mhutchinson
/
Ansible_repo-pub


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
							---
  - name: "Install Zabbix agent using yum/dnf/apt"
    hosts: all
    gather_facts: True
    become: true
    tasks:
      - name: "msg print to stdout: Debug ansible_facts"
        debug:
          msg:
            - ansible_facts.distribution "{{ ansible_facts.distribution }}"
            - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
            - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"


      - name: Populate systemd service_facts
        service_facts:

      - debug:
          msg:
            - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
        when: "'firewalld.service' in services"

      - debug:
          msg:
            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
        when: "'iptables.service' in services"

      - debug:
          msg:
            - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
        when: "'ufw.service' in services"


#RHEL-6 Like:
      - name: Install Zabbix rpm key if distro RHEL-6 like
        rpm_key:
          key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD
          state: present
        when: ansible_facts['distribution_file_variety'] == 'RedHat'

      - name: Install zabbix-agent2 from specified rpm if distro is RH6-like
        yum:
          name: https://repo.zabbix.com/zabbix/6.4/rhel/6/x86_64/zabbix-agent2-6.4.8-release2.el6.x86_64.rpm
          state: installed
        when: (ansible_facts['distribution_file_variety'] == 'RedHat') and (ansible_facts['distribution_major_version'] == '6')

#RHEL-7 like:
      - name: Install Official Zabbix repo for RHEL-7 like, incl. Fedora 19 - 27
        yum_repository:
          name: zabbix
          description: Install Zabbix official repo for RHEL-7 like
          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/$releasever/x86_64/
          enabled: yes
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'

      - name: yum-clean-metadata for RHEL-7 like, incl. Fedora 19 - 27
        ansible.builtin.command: yum clean metadata
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'

      - name: Install zabbix-agent2 + plugins for RHEL-7 like
        yum:
          name:
            - zabbix-agent2, zabbix-agent2-plugin-*
          disablerepo: "epel"
          state: present
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '7' or ansible_facts['distribution_major_version'] == '19' or ansible_facts['distribution_major_version'] == '20' or ansible_facts['distribution_major_version'] == '21' or ansible_facts['distribution_major_version'] == '22' or ansible_facts['distribution_major_version'] == '23' or ansible_facts['distribution_major_version'] == '24' or ansible_facts['distribution_major_version'] == '25' or ansible_facts['distribution_major_version'] == '26' or ansible_facts['distribution_major_version'] == '27'

#RHEL-8 like:
      - name: Install Zabbix repo GPG key for ALL RHEL like, incl. Fedora 28 - 33
        rpm_key:
          state: present
          key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD
        when: ansible_facts['distribution_file_variety'] == 'RedHat'

      - name: Install Official Zabbix repo for RHEL-8 like incl. Fedora 28 - 33
        yum_repository:
          name: zabbix
          description: Install Zabbix official repo for RHEL-8 like incl. Fedora 28 - 33
          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/8/x86_64/
          enabled: yes
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '28' or ansible_facts['distribution_major_version'] == '29' or ansible_facts['distribution_major_version'] == '30' or ansible_facts['distribution_major_version'] == '31' or ansible_facts['distribution_major_version'] == '32' or ansible_facts['distribution_major_version'] == '33'


      - name: yum-clean-metadata for RHEL-8 like incl. Fedora 28 - 33
        ansible.builtin.command: yum clean metadata
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '8' or ansible_facts['distribution_major_version'] == '28' or ansible_facts['distribution_major_version'] == '29' or ansible_facts['distribution_major_version'] == '30' or ansible_facts['distribution_major_version'] == '31' or ansible_facts['distribution_major_version'] == '32' or ansible_facts['distribution_major_version'] == '33'


      - name: Install Official Zabbix repo for RHEL-9 like, incl. Fedora 34-40
        yum_repository:
          name: zabbix
          description: Install Zabbix official repo for RHEL-9 like, incl. Fedora 34-40
          baseurl: https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/
          enabled: yes
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'


      - name: yum-clean-metadata for RHEL-9 like, incl. Fedora 34-40
        ansible.builtin.command: yum clean metadata
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'


      - name: Install zabbix-agent2 + plugins for RHEL-9 like, incl. Fedora 34-40
        yum:
          name:
            - zabbix-agent2, zabbix-agent2-plugin-*
          disablerepo: "epel"
          state: present
          disable_gpg_check: true
        when:
          - ansible_facts['distribution_file_variety'] == 'RedHat'
          - ansible_facts['distribution_major_version'] == '9' or ansible_facts['distribution_major_version'] == '34' or ansible_facts['distribution_major_version'] == '35' or ansible_facts['distribution_major_version'] == '36' or ansible_facts['distribution_major_version'] == '37' or ansible_facts['distribution_major_version'] == '38' or ansible_facts['distribution_major_version'] == '39' or ansible_facts['distribution_major_version'] == '40'


