--- tags: Delaware --- # Zabbix proxy setup This document describes the requirements and steps to create a *Zabbix* proxy host. ___ ### 1 Project Structure |![project structure](https://i.imgur.com/JkhkmSh.png) |:--:| | *Figure 1: (Demo) project structure* | In the above image (Figure 1) the project structure is displayed, this is to get a full view and understanding of what will be built in the next chapters. The *Zabbix* master will communicate with the *Ubuntu* host using port `10050` and `10051` on the UDP protocol. The proxy host itself will be running three services; 1. *Zabbix* proxy 2. *Zabbix* agent 3. Postgresql These services are internally connected and will communicate with each other. The *Zabbix* could and possible will be monitord by the local *Zabbix proxy*, but that would be an issue when the host itself goes offline. There for the *Zabbix* agent shall also be connected to the original *Zabbix* master. ### 2 Zabbix-test VM configuration Before hardware can be purchased, there needs to be knowledge about the needs of a basic Zabbix configuration. Therefore, in the next subchapter, the steps to configure a Zabbix proxy are documented. That way, once the virtual machine is configured, the machine can be diagnosed for its resource usage. #### 2.1 "Pre" Zabbix proxy installation Before any form (server, proxy, agent) of Zabbix can be installed the public Zabbix repository is required on the target host. This can be installd using the following commands (for Ubuntu distro): > wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-1+ubuntu20.04_all.deb > sudo apt update > sudo dpkg -i zabbix-release_6.0-1+ubuntu20.04_all.deb > > sudo apt-get update > The above commands do the following; - Download the latest repository - Unpack and install the downloaded package(s) - Update the system ::: warning :warning: **Beware, the repository and package version may have updated**: Make sure to download the latest version for security patches and other improvments! ::: Chapter [Source](https://www.zabbix.com/documentation/3.2/en/manual/installation/install_from_packages/repository_installation) ___ #### 2.2 Database installation (Postgresql - v13) > sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' > > wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - > > sudo apt-get update > > sudo apt-get -y install postgresql-13 postgresql-doc-13 Enable Postgresql (start on system startup): `sudo systemctl enable postgresql.service` Login as default *postgres* user (`sudo -i -u postgres`) or create new user form current account. `sudo -u postgres createuser --interactive` | ![](https://i.imgur.com/KJuLhiY.png)| |:--:| | *Postgres user creation* | Creating a database: `sudo -u postgres createdb zabbix_proxy` |![](https://i.imgur.com/bECAsbw.png)| |:--:| | *Postgres database added* | Granting user *delaware* all privileges on the created database (zabbix_proxy): `GRANT ALL PRIVILEGES ON DATABASE zabbix_proxy TO delaware; ` |![](https://i.imgur.com/OTGOkCT.png)| |:--:| | *Postgres grant all privileges to user* | ::: info **Note**: The Postgresql version used here (**13**) is to be compatible with Zabbix 6.0! If a newer version is available and compatible with the latest Zabbix version, installation steps maybe different! ::: Chapter [Source](https://www.digitalocean.com/community/tutorials/how-to-install-postgresql-on-ubuntu-20-04-quickstart) ___ #### 2.3 Zabbix proxy installation Because the database engine is *Postgresql* and already installed we can perform the following command; `sudo apt install zabbix-proxy-pgsql` (These two commands need to be preformed seperately, otherwise this will result in one of the two not installing properly!) `sudo apt install zabbix-sql-scripts` This will install the Zabbix-proxy and its packages. The last command will import the Zabbix schema in to the just created database. `sudo cat /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql | psql -U delaware zabbix_proxy` |![](https://i.imgur.com/Kvvrj01.png)| |:--:| | *Result when command whas successfull* | ### 3 SNMP-trap-receiver installation Once the schema has been imported, the trap-receiver needs to be installed. The trap-receiver will make sure there is active monitoring instead of passive monitoring. This means that once there is a change on the monitored devices a trap is sent with a change allert to the zabbix-proxy. This is