diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:22 +0000 |
| commit | 38b7c80217c4e72b1d8988eb1e60bb6e77334114 (patch) | |
| tree | 356e9fd3762877d07cde52d21e77070aeff7e789 /ansible_collections/community/zabbix/roles | |
| parent | Adding upstream version 7.7.0+dfsg. (diff) | |
| download | ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.tar.xz ansible-38b7c80217c4e72b1d8988eb1e60bb6e77334114.zip | |
Adding upstream version 9.4.0+dfsg.upstream/9.4.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/community/zabbix/roles')
108 files changed, 3044 insertions, 5871 deletions
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md index f3fe06c9d..aa73fab3a 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md @@ -44,15 +44,10 @@ This role will work on the following operating systems: * Red Hat - * Fedora * Debian * Ubuntu - * opensuse * Windows (Best effort) - * macOS - -So, you'll need one of those operating systems.. :-) -Please send Pull Requests or suggestions when you want to use this role for other Operating systems. + * macOS (Best effort) ## Ansible 2.10 and higher @@ -62,7 +57,7 @@ With the release of Ansible 2.10, modules have been moved into collections. Wit ansible-galaxy collection install ansible.posix ansible-galaxy collection install community.general ``` -If you are willing to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too: +If you are wanting to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too: ``` ansible-galaxy collection install ansible.netcommon @@ -95,24 +90,18 @@ To successfully complete the install the role requires `python-netaddr` on the c See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | V | V | V | V | V | V | | | V | -| Red Hat Fam 5 | | | V | V | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | V | V | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | V | V | V | V | V | V | V | V | | -| Ubuntu 14.04 trusty | V | V | V | V | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | V | | | -| Debian 9 stretch | V | V | | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | V | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | + # Getting started @@ -124,7 +113,7 @@ In order to get the Zabbix Agent running, you'll have to define the following pr * `zabbix_agent(2)_server` * `zabbix_agent(2)_serveractive` (When using active checks) -The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 4.0`, `zabbix_agent_version: 3.4` or `zabbix_agent_version: 2.2`. +The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 6.0`. The `zabbix_agent(2)_server` (and `zabbix_agent(2)_serveractive`) should contain the ip or fqdn of the host running the Zabbix Server. @@ -140,16 +129,13 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4, 6.2, or 6.0 * `zabbix_agent_version_minor`: When you want to specify a minor version to be installed. Is also used for `zabbix_sender` and `zabbix_get`. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### SElinux @@ -158,7 +144,7 @@ The following is an overview of all available configuration default for this rol ### Zabbix Agent * `zabbix_agent_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. -* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`. +* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`.zabbix_agent_version * `zabbix_agent_listeninterface`: Interface zabbix-agent listens on. Leave blank for all. * `zabbix_agent_package_remove`: If `zabbix_agent2: True` and you want to remove the old installation. Default: `False`. * `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent`. In case for EPEL, it is automatically renamed. @@ -174,7 +160,6 @@ The following is an overview of all available configuration default for this rol * `zabbix_agent_userparameters_scripts_src`: indicates the relative path (from `files/`) where userparameter scripts are searched * `zabbix_agent_runas_user`: Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled. * `zabbix_agent_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. -* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. * `zabbix_agent_apt_priority`: Add a weight (`Pin-Priority`) for the APT repository. * `zabbix_agent_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. * `zabbix_agent_dont_detect_ip`: Default `false`. When set to `true`, it won't detect available ip addresses on the host and no need for the Python module `netaddr` to be installed. @@ -193,6 +178,7 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. * `zabbix_agent(2)_pidfile`: name of pid file. * `zabbix_agent(2)_logfile`: name of log file. * `zabbix_agent(2)_logfilesize`: maximum size of log file in mb. +* `zabbix_agent(2)_additional_include`: A list of additional complete paths to include in configuration * `zabbix_agent(2)_logtype`: Specifies where log messages are written to * `zabbix_agent(2)_debuglevel`: specifies debug level * `zabbix_agent(2)_sourceip`: source ip address for outgoing connections. @@ -261,16 +247,17 @@ These variables need to be overridden when you want to make use of the Zabbix AP Host encryption configuration will be set to match agent configuration. -* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth. -* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth. -* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`. -* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False` * `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com -* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080 -* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS -* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used +* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false` +* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080 * `zabbix_api_login_user`: Username of user which has API access. * `zabbix_api_login_pass`: Password for the user which has API access. +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used. +* `zabbix_api_timeout`: How many seconds to wait for API response (default 30s). +* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`. +* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False` * `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu` * `zabbix_agent_hostgroups_state`: present (Default) if the hostgroup needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_hostgroup` is set to `True`. * `zabbix_host_status`: enabled (Default) when host in monitored, disabled when host is disabled for monitoring. @@ -290,7 +277,7 @@ Host encryption configuration will be set to match agent configuration. **NOTE** -_Supporting Windows is a best effort (I don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ +_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ When `(2)` is used in the name of the property, like `zabbix_agent(2)_win_logfile`, it will show that you can configure `zabbix_agent_win_logfile` for the Zabbix Agent configuration file and `zabbix_agent2_win_logfile` for the Zabbix Agent 2 configuration file. Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. @@ -308,6 +295,10 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. ## macOS Variables +**NOTE** + +_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ + * `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_mac_download_link` link. * `zabbix_mac_download_link`: The download url to the `pkg` file. @@ -344,17 +335,6 @@ Keep in mind that using the Zabbix Agent in a Container requires changes to the * `zabbix_agent_docker_volumes`: A list with all directories that needs to be available in the Container. * `zabbix_agent_docker_env`: A dict with all environment variables that needs to be set for the Container. -## FirewallD/Iptables - -* `zabbix_agent_firewall_enable`: If IPtables needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport`. -* `zabbix_agent_firewall_source`: When provided, IPtables will be configuring to only allow traffic from this IP address/range. -* `zabbix_agent_firewalld_enable`: If firewalld needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport` and `zabbix_agent_jmx_listenport` if defined. -* `zabbix_agent_firewalld_source`: When provided, firewalld will be configuring to only allow traffic for IP configured in `zabbix_agent_server`. -* `zabbix_agent_firewalld_zone`: When provided, the firewalld rule will be attached to this zone (only if zabbix_agent_firewalld_enable is set to true). The default behavior is to use the default zone define by the remote host firewalld configuration. -* `zabbix_agent_firewall_action`: Default: `insert`. When to `insert` the rule or to `append` to IPTables. -* `zabbix_agent_firewall_chain`: Default `INPUT`. Which `chain` to add the rule to IPTables. - - ## IPMI variables * `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default. @@ -369,6 +349,17 @@ When the target host does not have access to the internet, but you do have a pro * `zabbix_http_proxy` * `zabbix_https_proxy` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Dependencies There are no dependencies on other roles. @@ -440,10 +431,11 @@ Including an example of how to use your role (for instance, with variables passe - role: community.zabbix.zabbix_agent zabbix_agent_server: 192.168.33.30 zabbix_agent_serveractive: 192.168.33.30 - zabbix_api_server_url: http://zabbix.example.com - zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_server_host: zabbix.example.com zabbix_api_login_user: Admin zabbix_api_login_pass: zabbix + zabbix_api_create_hostgroup: true + zabbix_api_create_hosts: true zabbix_agent_host_state: present zabbix_host_groups: - Linux Servers @@ -465,10 +457,11 @@ You can also use the group_vars or the host_vars files for setting the variables ```yaml zabbix_agent_server: 192.168.33.30 zabbix_agent_serveractive: 192.168.33.30 - zabbix_api_server_url: http://zabbix.example.com - zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_server_host: zabbix.example.com zabbix_api_login_user: Admin zabbix_api_login_pass: zabbix + zabbix_api_create_hostgroup: true + zabbix_api_create_hosts: true zabbix_agent_host_state: present zabbix_host_groups: - Linux Servers diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml index 5fc96071a..dbd5db5db 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml @@ -2,11 +2,9 @@ # defaults file for zabbix_agent zabbix_agent2: false -# zabbix_agent_version: 6.0 +# zabbix_agent_version: 6.4 zabbix_agent_version_minor: "*" -zabbix_version: "{{ zabbix_agent_version }}" zabbix_version_patch: 0 -zabbix_repo: zabbix zabbix_agent_package_remove: false zabbix_agent_package: zabbix-agent zabbix_sender_package: zabbix-sender @@ -17,7 +15,6 @@ zabbix_agent_serveractive: zabbix_agent2_server: "{{ zabbix_agent_server }}" zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive }}" zabbix_selinux: false -zabbix_agent_src_reinstall: false zabbix_agent_apt_priority: zabbix_agent_conf_mode: "0644" zabbix_agent_dont_detect_ip: false @@ -36,22 +33,20 @@ zabbix_agent_packages: - "{{ zabbix_get_package }}" # Zabbix role related vars -zabbix_install_pip_packages: true zabbix_apt_force_apt_get: true zabbix_apt_install_recommends: false # Override Ansible specific facts zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}" zabbix_agent_distribution_release: "{{ ansible_distribution_release }}" -zabbix_agent_os_family: "{{ ansible_os_family }}" zabbix_repo_yum_gpgcheck: 0 zabbix_repo_yum_schema: https -zabbix_repo_yum_disabled: "*" -zabbix_repo_yum_enabled: [] +zabbix_agent_disable_repo: + - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/" mode: "0644" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX @@ -71,48 +66,32 @@ zabbix_repo_yum: gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present +zabbix_repo_deb_component: main + # Zabbix API stuff -zabbix_validate_certs: true # Will be deprecated in 2.0.0 -zabbix_api_validate_certs: "{{ zabbix_validate_certs }}" -zabbix_agent_server_url: http://localhost # Will be deprecated in 2.0.0 -zabbix_url: "{{ zabbix_agent_server_url }}" # Will be deprecated in 2.0.0 -zabbix_api_server_url: "{{ zabbix_agent_server_url }}" -zabbix_api_server_host: "{{ zabbix_api_server_url | urlsplit('hostname') }}" -zabbix_api_port_from_url: "{{ zabbix_api_server_port | default(zabbix_api_server_url | urlsplit('port')) }}" -zabbix_api_scheme_from_url: "{{ zabbix_api_server_url | urlsplit('scheme') }}" -zabbix_api_port_from_shema: "{{ (zabbix_api_scheme_from_url == 'https') | ternary(443, 80) }}" -# zabbix_http_user: admin # Will be deprecated in 2.0.0 -# zabbix_http_password: admin # Will be deprecated in 2.0.0 -# zabbix_api_http_user: admin -# zabbix_api_http_password: admin -zabbix_api_user: Admin # Will be deprecated in 2.0.0 -zabbix_api_pass: !unsafe zabbix # Will be deprecated in 2.0.0 -zabbix_api_login_user: "{{ zabbix_api_user }}" -zabbix_api_login_pass: "{{ zabbix_api_pass }}" +zabbix_api_server_host: localhost +# zabbix_api_server_port: 80 +zabbix_api_login_user: Admin +zabbix_api_use_ssl: false +zabbix_api_login_pass: !unsafe zabbix +zabbix_api_validate_certs: false ansible_httpapi_pass: "{{ zabbix_api_login_pass }}" -ansible_httpapi_port: "{{ (zabbix_api_port_from_url == '') | ternary(zabbix_api_port_from_shema, zabbix_api_port_from_url) }}" -ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl | default((zabbix_api_scheme_from_url == 'https') | ternary(true, false)) }}" +ansible_httpapi_port: "{{ zabbix_api_server_port }}" ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}" +zabbix_api_timeout: 30 zabbix_api_create_hostgroup: false zabbix_api_create_hosts: false -zabbix_api_timeout: 30 -zabbix_create_hostgroup: present # or absent # Will be deprecated in 2.0.0 -zabbix_agent_hostgroups_state: "{{ zabbix_create_hostgroup }}" -zabbix_create_host: present # or absent # Will be deprecated in 2.0.0 -zabbix_agent_host_state: "{{ zabbix_create_host }}" -zabbix_update_host: true # Will be deprecated in 2.0.0 -zabbix_agent_host_update: "{{ zabbix_update_host }}" +zabbix_agent_hostgroups_state: present # or absent +zabbix_agent_host_state: present # or absent +zabbix_agent_host_update: true zabbix_host_status: enabled # or disabled -zabbix_proxy: null # Will be deprecated in 2.0.0 -zabbix_agent_proxy: "{{ zabbix_proxy }}" -zabbix_inventory_mode: disabled # Will be deprecated in 2.0.0 -zabbix_agent_inventory_mode: "{{ zabbix_inventory_mode }}" +zabbix_agent_proxy: null +zabbix_agent_inventory_mode: disabled zabbix_useuip: 1 zabbix_host_groups: - Linux servers -zabbix_link_templates: # Will be deprecated in 2.0.0 +zabbix_agent_link_templates: - Template Linux by Zabbix agent -zabbix_agent_link_templates: "{{ zabbix_link_templates }}" zabbix_agent_interfaces: - type: 1 @@ -122,14 +101,6 @@ zabbix_agent_interfaces: dns: "{{ ansible_fqdn }}" port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}" -zabbix_agent_firewall_enable: false -zabbix_agent_firewalld_enable: false -zabbix_agent_firewalld_source: "{{ zabbix_agent_server }}" -zabbix_agent_firewall_action: insert -zabbix_agent_firewall_chain: INPUT - -# By default, a null zone will trigger the use of the default zone on the remote host -zabbix_agent_firewalld_zone: # Zabbix configuration variables zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid zabbix_agent_logtype: file @@ -171,8 +142,7 @@ zabbix_agent_become_on_localhost: true zabbix_agent_description: zabbix_agent_inventory_zabbix: {} zabbix_agent_heartbeatfrequency: 60 -zabbix_macros: [] # Will be deprecated in 2.0.0 -zabbix_agent_macros: "{{ zabbix_macros }}" +zabbix_agent_macros: [] zabbix_agent_tags: [] zabbix_agent_chassis: false @@ -272,7 +242,7 @@ zabbix_agent_docker: false zabbix_agent_docker_state: started zabbix_agent_docker_name: zabbix-agent zabbix_agent_docker_image: "zabbix/zabbix-agent" -zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_version }}.