Skip to content

Commit

Permalink
Bootstrap agent2 support
Browse files Browse the repository at this point in the history
* Remove some parameters in zabbix agent configuration if it's zabbix
  agent2 package
    * LogRemoteCommands
    * StartAgents
    * MaxLinesPerSecond
    * AllowRoot
    * User
    * LoadModulePath
* Fix EnableRemoteCommands still use on zabbix agentd > 5 but remove on
  agent2

Conflicts:
	manifests/agent.pp
	spec/classes/agent_spec.rb
	spec/acceptance/agent_spec.rb
	templates/zabbix_agentd.conf.erb
  • Loading branch information
fe80 authored and Valantin committed Mar 11, 2024
1 parent 53f5969 commit fde4be3
Show file tree
Hide file tree
Showing 7 changed files with 214 additions and 36 deletions.
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
5. [Usage - Configuration options and additional functionality](#usage)
* [zabbix-server](#usage-zabbix-server)
* [zabbix-agent](#usage-zabbix-agent)
* [zabbix-agent2](#usage-zabbix-agent2)
* [zabbix-proxy](#usage-zabbix-proxy)
* [zabbix-javagateway](#usage-zabbix-javagateway)
* [zabbix-sender](#usage-zabbix-sender)
Expand Down Expand Up @@ -200,6 +201,21 @@ class { 'zabbix::agent':
}
```

### Usage zabbix-agent2

Basic one way of setup, wheter it is monitored by zabbix-server or zabbix-proxy:
```ruby
class { 'zabbix::agent':
agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
include_dir => '/etc/zabbix/zabbix_agent2.d',
include_dir_purge => false,
zabbix_package_agent => 'zabbix-agent2',
servicename => 'zabbix-agent2',
manage_startup_script => false,
server => '192.168.20.11',
}
```

### Usage zabbix-proxy

Like the zabbix-server, the zabbix-proxy can also be used in 2 ways:
Expand Down
13 changes: 13 additions & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -1342,6 +1342,19 @@ class { 'zabbix::agent':
}
```

##### Using Zabbix Agent 2

```puppet
class { 'zabbix::agent':
agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
include_dir => '/etc/zabbix/zabbix_agent2.d',
include_dir_purge => false,
zabbix_package_agent => 'zabbix-agent2',
servicename => 'zabbix-agent2',
manage_startup_script => false,
}
```

#### Parameters

The following parameters are available in the `zabbix::agent` class:
Expand Down
13 changes: 13 additions & 0 deletions manifests/agent.pp
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,17 @@
# monitored_by_proxy => 'my_proxy_host',
# server => '192.168.1.1',
# }
#
# @example Using Zabbix Agent 2
# class { 'zabbix::agent':
# agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
# include_dir => '/etc/zabbix/zabbix_agent2.d',
# include_dir_purge => false,
# zabbix_package_agent => 'zabbix-agent2',
# servicename => 'zabbix-agent2',
# manage_startup_script => false,
# }
#
# @author Werner Dijkerman [email protected]
class zabbix::agent (
$zabbix_version = $zabbix::params::zabbix_version,
Expand Down Expand Up @@ -219,6 +230,8 @@
String $service_type = $zabbix::params::service_type,
Boolean $manage_startup_script = $zabbix::params::manage_startup_script,
) inherits zabbix::params {
$agent2 = $zabbix_package_agent == 'zabbix-agent2'

# Find if listenip is set. If not, we can set to specific ip or
# to network name. If more than 1 interfaces are available, we
# can find the ipaddress of this specific interface if listenip
Expand Down
141 changes: 118 additions & 23 deletions spec/acceptance/agent_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,34 +7,36 @@
next if version < '6.0' && default[:platform] =~ %r{debian-12}

describe "zabbix::agent class with zabbix_version #{version}" do
it 'works idempotently with no errors' do
pp = <<-EOS
class { 'zabbix::agent':
server => '192.168.20.11',
zabbix_package_state => 'latest',
zabbix_version => '#{version}',
}
EOS
context 'With minimal parameter' do
it 'works idempotently with no errors' do
pp = <<-EOS
class { 'zabbix::agent':
server => '192.168.20.11',
zabbix_package_state => 'latest',
zabbix_version => '#{version}',
}
EOS

prepare_host
prepare_host

# Run it twice and test for idempotency
apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
end
# Run it twice and test for idempotency
apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
end