more efficient than constantly polling all devices for any changes. > sudo wget https://git.zabbix.com/projects/ZBX/repos/zabbix/raw/misc/snmptrap/zabbix_trap_receiver.pl -O /usr/bin/zabbix_trap_receiver.pl > > sudo chmod a+x /usr/bin/zabbix_trap_receiver.pl **Note:** *the $SNMPTrapperFile value in the zabbix_trap_receiver pearlscript needs be the same as the SNMPTrapperFile path in the zabbix_proxy.conf (value there will be "/tmp/zabbix_traps.tmp")* #### 3.1 SNMP/trapd installation and configuration Snmptrapd is an SNMP application that receives and logs SNMP TRAP and INFORM messages > sudo apt install snmp > sudo apt install snmp-mibs-downloader > sudo apt install snmptrapd > sudo apt install snmptt Edit the snmptrapd configuration (*sudo vim etc/snmp/snmptrapd.conf*) and add the following: > authCommunity execute DLWReadOnly > perl do "/usr/bin/zabbix_trap_receiver.pl"; Save, restart and check *snmptrapd* status: > service snmptrapd restart > service snmptrapd status Enable the service to start on system startup: `systemctl enable snmptrapd` ___ #### 3.2 Configuration of the *zabbix_proxy.conf* file Once the database is created and schema importedand all previous steps where successfull, the file `zabbix_proxy.conf` needs to be configured to match our database properties. > #### sudo vim /etc/zabbix/zabbix_proxy.conf > ---------------------- > Server=zabbix.gsinet.be > LogFileSize=1024 > DebugLevel=3 > Hostname=system.hostname > DBUser=zabbixadmin > DBPassword=<ZABBIX PROXY SQL SA ACCOUNT password> > ConfigFrequency=60 > SNMPTrapperFile=/tmp/zabbix_traps.tmp > StartSNMPTrapper=1 > Timeout=30 Once that is finished the Zabbix proxy can be startd/restarted. `sudo systemctl restart zabbix-proxy ` `sudo systemctl enable zabbix-proxy` |![](https://i.imgur.com/3OYEim3.png)| |:--:| | *Zabbix proxy service up and running* | ___ ### Zabbix agent installation Once the proxy is installed the agent needs to be installed. `sudo apt install zabbix-agent` Configuring the agent: > #### sudo vim /etc/zabbix/zabbix_agentd.conf` > Server=gsi-em-az1-0047.gsinet.be > Hostname=system.hostname Restart service: `sudo systemctl restart zabbix-agent` Enable start on system startup: `sudo systemctl enable zabbix-agent` ___ ### Validate configuration To check if the installation and configuration was successfull, you can view the log files of the proxy and agent. If both do not give any error messages the configuration is correct. Example of log files with a good configuration: **zabbix_proxy.log:** |![](https://i.imgur.com/47kM3Ju.png)| |:--:| | *Command `tail -f /var/log/zabbix/zabbix_proxy.log`* | **zabbix_agentd.log:** |![](https://i.imgur.com/8NLhNMM.png)| |:--:| | *Command `tail -f /var/log/zabbix/zabbix_agentd.log`* | ___ ### Enable SNMP on Ubuntu To monitor an Ubuntu server in Zabbix there needs to be an SNMP configuration accordingly. In *chapter 3.1* we installed all required packages for SNMP. In the full configuration file, we changed the *rocommunity* secret to *testProxyServer* and the *agentAddress* to '*udp:161*'. This means the SNMP service will be accessible from all IP-addresses when they provide the right secret (testProxyServer). On the Zabbix interface, we then add a host with a macro provided. This macro is called "*{$SNMP_COMMUNITY}*" and corresponds to the secret defined '*testProxyServer*'. ![](https://i.imgur.com/ReDpUjS.png) If all when well the host is available via SNMP: ![](https://i.imgur.com/JNSXNYi.png) **Full configuration file (*snmpd.conf*):** ``` ########################################################################### # # snmpd.conf # An example configuration file for configuring the Net-SNMP agent ('snmpd') # See snmpd.conf(5) man page for details # ########################################################################### # SECTION: System Information Setup # # syslocation: The [typically physical] location of the system. # Note that setting this value here means that when trying to # perform an snmp SET operation to the sysLocation.0 variable will make # the agent return the "notWritable" error code. IE, including # this token in the snmpd.conf file will disable write access to # the variable. # arguments: location_string sysLocation VM on Azure cloud sysContact vanmolg@delawareconsulting.com # sysservices: The proper value for the sysServices object. # arguments: sysservices_number sysServices 72 ########################################################################### # SECTION: Agent Operating Mode # # This section defines how the agent will operate when it # is running. # master: Should the agent operate as a master agent or not. # Currently, the only supported master agent type for this token # is "agentx". # # arguments: (on|yes|agentx|all|off|no) master agentx # agentaddress: The IP address and port number that the agent will listen on. # By default the agent listens to any and all traffic from any # interface on the default SNMP port (161). This allows you to # specify which address, interface, transport type and port(s) that you # want the agent to listen on. Multiple definitions of this token # are concatenated together (using ':'s). # arguments: [transport:]port[@interface/address],... agentaddress udp:161,[::1] ########################################################################### # SECTION: Access Control Setup # # This section defines who is allowed to talk to your running # snmp agent. # Views # arguments viewname included [oid] # system + hrSystem groups only view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 # rocommunity: a SNMPv1/SNMPv2c read-only access community name # arguments: community [default|hostname|network/bits] [oid | -V view] # Read-only access to everyone to the systemonly view rocommunity testProxyServer 0.0.0.0/0 rocommunity6 public default -V systemonly # SNMPv3 doesn't use communities, but users with (optionally) an # authentication and encryption string. This user needs to be created # with what they can view with rouser/rwuser lines in this file. # # createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase] # e.g. # createuser authPrivUser SHA-512 myauthphrase AES myprivphrase # # This should be put into /var/lib/snmp/snmpd.conf # # rouser: a SNMPv3 read-only access username # arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]] rouser authPrivUser authpriv -V systemonly ``` ___ ### Flash Ubuntu to eMMC memory of RPI-CM4 https://www.jeffgeerling.com/blog/2020/how-flash-raspberry-pi-os-compute-module-4-emmc-usbboot ___ ### Selenium setup Source of [documentation](https://python.plainenglish.io/how-to-install-and-setup-selenium-with-python-and-ubuntu-bb6a60ac7b0c). Update system: `sudo apt-get update` Upgrade system: `sudo apt-get upgrade` Check installed python3 version (if installed): python3 -V ![](https://i.imgur.com/Op9sLGl.png) Install python-pip: `sudo apt-get install python3-pip` Install selenium using pip: `pip3 install selenium` Download zip package with driver: `wget https://chromedriver.storage.googleapis.com/102.0.5005.61/chromedriver_linux64.zip` **Beware of the driver version!** All versions can be found here: *https://chromedriver.storage.googleapis.com/index.html* Unzip zip file: `unzip chromedriver_linux64.zip -d drivers/` Creation of folder to save scripts: `sudo mkdir webchecks` ![](https://i.imgur.com/YOv04w1.png) Create file with script: `touch wikiCheck.py` Install chrome: `sudo apt-get install google-chrome-stable` *The chrome driver will not work if chrome it self is not installed! Also do not forget to mention the driver location in your script!* After all this you can run the script; `python3 wikiCheck.py` ![](https://i.imgur.com/UGymC7N.png) *200* is pritend because there is a print statement defined in the script. This gives an indication that the site being tested is UP and running and in turn our test has completed successfully! _____ *When the **configuration** is **succesfull** the **agent** looks like the following;* ![](https://i.imgur.com/Nl0BZQw.png) *When the **configuration** is **succesfull** the **proxy** looks like the following;* ![](https://i.imgur.com/jyWbTLP.png) ___ ### Equivilent Ansible script: ``` --- # tasks file for zabbix-proxy - name: Gather the package facts package_facts: manager: auto # Or use "apt" #//////////////// Zabbix repo check and installation ////////////// START - name: Check if installation pkg file exists shell: ls /home/{{ host_user }} register: downloaded_files - name: Download Zabbix pkg file when not already already present get_url: url: https://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ target_os }}/pool/main/z/zabbix-release/zabbix-release_{{ zabbix_release_version }}+{{ target_os }}{{ target_os_version }}_all.deb # (make variable of some sort, that way the latest version