{{ zabbix_version_patch }}" +zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_agent_version }}.{{ zabbix_version_patch }}" zabbix_agent_docker_user_gid: 101 zabbix_agent_docker_user_uid: 101 zabbix_agent_docker_network_mode: host diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml index cd0f9d932..9f04b1a9b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml @@ -2,17 +2,17 @@ # handlers file for zabbix-agent - name: restart zabbix-agent - service: + ansible.builtin.service: name: "{{ zabbix_agent_service }}" state: restarted enabled: true become: true when: - not zabbix_agent_docker - - zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin" + - ansible_os_family != "Windows" and ansible_os_family != "Darwin" - name: firewalld-reload - command: "firewall-cmd --reload" + ansible.builtin.command: "firewall-cmd --reload" become: true when: - ansible_facts.services["firewalld"] is defined @@ -23,17 +23,17 @@ name: "{{ zabbix_win_svc_name }}" state: restarted when: - - zabbix_agent_os_family == "Windows" + - ansible_os_family == "Windows" - name: restart mac zabbix agent - command: "launchctl kickstart -k system/{{ zabbix_agent_service }}" + ansible.builtin.command: "launchctl kickstart -k system/{{ zabbix_agent_service }}" become: true when: - not zabbix_agent_docker - - zabbix_agent_os_family == "Darwin" + - ansible_os_family == "Darwin" - name: "clean repo files from proxy creds" - shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true become: true when: - ansible_os_family == 'RedHat' diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml index e7b8e06ae..137eac314 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml @@ -3,9 +3,6 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - platforms: - name: zabbix-server-centos image: milcom/centos7-systemd:latest @@ -46,12 +43,9 @@ provisioner: docker: create: ../default/create.yml destroy: ../default/destroy.yml - lint: - name: ansible-lint inventory: group_vars: all: - zabbix_agent_src_reinstall: false zabbix_api_create_hosts: true zabbix_api_create_hostgroup: true zabbix_api_server_url: http://zabbix-server-centos @@ -77,5 +71,3 @@ scenario: verifier: name: testinfra - lint: - name: flake8 diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml index e1bb7d8d4..2f0795448 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml @@ -3,7 +3,7 @@ hosts: all:!zabbix_server pre_tasks: - name: "Get IP Server" - shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 register: ip_address delegate_to: zabbix-server-centos changed_when: false @@ -11,7 +11,7 @@ - skip_ansible_lint - name: "Get IP hosts" - shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 + ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1 register: ip_address_host changed_when: false tags: diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml index 6722e5fea..582006d4e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml @@ -3,14 +3,14 @@ hosts: zabbix_server pre_tasks: - name: "Installing EPEL" - yum: + ansible.builtin.yum: name: - epel-release state: present when: ansible_distribution == 'CentOS' - name: "Installing packages" - yum: + ansible.builtin.yum: name: - net-tools - which @@ -21,7 +21,7 @@ when: ansible_distribution == 'CentOS' - name: "Installing which on NON-CentOS" - apt: + ansible.builtin.apt: name: - net-tools - python-pip @@ -30,19 +30,19 @@ when: ansible_distribution != 'CentOS' - name: "Configure SUDO." - lineinfile: + ansible.builtin.lineinfile: dest: /etc/sudoers line: "Defaults !requiretty" state: present - name: "Make sure the docs are installed." - lineinfile: + ansible.builtin.lineinfile: dest: /etc/yum.conf line: "tsflags=nodocs" state: absent - name: "Installing some python dependencies" - pip: + ansible.builtin.pip: name: py-zabbix state: present @@ -55,7 +55,7 @@ hosts: all:!zabbix_server:!docker tasks: - name: "Installing packages on CentOS family" - yum: + ansible.builtin.yum: name: - net-tools - which @@ -64,7 +64,7 @@ - ansible_os_family == 'RedHat' - name: "Installing packages on Debian family" - apt: + ansible.builtin.apt: name: - net-tools state: present @@ -75,7 +75,7 @@ hosts: docker tasks: - name: "Download Docker CE repo file" - get_url: + ansible.builtin.get_url: url: https://download.docker.com/linux/centos/docker-ce.repo dest: /etc/yum.repos.d/docker-ce.repo mode: 0644 @@ -83,7 +83,7 @@ until: zabbix_agent_prepare_docker_repo is succeeded - name: "Installing Epel" - package: + ansible.builtin.package: pkg: - epel-release state: present @@ -91,7 +91,7 @@ until: zabbix_agent_prepare_docker_install is succeeded - name: "Installing Docker" - package: + ansible.builtin.package: pkg: - docker-ce - python-pip @@ -101,7 +101,7 @@ until: zabbix_agent_prepare_docker_install is succeeded - name: "Installing Docker Python" - pip: + ansible.builtin.pip: name: - docker state: present @@ -109,6 +109,6 @@ until: zabbix_agent_prepare_docker_install is succeeded - name: "Starting Docker service" - service: + ansible.builtin.service: name: docker state: started diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml deleted file mode 100644 index e98576f61..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml +++ /dev/null @@ -1,177 +0,0 @@ ---- - -- name: "Set default ip address for zabbix_agent_ip" - set_fact: - zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" - when: - - zabbix_agent_ip is not defined - - "'ansible_default_ipv4' in hostvars[inventory_hostname]" - -- name: "Get Total Private IP Addresses" - set_fact: - total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | length }}" - when: - - ansible_all_ipv4_addresses is defined - -- name: "Set first public ip address for zabbix_agent_ip" - set_fact: - zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}" - zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" - zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" - zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}" - zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}" - when: - - zabbix_agent_ip is not defined - - total_private_ip_addresses is defined - - total_private_ip_addresses == '0' - -- name: "Set first private ip address for zabbix_agent_ip" - set_fact: - zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}" - when: - - zabbix_agent_ip is not defined - - total_private_ip_addresses is defined - - total_private_ip_addresses != '0' - -- name: "Fail invalid specified agent_listeninterface" - fail: - msg: "The specified network interface does not exist" - when: - - zabbix_agent_listeninterface - - (zabbix_agent_listeninterface not in ansible_all_ipv4_addresses) - tags: - - zabbix-agent - - config - -- name: "Set network interface" - set_fact: - network_interface: ansible_{{ zabbix_agent_listeninterface }} - when: - - zabbix_agent_listeninterface - - not zabbix_agent_listenip - -- name: "Get IP of agent_listeninterface when no agent_listenip specified" - set_fact: - zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" - zabbix_agent_ip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" - when: - - zabbix_agent_listeninterface - - not zabbix_agent_listenip - tags: - - zabbix-agent - - config - - api - -- name: "Default agent_listenip to all when not specified" - set_fact: - zabbix_agent_listenip: '0.0.0.0' - when: - - not zabbix_agent_listenip - tags: - - zabbix-agent - - config - -- name: "Fail invalid specified agent_listenip" - fail: - msg: "The agent_listenip does not exist" - when: - - zabbix_agent_listenip != '0.0.0.0' - - zabbix_agent_listenip != '127.0.0.1' - - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) - tags: - - zabbix-agent - - config - -- name: "Installing Agent" - include_tasks: macOS.yml - tags: - - always - -- name: "Configure zabbix-agent" - template: - src: zabbix_agentd.conf.j2 - dest: "/usr/local/etc/zabbix/{{ zabbix_agent_conf }}" - owner: zabbix - group: wheel - mode: 0644 - notify: - - restart mac zabbix agent - become: true - when: - - not (zabbix_agent_docker | bool) - tags: - - zabbix-agent - - config - - init - -- name: "Create directory for PSK file if not exist." - file: - path: "{{ zabbix_agent_tlspskfile | dirname }}" - mode: 0755 - state: directory - become: true - when: - - zabbix_agent_tlspskfile is defined - -- name: "Place TLS PSK File" - copy: - dest: "{{ zabbix_agent_tlspskfile }}" - content: "{{ zabbix_agent_tlspsk_secret }}" - owner: zabbix - group: zabbix - mode: 0400 - become: true - when: - - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspsk_secret is defined - notify: - - restart mac zabbix agent - -- name: "Create include dir zabbix-agent" - file: - path: "{{ zabbix_agent_include }}" - owner: zabbix - group: zabbix - mode: 0750 - state: directory - become: true - tags: - - config - - include - -- name: "Create pid file directory for zabbix-agent" - file: - path: /var/run/zabbix - state: directory - owner: zabbix - group: zabbix - mode: 0755 - become: true - -- name: "Install the Docker container" - include_tasks: Docker.yml - when: - - zabbix_agent_docker | bool - -- name: "Check if zabbix-agent service is running" - shell: | - set -o pipefail - launchctl list | grep com.zabbix.zabbix_agentd | awk '{print $1}' - register: launchctl_pid - check_mode: false - changed_when: false - failed_when: launchctl_pid.rc == 2 - become: true - tags: - - init - - service - -- name: "Make sure the zabbix-agent service is running" - command: launchctl start com.zabbix.zabbix_agentd - become: true - when: - - not (zabbix_agent_docker | bool) - - launchctl_pid.stdout == "-" - tags: - - init - - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml index ec4a01879..6ded0ba03 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml @@ -1,17 +1,16 @@ --- # Tasks specific for Debian/Ubuntu Systems -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml - -- name: "Set short version name" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" +- name: "Debian | Set some variables" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}" + zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}" + tags: + - always -- name: "Debian | Installing gnupg" - apt: - pkg: gnupg +- name: "Debian | Installing lsb-release" + ansible.builtin.apt: + pkg: lsb-release update_cache: true cache_valid_time: 3600 force: true @@ -19,174 +18,111 @@ environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - -- name: "Debian | Install gpg key" - apt_key: - id: "{{ sign_keys[zabbix_short_version][zabbix_agent_distribution_release]['sign_key'] }}" - url: http://repo.zabbix.com/zabbix-official-repo.key - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - zabbix_repo == "zabbix" become: true tags: - - zabbix-agent - - init + - install -- name: "Debian | Check for zabbix repositories" - find: - paths: /etc/apt/sources.list.d - patterns: repo_zabbix_com_zabbix*.list - excludes: "repo_zabbix_com_zabbix_{{ zabbix_underscore_version }}_ubuntu.list" - register: repositories - become: true - when: - - ansible_distribution in ['Ubuntu', 'Debian'] - - zabbix_repo == "zabbix" - tags: - - zabbix-agent - - init +- name: "Debian | Update ansible_lsb fact" + ansible.builtin.setup: + gather_subset: + - lsb -- name: "Debian | Remove unecessary zabbix repositories" - file: - path: "{{ item.path }}" - state: absent - loop: "{{ repositories.files }}" +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}" when: - - ansible_distribution in ['Ubuntu', 'Debian'] - - zabbix_repo == "zabbix" - - zabbix_agent_src_reinstall - become: true + - zabbix_repo_deb_url is undefined tags: - - zabbix-agent - - init + - always -- name: "Debian | Installing deb-src repository Debian" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - ansible_distribution == "Debian" - - zabbix_repo == "zabbix" - become: true - tags: - - zabbix-agent - - init - -- name: "Debian | Installing