Try SpotterCreate/delete/update Zabbix user groups
Authors: Tobias Birkefeld (@tcraxs)
Install with ansible-galaxy collection install community.zabbix:==2.3.1
collections:
- name: community.zabbix
version: 2.3.1Create user groups if they do not exist.
Delete existing user groups if they exist and are empty.
Update existing user groups.
# If you want to use Username and Password to be authenticated by Zabbix Server
- name: Set credentials to access Zabbix Server API
ansible.builtin.set_fact:
ansible_user: Admin
ansible_httpapi_pass: zabbix
# If you want to use API token to be authenticated by Zabbix Server
# https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens
- name: Set API token
ansible.builtin.set_fact:
ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895
# Base create user group example
- name: Create user group
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
userdirectory: LDAP infra 1
state: present
# Base create user group with selected user directory for LDAP authentication
- name: Create user group
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
userdirectory: LDAP infra 1
state: present
# Base create user group with disabled gui access
- name: Create user group with disabled gui access
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
gui_access: disable
# Base create user group with permissions for Zabbix <= 6.0
- name: Create user group with permissions
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
rights:
- host_group: Webserver
permission: read-write
- host_group: Databaseserver
permission: read-only
state: present
# Base create user group with permissions for Zabbix => 6.2
- name: Create user group with permissions
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
hostgroup_rights:
- host_group: Webserver
permission: read-write
- host_group: Databaseserver
permission: read-only
templategroup_rights:
- template_group: Linux Templates
permission: read-write
- template_group: Templates
permission: read-only
state: present
# Base create user group with tag permissions
- name: Create user group with tag permissions
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
tag_filters:
- host_group: Webserver
tag: Application
value: Java
- host_group: Discovered hosts
tag: Service
value: JIRA
state: present
# Base delete user groups example
- name: Delete user groups
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_usergroup:
name: ACME
state: absent
name:
aliases:
- user_group
description:
- Name of the user group to create, update or delete.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the user group.
- On C(present), it will create if user group does not exist or update the user group
if the associated data is different.
- On C(absent) will remove a user group if it exists.
required: false
type: str
rights:
description:
- Permissions to assign to the group
- For <= Zabbix 6.0
elements: dict
required: false
suboptions:
host_group:
description:
- Name of the host group to add permission to.
required: true
type: str
permission:
choices:
- denied
- read-only
- read-write
description:
- Access level to the host group.
required: true
type: str
type: list
status:
choices:
- enabled
- disabled
default: enabled
description:
- Whether the user group is enabled or disabled.
required: false
type: str
debug_mode:
choices:
- disabled
- enabled
default: disabled
description:
- Whether debug mode is enabled or disabled.
required: false
type: str
gui_access:
choices:
- default
- internal
- LDAP
- disable
default: default
description:
- Frontend authentication method of the users in the group.
- 'Possible values:'
- default - use the system default authentication method;
- internal - use internal authentication;
- LDAP - use LDAP authentication;
- disable - disable access to the frontend.
required: false
type: str
tag_filters:
description:
- Tag based permissions to assign to the group
elements: dict
required: false
suboptions:
host_group:
description:
- Name of the host group to add permission to.
required: true
type: str
tag:
default: ''
description:
- Tag name.
required: false
type: str
value:
default: ''
description:
- Tag value.
required: false
type: str
type: list
userdirectory:
description:
- Authentication user directory when gui_access set to LDAP or System default.
- For => Zabbix 6.2
required: false
type: str
http_login_user:
description:
- Basic Auth login
required: false
type: str
hostgroup_rights:
description:
- Host group permissions to assign to the user group
- For => Zabbix 6.2
elements: dict
required: false
suboptions:
host_group:
description:
- Name of the host group to add permission to.
required: true
type: str
permission:
choices:
- denied
- read-only
- read-write
description:
- Access level to the host group.
required: true
type: str
type: list
http_login_password:
description:
- Basic Auth password
required: false
type: str
templategroup_rights:
description:
- Template group permissions to assign to the user group
- For => Zabbix 6.2
elements: dict
required: false
suboptions:
permission:
choices:
- denied
- read-only
- read-write
description:
- Access level to the templategroup.
required: true
type: str
template_group:
description:
- Name of the template group to add permission to.
required: true
type: str
type: list
msg: description: The result of the operation returned: always sample: 'User group created: ACME, ID: 42' type: str state: description: User group state at the end of execution. returned: on success sample: present type: str usergroup: description: User group name. returned: on success sample: ACME type: str usrgrpid: description: User group id, if created, changed or deleted. returned: on success sample: '42' type: str