This role will automatically install the Zabbix Agent on Linux or Windows.
| Variable | Description | Type of variable | Default value | Other value |
|---|---|---|---|---|
| zabbix_agent_2 | install zabbix-agent2 or if false install zabbix-agent v1 | bool |
false |
value 1, value 2 |
| zabbix_psk | enable encryption, see bellow for more information | string |
none | 95e7ebed7c8a2a6c658 |
| zabbix_server | zabbix server dns | string |
none, see group_vars | zabbix.neox.sh |
| zabbix_ListenIP | zabbix_agent listen IP for incoming connection from the server | string |
none | 10.78.0.34 |
| zabbix_UnsafeUserParameters | enable special characters into user parameter | bool |
none | true |
| zabbix_hostname | zabbix hostname (for exemple windows have a limitation of 15 characters) | string |
none | izy-iwi-catalog |
| zabbix_agent_sudo_logging | to debug what zabbix user is running via sudo | bool |
false |
true |
| zabbix_add_host_on_zabbix_server | Add host to Zabbix (with Ansible groups) | bool |
false |
true |
| zabbix_agent_monitor_by | when zabbix_add_host_on_zabbix_server, you can tell who is monitoring the zabbix agent | string |
proxy |
zabbix_server |
By default, no encryption is enabled.
Source: https://www.zabbix.com/documentation/3.0/manual/encryption/using_pre_shared_keys
To enable encryption, you first need to generate a psk, the documentation doesn't provide any guideline about a safe size for the PSK, so we'll use the biggest size possible:
openssl rand -hex 120
Important: in OpenSSL version < 1.1.1, the PSK could be longer than 128 hexadecimal digits (up to 512), but after OpenSSL 1.1.1, the maximum PSK length is now 128 hexadecimal digits. If a PSK is exceeding the new OpenSSL limit, the host will not be monitored anymore, see https://www.zabbix.com/documentation/3.0/manual/encryption/troubleshooting/psk_problems for more information Set this psk in the vault of your host:
zabbix_psk: "040ae522e533a2e5e9ba46930e82b82695e7ebed7c8a2a6c658702de8c87dabed6ea7f7acaf7e62d564ed631fb49ebd84415675f6daf90b50d9940fa9f49843f06073998e5e8d1c7a5a55c1b34777cd650d2b9b5d88076ced3318c8fb607d36c6a8b5387eca0e5190a1119daf66d6262803f30e05caea5b45ac5bc5e10be849d06d857f1cbeb890503b4107a5120595de7f5b530139d123b1f54483263d1edf8455a6fe8f54c469a5a67f7ba6a9de5fc40815b6941fab0d4dd68250f201954e4fcd6d0051bd238cfed8889d72d936f140024e5bfa2c9ca2c4be4932d857b467935f0764be5a2f254bc9db658675e0eea422cc7f0302ae2b07557d5db6a189ebd"
You then need to configure the Zabbix frontend to use the PSK, you need to go to the "Encryption" table and select PSK for both the "Connections to host" and the "Connections from host". The "PSK identity" is generated by ansible and is simply "PSK {{ ansible_hostname }}", and the "PSK" is of course the generated one.
When both the client and the server are configured, you may have to wait ~1 minute before it actually works because of the configuration cache on the server, maybe longer if you use a proxy.
You can also test the connection on the Zabbix server, to do that you must copy the psk to a file and then use a command like this:
zabbix_get --tls-connect psk --tls-psk-identity "PSK screen3" --tls-psk-file /etc/zabbix/tls-key-file/screen3.psk -s screen3 -k agent.hostname
Windows Agent Binary is not compiled with TLS Support. Enabling TLS in configure cases the zabbix service not to start. Tracker: https://support.zabbix.com/browse/ZBXNEXT-3047
The update works only on windows.
To perform an update, add this parameter: --extra-vars "zabbix_agent_win_update_now=true" , true is case sensitive since it's evaluated as a string in this case.
This role will also update if this parameter is present: --extra-vars "global_update_now=true" , true is case sensitive since it's evaluated as a string in this case.
The update will be skipped if you already have the latest version of the executable.
Sometimes, zabbix agent fails to start on Windows. You can try to rebuild the performance counters isuuing the following commands as an administrator:
cd c:\windows\system32
lodctr /R
cd c:\windows\sysWOW64
lodctr /R
WINMGMT.EXE /RESYNCPERF
Get-Service -Name "Zabbix Agent" | Restart-Service -Force -Verbose