diff --git a/dns.tf b/dns.tf index ad3bf01..c139bab 100644 --- a/dns.tf +++ b/dns.tf @@ -12,3 +12,11 @@ resource "aws_route53_record" "zabbix" { ttl = "300" records = ["${google_compute_instance.zabbix.network_interface.0.access_config.0.nat_ip}"] } + +resource "aws_route53_record" "zabbix-agents" { + zone_id = "${data.aws_route53_zone.dns_zone.id}" + name = "agent-1" + type = "A" + ttl = "300" + records = ["${google_compute_instance.agent.network_interface.0.access_config.0.nat_ip}"] +} diff --git a/instances.tf b/instances.tf index 00ea9fb..2c5fc4b 100644 --- a/instances.tf +++ b/instances.tf @@ -1,12 +1,11 @@ #=============================================== # Create PVE servers #=============================================== -resource "google_compute_instance" "pve" { - count = "${var.count_instance}" - name = "serv-${count.index + 1}" +resource "google_compute_instance" "agent" { + name = "agent-1" machine_type = "g1-small" zone = "${var.zone_instance}" - tags = ["serv-${count.index + 1}"] + tags = ["${var.zabbix_tag}"] # add image disk boot_disk { @@ -26,8 +25,6 @@ resource "google_compute_instance" "pve" { sshKeys = "${var.default_user}:${file("~/.ssh/id_rsa.pub")}" } - metadata_startup_script = "${file("scripts/setupagent.sh")}" - connection { host = self.network_interface.0.access_config.0.nat_ip type = "ssh" @@ -35,18 +32,23 @@ resource "google_compute_instance" "pve" { private_key = "${file("~/.ssh/id_rsa")}" } + provisioner "remote-exec" { + inline = ["${file("scripts/setupagent.sh")}"] + } + provisioner "file" { - source = "scripts/agents/zabbix_agent.conf" - destination = "/etc/zabbix/zabbix_agent.conf" + source = "scripts/agents/zabbix_agentd.conf" + destination = "~/zabbix_agentd.conf" } provisioner "remote-exec" { inline = [ "sudo apt update", "sudo apt install nginx -y", - "sudo echo Serv-${count.index + 1} >> /var/www/html/index.nginx-debian.html", - "sudo systemctl enable nginx && sudo systemctl start nginx" + "sudo echo ${self.name} >> /var/www/html/index.nginx-debian.html", + "sudo systemctl enable nginx && sudo systemctl start nginx", + "sudo cp ~/zabbix_agentd.conf /etc/zabbix/", + "sudo service zabbix-agent restart" ] } - } diff --git a/outputs.tf b/outputs.tf index 5ba5348..a2fd411 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,6 @@ -# output "pve-servers_ip" { -# value = "${google_compute_instance.pve.*.network_interface.0.access_config.0.nat_ip}" -# } +output "agent_ip" { + value = "${google_compute_instance.agent.network_interface.0.access_config.0.nat_ip}" +} output "zabbix_ip" { value = "${google_compute_instance.zabbix.network_interface.0.access_config.0.nat_ip}" diff --git a/scripts/agents/zabbix_agentd.conf b/scripts/agents/zabbix_agentd.conf new file mode 100644 index 0000000..8c87f8c --- /dev/null +++ b/scripts/agents/zabbix_agentd.conf @@ -0,0 +1,402 @@ +# This is a configuration file for Zabbix agent daemon (Unix) +# To get more information about Zabbix, visit http://www.zabbix.com + +############ GENERAL PARAMETERS ################# + +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_agentd.pid + +PidFile=/var/run/zabbix/zabbix_agentd.pid + +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +### Option: LogFile +# Log file name for LogType 'file' parameter. +# +# Mandatory: yes, if LogType is set to file, otherwise no +# Default: +# LogFile= + +LogFile=/var/log/zabbix/zabbix_agentd.log + +### Option: LogFileSize +# Maximum size of log file in MB. +# 0 - disable automatic log rotation. +# +# Mandatory: no +# Range: 0-1024 +# Default: +# LogFileSize=1 + +LogFileSize=0 + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +# Mandatory: no +# Default: +# EnableRemoteCommands=0 + +### Option: LogRemoteCommands +# Enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +# Mandatory: no +# Default: +# LogRemoteCommands=0 + +##### Passive checks related + +### Option: Server +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. +# Incoming connections will be accepted only from the hosts listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes, if StartAgents is not explicitly set to 0 +# Default: +# Server= + +Server=zabbix.aits.life + +### Option: ListenPort +# Agent will listen on this port for connections from the server. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10050 + +### Option: ListenIP +# List of comma delimited IP addresses that the agent should listen on. +# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +### Option: StartAgents +# Number of pre-forked instances of zabbix_agentd that process passive checks. +# If set to 0, disables passive checks and the agent will not listen on any TCP port. +# +# Mandatory: no +# Range: 0-100 +# Default: +# StartAgents=3 + +##### Active checks related + +### Option: ServerActive +# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks. +# If port is not specified, default port is used. +# IPv6 addresses must be enclosed in square brackets if port for that host is specified. +# If port is not specified, square brackets for IPv6 addresses are optional. +# If this parameter is not specified, active checks are disabled. +# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# +# Mandatory: no +# Default: +# ServerActive= + +ServerActive=zabbix.aits.life + +### Option: Hostname +# Unique, case sensitive hostname. +# Required for active checks and must match hostname as configured on the server. +# Value is acquired from HostnameItem if undefined. +# +# Mandatory: no +# Default: +# Hostname= + +Hostname=agent-1 + +### Option: HostnameItem +# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. +# Does not support UserParameters or aliases. +# +# Mandatory: no +# Default: +# HostnameItem=system.hostname + +### Option: HostMetadata +# Optional parameter that defines host metadata. +# Host metadata is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostMetadataItem. +# +# Mandatory: no +# Range: 0-255 characters +# Default: +# HostMetadata= + +### Option: HostMetadataItem +# Optional parameter that defines an item used for getting host metadata. +# Host metadata is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostMetadata is not defined. +# +# Mandatory: no +# Default: +# HostMetadataItem= + +### Option: RefreshActiveChecks +# How often list of active checks is refreshed, in seconds. +# +# Mandatory: no +# Range: 60-3600 +# Default: +# RefreshActiveChecks=120 + +### Option: BufferSend +# Do not keep data longer than N seconds in buffer. