-
Notifications
You must be signed in to change notification settings - Fork 0
/
zabbix ansible integration freeipa
180 lines (155 loc) · 4.67 KB
/
zabbix ansible integration freeipa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
Install zabbix on control node
ansible-galaxy collection install community.zabbix
ansible-galaxy collection install freeipa.ansible_freeipa
sudo pip3 zabbix-api
sudo pip3 install zabbix-api
sudo pip3 install zabbix_api
sudo pip3 install pyzabbix
cat > zabbix.yml
---
- name: Installation and configuration zabbix agent
hosts: linux
vars:
supported_os_1:
- OracleLinux
supported_os_2:
- Ubuntu
timesync_ntp_servers:
- hostname: 10.220.55.9
pool: yes
hostname: 10.220.55.10
pool: yes
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipa_password }}"
ipaclient_force_ntpd: false
ipaclient_domain: id.pasha-technology.net
ipaclient_realm: ID.PASHA-TECHNOLOGY.NET
ipaclient_servers: pt-bmdc-ipa1.id.pasha-technology.net, pt-bmdc-ipa2.id.pasha-technology.net
ipaclient_force_join: yes
ipaclient_mkhomedir: yes
vars_files:
- /home/ansible/secret.yml
roles:
- role: community.zabbix.zabbix_agent
zabbix_agent_server: 10.220.55.5
zabbix_agent_serveractive: 10.220.55.5
zabbix_agent_host_state: present
zabbix_agent_dont_detect_ip: True
tasks:
- name: Configuation for supported_os_2
block:
- name: Open ufw port
ufw:
rule: allow
port: 10050
proto: tcp
- name: Install necessery packate
apt:
name:
- chrony
state: present
- name: Add local NTP servers
blockinfile:
path: /etc/chrony/chrony.conf
block: |
server 10.220.55.9
server 10.220.55.10
- name: Restart necessery services
service:
name: "{{ item }}"
state: restarted
loop:
- chronyd
- zabbix-agent
when: ansible_distribution in supported_os_2
- name: Configuration for supported_os_1
block:
- name: Open firewall port
firewalld:
zone: public
service: zabbix-agent
permanent: yes
state: enabled
immediate: yes
- name: Restart zabbix agent service
service:
name: zabbix-agent.service
state: restarted
- name: Configure NTP server
include_role:
name: rhel-system-roles.timesync
when: ansible_distribution in supported_os_1
- name: Configuration Freeipa clinet
block:
- name: Add A records to HOSTS file
blockinfile:
path: /etc/hosts
block: |
10.220.55.5 zabbix.pasha-technology.net
10.220.55.151 pt-bmdc-ipa1.id.pasha-technology.net
10.220.55.151 pt-bmdc-ipa2.id.pasha-technology.net
- name: install and configure free-ipa-client
include_role:
name: freeipa.ansible_freeipa.ipaclient
- name: Create linux hosts in zabbix server
hosts: localhost
vars_files:
- /home/ansible/hosts.yml
- /home/ansible/secret.yml
tasks:
- name: Create a new host or update an existing host's info
local_action:
module: community.zabbix.zabbix_host
validate_certs: no
server_url: https://zabbix.pasha-technology.net/
login_user: "{{ username }}"
login_password: "{{ password }}"
host_name: "{{ item.hostname }}"
visible_name: "{{ item.visible_name }}"
description: "{{ item.description }}"
host_groups:
- "{{ item.group }}"
link_templates:
- "{{ item.template }}"
status: enabled
state: present
interfaces:
- type: 1
main: 1
useip: 1
ip: "{{ item.ip }}"
port: 10050
dns: ""
loop: "{{ hosts }}"
...
__________________________
cat hosts.yml
hosts:
- hostname: ansible1
visible_name: ansible1
description: Test server
group: Linux servers
template: Linux by Zabbix agent
ip: 10.220.56.51
- hostname: ansible2
visible_name: ansible2
description: Test server 2
group: Linux servers
template: Linux by Zabbix agent
ip: 10.220.56.52
_____________________________________________________
cat > freeipa.yml
---
- name: configuration freeipa client
hosts: ansible1
tasks:
- name: install ipa-client package
package:
name: ipa-client
state: present
- name: add line to hosts file
lineinfile:
path: /etc/hosts
line: 10.220.55.151 pt-bmdc-ipa1.id.pasha-technology.net
- name: join vm to freeipa
shell: sudo ipa-client-install --hostname=`hostname -f` --mkhomedir --server=pt-bmdc-ipa1.id.pasha-technology.net --domain id.pasha-technology.net --realm ID.PASHA-TECHNOLOGY.NET -p admin -w ******** -U