk'
+  StartAgents: 5
+zabbix_agent_extra_conf: {}
+zabbix_agent_conf: "{{ zabbix_agent_base_conf | combine(zabbix_agent_extra_conf, recursive=True) }}"
+
 # If update is set to False, the role will only ensure packages are installed
 # If set to True, it will update components to their latest version
 zabbix_agent_update: False

roles/zabbix_agent/tasks/psk.yml

@@ -1,21 +1,12 @@
 ---
 
-- name: Check if a TLS PSK key exists
-  stat: path=/etc/zabbix/zabbix_agentd.psk
-  register: zbx_psk
-  tags: zabbix
-
 - name: Generate random PSK key for TLS encryption
   shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
-  when:
+  args:
-    - not zbx_psk.stat.exists
+    creates: /etc/zabbix/zabbix_agentd.psk
-    - zabbix_agent_encryption == "psk"
   tags: zabbix
 
 - name: Restrict permission on PSK file
   file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640
-  when:
-    - not zbx_psk.stat.exists
-    - zabbix_agent_encryption == "psk"
   tags: zabbix
 

roles/zabbix_agent/tasks/selinux.yml

@@ -6,7 +6,7 @@
 
 - name: Allow Zabbix to use sudo
   seboolean: name={{ item }} state=True persistent=True
-  with_items:
+  loop:
     - zabbix_run_sudo
   when: ansible_distribution != 'CentOS' or ansible_distribution_version | default(0) is version('7.6', '>=') # This bool is only available for CentOS 7.6.1810 or newer
   tags: zabbix

roles/zabbix_agent/templates/zabbix_agentd.conf.j2

@@ -1,13 +1,3 @@
-PidFile=/var/run/zabbix/zabbix_agentd.pid
+{% for key in zabbix_agent_conf.keys() | list %}
-Server={{ zabbix_agent_servers | join(',') }}
+{{ key }}={{ zabbix_agent_conf[key] }}
-ServerActive=
+{% endfor %}
-HostnameItem=system.hostname
-Timeout=30
-LogType=system
-Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf
-{% if zabbix_agent_encryption == "psk" %}
-TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
-TLSPSKIdentity={{ inventory_hostname }}-agent
-TLSConnect=psk
-TLSAccept=unencrypted,psk
-{% endif %}