Snarf/SnarfCode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
edfcbf280902ad5b33a865679fcf5c0711432d63
SnarfCode/zabbix-autoregister/deploy_zabbix_agent_windows.ps1
p2913020 edfcbf2809 Added Zabbix autoregister scripts
2026-05-21 12:53:58 -04:00

200 lines
5.8 KiB
PowerShell
Raw Blame History

#Requires -RunAsAdministrator
<#
.SYNOPSIS
Zabbix Agent 2 Deployment Script - Windows
Installs and configures Zabbix Agent 2 with PSK auto-registration.
.DESCRIPTION
Target server: zabbix.snarfnet.net
Downloads Zabbix Agent 2 MSI, installs it, configures PSK encryption,
and starts the service for auto-registration.
.PARAMETER PskKey
Optional. A 64-character hex PSK key. If omitted, one is generated.
.PARAMETER ZabbixVersion
Optional. Zabbix version to install. Defaults to 7.0.0.
.EXAMPLE
.\deploy_zabbix_agent_windows.ps1
.\deploy_zabbix_agent_windows.ps1 -PskKey "aabbccdd..."
#>
param(
[Parameter(Mandatory = $false)]
[string]$PskKey = "",
[Parameter(Mandatory = $false)]
[string]$ZabbixVersion = "7.0.26"
)
# --- Configuration ---
$ZabbixServer = "zabbix.snarfnet.net"
$PskIdentity = "PSK_autoregister"
$HostMetadata = "Windows"
$InstallDir = "C:\Program Files\Zabbix Agent 2"
$ConfFile = "$InstallDir\zabbix_agent2.conf"
$PskFile = "$InstallDir\zabbix_agent2.psk"
$MsiUrl = "https://cdn.zabbix.com/zabbix/binaries/stable/7.0/$ZabbixVersion/zabbix_agent2-$ZabbixVersion-windows-amd64-openssl.msi"
$MsiPath = "$env:TEMP\zabbix_agent2.msi"
# --- Functions ---
function Write-Log {
param([string]$Message)
Write-Host "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] $Message"
}
function New-PskKey {
$bytes = New-Object byte[] 32
$rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rng.GetBytes($bytes)
return ($bytes | ForEach-Object { $_.ToString("x2") }) -join ''
}
function Install-ZabbixAgent {
Write-Log "Downloading Zabbix Agent 2 v$ZabbixVersion..."
try {
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $MsiUrl -OutFile $MsiPath -UseBasicParsing
}
catch {
Write-Log "ERROR: Failed to download MSI from $MsiUrl"
Write-Log " $_"
exit 1
}
Write-Log "Installing Zabbix Agent 2..."
$msiArgs = @(
"/i", $MsiPath,
"/qn",
"/l*v", "$env:TEMP\zabbix_agent2_install.log",
"SERVER=$ZabbixServer",
"SERVERACTIVE=$ZabbixServer",
"INSTALLFOLDER=`"$InstallDir`""
)
$process = Start-Process msiexec.exe -ArgumentList $msiArgs -Wait -PassThru
if ($process.ExitCode -ne 0) {
Write-Log "ERROR: MSI installation failed with exit code $($process.ExitCode)"
Write-Log " Check log: $env:TEMP\zabbix_agent2_install.log"
exit 1
}
Remove-Item $MsiPath -Force -ErrorAction SilentlyContinue
Write-Log "Installation complete."
}
function Set-AgentConfiguration {
param([string]$Key)
Write-Log "Writing PSK to $PskFile..."
Set-Content -Path $PskFile -Value $Key -NoNewline
$acl = Get-Acl $PskFile
$acl.SetAccessRuleProtection($true, $false)
$adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"BUILTIN\Administrators", "FullControl", "Allow")
$systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"NT AUTHORITY\SYSTEM", "FullControl", "Allow")
$acl.AddAccessRule($adminRule)
$acl.AddAccessRule($systemRule)
Set-Acl -Path $PskFile -AclObject $acl
Write-Log "Configuring $ConfFile..."
if (Test-Path $ConfFile) {
Copy-Item $ConfFile "$ConfFile.bak.$(Get-Date -Format 'yyyyMMddHHmmss')"
}
$config = @"
# Zabbix Agent 2 Configuration
# Auto-generated by deployment script on $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')
Server=$ZabbixServer
ServerActive=$ZabbixServer
HostnameItem=system.hostname
HostMetadata=$HostMetadata
# PSK Encryption
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=$PskIdentity
TLSPSKFile=$PskFile
# Logging
LogFile=$InstallDir\zabbix_agent2.log
LogFileSize=10
# Performance
BufferSend=5
BufferSize=100
"@
Set-Content -Path $ConfFile -Value $config
Write-Log "Configuration written."
}
function Start-ZabbixAgent {
Write-Log "Configuring Zabbix Agent 2 service..."
$svc = Get-Service -Name "Zabbix Agent 2" -ErrorAction SilentlyContinue
if (-not $svc) {
Write-Log "ERROR: Zabbix Agent 2 service not found. Installation may have failed."
exit 1
}
Set-Service -Name "Zabbix Agent 2" -StartupType Automatic
Restart-Service -Name "Zabbix Agent 2" -Force
Start-Sleep -Seconds 2
$svc = Get-Service -Name "Zabbix Agent 2"
if ($svc.Status -eq "Running") {
Write-Log "Zabbix Agent 2 is running."
}
else {
Write-Log "WARNING: Service status is '$($svc.Status)'. Check logs at $InstallDir\zabbix_agent2.log"
}
}
function Add-FirewallRule {
$ruleName = "Zabbix Agent 2 (TCP-In 10050)"
$existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
if (-not $existing) {
Write-Log "Adding firewall rule for port 10050..."
New-NetFirewallRule -DisplayName $ruleName `
-Direction Inbound -Protocol TCP -LocalPort 10050 `
-Action Allow -Profile Domain, Private | Out-Null
}
else {
Write-Log "Firewall rule already exists."
}
}
# --- Main ---
Write-Log "=== Zabbix Agent 2 Deployment (Windows) ==="
Write-Log "Server: $ZabbixServer"
Write-Log "PSK Identity: $PskIdentity"
# Generate or validate PSK
if ([string]::IsNullOrEmpty($PskKey)) {
$PskKey = New-PskKey
Write-Log "Generated new PSK key."
}
if ($PskKey -notmatch '^[0-9a-fA-F]{32,128}$') {
Write-Log "ERROR: PSK must be a 32-128 character hex string."
exit 1
}
Install-ZabbixAgent
Set-AgentConfiguration -Key $PskKey
Add-FirewallRule
Start-ZabbixAgent
Write-Log "=== Deployment Complete ==="
Write-Log "PSK Identity: $PskIdentity"
Write-Log "PSK Key: $PskKey"
Write-Log ""
Write-Log "IMPORTANT: Use this same PSK identity and key in your Zabbix server"
Write-Log " auto-registration encryption settings."
Reference in New Issue View Git Blame Copy Permalink