# do some basic checks
describe package('zabbix-agent') do
it { is_expected.to be_installed }
end
# do some basic checks
describe package('zabbix-agent') do
it { is_expected.to be_installed }
end

describe service('zabbix-agent') do
it { is_expected.to be_running }
it { is_expected.to be_enabled }
end
describe service('zabbix-agent') do
it { is_expected.to be_running }
it { is_expected.to be_enabled }
end

describe file('/etc/zabbix/zabbix_agentd.conf') do
its(:content) { is_expected.not_to match %r{ListenIP=} }
describe file('/etc/zabbix/zabbix_agentd.conf') do
its(:content) { is_expected.not_to match %r{ListenIP=} }
end
end

context 'With ListenIP set to an IP-Address' do
Expand Down Expand Up @@ -90,4 +92,97 @@ class { 'zabbix::agent':
end
end
end

describe "zabbix::agent class with agent2 and zabbix_version #{version}" do
# <6.0 agent2 packages are not available for ubuntu 22.04
next if version < '6.0' && default[:platform] =~ %r{ubuntu-22}

before(:all) do
prepare_host
end

context 'With minimal parameter' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'zabbix::agent':
agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
include_dir => '/etc/zabbix/zabbix_agent2.d',
include_dir_purge => false,
zabbix_package_agent => 'zabbix-agent2',
servicename => 'zabbix-agent2',
manage_startup_script => false,
server => '192.168.20.11',
zabbix_package_state => 'latest',
zabbix_version => '#{version}',
}
PUPPET
end
end

# do some basic checks
describe package('zabbix-agent2') do
it { is_expected.to be_installed }
end

describe service('zabbix-agent2') do
it { is_expected.to be_running }
it { is_expected.to be_enabled }
end

describe file('/etc/zabbix/zabbix_agentd2.conf') do
its(:content) { is_expected.not_to match %r{ListenIP=} }
end
end

context 'With ListenIP set to an IP-Address' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'zabbix::agent':
agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
include_dir => '/etc/zabbix/zabbix_agent2.d',
include_dir_purge => false,
zabbix_package_agent => 'zabbix-agent2',
servicename => 'zabbix-agent2',
manage_startup_script => false,
server => '192.168.20.11',
zabbix_package_state => 'latest',
listenip => '127.0.0.1',
zabbix_version => '#{version}',
}
PUPPET
end
end

describe file('/etc/zabbix/zabbix_agent2.conf') do
its(:content) { is_expected.to match %r{ListenIP=127.0.0.1} }
end
end

context 'With ListenIP set to lo' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'zabbix::agent':
agent_configfile_path => '/etc/zabbix/zabbix_agent2.conf',
include_dir => '/etc/zabbix/zabbix_agent2.d',
include_dir_purge => false,
zabbix_package_agent => 'zabbix-agent2',
servicename => 'zabbix-agent2',
manage_startup_script => false,
server => '192.168.20.11',
zabbix_package_state => 'latest',
listenip => 'lo',
zabbix_version => '#{version}',
}
PUPPET
end

describe file('/etc/zabbix/zabbix_agent2.conf') do
its(:content) { is_expected.to match %r{ListenIP=127.0.0.1} }
end
end
end
end
end
22 changes: 22 additions & 0 deletions spec/classes/agent_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,28 @@
it { is_expected.to contain_systemd__unit_file('zabbix-agent.service') }
end
end

context 'when zabbix_package_agent is zabbix-agent2' do
let :params do
{
zabbix_package_agent: 'zabbix-agent2', startagents: 1,
maxlinespersecond: 1, allowroot: 1, zabbix_user: 'root',
loadmodulepath: '/tmp', allowkey: 'system.run[*]',
denykey: 'system.run[*]', enableremotecommands: 1,
logremotecommands: 1
}
end

it { is_expected.to contain_package('zabbix-agent2') }

it do
is_expected.not_to contain_file(config_path).with_content(
%r{^(LogRemoteCommands|StartAgents|MaxLinesPerSecond
|AllowRoot|User|LoadModulePath|AllowKey|DenyKey|
EnableRemoteCommands|LogRemoteCommands)}
)
end
end
end
end
end
20 changes: 13 additions & 7 deletions spec/support/acceptance/prepare_host.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,27 @@ def prepare_host

