Try   HackMD

Zabbix proxy setup

This document describes the requirements and steps to create a Zabbix proxy host.


1 Project Structure

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Figure 1: (Demo) project structure

In the above image (Figure 1) the project structure is displayed, this is to get a full view and understanding of what will be built in the next chapters.
The Zabbix master will communicate with the Ubuntu host using port 10050 and 10051 on the UDP protocol. The proxy host itself will be running three services;

  1. Zabbix proxy
  2. Zabbix agent
  3. Postgresql

These services are internally connected and will communicate with each other.
The Zabbix
could and possible will be monitord by the local Zabbix proxy, but that would be an issue when the host itself goes offline. There for the Zabbix agent shall also be connected to the original Zabbix master.

2 Zabbix-test VM configuration

Before hardware can be purchased, there needs to be knowledge about the needs of a basic Zabbix configuration. Therefore, in the next subchapter, the steps to configure a Zabbix proxy are documented. That way, once the virtual machine is configured, the machine can be diagnosed for its resource usage.

2.1 "Pre" Zabbix proxy installation

Before any form (server, proxy, agent) of Zabbix can be installed the public Zabbix repository is required on the target host.
This can be installd using the following commands (for Ubuntu distro):

wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-1+ubuntu20.04_all.deb
sudo apt update
sudo dpkg -i zabbix-release_6.0-1+ubuntu20.04_all.deb

sudo apt-get update

The above commands do the following;

  • Download the latest repository
  • Unpack and install the downloaded package(s)
  • Update the system

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Beware, the repository and package version may have updated: Make sure to download the latest version for security patches and other improvments!

Chapter Source


2.2 Database installation (Postgresql - v13)

sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

wget quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

sudo apt-get update

sudo apt-get -y install postgresql-13 postgresql-doc-13

Enable Postgresql (start on system startup):
sudo systemctl enable postgresql.service

Login as default postgres user (sudo -i -u postgres) or create new user form current account.
sudo -u postgres createuser --interactive

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Postgres user creation

Creating a database:
sudo -u postgres createdb zabbix_proxy

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Postgres database added

Granting user delaware all privileges on the created database (zabbix_proxy):
GRANT ALL PRIVILEGES ON DATABASE zabbix_proxy TO delaware;

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Postgres grant all privileges to user

Note: The Postgresql version used here (13) is to be compatible with Zabbix 6.0! If a newer version is available and compatible with the latest Zabbix version, installation steps maybe different!

Chapter Source


2.3 Zabbix proxy installation

Because the database engine is Postgresql and already installed we can perform the following command;

sudo apt install zabbix-proxy-pgsql
(These two commands need to be preformed seperately, otherwise this will result in one of the two not installing properly!)
sudo apt install zabbix-sql-scripts

This will install the Zabbix-proxy and its packages.

The last command will import the Zabbix schema in to the just created database.

sudo cat /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql | psql -U delaware zabbix_proxy

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Result when command whas successfull

3 SNMP-trap-receiver installation

Once the schema has been imported, the trap-receiver needs to be installed. The trap-receiver will make sure there is active monitoring instead of passive monitoring.
This means that once there is a change on the monitored devices a trap is sent with a change allert to the zabbix-proxy. This is more efficient than constantly polling all devices for any changes.

sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl

sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl

Note: the $SNMPTrapperFile value in the zabbix_trap_receiver pearlscript needs be the same as the SNMPTrapperFile path in the zabbix_proxy.conf (value there will be "/tmp/zabbix_traps.tmp")

3.1 SNMP/trapd installation and configuration

Snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages

sudo apt install snmp
sudo apt install snmp-mibs-downloader
sudo apt install snmptrapd
sudo apt install snmptt

Edit the snmptrapd configuration (sudo vim etc/snmp/snmptrapd.conf) and add the following:

authCommunity execute DLWReadOnly
perl do "/usr/bin/zabbix_trap_receiver.pl";