of postgress is always installed) dest: /home/{{ host_user }}/ mode: '0755' when: 'not "zabbix-release_zabbix_release_version+target_os$(lsb_release -rs)_all.deb" in downloaded_files.stdout' # Conditional may NOT work - name: Install Zabbix pkg if not installed become: true apt: deb: /home/{{ host_user }}/zabbix-release_{{ zabbix_release_version }}+{{ target_os }}{{ target_os_version }}_all.deb when: - "'zabbix_proxy' not in ansible_facts.packages" - "'zabbix-release' not in ansible_facts.packages" #//////////////// Zabbix repo check and installation ////////////// END #//////////////// REMOVE postgresql v13 or higher //////////////// START - name: Remove Postgres repository become: true apt_repository: repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" state: absent filename: pgdg - name: Apt/cache update apt: update_cache: yes #Run the equivalent of apt-get update command on all servers force_apt_get: yes #Do not use the aptitude command, instead use the apt-get command on Debian/Ubuntu boxes cache_valid_time: 3600 - name: Remove Postgres dependencies become: true apt: name: - postgresql - postgresql-client - postgresql-doc - postgresql-contrib - zabbix-sql-scripts state: absent #//////////////// REMOVE postgresql v13 or higher //////////////// END #//////////////// Install postgresql v13 or higher //////////////// START - name: Install dependincies required by Postgresql become: true apt: name: - openssl - libssl-dev - libssl-doc - curl - gpg - gnupg2 - software-properties-common - apt-transport-https - lsb-release - ca-certificates state: present - name: Get Postgres repository access keys (required before repo install) apt_key: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc state: present - name: Get Postgres latest repository release become: true apt_repository: repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" state: present filename: pgdg - name: Install Postgres dependencies (if not installed) become: true apt: name: - postgresql # Install postgresql 13 (make variable of some sort, that way the latest version of postgress is always installed) - postgresql-client - postgresql-doc - postgresql-contrib state: present #when: => ! "When" statement does not work here as it are not standard packages being installed ! # - "'postgresql-13' not in ansible_facts.packages" # - "'postgresql-client-13' not in ansible_facts.packages" # - "'postgresql-doc-13' not in ansible_facts.packages" # - "'postgresql-contrib' not in ansible_facts.packages" # - "'zabbix-sql-scripts' in ansible_facts.packages" #//////////////// Install postgresql v13 or higher //////////////// END #//////////////// Install Chrome driver and repo key for Webchecks ////////////// START - name: Install UnZip and gzip become: true apt: name: - unzip - gzip state: present - name: Check if Chrome-Driver already downloaded stat: path: /home/{{ host_user }}/chromedriver_linux64.zip register: chrome_driver_zip - name: Download Chrome-Driver get_url: url: https://chromedriver.storage.googleapis.com/{{ chrome_driver_version }}/chromedriver_linux64.zip dest: /home/{{ host_user }}/chromedriver_linux64.zip when: not chrome_driver_zip.stat.exists # == False - name: Unarchive Chrome-Driver unarchive: remote_src: yes src: /home/{{ host_user }}/chromedriver_linux64.zip dest: /home/{{ host_user }}/ when: not chrome_driver_zip.stat.exists # == False - name: Add Apt Google Chrome signing key apt_key: url: "https://dl.google.com/linux/linux_signing_key.pub" state: present - name: Add Google Chrome repository into sources list apt_repository: repo: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main state: present filename: google-chrome #//////////////// Install Chrome driver and repo key for Webchecks ////////////// END #//////////////// Zabbix and required packages installation ////////////// START - name: Install Zabbix, Google Chrome and pip3 dependencies (if not installed) become: true apt: name: - zabbix-proxy-pgsql - zabbix-sql-scripts - google-chrome-stable - python3-pip - libpq-dev # Required for pip package psycopg2 - python3-dev # Required for pip package psycopg2 state: present # when: Creates potential conflict with "state: present" # - "not 'zabbix-proxy-pgsql' in ansible_facts.packages" # - "not 'google-chrome-stable' in ansible_facts.packages" # - "not 'python3-pip' in ansible_facts.packages" # - "not 'libpq-dev' in ansible_facts.packages" # - "not 