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# BufferSend=5 + +### Option: BufferSize +# Maximum number of values in a memory buffer. The agent will send +# all collected data to Zabbix Server or Proxy if the buffer is full. +# +# Mandatory: no +# Range: 2-65535 +# Default: +# BufferSize=100 + +### Option: MaxLinesPerSecond +# Maximum number of new lines the agent will send per second to Zabbix Server +# or Proxy processing 'log' and 'logrt' active checks. +# The provided value will be overridden by the parameter 'maxlines', +# provided in 'log' or 'logrt' item keys. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxLinesPerSecond=20 + +############ ADVANCED PARAMETERS ################# + +### Option: Alias +# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. +# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. +# Different Alias keys may reference the same item key. +# For example, to retrieve the ID of user 'zabbix': +# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] +# Now shorthand key zabbix.userid may be used to retrieve data. +# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. +# +# Mandatory: no +# Range: +# Default: + +### Option: Timeout +# Spend no more than Timeout seconds on processing +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +### Option: AllowRoot +# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowRoot=0 + +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +# Mandatory: no +# Default: +# User=zabbix + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +Include=/etc/zabbix/zabbix_agentd.d/*.conf + +# Include=/usr/local/etc/zabbix_agentd.userparams.conf +# Include=/usr/local/etc/zabbix_agentd.conf.d/ +# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf + +####### USER-DEFINED MONITORED PARAMETERS ####### + +### Option: UnsafeUserParameters +# Allow all characters to be passed in arguments to user-defined parameters. +# The following characters are not allowed: +# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ +# Additionally, newline characters are not allowed. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Range: 0-1 +# Default: +# UnsafeUserParameters=0 + +### Option: UserParameter +# User-defined parameter to monitor. There can be several user-defined parameters. +# Format: UserParameter=, +# See 'zabbix_agentd' directory for examples. +# +# Mandatory: no +# Default: +# UserParameter= + +####### LOADABLE MODULES ####### + +### Option: LoadModulePath +# Full path to location of agent modules. +# Default depends on compilation options. +# To see the default path run command "zabbix_agentd --help". +# +# Mandatory: no +# Default: +# LoadModulePath=${libdir}/modules + +### Option: LoadModule +# Module to load at agent startup. Modules are used to extend functionality of the agent. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +# It is allowed to include multiple LoadModule parameters. +# +# Mandatory: no +# Default: +# LoadModule= + +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the agent should connect to server or proxy. Used for active checks. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted + +### Option: TLSAccept +# What incoming connections to accept. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= + +### Option: TLSCertFile +# Full pathname of a file containing the agent certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +### Option: TLSKeyFile +# Full pathname of a file containing the agent private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= diff --git a/scripts/setupagent.sh b/scripts/setupagent.sh index c759ccb..73c8b9b 100755 --- a/scripts/setupagent.sh +++ b/scripts/setupagent.sh @@ -4,5 +4,6 @@ cd ~ sudo wget https://repo.zabbix.com/zabbix/4.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.0-2+bionic_all.deb sudo dpkg -i zabbix-release_4.0-2+bionic_all.deb sudo apt-get update +sudo apt-get install mc htop -y sudo apt install zabbix-agent -y sudo service zabbix-agent start diff --git a/scripts/setupzabbix.sh b/scripts/setupzabbix.sh index 236fedf..1cfd305 100755 --- a/scripts/setupzabbix.sh +++ b/scripts/setupzabbix.sh @@ -6,7 +6,9 @@ sudo apt update sudo apt install zabbix-server-mysql -y sudo apt install zabbix-frontend-php -y -sudo apt install git -y +sudo apt install zabbix-agent -y +sudo apt install git curl php-curl mc htop -y + sudo mysql -uroot -e "create database zabbix character set utf8 collate utf8_bin;" sudo mysql -uroot -e "grant all privileges on zabbix.* to zabbix@localhost identified by 'V7F4Uj12dcn5WAu';" diff --git a/scripts/agents/vpc.tf b/vpc.tf similarity index 91% rename from scripts/agents/vpc.tf rename to vpc.tf index fb22464..7b5897c 100644 --- a/scripts/agents/vpc.tf +++ b/vpc.tf @@ -10,7 +10,7 @@ resource "google_compute_firewall" "firewall_vpn" { allow { protocol = "tcp" ports = [ - "443", "80", "10050" + "443", "80", "10050", "10051" ] }