###############################################  Debian section  #################################################################################################
      - name: Install zabbix-agent2 from specified deb file if distro is Deb12, "Bookworm"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian12_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '12')
      - name: Install zabbix-agent2 from specified deb file if distro is Deb11, "Bullseye"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian11_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '11')
      - name: Install zabbix-agent2 from specified deb file if distro is Deb10, "Buster"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian10_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '10')
      - name: Install zabbix-agent2 from specified deb file if distro is Deb9, "Stretch"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/debian/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bdebian9_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Debian') and (ansible_facts['distribution_major_version'] == '9')
##############################################   Begin Ubuntu section   ###################################################
      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 22.xx, "Jammy Jellyfish"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu22.04_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '22')
      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 20.xx, "Focal Fossa"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu20.04_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '20')
      - name: Install zabbix-agent2 from specified deb file if distro is Ubuntu 18.xx, "Bionic Bever"
        apt:
          deb: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix/zabbix-agent2_6.4.8-2%2Bubuntu18.04_amd64.deb
          state: present
        when: (ansible_facts['distribution'] == 'Ubuntu') and (ansible_facts['distribution_major_version'] == '18')

      - name: Create /etc/zabbix w/ appropriate permissinos
        file:
          path: /etc/zabbix
          owner: zabbix
          group: root
          mode: '0755'
          state: directory

# Copy Zabbix agent config file to host
      - name: perform copy of zabbix agent config
        copy:
          src: ~/install_packages/zabbix/zabbix_agent2.conf
          dest: /etc/zabbix/zabbix_agent2.conf
          owner: zabbix
          group: root
          mode: '0640'
# Create /etc/zabbix w/ appropriate permissinos
      - name: Create /etc/zabbix/certs w/ appropriate permissions
        file:
          path: /etc/zabbix/certs
          owner: zabbix
          group: root
          mode: '0750'
          state: directory

# Copy Zabbix ca.cert to host
      - name: perform copy ca.cert
        copy:
          src: ~/install_packages/zabbix/certs/ca.cert
          dest: /etc/zabbix/certs/ca.cert
          owner: zabbix
          group: root
          mode: '0640'

# Copy Zabbix client.cert to host
      - name: perform copy client.cert
        copy:
          src: ~/install_packages/zabbix/certs/client.cert
          dest: /etc/zabbix/certs/client.cert
          owner: zabbix
          group: root
          mode: '0640'

# Copy Zabbix client_private.key to host
      - name: perform copy ca.cert
        copy:
          src: ~/install_packages/zabbix/certs/client_private.key
          dest: /etc/zabbix/certs/client_private.key
          owner: zabbix
          group: root
          mode: '0640'


      - name : remove /etc/zabbix_agentd.conf file if present
        file:
          path: /etc/zabbix_agentd.conf
          state: absent

# Copy Zabbix agent PSK
      - name: perform copy of Zabbix agent PSK
        copy:
          src: ~/install_packages/zabbix/psk.key
          dest: /etc/zabbix/psk.key
          owner: zabbix
          group: root
          mode: '0440'

# Ensure /var/log/zabbix/ exists w/ correct permissions
      - name: Create /var/log/zabbix if needed
        file:
          path: /var/log/zabbix
          state: directory
          owner: zabbix
          group: zabbix
          mode: '0775'


# Ensure /var/log/zabbix/zabbix_agentd.log exists
      - name: Touch /var/log/zabbix/zabbix_agent2.log
        file:
          path: /var/log/zabbix/zabbix_agent2.log
          state: touch
          owner: zabbix
          group: zabbix
          mode: '0664'


# Allow connections to :10050 on systems using firewalld:
      - name: allow :10050/tcp incoming, firewalld
        firewalld:
          port:
            - 10050/tcp
            - 10051/tcp
          permanent: True
          state: enabled
          immediate: True
        when: ansible_facts.services['firewalld.service']['status'] == 'enabled'
        ignore_errors: yes

# Allow connections to :10050 on systems using iptables.service:
      - name: Open 10050/tcp if iptables.service is running
        iptables:
          chain: INPUT
          src_range: "***CONTENTS REDACTED***"
          protocol: tcp
          destination_ports:
            - "10050"
            - "10051"
          jump: ACCEPT
        when: ansible_facts.services['iptables.service']['status'] == 'enabled'
        ignore_errors: yes

# Allow connections to :10050 on systems using UFW:
      - name: allow :10050/tcp incoming, ufw
        ufw:
          rule: allow
          port: '10050'
          proto: tcp
          comment: Zabbix agent on 10050
        when:
          - "'ufw' in services"
          - ansible_facts.services['ufw.service']['status'] == 'enabled'
        ignore_errors: yes

# Enable zabbix-agent on systemd-enabled systems:
      - name: enable zabbix-agent2 service
        systemd:
          name: zabbix-agent2
          enabled: True
          masked: no
          state: started
        ignore_errors: False
        #when: ansible_facts.services['source'].source == systemd
        when: ansible_facts.service_mgr == "systemd"

# Restart systemd service
      - name: restart zabbix-agent2.service, systemd
        systemd:
          name: zabbix-agent2
          enabled: True
          masked: no
          state: restarted
        ignore_errors: False
        when: ansible_facts.service_mgr == "systemd"