From 91c1a8cafc41882bb014a355ee18726414889d7d Mon Sep 17 00:00:00 2001 From: David Kirwan Date: Tue, 4 Jul 2023 11:22:09 +0100 Subject: [PATCH] zabbix_server: update zabbix_server configuration Update zabbix-agentd.conf Update vars Disable cron Signed-off-by: David Kirwan --- roles/zabbix/zabbix_agent/defaults/main.yml | 10 ++++--- roles/zabbix/zabbix_agent/meta/main.yml | 0 roles/zabbix/zabbix_agent/tasks/tools.yml | 1 + .../templates/zabbix_agentd.conf.j2 | 26 +++++++------------ roles/zabbix/zabbix_agent/vars/CentOS-9.yml | 12 +++++++++ roles/zabbix/zabbix_agent/vars/Fedora.yml | 4 +-- roles/zabbix/zabbix_agent/vars/RedHat-9.yml | 1 + .../templates/zabbix_server.conf.j2 | 11 ++++---- 8 files changed, 37 insertions(+), 28 deletions(-) delete mode 100644 roles/zabbix/zabbix_agent/meta/main.yml create mode 100644 roles/zabbix/zabbix_agent/vars/CentOS-9.yml create mode 120000 roles/zabbix/zabbix_agent/vars/RedHat-9.yml diff --git a/roles/zabbix/zabbix_agent/defaults/main.yml b/roles/zabbix/zabbix_agent/defaults/main.yml index f068412946..8f25b7c454 100644 --- a/roles/zabbix/zabbix_agent/defaults/main.yml +++ b/roles/zabbix/zabbix_agent/defaults/main.yml @@ -1,8 +1,10 @@ # Defaults variables for role zabbix-agent -zabbix_server: zabbix01.stg.iad2.fedoraproject.org +zabbix_server: "zabbix01{{env_suffix}}.iad2.fedoraproject.org" +zabbix_agent_hostname: "{{ ansible_hostname }}" # TLS/PSK settings to encrypt between agent and proxy/server -zabbix_agent_tls: False -zabbix_agent_tls_psk: # gen with `openssl rand -hex 32` and also known by zabbix server -zabbix_agent_tls_psk_identity: # Whatever makes sense to you and known by zabbix server +zabbix_tls_connect: "psk" +zabbix_tls_accept: "psk" +zabbix_tls_psk_identity: "Fedora" # OVERRIDEME +zabbix_tls_psk_file: "/etc/zabbix/fedora.psk" # `openssl rand -hex 32` Overridden in ansible private repo diff --git a/roles/zabbix/zabbix_agent/meta/main.yml b/roles/zabbix/zabbix_agent/meta/main.yml deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/roles/zabbix/zabbix_agent/tasks/tools.yml b/roles/zabbix/zabbix_agent/tasks/tools.yml index 999fcc6502..fbb06c7de7 100644 --- a/roles/zabbix/zabbix_agent/tasks/tools.yml +++ b/roles/zabbix/zabbix_agent/tasks/tools.yml @@ -16,6 +16,7 @@ minute: "*/30" job: "/usr/lib/zabbix/{{ item }}" user: root + state: absent with_items: - zabbix-hw-raid-check.sh - zabbix-mdstat-check.sh diff --git a/roles/zabbix/zabbix_agent/templates/zabbix_agentd.conf.j2 b/roles/zabbix/zabbix_agent/templates/zabbix_agentd.conf.j2 index 3d2f4e5e8e..c52a4f4dab 100644 --- a/roles/zabbix/zabbix_agent/templates/zabbix_agentd.conf.j2 +++ b/roles/zabbix/zabbix_agent/templates/zabbix_agentd.conf.j2 @@ -1,19 +1,13 @@ +PidFile=/var/run/zabbix/zabbix_agentd.pid +LogFile=/var/log/zabbix/zabbix_agentd.log +LogFileSize=1 Hostname={{ inventory_hostname }} Server={{ zabbix_server }} ServerActive={{ zabbix_server }} -PidFile=/var/run/zabbix/zabbix_agentd.pid -LogFile=/var/log/zabbix/zabbix_agentd.log -LogFileSize=10 -EnableRemoteCommands=0 -Include=/etc/zabbix/zabbix_agentd.d/ -RefreshActiveChecks=180 -BufferSend=5 -BufferSize=100 -{% if zabbix_agent_tls %} -# Settings for TLS/PSK between agent and