Update Readme

add requirements.yml for additional modules
2021-08-30 08:39:21 -04:00
parent 21612189e0
commit 7e68ea16b3
19 changed files with 964 additions and 59 deletions
--- a/roles/zabbix/tasks/main.yaml
+++ b/roles/zabbix/tasks/main.yaml
@@ -0,0 +1,321 @@
+---
+##### Install zabbix-agent
+- name: ping hosts
+  ping:
+
+- name: check OS
+  debug: msg={{ansible_distribution}}-{{ansible_distribution_version}}
+  tags: configure_zabbix
+
+### centOS 7
+- name: disable SELinux
+  selinux:
+    state: disabled
+  when: ansible_os_family == "RedHat"
+  tags: configure_zabbix
+
+- name: install zabbix centOS 7 rpm file
+  yum:
+    name: "{{ centos7_link }}"
+  when: ansible_os_family == "RedHat"
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 for centOS 7
+  yum: 
+    name: zabbix-agent
+    enablerepo: zabbix
+    update_cache: true
+    state: latest
+  when: ansible_os_family == "RedHat"
+  tags: configure_zabbix
+
+### Debian 8
+- name: download zabbix deb file for Debian 8
+  get_url:
+    url: "{{ debian8_link }}"
+    dest: "/tmp/{{ debian8_file }}"
+  when: ansible_distribution_release == 'jessie'
+  tags: configure_zabbix
+
+- name: install zabbix deb in Debian 8
+  apt: deb "/tmp/{{ debian8_file }}"
+  when: ansible_distribution_release == 'jessie'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Debian 8
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'jessie'
+  tags: configure_zabbix
+
+### Debian 9
+- name: download zabbix deb file for Debian 9
+  get_url:
+    url: "{{ debian9_link }}"
+    dest: "/tmp/{{ debian9_file }}"
+  when: ansible_distribution_release == 'stretch'
+  tags: configure_zabbix
+
+- name: install zabbix deb in Debian 9
+  apt: deb "/tmp/{{ debian9_file }}"
+  when: ansible_distribution_release == 'stretch'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Debian 9
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'stretch'
+  tags: configure_zabbix
+
+### Debian 10
+- name: download zabbix deb file for Debian 10
+  get_url:
+    url: "{{ debian10_link }}" 
+    dest: "/tmp/{{ debian10_file }}"
+  when: ansible_distribution_release == 'buster'
+  tags: configure_zabbix
+
+- name: install zabbix deb in Debian 10
+  apt: deb "/tmp/{{ debian10_file }}"
+  when: ansible_distribution_release == 'buster'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Debian 10
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'buster'
+  tags: configure_zabbix
+
+### Ubuntu 16.04 Xenial
+- name: download zabbix deb file fot Ubuntu 16.04
+  get_url:
+    url: "{{ ubuntu16_link }}"
+    dest: "/tmp/{{ ubuntu16_file }}"
+  when: ansible_distribution_release == 'xenial'
+  tags: configure_zabbix
+
+- name: install zabbix deb for Ubuntu 16.04 Xenial
+  apt: deb "/tmp/{{ ubuntu16_file }}"
+  when: ansible_distribution_release == 'xenial'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Ubuntu 16.04
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'xenial'
+  tags: configure_zabbix
+
+
+### Ubuntu 18.04 Bionic Beaver
+- name: download zabbix deb file fot Ubuntu 18.04
+  get_url:
+    url: "{{ ubuntu18_link }}"
+    dest: "/tmp/{{ ubuntu18_file }}"
+  when: ansible_distribution_release == 'bionic'
+  tags: configure_zabbix
+
+- name: install zabbix deb for Ubuntu 18.04 Xenial
+  apt: deb "/tmp/{{ ubuntu18_file }}"
+  when: ansible_distribution_release == 'bionic'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Ubuntu 18.04
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'bionic'
+  tags: configure_zabbix
+### Ubunto 20.04 Focal
+- name: download zabbix deb file fot Ubuntu 20.04
+  get_url:
+    url: "{{ ubuntu20_link }}"
+    dest: "/tmp/{{ ubuntu20_file }}"
+  when: ansible_distribution_release == 'focal'
+  tags: configure_zabbix
+
+- name: install zabbix deb for Ubuntu 20.04 Xenial
+  apt: deb "/tmp/{{ ubuntu20_file }}"
+  when: ansible_distribution_release == 'focal'
+  tags: configure_zabbix
+
+- name: install zabbix-agent 4.4 Ubuntu 20.04
+  apt:
+    name: zabbix-agent
+    state: latest
+    update_cache: yes
+  when: ansible_distribution_release == 'focal'
+  tags: configure_zabbix
+
+##### enabled zabbix-agent
+- name: enable service zabbix-agent and ensure it is not masked
+  systemd:
+    name: zabbix-agent
+    enabled: yes
+    masked: no
+  become: yes
+  tags: configure_zabbix
+
