updated zabbix state

states/zabbix/agent/config.sls

@@ -1,5 +1,14 @@
 ---
 {%- from "zabbix/map.jinja" import zabbix with context %}
+zabbix_config_dir:
+  file.directory:
+    - name: /etc/zabbix
+    - user: root
+    - group: root
+    - mode: 755
+    - watch_in:
+      - service: zabbix_agent_service
+
 zabbix_log_dir:
   file.directory:
     - name: /var/log/zabbix
@@ -9,6 +18,15 @@ zabbix_log_dir:
     - watch_in:
       - service: zabbix_agent_service
 
+zabbix_agent_config_dir:
+  file.directory:
+    - name: /etc/zabbix/zabbix_agentd.conf.d
+    - user: root
+    - group: root
+    - mode: 755
+    - watch_in:
+      - service: zabbix_agent_service
+
 zabbix_agent_config:
   file.managed:
     - name: /etc/zabbix/zabbix_agentd.conf
@@ -26,3 +44,14 @@ zabbix_agent_tlspsk_file:
     - watch_in:
       - service: zabbix_agent_service
 {% endif %}
+
+zabbix_userparameters:
+  file.managed:
+    - name: /etc/zabbix/zabbix_agentd.conf.d/user_parameters.conf
+    - source: salt://zabbix/templates/user_parameters.j2
+    - user: root
+    - group: root
+    - mode: 0755
+    - template: jinja
+    - watch_in:
+      - service: zabbix_agent_service

states/zabbix/agent/init.sls

@@ -2,4 +2,5 @@
 include:
   - .install
   - .config
+  - .scripts
   - .service

states/zabbix/agent/scripts.sls

@@ -0,0 +1,15 @@
+---
+{%- from "zabbix/map.jinja" import zabbix with context %}
+zabbix_script_dir:
+  file.directory:
+    - name: /etc/zabbix/scripts
+
+{%- for key, value in zabbix.agent.scripts.items() %}
+zabbix_script_{{ key }}:
+  file.managed:
+    - name: /etc/zabbix/scripts/{{ value.name }}
+    - source: salt://zabbix/scripts/{{ value.name }}
+    - owner: zabbix
+    - group: zabbix
+    - mode: 0755
+{%- endfor %}

states/zabbix/defaults.yaml

@@ -16,11 +16,21 @@ zabbix:
   agent:
     enabled: true
     pkgs:
+      - python3-pyzabbix
       - zabbix-agent
+      - zabbix-get
+      - zabbix-sender
     config:
+      Hostname: {{ salt["grains.get"]("fqdn") }}
+      Include: "/etc/zabbix/zabbix_agentd.conf.d/*.conf"
       LogFile: /var/log/zabbix/zabbix_agentd.log
       LogFileSize: 0
       LogType: file
       PidFile: /var/run/zabbix/zabbix_agentd.pid
       Server: 127.0.0.1
       ServerActive: zabbix.paulbsd.com
+    scripts:
+      apt:
+        name: apt.py
+    userparameters:
+      - "apt.updates,/etc/zabbix/scripts/apt.py"

states/zabbix/scripts/apt.py

@@ -0,0 +1,63 @@
+#!/usr/bin/python3
+
+import sys
+import subprocess
+import apt_pkg
+
+DISTRO = subprocess.check_output(["lsb_release", "-c", "-s"],
+                                 universal_newlines=True).strip()
+
+def get_updates():
+    pkgs = []
+    apt_pkg.init()
+    cache = apt_pkg.Cache(None)
+    depcache = apt_pkg.DepCache(cache)
+    for pkg in cache.packages:
+        inst_ver = pkg.current_ver
+        cand_ver = depcache.get_candidate_ver(pkg)
+        if inst_ver is not None:
+            if cand_ver.ver_str == inst_ver.ver_str:
+                continue
+            record = {"name": pkg.name,
+                      "security": isSecurityUpgrade(pkg, depcache),
+                      "section": inst_ver.section,
+                      "current_version": inst_ver.ver_str if inst_ver else '-',
+                      "candidate_version": cand_ver.ver_str if cand_ver else '-',
+                      "priority": cand_ver.priority_str}
+            pkgs.append(record)
+    return pkgs
+
+def isSecurityUpgrade(pkg, depcache):
+
+    def isSecurityUpgrade_helper(ver):
+        """ check if the given version is a security update (or masks one) """
+        security_pockets = [("Ubuntu", "%s-security" % DISTRO),
+                            ("gNewSense", "%s-security" % DISTRO),
+                            ("Debian", "%s-updates" % DISTRO)]
+
+        for (f, _) in ver.file_list:
+            for origin, archive in security_pockets:
+                if (f.archive == archive and f.origin == origin):
+                    return True
+        return False
+    inst_ver = pkg.current_ver
+    cand_ver = depcache.get_candidate_ver(pkg)
+
+    if isSecurityUpgrade_helper(cand_ver):
+        return True
+
+    for ver in pkg.version_list:
+        if (inst_ver and
+                apt_pkg.version_compare(ver.ver_str, inst_ver.ver_str) <= 0):
+            continue
+        if isSecurityUpgrade_helper(ver):
+            return True
+
+    return False
+
+def main():
+    pkgs = get_updates()
+    sys.exit(str(len(pkgs)))
+
+if __name__ == "__main__":
+    main()

states/zabbix/scripts/systemd_discovery.py

@@ -0,0 +1,12 @@
+#!/usr/bin/python3
+
+import subprocess
+import json
+
+ret = {"data": []}
+output = subprocess.run("systemctl list-unit-files |  grep -E '\.service\s+(generated|enabled)' | awk -F'.service ' '{print $1}'", shell=True, capture_output=True).stdout
+
+for line in output.splitlines():
+    ret["data"].append({"{#SERVICE}": line.decode("utf-8")})
+
+print(json.dumps(ret))

states/zabbix/templates/user_parameters.j2

@@ -0,0 +1,4 @@
+{%- from "zabbix/map.jinja" import zabbix with context -%}
+{%- for userparameter in zabbix.agent.userparameters %}
+UserParameter={{ userparameter }}
+{%- endfor %}

states/zabbix/templates/zabbix_agentd.conf.j2

@@ -1,4 +1,4 @@
-{%- from "zabbix/map.jinja" import zabbix with context %}
+{%- from "zabbix/map.jinja" import zabbix with context -%}
 {%- for k, v in zabbix.agent.config.items() %}
 {{ k }}={{ v }}
 {%- endfor %}