Verified Commit 4366b9b0 authored by Florian Pritz's avatar Florian Pritz
Browse files

Manage zabbix host configuration via ansible



This currently deploys the same configuration we used to have apart from
some '127.0.0.1' IPs for the agent IP, but those were incorrect anyways.

Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent dcc26b26
$ANSIBLE_VAULT;1.1;AES256
36636132396234633434643932613839373739633135656364333063393332336461383535333131
3832326361306632396666346139396465333238323464340a386161393437326633633433626236
38663666313562646232303364656664333533653230613731353264656163343733333236626230
3836316233343664300a666633653561633862646562366466303133643938663265396666383932
31303764373563626630346434396337613266323639653935336261316565613033636137353838
62326530366536396464306538363733326461663166316561343161313732323164633036323662
656161613861626338376130333230643363
61653339306335306538306231313962623561373262383030306539383936633663316637623935
6665353831643337386464393830646462613436336538660a663536303335313336386531346364
66376536323135393934383666323962323337353462643662623462623639613835393133333464
6361346465306533640a396431643435356264623865393662633632313039656431653639663335
36303666643730636430346465353436366435353436666331366138333639613334353232646439
31313532353237383964363965396238303739623731366236623035366238376134363564383838
31313131393234623562633432306533336630363231666664623032656366623433633562373831
33303333643532623231303661643764623264353737316539616137326133356464333065653538
63333638613632373232356462356164303730643966346261626361333235633132623661663739
61626130376430373566663065326335626464316631386161306663353365346462386263313039
66616435343431643734653933353430343834633264643132613735363130663036636165613165
33646230313839356637
......@@ -6,3 +6,8 @@ archweb_db_host: 'apollo.archlinux.org'
# raise tcp window limits to 32MiB
tcp_rmem: "10240 87380 33554432"
tcp_wmem: "10240 87380 33554432"
zabbix_agent_templates:
- Template OS Linux
- Template App Syncrepo
- Template App Syncrepo Arch32
......@@ -20,6 +20,19 @@ mysql_backup_defaults: "/root/.backup-my.cnf"
kanboard_version: "v1.2.5"
# TODO use a list of enabled roles or groups to enable each template and also use the same to enable each role for a machine? duplicating and manually tracking this stuff sucks, but maybe we want to deploy roles without monitoring? maybe not?
zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App HTTP Service
- Template App HTTPS Service
- Template App MySQL
- Template App Nginx
- Template App Security Tracker
- Template App SMTP Service
- Template App SSH Service
- Template App Zabbix Server
configure_firewall: true
# this is needed to make ansible find the firewalld python
......
......@@ -10,6 +10,12 @@ mysql_backup_defaults: "/root/.backup-my.cnf"
vault_mariadb_users:
root: "{{encrypted_mariadb_users_root_password}}"
zabbix_agent_templates:
- Template OS Linux
- Template App Mailman
- Template App MySQL
- Template App Nginx
configure_firewall: true
# this is needed to make ansible find the firewalld python
......
......@@ -15,5 +15,8 @@ archweb_server_email: 'archweb-dev@archlinux.org'
archweb_domain: 'archweb-dev.archlinux.org'
archweb_version: release_2018-11-23
zabbix_agent_templates:
- Template OS Linux
configure_firewall: true
ansible_python_interpreter: /usr/bin/python3.7
......@@ -17,6 +17,10 @@ tcp_wmem: "10240 87380 33554432"
dns_servers: ["127.0.0.1"]
mail_domain: "mail.archlinux.org"
zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App Nginx
configure_firewall: true
# this is needed to make ansible find the firewalld python
......
......@@ -11,6 +11,11 @@ tcp_congestion_control: "bbr"
filesystem: btrfs
postgres_backup_dir: "/var/lib/postgres/backup"
zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App Syncrepo
configure_firewall: true
# this is needed to make ansible find the firewalld python
......
......@@ -9,6 +9,9 @@ ipv4_gateway: "5.9.158.161"
ipv6_gateway: "fe80::1"
filesystem: ext4
zabbix_agent_templates:
- Template OS Linux
configure_firewall: true
# this is needed to make ansible find the firewalld python
......
---
zabbix_agent_server: zabbix.archlinux.org
zabbix_agent_ip: ""
zabbix_agent_dns: "{{inventory_hostname}}"
zabbix_agent_useip: 0
# TODO set this as a default here once the value has been set correctly for each host. Otherwise we might remove templates from a host by accident
#zabbix_agent_template: ['Template OS Linux']
......@@ -23,6 +23,35 @@
- name: fix permissions of PSK file
file: path=/etc/zabbix/zabbix_agentd.psk owner=zabbix-agent group=zabbix-agent mode=600
- name: fetch PSK
command: cat /etc/zabbix/zabbix_agentd.psk
check_mode: no
register: zabbix_agent_psk
- name: Set host config in zabbix
local_action:
module: zabbix_host
server_url: "https://{{zabbix_agent_server}}"
login_user: "{{vault_zabbix_admin_user}}"
login_password: "{{vault_zabbix_admin_password}}"
host_name: "{{inventory_hostname}}"
visible_name: "{{inventory_hostname}}"
link_templates: "{{zabbix_agent_templates}}"
status: enabled
state: present
inventory_mode: disabled
interfaces:
- type: 1
main: 1
useip: "{{zabbix_agent_useip}}"
ip: "{{zabbix_agent_ip}}"
dns: "{{inventory_hostname}}"
port: 10050
tls_psk_identity: "PSK{{inventory_hostname}}"
tls_accept: 2
tls_connect: 2
tls_psk: "{{zabbix_agent_psk.stdout}}"
- name: install agent config
template: src=zabbix_agentd.conf dest=/etc/zabbix/zabbix_agentd.conf owner=zabbix-agent group=zabbix-agent mode=600
notify:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment