--- ##### Install zabbix-agent - name: ping hosts ping: - name: check OS debug: msg={{ansible_distribution}}-{{ansible_distribution_version}} tags: configure_zabbix ### centOS 7 - name: disable SELinux selinux: state: disabled when: ansible_os_family == "RedHat" tags: configure_zabbix - name: install zabbix centOS 7 rpm file yum: name: "{{ centos7_link }}" when: ansible_os_family == "RedHat" tags: configure_zabbix - name: install zabbix-agent 4.4 for centOS 7 yum: name: zabbix-agent enablerepo: zabbix update_cache: true state: latest when: ansible_os_family == "RedHat" tags: configure_zabbix ### Debian 8 - name: download zabbix deb file for Debian 8 get_url: url: "{{ debian8_link }}" dest: "/tmp/{{ debian8_file }}" when: ansible_distribution_release == 'jessie' tags: configure_zabbix - name: install zabbix deb in Debian 8 apt: deb "/tmp/{{ debian8_file }}" when: ansible_distribution_release == 'jessie' tags: configure_zabbix - name: install zabbix-agent 4.4 Debian 8 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'jessie' tags: configure_zabbix ### Debian 9 - name: download zabbix deb file for Debian 9 get_url: url: "{{ debian9_link }}" dest: "/tmp/{{ debian9_file }}" when: ansible_distribution_release == 'stretch' tags: configure_zabbix - name: install zabbix deb in Debian 9 apt: deb "/tmp/{{ debian9_file }}" when: ansible_distribution_release == 'stretch' tags: configure_zabbix - name: install zabbix-agent 4.4 Debian 9 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'stretch' tags: configure_zabbix ### Debian 10 - name: download zabbix deb file for Debian 10 get_url: url: "{{ debian10_link }}" dest: "/tmp/{{ debian10_file }}" when: ansible_distribution_release == 'buster' tags: configure_zabbix - name: install zabbix deb in Debian 10 apt: deb "/tmp/{{ debian10_file }}" when: ansible_distribution_release == 'buster' tags: configure_zabbix - name: install zabbix-agent 4.4 Debian 10 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'buster' tags: configure_zabbix ### Ubuntu 16.04 Xenial - name: download zabbix deb file fot Ubuntu 16.04 get_url: url: "{{ ubuntu16_link }}" dest: "/tmp/{{ ubuntu16_file }}" when: ansible_distribution_release == 'xenial' tags: configure_zabbix - name: install zabbix deb for Ubuntu 16.04 Xenial apt: deb "/tmp/{{ ubuntu16_file }}" when: ansible_distribution_release == 'xenial' tags: configure_zabbix - name: install zabbix-agent 4.4 Ubuntu 16.04 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'xenial' tags: configure_zabbix ### Ubuntu 18.04 Bionic Beaver - name: download zabbix deb file fot Ubuntu 18.04 get_url: url: "{{ ubuntu18_link }}" dest: "/tmp/{{ ubuntu18_file }}" when: ansible_distribution_release == 'bionic' tags: configure_zabbix - name: install zabbix deb for Ubuntu 18.04 Xenial apt: deb "/tmp/{{ ubuntu18_file }}" when: ansible_distribution_release == 'bionic' tags: configure_zabbix - name: install zabbix-agent 4.4 Ubuntu 18.04 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'bionic' tags: configure_zabbix ### Ubunto 20.04 Focal - name: download zabbix deb file fot Ubuntu 20.04 get_url: url: "{{ ubuntu20_link }}" dest: "/tmp/{{ ubuntu20_file }}" when: ansible_distribution_release == 'focal' tags: configure_zabbix - name: install zabbix deb for Ubuntu 20.04 Xenial apt: deb "/tmp/{{ ubuntu20_file }}" when: ansible_distribution_release == 'focal' tags: configure_zabbix - name: install zabbix-agent 4.4 Ubuntu 20.04 apt: name: zabbix-agent state: latest update_cache: yes when: ansible_distribution_release == 'focal' tags: configure_zabbix ##### enabled zabbix-agent - name: enable service zabbix-agent and ensure it is not masked systemd: name: zabbix-agent enabled: yes masked: no become: yes tags: configure_zabbix ##### check zabbix home