Revision of Zabbix agent installer

dizyaka 已修改 3 weeks ago. 還原成這個修訂版本

1 file changed, 3 deletions

zabbix_agent.sh

			@@ -93,9 +93,6 @@ Server=${SERVER}
93	93		ServerActive=${SERVER}
94	94		Hostname=${ZBX_HOSTNAME}
95	95		HostMetadata=${METADATA}
96		-
97		-	# Active-only: do not listen on TCP port for passive checks
98		-	ListenPort=0
99	96		EOF
100	97
101	98		echo "[*] Enabling and restarting zabbix-agent2..."

dizyaka 已修改 3 weeks ago. 還原成這個修訂版本

1 file changed, 2 insertions, 2 deletions

zabbix_agent.sh

			@@ -94,8 +94,8 @@ ServerActive=${SERVER}
94	94		Hostname=${ZBX_HOSTNAME}
95	95		HostMetadata=${METADATA}
96	96
97		-	# Hardening: active checks only (no passive listener)
98		-	StartAgents=0
	97	+	# Active-only: do not listen on TCP port for passive checks
	98	+	ListenPort=0
99	99		EOF
100	100
101	101		echo "[*] Enabling and restarting zabbix-agent2..."

dizyaka 已修改 3 weeks ago. 還原成這個修訂版本

沒有任何變更

dizyaka 已修改 3 weeks ago. 還原成這個修訂版本

1 file changed, 125 insertions

zabbix_agent.sh(檔案已創建)