deb repository Debian" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main" +- name: "Debian | Installing gnupg" + ansible.builtin.apt: + pkg: gnupg + update_cache: true + cache_valid_time: 3600 + force: true state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - ansible_distribution == "Debian" - - zabbix_repo == "zabbix" + register: gnupg_installed + until: gnupg_installed is succeeded become: true tags: - - zabbix-agent - - init - -- name: "Debian | Installing deb-src repository Ubuntu Arm64" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu-arm64/ {{ zabbix_agent_distribution_release }} main" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - ansible_distribution == "Ubuntu" - - ansible_machine == "aarch64" - - zabbix_repo == "zabbix" + - install + +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" become: true - tags: - - zabbix-agent - - init - -- name: "Debian | Installing deb repository Ubuntu Arm64" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu-arm64/ {{ zabbix_agent_distribution_release }} main" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" when: - - ansible_distribution == "Ubuntu" - - ansible_machine == "aarch64" - - zabbix_repo == "zabbix" - become: true - tags: - - zabbix-agent - - init + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") -- name: "Debian | Installing deb-src repository Ubuntu" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main" - state: present +- name: "Debian | Download gpg key" + ansible.builtin.get_url: + url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - ansible_distribution == "Ubuntu" - - ansible_machine != "aarch64" - - zabbix_repo == "zabbix" become: true tags: - - zabbix-agent - - init + - install -- name: "Debian | Installing deb repository Ubuntu" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - ansible_distribution == "Ubuntu" - - ansible_machine != "aarch64" - - zabbix_repo == "zabbix" +- name: "Debian | Installing repository {{ ansible_distribution }}" + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} become: true tags: - - zabbix-agent - - init + - install - name: "Debian | Create /etc/apt/preferences.d/" - file: + ansible.builtin.file: path: /etc/apt/preferences.d/ state: directory - mode: '0755' + mode: "0755" when: - zabbix_agent_apt_priority | int become: true + tags: + - install - name: "Debian | Configuring the weight for APT" - copy: + ansible.builtin.copy: dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" content: | Package: {{ zabbix_agent_package }} Pin: origin repo.zabbix.com Pin-Priority: {{ zabbix_agent_apt_priority | int }} owner: root - mode: '0644' + mode: "0644" when: - zabbix_agent_apt_priority | int become: true + tags: + - install -# Note: set cache_valid_time=0 to ensure that an apt-get update after the added repo-key -# else you often get 'WARNING: The following packages cannot be authenticated! -# See also: -# http://askubuntu.com/questions/75565/why-am-i-getting-authentication-errors-for-packages-from-an-ubuntu-repository - name: "Debian | Installing zabbix-agent" - apt: + ansible.builtin.apt: pkg: "{{ zabbix_agent_package }}" state: "{{ zabbix_agent_package_state }}" update_cache: true @@ -196,16 +132,14 @@ environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: ansible_distribution in ['Ubuntu', 'Debian'] register: zabbix_agent_package_installed until: zabbix_agent_package_installed is succeeded become: true tags: - - zabbix-agent - - init + - install - name: "Debian | Installing zabbix-{sender,get}" - apt: + ansible.builtin.apt: pkg: - "{{ zabbix_sender_package }}" - "{{ zabbix_get_package }}" @@ -218,42 +152,19 @@ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" when: - - ansible_distribution in ['Ubuntu', 'Debian'] - not zabbix_agent_install_agent_only register: zabbix_agent_package_installed until: zabbix_agent_package_installed is succeeded become: true check_mode: false tags: - - zabbix-agent - - init - -- name: "Mint | Installing zabbix-agent" - apt: - pkg: "zabbix-agent" - state: "{{ zabbix_agent_package_state }}" - update_cache: true - cache_valid_time: 0 - force_apt_get: "{{ zabbix_apt_force_apt_get }}" - install_recommends: "{{ zabbix_apt_install_recommends }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: ansible_distribution not in ['Ubuntu', 'Debian'] - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - tags: - - zabbix-agent - - init + - install - name: "Debian | Enable the service" - service: + ansible.builtin.service: name: "{{ zabbix_agent_service }}" enabled: true use: service become: true tags: - - zabbix-agent - - init - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml index cbbef204d..031a5fe61 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml @@ -1,7 +1,6 @@ --- - - name: "Create volume mount string" - set_fact: + ansible.builtin.set_fact: volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile" tls_key: ZBX_TLSPSKFILE: tlspskfile @@ -9,7 +8,7 @@ - zabbix_agent_tlspskfile is defined - name: "Add zabbix_agent_tlspskfile to volume mount" - set_fact: + ansible.builtin.set_fact: zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}" zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}" when: diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml index d2c0ba82c..c4c8fc401 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml @@ -1,21 +1,24 @@ --- - - name: "Set default ip address for zabbix_agent_ip" - set_fact: + ansible.builtin.set_fact: zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" when: - zabbix_agent_ip is not defined - "'ansible_default_ipv4' in hostvars[inventory_hostname]" + tags: + - config - name: "Get Total Private IP Addresses" - set_fact: + ansible.builtin.set_fact: total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}" when: - ansible_all_ipv4_addresses is defined - not (zabbix_agent_dont_detect_ip) + tags: + - config - name: "Set first public ip address for zabbix_agent_ip" - set_fact: + ansible.builtin.set_fact: zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}" zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}" zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}" @@ -25,79 +28,83 @@ - zabbix_agent_ip is not defined - total_private_ip_addresses is defined - total_private_ip_addresses == '0' + tags: + - config - name: "Set first private ip address for zabbix_agent_ip" - set_fact: + ansible.builtin.set_fact: zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}" when: - zabbix_agent_ip is not defined - total_private_ip_addresses is defined - total_private_ip_addresses != '0' + tags: + - config - name: "Fail invalid specified agent_listeninterface" - fail: + ansible.builtin.fail: msg: "The specified network interface does not exist" when: - (zabbix_agent_listeninterface) - (zabbix_agent_listeninterface not in ansible_interfaces) tags: - - zabbix-agent - config - name: "Set network interface" - set_fact: + ansible.builtin.set_fact: network_interface: ansible_{{ zabbix_agent_listeninterface }} when: - (zabbix_agent_listeninterface) - not zabbix_agent_listenip + tags: + - config - name: "Get IP of agent_listeninterface when no agent_listenip specified" - set_fact: + ansible.builtin.set_fact: zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}" when: - (zabbix_agent_listeninterface) - not zabbix_agent_listenip tags: - - zabbix-agent - config - api - name: "Default agent_listenip to all when not specified" - set_fact: - zabbix_agent_listenip: '0.0.0.0' + ansible.builtin.set_fact: + zabbix_agent_listenip: "0.0.0.0" when: - not (zabbix_agent_listenip) tags: - - zabbix-agent - config - name: "Fail invalid specified agent_listenip" - fail: + ansible.builtin.fail: msg: "The agent_listenip does not exist" when: - zabbix_agent_listenip != '0.0.0.0' - zabbix_agent_listenip != '127.0.0.1' - (zabbix_agent_listenip not in ansible_all_ipv4_addresses) tags: - - zabbix-agent - config - name: "Configure SELinux when enabled" - include_tasks: selinux.yml + ansible.builtin.include_tasks: selinux.yml when: - zabbix_selinux | bool - name: "Adding zabbix group" - group: + ansible.builtin.group: name: zabbix state: present gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}" become: true when: - zabbix_agent_docker | bool + tags: + - config - name: "Adding zabbix user" - user: + ansible.builtin.user: name: zabbix group: zabbix state: present @@ -108,9 +115,11 @@ become: true when: - zabbix_agent_docker | bool + tags: + - config - name: "Configure zabbix-agent" - template: + ansible.builtin.template: src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}" dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}" owner: root @@ -122,34 +131,36 @@ when: - not (zabbix_agent_docker | bool) tags: - - zabbix-agent - config - - init - name: "Create directory for PSK file if not exist." - file: + ansible.builtin.file: path: "{{ zabbix_agent_tlspskfile | dirname }}" mode: 0755 state: directory become: true when: - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - not (zabbix_agent2 | bool) + tags: + - config - name: "Create directory for PSK file if not exist (zabbix-agent2)" - file: + ansible.builtin.file: path: "{{ zabbix_agent2_tlspskfile | dirname }}" mode: 0755 state: directory become: true when: - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - zabbix_agent2 | bool + tags: + - config - name: "Place TLS PSK File" - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent_tlspskfile }}" content: "{{ zabbix_agent_tlspsk_secret }}" owner: zabbix @@ -158,14 +169,16 @@ become: true when: - zabbix_agent_tlspskfile is defined - - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - zabbix_agent_tlspsk_secret is defined - not (zabbix_agent2 | bool) notify: - restart zabbix-agent + tags: + - config - name: "Place TLS PSK File (zabbix-agent2)" - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent2_tlspskfile }}" content: "{{ zabbix_agent2_tlspsk_secret }}" owner: zabbix @@ -174,14 +187,16 @@ become: true when: - zabbix_agent2_tlspskfile is defined - - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 + - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680 - zabbix_agent2_tlspsk_secret is defined - zabbix_agent2 | bool notify: - restart zabbix-agent + tags: + - config - name: "Create include dir zabbix-agent" - file: + ansible.builtin.file: path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}" owner: root group: zabbix @@ -190,26 +205,20 @@ become: true tags: - config - - include - name: "Install the Docker container" - include_tasks: Docker.yml + ansible.builtin.include_tasks: Docker.yml when: - zabbix_agent_docker | bool -- name: "Configure the firewall(d|iptables)" - include_tasks: firewall.yml - when: - - (zabbix_agent_firewall_enable | bool) or (zabbix_agent_firewalld_enable | bool) - - name: "Remove zabbix-agent installation when zabbix-agent2 is used." - include_tasks: remove.yml + ansible.builtin.include_tasks: remove.yml when: - zabbix_agent2 | bool - zabbix_agent_package_remove - name: "Make sure the zabbix-agent service is running" - service: + ansible.builtin.service: name: "{{ zabbix_agent_service }}" state: started enabled: true @@ -217,12 +226,14 @@ when: - not (zabbix_agent_docker | bool) tags: - - init - service - name: "Give zabbix-agent access to system.hw.chassis info" - file: + ansible.builtin.file: path: /sys/firmware/dmi/tables/DMI owner: root group: zabbix + become: true when: zabbix_agent_chassis | bool + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml index ef8cfaf09..f23cb46ad 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml @@ -1,133 +1,53 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Use EPEL package name" - set_fact: - zabbix_agent_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-agent" - zabbix_sender_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-sender" - zabbix_get_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-get" - when: - - zabbix_repo == "epel" - tags: - - zabbix-agent - - init - -- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Amazon" - set_fact: - zabbix_agent_distribution_major_version: 6 - when: - - ansible_distribution == "Amazon" - - ansible_distribution_major_version == "NA" - -- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Major Version is 2018.03" - set_fact: - zabbix_agent_distribution_major_version: 6 - when: - - ansible_distribution == "Amazon" - - ansible_distribution_major_version == "2018" - -- name: "RedHat | Set zabbix_agent_distribution_major_version to 7 when Amazon 2" - set_fact: - zabbix_agent_distribution_major_version: 7 - when: - - ansible_distribution == "Amazon" - - ansible_distribution_major_version == "2" - -- name: "Fedora | Override zabbix_agent_distribution_major_version for Fedora <= 27" - set_fact: - zabbix_agent_distribution_major_version: 7 - when: - - ansible_distribution == "Fedora" - - ansible_distribution_major_version <= "27" - -- name: "Fedora | Override zabbix_agent_distribution_major_version for Fedora >= 27" - set_fact: - zabbix_agent_distribution_major_version: 8 - when: - - ansible_distribution == "Fedora" - - ansible_distribution_major_version >= "27" - -- name: "XCP-ng | Override zabbix_agent_distribution_major_version for XCP-ng" - set_fact: - zabbix_agent_distribution_major_version: 7 - when: - - ansible_distribution == "XCP-ng" - - name: "RedHat | Install basic repo file" - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" + priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true - when: - zabbix_repo == "zabbix" notify: - "clean repo files from proxy creds" tags: - - zabbix-agent + - install - name: Check if warn parameter can be used for shell module - set_fact: + ansible.builtin.set_fact: produce_warn: False when: ansible_version.full is version("2.14", "<") - -- name: "Do a yum clean" - shell: yum clean all - args: - warn: "{{ produce_warn | default(omit) }}" - when: yum_repo_installed.changed - become: true tags: - - skip_ansible_lint + - always - name: "RedHat | Installing zabbix-agent" - package: + ansible.builtin.package: pkg: - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" state: "{{ zabbix_agent_package_state }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_agent_package_installed until: zabbix_agent_package_installed is succeeded - when: - zabbix_repo != "other" become: true tags: - - init - - zabbix-agent - -- name: "RedHat | Installing zabbix-agent (When zabbix_repo == other)" - package: - pkg: - - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - state: "{{ zabbix_agent_package_state }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - when: - zabbix_repo == "other" - become: true - tags: - - init - - zabbix-agent + - install - name: "RedHat | Installing zabbix-{sender,get}" - package: + ansible.builtin.package: pkg: - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" state: "{{ zabbix_agent_package_state }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" @@ -135,36 +55,16 @@ register: zabbix_agent_package_installed until: zabbix_agent_package_installed is succeeded when: - - zabbix_repo not in ['epel', 'other'] - - not zabbix_agent_install_agent_only - become: true - tags: - - init - - zabbix-agent - -- name: "RedHat | Installing zabbix-{sender,get} (When zabbix_repo == other)" - package: - pkg: - - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}" - state: "{{ zabbix_agent_package_state }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - when: - - zabbix_repo == "other" - not zabbix_agent_install_agent_only become: true tags: - - init - - zabbix-agent + - install - name: "RedHat | Enable the service" - service: + ansible.builtin.service: name: "{{ zabbix_agent_service }}" enabled: true use: service become: true tags: - - zabbix-agent - - init - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml deleted file mode 100644 index 82dc3ce7d..