Save, restart and check snmptrapd status:

service snmptrapd restart
service snmptrapd status

Enable the service to start on system startup:
systemctl enable snmptrapd


3.2 Configuration of the zabbix_proxy.conf file

Once the database is created and schema importedand all previous steps where successfull, the file zabbix_proxy.conf needs to be configured to match our database properties.

sudo vim /etc/zabbix/zabbix_proxy.conf


Server=zabbix.gsinet.be
LogFileSize=1024
DebugLevel=3
Hostname=system.hostname
DBUser=zabbixadmin
DBPassword=<ZABBIX PROXY SQL SA ACCOUNT password>
ConfigFrequency=60
SNMPTrapperFile=/tmp/zabbix_traps.tmp
StartSNMPTrapper=1
Timeout=30

Once that is finished the Zabbix proxy can be startd/restarted.

sudo systemctl restart zabbix-proxy
sudo systemctl enable zabbix-proxy

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
Zabbix proxy service up and running

Zabbix agent installation

Once the proxy is installed the agent needs to be installed.

sudo apt install zabbix-agent
Configuring the agent:

sudo vim /etc/zabbix/zabbix_agentd.conf`

Server=gsi-em-az1-0047.gsinet.be
Hostname=system.hostname

Restart service:
sudo systemctl restart zabbix-agent

Enable start on system startup:
sudo systemctl enable zabbix-agent


Validate configuration

To check if the installation and configuration was successfull, you can view the log files of the proxy and agent. If both do not give any error messages the configuration is correct.

Example of log files with a good configuration:

zabbix_proxy.log:

Command tail -f /var/log/zabbix/zabbix_proxy.log

zabbix_agentd.log:

Command tail -f /var/log/zabbix/zabbix_agentd.log

Enable SNMP on Ubuntu

To monitor an Ubuntu server in Zabbix there needs to be an SNMP configuration accordingly. In chapter 3.1 we installed all required packages for SNMP.
In the full configuration file, we changed the rocommunity secret to testProxyServer and the agentAddress to 'udp:161'. This means the SNMP service will be accessible from all IP-addresses when they provide the right secret (testProxyServer).

On the Zabbix interface, we then add a host with a macro provided. This macro is called "{$SNMP_COMMUNITY}" and corresponds to the secret defined 'testProxyServer'.

If all when well the host is available via SNMP:

Full configuration file (snmpd.conf):

###########################################################################
#
# snmpd.conf
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See snmpd.conf(5) man page for details
#
###########################################################################
# SECTION: System Information Setup
# 
    
# syslocation: The [typically physical] location of the system.
#   Note that setting this value here means that when trying to
#   perform an snmp SET operation to the sysLocation.0 variable will make
#   the agent return the "notWritable" error code.  IE, including
#   this token in the snmpd.conf file will disable write access to
#   the variable.
#   arguments:  location_string
sysLocation    VM on Azure cloud
sysContact     vanmolg@delawareconsulting.com

# sysservices: The proper value for the sysServices object.
#   arguments:  sysservices_number
sysServices    72



###########################################################################
# SECTION: Agent Operating Mode
#
#   This section defines how the agent will operate when it
#   is running.

# master: Should the agent operate as a master agent or not.
#   Currently, the only supported master agent type for this token
#   is "agentx".
#   
#   arguments: (on|yes|agentx|all|off|no)

master  agentx

# agentaddress: The IP address and port number that the agent will listen on.
#   By default the agent listens to any and all traffic from any
#   interface on the default SNMP port (161).  This allows you to
#   specify which address, interface, transport type and port(s) that you
#   want the agent to listen on.  Multiple definitions of this token
#   are concatenated together (using ':'s).
    #   arguments: [transport:]port[@interface/address],...

agentaddress  udp:161,[::1]



###########################################################################
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# Views 
#   arguments viewname included [oid]

#  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1


# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid | -V view]

# Read-only access to everyone to the systemonly view
rocommunity testProxyServer 0.0.0.0/0
rocommunity6 public default -V systemonly

# SNMPv3 doesn't use communities, but users with (optionally) an
# authentication and encryption string. This user needs to be created
# with what they can view with rouser/rwuser lines in this file.
#
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
# e.g.
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
#
# This should be put into /var/lib/snmp/snmpd.conf 
#
# rouser: a SNMPv3 read-only access username
#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly

Flash Ubuntu to eMMC memory of RPI-CM4

https://www.jeffgeerling.com/blog/2020/how-flash-raspberry-pi-os-compute-module-4-emmc-usbboot


Selenium setup

Source of documentation.

