ansible-collections / community.zabbix

Zabbix Ansible modules
http://galaxy.ansible.com/community/zabbix
Other
322 stars 284 forks source link

API hostname wrong, http instead of https #1097

Closed jonathon2nd closed 10 months ago

jonathon2nd commented 1 year ago
SUMMARY

Unable to complete API tasks. URL is not correct after many attempts at modifying vars.

Used this collection in the past without issue. Have not used it in a bit and needed it again. Attempting to update there vars: https://github.com/ansible-collections/community.zabbix/tree/main/roles/zabbix_agent#zabbix-api-variables does not seem to help.

I am able to curl the endpoint and ensure that it is working

curl --request POST  --url 'https://monitoring.example.com/zabbix/api_jsonrpc.php' --header 'Content-Type: application/json-rpc' --data '{"jsonrpc":"2.0","method":"apiinfo.version","params":{},"id":1}'

{"jsonrpc":"2.0","result":"6.0.20","id":1}
ISSUE TYPE
COMPONENT NAME

community.zabbix.zabbix_agent : API | Create host groups

ANSIBLE VERSION
ansible [core 2.15.4]
  config file = /home/jonathon/git/infra-ansible-playbooks/ansible.cfg
  configured module search path = ['/home/jonathon/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/jonathon/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
CONFIGURATION
N/A
OS / ENVIRONMENT / Zabbix Version

Target: Rocky Linux 9.

STEPS TO REPRODUCE
- hosts: all
  become: true
  collections:
    - community.zabbix
  pre_tasks:
    - name: Install netaddr python package
      pip:
        name: netaddr
      delegate_to: localhost
  tasks:
    - name: Import zabbix-agent role
      import_role:
        name: zabbix_agent

Portion of group vars:

# Original
zabbix_agent_server: 10.0.0.10
zabbix_agent_serveractive: 10.0.0.10
zabbix_url: https://monitoring.example.com
zabbix_api_server_url: https://monitoring.example.com
zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0
zabbix_api_user: deploymentmonitoring
zabbix_api_pass: "{{ deploymentmonitoring_password }}"
zabbix_api_create_hosts: True
zabbix_api_create_hostgroup: True

# Things I have added while attempting to debug
zabbix_api_server_host: monitoring.example.com
zabbix_api_use_ssl: true
zabbix_api_server_port: 443
zabbix_api_login_user: deploymentmonitoring
zabbix_api_login_pass: "{{ deploymentmonitoring_password }}"
zabbix_api_http_user: deploymentmonitoring
zabbix_api_http_password: "{{ deploymentmonitoring_password }}"
EXPECTED RESULTS

I expect hosts to be added to zabbix as it has in the past.

ACTUAL RESULTS

<monitoring.example.com> AnsibleConnectionFailure: Could not connect to http://monitoring.example.com:80/zabbix/api_jsonrpc.php: [Errno -2] Name or service not known API-log.txt

jonathon2nd commented 1 year ago

https://github.com/ansible-collections/community.zabbix/issues/1073#issuecomment-1708795353

Doing what this comment says gets it to work, not really sure why.

Also the following are needed on the task as well. These are with the group vars listed before.

    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: true

EDIT: Not able to use ansible vault value, so far less desirable. Does not work

...
  collections:
    - community.zabbix
  pre_tasks:
    - include_vars: "vault/users_creds.yml"
    - include_vars: "vault/zabbix_creds.yml"
    - debug:
        msg: "Ansible version is {{ ansible_version.full }}"
  vars:
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: true
    ansible_zabbix_auth_key: "{{ deploymentmonitoring_token }}"
  tasks:
    - name: Import zabbix-agent role
      import_role:
        name: zabbix_agent

FAILED! => {"msg": "'deploymentmonitoring_token' is undefined. 'deploymentmonitoring_token' is undefined"}, spelling is correct, and included in the vault zabbix_creds.yml

BGmot commented 11 months ago

@jonathon2nd do you still have questions/problems with this collection? From what I see you just don't provide deploymentmonitoring_token variable and it's purely Ansible stuff, not related to this collection. Probably because vars: section gets executed before pre_tasks:, try moving ansible_zabbix_auth_key to import_role task level maybe?

pyrodie18 commented 11 months ago

Any feedback @jonathon2nd

jonathon2nd commented 11 months ago

Things have been weird.

Just now looking at this again for a new host. And I am just dealing with weird issues. I have ensured that it ansible collections is updated.