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# Tasks specific for OpenSuse Systems - -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml - -- name: "Install zypper repo dependency" - community.general.zypper: - name: - - python-xml - - "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['python_libxml2_package'] }}" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: zabbix_agent_package_dependency - until: zabbix_agent_package_dependency is succeeded - -- name: "Suse | Install basic repo file" - community.general.zypper_repository: - repo: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['url'] }}" - name: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['name'] }}" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - when: - - zabbix_repo == "zabbix" - become: true - tags: - - zabbix-agent - - init - -- name: "Only install the Zabbix Agent" - set_fact: - zabbix_agent_packages: - - "{{ zabbix_agent_package }}" - when: - - zabbix_agent_install_agent_only - -- name: "Suse | Install zabbix-agent" - community.general.zypper: - name: "{{ zabbix_agent_packages }}" - state: "{{ zabbix_agent_package_state }}" - disable_gpg_check: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_agent_package_installed - until: zabbix_agent_package_installed is succeeded - become: true - tags: - - zabbix-agent - - init diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml index 61e12361e..9b7501d9a 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml @@ -1,36 +1,44 @@ --- - name: "Windows | Set default architecture" - set_fact: + ansible.builtin.set_fact: windows_arch: 32 + tags: + - always - name: "Windows | Override architecture if 64-bit" - set_fact: + ansible.builtin.set_fact: windows_arch: 64 when: - ansible_architecture == "64-bit" + tags: + - always - name: "Windows | Set path to zabbix.exe" - set_fact: + ansible.builtin.set_fact: zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe' + tags: + - always -- name: "Windows | Set variables specific to Zabbix >= 4" - set_fact: +- name: "Windows | Set variables specific to Zabbix" + ansible.builtin.set_fact: zabbix_win_svc_name: Zabbix Agent zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe' - zabbix_win_config_name: 'zabbix_agentd.conf' + zabbix_win_config_name: "zabbix_agentd.conf" zabbix2_win_svc_name: Zabbix Agent 2 zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe' - zabbix2_win_config_name: 'zabbix_agent2.conf' - when: - - zabbix_version_long is version('4.0.0', '>=') + zabbix2_win_config_name: "zabbix_agent2.conf" + tags: + - always - name: "Windows | Check if Zabbix agent is present" ansible.windows.win_stat: - path: '{{ item }}' + path: "{{ item }}" with_items: - "{{ zabbix_win_exe_path }}" - "{{ zabbix2_win_exe_path }}" register: agent_file_info + tags: + - always - name: "Windows | Get Installed Zabbix Agent Version" community.windows.win_file_version: @@ -39,9 +47,11 @@ when: - item.stat.exists | bool with_items: "{{ agent_file_info.results }}" + tags: + - always - name: "Windows | Set facts current zabbix agent installation" - set_fact: + ansible.builtin.set_fact: zabbix_agent_1_binary_exist: true zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version when: @@ -49,9 +59,11 @@ - zabbix_win_exe_info.results[0].item.stat.exists - zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path - zabbix_win_exe_info.results[0].win_file_version.product_version + tags: + - always - name: "Windows | Set facts current zabbix agent installation (agent 2)" - set_fact: + ansible.builtin.set_fact: zabbix_agent_2_binary_exist: true zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version when: @@ -59,6 +71,8 @@ - zabbix_win_exe_info.results[1].item.stat.exists - zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path - zabbix_win_exe_info.results[1].win_file_version.product_version + tags: + - always - name: "Windows | Check Zabbix service" ansible.windows.win_service: @@ -66,25 +80,31 @@ register: zabbix_service_info when: item.item.stat.exists with_items: "{{ zabbix_win_exe_info.results }}" + tags: + - always - name: "Windows | Set facts about current zabbix agent service state" - set_fact: + ansible.builtin.set_fact: zabbix_agent_1_service_exist: true when: - zabbix_service_info.results[0].exists is defined - zabbix_service_info.results[0].exists - zabbix_service_info.results[0].display_name == zabbix_win_svc_name + tags: + - always - name: "Windows | Set facts about current zabbix agent service state (agent 2)" - set_fact: + ansible.builtin.set_fact: zabbix_agent_2_service_exist: true when: - zabbix_service_info.results[1].exists is defined - zabbix_service_info.results[1].exists - zabbix_service_info.results[1].display_name == zabbix2_win_svc_name + tags: + - always - name: "Windows | Set fact about version change requirement" - set_fact: + ansible.builtin.set_fact: zabbix_agent_version_change: true when: > (zabbix_agent_1_binary_exist | default(false) and @@ -94,6 +114,8 @@ zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>')) or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2) or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2) + tags: + - always ################## # delete section # @@ -131,10 +153,11 @@ - name: "Windows | Removing Zabbix Directory" ansible.windows.win_file: - path: '{{ zabbix_win_install_dir }}' + path: "{{ zabbix_win_install_dir }}" state: absent - when: ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or - ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false)) + when: + ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or + ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false)) ################### # install section # @@ -146,6 +169,8 @@ state: directory with_items: - "{{ zabbix_win_install_dir }}" + tags: + - install - name: "Windows | Create directory structure, includes" ansible.windows.win_file: @@ -155,25 +180,33 @@ - "{{ zabbix_agent_win_include }}" when: - ('.conf' not in zabbix_agent_win_include) + tags: + - install - name: "Windows | Set installation settings (agent 2)" - set_fact: + ansible.builtin.set_fact: zabbix_win_package: "{{ zabbix2_win_package }}" zabbix_win_download_link: "{{ zabbix2_win_download_link }}" zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}" zabbix_win_config_name: "{{ zabbix2_win_config_name }}" zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}" when: zabbix_agent2 | bool + tags: + - install - name: "Windows | Check if agent file is already downloaded" ansible.windows.win_stat: path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' register: file_info + tags: + - install - name: "Windows | Check if agent binaries in place" ansible.windows.win_stat: path: "{{ zabbix_win_exe_path }}" register: zabbix_windows_binaries + tags: + - install - name: "Windows | Download Zabbix Agent Zip file" ansible.windows.win_get_url: @@ -192,12 +225,16 @@ register: zabbix_agent_win_download_zip until: zabbix_agent_win_download_zip is succeeded throttle: "{{ zabbix_download_throttle | default(5) | int }}" + tags: + - install - name: "Windows | Unzip file" community.windows.win_unzip: src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}' dest: "{{ zabbix_win_install_dir }}" creates: "{{ zabbix_win_exe_path }}" + tags: + - install - name: "Windows | Cleanup downloaded Zabbix Agent Zip file" ansible.windows.win_file: @@ -205,6 +242,8 @@ state: absent when: - zabbix_agent_win_download_zip.changed + tags: + - install - name: "Windows | Copy binary files to expected location" ansible.windows.win_copy: @@ -217,6 +256,8 @@ when: - zabbix_win_install_dir_bin is defined - not (zabbix_agent2 | bool) + tags: + - install - name: "Windows | Copy binary files to expected location (zabbix-agent2)" ansible.windows.win_copy: @@ -228,39 +269,49 @@ when: - zabbix_win_install_dir_bin is defined - zabbix_agent2 | bool + tags: + - install - set_fact: zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe" when: - zabbix_win_install_dir_bin is defined - not (zabbix_agent2 | bool) + tags: + - install - set_fact: zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe" when: - zabbix_win_install_dir_bin is defined - zabbix_agent2 | bool + tags: + - install - name: "Create directory for PSK file if not exist." - win_file: + ansible.windows.win_file: path: "{{ zabbix_agent_tlspskfile | win_dirname }}" state: directory when: - zabbix_agent_tlspskfile is defined - zabbix_agent_tlspskfile - not (zabbix_agent2 | bool) + tags: + - config - name: "Create directory for PSK file if not exist (zabbix-agent2)" - win_file: + ansible.windows.win_file: path: "{{ zabbix_agent2_tlspskfile | win_dirname }}" state: directory when: - zabbix_agent2_tlspskfile is defined - zabbix_agent2_tlspskfile - zabbix_agent2 | bool + tags: + - config - name: "Place TLS PSK File" - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent_tlspskfile }}" content: "{{ zabbix_agent_tlspsk_secret }}" when: @@ -270,9 +321,11 @@ - not (zabbix_agent2 | bool) notify: - restart win zabbix agent + tags: + - config - name: "Place TLS PSK File (zabbix-agent2)" - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent2_tlspskfile }}" content: "{{ zabbix_agent2_tlspsk_secret }}" when: @@ -282,25 +335,18 @@ - zabbix_agent2 | bool notify: - restart win zabbix agent + tags: + - config - name: "Windows | Check if windows service exist" ansible.windows.win_service: name: "{{ zabbix_win_svc_name }}" register: zabbix_windows_service + tags: + - service - name: "Windows | Register Service" ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install' when: not zabbix_windows_service.exists - -- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery" - ansible.windows.win_service: - name: "{{ zabbix_win_svc_name }}" - start_mode: auto - failure_actions: - - type: restart - delay_ms: 5000 - - type: restart - delay_ms: 10000 - - type: restart - delay_ms: 20000 - failure_reset_period_sec: 86400 + tags: + - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml index f6c5c331e..72dee230f 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml @@ -1,17 +1,20 @@ --- - - name: "Set default ip address for zabbix_agent_ip" - set_fact: + ansible.builtin.set_fact: zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}" when: - zabbix_agent_ip is not defined - "'ansible_ip_addresses' in hostvars[inventory_hostname]" + tags: + - config - name: "Windows | Configure zabbix-agent" ansible.windows.win_template: src: "{{ zabbix_win_config_name }}.j2" dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}" notify: restart win zabbix agent + tags: + - config - name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery" ansible.windows.win_service: @@ -19,19 +22,23 @@ start_mode: auto state: started failure_actions: - - type: restart - delay_ms: 5000 - - type: restart - delay_ms: 10000 - - type: restart - delay_ms: 20000 + - type: restart + delay_ms: 5000 + - type: restart + delay_ms: 10000 + - type: restart + delay_ms: 20000 failure_reset_period_sec: 86400 + tags: + - config - name: "Windows | Check firewall service" ansible.windows.win_service_info: name: MpsSvc register: firewall_info when: zabbix_win_firewall_management + tags: + - config - name: "Windows | Firewall rule" community.windows.win_firewall_rule: @@ -45,3 +52,5 @@ when: - zabbix_win_firewall_management - firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto' + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml index 13f734edc..4de342645 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml @@ -3,14 +3,11 @@ community.zabbix.zabbix_group: host_group: "{{ zabbix_host_groups }}" state: "{{ zabbix_agent_hostgroups_state }}" - validate_certs: "{{ zabbix_api_validate_certs|default(omit) }}" - timeout: "{{ zabbix_api_timeout }}" when: - zabbix_api_create_hostgroup | bool register: zabbix_api_hostgroup_created until: zabbix_api_hostgroup_created is succeeded delegate_to: "{{ zabbix_api_server_host }}" - become: false tags: - api @@ -32,8 +29,6 @@ tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}" tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}" tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}" - validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}" - timeout: "{{ zabbix_api_timeout }}" description: "{{ zabbix_agent_description | default(omit) }}" inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" @@ -46,7 +41,6 @@ register: zabbix_api_host_created until: zabbix_api_host_created is succeeded delegate_to: "{{ zabbix_api_server_host }}" - become: false changed_when: false tags: - api @@ -69,8 +63,6 @@ tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}" tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}" tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}" - validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}" - timeout: "{{ zabbix_api_timeout }}" description: "{{ zabbix_agent_description | default(omit) }}" inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}" ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}" @@ -83,7 +75,6 @@ register: zabbix_api_host_created until: zabbix_api_host_created is succeeded delegate_to: "{{ zabbix_api_server_host }}" - become: false changed_when: false tags: - api @@ -94,8 +85,6 @@ macro_name: "{{ item.macro_key }}" macro_value: "{{ item.macro_value }}" macro_type: "{{ item.macro_type|default('text') }}" - validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}" - timeout: "{{ zabbix_api_timeout }}" with_items: "{{ zabbix_agent_macros | default([]) }}" when: - zabbix_agent_macros is defined @@ -103,6 +92,5 @@ register: zabbix_api_hostmarcro_created until: zabbix_api_hostmarcro_created is succeeded delegate_to: "{{ zabbix_api_server_host }}" - become: false tags: - api diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml deleted file mode 100644 index 24ba96cb0..