Update to 2021-12-01 19:13

2025-10-31 10:51:27 +01:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/zabbix_agent/tasks/conf.yml
+++ b/roles/zabbix_agent/tasks/conf.yml
@@ -0,0 +1,17 @@
+---
+- name: Deploy Zabbix Agent configuration
+  template: src=zabbix_agentd.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf
+  notify: restart zabbix-agent
+  tags: zabbix
+
+- name: Detect if vfs.dev.discovery is supported natively
+  shell: zabbix_agentd -t vfs.dev.discovery -c /dev/null | grep -q ZBX_NOTSUPPORTED
+  register: zabbix_dev_disco
+  failed_when: False
+  changed_when: False
+  tags: zabbix
+
+- name: Handle block dev discovery config
+  template: src=block_devices.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf.d/block_devices.conf
+  notify: restart zabbix-agent
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/facts.yml
+++ b/roles/zabbix_agent/tasks/facts.yml
@@ -0,0 +1,9 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/install_Debian.yml
+++ b/roles/zabbix_agent/tasks/install_Debian.yml
@@ -0,0 +1,60 @@
+---
+
+- name: Install agent and dependencies
+  apt:
+    name: "{{ zabbix_agent_packages }}"
+    state: "{{ zabbix_agent_update | ternary('latest','present') }}"
+    policy_rc_d: 101 # Prevent the daemon from starting automatically after install
+  tags: zabbix
+
+- name: Create needed directories
+  file: path={{ item }} state=directory
+  with_items:
+    - /etc/zabbix/zabbix_agentd.conf.d
+    - /var/lib/zabbix/bin
+    - /var/lib/zabbix/addons
+    - /usr/local/lib/site_perl/Zabbix/Agent/Addons
+  tags: zabbix
+
+- name: Checkout Addons script
+  git:
+    repo: https://git.fws.fr/fws/zabbix-agent-addons.git
+    dest: /var/lib/zabbix/addons
+  environment:
+    - https_proxy: "{{ system_proxy | default('') }}"
+  register: zabbix_agent_addons_git
+  notify: restart zabbix-agent
+  tags: zabbix
+
+- name: Install addons
+  shell: cp -af /var/lib/zabbix/addons/{{ item.src }}/* {{ item.dest }}/
+  with_items:
+    - src: zabbix_conf
+      dest: /etc/zabbix/zabbix_agentd.conf.d
+    - src: zabbix_scripts
+      dest: /var/lib/zabbix/bin
+    - src: lib
+      dest: /usr/local/lib/site_perl
+  when: zabbix_agent_addons_git.changed
+  tags: zabbix
+
+- name: Set permissions on Addons Scripts
+  shell: chmod +x /var/lib/zabbix/bin/*
+  args:
+    warn: False
+  when: zabbix_agent_addons_git.changed
+  tags: zabbix
+
+- name: Install sudo fragment
+  shell: cp -af /var/lib/zabbix/addons/conf/sudo.conf /etc/sudoers.d/zabbix_agent && chmod 600 /etc/sudoers.d/zabbix_agent
+  when: zabbix_agent_addons_git.changed
+  tags: zabbix
+
+- name: Don't log pam's sudo session for zabbix
+  lineinfile:
+    path: /etc/pam.d/sudo
+    regexp: '^session.*ruser\s?=\s?zabbix.*'
+    line: 'session [success=1 default=ignore] pam_succeed_if.so quiet uid = 0 ruser = zabbix'
+    insertbefore: '^@include\scommon-session-noninteractive'
+    state: present
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/install_RedHat.yml
+++ b/roles/zabbix_agent/tasks/install_RedHat.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Install Zabbix Agent and additional scripts
+  yum:
+    name: "{{ zabbix_agent_packages }}"
+    state: "{{ zabbix_agent_update | ternary('latest','present') }}"
+  notify: restart zabbix-agent
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/iptables.yml
+++ b/roles/zabbix_agent/tasks/iptables.yml
@@ -0,0 +1,8 @@
+---
+- name: Handle Zabbix Agent port
+  iptables_raw:
+    name: zabbix_agent_port
+    state: "{{ (zabbix_agent_src_ip | length > 0) | ternary('present', 'absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_agent_port }} -s {{ zabbix_agent_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/main.yml
+++ b/roles/zabbix_agent/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+
+- include: facts.yml
+- include: install_{{ ansible_os_family }}.yml
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+- include: conf.yml
+- include: psk.yml
+- include: sensors.yml
+- include: iptables.yml
+- include: service.yml
--- a/roles/zabbix_agent/tasks/psk.yml
+++ b/roles/zabbix_agent/tasks/psk.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Generate random PSK key for TLS encryption
+  shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
+  args:
+    creates: /etc/zabbix/zabbix_agentd.psk
+  tags: zabbix
+
+- name: Restrict permission on PSK file
+  file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640
