41 lines
1.1 KiB
YAML
41 lines
1.1 KiB
YAML
---
|
|
- name: Modifier zabbix_agentd.conf et sudoer pour que zabbix puisse executer des scripts sur l'hote.
|
|
hosts: all
|
|
|
|
tasks:
|
|
- name: Ajouter "AllowKey=system.run[*]" a /etc/zabbix/zabbix_agentd.conf
|
|
lineinfile:
|
|
path: /etc/zabbix/zabbix_agentd.conf
|
|
state: present
|
|
line: "AllowKey=system.run[*]"
|
|
regexp: "AllowKey=system.run[*]"
|
|
insertbefore: "### Option: LogRemoteCommands"
|
|
|
|
- name: Commenter "DenyKey=system.run[*]" dans /etc/zabbix/zabbix_agentd.conf
|
|
lineinfile:
|
|
path: /etc/zabbix/zabbix_agentd.conf
|
|
state: present
|
|
firstmatch: yes
|
|
regexp: '^DenyKey='
|
|
line: "#DenyKey=system.run[*]"
|
|
backrefs: yes
|
|
|
|
- name: Make sure we have a 'zabbix' group
|
|
group:
|
|
name: zabbix
|
|
state: present
|
|
|
|
- name: Allow 'zabbix' group to have passwordless sudo
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '%zabbix'
|
|
insertafter: '^%sudo'
|
|
line: '%zabbix ALL=(ALL) NOPASSWD:{{ sudo_call_path }}'
|
|
validate: visudo -cf %s
|
|
|
|
- name: Redemarrer le process "zabbix_agent"
|
|
systemd:
|
|
name: zabbix-agent
|
|
state: restarted
|