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- - -- name: "Firewall | Configure IPTables (zabbix_agent_listenport)" - iptables: - action: "{{ zabbix_agent_firewall_action }}" - destination_port: "{{ zabbix_agent_listenport | string }}" - source: "{{ zabbix_agent_firewall_source | default(omit) }}" - protocol: tcp - chain: "{{ zabbix_agent_firewall_chain }}" - jump: ACCEPT - become: true - when: - - zabbix_agent_firewall_enable | bool - -- name: "Firewall | Configure IPTables (zabbix_agent_jmx_listenport)" - iptables: - action: "{{ zabbix_agent_firewall_action }}" - destination_port: "{{ zabbix_agent_listenport | string }}" - source: "{{ zabbix_agent_firewall_source | default(omit) }}" - protocol: tcp - chain: "{{ zabbix_agent_firewall_chain }}" - jump: ACCEPT - become: true - when: - - zabbix_agent_firewall_enable | bool - - zabbix_agent_jmx_listenport | bool - -- name: "Firewall | Configure firewalld (zabbix_agent_listenport)" - ansible.posix.firewalld: - rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_listenport }}" accept' - zone: "{{ zabbix_agent_firewalld_zone }}" - permanent: true - immediate: true - state: enabled - become: true - when: - - zabbix_agent_firewalld_enable | bool - notify: - - firewalld-reload - tags: zabbix_agent_firewalld_enable - -- name: "Firewall | Configure firewalld (zabbix_agent_jmx_listenport)" - ansible.posix.firewalld: - rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_jmx_listenport }}" accept' - zone: "{{ zabbix_agent_firewalld_zone }}" - permanent: true - immediate: true - state: enabled - become: true - when: - - zabbix_agent_firewalld_enable | bool - - zabbix_agent_jmx_listenport | bool - notify: - - firewalld-reload - tags: zabbix_agent_firewalld_enable diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml index 0904c39f1..7bcdd6fe3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml @@ -1,7 +1,7 @@ --- # Tasks specific for macOS - name: "macOS | Check installed package version" - shell: | + ansible.builtin.shell: | set -o pipefail pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2 register: pkgutil_version @@ -10,15 +10,13 @@ failed_when: pkgutil_version.rc == 2 - name: "macOS | Download the Zabbix package" - get_url: + ansible.builtin.get_url: url: "{{ zabbix_mac_download_link }}" dest: "/tmp/{{ zabbix_mac_package }}" mode: 0644 when: pkgutil_version.stdout != zabbix_version_long - name: "macOS | Install the Zabbix package" - command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target / + ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target / become: true when: pkgutil_version.stdout != zabbix_version_long - tags: - - zabbix-agent diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml index 5ce427ce4..f5f87d18f 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml @@ -1,90 +1,52 @@ --- # tasks file for zabbix_agent - -- name: "Set variables specific for Zabbix Agent 2" - set_fact: - zabbix_agent_service: zabbix-agent2 - zabbix_agent_package: zabbix-agent2 - when: - - zabbix_agent2 is defined - - zabbix_agent2 +- name: "Include OS-specific variables" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - always -- name: "Fix facts for linuxmint - distribution release" - set_fact: - zabbix_agent_distribution_release: xenial - when: - - ansible_os_family == "Linuxmint" - - ansible_distribution_release == "sonya" or ansible_distribution_release == "serena" +- name: Determine Latest Supported Zabbix Version + ansible.builtin.set_fact: + zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}" + when: zabbix_agent_version is not defined or zabbix_agent_version is none tags: - always -- name: "Fix facts for linuxmint - family" - set_fact: - zabbix_agent_os_family: Debian - when: - - ansible_os_family == "Linuxmint" +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}" tags: - always -- name: "Fix facts for XCP-ng - family" - set_fact: - zabbix_agent_os_family: RedHat - when: - - ansible_os_family == "XCP-ng" - -- name: "Include OS-specific variables" - include_vars: "{{ zabbix_agent_os_family }}.yml" +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version tags: - always -- name: Determine Latest Supported Zabbix Version - set_fact: - zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.0) }}" - when: zabbix_agent_version is not defined +- name: Setting Zabbix API Server Port + ansible.builtin.set_fact: + zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" + when: zabbix_api_server_port is undefined -- name: "Reset zabbix_agent_version for Ubuntu 22.04 to 6.0" - # README https://support.zabbix.com/browse/ZBXNEXT-7624 - set_fact: - zabbix_version: 6.0 - zabbix_agent_version: 6.0 - when: - - ansible_distribution_release is defined - - ansible_distribution_release == "jammy" - - ( zabbix_agent_version is version ('6.0','lt') or - zabbix_version is version ('6.0','lt') ) - -- name: "Install the correct repository" - include_tasks: "{{ zabbix_agent_os_family if (zabbix_agent_os_family not in ['Sangoma']) else 'RedHat' }}.yml" +- name: "Set variables specific for Zabbix Agent 2" + ansible.builtin.set_fact: + zabbix_agent_service: zabbix-agent2 + zabbix_agent_package: zabbix-agent2 when: - - not (zabbix_agent_docker | bool) + - zabbix_agent2 is defined + - zabbix_agent2 tags: - always -- name: "Set the 'ansible_python_interpreter' to the one we use for running this playbook." - set_fact: - ansible_python_interpreter: "{{ ansible_playbook_python }}" - delegate_to: localhost - delegate_facts: true - when: - - (zabbix_install_pip_packages | bool) or (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool) - -- name: "Install local python-netaddr package" - pip: - name: netaddr - state: present - register: zabbix_python_netaddr_package_installed - until: zabbix_python_netaddr_package_installed is succeeded - delegate_to: localhost - run_once: true - become: "{{ zabbix_agent_become_on_localhost }}" +- name: "Install the correct repository" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" when: - - zabbix_install_pip_packages | bool - - ansible_all_ipv4_addresses is defined or (zabbix_agent_ip is not defined and total_private_ip_addresses is defined) + - not (zabbix_agent_docker | bool) - name: "Encrypt with TLS PSK auto management" - include_tasks: tlspsk_auto.yml + ansible.builtin.include_tasks: tlspsk_auto.yml when: - not zabbix_agent2 - zabbix_agent_tlspsk_auto | bool @@ -92,7 +54,7 @@ - (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0') - name: "Encrypt with TLS PSK auto management" - include_tasks: tlspsk_auto_agent2.yml + ansible.builtin.include_tasks: tlspsk_auto_agent2.yml when: - zabbix_agent2 | bool - zabbix_agent2_tlspsk_auto | bool @@ -100,44 +62,33 @@ - (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0') - name: "Configure Agent" - include_tasks: Windows_conf.yml + ansible.builtin.include_tasks: Windows_conf.yml when: - - zabbix_agent_os_family == "Windows" - tags: - - always + - ansible_os_family == "Windows" - name: "Configure Agent" - include_tasks: Darwin.yml + ansible.builtin.include_tasks: Linux.yml when: - - zabbix_agent_os_family == "Darwin" - tags: - - always - -- name: "Configure Agent" - include_tasks: Linux.yml - when: - - (zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin") or (zabbix_agent_docker | bool) - tags: - - always + - (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool) - name: "Run the API calls to Zabbix Server" vars: gather_facts: false ansible_user: "{{ zabbix_api_login_user }}" + ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}" ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi # Can't think of a way to make http_login_* vars be undefined -( - http_login_user: "{{ zabbix_api_http_user | default(zabbix_http_user | default(-42)) }}" - http_login_password: "{{ zabbix_api_http_password | default(zabbix_http_password | default(-42)) }}" - include_tasks: api.yml + http_login_user: "{{ zabbix_api_http_user | default(-42) }}" + http_login_password: "{{ zabbix_api_http_password | default(-42) }}" + ansible.builtin.include_tasks: api.yml when: - (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool) tags: - api - name: "Including userparameters" - include_tasks: "userparameter.yml" + ansible.builtin.include_tasks: "userparameter.yml" when: zabbix_agent_userparameters|length > 0 tags: - - zabbix-agent - - userparameter + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml index 57968146c..181329a32 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml @@ -1,9 +1,9 @@ --- - name: Pull service facts - service_facts: + ansible.builtin.service_facts: -- name: "Remove | Make sure the \"old\" zabbix-agent service stopped" - service: +- name: 'Remove | Make sure the "old" zabbix-agent service stopped' + ansible.builtin.service: name: "zabbix-agent" state: stopped enabled: false @@ -13,13 +13,13 @@ ansible_facts.services["zabbix-agent"] is defined - name: "Remove | Package removal" - package: + ansible.builtin.package: name: "zabbix-agent" state: absent become: true - name: "Remove | Remove the agent-include-dir" - file: + ansible.builtin.file: path: "{{ zabbix_agent_include }}" state: absent become: true diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml index b7ec69e7b..2b11d1a47 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml @@ -1,7 +1,6 @@ --- - - name: "SELinux | Debian | Install policycoreutils-python" - apt: + ansible.builtin.apt: pkg: policycoreutils-python-utils state: present update_cache: true @@ -15,10 +14,12 @@ until: zabbix_agent_package_installed is succeeded become: true when: - - zabbix_agent_os_family == "Debian" + - ansible_os_family == "Debian" + tags: + - install - name: "SELinux | RedHat | Install policycoreutils-python" - package: + ansible.builtin.package: name: policycoreutils-python state: installed environment: @@ -27,15 +28,14 @@ register: zabbix_agent_policycoreutils_installed until: zabbix_agent_policycoreutils_installed is succeeded when: - - zabbix_agent_os_family == "RedHat" + - ansible_os_family == "RedHat" - (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7") become: true tags: - - init - - zabbix-agent + - install - name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8" - package: + ansible.builtin.package: name: python3-policycoreutils state: installed environment: @@ -44,59 +44,67 @@ register: zabbix_agent_policycoreutils_installed until: zabbix_agent_policycoreutils_installed is succeeded when: - - zabbix_agent_os_family == "RedHat" + - ansible_os_family == "RedHat" - ansible_distribution_major_version == "8" become: true tags: - - init - - zabbix-agent + - install - name: "SELinux | RedHat | Install selinux-policy-targeted" - package: + ansible.builtin.package: name: selinux-policy-targeted state: installed register: zabbix_agent_selinuxpolicytargeted_installed until: zabbix_agent_selinuxpolicytargeted_installed is succeeded when: - - zabbix_agent_os_family == "RedHat" + - ansible_os_family == "RedHat" become: true tags: - - init - - zabbix-agent + - install # straight to getenforce binary , workaround for missing python_selinux library - name: "SELinux | Get getenforce binary" - stat: + ansible.builtin.stat: path: /usr/sbin/getenforce register: getenforce_bin become: true + tags: + - always - name: "SELinux | Collect getenforce output" - command: /usr/sbin/getenforce + ansible.builtin.command: /usr/sbin/getenforce register: sestatus - when: 'getenforce_bin.stat.exists' + when: "getenforce_bin.stat.exists" changed_when: false become: true check_mode: false + tags: + - always - name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" - set_fact: + ansible.builtin.set_fact: zabbix_selinux: "{{ true }}" when: - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' + tags: + - always - name: "SELinux | Allow