'python3-dev' in ansible_facts.packages" - name: Apt/cache update packages apt: update_cache: yes force_apt_get: yes cache_valid_time: 3600 #//////////////// Zabbix and required packages installation ////////////// END #//////////////// Install/update required dependencies and change DB-connection access ////////////// START - name: Install and upgrade pip pip: name: pip extra_args: --upgrade executable: pip3 - name: Install pip3 packages (required to for Postgres/Selenium) become: true pip: name: - psycopg2-binary - datetime - selenium - requests extra_args: --upgrade state: present - name: Apt update (required to proceed database configuration) apt: update_cache: yes - name: Start/enable postgreSQL service: name: postgresql state: started enabled: yes daemon_reload: yes - name: Replace "peer" with "trust" in "pg_hba.conf" to allow for connection to DB-socket become: true lineinfile: path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf regexp: '.*local all postgres peer(.*)$' line: 'local all all trust' backrefs: yes # No change will be made when line not found in file # notify: Restart Postgres - name: Restart postgresql service (required for DB-file changes to take effect) become: true service: name: postgresql state: restarted enabled: true #//////////////// Install/update required dependencies and change DB-connection access ////////////// START #/////////////// Zabbix database configuration //////////////// START - name: Removes all anonymous DB-user accounts become: true no_log: false postgresql_user: name: '' # login to default postgres database with default user postgres db: postgres login_user: postgres login_password: '' state: absent # Indicate if the password hashed encrypted: no fail_on_user: no - name: Create DB-user proxy-admin (or defined otherwise in vars) become: true no_log: false postgresql_user: db: postgres name: "{{ host_user }}" password: "{{ zabbixadmin_password }}" state: present login_user: postgres login_password: '' encrypted: yes - name: Create zabbix_proxy database postgresql_db: name: zabbix_proxy owner: "{{ host_user }}" state: present - name: Grant proxy-admin ALL privileges on zabbix proxy become: true postgresql_privs: type: database database: zabbix_proxy role: "{{ host_user }}" grant_option: false state: present privs: ALL - name: Check if databse schema exists (using correct module) postgresql_schema: db: zabbix_proxy name: zabbix_proxy owner: "{{ host_user }}" login_user: postgres login_password: "" state: present register: database_schema_exists - name: Check if postgres "proxy.sql" file exists (BEFORE-check) become: true stat: path: /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql register: postgresql_file - name: Extract schema from gzip (file to be imported) become: true shell: gzip -dk /usr/share/doc/zabbix-sql-scripts/postgresql/server.sql.gz when: - not postgresql_file.stat.exists - name: Import DB-schema (with shell) to make db compatible with Zabbix become: true shell: cat /usr/share/doc/zabbix-sql-scripts/postgresql/proxy.sql | psql -d zabbix_proxy -U "{{ host_user }}" #Database schema import only works using above command and not with specific modules for some reason. #/////////////// Zabbix database configuration //////////////// END #/////////////// Zabbix_proxy.conf //////////////// START #- name: Replace "server" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*Server=.*' # replace: 'Server={{ zabbix_server }}' #- name: Replace "LogFileSize" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*LogFileSize=.*' # replace: 'LogFileSize=1024' #- name: Replace "DebugLevel" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*DebugLevel=.*' # replace: 'DebugLevel=3' #- name: Replace "HostName" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*Hostname=.*' # replace: 'Hostname={{ ansible_hostname|upper }}' #- name: Replace "DBName" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*DBName=.*' # replace: 'DBName={{ zabbix_db_name }}' #- name: Replace "DBUser" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*DBUser=.*' # replace: 'DBUser={{ host_user }}' #zabbixadmin #- name: Replace DBPassword in "zabbix_config.conf" # become: true # no_log: false # lineinfile: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*DBPassword=.