		@@ -0,0 +1,125 @@
1	+	#!/bin/sh
2	+	# zbx-agent2-bootstrap.sh
3	+	# Installs and configures Zabbix Agent2 on Debian/Ubuntu with ACTIVE checks (no inbound port needed).
4	+	# Usage:
5	+	# sudo sh zbx-agent2-bootstrap.sh --server 192.168.1.10 [--branch 7.0] [--hostname myvm] [--metadata "linux,docker"] [--docker]
6	+	set -eu
7	+
8	+	SERVER=""
9	+	BRANCH="7.0"
10	+	HOSTNAME_OVERRIDE=""
11	+	METADATA="linux"
12	+	ENABLE_DOCKER=0
13	+
14	+	die() { echo "ERROR: $*" >&2; exit 1; }
15	+
16	+	while [ $# -gt 0 ]; do
17	+	case "$1" in
18	+	--server) SERVER="${2:-}"; shift 2 ;;
19	+	--branch) BRANCH="${2:-}"; shift 2 ;;
20	+	--hostname) HOSTNAME_OVERRIDE="${2:-}"; shift 2 ;;
21	+	--metadata) METADATA="${2:-}"; shift 2 ;;
22	+	--docker) ENABLE_DOCKER=1; shift 1 ;;
23	+	-h\|--help)
24	+	cat <<EOF
25	+	Usage: sudo sh $0 --server <zabbix_server_ip_or_dns> [options]
26	+	Options:
27	+	--branch <7.0\|6.0\|6.4> Zabbix repo branch (default: 7.0)
28	+	--hostname <name> Hostname shown in Zabbix (default: system hostname)
29	+	--metadata <string> HostMetadata for auto-registration (default: linux)
30	+	--docker Add user 'zabbix' to docker group (optional)
31	+	EOF
32	+	exit 0
33	+	;;
34	+	*) die "Unknown argument: $1" ;;
35	+	esac
36	+	done
37	+
38	+	[ -n "$SERVER" ] \|\| die "--server is required"
39	+
40	+	# Must be root
41	+	if [ "$(id -u)" != "0" ]; then
42	+	die "Run as root (use sudo)"
43	+	fi
44	+
45	+	# Detect OS
46	+	[ -r /etc/os-release ] \|\| die "/etc/os-release not found"
47	+	# shellcheck disable=SC1091
48	+	. /etc/os-release
49	+
50	+	CODENAME="${VERSION_CODENAME:-}"
51	+	[ -n "$CODENAME" ] \|\| die "VERSION_CODENAME is empty (unsupported OS?)"
52	+
53	+	case "${ID:-}" in
54	+	debian) REPO_BASE="https://repo.zabbix.com/zabbix/${BRANCH}/debian" ;;
55	+	ubuntu) REPO_BASE="https://repo.zabbix.com/zabbix/${BRANCH}/ubuntu" ;;
56	+	*)
57	+	echo "${ID_LIKE:-}" \| grep -qi debian \|\| die "Only Debian/Ubuntu are supported (ID=${ID:-unknown})"
58	+	REPO_BASE="https://repo.zabbix.com/zabbix/${BRANCH}/debian"
59	+	;;
60	+	esac
61	+
62	+	# Determine hostname for Zabbix
63	+	if [ -n "$HOSTNAME_OVERRIDE" ]; then
64	+	ZBX_HOSTNAME="$HOSTNAME_OVERRIDE"
65	+	else
66	+	ZBX_HOSTNAME="$(hostname -s 2>/dev/null \|\| hostname \|\| echo "unknown-host")"
67	+	fi
68	+
69	+	echo "[*] Installing prerequisites..."
70	+	export DEBIAN_FRONTEND=noninteractive
71	+	apt-get update -y
72	+	apt-get install -y --no-install-recommends ca-certificates curl gnupg
73	+
74	+	echo "[*] Adding Zabbix repo key..."
75	+	install -d -m 0755 /usr/share/keyrings
76	+	curl -fsSL "https://repo.zabbix.com/zabbix-official-repo.key" \| gpg --dearmor -o /usr/share/keyrings/zabbix.gpg
77	+
78	+	echo "[*] Adding Zabbix repo list..."
79	+	cat >/etc/apt/sources.list.d/zabbix.list <<EOF
80	+	deb [signed-by=/usr/share/keyrings/zabbix.gpg] ${REPO_BASE} ${CODENAME} main
81	+	EOF
82	+
83	+	apt-get update -y
84	+
85	+	echo "[*] Installing zabbix-agent2..."
86	+	apt-get install -y zabbix-agent2
87	+
88	+	echo "[*] Writing Agent2 config (active-only)..."
89	+	install -d -m 0755 /etc/zabbix/zabbix_agent2.d
90	+	cat >/etc/zabbix/zabbix_agent2.d/99-bootstrap.conf <<EOF
91	+	### Managed by zbx-agent2-bootstrap.sh
92	+	Server=${SERVER}
93	+	ServerActive=${SERVER}
94	+	Hostname=${ZBX_HOSTNAME}
95	+	HostMetadata=${METADATA}
96	+
97	+	# Hardening: active checks only (no passive listener)
98	+	StartAgents=0
99	+	EOF
100	+
101	+	echo "[*] Enabling and restarting zabbix-agent2..."
102	+	systemctl enable --now zabbix-agent2
103	+	systemctl restart zabbix-agent2
104	+
105	+	if [ "$ENABLE_DOCKER" -eq 1 ]; then
106	+	if getent group docker >/dev/null 2>&1; then
107	+	echo "[*] Adding user 'zabbix' to docker group..."
108	+	usermod -aG docker zabbix \|\| true
109	+	echo "[!] NOTE: docker.sock access is powerful. Prefer docker-socket-proxy if you want safer Docker monitoring."
110	+	else
111	+	echo "[!] docker group not found; skipping --docker"
112	+	fi
113	+	fi
114	+
115	+	echo "[*] Agent status (first lines):"
116	+	systemctl --no-pager --full status zabbix-agent2 \| sed -n '1,12p'
117	+
118	+	echo
119	+	echo "[OK] Installed and configured Zabbix Agent2 (active-only)."
120	+	echo " Hostname: ${ZBX_HOSTNAME}"
121	+	echo " ServerActive: ${SERVER}"
122	+	echo " HostMetadata: ${METADATA}"
123	+	echo
124	+	echo "Next step on Zabbix Server: create an Autoregistration Action that matches HostMetadata='${METADATA}'"
125	+	echo "and links the appropriate template (e.g., 'Linux by Zabbix agent active')."