158 lines
4.7 KiB
Bash
158 lines
4.7 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Zabbix Agent 2 Deployment Script - Linux
|
|
# Installs and configures Zabbix Agent 2 with PSK auto-registration
|
|
# Target server: zabbix.snarfnet.net
|
|
#
|
|
# Usage: sudo bash deploy_zabbix_agent_linux.sh [psk_key]
|
|
# psk_key - (optional) 128-char hex PSK. If omitted, one is generated.
|
|
#
|
|
set -euo pipefail
|
|
|
|
ZABBIX_SERVER="zabbix.snarfnet.net"
|
|
PSK_IDENTITY="PSK_autoregister"
|
|
PSK_FILE="/etc/zabbix/zabbix_agent2.psk"
|
|
AGENT_CONF="/etc/zabbix/zabbix_agent2.conf"
|
|
HOST_METADATA="Linux"
|
|
|
|
# --- Functions ---
|
|
|
|
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; }
|
|
|
|
detect_os() {
|
|
if [ -f /etc/os-release ]; then
|
|
. /etc/os-release
|
|
OS_ID="${ID}"
|
|
OS_VERSION="${VERSION_ID%%.*}"
|
|
else
|
|
log "ERROR: Cannot detect OS. /etc/os-release not found."
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
install_agent_rhel() {
|
|
local major_ver="$1"
|
|
log "Installing Zabbix Agent 2 on RHEL/CentOS ${major_ver}..."
|
|
|
|
# Install Zabbix repo
|
|
rpm -Uvh "https://repo.zabbix.com/zabbix/7.0/rhel/${major_ver}/x86_64/zabbix-release-latest-7.0.el${major_ver}.noarch.rpm" 2>/dev/null || true
|
|
dnf clean all
|
|
dnf install -y zabbix-agent2 zabbix-agent2-plugin-*
|
|
}
|
|
|
|
install_agent_debian() {
|
|
local codename="$1"
|
|
log "Installing Zabbix Agent 2 on Debian/Ubuntu (${codename})..."
|
|
|
|
wget -q "https://repo.zabbix.com/zabbix/7.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest+ubuntu_all.deb" -O /tmp/zabbix-release.deb
|
|
dpkg -i /tmp/zabbix-release.deb
|
|
apt-get update
|
|
apt-get install -y zabbix-agent2 zabbix-agent2-plugin-*
|
|
rm -f /tmp/zabbix-release.deb
|
|
}
|
|
|
|
install_agent() {
|
|
detect_os
|
|
case "${OS_ID}" in
|
|
rhel|centos|rocky|alma|fedora)
|
|
install_agent_rhel "${OS_VERSION}"
|
|
;;
|
|
debian|ubuntu)
|
|
local codename
|
|
codename=$(lsb_release -cs 2>/dev/null || echo "jammy")
|
|
install_agent_debian "${codename}"
|
|
;;
|
|
*)
|
|
log "ERROR: Unsupported OS '${OS_ID}'. Install zabbix-agent2 manually, then re-run."
|
|
exit 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
generate_psk() {
|
|
openssl rand -hex 32
|
|
}
|
|
|
|
configure_agent() {
|
|
local psk_key="$1"
|
|
|
|
log "Writing PSK to ${PSK_FILE}..."
|
|
echo "${psk_key}" > "${PSK_FILE}"
|
|
chmod 640 "${PSK_FILE}"
|
|
chown root:zabbix "${PSK_FILE}"
|
|
|
|
log "Configuring ${AGENT_CONF}..."
|
|
cp "${AGENT_CONF}" "${AGENT_CONF}.bak.$(date +%s)"
|
|
|
|
# Apply configuration
|
|
sed -i "s|^Server=.*|Server=${ZABBIX_SERVER}|" "${AGENT_CONF}"
|
|
sed -i "s|^ServerActive=.*|ServerActive=${ZABBIX_SERVER}|" "${AGENT_CONF}"
|
|
sed -i "s|^Hostname=.*|# Hostname=|" "${AGENT_CONF}"
|
|
|
|
# Add/update settings that may not exist
|
|
grep -q "^HostnameItem=" "${AGENT_CONF}" && \
|
|
sed -i "s|^HostnameItem=.*|HostnameItem=system.hostname|" "${AGENT_CONF}" || \
|
|
echo "HostnameItem=system.hostname" >> "${AGENT_CONF}"
|
|
|
|
grep -q "^HostMetadata=" "${AGENT_CONF}" && \
|
|
sed -i "s|^HostMetadata=.*|HostMetadata=${HOST_METADATA}|" "${AGENT_CONF}" || \
|
|
echo "HostMetadata=${HOST_METADATA}" >> "${AGENT_CONF}"
|
|
|
|
grep -q "^TLSConnect=" "${AGENT_CONF}" && \
|
|
sed -i "s|^TLSConnect=.*|TLSConnect=psk|" "${AGENT_CONF}" || \
|
|
echo "TLSConnect=psk" >> "${AGENT_CONF}"
|
|
|
|
grep -q "^TLSAccept=" "${AGENT_CONF}" && \
|
|
sed -i "s|^TLSAccept=.*|TLSAccept=psk|" "${AGENT_CONF}" || \
|
|
echo "TLSAccept=psk" >> "${AGENT_CONF}"
|
|
|
|
grep -q "^TLSPSKIdentity=" "${AGENT_CONF}" && \
|
|
sed -i "s|^TLSPSKIdentity=.*|TLSPSKIdentity=${PSK_IDENTITY}|" "${AGENT_CONF}" || \
|
|
echo "TLSPSKIdentity=${PSK_IDENTITY}" >> "${AGENT_CONF}"
|
|
|
|
grep -q "^TLSPSKFile=" "${AGENT_CONF}" && \
|
|
sed -i "s|^TLSPSKFile=.*|TLSPSKFile=${PSK_FILE}|" "${AGENT_CONF}" || \
|
|
echo "TLSPSKFile=${PSK_FILE}" >> "${AGENT_CONF}"
|
|
}
|
|
|
|
start_agent() {
|
|
log "Enabling and starting zabbix-agent2..."
|
|
systemctl enable zabbix-agent2
|
|
systemctl restart zabbix-agent2
|
|
systemctl status zabbix-agent2 --no-pager
|
|
}
|
|
|
|
# --- Main ---
|
|
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
echo "This script must be run as root." >&2
|
|
exit 1
|
|
fi
|
|
|
|
PSK_KEY="${1:-}"
|
|
if [ -z "${PSK_KEY}" ]; then
|
|
PSK_KEY=$(generate_psk)
|
|
log "Generated new PSK key."
|
|
fi
|
|
|
|
# Validate PSK is valid hex and at least 32 chars
|
|
if ! echo "${PSK_KEY}" | grep -qE '^[0-9a-fA-F]{32,128}$'; then
|
|
log "ERROR: PSK must be a 32-128 character hex string."
|
|
exit 1
|
|
fi
|
|
|
|
log "=== Zabbix Agent 2 Deployment ==="
|
|
log "Server: ${ZABBIX_SERVER}"
|
|
log "PSK Identity: ${PSK_IDENTITY}"
|
|
|
|
install_agent
|
|
configure_agent "${PSK_KEY}"
|
|
start_agent
|
|
|
|
log "=== Deployment Complete ==="
|
|
log "PSK Identity: ${PSK_IDENTITY}"
|
|
log "PSK Key: ${PSK_KEY}"
|
|
log ""
|
|
log "IMPORTANT: Use this same PSK identity and key in your Zabbix server"
|
|
log "auto-registration encryption settings."
|