EDIT: Just confirmed same results with AWX.

zabbix_url: https://monitoring.example.com
zabbix_api_server_url: https://monitoring.example.com
zabbix_api_server_host: monitoring.example.com
zabbix_api_use_ssl: true
zabbix_api_login_user: deploymentmonitoring
zabbix_api_login_pass: "{{ deploymentmonitoring_password }}"
zabbix_api_create_hosts: True
zabbix_api_create_hostgroup: True
TASK [community.zabbix.zabbix_agent : API | Create host groups] ********************************************************************************************************************************************************************************************
fatal: [forum-prod.example.com -> monitoring.example.com]: FAILED! => {"msg": "'zabbix_api_server_port' is undefined. 'zabbix_api_server_port' is undefined"}

Adding zabbix_api_server_port results in the same error. :thinking:

Added debug:

TASK [debug] ***********************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com] => {
    "msg": "zabbix_api_server_port is 443"
}
...

TASK [community.zabbix.zabbix_agent : API | Create host groups] ********************************************************************************************************************************************************************************************
fatal: [forum-prod.example.com -> monitoring.example.com]: FAILED! => {"msg": "'zabbix_api_server_port' is undefined. 'zabbix_api_server_port' is undefined"}

This was all with 2.2.0

jonathon2nd commented 11 months ago

YAY! Back to the original problem that caused me to open this issue. So there is something wrong with 2.2.0. The below is me trying with 2.1.0

TASK [debug] ***********************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com] => {
    "msg": "zabbix_api_server_port is 443"
}

TASK [Get version of community.zabbix collection] **********************************************************************************************************************************************************************************************************
changed: [forum-prod.example.com -> localhost]

TASK [Debug community.zabbix collection version] ***********************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com] => {
    "msg": "zabbix_collection_version: ['', '# /home/jonathon/.ansible/collections/ansible_collections', 'Collection       Version', '---------------- -------', 'community.zabbix 2.1.0  ', '', '# /usr/lib/python3/dist-packages/ansible_collections', 'Collection       Version', '---------------- -------', 'community.zabbix 2.1.0  ']"
}
...
FAILED - RETRYING: [forum-prod.example.com -> monitoring.example.com]: API | Create host groups (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Could not connect to http://monitoring.example.com:80/zabbix/api_jsonrpc.php: [Errno -2] Name or service not known
jonathon2nd commented 11 months ago

Adding these back, and anything else I am trying leads to the same result.

FAILED - RETRYING: [forum-prod.example.com -> monitoring.example.com]: API | Create host groups (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: </html>
fatal: [forum-prod.example.com -> monitoring.example.com]: FAILED! => {"attempts": 3, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/jonathon/.ansible/tmp/ansible-local-17982722zt_o_r9/ansible-tmp-1700511089.2411222-1799000-271436357899967/AnsiballZ_zabbix_group.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/jonathon/.ansible/tmp/ansible-local-17982722zt_o_r9/ansible-tmp-1700511089.2411222-1799000-271436357899967/AnsiballZ_zabbix_group.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/jonathon/.ansible/tmp/ansible-local-17982722zt_o_r9/ansible-tmp-1700511089.2411222-1799000-271436357899967/AnsiballZ_zabbix_group.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.community.zabbix.plugins.modules.zabbix_group', init_globals=dict(_module_fqn='ansible_collections.community.zabbix.plugins.modules.zabbix_group', _modlib_path=modlib_path),\n  File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_f_lyihve/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_group.py\", line 181, in <module>\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_f_lyihve/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_group.py\", line 153, in main\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_f_lyihve/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/base.py\", line 20, in __init__\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_f_lyihve/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/api_request.py\", line 53, in api_version\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_f_lyihve/ansible_community.zabbix.zabbix_group_payload.zip/ansible/module_utils/connection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: Invalid JSON response: <html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>cloudflare</center>\r\n</body>\r\n</html>\r\n\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
jonathon2nd commented 11 months ago

So really this is the problem, that it is trying to connect to http instead of https, even though I have the setting. The doc seems funny, zabbix_api_use_ssl is listed twice.

group values:

zabbix_api_server_host: monitoring.example.com
zabbix_api_use_ssl: true
zabbix_api_server_port: 443
zabbix_api_login_user: deploymentmonitoring
zabbix_api_login_pass: "{{ deploymentmonitoring_password }}"
zabbix_api_create_hosts: True
zabbix_api_create_hostgroup: True
jonathon@jonathon-framework:~/git/infra-ansible-playbooks$ ansible-playbook playbook_zabbix_agent.yml  --inventory=hosts --vault-password-file secrets/vault_pass --extra-vars '@vault/users_creds.yml' --limit "forum-prod.example.com"