Update system:
sudo apt-get update
Upgrade system:
sudo apt-get upgrade

Check installed python3 version (if installed):
python3 -V

Install python-pip:
sudo apt-get install python3-pip

Install selenium using pip:
pip3 install selenium

Download zip package with driver:
wget https://chromedriver.storage.googleapis.com/102.0.5005.61/chromedriver_linux64.zip
Beware of the driver version! All versions can be found here: https://chromedriver.storage.googleapis.com/index.html

Unzip zip file:
unzip chromedriver_linux64.zip -d drivers/

Creation of folder to save scripts:
sudo mkdir webchecks

Create file with script:
touch wikiCheck.py

Install chrome:
sudo apt-get install google-chrome-stable

The chrome driver will not work if chrome it self is not installed! Also do not forget to mention the driver location in your script!

After all this you can run the script;
python3 wikiCheck.py

200 is pritend because there is a print statement defined in the script. This gives an indication that the site being tested is UP and running and in turn our test has completed successfully!


When the configuration is succesfull the agent looks like the following;

When the configuration is succesfull the proxy looks like the following;


Equivilent Ansible script:

---
# tasks file for zabbix-proxy
- name: Gather the package facts
  package_facts:
    manager: auto # Or use "apt"

#//////////////// Zabbix repo check and installation ////////////// START
- name: Check if installation pkg file exists
  shell: ls /home/{{ host_user }}
  register: downloaded_files

- name: Download Zabbix pkg file when not already already present
  get_url:
    url: https://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ target_os }}/pool/main/z/zabbix-release/zabbix-release_{{ zabbix_release_version }}+{{ target_os }}{{ target_os_version }}_all.deb # (make variable of some sort, that way the latest version of postgress is always installed)
    dest: /home/{{ host_user }}/
    mode: '0755'
  when: 'not "zabbix-release_zabbix_release_version+target_os$(lsb_release -rs)_all.deb" in downloaded_files.stdout' # Conditional may NOT work

- name: Install Zabbix pkg if not installed
  become: true
  apt:
    deb: /home/{{ host_user }}/zabbix-release_{{ zabbix_release_version }}+{{ target_os }}{{ target_os_version }}_all.deb
  when: 
    - "'zabbix_proxy' not in ansible_facts.packages"
    - "'zabbix-release' not in ansible_facts.packages"
#//////////////// Zabbix repo check and installation ////////////// END



#//////////////// REMOVE postgresql v13 or higher //////////////// START
- name: Remove Postgres repository
  become: true
  apt_repository:
    repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
    state: absent
    filename: pgdg

- name: Apt/cache update
  apt:
    update_cache: yes
    #Run the equivalent of apt-get update command on all servers
    force_apt_get: yes
    #Do not use the aptitude command, instead use the apt-get command on Debian/Ubuntu boxes
    cache_valid_time: 3600

- name: Remove Postgres dependencies
  become: true
  apt:
    name: 
      - postgresql
      - postgresql-client
      - postgresql-doc
      - postgresql-contrib
      - zabbix-sql-scripts
    state: absent
#//////////////// REMOVE postgresql v13 or higher //////////////// END


#//////////////// Install postgresql v13 or higher //////////////// START
- name: Install dependincies required by Postgresql
  become: true
  apt:
    name:
      - openssl
      - libssl-dev
      - libssl-doc
      - curl 
      - gpg 
      - gnupg2 
      - software-properties-common 
      - apt-transport-https 
      - lsb-release 
      - ca-certificates
    state: present

