mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
aur_robots.txt
infrastructure/roles/zabbix_agent/tasks/main.yml
Frederik Schwan 63887d3b09 fix E208 'File permissions not mentioned'
2020-08-27 05:29:00 +00:00

129 lines
4.2 KiB
YAML
Raw Permalink Blame History

---
# If you do not have python-zabbix-api installed (** ON YOUR LOCAL MACHINE **),
# this will fail. Please install it; it is needed for tasks later in this role.
- name: install python-zabbix-api package on localhost
pacman: name=python-zabbix-api
run_once: true
delegate_to: localhost
- name: install packages
pacman: name=zabbix-agent,python-dbus,perl-json,arch-audit
- name: install packages for borg monitoring
pacman: name=perl-json
when: "'borg_clients' in group_names"
- name: install packages for nginx monitoring
pacman: name=perl-json,perl-clone,perl-statistics-descriptive
when: "'nginx' in group_names"
- name: install mysql userstats monitoring packages
pacman: name=perl-dbi,perl-dbd-mysql,perl-json
when: "'mysql_servers' in group_names"
- name: install postgresql userstats monitoring packages
pacman: name=perl-dbi,perl-dbd-pg,perl-json
when: "'postgresql_servers' in group_names"
- name: install memcached monitoring packages
pacman: name=python-memcached
when: "'memcached' in group_names"
- name: adding existing zabbix-agent to memcached group
user:
name: zabbix-agent
groups: memcached
append: yes
when: "'memcached' in group_names"
- name: set zabbix directory permissions in /etc
file: path=/etc/zabbix state=directory owner=root group=root mode=755
- name: create host PSK
shell: umask 077; openssl rand -hex 64 > /etc/zabbix/zabbix_agentd.psk creates=/etc/zabbix/zabbix_agentd.psk
- name: fix permissions of PSK file
file: path=/etc/zabbix/zabbix_agentd.psk owner=zabbix-agent group=zabbix-agent mode=600
- name: fetch PSK
command: cat /etc/zabbix/zabbix_agentd.psk
check_mode: no
register: zabbix_agent_psk
changed_when: false
- name: Set host config in zabbix
zabbix_host:
server_url: "https://{{ zabbix_agent_server }}"
login_user: "{{ vault_zabbix_admin_user }}"
login_password: "{{ vault_zabbix_admin_password }}"
host_name: "{{ inventory_hostname }}"
host_groups: "{{ zabbix_agent_host_groups }}"
visible_name: "{{ inventory_hostname }}"
link_templates: "{{ zabbix_agent_templates }}"
status: enabled
state: present
inventory_mode: disabled
interfaces:
- type: 1
main: 1
useip: "{{ zabbix_agent_useip }}"
ip: "{{ zabbix_agent_ip }}"
dns: "{{ inventory_hostname }}"
port: 10050
tls_psk_identity: "PSK{{ inventory_hostname }}"
tls_accept: 2
tls_connect: 2
tls_psk: "{{ zabbix_agent_psk.stdout }}"
delegate_to: localhost
- name: install agent config
template: src=zabbix_agentd.conf dest=/etc/zabbix/zabbix_agentd.conf owner=zabbix-agent group=zabbix-agent mode=600
notify:
- restart zabbix agent
- name: Create mysql config for agent checks
template: src=my.cnf.j2 dest=/etc/zabbix/zabbix_agentd.my.cnf owner=zabbix-agent group=zabbix-agent mode=600
when: zabbix_agent_mysql_user is defined
- name: Install helper scripts
copy: src={{ item }} dest=/usr/local/bin/{{ item }} mode=0755 owner=root group=root
with_items:
- systemd-units-failed.py
- mysql-user-stats.pl
- systemd-discover-accounting-units.py
- zabbix-borg-timestamps.pl
- mysql-dbsize-stats.pl
- postgresql-dbsize-stats.pl
- postgresql-user-stats.pl
- memcached-stats.py
- zabbix-btrfs-subvolume.sh
- name: Install helper scripts
copy: src=nginx-zabbix.pl dest=/usr/local/bin/nginx-zabbix.pl mode=0755 owner=root group=root
notify:
- restart nginx-zabbix.service
when: "'nginx' in group_names"
- name: install sudo config
template: src=zabbix-agent-sudoers.conf.j2 dest=/etc/sudoers.d/zabbix-agent-sudoers mode=0440 owner=root group=root
- name: copy nginx-zabbix.service
copy: src=nginx-zabbix.service dest=/etc/systemd/system/nginx-zabbix.service owner=root group=root mode=0644
notify:
- restart nginx-zabbix.service
when: "'nginx' in group_names"
- name: start nginx-zabbix.service
service: name=nginx-zabbix.service enabled=yes state=started
when: "'nginx' in group_names"
- name: run zabbix agent service
service: name=zabbix-agent enabled=yes state=started
- name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
View Git Blame Copy Permalink