PLAY [all] *************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [Install netaddr python package] **********************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com -> localhost]

PLAY [zabbix_agent] ***********************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [include_vars] ****************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [include_vars] ****************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [debug] ***********************************************************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com] => {
    "msg": "Ansible version is 2.15.5"
}

TASK [Get version of community.zabbix collection] **********************************************************************************************************************************************************************************************************
changed: [forum-prod.example.com -> localhost]

TASK [Debug community.zabbix collection version] ***********************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com] => {
    "msg": "zabbix_collection_version: ['', '# /home/jonathon/.ansible/collections/ansible_collections', 'Collection       Version', '---------------- -------', 'community.zabbix 2.1.0  ']"
}

TASK [community.zabbix.zabbix_agent : Include OS-specific variables] ***************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Determine Latest Supported Zabbix Version] ***************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Set More Variables] **************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Stopping Install of Invalid Version] *********************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Set variables specific for Zabbix Agent 2] ***************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Install the correct repository] **************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml for forum-prod.example.com

TASK [community.zabbix.zabbix_agent : RedHat | Install basic repo file] ************************************************************************************************************************************************************************************
changed: [forum-prod.example.com] => (item={'name': 'zabbix', 'description': 'Zabbix Official Repository - $basearch', 'baseurl': 'https://repo.zabbix.com/zabbix/6.4/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})
changed: [forum-prod.example.com] => (item={'name': 'zabbix-non-supported', 'description': 'Zabbix Official Repository non-supported - $basearch', 'baseurl': 'https://repo.zabbix.com/non-supported/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})
changed: [forum-prod.example.com] => (item={'name': 'zabbix-agent2-plugins', 'description': 'Zabbix Official Repository (Agent2 Plugins) - $basearch', 'baseurl': 'https://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})

TASK [community.zabbix.zabbix_agent : Check if warn parameter can be used for shell module] ****************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Installing zabbix-agent] ************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Installing zabbix-{sender,get}] *****************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Enable the service] *****************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Encrypt with TLS PSK auto management] ********************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Encrypt with TLS PSK auto management] ********************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Configure Agent] *****************************************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Configure Agent] *****************************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml for forum-prod.example.com

TASK [community.zabbix.zabbix_agent : Set default ip address for zabbix_agent_ip] **************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Get Total Private IP Addresses] **************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Set first public ip address for zabbix_agent_ip] *********************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Set first private ip address for zabbix_agent_ip] ********************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Fail invalid specified agent_listeninterface] ************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Set network interface] ***********************************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Get IP of agent_listeninterface when no agent_listenip specified] ****************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Default agent_listenip to all when not specified] ********************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Fail invalid specified agent_listenip] *******************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Configure SELinux when enabled] **************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml for forum-prod.example.com

TASK [community.zabbix.zabbix_agent : SELinux | Debian | Install policycoreutils-python] *******************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install policycoreutils-python] *******************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install python3-policycoreutils on RHEL8] *********************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install selinux-policy-targeted] ******************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Get getenforce binary] *************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Collect getenforce output] *********************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive] **********************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Allow zabbix_agent to start (SELinux)] *********************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Allow zabbix to run sudo commands (SELinux)] ***************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Adding zabbix group] *************************************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Adding zabbix user] **************************************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Configure zabbix-agent] **********************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Create directory for PSK file if not exist.] *************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Create directory for PSK file if not exist (zabbix-agent2)] **********************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Place TLS PSK File] **************************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Place TLS PSK File (zabbix-agent2)] **********************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Create include dir zabbix-agent] *************************************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Install the Docker container] ****************************************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Remove zabbix-agent installation when zabbix-agent2 is used.] ********************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Make sure the zabbix-agent service is running] ***********************************************************************************************************************************************************************
ok: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Give zabbix-agent access to system.hw.chassis info] ******************************************************************************************************************************************************************
skipping: [forum-prod.example.com]

TASK [community.zabbix.zabbix_agent : Run the API calls to Zabbix Server] **********************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml for forum-prod.example.com

TASK [community.zabbix.zabbix_agent : API | Create host groups] ********************************************************************************************************************************************************************************************
FAILED - RETRYING: [forum-prod.example.com -> monitoring.example.com]: API | Create host groups (3 retries left).
FAILED - RETRYING: [forum-prod.example.com -> monitoring.example.com]: API | Create host groups (2 retries left).
FAILED - RETRYING: [forum-prod.example.com -> monitoring.example.com]: API | Create host groups (1 retries left).
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Could not connect to http://monitoring.example.com:80/zabbix/api_jsonrpc.php: [Errno -2] Name or service not known
fatal: [forum-prod.example.com -> monitoring.example.com]: FAILED! => {"attempts": 3, "changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/jonathon/.ansible/tmp/ansible-local-1814656okdma2qt/ansible-tmp-1700516386.3931684-1815285-58971079087194/AnsiballZ_zabbix_group.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/jonathon/.ansible/tmp/ansible-local-1814656okdma2qt/ansible-tmp-1700516386.3931684-1815285-58971079087194/AnsiballZ_zabbix_group.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/jonathon/.ansible/tmp/ansible-local-1814656okdma2qt/ansible-tmp-1700516386.3931684-1815285-58971079087194/AnsiballZ_zabbix_group.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.community.zabbix.plugins.modules.zabbix_group', init_globals=dict(_module_fqn='ansible_collections.community.zabbix.plugins.modules.zabbix_group', _modlib_path=modlib_path),\n  File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n    _run_code(code, mod_globals, init_globals,\n  File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_py7611oi/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_group.py\", line 181, in <module>\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_py7611oi/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/modules/zabbix_group.py\", line 153, in main\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_py7611oi/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/base.py\", line 20, in __init__\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_py7611oi/ansible_community.zabbix.zabbix_group_payload.zip/ansible_collections/community/zabbix/plugins/module_utils/api_request.py\", line 53, in api_version\n  File \"/tmp/ansible_community.zabbix.zabbix_group_payload_py7611oi/ansible_community.zabbix.zabbix_group_payload.zip/ansible/module_utils/connection.py\", line 200, in __rpc__\nansible.module_utils.connection.ConnectionError: Could not connect to http://monitoring.example.com:80/zabbix/api_jsonrpc.php: [Errno -2] Name or service not known\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************
forum-prod.example.com  : ok=35   changed=2    unreachable=0    failed=1    skipped=25   rescued=0    ignored=0   
jonathon2nd commented 11 months ago

I have a new setup for working on local.

All the vars are also present in group_vars, just some of them are not being used right. Some are, obviously otherwise it would not work, but for some reason it only works if these are defined here, and no where else.

deploymentmonitoring_password has to be hardcoded, but here I have a placeholder.

https://github.com/ansible-collections/community.zabbix/issues/1097#issuecomment-1819510724 zabbix_api_server_port must be here. The debug will print it off, but the play will not use it if it is only in group vars. Other group vars are picked up and used.

- hosts: zabbix_agent
  collections:
    - community.zabbix
  pre_tasks:
    - include_vars: "vault/users_creds.yml"
    - include_vars: "vault/zabbix_creds.yml"
    - debug:
        msg: "Ansible version is {{ ansible_version.full }}" 
        msg: "zabbix_api_server_port is {{ zabbix_api_server_port }}"

    - name: Get version of community.zabbix collection
      ansible.builtin.shell: "ansible-galaxy collection list community.zabbix"
      register: zabbix_collection_version
      delegate_to: localhost

    - name: Debug community.zabbix collection version
      debug:
        msg: "zabbix_collection_version: {{ zabbix_collection_version.stdout_lines }}"
  vars:
    zabbix_api_server_port: 443
    zabbix_api_use_ssl: True
    ansible_zabbix_auth_key: "{{ deploymentmonitoring_password }}"
  tasks:
    - name: Import zabbix-agent role
      import_role:
        name: zabbix_agent
loricvdt commented 11 months ago

Unsure if this is fully related, but I flagged the zabbix_api_server_port issue in this PR comments: https://github.com/ansible-collections/community.zabbix/pull/1064#issuecomment-1706531036

Hi, there seems to be an issue with the zabbix_api_server_port when it is undefined when calling the API: (I have added a few debug steps to see what is happening)


TASK [community.zabbix.zabbix_proxy : Configure zabbix-proxy] ******************
ok: [zabbix-proxy]

TASK [community.zabbix.zabbix_proxy : Debug] *** ok: [zabbix-proxy -> 172.18.0.3] => { "zabbix_api_server_port": "80" }

