Project

General

Profile

Statistics
| Branch: | Revision:

ansible-role-zabbix / tasks / _agent.yml @ 848bda6e

History | View | Annotate | Download (3 KB)

1
---
2

    
3
- name: Install Zabbix Agent
4
  package:
5
    name: zabbix-agent
6
    default_release: stretch-backports
7
    state: present
8
  when: ansible_os_family == "Debian"
9

    
10
# we absolutely need Zabbix >=3.0 to get TLS support
11
- name: Install Zabbix Upstream Repository configuration
12
  yum:
13
    name: http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm
14
  when: ansible_distribution == 'CentOS'
15

    
16
- name: Install Zabbix Agent
17
  package:
18
    name: zabbix-agent
19
    state: present
20
  when: ansible_os_family == "RedHat"
21

    
22
- name: Add symlink to the real configuration file on RedHat systems
23
  file:
24
    state: link
25
    src: /etc/zabbix/zabbix_agentd.conf
26
    dest: /etc/zabbix_agentd.conf
27
    force: yes
28
  when: ansible_os_family == "RedHat"
29
  notify: Restart Zabbix Agent
30

    
31
- name: Create configuration fragments directory
32
  file:
33
    path: /etc/zabbix/zabbix_agentd.conf.d
34
    state: directory
35

    
36
# contains unwanted default
37
# also having one single directory simplifies this role
38
- name: Remove configuration fragments directory used by RedHat systems
39
  file:
40
    path: /etc/zabbix/zabbix_agentd.d
41
    state: absent
42

    
43
- import_tasks: _install_certs.yml
44
  vars:
45
    cert_type: agent
46
    ca_path: '{{ tls.ca_path }}'
47
    cert_path: '{{ agent.tls.cert_path }}'
48
    cert_key_path: '{{ agent.tls.key_path }}'
49

    
50
- name: Install Zabbix Agent Main Config
51
  template:
52
    src: "zabbix_agentd.conf"
53
    dest: "/etc/zabbix/zabbix_agentd.conf"
54
    owner: "root"
55
    group: "root"
56
  notify: Restart Zabbix Agent
57

    
58

    
59
- name: Give Rights on logs to Zabbix User
60
  user:
61
    name: "zabbix"
62
    groups: "adm"
63
    append: yes
64
  notify: Restart Zabbix Agent
65

    
66
- name: "Give extra Rights to Zabbix User"
67
  user:
68
    name: "zabbix"
69
    groups: "{{ special_group }}"
70
    append: yes
71
  # Duck: I asked Arnau if we could have this setting, but not sure if it can work properly in a LXC
72
  when: special_group is defined and (ansible_virtualization_role != "guest" or ansible_virtualization_type != "lxc")
73
  notify: Restart Zabbix Agent
74

    
75

    
76
- name: Allow collect scripts to run with higher privilege
77
  copy:
78
    src: zabbix.sudoers
79
    dest: /etc/sudoers.d/zabbix
80
    owner: root
81
    group: root
82
    mode: 0644
83
    validate: "visudo -cf %s"
84

    
85
- name: Allow the Agent to use sudo
86
  seboolean:
87
    name: zabbix_run_sudo
88
    state: yes
89
    persistent: yes
90
  when: (ansible_distribution == 'Fedora' and ansible_distribution_major_version >= '28') or (ansible_distribution == "CentOS" and ansible_distribution_version is version_compare('7.5', '>='))
91

    
92
- name: Ensure the Agent can poll anything needed (aka SELinux is too restrictive)
93
  selinux_permissive:
94
    domain: zabbix_agent_t
95
    permissive: True
96
  notify: Restart Zabbix Agent
97
  when: ansible_selinux.status == "enabled"
98

    
99

    
100
- name: Open firewall (firewalld)
101
  firewalld:
102
    port: "10050/tcp"
103
    permanent: true
104
    state: enabled
105
    immediate: yes
106
  when: manage_firewall and ((ansible_distribution == 'Fedora') or (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7') or (ansible_os_family == "Debian"))
107