From 38eae554ebce6b5f639aa393fe9adc49a454da41 Mon Sep 17 00:00:00 2001 From: fe80 Date: Thu, 30 Jun 2022 12:34:34 +0200 Subject: [PATCH] Bootstrap agent2 support * Remove some parameters in zabbix agent configuration if it's zabbix agent2 package * LogRemoteCommands * StartAgents * MaxLinesPerSecond * AllowRoot * User * LoadModulePath * Fix EnableRemoteCommands still use on zabbix agentd > 5 but remove on agent2 Conflicts: manifests/agent.pp spec/classes/agent_spec.rb spec/acceptance/agent_spec.rb templates/zabbix_agentd.conf.erb --- README.md | 16 +++ REFERENCE.md | 13 +++ manifests/agent.pp | 13 +++ spec/acceptance/agent_spec.rb | 141 ++++++++++++++++++++---- spec/classes/agent_spec.rb | 22 ++++ spec/support/acceptance/prepare_host.rb | 13 ++- templates/zabbix_agentd.conf.erb | 25 ++++- 7 files changed, 208 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index c0316332c..73a03d132 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ 5. [Usage - Configuration options and additional functionality](#usage) * [zabbix-server](#usage-zabbix-server) * [zabbix-agent](#usage-zabbix-agent) + * [zabbix-agent2](#usage-zabbix-agent2) * [zabbix-proxy](#usage-zabbix-proxy) * [zabbix-javagateway](#usage-zabbix-javagateway) * [zabbix-sender](#usage-zabbix-sender) @@ -200,6 +201,21 @@ class { 'zabbix::agent': } ``` +### Usage zabbix-agent2 + +Basic one way of setup, wheter it is monitored by zabbix-server or zabbix-proxy: +```ruby +class { 'zabbix::agent': + agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', + include_dir => '/etc/zabbix/zabbix_agent2.d', + include_dir_purge => false, + zabbix_package_agent => 'zabbix-agent2', + servicename => 'zabbix-agent2', + manage_startup_script => false, + server => '192.168.20.11', +} +``` + ### Usage zabbix-proxy Like the zabbix-server, the zabbix-proxy can also be used in 2 ways: diff --git a/REFERENCE.md b/REFERENCE.md index 39fe359d8..d54cdaebc 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1342,6 +1342,19 @@ class { 'zabbix::agent': } ``` +##### Using Zabbix Agent 2 + +```puppet +class { 'zabbix::agent': + agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', + include_dir => '/etc/zabbix/zabbix_agent2.d', + include_dir_purge => false, + zabbix_package_agent => 'zabbix-agent2', + servicename => 'zabbix-agent2', + manage_startup_script => false, +} +``` + #### Parameters The following parameters are available in the `zabbix::agent` class: diff --git a/manifests/agent.pp b/manifests/agent.pp index 560b9f927..858042755 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -134,6 +134,17 @@ # monitored_by_proxy => 'my_proxy_host', # server => '192.168.1.1', # } +# +# @example Using Zabbix Agent 2 +# class { 'zabbix::agent': +# agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', +# include_dir => '/etc/zabbix/zabbix_agent2.d', +# include_dir_purge => false, +# zabbix_package_agent => 'zabbix-agent2', +# servicename => 'zabbix-agent2', +# manage_startup_script => false, +# } +# # @author Werner Dijkerman ikben@werner-dijkerman.nl class zabbix::agent ( $zabbix_version = $zabbix::params::zabbix_version, @@ -219,6 +230,8 @@ String $service_type = $zabbix::params::service_type, Boolean $manage_startup_script = $zabbix::params::manage_startup_script, ) inherits zabbix::params { + $agent2 = $zabbix_package_agent == 'zabbix-agent2' + # Find if listenip is set. If not, we can set to specific ip or # to network name. If more than 1 interfaces are available, we # can find the ipaddress of this specific interface if listenip diff --git a/spec/acceptance/agent_spec.rb b/spec/acceptance/agent_spec.rb index 0c469e94b..a8495b48d 100644 --- a/spec/acceptance/agent_spec.rb +++ b/spec/acceptance/agent_spec.rb @@ -4,34 +4,36 @@ supported_versions.each do |version| describe "zabbix::agent class with zabbix_version #{version}" do - it 'works idempotently with no errors' do - pp = <<-EOS - class { 'zabbix::agent': - server => '192.168.20.11', - zabbix_package_state => 'latest', - zabbix_version => '#{version}', - } - EOS + context 'With minimal parameter' do + it 'works idempotently with no errors' do + pp = <<-EOS + class { 'zabbix::agent': + server => '192.168.20.11', + zabbix_package_state => 'latest', + zabbix_version => '#{version}', + } + EOS - prepare_host + prepare_host - # Run it twice and test for idempotency - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end + # Run it twice and test for idempotency + apply_manifest(pp, catch_failures: true) + apply_manifest(pp, catch_changes: true) + end - # do some basic checks - describe package('zabbix-agent') do - it { is_expected.to be_installed } - end + # do some basic checks + describe package('zabbix-agent') do + it { is_expected.to be_installed } + end - describe service('zabbix-agent') do - it { is_expected.to be_running } - it { is_expected.to be_enabled } - end + describe service('zabbix-agent') do + it { is_expected.to be_running } + it { is_expected.to be_enabled } + end - describe file('/etc/zabbix/zabbix_agentd.conf') do - its(:content) { is_expected.not_to match %r{ListenIP=} } + describe file('/etc/zabbix/zabbix_agentd.conf') do + its(:content) { is_expected.not_to match %r{ListenIP=} } + end end context 'With ListenIP set to an IP-Address' do @@ -87,4 +89,97 @@ class { 'zabbix::agent': end end end + + describe "zabbix::agent class with agent2 and zabbix_version #{version}" do + # <6.0 agent2 packages are not available for ubuntu 22.04 + next if version < '6.0' && default[:platform] =~ %r{ubuntu-22} + + before(:context, :clean) do + prepare_host + end + + context 'With minimal parameter', :clean do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'zabbix::agent': + agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', + include_dir => '/etc/zabbix/zabbix_agent2.d', + include_dir_purge => false, + zabbix_package_agent => 'zabbix-agent2', + servicename => 'zabbix-agent2', + manage_startup_script => false, + server => '192.168.20.11', + zabbix_package_state => 'latest', + zabbix_version => '#{version}', + } + PUPPET + end + end + + # do some basic checks + describe package('zabbix-agent2') do + it { is_expected.to be_installed } + end + + describe service('zabbix-agent2') do + it { is_expected.to be_running } + it { is_expected.to be_enabled } + end + + describe file('/etc/zabbix/zabbix_agentd2.conf') do + its(:content) { is_expected.not_to match %r{ListenIP=} } + end + end + + context 'With ListenIP set to an IP-Address' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'zabbix::agent': + agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', + include_dir => '/etc/zabbix/zabbix_agent2.d', + include_dir_purge => false, + zabbix_package_agent => 'zabbix-agent2', + servicename => 'zabbix-agent2', + manage_startup_script => false, + server => '192.168.20.11', + zabbix_package_state => 'latest', + listenip => '127.0.0.1', + zabbix_version => '#{version}', + } + PUPPET + end + end + + describe file('/etc/zabbix/zabbix_agent2.conf') do + its(:content) { is_expected.to match %r{ListenIP=127.0.0.1} } + end + end + + context 'With ListenIP set to lo' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'zabbix::agent': + agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf', + include_dir => '/etc/zabbix/zabbix_agent2.d', + include_dir_purge => false, + zabbix_package_agent => 'zabbix-agent2', + servicename => 'zabbix-agent2', + manage_startup_script => false, + server => '192.168.20.11', + zabbix_package_state => 'latest', + listenip => 'lo', + zabbix_version => '#{version}', + } + PUPPET + end + + describe file('/etc/zabbix/zabbix_agent2.conf') do + its(:content) { is_expected.to match %r{ListenIP=127.0.0.1} } + end + end + end + end end diff --git a/spec/classes/agent_spec.rb b/spec/classes/agent_spec.rb index 7c981ffd7..3cd34bdc7 100644 --- a/spec/classes/agent_spec.rb +++ b/spec/classes/agent_spec.rb @@ -445,6 +445,28 @@ it { is_expected.to contain_systemd__unit_file('zabbix-agent.service') } end end + + context 'when zabbix_package_agent is zabbix-agent2' do + let :params do + { + zabbix_package_agent: 'zabbix-agent2', startagents: 1, + maxlinespersecond: 1, allowroot: 1, zabbix_user: 'root', + loadmodulepath: '/tmp', allowkey: 'system.run[*]', + denykey: 'system.run[*]', enableremotecommands: 1, + logremotecommands: 1 + } + end + + it { is_expected.to contain_package('zabbix-agent2') } + + it do + is_expected.not_to contain_file(config_path).with_content( + %r{^(LogRemoteCommands|StartAgents|MaxLinesPerSecond + |AllowRoot|User|LoadModulePath|AllowKey|DenyKey| + EnableRemoteCommands|LogRemoteCommands)} + ) + end + end end end end diff --git a/spec/support/acceptance/prepare_host.rb b/spec/support/acceptance/prepare_host.rb index db5eeeb51..8f2c37dda 100644 --- a/spec/support/acceptance/prepare_host.rb +++ b/spec/support/acceptance/prepare_host.rb @@ -5,19 +5,20 @@ def prepare_host apply_manifest <<~PUPPET $services = $facts['os']['family'] ? { - 'RedHat' => ['zabbix-server', 'httpd'], - 'Debian' => ['zabbix-server', 'apache2'], - default => [], + 'RedHat' => ['zabbix-server', 'httpd', 'zabbix-agentd', 'zabbix-agent', 'zabbix-agent2'], + 'Debian' => ['zabbix-server', 'apache2', 'zabbix-agentd', 'zabbix-agent', 'zabbix-agent2'], + default => ['zabbix-agentd', zabbix-agent', 'zabbix-agent2'], } service { $services: ensure => stopped } $packages = $facts['os']['family'] ? { - 'RedHat' => ['zabbix-server-pgsql', 'zabbix-server-pgsql-scl', 'zabbix-web', 'zabbix-web-pgsql', 'zabbix-web-pgsql-scl', 'zabbix-frontend-php', 'zabbix-sql-scripts'], - 'Debian' => ['zabbix-server-pgsql', 'zabbix-web-pgsql', 'zabbix-frontend-php', 'zabbix-sql-scripts'], - default => [], + 'RedHat' => ['zabbix-server-pgsql', 'zabbix-server-pgsql-scl', 'zabbix-web', 'zabbix-web-pgsql', 'zabbix-web-pgsql-scl', 'zabbix-frontend-php', 'zabbix-sql-scripts', 'zabbix-agent', 'zabbix-agent2'], + 'Debian' => ['zabbix-server-pgsql', 'zabbix-web-pgsql', 'zabbix-frontend-php', 'zabbix-sql-scripts', 'zabbix-agent', 'zabbix-agent2'], + default => ['zabbix-agent', 'zabbix-agent2'], } + package { $packages: ensure => purged } diff --git a/templates/zabbix_agentd.conf.erb b/templates/zabbix_agentd.conf.erb index db7b0d1c0..ce5f469bc 100644 --- a/templates/zabbix_agentd.conf.erb +++ b/templates/zabbix_agentd.conf.erb @@ -48,6 +48,8 @@ DebugLevel=<%= @debuglevel %> # <% if @sourceip %>SourceIP=<%= @sourceip %><% end %> +<% unless @agent2 %> +<% if @zabbix_version.to_f >= 5.0 %> ### Option: AllowKey # Allow execution of item keys matching pattern. # Multiple keys matching rules may be defined in combination with DenyKey. @@ -57,7 +59,7 @@ DebugLevel=<%= @debuglevel %> # If no AllowKey or DenyKey rules defined, all keys are allowed. # # Mandatory: no -<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %> +<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %> ### Option: DenyKey # Deny execution of items keys matching pattern. @@ -70,7 +72,15 @@ DebugLevel=<%= @debuglevel %> # # Mandatory: no # Default: -<% if @denykey %>DenyKey=<%= @denykey -%><% end %> +<% if @denykey %>DenyKey=<%= @denykey -%><% end %> +<% end %> + +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +EnableRemoteCommands=<%= @enableremotecommands %> ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. @@ -78,6 +88,7 @@ DebugLevel=<%= @debuglevel %> # 1 - enabled # LogRemoteCommands=<%= @logremotecommands %> +<% end %> ##### Passive checks related @@ -100,11 +111,13 @@ ListenPort=<%= @listenport %> # <% if @listen_ip %>ListenIP=<%= @listen_ip %><% end %> +<% unless @agent2 %> ### Option: StartAgents # Number of pre-forked instances of zabbix_agentd that process passive checks. # If set to 0, disables passive checks and the agent will not listen on any TCP port. # StartAgents=<%= @startagents %> +<% end %> ##### Active checks related @@ -181,6 +194,7 @@ BufferSend=<%= @buffersend %> # BufferSize=<%= @buffersize %> +<% unless @agent2 %> ### Option: MaxLinesPerSecond # Maximum number of new lines the agent will send per second to Zabbix Server # or Proxy processing 'log' and 'logrt' active checks. @@ -188,6 +202,7 @@ BufferSize=<%= @buffersize %> # provided in 'log' or 'logrt' item keys. # MaxLinesPerSecond=<%= @maxlinespersecond %> +<% end %> ############ ADVANCED PARAMETERS ################# @@ -211,7 +226,7 @@ MaxLinesPerSecond=<%= @maxlinespersecond %> # Timeout=<%= @timeout %> -<% if @kernel != 'windows' %> +<% if @kernel != 'windows' and !@agent2 %> ### Option: AllowRoot # Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent # will try to switch to the user specified by the User configuration option instead. @@ -220,9 +235,7 @@ Timeout=<%= @timeout %> # 1 - allow # AllowRoot=<%= @allowroot %> -<% end %> -<% if @kernel != 'windows' %> ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. @@ -257,7 +270,7 @@ UnsafeUserParameters=<%= @unsafeuserparameters %> # Disabled. A configuration file should be placed on directory: <%= @include %> ####### LOADABLE MODULES ####### -<% if @kernel != 'windows' %> +<% if @kernel != 'windows' and !@agent2 %> ### Option: LoadModulePath # Full path to location of agent modules. # Default depends on compilation options.