- name: Get Postgres repository access keys (required before repo install)
  apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
    state: present

- name: Get Postgres latest repository release
  become: true
  apt_repository:
    repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
    state: present
    filename: pgdg


- name: Install Postgres dependencies (if not installed)
  become: true
  apt:
    name: 
      - postgresql # Install postgresql 13 (make variable of some sort, that way the latest version of postgress is always installed)
      - postgresql-client
      - postgresql-doc
      - postgresql-contrib
    state: present
  #when:  => ! "When" statement does not work here as it are not standard packages being installed !
  #  - "'postgresql-13' not in ansible_facts.packages"
  #  - "'postgresql-client-13' not in ansible_facts.packages"
  #  - "'postgresql-doc-13' not in ansible_facts.packages"
  #  - "'postgresql-contrib' not in ansible_facts.packages"
  #  - "'zabbix-sql-scripts' in ansible_facts.packages"
#//////////////// Install postgresql v13 or higher //////////////// END




#//////////////// Install Chrome driver and repo key for Webchecks ////////////// START
- name: Install UnZip and gzip
  become: true
  apt:
    name: 
      - unzip
      - gzip
    state: present 

- name: Check if Chrome-Driver already downloaded
  stat: 
    path: /home/{{ host_user }}/chromedriver_linux64.zip
  register: chrome_driver_zip

- name: Download Chrome-Driver
  get_url:
    url: https://chromedriver.storage.googleapis.com/{{ chrome_driver_version }}/chromedriver_linux64.zip
    dest: /home/{{ host_user }}/chromedriver_linux64.zip
  when: not chrome_driver_zip.stat.exists  # == False

- name: Unarchive Chrome-Driver
  unarchive:
    remote_src: yes
    src: /home/{{ host_user }}/chromedriver_linux64.zip
    dest: /home/{{ host_user }}/
  when: not chrome_driver_zip.stat.exists # == False

- name: Add Apt Google Chrome signing key
  apt_key:
    url: "https://dl.google.com/linux/linux_signing_key.pub"
    state: present

- name: Add Google Chrome repository into sources list
  apt_repository:
    repo: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
    state: present
    filename: google-chrome
#//////////////// Install Chrome driver and repo key for Webchecks ////////////// END




#//////////////// Zabbix and required packages installation ////////////// START
- name: Install Zabbix, Google Chrome and pip3 dependencies (if not installed)
  become: true
  apt:
    name:
      - zabbix-proxy-pgsql
      - zabbix-sql-scripts
      - google-chrome-stable
      - python3-pip
      - libpq-dev   # Required for pip package psycopg2
      - python3-dev # Required for pip package psycopg2
    state: present
#  when:    Creates potential conflict with "state: present" 
#    - "not 'zabbix-proxy-pgsql' in ansible_facts.packages"
#    - "not 'google-chrome-stable' in ansible_facts.packages"
#    - "not 'python3-pip' in ansible_facts.packages"
#    - "not 'libpq-dev' in ansible_facts.packages"
#    - "not 'python3-dev' in ansible_facts.packages"    


- name: Apt/cache update packages
  apt:
    update_cache: yes
    force_apt_get: yes
    cache_valid_time: 3600
#//////////////// Zabbix and required packages installation ////////////// END




#//////////////// Install/update required dependencies and change DB-connection access ////////////// START
- name: Install and upgrade pip
  pip:
    name: pip
    extra_args: --upgrade
    executable: pip3

- name: Install pip3 packages (required to for Postgres/Selenium)
  become: true
  pip: 
    name: 
      - psycopg2-binary
      - datetime
      - selenium
      - requests
    extra_args: --upgrade
    state: present

- name: Apt update (required to proceed database configuration)
  apt:
    update_cache: yes

- name: Start/enable postgreSQL
  service:
    name: postgresql
    state: started
    enabled: yes
    daemon_reload: yes