+  tags: zabbix
+
--- a/roles/zabbix_agent/tasks/selinux.yml
+++ b/roles/zabbix_agent/tasks/selinux.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Relaxe SELinux restrictions for Zabbix Agent
+  selinux_permissive: name=zabbix_agent_t permissive=True
+  tags: zabbix
+
+- name: Allow Zabbix to use sudo
+  seboolean: name={{ item }} state=True persistent=True
+  loop:
+    - zabbix_run_sudo
+  when: ansible_distribution != 'CentOS' or ansible_distribution_version | default(0) is version('7.6', '>=') # This bool is only available for CentOS 7.6.1810 or newer
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/sensors.yml
+++ b/roles/zabbix_agent/tasks/sensors.yml
@@ -0,0 +1,26 @@
+---
+- include: sensors_{{ ansible_os_family }}.yml
+
+- name: Check if hardware sensors should be detected
+  stat: path=/etc/zabbix/sensors.ini
+  register: zbx_hw_sensors
+  tags: zabbix
+
+- set_fact: zbx_conf_sensors={{ (ansible_virtualization_role != "guest" and (not zbx_hw_sensors.stat.exists or zbx_hw_sensors.stat.checksum == "4112359dc054a50d8ee2fcf03fb97ad6c7401533")) | ternary(True, False) }}
+  tags: zabbix
+
+- name: Detect hardware sensors (please review /etc/zabbix/sensors.ini to set thresholds)
+  command: "/var/lib/zabbix/bin/util_generate_sensors_ini -o /etc/zabbix/sensors.ini"
+  when: zbx_conf_sensors
+  tags: zabbix
+
+- name: Retrieve hardware sensors configuration
+  fetch: src=/etc/zabbix/sensors.ini dest=config fail_on_missing=yes
+  when: zbx_conf_sensors
+  tags: zabbix
+
+- name: Update hardware sensors configuration
+  copy: src=config/{{ inventory_hostname }}/etc/zabbix/sensors.ini dest=/etc/zabbix/sensors.ini
+  when: ansible_virtualization_role != "guest" and zbx_hw_sensors.stat.exists
+  tags: zabbix
+
--- a/roles/zabbix_agent/tasks/sensors_Debian.yml
+++ b/roles/zabbix_agent/tasks/sensors_Debian.yml
@@ -0,0 +1,42 @@
+---
+
+- name: Install hardware sensors support
+  apt:
+    name:
+      - smartmontools
+      - lm-sensors
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Check if lm-sensors is configured
+  stat: path=/etc/sysconfig/lm_sensors
+  register: lm_sensors
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Check if there's an ipmi controler
+  stat: path=/dev/ipmi0
+  register: zabbix_ipmi
+  tags: zabbix
+
+- name: Install ipmi support
+  apt:
+    name:
+      - openipmi
+      - ipmitool
+  when:
+    - ansible_virtualization_role != "guest"
+    - zabbix_ipmi.stat.exists
+  tags: zabbix
+
+- name: Start and enable lm_sensors service
+  service: name=lm-sensors state=started enabled=yes
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Start and enable ipmi service
+  service: name=ipmievd state=started enabled=yes
+  when:
+    - ansible_virtualization_role != "guest"
+    - zabbix_ipmi.stat.exists
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/sensors_RedHat.yml
+++ b/roles/zabbix_agent/tasks/sensors_RedHat.yml
@@ -0,0 +1,50 @@
+---
+
+- name: Install hardware sensors support
+  yum:
+    name:
+      - smartmontools
+      - lm_sensors
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Check if lm_sensors is configured
+  stat: path=/etc/sysconfig/lm_sensors
+  register: lm_sensors
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Configure lm_sensors
+  shell: "/sbin/sensors-detect < /dev/null"
+  # Configure only if /etc/sysconfig/lm_sensors doesn't exists or has been customized
+  when:
+    - ansible_virtualization_role != "guest"
+    - not lm_sensors.stat.exists or lm_sensors.stat.checksum == "c27ae43795d152a7fc7503c7109288e3fdc2207c"
+  tags: zabbix
+
+- name: Check if there's an ipmi controler
+  stat: path=/dev/ipmi0
+  register: zabbix_ipmi
+  tags: zabbix
+
+- name: Install ipmi support
+  yum:
+    name:
+      - OpenIPMI
+      - ipmitool
+  when:
+    - ansible_virtualization_role != "guest"
+    - zabbix_ipmi.stat.exists
+  tags: zabbix
+
+- name: Start and enable lm_sensors service
+  service: name=lm_sensors state=started enabled=yes
+  when: ansible_virtualization_role != "guest"
+  tags: zabbix
+
+- name: Start and enable ipmi service
+  service: name=ipmi state=started enabled=yes
+  when:
+    - ansible_virtualization_role != "guest"
+    - zabbix_ipmi.stat.exists
+  tags: zabbix
--- a/roles/zabbix_agent/tasks/service.yml
+++ b/roles/zabbix_agent/tasks/service.yml
@@ -0,0 +1,4 @@
+---
+- name: Start Zabbix Agent
+  service: name=zabbix-agent state=started enabled=True
+  tags: zabbix