From bc24f838a680d49559379cb55f93c23ca5a3d055 Mon Sep 17 00:00:00 2001
From: Dirk Wirts <d.wirts@asmodee.com>
Date: Fri, 10 Nov 2023 16:53:25 +0100
Subject: [PATCH] =?UTF-8?q?Weitere=20Daeien=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible-deploy_zabbix_agent.yml | 93 +++++++++++++++++++++++++++++++++
 ansible-setup_AWS.yml           | 42 +++++++++++++++
 setups/enable_ansible.sh        | 11 ++++
 3 files changed, 146 insertions(+)
 create mode 100644 ansible-deploy_zabbix_agent.yml
 create mode 100644 ansible-setup_AWS.yml
 create mode 100644 setups/enable_ansible.sh

diff --git a/ansible-deploy_zabbix_agent.yml b/ansible-deploy_zabbix_agent.yml
new file mode 100644
index 0000000..0f47ee7
--- /dev/null
+++ b/ansible-deploy_zabbix_agent.yml
@@ -0,0 +1,93 @@
+---
+- name: Deploy Zabbix-Agent and Zabbix-Proxy with Docker
+  hosts: all
+  become: true
+  vars:
+    zabbix_version: "alpine-6.2-latest"
+    hostname: "{{ ansible_hostname }}"
+    zabbix_server_host: "{{ hostvars['your_zabbix_server']['ansible_default_ipv4']['address'] }}"
+    zabbix_cachesize: "64M"
+    docker_network_name: "build"
+    docker_network_external: true
+  tasks:
+    - name: Ensure directory exists
+      file:
+        path: /mnt/docker/zabbix-agent
+        state: directory
+        owner: root
+        group: docker
+        mode: '0755'
+
+    - name: Create Docker Compose file
+      copy:
+        dest: /mnt/docker/zabbix-agent/docker-compose.yaml
+        content: |
+          version: "3"
+          services:
+            zabbix-agent:
+              image: zabbix/zabbix-agent2:{{ zabbix_version }}
+              container_name: zabbix-agent
+              hostname: zabbix-agent
+              restart: unless-stopped
+              privileged: true
+              user: root
+              healthcheck:
+                test: grep -qr "zabbix_agent2" /proc/*/status || exit 1
+                interval: 1m
+                timeout: 30s
+                retries: 3
+              environment:
+                - ZBX_HOSTNAME
+                - ZBX_SERVER_HOST=zabbix-proxy
+                - ZBX_ACTIVE_ALLOW
+                - ZBX_PASSIVE_ALLOW
+              volumes:
+                - /etc/localtime:/etc/localtime:ro
+                - /var/run/docker.sock:/var/run/docker.sock
+                - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
+                - ./dummy:/mnt/docker:ro
+
+            zabbix-proxy:
+              image: zabbix/zabbix-proxy-sqlite3:{{ zabbix_version }}
+              container_name: zabbix-proxy
+              hostname: zabbix-proxy
+              restart: unless-stopped
+              healthcheck:
+                test: grep -qr "zabbix_proxy" /proc/*/status || exit 1
+                interval: 1m
+                timeout: 30s
+                retries: 3
+              ports:
+                - 127.0.0.1:10051:10051
+              environment:
+                - ZBX_PROXYMODE=1
+                - ZBX_HOSTNAME
+                - ZBX_SERVER_HOST
+                - ZBX_CACHESIZE
+              volumes:
+                - ./snmptraps:/var/lib/zabbix/snmptraps
+
+          networks:
+            default:
+              name: {{ docker_network_name }}
+              external: {{ docker_network_external }}
+
+    - name: Create .env file
+      copy:
+        dest: /mnt/docker/zabbix-agent/.env
+        content: |
+          # settings for container
+          ZBX_HOSTNAME="{{ hostname }}"
+          ZBX_ACTIVE_ALLOW=false
+          ZBX_PASSIVE_ALLOW=true
+          ZBX_SERVER_HOST="{{ zabbix_server_host }}"
+          ZBX_CACHESIZE="{{ zabbix_cachesize }}"
+        mode: '0640'
+        owner: root
+        group: docker
+
+    - name: Run Docker Compose
+      community.docker.docker_compose:
+        project_src: /mnt/docker/zabbix-agent/
+        state: present
+        restarted: yes
diff --git a/ansible-setup_AWS.yml b/ansible-setup_AWS.yml
new file mode 100644
index 0000000..dfca900
--- /dev/null
+++ b/ansible-setup_AWS.yml
@@ -0,0 +1,42 @@
+---
+# vorher muss noch die Ansible Vault erzeugt werden:
+#
+# ansible-vault create aws_credentials.yml
+# folgender Inhalt:
+# ---
+# AWS_ACCESS_ID: 'IhrAWSAccessID'
+# AWS_ACCESS_KEY: 'IhrAWSSecretKey'
+#
+# das Vault Passwort sollte ebenfalls aus einer Datei gelesen werden, z.B.:
+# /root/vault_pw
+#
+- name: Setup AWS environment using Ansible Vault
+  hosts: localhost
+  gather_facts: no
+
+  vars_files:
+    - aws_credentials.yml
+
+  tasks:
+    - name: Create .aws directory
+      file:
+        path: "{{ ansible_env.HOME }}/.aws"
+        state: directory
+        mode: '0755'
+
+    - name: Set AWS region config
+      copy:
+        dest: "{{ ansible_env.HOME }}/.aws/config"
+        content: |
+          [default]
+          region = eu-central-1
+        mode: '0640'
+
+    - name: Set AWS credentials from Vault
+      copy:
+        dest: "{{ ansible_env.HOME }}/.aws/credentials"
+        content: |
+          [default]
+          aws_access_key_id = {{ AWS_ACCESS_ID }}
+          aws_secret_access_key = {{ AWS_ACCESS_KEY }}
+        mode: '0640'
diff --git a/setups/enable_ansible.sh b/setups/enable_ansible.sh
new file mode 100644
index 0000000..459c6e7
--- /dev/null
+++ b/setups/enable_ansible.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# enable host for ansible
+set -e
+PUBKEY="ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEuwAZEN/DNkr1KkBsHdw1kRV964httL4gqpstBgComJy549miU2Cul0ozyl76qv8L6BNCzQywW86Kbb2h8glufSwCDwbcZpmQUN4lRDctrWHUU8R2mPLwSQfFqc+AVYomotegaVOnSwQzpOkTJIv94LWI3Amsfo0L/2V8JY0cb3WNMIg== root@ansible-host"
+id -u ansible > /dev/null 2>&1 || adduser ansible --disabled-password --gecos "" --quiet
+mkdir -p /home/ansible/.ssh
+echo "$PUBKEY" > /home/ansible/.ssh/authorized_keys
+chown -R ansible /home/ansible/.ssh
+apt-get update
+apt-get install sudo
+grep -q ansible /etc/sudoers.d/ansible || echo "ansible ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible