You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2021/05/20 21:56:54 UTC
[airavata] branch develop updated (21770f0 -> ee49f05)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git.
from 21770f0 AIRAVATA-3462 Remove entity when GRP deleted
new 8c2d736 Ansible: exclude openjdk updates
new 9fa604c Ansible: zabbix role and playbook
new ee49f05 Merge branch 'yum-cron-security' into develop
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../scigap/develop/group_vars/all/vars.yml | 3 +
.../scigap/production/group_vars/all/vars.yml | 3 +
.../roles/env_setup/tasks/files/yum-cron.conf | 3 +
dev-tools/ansible/roles/env_setup/tasks/main.yml | 14 +-
.../{common/vars => zabbix/defaults}/main.yml | 3 +-
.../roles/zabbix/files/check-needs-restarting.cron | 6 +
dev-tools/ansible/roles/zabbix/tasks/main.yml | 66 ++++
.../roles/zabbix/templates/zabbix_agentd.conf.j2 | 422 +++++++++++++++++++++
.../ansible/{airavata-iam-setup.yml => zabbix.yml} | 9 +-
9 files changed, 510 insertions(+), 19 deletions(-)
copy dev-tools/ansible/roles/{common/vars => zabbix/defaults}/main.yml (96%)
create mode 100644 dev-tools/ansible/roles/zabbix/files/check-needs-restarting.cron
create mode 100644 dev-tools/ansible/roles/zabbix/tasks/main.yml
create mode 100644 dev-tools/ansible/roles/zabbix/templates/zabbix_agentd.conf.j2
copy dev-tools/ansible/{airavata-iam-setup.yml => zabbix.yml} (90%)
[airavata] 01/03: Ansible: exclude openjdk updates
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 8c2d736bc4f06aaff3a4eb78964094747a40e488
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed May 19 14:59:05 2021 -0400
Ansible: exclude openjdk updates
---
dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf b/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf
index 1f9ed25..d9c2b6d 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf
+++ b/dev-tools/ansible/roles/env_setup/tasks/files/yum-cron.conf
@@ -79,3 +79,6 @@ mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True
+
+# openjdk 11.0.11 doesn't support certain ciphers that are used by gmail imap and PHP
+exclude = java-11-openjdk*
[airavata] 03/03: Merge branch 'yum-cron-security' into develop
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit ee49f05f49464b86d39b6c0deb427d1e8d535a07
Merge: 21770f0 9fa604c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu May 20 17:56:30 2021 -0400
Merge branch 'yum-cron-security' into develop
.../scigap/develop/group_vars/all/vars.yml | 3 +
.../scigap/production/group_vars/all/vars.yml | 3 +
.../roles/env_setup/tasks/files/yum-cron.conf | 3 +
dev-tools/ansible/roles/env_setup/tasks/main.yml | 14 +-
dev-tools/ansible/roles/zabbix/defaults/main.yml | 25 ++
.../roles/zabbix/files/check-needs-restarting.cron | 6 +
dev-tools/ansible/roles/zabbix/tasks/main.yml | 66 ++++
.../roles/zabbix/templates/zabbix_agentd.conf.j2 | 422 +++++++++++++++++++++
dev-tools/ansible/zabbix.yml | 27 ++
9 files changed, 556 insertions(+), 13 deletions(-)
[airavata] 02/03: Ansible: zabbix role and playbook
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 9fa604c9a9fd70970042104b335a3e0cb1e89f68
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu May 20 17:55:34 2021 -0400
Ansible: zabbix role and playbook
---
.../scigap/develop/group_vars/all/vars.yml | 3 +
.../scigap/production/group_vars/all/vars.yml | 3 +
dev-tools/ansible/roles/env_setup/tasks/main.yml | 14 +-
dev-tools/ansible/roles/zabbix/defaults/main.yml | 25 ++
.../roles/zabbix/files/check-needs-restarting.cron | 6 +
dev-tools/ansible/roles/zabbix/tasks/main.yml | 66 ++++
.../roles/zabbix/templates/zabbix_agentd.conf.j2 | 422 +++++++++++++++++++++
dev-tools/ansible/zabbix.yml | 27 ++
8 files changed, 553 insertions(+), 13 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
index 93f32ed..1ced701 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
@@ -226,3 +226,6 @@ rabbitmq_subnets: "{{ iu_subnets }}"
db_subnets: "{{ iu_subnets }}"
zabbix_subnets: "{{ iu_subnets }}"
monitoring_subnets: "{{ iu_subnets }}"
+
+# Zabbix