- name: Replace "peer" with "trust" in "pg_hba.conf" to allow for connection to DB-socket
  become: true
  lineinfile:
    path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
    regexp: '.*local   all             postgres                                peer(.*)$'
    line: 'local   all             all                                trust'
    backrefs: yes # No change will be made when line not found in file
#  notify: Restart Postgres

- name: Restart postgresql service (required for DB-file changes to take effect)
  become: true
  service:
    name: postgresql
    state: restarted
    enabled: true
#//////////////// Install/update required dependencies and change DB-connection access ////////////// START





#/////////////// Zabbix database configuration //////////////// START
- name: Removes all anonymous DB-user accounts
  become: true
  no_log: false
  postgresql_user:
    name: ''
    # login to default postgres database with default user postgres
    db: postgres
    login_user: postgres
    login_password: ''
    state: absent
    # Indicate if the password hashed
    encrypted: no 
    fail_on_user: no

- name: Create DB-user proxy-admin (or defined otherwise in vars)
  become: true
  no_log: false
  postgresql_user:
    db: postgres
    name: "{{ host_user }}"
    password: "{{ zabbixadmin_password }}"
    state: present
    login_user: postgres
    login_password: ''
    encrypted: yes 

- name: Create zabbix_proxy database
  postgresql_db:
    name: zabbix_proxy
    owner: "{{ host_user }}"
    state: present

- name: Grant proxy-admin ALL privileges on zabbix proxy
  become: true
  postgresql_privs:
    type: database
    database: zabbix_proxy
    role: "{{ host_user }}"
    grant_option: false
    state: present
    privs: ALL

- name: Check if databse schema exists (using correct module)
  postgresql_schema:
    db: zabbix_proxy
    name: zabbix_proxy
    owner: "{{ host_user }}"
    login_user: postgres
    login_password: ""
    state: present
  register: database_schema_exists

- name: Check if postgres "proxy.sql" file exists (BEFORE-check)
  become: true
  stat:
    path: /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql
  register: postgresql_file

- name: Extract schema from gzip (file to be imported)
  become: true
  shell: gzip -dk /usr/share/doc/zabbix-sql-scripts/postgresql/server.sql.gz
  when: 
    - not postgresql_file.stat.exists

- name: Import DB-schema (with shell) to make db compatible with Zabbix
  become: true
  shell: cat /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql | psql -d zabbix_proxy -U "{{ host_user }}"
#Database schema import only works using above command and not with specific modules for some reason.
#/////////////// Zabbix database configuration //////////////// END


#/////////////// Zabbix_proxy.conf //////////////// START   
#- name: Replace "server" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*Server=.*'
#    replace: 'Server={{ zabbix_server }}'

#- name: Replace "LogFileSize" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*LogFileSize=.*'
#    replace: 'LogFileSize=1024'

#- name: Replace "DebugLevel" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*DebugLevel=.*'
#    replace: 'DebugLevel=3'

#- name: Replace "HostName" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*Hostname=.*'
#    replace: 'Hostname={{ ansible_hostname|upper }}'

#- name: Replace "DBName" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*DBName=.*'
#    replace: 'DBName={{ zabbix_db_name }}'

#- name: Replace "DBUser" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*DBUser=.*'
#    replace: 'DBUser={{ host_user }}'
    #zabbixadmin

#- name: Replace DBPassword in "zabbix_config.conf"
#  become: true
#  no_log: false
#  lineinfile:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*DBPassword=.*'
#    line: 'DBPassword={{ zabbixadmin_password }}'
#    backrefs: yes # No change will be made when line not found in file

#- name: Replace DBHost in "zabbix_config.conf"
#  become: true
#  no_log: false
#  lineinfile:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*DBHost=*'
#    line: "DBHost=127.0.0.1"
#    backrefs: yes # No change will be made when line not found in file

#- name: Replace "ConfigFrequency" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*ConfigFrequency=.*'
#    replace: 'ConfigFrequency=60'