*' # line: 'DBPassword={{ zabbixadmin_password }}' # backrefs: yes # No change will be made when line not found in file #- name: Replace DBHost in "zabbix_config.conf" # become: true # no_log: false # lineinfile: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*DBHost=*' # line: "DBHost=127.0.0.1" # backrefs: yes # No change will be made when line not found in file #- name: Replace "ConfigFrequency" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*ConfigFrequency=.*' # replace: 'ConfigFrequency=60' #- name: Replace "SNMPTrapperFile" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*SNMPTrapperFile=.*' # replace: 'SNMPTrapperFile=/tmp/zabbix_traps.tmp' #- name: Replace "StartSNMPTrapper" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*StartSNMPTrapper=.*' # replace: 'StartSNMPTrapper=1' #- name: Replace "Timeout" variable-value in "zabbix_proxy.conf" # become: true # replace: # path: /etc/zabbix/zabbix_proxy.conf # regexp: '.*Timeout=.*' # replace: 'Timeout=30' #/////////////// Zabbix_proxy.conf //////////////// END - name: Apply zabbix_proxy.conf template template: src: zabbix_proxy.conf dest: /etc/zabbix/zabbix_proxy.conf notify: Restart zabbix-proxy service #/////////////// Zabbix Agent //////////////// START - name: Apt install "zabbix-agent2" apt: pkg: - zabbix-agent2 state: present # #- name: Replace "server" variable-value in "zabbix_agent2.conf" # become: true # replace: # path: /etc/zabbix/zabbix_agent2.conf # regexp: '.*Server=.*' # replace: "Server={{ ansible_hostname|lower }}.gsinet.be" # End of domain name also to variable? #- name: Replace "ServerActive" variable-value in "zabbix_agent2.conf" # become: true # replace: # path: /etc/zabbix/zabbix_agent2.conf # regexp: '.*ServerActive=.*' # replace: "ServerActive={{ ansible_hostname|lower}}.gsinet.be" # Also replace static end of domain name definition to variable? # Can maybe written more short by using handlers (restart only on change) and there fore added back to previous block of code... #- name: Restart zabbix-agent2 service # become: true # service: # name: zabbix-agent2 # state: restarted # enabled: yes #/////////////// Zabbix Agent //////////////// END - name: Copy WebCheck scripts to remote host(s) and backup old scripts ansible.builtin.copy: src: WebChecks/wiki-delaware-pro/Linux/ dest: /opt/webchecks/xyz/ owner: "{{ host_user }}" mode: '0755' backup: yes #//////////////// Add/update cronjob ////////////// START - name: "Add cronjob for webchecks under /etc/cron.d" cron: name: "Webchecks cronjb" state: present minute: "*/5" hour: "*" day: "*" month: "*" weekday: "*" job: 'python3 /opt/webchecks/xyz/xyz.py' user: "{{ host_user }}" cron_file: webchecks #//////////////// Add/update cronjob ////////////// END #- name: Add UserParameters to zabbix-agent2.conf file # lineinfile: # dest: "/etc/zabbix/zabbix_agent2.conf" # regexp: "{{ item.regexp }}" # line: "{{ item.line }}" # insertafter: UserParameter=.* # backrefs: no # loop: # - { regexp: '.*UserParameter=webcheck.xyz.status.*', line: 'UserParameter=webcheck.xyz.status, cat /opt/webchecks/xyz_status_code.txt' } # - { regexp: '.*UserParameter=webcheck.xyz.duration.*', line: 'UserParameter=webcheck.xyz.duration, cat /opt/webchecks/xyz_time_taken.txt' } # - { regexp: '.*UserParameter=webcheck.xyz.control.*', line: 'UserParameter=webcheck.xyz.control, cat /opt/webchecks/xyz_control.txt' } - name: Apply zabbix_agent2.conf template template: src: zabbix_agent2.conf dest: /etc/zabbix/zabbix_agent2.conf notify: Restart zabbix-agent2 service - name: Apt update apt: update_cache: yes - name: Install lxml become: true pip: name: lxml ## Requirements for MDATP exclusions on proxies - name: Install Dependencies become: true apt: name: - wget - libxml2-dev - libxslt1-dev # - python-lxml state: present ```
Last changed by  
Gerrit
225

Read more

Config GUIDE for Khadas VIM3 - SCM

View the slide with "Slide Mode".

12/20/2022
Zabbix proxy SBC-selection

SBC-selection for Zabbix proxy This short document describes and compares two selected Single Board Computers (SBC's) wich are capable of running Zabbix proxy. There are only two SBC's documented as these are the top picks of previous comparisons not mentioned in this document. Table of Contents [TOC] 1 Purpose In order to run a Zabbix proxy, there needs to be a compute module where it can be run on. A Raspberry Pi could be a perfect example of this. However, the downsides of a Raspbarry Pi are the following:

6/29/2022
Read more from Gerrit
Published on HackMD