proxy/server -TLSAccept=psk -TLSConnect=psk -TLSPSKIdentity={{ zabbix_agent_tls_psk_identity }} -TLSPSKFile=/etc/zabbix/zabbix_agent.psk -{% endif %} - +ListenPort=10050 +StartAgents=3 +Include=/etc/zabbix/zabbix_agentd.d/*.conf +TLSConnect={{ zabbix_tls_connect }} +TLSAccept=psk{{ zabbix_tls_accept }} +TLSPSKIdentity={{ zabbix_tls_psk_identity }} +TLSPSKFile=/etc/zabbix/fedora.psk diff --git a/roles/zabbix/zabbix_agent/vars/CentOS-9.yml b/roles/zabbix/zabbix_agent/vars/CentOS-9.yml new file mode 100644 index 0000000000..9b94d74f1f --- /dev/null +++ b/roles/zabbix/zabbix_agent/vars/CentOS-9.yml @@ -0,0 +1,12 @@ +pkgs_list: + - policycoreutils-python-utils + +zabbix_pkgs_list: + - zabbix-agent + - zabbix-sender + - bc + - ncurses-compat-libs # Needed for some megacli tools and raid monitoring checks through zabbix_sender + +zabbix_agentd: /etc/zabbix/zabbix_agentd.conf + +zabbix_agentd_dir: /etc/zabbix/zabbix_agentd.d diff --git a/roles/zabbix/zabbix_agent/vars/Fedora.yml b/roles/zabbix/zabbix_agent/vars/Fedora.yml index f6af13c5d3..9a4496798f 100644 --- a/roles/zabbix/zabbix_agent/vars/Fedora.yml +++ b/roles/zabbix/zabbix_agent/vars/Fedora.yml @@ -8,6 +8,6 @@ zabbix_pkgs_list: - bc - ncurses-compat-libs # Needed for some megacli tools and raid monitoring checks through zabbix_sender -zabbix_agentd: /etc/zabbix/zabbix_agentd.conf +zabbix_agentd: /etc/zabbix_agentd.conf -zabbix_agentd_dir: /etc/zabbix/zabbix_agentd.d \ No newline at end of file +zabbix_agentd_dir: /etc/zabbix/zabbix_agentd.d diff --git a/roles/zabbix/zabbix_agent/vars/RedHat-9.yml b/roles/zabbix/zabbix_agent/vars/RedHat-9.yml new file mode 120000 index 0000000000..020782c8fc --- /dev/null +++ b/roles/zabbix/zabbix_agent/vars/RedHat-9.yml @@ -0,0 +1 @@ +CentOS-9.yml \ No newline at end of file diff --git a/roles/zabbix/zabbix_server/templates/zabbix_server.conf.j2 b/roles/zabbix/zabbix_server/templates/zabbix_server.conf.j2 index f25e9f6cd8..3974e6c9b1 100644 --- a/roles/zabbix/zabbix_server/templates/zabbix_server.conf.j2 +++ b/roles/zabbix/zabbix_server/templates/zabbix_server.conf.j2 @@ -511,8 +511,7 @@ SNMPTrapperFile=/var/log/snmptrap/snmptrap.log # Range: 1-30 # Default: # Timeout=3 - -Timeout=4 +Timeout=30 ### Option: TrapperTimeout # Specifies how many seconds trapper may spend processing new data. @@ -520,7 +519,7 @@ Timeout=4 # Mandatory: no # Range: 1-300 # Default: -# TrapperTimeout=300 +TrapperTimeout=300 ### Option: UnreachablePeriod # After how many seconds of unreachability treat a host as unavailable. @@ -528,7 +527,7 @@ Timeout=4 # Mandatory: no # Range: 1-3600 # Default: -# UnreachablePeriod=45 +UnreachablePeriod=45 ### Option: UnavailableDelay # How often host is checked for availability during the unavailability period, in seconds. @@ -536,7 +535,7 @@ Timeout=4 # Mandatory: no # Range: 1-3600 # Default: -# UnavailableDelay=60 +UnavailableDelay=60 ### Option: UnreachableDelay # How often host is checked for availability during the unreachability period, in seconds. @@ -544,7 +543,7 @@ Timeout=4 # Mandatory: no # Range: 1-3600 # Default: -# UnreachableDelay=15 +UnreachableDelay=15 ### Option: AlertScriptsPath # Full path to location of custom alert scripts.