community.zabbix
community.zabbix copied to clipboard
ansible-collections
Unable to Define Multiple Host Groups in Zabbix with Ansible
SUMMARY
I am trying to create Zabbix User Group with Ansible. Since usually user groups rights are defined with multiple host groups, I am trying the same with Ansible. However my playbook throws error when I try to write multipe host groups under host group section in playbook.
ISSUE TYPE
- Bug Report
COMPONENT NAME
community.zabbix.zabbix_usergroup
ANSIBLE VERSION
ansible [core 2.12.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
jinja version = 2.10.1
libyaml = True
CONFIGURATION
BECOME:
======
CACHE:
=====
CALLBACK:
========
CLICONF:
=======
CONNECTION:
==========
HTTPAPI:
=======
INVENTORY:
=========
LOOKUP:
======
NETCONF:
=======
SHELL:
=====
VARS:
====
OS / ENVIRONMENT / Zabbix Version
Ubuntu 20.04.3 LTS
STEPS TO REPRODUCE
running the below playbook with the vars file that I am sharing also will drive you to the error.
---
- name: Create User Group in Zabbix
community.zabbix.zabbix_usergroup:
server_url: "{{ zabbix_server_url }}"
login_user: "{{ login_user }}"
login_password: "{{ login_password }}"
name: "{{ item.name }}"
rights:
- host_group: "{{ item.host_group }}"
permission: read-only
- host_group: "{{ item.host_group }}"
permission: read-write
state: present
with_items: '{{ user_groups }}'
user_groups:
- name: Admins
host_group:
- MyTestingHostGroup101
- MyTestingHostGroup102
- name: Users
host_group:
- MyTestingHostGroup106
- MyTestingHostGroup107
EXPECTED RESULTS
I am expecting it to work without problem and create user group with multiple host groups permissions.
ACTUAL RESULTS
failed: [localhost] (item={'name': '', 'host_group': ['MyTestingHostGroup101', 'MyTestingHostGroup102']}) => {"ansible_loop_var": "item", "changed": false, "item": {"host_group": ["MyTestingHostGroup101", "MyTestingHostGroup102"], "name": ""}, "msg": "Host group not found: ['MyTestingHostGroup101', 'MyTestingHostGroup102']"}
failed: [localhost] (item={'name': '', 'host_group': ['MyTestingHostGroup106', 'MyTestingHostGroup107']}) => {"ansible_loop_var": "item", "changed": false, "item": {"host_group": ["MyTestingHostGroup106", "MyTestingHostGroup107"], "name": ""}, "msg": "Host group not found: ['MyTestingHostGroup106', 'MyTestingHostGroup107']"}
the error is exactly like above. I just removed the sensitive data from names section.
Thank you for bringing this to our attention! Definitely looks like a bug.
Can you also share zabbix version this happens on? Major.minor is enough for us to reproduce usually
We have this test https://github.com/ansible-collections/community.zabbix/blob/main/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml#L70 Never fails. Moreover in your code you are trying to give read-only and read-write permissions to the same host_group.
rights:
- host_group: "{{ item.host_group }}"
permission: read-only
- host_group: "{{ item.host_group }}"
permission: read-write
I don't get it, it is simply not correct. What am I missing?
We have this test https://github.com/ansible-collections/community.zabbix/blob/main/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml#L70
Never fails.
Moreover in your code you are trying to give read-only and read-write permissions to the same host_group.
rights: - host_group: "{{ item.host_group }}" permission: read-only - host_group: "{{ item.host_group }}" permission: read-writeI don't get it, it is simply not correct. What am I missing?
Hmm, good catch. I havent had time to verify this issue yet
@opulasli414 can you ensure that you are not assigning conflicting permissions to the same group?
Hello Dusan,
Thanks for your help. The Zabbix version is 6.0.3.
Best Wishes, Onur
On Fri, Jul 1, 2022 at 10:01 PM Dusan Matejka @.***> wrote:
Thank you for bringing this to our attention! Definitely looks like a bug.
Can you also share zabbix version this happens on? Major.minor is enough for us to reproduce usually
— Reply to this email directly, view it on GitHub https://github.com/ansible-collections/community.zabbix/issues/723#issuecomment-1172635089, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ3QIXLEFPX2L4UGNYZSABTVR46ANANCNFSM52MLY55Q . You are receiving this because you authored the thread.Message ID: @.***>
@opulasli414 did you try with fixed version? E.g. either:
rights:
- host_group: "{{ item.host_group }}"
permission: read-only
or:
rights:
- host_group: "{{ item.host_group }}"
permission: read-write
As @BGmot wrote, both will not work. You are assigning them to the same group at the same time
Hi. Just wanted to add that we would like to have the host group and permission in a vars file, such that we could have some host groups with read-write and some host groups with read-only permissions as part of the same user group.