TASK [community.zabbix.zabbix_proxy : Debug] *** ok: [zabbix-proxy] => { "ansible_httpapi_port": "80" }

TASK [community.zabbix.zabbix_proxy : Debug] *** ok: [zabbix-proxy -> 172.18.0.3] => { "ansible_httpapi_port": "80" }

TASK [community.zabbix.zabbix_proxy : Ensure proxy definition is up-to-date (added/updated/removed)] *** fatal: [zabbix-proxy -> 172.18.0.3]: FAILED! => {"msg": "'zabbix_api_server_port' is undefined. 'zabbix_api_server_port' is undefined"}

juresaht2 commented 11 months ago

group values:

Keep in mind that because you are using delegate_to, the group settings have to also apply to the zabbix server host. If your group settings are only bound to the host where the agent is, as used to work in the old version before httapi, then they are not applied to the step.

You can work around this issue and make it less confusing, by defining vars: in your task step.

BGmot commented 11 months ago

I am lost. What is the problem? You are all over the place with variables. Please provide minimalistic code snippet that fails while you expect it to work. Otherwise I'll just close this issue.

jonathon2nd commented 11 months ago

@juresaht2 That is exactly what is happening!

However, I still need to set ansible_zabbix_auth_key in the vars, otherwise I get this error. If I set ansible_zabbix_auth_key as well in vars, it works.

jonathon@jonathon-framework:~/git/infra-ansible-playbooks$ ansible-playbook playbook_zabbix_agent.yml  --inventory=hosts --vault-password-file secrets/vault_pass --extra-vars '@vault/users_creds.yml' --limit "test.example.com"
PLAY [all] **********************************************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [include_vars] *******************************************************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [include_vars] *******************************************************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [debug] **************************************************************************************************************************************************************************************************************************************************************
ok: [test.example.com] => {
    "msg": "zabbix_api_server_port is 443"
}

TASK [Get version of community.zabbix collection] *************************************************************************************************************************************************************************************************************************
changed: [test.example.com -> localhost]

TASK [Debug community.zabbix collection version] **************************************************************************************************************************************************************************************************************************
ok: [test.example.com] => {
    "msg": "zabbix_collection_version: ['', '# /home/jonathon/.ansible/collections/ansible_collections', 'Collection       Version', '---------------- -------', 'community.zabbix 2.1.0  ', '', '# /usr/lib/python3/dist-packages/ansible_collections', 'Collection       Version', '---------------- -------', 'community.zabbix 2.1.0  ']"
}

TASK [community.zabbix.zabbix_agent : Include OS-specific variables] ******************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Determine Latest Supported Zabbix Version] ******************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Set More Variables] *****************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Stopping Install of Invalid Version] ************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Set variables specific for Zabbix Agent 2] ******************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Install the correct repository] *****************************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml for test.example.com

TASK [community.zabbix.zabbix_agent : RedHat | Install basic repo file] ***************************************************************************************************************************************************************************************************
ok: [test.example.com] => (item={'name': 'zabbix', 'description': 'Zabbix Official Repository - $basearch', 'baseurl': 'https://repo.zabbix.com/zabbix/6.4/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})
ok: [test.example.com] => (item={'name': 'zabbix-non-supported', 'description': 'Zabbix Official Repository non-supported - $basearch', 'baseurl': 'https://repo.zabbix.com/non-supported/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})
ok: [test.example.com] => (item={'name': 'zabbix-agent2-plugins', 'description': 'Zabbix Official Repository (Agent2 Plugins) - $basearch', 'baseurl': 'https://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/9/$basearch/', 'mode': '0644', 'gpgcheck': 0, 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX', 'state': 'present'})

TASK [community.zabbix.zabbix_agent : Check if warn parameter can be used for shell module] *******************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Installing zabbix-agent] ***************************************************************************************************************************************************************************************************
changed: [test.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Installing zabbix-{sender,get}] ********************************************************************************************************************************************************************************************
changed: [test.example.com]

TASK [community.zabbix.zabbix_agent : RedHat | Enable the service] ********************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Encrypt with TLS PSK auto management] ***********************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Encrypt with TLS PSK auto management] ***********************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Configure Agent] ********************************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Configure Agent] ********************************************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml for test.example.com

