Update to 2020-07-28 12:00

4 years ago · b19c5f776c
parent 592e3d1a37
commit b19c5f776c
4 changed files with 31 additions and 28 deletions
--- a/roles/zabbix_agent/defaults/main.yml
+++ b/roles/zabbix_agent/defaults/main.yml
@ -1,8 +1,30 @@
 ---
-zabbix_agent_servers: [ '212.129.1.224' ]
-zabbix_agent_encryption: psk
-zabbix_agent_port: '10050'
+zabbix_agent_port: 10050
+# List of servers allowed to connect to the agent (passive checks)
+zabbix_agent_servers:
+  - 51.91.175.34
+# List of IP allowed to access TCP port 10050
 zabbix_agent_src_ip: "{{ zabbix_agent_servers }}"
+# List of servers the agent will push active checks to
+zabbix_agent_server_active: []
+
+zabbix_agent_base_conf:
+  PidFile: /var/run/zabbix/zabbix_agentd.pid
+  LogType: system
+  Server: "{{ zabbix_agent_servers | join(',') }}"
+  ListenPort: "{{ zabbix_agent_port }}"
+  ServerActive: "{{ zabbix_agent_server_active | join(',') }}"
+  HostnameItem: 'system.hostname'
+  Timeout: 30
+  Include: '/etc/zabbix/zabbix_agentd.conf.d/*.conf'
+  TLSPSKFile: '/etc/zabbix/zabbix_agentd.psk'
+  TLSPSKIdentity: "{{ inventory_hostname }}-agent"
+  TLSConnect: psk
+  TLSAccept: 'unencrypted,psk'
+  StartAgents: 5
+zabbix_agent_extra_conf: {}
+zabbix_agent_conf: "{{ zabbix_agent_base_conf | combine(zabbix_agent_extra_conf, recursive=True) }}"
+
 # If update is set to False, the role will only ensure packages are installed
 # If set to True, it will update components to their latest version
 zabbix_agent_update: False
--- a/roles/zabbix_agent/tasks/psk.yml
+++ b/roles/zabbix_agent/tasks/psk.yml
@ -1,21 +1,12 @@
 ---

- name: Check if a TLS PSK key exists
-  stat: path=/etc/zabbix/zabbix_agentd.psk
-  register: zbx_psk
-  tags: zabbix
-
 - name: Generate random PSK key for TLS encryption
  shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
-  when:
-    - not zbx_psk.stat.exists
-    - zabbix_agent_encryption == "psk"
+  args:
+    creates: /etc/zabbix/zabbix_agentd.psk
  tags: zabbix

 - name: Restrict permission on PSK file
  file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640
-  when:
-    - not zbx_psk.stat.exists
-    - zabbix_agent_encryption == "psk"
  tags: zabbix

--- a/roles/zabbix_agent/tasks/selinux.yml
+++ b/roles/zabbix_agent/tasks/selinux.yml
@ -6,7 +6,7 @@

 - name: Allow Zabbix to use sudo
  seboolean: name={{ item }} state=True persistent=True
-  with_items:
+  loop:
    - zabbix_run_sudo
  when: ansible_distribution != 'CentOS' or ansible_distribution_version | default(0) is version('7.6', '>=') # This bool is only available for CentOS 7.6.1810 or newer
  tags: zabbix
--- a/roles/zabbix_agent/templates/zabbix_agentd.conf.j2
+++ b/roles/zabbix_agent/templates/zabbix_agentd.conf.j2
@ -1,13 +1,3 @@
-PidFile=/var/run/zabbix/zabbix_agentd.pid
-Server={{ zabbix_agent_servers | join(',') }}
-ServerActive=
-HostnameItem=system.hostname
-Timeout=30
-LogType=system
-Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf
-{% if zabbix_agent_encryption == "psk" %}
-TLSPSKFile=/etc/zabbix/zabbix_agentd.psk
-TLSPSKIdentity={{ inventory_hostname }}-agent
-TLSConnect=psk
-TLSAccept=unencrypted,psk
-{% endif %}
+{% for key in zabbix_agent_conf.keys() | list %}
+{{ key }}={{ zabbix_agent_conf[key] }}
+{% endfor %}