+zabbix_server: "rt-watch.uits.indiana.edu"
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index c684832..adb63ed 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -229,3 +229,6 @@ rabbitmq_subnets: "{{ iu_subnets }}"
db_subnets: "{{ iu_subnets }}"
zabbix_subnets: "{{ iu_subnets }}"
monitoring_subnets: "{{ iu_subnets }}"
+
+# Zabbix
+zabbix_server: "rt-watch.uits.indiana.edu"
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index a7ae890..4d36c76 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -71,19 +71,6 @@
become: yes
when: ansible_os_family == "Debian"
-- name: Allow subnets to access zabbix
- firewalld:
- zone: public
- permanent: yes
- state: enabled
- immediate: yes
- rich_rule: rule family=ipv4 source address="{{ item }}" port port=10050 protocol=tcp accept
- with_items:
- - "{{ monitoring_subnets }}"
- become: yes
- become_user: root
- when: ansible_os_family == "RedHat"
-
# Automatic security updates installation
- name: Install yum-cron, yum-utils (RedHat)
@@ -98,6 +85,7 @@
copy:
src: yum-cron.conf
dest: /etc/yum/yum-cron.conf
+ backup: yes
become: yes
when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/zabbix/defaults/main.yml b/dev-tools/ansible/roles/zabbix/defaults/main.yml
new file mode 100644
index 0000000..f34f495
--- /dev/null
+++ b/dev-tools/ansible/roles/zabbix/defaults/main.yml
@@ -0,0 +1,25 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+zabbix_server: localhost
+
+...
diff --git a/dev-tools/ansible/roles/zabbix/files/check-needs-restarting.cron b/dev-tools/ansible/roles/zabbix/files/check-needs-restarting.cron
new file mode 100644
index 0000000..90b5cb1
--- /dev/null
+++ b/dev-tools/ansible/roles/zabbix/files/check-needs-restarting.cron
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+/usr/bin/needs-restarting -r > /dev/null
+echo $? > /etc/zabbix/needs-restarting
+
+exit 0
diff --git a/dev-tools/ansible/roles/zabbix/tasks/main.yml b/dev-tools/ansible/roles/zabbix/tasks/main.yml
new file mode 100644
index 0000000..cbb670e
--- /dev/null
+++ b/dev-tools/ansible/roles/zabbix/tasks/main.yml
@@ -0,0 +1,66 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Zabbix yum repository
+ yum: name=https://repo.zabbix.com/zabbix/4.2/rhel/7/x86_64/zabbix-release-4.2-1.el7.noarch.rpm state=present
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Install Zabbix Agent
+ yum: name=zabbix-agent state=present
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Copy Zabbix configuration
+ template: src=zabbix_agentd.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf backup=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Start Zabbix Agent
+ service: name=zabbix-agent state=started enabled=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Allow subnets to access zabbix
+ firewalld:
+ zone: public
+ permanent: yes
+ state: enabled
+ immediate: yes
+ rich_rule: rule family=ipv4 source address="{{ item }}" port port=10050 protocol=tcp accept
+ with_items:
+ - "{{ zabbix_subnets }}"
+ become: yes
+ become_user: root
+ when: ansible_os_family == "RedHat"
+
+# This is used to define an item and trigger to check if a host needs to be
+# restarted in order to apply security updates
+- name: Install check-needs-restarting.cron script
+ copy:
+ src: check-needs-restarting.cron
+ dest: /etc/cron.daily/check-needs-restarting.cron
+ mode: 0755
+ become: yes
+ become_user: root
+
+...
diff --git a/dev-tools/ansible/roles/zabbix/templates/zabbix_agentd.conf.j2 b/dev-tools/ansible/roles/zabbix/templates/zabbix_agentd.conf.j2
new file mode 100644
index 0000000..f128bc3
--- /dev/null
+++ b/dev-tools/ansible/roles/zabbix/templates/zabbix_agentd.conf.j2
@@ -0,0 +1,422 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+# Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+# Specifies where log messages are written to:
+# system - syslog
+# file - file specified with LogFile parameter
+# console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+# Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+# Maximum size of log file in MB.