dir and shell - name: Make sure a service is stopped systemd: state=stopped name=zabbix-agent become: yes tags: configure_zabbix - name: check zabbix home dir and shell user: name: zabbix shell: /bin/bash home: /etc/zabbix append: yes groups: sudo become: yes tags: configure_zabbix ##### mkdir /etc/zabbix/scripts and rights - name: mkdir /etc/zabbix/scripts and rights file: path: /etc/zabbix/scripts state: directory owner: zabbix group: zabbix mode: 0700 become: yes tags: configure_zabbix ##### change zabbix_agentd.conf - name: change zabbix_agentd.conf Hostname lineinfile: path: /etc/zabbix/zabbix_agentd.conf state: present regexp: 'Hostname=Zabbix server' line: "Hostname={{ ansible_hostname }}" become: yes tags: configure_zabbix - name: change zabbix_agentd.conf ServerActive lineinfile: path: /etc/zabbix/zabbix_agentd.conf state: present regexp: 'ServerActive=127.0.0.1' line: "ServerActive={{ zbx_srv }}" become: yes tags: configure_zabbix - name: change zabbix_agentd.conf Server lineinfile: path: /etc/zabbix/zabbix_agentd.conf state: present regexp: 'Server=127.0.0.1' line: "Server={{ zbx_srv }}" become: yes tags: configure_zabbix - name: change zabbix_agentd.conf EnableRemoteCommands lineinfile: path: /etc/zabbix/zabbix_agentd.conf state: present regexp: '# EnableRemoteCommands=0' line: 'EnableRemoteCommands=1' become: yes tags: configure_zabbix - name: change zabbix_agentd.conf LogRemoteCommands lineinfile: path: /etc/zabbix/zabbix_agentd.conf state: present regexp: '# LogRemoteCommands=0' line: 'LogRemoteCommands=1' tags: configure_zabbix ##### Install Vulners plugin ### CentOS7 - name: install plugin repo centOS 7 rpm file yum: name=https://repo.vulners.com/redhat/vulners-repo.rpm when: ansible_os_family == "RedHat" tags: configure_zabbix - name: install plugin for centOS 7 yum: name=zabbix-threat-control-host when: ansible_os_family == "RedHat" tags: configure_zabbix ### Debian #- name: download plugin deb file for Debian # get_url: # url: https://repo.vulners.com/debian/vulners-repo.deb # dest: /tmp/vulners-repo.deb # when: ansible_os_family == "Debian" # tags: configure_zabbix #- name: install plugin deb in Debian # apt: deb="/tmp/vulners-repo.deb" # when: ansible_os_family == "Debian" # tags: configure_zabbix #- name: install plugin Debian # apt: # name: zabbix-threat-control-host # update_cache: yes # when: ansible_os_family == "Debian" # tags: configure_zabbix ### Starting zabbix-agent - name: install needrestart apt: name: needrestart update_cache: yes when: ansible_os_family == "Debian" tags: configure_zabbix - name: Make sure a service is started systemd: state=started name=zabbix-agent become: yes tags: configure_zabbix - name: Copy configuration files become: true copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root group: root mode: 6755 with_items: - { src: "{{ role_path }}/files/check_updates.sh", dest: "/opt/zabbix_scripts/" } - { src: "{{ role_path }}/files/zbx-reboot-required.sh", dest: "/opt/zabbix_scripts/" } tags: configure_zabbix - name: enable cron job for update check become: true cron: name: "update_checker" minute: "*/30" user: root job: "/opt/zabbix_scripts/check_updates.sh" tags: configure_zabbix - name: zabbix-agent-config lineinfile: path: "/etc/zabbix/zabbix_agentd.conf" state: present line: "{{ item.line }}" with_items: - { line: "UserParameter=os.updates.pending,cat \"/run/zabbix/zabbix.count.updates\"" } - { line: "UserParameter=reboot-required.kernel,/opt/zabbix_scripts/zbx-reboot-required.sh -k" } - { line: "UserParameter=reboot-required.services,/opt/zabbix_scripts/zbx-reboot-required.sh -s" } become: true tags: configure_zabbix - name: Restart service zabbix-agent service: name: zabbix-agent state: restarted tags: configure_zabbix become: true