main.yml

---

- name: install packages
  pacman: name=zabbix-agent,python-dbus,perl-json,arch-audit

- name: install packages for borg monitoring
  pacman: name=perl-json
  when: "'borg-clients' in group_names"

- name: install packages for nginx monitoring
  pacman: name=perl-json,perl-clone,perl-statistics-descriptive
  when: "'nginx' in group_names"

- name: install mysql userstats monitoring packages
  pacman: name=perl-dbi,perl-dbd-mysql,perl-json
  when: "'mysql-servers' in group_names"

- file: path=/etc/zabbix state=directory owner=root group=root mode=755

- name: create host PSK
  shell: umask 077; openssl rand -hex 64 > /etc/zabbix/zabbix_agentd.psk creates=/etc/zabbix/zabbix_agentd.psk

- name: fix permissions of PSK file
  file: path=/etc/zabbix/zabbix_agentd.psk owner=zabbix-agent group=zabbix-agent mode=600

- name: fetch PSK
  command: cat /etc/zabbix/zabbix_agentd.psk
  check_mode: no
  register: zabbix_agent_psk

- name: Set host config in zabbix
  local_action:
    module: zabbix_host
    server_url: "https://{{zabbix_agent_server}}"
    login_user: "{{vault_zabbix_admin_user}}"
    login_password: "{{vault_zabbix_admin_password}}"
    host_name: "{{inventory_hostname}}"
    visible_name: "{{inventory_hostname}}"
    link_templates: "{{zabbix_agent_templates}}"
    status: enabled
    state: present
    inventory_mode: disabled
    interfaces:
      - type: 1
        main: 1
        useip: "{{zabbix_agent_useip}}"
        ip: "{{zabbix_agent_ip}}"
        dns: "{{inventory_hostname}}"
        port: 10050
    tls_psk_identity: "PSK{{inventory_hostname}}"
    tls_accept: 2
    tls_connect: 2
    tls_psk: "{{zabbix_agent_psk.stdout}}"

- name: install agent config
  template: src=zabbix_agentd.conf dest=/etc/zabbix/zabbix_agentd.conf owner=zabbix-agent group=zabbix-agent mode=600
  notify:
    - restart zabbix agent

- name: Create mysql config for agent checks
  template: src=my.cnf.j2 dest=/etc/zabbix/zabbix_agentd.my.cnf owner=zabbix-agent group=zabbix-agent mode=600
  when: zabbix_agent_mysql_user is defined

- name: Install helper scripts
  copy: src={{item}} dest=/usr/local/bin/{{item}} mode=0755 owner=root group=root
  with_items:
    - systemd-units-failed.py
    - mysql-user-stats.pl
    - systemd-discover-accounting-units.py
    - zabbix-borg-timestamps.pl
    - mysql-dbsize-stats.pl

- name: Install helper scripts
  copy: src=nginx-zabbix.pl dest=/usr/local/bin/nginx-zabbix.pl mode=0755 owner=root group=root
  notify:
    - restart nginx-zabbix.service
  when: "'nginx' in group_names"

- name: install sudo config
  template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers

- name: copy nginx-zabbix.service
  copy: src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644
  notify:
    - restart nginx-zabbix.service
  when: "'nginx' in group_names"

- name: start nginx-zabbix.service
  service: name=nginx-zabbix.service enabled=yes state=started
  when: "'nginx' in group_names"

- name: run zabbix agent service
  service: name=zabbix-agent enabled=yes state=started

- name: open firewall holes
  firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
  when: configure_firewall
  tags:
    - firewall