configure default owner/group for zabbix agent configs

We hardcoded the default owner/group, this was bad. This is now configureable. Also we use a separate user on archlinux. This prohibits the agent from reading the configs from the proxy or server.
voxpupuli · May 21, 2017 · 8bdcadd · 8bdcadd
1 parent 9a630a8
commit 8bdcadd
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -253,7 +253,10 @@
   $tlspskfile            = $zabbix::params::agent_tlspskfile,
   $tlspskidentity        = $zabbix::params::agent_tlspskidentity,
   $tlsservercertissuer   = $zabbix::params::agent_tlsservercertissuer,
-  $tlsservercertsubject  = $zabbix::params::agent_tlsservercertsubject,) inherits zabbix::params {
+  $tlsservercertsubject                   = $zabbix::params::agent_tlsservercertsubject,
+  String $agent_config_owner              = $zabbix::params::agent_config_owner,
+  String $agent_config_group              = $zabbix::params::agent_config_group,
+) inherits zabbix::params {
   # Check some if they are boolean
 
   # Find if listenip is set. If not, we can set to specific ip or
@@ -343,8 +346,8 @@
   # Configuring the zabbix-agent configuration file
   file { $agent_configfile_path:
     ensure  => present,
-    owner   => 'zabbix',
-    group   => 'zabbix',
+    owner   => $agent_config_owner,
+    group   => $agent_config_group,
     mode    => '0644',
     notify  => Service['zabbix-agent'],
     require => Package[$zabbix_package_agent],
@@ -355,8 +358,8 @@
   # Include dir for specific zabbix-agent checks.
   file { $include_dir:
     ensure  => directory,
-    owner   => 'zabbix',
-    group   => 'zabbix',
+    owner   => $agent_config_owner,
+    group   => $agent_config_group,
     recurse => true,
     purge   => $include_dir_purge,
     notify  => Service['zabbix-agent'],

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -21,7 +21,9 @@
       $manage_repo           = true
       $zabbix_package_agent  = 'zabbix-agent'
       $agent_configfile_path = '/etc/zabbix/zabbix_agentd.conf'
+      $agent_config_owner    = 'zabbix'
       $agent_zabbix_user     = 'zabbix'
+      $agent_config_group    = 'zabbix'
       $agent_pidfile         = undef
     }
     'Archlinux': {
@@ -32,7 +34,9 @@
       $manage_repo           = false
       $zabbix_package_agent  = 'zabbix-agent'
       $agent_configfile_path = '/etc/zabbix/zabbix_agentd.conf'
+      $agent_config_owner    = 'zabbix-agent'
       $agent_zabbix_user     = 'zabbix-agent'
+      $agent_config_group    = 'zabbix-agent'
       $agent_pidfile         = undef
     }
     'Fedora': {
@@ -43,7 +47,9 @@
       $manage_repo           = false
       $zabbix_package_agent  = 'zabbix-agent'
       $agent_configfile_path = '/etc/zabbix_agentd.conf'
+      $agent_config_owner    = 'zabbix'
       $agent_zabbix_user     = 'zabbix'
+      $agent_config_group    = 'zabbix'
       $agent_pidfile         = '/var/run/zabbix/zabbix_agentd.pid'
     }
     default  : {
@@ -54,7 +60,9 @@
       $manage_repo           = true
       $zabbix_package_agent  = 'zabbix-agent'
       $agent_configfile_path = '/etc/zabbix/zabbix_agentd.conf'
+      $agent_config_owner    = 'zabbix'
       $agent_zabbix_user     = 'zabbix'
+      $agent_config_group    = 'zabbix'
       $agent_pidfile         = '/var/run/zabbix/zabbix_agentd.pid'
     }
   }