From 90aaabb7872863912f43a50606dde52225bbca5d Mon Sep 17 00:00:00 2001 From: fe80 Date: Thu, 30 Jun 2022 12:34:34 +0200 Subject: [PATCH] Bootstrap agent2 support * Add param binary_location for specify zabbix agent binary (only for systemd) * Remove some parameters in zabbix agent configuration if it's zabbix agent2 package * LogRemoteCommands * StartAgents * MaxLinesPerSecond * AllowRoot * User * LoadModulePath * Fix EnableRemoteCommands still use on zabbix agentd > 5 but remove on agent2 Conflicts: manifests/agent.pp spec/classes/agent_spec.rb templates/zabbix_agentd.conf.erb --- README.md | 16 +++++++++++ REFERENCE.md | 31 ++++++++++++++++++++ manifests/agent.pp | 5 ++++ manifests/init.pp | 13 +++++++++ manifests/params.pp | 4 +++ manifests/startup.pp | 6 +++- spec/classes/agent_spec.rb | 38 +++++++++++++++++++++++++ spec/classes/database_spec.rb | 4 +-- spec/defines/startup_spec.rb | 3 +- templates/zabbix-agent-systemd.init.erb | 2 +- templates/zabbix_agentd.conf.erb | 25 ++++++++++++---- 11 files changed, 135 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c0316332c..a9f7c6c36 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ 5. [Usage - Configuration options and additional functionality](#usage) * [zabbix-server](#usage-zabbix-server) * [zabbix-agent](#usage-zabbix-agent) + * [zabbix-agent2](#usage-zabbix-agent2) * [zabbix-proxy](#usage-zabbix-proxy) * [zabbix-javagateway](#usage-zabbix-javagateway) * [zabbix-sender](#usage-zabbix-sender) @@ -200,6 +201,21 @@ class { 'zabbix::agent': } ``` +### Usage zabbix-agent2 + +To use Zabbix agent2 you need to define some parameters + +```ruby + class { 'zabbix::agent': + package_name => 'zabbix-agent2', + agent_configfile_path => '/etc/zabbix/zabbix_agent2.d', + pidfile => '/var/run/zabbix/zabbix_agentd2.pid', + servicename => 'zabbix-agent2', + zabbix_package_agent => 'zabbix-agent2', + binary_location => '/usr/sbin/zabbix_agent2' + } +``` + ### Usage zabbix-proxy Like the zabbix-server, the zabbix-proxy can also be used in 2 ways: diff --git a/REFERENCE.md b/REFERENCE.md index db0d350e2..1dadae49c 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -81,6 +81,19 @@ class { 'zabbix': } ``` +##### Using Zabbix Agent 2 + +```puppet +class { 'zabbix::agent': + package_name => 'zabbix-agent2', + agent_configfile_path => '/etc/zabbix/zabbix_agent2.d', + pidfile => '/var/run/zabbix/zabbix_agentd2.pid', + servicename => 'zabbix-agent2', + zabbix_package_agent => 'zabbix-agent2', + binary_location => '/usr/sbin/zabbix_agent2' +} +``` + #### Parameters The following parameters are available in the `zabbix` class: @@ -1418,6 +1431,7 @@ The following parameters are available in the `zabbix::agent` class: * [`userparameter`](#-zabbix--agent--userparameter) * [`loadmodulepath`](#-zabbix--agent--loadmodulepath) * [`loadmodule`](#-zabbix--agent--loadmodule) +* [`binary_location`](#-zabbix--agent--binary_location) * [`manage_startup_script`](#-zabbix--agent--manage_startup_script) ##### `zabbix_version` @@ -2090,6 +2104,14 @@ Module to load at agent startup. Default value: `$zabbix::params::agent_loadmodule` +##### `binary_location` + +Data type: `Optional[Stdlib::Absolutepath]` + +Location of th binary file, this feature is available only for systemd startup script + +Default value: `$zabbix::params::agent_binary_location` + ##### `manage_startup_script` Data type: `Boolean` @@ -5637,6 +5659,7 @@ The following parameters are available in the `zabbix::startup` defined type: * [`service_type`](#-zabbix--startup--service_type) * [`manage_database`](#-zabbix--startup--manage_database) * [`service_name`](#-zabbix--startup--service_name) +* [`binary_location`](#-zabbix--startup--binary_location) ##### `pidfile` @@ -5712,6 +5735,14 @@ Name of the service. Defaults to the resource name Default value: `$name` +##### `binary_location` + +Data type: `Optional[Stdlib::Absolutepath]` + +This params is use for define a specific binary location. This is actually only available for zabbix agent and systemd + +Default value: `undef` + ### `zabbix::template` This will upload an Zabbix Template (XML format) diff --git a/manifests/agent.pp b/manifests/agent.pp index 560b9f927..27707c2c3 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -118,6 +118,7 @@ # @param userparameter User-defined parameter to monitor. # @param loadmodulepath Full path to location of agent modules. # @param loadmodule Module to load at agent startup. +# @param binary_location Location of th binary file, this feature is available only for systemd startup script # @param manage_startup_script # If the init script should be managed by this module. Attention: This might # cause problems with some config options of this module (e.g @@ -218,7 +219,10 @@ String $additional_service_params = $zabbix::params::additional_service_params, String $service_type = $zabbix::params::service_type, Boolean $manage_startup_script = $zabbix::params::manage_startup_script, + Optional[Stdlib::Absolutepath] $binary_location = $zabbix::params::agent_binary_location, ) inherits zabbix::params { + $agent2 = $zabbix_package_agent == 'zabbix-agent2' + # Find if listenip is set. If not, we can set to specific ip or # to network name. If more than 1 interfaces are available, we # can find the ipaddress of this specific interface if listenip @@ -305,6 +309,7 @@ additional_service_params => $additional_service_params, service_type => $service_type, service_name => 'zabbix-agent', + binary_location => $binary_location, require => Package[$zabbix_package_agent], } } diff --git a/manifests/init.pp b/manifests/init.pp index 2cbd3a86e..e58b96d26 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -199,11 +199,13 @@ # @param saml_sp_cert The location of the SAML Service Provider Certificate. # @param saml_idp_cert The location of the SAML Identity Provider Certificate. # @param saml_settings A hash of additional SAML SSO settings. +# # @example Single host setup: # class { 'zabbix': # zabbix_url => 'zabbix.dj-wasabi.nl', # } # +# # @example This assumes that you want to use the postgresql database. If not and you want to supply your own database crendentials: # class { 'zabbix': # zabbix_url => 'zabbix.dj-wasabi.nl', @@ -211,6 +213,17 @@ # database_user => 'zabbix', # database_password => 'ThisIsVeryDifficult.nl', # } +# +# @example Using Zabbix Agent 2 +# class { 'zabbix::agent': +# package_name => 'zabbix-agent2', +# agent_configfile_path => '/etc/zabbix/zabbix_agent2.d', +# pidfile => '/var/run/zabbix/zabbix_agentd2.pid', +# servicename => 'zabbix-agent2', +# zabbix_package_agent => 'zabbix-agent2', +# binary_location => '/usr/sbin/zabbix_agent2' +# } +# # @author Werner Dijkerman ikben@werner-dijkerman.nl class zabbix ( $zabbix_url = '', diff --git a/manifests/params.pp b/manifests/params.pp index 65bfa872c..4ce0afa6b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -292,6 +292,10 @@ $server_socketdir = undef # Agent specific params + $agent_binary_location = $facts['kernel'] ? { + 'Linux' => '/usr/sbin/zabbix_agentd', + default => undef, + } $agent_allowroot = '0' $agent_buffersend = '5' $agent_buffersize = '100' diff --git a/manifests/startup.pp b/manifests/startup.pp index 7ca381142..6e81d039d 100644 --- a/manifests/startup.pp +++ b/manifests/startup.pp @@ -11,6 +11,7 @@ # @param service_type Systemd service type # @param manage_database When true, it will configure the database and execute the sql scripts. # @param service_name Name of the service. Defaults to the resource name +# @param binary_location This params is use for define a specific binary location. This is actually only available for zabbix agent and systemd # @example # zabbix::startup { 'agent': } # @@ -27,6 +28,7 @@ String $service_type = 'simple', Optional[Boolean] $manage_database = undef, Optional[String] $service_name = $name, + Optional[Stdlib::Absolutepath] $binary_location = undef, ) { case $title.downcase { /agent/: { @@ -41,8 +43,10 @@ fail('we currently only support a title that contains agent or server') } } - # provided by camp2camp/systemd if $facts['systemd'] { + if $name =~ /^zabbix-agent2?$/ { + assert_type(Stdlib::Absolutepath, $binary_location) + } contain systemd systemd::unit_file { "${name}.service": content => template("zabbix/${service_name}-systemd.init.erb"), diff --git a/spec/classes/agent_spec.rb b/spec/classes/agent_spec.rb index 7c981ffd7..48ee60fae 100644 --- a/spec/classes/agent_spec.rb +++ b/spec/classes/agent_spec.rb @@ -96,6 +96,14 @@ end end + context 'when binary_location is define', if: facts[:kernel] == 'Linux' do + it do + is_expected.to contain_zabbix__startup(service_name).with( + binary_location: '/usr/sbin/zabbix_agentd' + ) + end + end + context 'when declaring manage_repo is true' do let :params do { @@ -445,6 +453,36 @@ it { is_expected.to contain_systemd__unit_file('zabbix-agent.service') } end end + + context 'when binary_location is define', if: facts[:kernel] == 'Linux' do + it do + is_expected.to contain_zabbix__startup(service_name).with( + binary_location: '/usr/sbin/zabbix_agentd' + ) + end + end + + context 'when zabbix_package_agent is zabbix-agent2' do + let :params do + { + zabbix_package_agent: 'zabbix-agent2', startagents: 1, + maxlinespersecond: 1, allowroot: 1, zabbix_user: 'root', + loadmodulepath: '/tmp', allowkey: 'system.run[*]', + denykey: 'system.run[*]', enableremotecommands: 1, + logremotecommands: 1 + } + end + + it { is_expected.to contain_package('zabbix-agent2') } + + it do + is_expected.not_to contain_file(config_path).with_content( + %r{^(LogRemoteCommands|StartAgents|MaxLinesPerSecond + |AllowRoot|User|LoadModulePath|AllowKey|DenyKey| + EnableRemoteCommands|LogRemoteCommands)} + ) + end + end end end end diff --git a/spec/classes/database_spec.rb b/spec/classes/database_spec.rb index 809e6d852..0ce6f780d 100644 --- a/spec/classes/database_spec.rb +++ b/spec/classes/database_spec.rb @@ -11,9 +11,7 @@ next if facts[:os]['name'] == 'windows' context "on #{os}" do - let :facts do - facts - end + let(:facts) { facts } let :pre_condition do <<-EOS diff --git a/spec/defines/startup_spec.rb b/spec/defines/startup_spec.rb index 11e3d390f..3a83001a6 100644 --- a/spec/defines/startup_spec.rb +++ b/spec/defines/startup_spec.rb @@ -65,7 +65,8 @@ { agent_configfile_path: '/something', pidfile: '/somethingelse', - additional_service_params: '--foreground' + additional_service_params: '--foreground', + binary_location: '/usr/sbin/zabbix_agentd' } end diff --git a/templates/zabbix-agent-systemd.init.erb b/templates/zabbix-agent-systemd.init.erb index bfe6ceb02..ddc521877 100644 --- a/templates/zabbix-agent-systemd.init.erb +++ b/templates/zabbix-agent-systemd.init.erb @@ -8,7 +8,7 @@ After=network.target Restart=on-failure <% if @pidfile %>PIDFile=<%= @pidfile %><% end %> KillMode=control-group -ExecStart=/usr/sbin/zabbix_agentd <%= @additional_service_params %> -c <%= @agent_configfile_path %> +ExecStart=<%= @binary_location %> <%= @additional_service_params %> -c <%= @agent_configfile_path %> <% if @zabbix_user %>User=<%= @zabbix_user %><% end %> RestartSec=10s diff --git a/templates/zabbix_agentd.conf.erb b/templates/zabbix_agentd.conf.erb index db7b0d1c0..ce5f469bc 100644 --- a/templates/zabbix_agentd.conf.erb +++ b/templates/zabbix_agentd.conf.erb @@ -48,6 +48,8 @@ DebugLevel=<%= @debuglevel %> # <% if @sourceip %>SourceIP=<%= @sourceip %><% end %> +<% unless @agent2 %> +<% if @zabbix_version.to_f >= 5.0 %> ### Option: AllowKey # Allow execution of item keys matching pattern. # Multiple keys matching rules may be defined in combination with DenyKey. @@ -57,7 +59,7 @@ DebugLevel=<%= @debuglevel %> # If no AllowKey or DenyKey rules defined, all keys are allowed. # # Mandatory: no -<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %> +<% if @allowkey %>AllowKey=<%= @allowkey -%><% end %> ### Option: DenyKey # Deny execution of items keys matching pattern. @@ -70,7 +72,15 @@ DebugLevel=<%= @debuglevel %> # # Mandatory: no # Default: -<% if @denykey %>DenyKey=<%= @denykey -%><% end %> +<% if @denykey %>DenyKey=<%= @denykey -%><% end %> +<% end %> + +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +EnableRemoteCommands=<%= @enableremotecommands %> ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. @@ -78,6 +88,7 @@ DebugLevel=<%= @debuglevel %> # 1 - enabled # LogRemoteCommands=<%= @logremotecommands %> +<% end %> ##### Passive checks related @@ -100,11 +111,13 @@ ListenPort=<%= @listenport %> # <% if @listen_ip %>ListenIP=<%= @listen_ip %><% end %> +<% unless @agent2 %> ### Option: StartAgents # Number of pre-forked instances of zabbix_agentd that process passive checks. # If set to 0, disables passive checks and the agent will not listen on any TCP port. # StartAgents=<%= @startagents %> +<% end %> ##### Active checks related @@ -181,6 +194,7 @@ BufferSend=<%= @buffersend %> # BufferSize=<%= @buffersize %> +<% unless @agent2 %> ### Option: MaxLinesPerSecond # Maximum number of new lines the agent will send per second to Zabbix Server # or Proxy processing 'log' and 'logrt' active checks. @@ -188,6 +202,7 @@ BufferSize=<%= @buffersize %> # provided in 'log' or 'logrt' item keys. # MaxLinesPerSecond=<%= @maxlinespersecond %> +<% end %> ############ ADVANCED PARAMETERS ################# @@ -211,7 +226,7 @@ MaxLinesPerSecond=<%= @maxlinespersecond %> # Timeout=<%= @timeout %> -<% if @kernel != 'windows' %> +<% if @kernel != 'windows' and !@agent2 %> ### Option: AllowRoot # Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent # will try to switch to the user specified by the User configuration option instead. @@ -220,9 +235,7 @@ Timeout=<%= @timeout %> # 1 - allow # AllowRoot=<%= @allowroot %> -<% end %> -<% if @kernel != 'windows' %> ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. @@ -257,7 +270,7 @@ UnsafeUserParameters=<%= @unsafeuserparameters %> # Disabled. A configuration file should be placed on directory: <%= @include %> ####### LOADABLE MODULES ####### -<% if @kernel != 'windows' %> +<% if @kernel != 'windows' and !@agent2 %> ### Option: LoadModulePath # Full path to location of agent modules. # Default depends on compilation options.