TASK [community.zabbix.zabbix_agent : Set default ip address for zabbix_agent_ip] *****************************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Get Total Private IP Addresses] *****************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Set first public ip address for zabbix_agent_ip] ************************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Set first private ip address for zabbix_agent_ip] ***********************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Fail invalid specified agent_listeninterface] ***************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Set network interface] **************************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Get IP of agent_listeninterface when no agent_listenip specified] *******************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Default agent_listenip to all when not specified] ***********************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Fail invalid specified agent_listenip] **********************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Configure SELinux when enabled] *****************************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml for test.example.com

TASK [community.zabbix.zabbix_agent : SELinux | Debian | Install policycoreutils-python] **********************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install policycoreutils-python] **********************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install python3-policycoreutils on RHEL8] ************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | RedHat | Install selinux-policy-targeted] *********************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Get getenforce binary] ****************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Collect getenforce output] ************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive] *************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Allow zabbix_agent to start (SELinux)] ************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : SELinux | Allow zabbix to run sudo commands (SELinux)] ******************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Adding zabbix group] ****************************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Adding zabbix user] *****************************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Configure zabbix-agent] *************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Create directory for PSK file if not exist.] ****************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Create directory for PSK file if not exist (zabbix-agent2)] *************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Place TLS PSK File] *****************************************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Place TLS PSK File (zabbix-agent2)] *************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Create include dir zabbix-agent] ****************************************************************************************************************************************************************************************************
changed: [test.example.com]

TASK [community.zabbix.zabbix_agent : Install the Docker container] *******************************************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Remove zabbix-agent installation when zabbix-agent2 is used.] ***********************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Make sure the zabbix-agent service is running] **************************************************************************************************************************************************************************************
ok: [test.example.com]

TASK [community.zabbix.zabbix_agent : Give zabbix-agent access to system.hw.chassis info] *********************************************************************************************************************************************************************************
skipping: [test.example.com]

TASK [community.zabbix.zabbix_agent : Run the API calls to Zabbix Server] *************************************************************************************************************************************************************************************************
included: /home/jonathon/.ansible/collections/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml for test.example.com

TASK [community.zabbix.zabbix_agent : API | Create host groups] ***********************************************************************************************************************************************************************************************************
FAILED - RETRYING: [test.example.com -> monitoring.example.com]: API | Create host groups (3 retries left).
FAILED - RETRYING: [test.example.com -> monitoring.example.com]: API | Create host groups (2 retries left).
FAILED - RETRYING: [test.example.com -> monitoring.example.com]: API | Create host groups (1 retries left).
fatal: [test.example.com -> monitoring.example.com]: FAILED! => {"attempts": 3, "changed": false, "msg": "connection error occurred: REST API returned {'code': -32602, 'message': 'Invalid params.', 'data': 'Session terminated, re-login, please.'} when sending {\"jsonrpc\": \"2.0\", \"method\": \"hostgroup.get\", \"id\": \"e0d70ed6-5c05-46da-a2e7-f3a59dfc9fa9\", \"params\": {\"output\": \"extend\", \"filter\": {\"name\": [\"Linux servers\", \"Virtual machines\"]}}, \"auth\": \"fake\"}"}

PLAY RECAP ****************************************************************************************************************************************************************************************************************************************************************
test.example.com : ok=35   changed=4    unreachable=0    failed=1    skipped=25   rescued=0    ignored=0   
juresaht2 commented 10 months ago

@jonathon2nd I solved in my case in this way:

- name: "Add host to zabbix server"
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_zabbix_url_path: ''
    ansible_zabbix_auth_key: "{{ zabbix_agent_server_auth_key }}"
  community.zabbix.zabbix_host:
    host_name: "{{ inventory_hostname }}"
    ...
  delegate_to: "{{ zabbix_agent_server_fqdn }}"
  tags: always

Then I define zabbix_agent_server_auth_key and zabbix_agent_server_fqdn in my group_vars and add both hosts (the agent server and the zabbix server) to the same group.

LP, Jure

BGmot commented 10 months ago

Ok, it's just a matter of correctly defining variables. Closing this issue.

jonathon2nd commented 10 months ago

ansible_zabbix_auth_key is not mentioned anywhere in https://github.com/ansible-collections/community.zabbix/blob/main/docs/ZABBIX_AGENT_ROLE.md, nor are any of the other vars that @juresaht2 used that are ansible_*

juresaht2 commented 10 months ago

@jonathon2nd https://docs.ansible.com/ansible/latest/collections/community/zabbix/zabbix_host_module.html

jonathon2nd commented 10 months ago

Maybe some reference to that in role vars, or anywhere on that page would be helpful for the next person.

Unless I can't read and it is already on the page lol.