#- name: Replace "SNMPTrapperFile" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*SNMPTrapperFile=.*'
#    replace: 'SNMPTrapperFile=/tmp/zabbix_traps.tmp'

#- name: Replace "StartSNMPTrapper" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*StartSNMPTrapper=.*'
#    replace: 'StartSNMPTrapper=1'

#- name: Replace "Timeout" variable-value in "zabbix_proxy.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_proxy.conf
#    regexp: '.*Timeout=.*'
#    replace: 'Timeout=30'
#/////////////// Zabbix_proxy.conf //////////////// END

- name: Apply zabbix_proxy.conf template
  template:
    src: zabbix_proxy.conf
    dest: /etc/zabbix/zabbix_proxy.conf
  notify: Restart zabbix-proxy service


#/////////////// Zabbix Agent //////////////// START  
- name: Apt install "zabbix-agent2"
  apt:
    pkg: 
    - zabbix-agent2
    state: present

#
#- name: Replace "server" variable-value in "zabbix_agent2.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_agent2.conf
#    regexp: '.*Server=.*'
#    replace: "Server={{ ansible_hostname|lower }}.gsinet.be" # End of domain name also to variable?

#- name: Replace "ServerActive" variable-value in "zabbix_agent2.conf"
#  become: true
#  replace:
#    path: /etc/zabbix/zabbix_agent2.conf
#    regexp: '.*ServerActive=.*'
#    replace: "ServerActive={{ ansible_hostname|lower}}.gsinet.be" # Also replace static end of domain name definition to variable?

# Can maybe written more short by using handlers (restart only on change) and there fore added back to previous block of code... 
#- name: Restart zabbix-agent2 service
#  become: true
#  service:
#    name: zabbix-agent2
#    state: restarted
#    enabled: yes
#/////////////// Zabbix Agent //////////////// END



- name: Copy WebCheck scripts to remote host(s) and backup old scripts
  ansible.builtin.copy:
    src: WebChecks/wiki-delaware-pro/Linux/
    dest: /opt/webchecks/xyz/
    owner: "{{ host_user }}"
    mode: '0755'
    backup: yes

#//////////////// Add/update cronjob ////////////// START
- name: "Add  cronjob for webchecks under /etc/cron.d"
  cron:
    name: "Webchecks cronjb"
    state: present
    minute: "*/5"
    hour: "*"
    day: "*"
    month: "*"
    weekday: "*"
    job: 'python3 /opt/webchecks/xyz/xyz.py'
    user: "{{ host_user }}"
    cron_file: webchecks
#//////////////// Add/update cronjob ////////////// END


#- name: Add UserParameters to zabbix-agent2.conf file
#  lineinfile:
#    dest: "/etc/zabbix/zabbix_agent2.conf"
#    regexp: "{{ item.regexp }}"
#    line: "{{ item.line }}"
#    insertafter: UserParameter=.*
#    backrefs: no
#  loop:
#    - { regexp: '.*UserParameter=webcheck.xyz.status.*', line: 'UserParameter=webcheck.xyz.status, cat /opt/webchecks/xyz_status_code.txt' }
#    - { regexp: '.*UserParameter=webcheck.xyz.duration.*', line: 'UserParameter=webcheck.xyz.duration, cat /opt/webchecks/xyz_time_taken.txt' }
#    - { regexp: '.*UserParameter=webcheck.xyz.control.*', line: 'UserParameter=webcheck.xyz.control, cat /opt/webchecks/xyz_control.txt' }

- name: Apply zabbix_agent2.conf template
  template:
    src: zabbix_agent2.conf
    dest: /etc/zabbix/zabbix_agent2.conf
  notify: Restart zabbix-agent2 service

- name: Apt update
  apt:
    update_cache: yes

- name: Install lxml
  become: true
  pip:
    name: lxml

## Requirements for MDATP exclusions on proxies
- name: Install Dependencies
  become: true
  apt:
    name:
    - wget
    - libxml2-dev
    - libxslt1-dev
#    - python-lxml
    state: present