+##### check zabbix home dir and shell
+- name: Make sure a service is stopped
+  systemd: state=stopped name=zabbix-agent
+  become: yes
+  tags: configure_zabbix
+
+- name: check zabbix home dir and shell
+  user:
+    name: zabbix
+    shell: /bin/bash
+    home: /etc/zabbix
+    append: yes
+    groups: sudo
+  become: yes
+  tags: configure_zabbix
+
+##### mkdir /etc/zabbix/scripts and rights
+- name: mkdir /etc/zabbix/scripts and rights
+  file:
+    path: /etc/zabbix/scripts
+    state: directory
+    owner: zabbix
+    group: zabbix
+    mode: 0700
+  become: yes
+  tags: configure_zabbix
+
+##### change zabbix_agentd.conf
+- name: change zabbix_agentd.conf Hostname
+  lineinfile:
+    path: /etc/zabbix/zabbix_agentd.conf
+    state: present
+    regexp: 'Hostname=Zabbix server'
+    line: "Hostname={{ ansible_hostname }}"
+  become: yes
+  tags: configure_zabbix
+    
+- name: change zabbix_agentd.conf ServerActive
+  lineinfile:
+    path: /etc/zabbix/zabbix_agentd.conf
+    state: present
+    regexp: 'ServerActive=127.0.0.1'
+    line: "ServerActive={{ zbx_srv }}"
+  become: yes
+  tags: configure_zabbix
+
+- name: change zabbix_agentd.conf Server
+  lineinfile:
+    path: /etc/zabbix/zabbix_agentd.conf
+    state: present
+    regexp: 'Server=127.0.0.1'
+    line: "Server={{ zbx_srv }}"
+  become: yes
+  tags: configure_zabbix
+
+- name: change zabbix_agentd.conf EnableRemoteCommands
+  lineinfile:
+    path: /etc/zabbix/zabbix_agentd.conf
+    state: present
+    regexp: '# EnableRemoteCommands=0'
+    line: 'EnableRemoteCommands=1'
+  become: yes
+  tags: configure_zabbix
+
+- name: change zabbix_agentd.conf LogRemoteCommands
+  lineinfile:
+    path: /etc/zabbix/zabbix_agentd.conf
+    state: present
+    regexp: '# LogRemoteCommands=0'
+    line: 'LogRemoteCommands=1'
+  tags: configure_zabbix
+
+##### Install Vulners plugin
+### CentOS7
+- name: install plugin repo centOS 7 rpm file
+  yum: name=https://repo.vulners.com/redhat/vulners-repo.rpm
+  when: ansible_os_family == "RedHat"
+  tags: configure_zabbix
+
+- name: install plugin for centOS 7
+  yum: name=zabbix-threat-control-host
+  when: ansible_os_family == "RedHat"
+  tags: configure_zabbix
+
+### Debian
+#- name: download plugin deb file for Debian
+#  get_url:
+#    url: https://repo.vulners.com/debian/vulners-repo.deb
+#    dest: /tmp/vulners-repo.deb
+#  when: ansible_os_family == "Debian"
+#  tags: configure_zabbix
+
+#- name: install plugin deb in Debian
+#  apt: deb="/tmp/vulners-repo.deb"
+#  when: ansible_os_family == "Debian"
+#  tags: configure_zabbix
+
+#- name: install plugin Debian
+#  apt:
+#    name: zabbix-threat-control-host
+#    update_cache: yes
+#  when: ansible_os_family == "Debian"
+#  tags: configure_zabbix
+
+### Starting zabbix-agent
+- name: install needrestart
+  apt:
+    name: needrestart
+    update_cache: yes
+  when: ansible_os_family == "Debian"
+  tags: configure_zabbix
+
+- name: Make sure a service is started
+  systemd: state=started name=zabbix-agent
+  become: yes
+  tags: configure_zabbix
+- name: Copy configuration files
+  become: true
+  copy:
+          src: "{{ item.src }}"
+          dest: "{{ item.dest }}"
+          owner: root
+          group: root
+          mode: 6755
+  with_items:
+          - { src: "{{ role_path }}/files/check_updates.sh", dest: "/opt/zabbix_scripts/" }
+          - { src: "{{ role_path }}/files/zbx-reboot-required.sh", dest: "/opt/zabbix_scripts/" }
+  tags: configure_zabbix
+- name: enable cron job for update check
+  become: true
+  cron:
+          name: "update_checker"
+          minute: "*/30"
+          user: root
+          job: "/opt/zabbix_scripts/check_updates.sh"
+  tags: configure_zabbix
+
+- name: zabbix-agent-config
+  lineinfile:
+    path: "/etc/zabbix/zabbix_agentd.conf"
+    state: present
+    line: "{{ item.line }}"
+  with_items:
+    - { line: "UserParameter=os.updates.pending,cat \"/run/zabbix/zabbix.count.updates\"" }
+    - { line: "UserParameter=reboot-required.kernel,/opt/zabbix_scripts/zbx-reboot-required.sh -k" }
+    - { line: "UserParameter=reboot-required.services,/opt/zabbix_scripts/zbx-reboot-required.sh -s" }
+  become: true
+  tags: configure_zabbix
+- name: Restart service zabbix-agent
+  service:
+    name: zabbix-agent
+    state: restarted
+  tags: configure_zabbix
+  become: true
+