apply_manifest <<~PUPPET
$services = $facts['os']['family'] ? {
'RedHat' => ['zabbix-server', 'httpd'],
'Debian' => ['zabbix-server', 'apache2'],
default => [],
'RedHat' => ['zabbix-server', 'httpd', 'zabbix-agentd', 'zabbix-agent', 'zabbix-agent2'],
'Debian' => ['zabbix-server', 'apache2', 'zabbix-agentd', 'zabbix-agent', 'zabbix-agent2'],
default => ['zabbix-agentd', 'zabbix-agent', 'zabbix-agent2'],
}
service { $services:
ensure => stopped
}
$packages = $facts['os']['family'] ? {
'RedHat' => ['zabbix-server-pgsql', 'zabbix-server-pgsql-scl', 'zabbix-web', 'zabbix-web-pgsql', 'zabbix-web-pgsql-scl', 'zabbix-frontend-php', 'zabbix-sql-scripts'],
'Debian' => ['zabbix-server-pgsql', 'zabbix-web-pgsql', 'zabbix-frontend-php', 'zabbix-sql-scripts'],
default => [],
'RedHat' => ['zabbix-server-pgsql', 'zabbix-server-pgsql-scl', 'zabbix-web', 'zabbix-web-pgsql', 'zabbix-web-pgsql-scl', 'zabbix-frontend-php', 'zabbix-sql-scripts', 'zabbix-agent', 'zabbix-agent2'],
'Debian' => ['zabbix-server-pgsql', 'zabbix-web-pgsql', 'zabbix-frontend-php', 'zabbix-sql-scripts', 'zabbix-agent', 'zabbix-agent2'],
default => ['zabbix-agent', 'zabbix-agent2'],
}
$pkg_ensure = $facts['os']['family'] ? {
'Archlinux' => absent,
default => purged,
}
package { $packages:
ensure => purged
ensure => $pkg_ensure
}
PUPPET

Expand Down
25 changes: 19 additions & 6 deletions templates/zabbix_agentd.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ DebugLevel=<%= @debuglevel %>
#
<% if @sourceip %>SourceIP=<%= @sourceip %><% end %>

<% unless @agent2 %>
<% if @zabbix_version.to_f >= 5.0 %>
### Option: AllowKey
# Allow execution of item keys matching pattern.
# Multiple keys matching rules may be defined in combination with DenyKey.
Expand All @@ -57,7 +59,7 @@ DebugLevel=<%= @debuglevel %>
# If no AllowKey or DenyKey rules defined, all keys are allowed.
#
# Mandatory: no
<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %>
<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %>

### Option: DenyKey
# Deny execution of items keys matching pattern.
Expand All @@ -70,14 +72,23 @@ DebugLevel=<%= @debuglevel %>
#
# Mandatory: no
# Default:
<% if @denykey %>DenyKey=<%= @denykey -%><% end %>
<% if @denykey %>DenyKey=<%= @denykey -%><% end %>
<% end %>

### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
EnableRemoteCommands=<%= @enableremotecommands %>

### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
LogRemoteCommands=<%= @logremotecommands %>
<% end %>


##### Passive checks related
Expand All @@ -100,11 +111,13 @@ ListenPort=<%= @listenport %>
#
<% if @listen_ip %>ListenIP=<%= @listen_ip %><% end %>

<% unless @agent2 %>
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
StartAgents=<%= @startagents %>
<% end %>

##### Active checks related

Expand Down Expand Up @@ -181,13 +194,15 @@ BufferSend=<%= @buffersend %>
#
BufferSize=<%= @buffersize %>

<% unless @agent2 %>
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
MaxLinesPerSecond=<%= @maxlinespersecond %>
<% end %>

############ ADVANCED PARAMETERS #################

Expand All @@ -211,7 +226,7 @@ MaxLinesPerSecond=<%= @maxlinespersecond %>
#
Timeout=<%= @timeout %>

<% if @kernel != 'windows' %>
<% if @kernel != 'windows' and !@agent2 %>
### Option: AllowRoot
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
# will try to switch to the user specified by the User configuration option instead.
Expand All @@ -220,9 +235,7 @@ Timeout=<%= @timeout %>
# 1 - allow
#
AllowRoot=<%= @allowroot %>
<% end %>

<% if @kernel != 'windows' %>
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
Expand Down Expand Up @@ -257,7 +270,7 @@ UnsafeUserParameters=<%= @unsafeuserparameters %>
# Disabled. A configuration file should be placed on directory: <%= @include %>

####### LOADABLE MODULES #######
<% if @kernel != 'windows' %>
<% if @kernel != 'windows' and !@agent2 %>
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
Expand Down

0 comments on commit fde4be3

Please sign in to comment.