+# 0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+# Specifies debug level:
+# 0 - basic information about starting and stopping of Zabbix processes
+# 1 - critical information
+# 2 - error information
+# 3 - warnings
+# 4 - for debugging (produces lots of information)
+# 5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+# Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: EnableRemoteCommands
+# Whether remote commands from Zabbix server are allowed.
+# 0 - not allowed
+# 1 - allowed
+#
+# Mandatory: no
+# Default:
+EnableRemoteCommands=1
+
+### Option: LogRemoteCommands
+# Enable logging of executed shell commands as warnings.
+# 0 - disabled
+# 1 - enabled
+#
+# Mandatory: no
+# Default:
+LogRemoteCommands=1
+
+##### Passive checks related
+
+### Option: Server
+# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+# Incoming connections will be accepted only from the hosts listed here.
+# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+# and '::/0' will allow any IPv4 or IPv6 address.
+# '0.0.0.0/0' can be used to allow any IPv4 address.
+# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+#Server=127.0.0.1
+Server={{ zabbix_server }}
+
+### Option: ListenPort
+# Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+ListenPort=10050
+
+### Option: ListenIP
+# List of comma delimited IP addresses that the agent should listen on.
+# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+# Number of pre-forked instances of zabbix_agentd that process passive checks.
+# If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks.
+# If port is not specified, default port is used.
+# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+# If port is not specified, square brackets for IPv6 addresses are optional.
+# If this parameter is not specified, active checks are disabled.
+# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=127.0.0.1
+
+### Option: Hostname
+# Unique, case sensitive hostname.
+# Required for active checks and must match hostname as configured on the server.
+# Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname=Zabbix server
+
+### Option: HostnameItem
+# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+# Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+# Optional parameter that defines host metadata.
+# Host metadata is used at host auto-registration process.
+# An agent will issue an error and not start if the value is over limit of 255 characters.
+# If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+# Optional parameter that defines an item used for getting host metadata.
+# Host metadata is used at host auto-registration process.
+# During an auto-registration request an agent will log a warning message if
+# the value returned by specified item is over limit of 255 characters.
+# This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: RefreshActiveChecks
+# How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+# Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+# Maximum number of values in a memory buffer. The agent will send
+# all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+# Maximum number of new lines the agent will send per second to Zabbix Server
+# or Proxy processing 'log' and 'logrt' active checks.
+# The provided value will be overridden by the parameter 'maxlines',
+# provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+# Different Alias keys may reference the same item key.
+# For example, to retrieve the ID of user 'zabbix':
+# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+# Now shorthand key zabbix.userid may be used to retrieve data.
+# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+# Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+# will try to switch to the user specified by the User configuration option instead.
+# Has no effect if started under a regular user.
+# 0 - do not allow
+# 1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+# Drop privileges to a specific, existing user on the system.
+# Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+# You may include individual files or all files in a directory in the configuration file.
+# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+Include=/etc/zabbix/zabbix_agentd.d/*.conf
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+# Allow all characters to be passed in arguments to user-defined parameters.
+# The following characters are not allowed:
+# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+# Additionally, newline characters are not allowed.
+# 0 - do not allow
+# 1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+# User-defined parameter to monitor. There can be several user-defined parameters.
+# Format: UserParameter=<key>,<shell command>
+# See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+# Full path to location of agent modules.
+# Default depends on compilation options.
+# To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+# Module to load at agent startup. Modules are used to extend functionality of the agent.
+# Formats:
+# LoadModule=<module.so>
+# LoadModule=<path/module.so>
+# LoadModule=</abs_path/module.so>
+# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+# It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+# How the agent should connect to server or proxy. Used for active checks.
+# Only one value can be specified:
+# unencrypted - connect without encryption
+# psk - connect using TLS and a pre-shared key
+# cert - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+# What incoming connections to accept.
+# Multiple values can be specified, separated by comma:
+# unencrypted - accept connections without encryption
+# psk - accept connections secured with TLS and a pre-shared key
+# cert - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+# Full pathname of a file containing the top-level CA(s) certificates for
+# peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+# Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+# Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+# Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+# Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+# Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+# Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+# Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
diff --git a/dev-tools/ansible/zabbix.yml b/dev-tools/ansible/zabbix.yml
new file mode 100644
index 0000000..08ebe17
--- /dev/null
+++ b/dev-tools/ansible/zabbix.yml
@@ -0,0 +1,27 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+- hosts: all
+ name: install/setup zabbix on all servers
+ roles:
+ - role: zabbix
+
+...