dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

Compare commits

base: dustin:b5ea6b702aabe069659e2c473b9e45370d4a747e
Branches Tags
dustin:master
dustin:unifi-restore
dustin:dynamic-inventory
dustin:frigate-exporter
dustin:nut0
dustin:nut-monitor
dustin:no-vault-in-inventory
dustin:wheelhost
dustin:chrony
dustin:step-ssh
dustin:btop
dustin:collectd-buildroot
dustin:ntfy
dustin:jenkins-master
...
compare: dustin:ddafc0983903c603255511e968811e0f1f610e6b
Branches Tags
dustin:master
dustin:unifi-restore
dustin:dynamic-inventory
dustin:frigate-exporter
dustin:nut0
dustin:nut-monitor
dustin:no-vault-in-inventory
dustin:wheelhost
dustin:chrony
dustin:step-ssh
dustin:btop
dustin:collectd-buildroot
dustin:ntfy
dustin:jenkins-master

3 Commits
b5ea6b702a ... ddafc09839

Author SHA1 Message Date
Dustin ddafc09839 dch-gw: Open Zabbix ports in the firewall 
Obviously, the Zabbix agent (active and passive) ports need to be open
in order for the gateway device itself to be monitored by Zabbix.
 2018-06-19 20:41:45 -05:00
Dustin 5188250cfc hosts: Add dch-gw to zabbix group 
The gateway device is now monitored by Zabbix. Adding it to the *zabbix*
group ensures that the Zabbix agent is installed and configured
correctly.

Because the *zabbix-agent* role has a task to configure FirewallD, the
`host_uses_firewalld` variable needs to be set to `false` for *gw0*,
since it does not use FirewallD.
 2018-06-19 20:40:58 -05:00
Dustin f78fe14eae roles/zabbix: Respect host_uses_firewalld 
For machines that do not use firewalld, the *zabbix-agent* role will now
skip attempting to open the Zabbix agent port using the `firewalld`
module. The `host_uses_firewalld` variable controls this behavior.
 2018-06-19 20:37:09 -05:00
4 changed files with 7 additions and 0 deletions
Show Stats Expand all files Collapse all files

4
group_vars/dch-gw/dch-network.yml
View File

@ -85,6 +85,8 @@ allow_incoming:
port: bootps
- protocol: tcp
port: ssh
- protocol: tcp
port: 10050
allow_outgoing:
@ -106,5 +108,7 @@ allow_outgoing:
port: domain
- protocol: udp
port: ntp
- protocol: tcp
port: 10051
trace_dropped: true

1
host_vars/gw0/main.yml Normal file
View File

@ -0,0 +1 @@
host_uses_firewalld: false

1
hosts
View File

@ -67,4 +67,5 @@ zabbix-server
zbx0.pyrocufflink.blue
[zabbix:children]
dch-gw
pyrocufflink

1
roles/zabbix-agent/tasks/main.yml
View File

@ -34,6 +34,7 @@
state=enabled
tags:
- firewalld
when: host_uses_firewalld|d(true)
notify: save firewalld configuration
- name: ensure zabbix agent starts at boot