We were able to have multiple host groups added for a host fine, but when trying with user groups it doesn't work, since it's more of a complex object.
Has anyone used a vars file to contain a user group and multiple host groups/permissions configuration?
Something around the lines of:
user_groups:
- name: Admins
- host_group: - name: MyTestingHostGroup101 permission: read-write - name: MyTestingHostGroup102 permission: read-write - name: MyTestingHostGroup103 permission: read-only
Not sure this syntax would be correct. We've tried many different ways and doesn't seem like it could be done from a dictionary setup in a vars file. Would be nice if it was possible to list several host group names for a single permission, but we couldn't find examples of how to get the rights section done via a vars file.
This is what works in this repo tests:
- name: test - update Zabbix user group with multiple rights
zabbix_usergroup:
rights:
- host_group: Discovered hosts
permission: read-only
- host_group: Zabbix servers
permission: read-write
Something around the lines of:
user_groups:
* name: Admins * host_group: - name: MyTestingHostGroup101 permission: read-write - name: MyTestingHostGroup102 permission: read-write - name: MyTestingHostGroup103 permission: read-onlyNot sure this syntax would be correct. We've tried many different ways and doesn't seem like it could be done from a dictionary setup in a vars file. Would be nice if it was possible to list several host group names for a single permission, but we couldn't find examples of how to get the rights section done via a vars file.
@decouxb would this suffice?
vars/user_groups.yml:
user_groups:
- name: Admins
rights:
- host_group: grp1
permission: read-write
- host_group: grp2
permission: read-only
tasks/user_groups.yml
- name: add user groups
zabbix_usergroup:
name: '{{ item.name }}'
rights: '{{ item.rights }}'
loop: '{{ user_groups }}'
Hello Dusan,
I have tried what you suggested above. (putting whole rights section into vars file) It works but its not we are looking for. We would like to write multiple hosts into "host group" section. I tried below configuration but it's throwing the same error.
vars/user_groups.yml:
user_groups:
- name: Admins
rights:
-
host_group:
-
grp1
-
grp2
permission: read-write
-
-
tasks/user_groups.yml
- name: add user groups zabbix_usergroup: name: '{{ item.name }}' rights: '{{ item.rights }}'
Best Regards,
Onur
On Thu, Jul 7, 2022 at 3:14 PM Dusan Matejka @.***> wrote:
Something around the lines of:
user_groups:
name: Admins
- host_group:
- name: MyTestingHostGroup101 permission: read-write
- name: MyTestingHostGroup102 permission: read-write
- name: MyTestingHostGroup103 permission: read-only
Not sure this syntax would be correct. We've tried many different ways and doesn't seem like it could be done from a dictionary setup in a vars file. Would be nice if it was possible to list several host group names for a single permission, but we couldn't find examples of how to get the rights section done via a vars file.
@decouxb https://github.com/decouxb would this suffice?
vars/user_groups.yml:
user_groups:
- name: Admins rights:
- host_group: grp1 permission: read-write
- host_group: grp2 permission: read-only
tasks/user_groups.yml
- name: add user groups zabbix_usergroup: name: '{{ item.name }}' rights: '{{ item.rights }}'
— Reply to this email directly, view it on GitHub https://github.com/ansible-collections/community.zabbix/issues/723#issuecomment-1177513753, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZ3QIXKKJ27AY4RATQS2KF3VS3CZPANCNFSM52MLY55Q . You are receiving this because you were mentioned.Message ID: @.***>
Oh, I finally understand! :) Well, this is something that we are not supporting in the modules unfortunately.
We mimic the way it is done via official Zabbix API: https://www.zabbix.com/documentation/current/en/manual/api/reference/usergroup/create
It requires user to provide list of Permission objects, where each object has ID of the group and the permission level itself (denied/ro/rw): https://www.zabbix.com/documentation/current/en/manual/api/reference/usergroup/object#permission
Maybe it would be possible to transform it from the way you require it to the way module needs it via some jinja2 filters like subelements or product?
This is definitely not a bug. I think this issue should be closed and new one should be open as a feature request with direct requirement to 'Allow zabbix_usergroup parameter rights to also accept list in the host_group key'. @BGmot do you think such feature request would be feasible?