diff --git a/states/zabbix/agent/config.sls b/states/zabbix/agent/config.sls index ae131ea..aedc6d8 100644 --- a/states/zabbix/agent/config.sls +++ b/states/zabbix/agent/config.sls @@ -1,5 +1,14 @@ --- {%- from "zabbix/map.jinja" import zabbix with context %} +zabbix_config_dir: + file.directory: + - name: /etc/zabbix + - user: root + - group: root + - mode: 755 + - watch_in: + - service: zabbix_agent_service + zabbix_log_dir: file.directory: - name: /var/log/zabbix @@ -9,6 +18,15 @@ zabbix_log_dir: - watch_in: - service: zabbix_agent_service +zabbix_agent_config_dir: + file.directory: + - name: /etc/zabbix/zabbix_agentd.conf.d + - user: root + - group: root + - mode: 755 + - watch_in: + - service: zabbix_agent_service + zabbix_agent_config: file.managed: - name: /etc/zabbix/zabbix_agentd.conf @@ -26,3 +44,14 @@ zabbix_agent_tlspsk_file: - watch_in: - service: zabbix_agent_service {% endif %} + +zabbix_userparameters: + file.managed: + - name: /etc/zabbix/zabbix_agentd.conf.d/user_parameters.conf + - source: salt://zabbix/templates/user_parameters.j2 + - user: root + - group: root + - mode: 0755 + - template: jinja + - watch_in: + - service: zabbix_agent_service diff --git a/states/zabbix/agent/init.sls b/states/zabbix/agent/init.sls index 383c46b..d3f46a7 100644 --- a/states/zabbix/agent/init.sls +++ b/states/zabbix/agent/init.sls @@ -2,4 +2,5 @@ include: - .install - .config + - .scripts - .service diff --git a/states/zabbix/agent/scripts.sls b/states/zabbix/agent/scripts.sls new file mode 100644 index 0000000..0caa55a --- /dev/null +++ b/states/zabbix/agent/scripts.sls @@ -0,0 +1,15 @@ +--- +{%- from "zabbix/map.jinja" import zabbix with context %} +zabbix_script_dir: + file.directory: + - name: /etc/zabbix/scripts + +{%- for key, value in zabbix.agent.scripts.items() %} +zabbix_script_{{ key }}: + file.managed: + - name: /etc/zabbix/scripts/{{ value.name }} + - source: salt://zabbix/scripts/{{ value.name }} + - owner: zabbix + - group: zabbix + - mode: 0755 +{%- endfor %} diff --git a/states/zabbix/defaults.yaml b/states/zabbix/defaults.yaml index 0836ffd..4ba5a63 100644 --- a/states/zabbix/defaults.yaml +++ b/states/zabbix/defaults.yaml @@ -16,11 +16,21 @@ zabbix: agent: enabled: true pkgs: + - python3-pyzabbix - zabbix-agent + - zabbix-get + - zabbix-sender config: + Hostname: {{ salt["grains.get"]("fqdn") }} + Include: "/etc/zabbix/zabbix_agentd.conf.d/*.conf" LogFile: /var/log/zabbix/zabbix_agentd.log LogFileSize: 0 LogType: file PidFile: /var/run/zabbix/zabbix_agentd.pid Server: 127.0.0.1 ServerActive: zabbix.paulbsd.com + scripts: + apt: + name: apt.py + userparameters: + - "apt.updates,/etc/zabbix/scripts/apt.py" diff --git a/states/zabbix/scripts/apt.py b/states/zabbix/scripts/apt.py new file mode 100755 index 0000000..60bd634 --- /dev/null +++ b/states/zabbix/scripts/apt.py @@ -0,0 +1,63 @@ +#!/usr/bin/python3 + +import sys +import subprocess +import apt_pkg + +DISTRO = subprocess.check_output(["lsb_release", "-c", "-s"], + universal_newlines=True).strip() + +def get_updates(): + pkgs = [] + apt_pkg.init() + cache = apt_pkg.Cache(None) + depcache = apt_pkg.DepCache(cache) + for pkg in cache.packages: + inst_ver = pkg.current_ver + cand_ver = depcache.get_candidate_ver(pkg) + if inst_ver is not None: + if cand_ver.ver_str == inst_ver.ver_str: + continue + record = {"name": pkg.name, + "security": isSecurityUpgrade(pkg, depcache), + "section": inst_ver.section, + "current_version": inst_ver.ver_str if inst_ver else '-', + "candidate_version": cand_ver.ver_str if cand_ver else '-', + "priority": cand_ver.priority_str} + pkgs.append(record) + return pkgs + +def isSecurityUpgrade(pkg, depcache): + + def isSecurityUpgrade_helper(ver): + """ check if the given version is a security update (or masks one) """ + security_pockets = [("Ubuntu", "%s-security" % DISTRO), + ("gNewSense", "%s-security" % DISTRO), + ("Debian", "%s-updates" % DISTRO)] + + for (f, _) in ver.file_list: + for origin, archive in security_pockets: + if (f.archive == archive and f.origin == origin): + return True + return False + inst_ver = pkg.current_ver + cand_ver = depcache.get_candidate_ver(pkg) + + if isSecurityUpgrade_helper(cand_ver): + return True + + for ver in pkg.version_list: + if (inst_ver and + apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) <= 0): + continue + if isSecurityUpgrade_helper(ver): + return True + + return False + +def main(): + pkgs = get_updates() + sys.exit(str(len(pkgs))) + +if __name__ == "__main__": + main() diff --git a/states/zabbix/scripts/systemd_discovery.py b/states/zabbix/scripts/systemd_discovery.py new file mode 100644 index 0000000..521b2a0 --- /dev/null +++ b/states/zabbix/scripts/systemd_discovery.py @@ -0,0 +1,12 @@ +#!/usr/bin/python3 + +import subprocess +import json + +ret = {"data": []} +output = subprocess.run("systemctl list-unit-files | grep -E '\.service\s+(generated|enabled)' | awk -F'.service ' '{print $1}'", shell=True, capture_output=True).stdout + +for line in output.splitlines(): + ret["data"].append({"{#SERVICE}": line.decode("utf-8")}) + +print(json.dumps(ret)) diff --git a/states/zabbix/templates/user_parameters.j2 b/states/zabbix/templates/user_parameters.j2 new file mode 100644 index 0000000..de7efcc --- /dev/null +++ b/states/zabbix/templates/user_parameters.j2 @@ -0,0 +1,4 @@ +{%- from "zabbix/map.jinja" import zabbix with context -%} +{%- for userparameter in zabbix.agent.userparameters %} +UserParameter={{ userparameter }} +{%- endfor %} diff --git a/states/zabbix/templates/zabbix_agentd.conf.j2 b/states/zabbix/templates/zabbix_agentd.conf.j2 index 6890570..a868307 100644 --- a/states/zabbix/templates/zabbix_agentd.conf.j2 +++ b/states/zabbix/templates/zabbix_agentd.conf.j2 @@ -1,4 +1,4 @@ -{%- from "zabbix/map.jinja" import zabbix with context %} +{%- from "zabbix/map.jinja" import zabbix with context -%} {%- for k, v in zabbix.agent.config.items() %} {{ k }}={{ v }} {%- endfor %}