zabbix_agent to start (SELinux)" community.general.selinux_permissive: name: zabbix_agent_t permissive: true become: true + tags: + - config - name: "SELinux | Allow zabbix to run sudo commands (SELinux)" ansible.posix.seboolean: name: zabbix_run_sudo persistent: true state: true + become: true when: - ansible_selinux.status == "enabled" - selinux_allow_zabbix_run_sudo|bool - tags: selinux + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml index aaa733872..ad7d49aa3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml @@ -1,12 +1,14 @@ --- -- include_tasks: tlspsk_auto_linux.yml - when: (zabbix_agent_os_family != "Windows") or (zabbix_agent_docker | bool) +- ansible.builtin.include_tasks: tlspsk_auto_linux.yml + when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) -- include_tasks: tlspsk_auto_windows.yml - when: zabbix_agent_os_family == "Windows" +- ansible.builtin.include_tasks: tlspsk_auto_windows.yml + when: ansible_os_family == "Windows" - name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlsaccept: psk zabbix_agent_tlsconnect: psk when: zabbix_api_create_hosts + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml index 77eafc878..6e5f8dc4d 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml @@ -1,12 +1,14 @@ --- - include_tasks: tlspsk_auto_agent2_linux.yml - when: (zabbix_agent_os_family != "Windows") or (zabbix_agent_docker | bool) + when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool) - include_tasks: tlspsk_auto_agent2_windows.yml - when: zabbix_agent_os_family == "Windows" + when: ansible_os_family == "Windows" - name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlsaccept: psk zabbix_agent2_tlsconnect: psk when: zabbix_api_create_hosts + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml index 4a7b897ae..3f6e0d2cd 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml @@ -1,38 +1,45 @@ --- -# Process PSK Secret +# Process PSK Secret - name: AutoPSK | Save existing TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}" when: zabbix_agent2_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Use existing TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}" - when: - - zabbix_agent2_tlspskcheck.stat.exists + when: + - zabbix_agent2_tlspskcheck.stat.exists - zabbix_agent2_tlspsk_read|length >= 32 no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Generate new TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" when: - not zabbix_agent2_tlspskcheck.stat.exists - (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32) no_log: "{{ ansible_verbosity < 3 }}" - + tags: + - config # Process PSK Identity - name: AutoPSK | Use existing TLS PSK identity - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}" - when: + when: - zabbix_agent2_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Generate new TLS PSK identity - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspskidentity: >- {{ zabbix_agent_visible_hostname @@ -42,3 +49,5 @@ }} when: not zabbix_agent2_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml index 721f1cb86..aaff36128 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml @@ -1,42 +1,52 @@ --- - name: AutoPSK | Set default path variables (Linux) - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" + tags: + - config - name: AutoPSK | Check for existing TLS PSK file (Linux) - stat: + ansible.builtin.stat: path: "{{ zabbix_agent2_tlspskfile }}" register: zabbix_agent2_tlspskcheck become: true + tags: + - config - name: AutoPSK | Check for existing TLS PSK identity (Linux) - stat: + ansible.builtin.stat: path: "{{ zabbix_agent2_tlspskidentity_file }}" register: zabbix_agent2_tlspskidentity_check become: true + tags: + - config - name: AutoPSK | read existing TLS PSK file (Linux) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent2_tlspskfile }}" register: zabbix_agent2_tlspsk_base64 become: true - when: + when: - zabbix_agent2_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Read existing TLS PSK identity file (Linux) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent2_tlspskidentity_file }}" register: zabbix_agent2_tlspskidentity_base64 become: true when: zabbix_agent2_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - include_tasks: tlspsk_auto_agent2_common.yml - name: AutoPSK | Template TLS PSK identity in file (Linux) - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent2_tlspskidentity_file }}" content: "{{ zabbix_agent2_tlspskidentity }}" owner: zabbix @@ -49,9 +59,11 @@ notify: - restart zabbix-agent - restart mac zabbix agent - + tags: + - config + - name: AutoPSK | Template TLS PSK secret in file (Linux) - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent2_tlspskfile }}" content: "{{ zabbix_agent2_tlspsk_secret }}" owner: zabbix @@ -64,3 +76,5 @@ notify: - restart zabbix-agent - restart mac zabbix agent + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml index 770d60776..3e1529e6b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml @@ -1,38 +1,48 @@ --- - name: AutoPSK | Set default path variables for Windows - set_fact: + ansible.builtin.set_fact: zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" + tags: + - config - name: AutoPSK | Check for existing TLS PSK file (Windows) ansible.windows.win_stat: path: "{{ zabbix_agent2_tlspskfile }}" register: zabbix_agent2_tlspskcheck + tags: + - config - name: AutoPSK | Check for existing TLS PSK identity (Windows) ansible.windows.win_stat: path: "{{ zabbix_agent2_tlspskidentity_file }}" register: zabbix_agent2_tlspskidentity_check + tags: + - config - name: AutoPSK | read existing TLS PSK file (Windows) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent2_tlspskfile }}" register: zabbix_agent2_tlspsk_base64 - when: + when: - zabbix_agent2_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Read existing TLS PSK identity file (Windows) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent2_tlspskidentity_file }}" register: zabbix_agent2_tlspskidentity_base64 when: zabbix_agent2_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config -- include_tasks: tlspsk_auto_agent2_common.yml +- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml - name: Windows | AutoPSK | Template TLS PSK identity in file (Windows) - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent2_tlspskidentity_file }}" content: "{{ zabbix_agent2_tlspskidentity }}" when: @@ -40,9 +50,11 @@ - zabbix_agent2_tlspskidentity is defined notify: - restart win zabbix agent - + tags: + - config + - name: AutoPSK | Template TLS PSK secret in file (Windows) - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent2_tlspskfile }}" content: "{{ zabbix_agent2_tlspsk_secret }}" when: @@ -50,3 +62,5 @@ - zabbix_agent2_tlspsk_secret is defined notify: - restart win zabbix agent + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml index 4b02fafb6..05ef24d0e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml @@ -1,37 +1,44 @@ --- # Process PSK Secret - name: AutoPSK | Save existing TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}" when: zabbix_agent_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Use existing TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}" when: - zabbix_agent_tlspskcheck.stat.exists - zabbix_agent_tlspsk_read|length >= 32 no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Generate new TLS PSK secret - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}" when: - (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32) no_log: "{{ ansible_verbosity < 3 }}" - + tags: + - config # Process PSK Identity - name: AutoPSK | Use existing TLS PSK identity - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}" when: - zabbix_agent_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Generate new TLS PSK identity - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspskidentity: >- {{ zabbix_agent_visible_hostname @@ -41,3 +48,5 @@ }} when: not zabbix_agent_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml index 1dbea4082..8cc711fcb 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml @@ -1,42 +1,52 @@ --- - name: AutoPSK | Set default path variables (Linux) - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret" zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" + tags: + - config - name: AutoPSK | Check for existing TLS PSK file (Linux) - stat: + ansible.builtin.stat: path: "{{ zabbix_agent_tlspskfile }}" register: zabbix_agent_tlspskcheck become: true + tags: + - config - name: AutoPSK | Check for existing TLS PSK identity (Linux) - stat: + ansible.builtin.stat: path: "{{ zabbix_agent_tlspskidentity_file }}" register: zabbix_agent_tlspskidentity_check become: true + tags: + - config - name: AutoPSK | read existing TLS PSK file (Linux) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent_tlspskfile }}" register: zabbix_agent_tlspsk_base64 become: true - when: + when: - zabbix_agent_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Read existing TLS PSK identity file (Linux) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent_tlspskidentity_file }}" register: zabbix_agent_tlspskidentity_base64 become: true when: zabbix_agent_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - include_tasks: tlspsk_auto_common.yml - name: AutoPSK | Template TLS PSK identity in file (Linux) - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent_tlspskidentity_file }}" content: "{{ zabbix_agent_tlspskidentity }}" owner: zabbix @@ -49,9 +59,11 @@ notify: - restart zabbix-agent - restart mac zabbix agent - + tags: + - config + - name: AutoPSK | Template TLS PSK secret in file (Linux) - copy: + ansible.builtin.copy: dest: "{{ zabbix_agent_tlspskfile }}" content: "{{ zabbix_agent_tlspsk_secret }}" owner: zabbix @@ -64,3 +76,5 @@ notify: - restart zabbix-agent - restart mac zabbix agent + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml index 146cfd457..b9289ac49 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml @@ -1,38 +1,48 @@ --- - name: AutoPSK | Set default path variables for Windows - set_fact: + ansible.builtin.set_fact: zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt" zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt" + tags: + - config - name: AutoPSK | Check for existing TLS PSK file (Windows) ansible.windows.win_stat: path: "{{ zabbix_agent_tlspskfile }}" register: zabbix_agent_tlspskcheck + tags: + - config - name: AutoPSK | Check for existing TLS PSK identity (Windows) ansible.windows.win_stat: path: "{{ zabbix_agent_tlspskidentity_file }}" register: zabbix_agent_tlspskidentity_check + tags: + - config - name: AutoPSK | read existing TLS PSK file (Windows) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent_tlspskfile }}" register: zabbix_agent_tlspsk_base64 - when: + when: - zabbix_agent_tlspskcheck.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - name: AutoPSK | Read existing TLS PSK identity file (Windows) - slurp: + ansible.builtin.slurp: src: "{{ zabbix_agent_tlspskidentity_file }}" register: zabbix_agent_tlspskidentity_base64 when: zabbix_agent_tlspskidentity_check.stat.exists no_log: "{{ ansible_verbosity < 3 }}" + tags: + - config - include_tasks: tlspsk_auto_common.yml - name: AutoPSK | Template TLS PSK identity in file (Windows) - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent_tlspskidentity_file }}" content: "{{ zabbix_agent_tlspskidentity }}" when: @@ -40,14 +50,18 @@ - zabbix_agent_tlspskidentity is defined notify: - restart win zabbix agent - + tags: + - config + - name: AutoPSK | Template TLS PSK secret in file (Windows) - win_copy: + ansible.windows.win_copy: dest: "{{ zabbix_agent_tlspskfile }}" content: "{{ zabbix_agent_tlspsk_secret }}" when: - zabbix_agent_tlspskfile is defined - zabbix_agent_tlspsk_secret is defined - - zabbix_agent_os_family == "Windows" + - ansible_os_family == "Windows" notify: - restart win zabbix agent + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml index 9a86b536a..a80be1736 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml @@ -1,85 +1,87 @@ --- - block: - - name: "Windows | Installing user-defined userparameters" - ansible.windows.win_template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf' - notify: - - restart win zabbix agent - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Windows | Installing user-defined scripts" - ansible.windows.win_copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: '{{ zabbix_win_install_dir }}\scripts\' - notify: - - restart win zabbix agent - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined - - when: zabbix_agent_os_family == "Windows" + - name: "Windows | Installing user-defined userparameters" + ansible.windows.win_template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + - name: "Windows | Installing user-defined scripts" + ansible.windows.win_copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: '{{ zabbix_win_install_dir }}\scripts\' + notify: + - restart win zabbix agent + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined + when: ansible_os_family == "Windows" + tags: + - config - block: - - name: "Installing user-defined userparameters" - template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf" - owner: zabbix - group: zabbix - mode: 0644 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Installing user-defined scripts" - copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: "/etc/zabbix/scripts/" - owner: zabbix - group: zabbix - mode: 0755 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined + - name: "Installing user-defined userparameters" + ansible.builtin.template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf" + owner: zabbix + group: zabbix + mode: 0644 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + - name: "Installing user-defined scripts" + ansible.builtin.copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: "/etc/zabbix/scripts/" + owner: zabbix + group: zabbix + mode: 0755 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined when: - - zabbix_agent_os_family != "Windows" + - ansible_os_family != "Windows" - not zabbix_agent2 + tags: + - config - block: - - name: "Installing user-defined userparameters" - template: - src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" - dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf" - owner: zabbix - group: zabbix - mode: 0644 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - - - name: "Installing user-defined scripts" - copy: - src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" - dest: "/etc/zabbix/scripts/" - owner: zabbix - group: zabbix - mode: 0755 - notify: - - restart zabbix-agent - - restart mac zabbix agent - become: true - with_items: "{{ zabbix_agent_userparameters }}" - when: item.scripts_dir is defined + - name: "Installing user-defined userparameters" + ansible.builtin.template: + src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2" + dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf" + owner: zabbix + group: zabbix + mode: 0644 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + - name: "Installing user-defined scripts" + ansible.builtin.copy: + src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}" + dest: "/etc/zabbix/scripts/" + owner: zabbix + group: zabbix + mode: 0755 + notify: + - restart zabbix-agent + - restart mac zabbix agent + become: true + with_items: "{{ zabbix_agent_userparameters }}" + when: item.scripts_dir is defined when: - - zabbix_agent_os_family != "Windows" + - ansible_os_family != "Windows" - zabbix_agent2 + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2 index 39829abc3..ea60d032e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2 @@ -4,13 +4,13 @@ # This configuration file is "minimalized", which means all the original comments # are removed. The full documentation for your Zabbix Agent 2 can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if zabbix_agent_os_family == "Windows" else "" }} +# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }} -{% if zabbix_agent_os_family != "Windows" %} +{% if ansible_os_family != "Windows" %} PidFile={{ zabbix_agent2_pidfile }} {% endif %} LogType={{ zabbix_agent2_logtype }} -{% if zabbix_agent_os_family == "Windows" %} +{% if ansible_os_family == "Windows" %} LogFile={{ zabbix_agent2_win_logfile }} {% else %} LogFile={{ zabbix_agent2_logfile }} @@ -79,13 +79,18 @@ Alias={{ item }} {% endif %} {% endif %} Timeout={{ zabbix_agent2_timeout }} -{% if zabbix_agent_os_family == "Windows" %} +{% if ansible_os_family == "Windows" %} Include={{ zabbix_agent_win_include }} {% else %} Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }} {% endif %} +{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %} +{% for include in zabbix_agent2_additional_include %} +Include={{ include }} +{% endfor %} +{% endif %} UnsafeUserParameters={{ zabbix_agent2_unsafeuserparameters }} -{% if zabbix_agent_os_family != "Windows" %} +{% if ansible_os_family != "Windows" %} ControlSocket={{ zabbix_agent2_controlsocket }} {% endif %} {% if zabbix_agent2_tlsconnect is defined and zabbix_agent2_tlsconnect %} @@ -128,7 +133,7 @@ Plugins.{{ my_name }}.{{ param }}={{ value }} {% endfor %} {% endfor %} {% endif %} -{% if zabbix_version is version('6.0', '>=') %} +{% if zabbix_agent_version is version('6.0', '>=') %} {% if zabbix_agent2_listenbacklog is defined and zabbix_agent2_listenbacklog %} ListenBacklog={{ zabbix_agent2_listenbacklog }} {% endif %} diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2 index 5e5d31d9b..24af45bc3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2 @@ -4,15 +4,15 @@ # This configuration file is "minimalized", which means all the original comments # are removed. The full documentation for your Zabbix Agent can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if zabbix_agent_os_family == "Windows" else "" }} +# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }} -{% if zabbix_agent_os_family != "Windows" %} +{% if ansible_os_family != "Windows" %} PidFile={{ zabbix_agent_pidfile }} {% endif %} {% if zabbix_agent_version is version('3.0', '>=') %} LogType={{ zabbix_agent_logtype }} {% endif %} -{% if zabbix_agent_os_family == "Windows" %} +{% if ansible_os_family == "Windows" %} LogFile={{ zabbix_agent_win_logfile }} {% else %} LogFile={{ zabbix_agent_logfile }} @@ -66,7 +66,7 @@ RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }} BufferSend={{ zabbix_agent_buffersend }} BufferSize={{ zabbix_agent_buffersize }} MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }} -{% if zabbix_version is version_compare('6.2', '>=') %} +{% if zabbix_agent_version is version_compare('6.2', '>=') %} HeartbeatFrequency={{ zabbix_agent_heartbeatfrequency }} {% endif %} {% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %} @@ -79,20 +79,25 @@ Alias={{ item }} {% endif %} {% endif %} Timeout={{ zabbix_agent_timeout }} -{% if zabbix_agent_os_family != "Windows" %} +{% if ansible_os_family != "Windows" %} AllowRoot={{ zabbix_agent_allowroot }} {% endif %} {% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %} User={{ zabbix_agent_runas_user }} {% endif %} -{% if zabbix_agent_os_family == "Windows" %} +{% if ansible_os_family == "Windows" %} Include={{ zabbix_agent_win_include }} {% else %} Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }} {% endif %} +{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %} +{% for include in zabbix_agent_additional_include %} +Include={{ include }} +{% endfor %} +{% endif %} UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }} -{% if zabbix_version is version_compare('2.2', '>=') %} -{% if zabbix_agent_os_family != "Windows" %} +{% if zabbix_agent_version is version_compare('2.2', '>=') %} +{% if ansible_os_family != "Windows" %} LoadModulePath={{ zabbix_agent_loadmodulepath }} {% endif %} {% endif %} @@ -105,7 +110,7 @@ LoadModule={{ module }} {% endfor %} {% endif %} {% endif %} -{% if zabbix_version is version_compare('3.0', '>=') %} +{% if zabbix_agent_version is version_compare('3.0', '>=') %} {% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %} TLSConnect={{ zabbix_agent_tlsconnect }} {% endif %} @@ -137,7 +142,7 @@ TLSPSKIdentity={{ zabbix_agent_tlspskidentity }} TLSPSKFile={{ zabbix_agent_tlspskfile }} {% endif %} {% endif %} -{% if zabbix_version is version('6.0', '>=') %} +{% if zabbix_agent_version is version('6.0', '>=') %} {% if zabbix_agent_listenbacklog is defined and zabbix_agent_listenbacklog %} ListenBacklog={{ zabbix_agent_listenbacklog }} {% endif %} diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml deleted file mode 100644 index 164b02460..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# vars file for zabbix_agent (Debian) - -zabbix_agent: zabbix-agent -zabbix_agent_service: com.zabbix.zabbix_agentd -zabbix_agent_conf: zabbix_agentd.conf diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml index 3100ca957..4a65dfbeb 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml @@ -8,31 +8,41 @@ zabbix_agent2_conf: zabbix_agent2.conf zabbix_valid_agent_versions: # Debian + "12": + - 6.4 + - 6.2 + - 6.0 + "11": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + "10": + - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + "9": + - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 # Ubuntu "22": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + "20": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + "18": + - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}" diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml index b9f2378dd..50f0b01ec 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml @@ -9,16 +9,13 @@ zabbix_agent2_conf: zabbix_agent2.conf zabbix_valid_agent_versions: "9": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "8": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "7": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml deleted file mode 100644 index 5bcc846ab..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# vars file for zabbix_agent (Sangola) - -zabbix_agent: zabbix-agent -zabbix_agent_service: zabbix-agent -zabbix_agent_conf: zabbix_agentd.conf -zabbix_agent2_conf: zabbix_agent2.conf diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml deleted file mode 100644 index abecd9c23..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# vars file for zabbix_agent (Suse) - -zabbix_agent: zabbix-agentd -zabbix_agent_service: zabbix_agentd -zabbix_agent_conf: zabbix_agentd.conf -zabbix_agent2_conf: zabbix-agent2.conf diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml index 8add26238..4dd64ba02 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml @@ -1,2 +1,7 @@ --- # vars file for zabbix_agent (Windows) +zabbix_valid_agent_versions: + "10": + - 6.4 + - 6.2 + - 6.0 diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml deleted file mode 100644 index c78d3a76e..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml +++ /dev/null @@ -1,285 +0,0 @@ ---- -sign_keys: - "64": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "62": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "60": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - jammy: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - "54": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - jammy: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "52": - # bullseye: not available upstream - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - jammy: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "50": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - jammy: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "44": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "42": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "40": - bullseye: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "34": - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "32": - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - sonya: - sign_key: 79EA5ED4 - serena: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "30": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "24": - jessie: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - "22": - squeeze: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - lucid: - sign_key: 79EA5ED4 - -suse: - "openSUSE Leap": - "42": - name: server:monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ - python_libxml2_package: python-libxml2 - "openSUSE": - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} - python_libxml2_package: python-libxml2 - "SLES": - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ - python_libxml2_package: python-libxml2 - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP5/ - python_libxml2_package: python-libxml2 - "15": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_15_SP3/ - python_libxml2_package: python3-libxml2-python - "SLES_SAP": # SAP specific version of SLES - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ - python_libxml2_package: python-libxml2 - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP5/ - python_libxml2_package: python-libxml2 - "15": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_15_SP3/ - python_libxml2_package: python3-libxml2-python diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md index 70427d97c..1761c7f8b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md @@ -29,29 +29,22 @@ This role will work on the following operating systems: * Ubuntu So, you'll need one of those operating systems.. :-) -Please send Pull Requests or suggestions when you want to use this role for other Operating systems. ## Zabbix Versions See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.2 | 5.0 | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----------|-----|-----|-----|-----------|-----------| -| Red Hat Fam 8 | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | | | V | V | V | V | V | -| Red Hat Fam 6 | | | | V | V | | | V | -| Red Hat Fam 5 | | | | V | V | | | V | -| Fedora | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | | | -| Debian 9 stretch | | | | V | V | V | V | | -| Debian 8 jessie | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | V | V | -| macOS 10.15 | | | | | | V | V | | -| macOS 10.14 | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | # Role Variables @@ -61,17 +54,14 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_javagateway_version`: This is the version of zabbix. Default: 5.2. Can be overridden to 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo +The `zabbix_javagateway_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_javagateway_version: 6.0`. * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_javagateway_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_javagateway_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. * `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### Java Gatewaty @@ -106,6 +96,17 @@ or when using the zabbix-proxy: zabbix_proxy_javagateway: 192.168.1.2 ``` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml index a34046616..4356f61a4 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml @@ -1,17 +1,14 @@ --- # defaults file for zabbix_javagateway -zabbix_javagateway_version: 6.4 -zabbix_version: "{{ zabbix_javagateway_version }}" +#zabbix_javagateway_version:6.4 zabbix_javagateway_package_state: present -zabbix_selinux: false -zabbix_repo: zabbix zabbix_repo_yum_schema: https zabbix_java_gateway_conf_mode: "0644" zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_disabled: "*" -zabbix_repo_yum_enabled: [] +zabbix_javagateway_disable_repo: + - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch @@ -28,6 +25,8 @@ zabbix_repo_yum: gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present +zabbix_repo_deb_component: main + zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid zabbix_javagateway_listenip: 0.0.0.0 zabbix_javagateway_listenport: 10052 diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml index c7034aa7d..9b6ed50c1 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml @@ -2,14 +2,14 @@ # handlers file for zabbix-javagateway - name: zabbix-java-gateway restarted - service: + ansible.builtin.service: name: zabbix-java-gateway state: restarted enabled: true become: true - name: "clean repo files from proxy creds" - shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true become: true when: - ansible_os_family == 'RedHat' diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml index d025e6ca8..4c4cff06d 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml @@ -1,80 +1,80 @@ --- - -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml - -- name: "Set some variables" - set_fact: +- name: "Debian | Set some variables" + ansible.builtin.set_fact: zabbix_short_version: "{{ zabbix_javagateway_version | regex_replace('\\.', '') }}" + tags: + - always -- name: "Debian | Install gpg key" - apt_key: - id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}" - url: http://repo.zabbix.com/zabbix-official-repo.key - become: true - -- name: "Debian | Installing repository Debian" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/debian/ {{ ansible_distribution_release }} main" +- name: "Debian | Installing lsb-release" + ansible.builtin.apt: + pkg: lsb-release + update_cache: true + cache_valid_time: 3600 + force: true state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" become: true - when: - - ansible_distribution == "Debian" - - zabbix_repo == "zabbix" + tags: + - install -- name: "Debian | Installing repository Debian" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/debian/ {{ ansible_distribution_release }} main" - state: present - become: true - when: - - ansible_distribution == "Debian" - - ansible_machine == "aarch64" - - zabbix_repo == "zabbix" +- name: "Debian | Update ansible_lsb fact" + ansible.builtin.setup: + gather_subset: + - lsb -- name: "Debian | Installing repository Ubuntu" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu-arm64/ {{ ansible_distribution_release }} main" - state: present - become: true +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}" when: - - ansible_distribution == "Ubuntu" - - ansible_machine == "aarch64" - - zabbix_repo == "zabbix" - + - zabbix_repo_deb_url is undefined + tags: + - always -- name: "Debian | Installing repository Ubuntu" - apt_repository: - repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu/ {{ ansible_distribution_release }} main" - state: present +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" become: true when: - - ansible_distribution == "Ubuntu" - - ansible_machine != "aarch64" - - zabbix_repo == "zabbix" + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") -- name: "Debian | Installing repository Ubuntu" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu-arm64/ {{ ansible_distribution_release }} main" - state: present +- name: "Debian | Download gpg key" + ansible.builtin.get_url: + url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true become: true - when: - - ansible_distribution == "Ubuntu" - - ansible_machine == "aarch64" - - zabbix_repo == "zabbix" - + tags: + - install -- name: "Debian | Installing repository Ubuntu" - apt_repository: - repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu/ {{ ansible_distribution_release }} main" - state: present +- name: "Debian | Installing repository {{ ansible_distribution }}" + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} become: true - when: - - ansible_distribution == "Ubuntu" - - zabbix_repo == "zabbix" + tags: + - install - name: "Debian | Installing zabbix-java-gateway" - apt: + ansible.builtin.apt: pkg: zabbix-java-gateway state: "{{ zabbix_javagateway_package_state }}" update_cache: true @@ -86,12 +86,17 @@ register: zabbix_java_gateway_install until: zabbix_java_gateway_install is succeeded become: true + tags: + - install -- name: "Make sure Zabbix Java Gateway is not yet running" - systemd: +- name: "Debian | Make sure Zabbix Java Gateway is not yet running" + ansible.builtin.systemd: name: zabbix-java-gateway state: stopped enabled: true daemon_reload: true + become: true when: - zabbix_java_gateway_install.changed + tags: + - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml index 877628381..96d9d3928 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml @@ -2,33 +2,34 @@ # Tasks specific for RedHat systems - name: "RedHat | Install basic repo file" - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" + priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true - when: - zabbix_repo == "zabbix" notify: - "clean repo files from proxy creds" + tags: + - install - name: "RedHat | Installing zabbix-java-gateway" - package: + ansible.builtin.package: pkg: zabbix-java-gateway state: "{{ zabbix_javagateway_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_java_gateway_install until: zabbix_java_gateway_install is succeeded become: true + tags: + - install diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml index b95322426..6b56d43d3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml @@ -1,46 +1,53 @@ --- -# tasks file for zabbix_proxy +# tasks file for zabbix_javagateway -- name: "Install the correct repository" - include_tasks: "RedHat.yml" - when: - - ansible_os_family == "RedHat" +- name: Include OS-specific variables + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always -- name: "Install the correct repository" - include_tasks: "Debian.yml" - when: - - ansible_os_family == "Debian" +- name: Determine Latest Supported Zabbix Version + ansible.builtin.set_fact: + zabbix_javagateway_version: "{{ zabbix_valid_javagateway_versions[ansible_distribution_major_version][0] | default(6.4) }}" + when: zabbix_javagateway_version is not defined + tags: + - always -- name: "Place systemd unit file" - copy: - src: systemd.service - dest: /etc/systemd/system/zabbix-java-gateway.service - mode: '0644' - register: systemd_state - when: - - zabbix_version is version('5.4', '<') +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_valid_version: "{{ zabbix_javagateway_version|float in zabbix_valid_javagateway_versions[ansible_distribution_major_version] }}" + tags: + - always -- name: "Reload systemd" - shell: systemctl daemon-reload - when: - - zabbix_version is version('5.4', '<') - - systemd_state.changed +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_javagateway_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version tags: - - skip_ansible_lint + - always + +- name: "Install the correct repository" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - name: "Configure zabbix-proxy" - template: + ansible.builtin.template: src: zabbix_java_gateway.conf.j2 dest: /etc/zabbix/zabbix_java_gateway.conf owner: zabbix group: zabbix mode: "{{ zabbix_java_gateway_conf_mode }}" + become: true notify: - zabbix-java-gateway restarted + tags: + - config - name: "Make sure Zabbix Java Gateway is running" - systemd: + ansible.builtin.systemd: name: zabbix-java-gateway state: started enabled: true daemon_reload: true + become: true + tags: + - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2 index 9b197600d..7c697cd3b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2 @@ -4,7 +4,7 @@ # This configuration file is "minimalized", which means all the original comments # are removed. The full documentation for your Zabbix Java Gateway can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/concepts/java +# https://www.zabbix.com/documentation/{{ zabbix_javagateway_version }}/en/manual/concepts/java LISTEN_IP={{ zabbix_javagateway_listenip }} LISTEN_PORT={{ zabbix_javagateway_listenport }} diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml index 1eecc3170..2253f5b7b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml @@ -1,6 +1,30 @@ ---- -apache_user: www-data -apache_group: www-data -apache_log: apache2 +zabbix_valid_javagateway_versions: + # Debian + "12": + - 6.4 + - 6.0 + "11": + - 6.4 + - 6.2 + - 6.0 + "10": + - 6.4 + - 6.2 + - 6.0 + # Ubuntu + "22": + - 6.4 + - 6.2 + - 6.0 + "20": + - 6.4 + - 6.2 + - 6.0 + "18": + - 6.4 + - 6.2 + - 6.0 -mysql_create_dir: '' +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}" diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml index 8c1997706..62af028ff 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml @@ -1,6 +1,14 @@ --- -apache_user: apache -apache_group: apache -apache_log: httpd - -mysql_create_dir: create/ +zabbix_valid_javagateway_versions: + "9": + - 6.4 + - 6.2 + - 6.0 + "8": + - 6.4 + - 6.2 + - 6.0 + "7": + - 6.4 + - 6.2 + - 6.0 diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml deleted file mode 100644 index bd960deba..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml +++ /dev/null @@ -1,258 +0,0 @@ ---- -sign_keys: - "64": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - jammy: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - "62": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - jammy: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - "60": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - jammy: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - "54": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "52": - # bullseye: not available upstream - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "50": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "44": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "42": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "40": - bullseye: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "34": - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "32": - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - sonya: - sign_key: 79EA5ED4 - serena: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "30": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "24": - jessie: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - "22": - squeeze: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - lucid: - sign_key: 79EA5ED4 - -suse: - "openSUSE Leap": - "42": - name: server:monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ - "openSUSE": - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} - "SLES": - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/ diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md index 6682f6c18..baec42155 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md @@ -77,24 +77,17 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | V | | V | V | V | V | V | | | -| Debian 9 stretch | V | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | # Role Variables @@ -102,104 +95,49 @@ See the following list of supported Operating systems with the Zabbix releases. The following is an overview of all available configuration default for this role. -### Overall Zabbix - -* `zabbix_proxy_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. -* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. - -### SElinux - -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. - ### Zabbix Proxy +* `zabbix_proxy_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_proxy_version: 6.0`. +* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) * `zabbix_proxy_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. * `zabbix_proxy_server`: The ip or dns name for the zabbix-server machine. -* `zabbix_proxy_serverport`: The port on which the zabbix-server is running. Default: 10051 -* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages * `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client. -* `zabbix_proxy_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. * `zabbix_proxy_manage_service`: Default: `True`. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service. -* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. -* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started.This parameter is supported since Zabbix 4.2.0. -* `zabbix_proxy_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_logtype`: Specifies where log messages are written to: system, file, console. -* `zabbix_proxy_logfile`: Name of log file. -* `zabbix_proxy_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used. * `zabbix_proxy_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_proxy_include`. * `zabbix_proxy_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. -* `zabbix_proxy_statsallowedip`: Default: `127.0.0.1`. Allowed IP foe remote gathering of the ZabbixPorixy internal metrics. -* `zabbix_proxy_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission -* `zabbix_proxy_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. -* `zabbix_proxy_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -* `zabbix_proxy_listenbacklog`: The maximum number of pending connections in the queue. ### Database specific * `zabbix_proxy_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database. * `zabbix_proxy_database`: Default: `mysql`. The type of database used. Can be: `mysql`, `pgsql` or `sqlite3` -* `zabbix_proxy_database_long`: Default: `mysql`. The type of database used, but long name. Can be: `mysql`, `postgresql` or `sqlite3` -* `zabbix_proxy_dbhost`: The hostname on which the database is running. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbhost`: Default: localhost. The hostname on which the database is running. Will be ignored when `sqlite3` is used as database. * `zabbix_proxy_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections) Will be ignored when `sqlite3` is used as database. -* `zabbix_proxy_dbname`: The database name which is used by the Zabbix Proxy. -* `zabbix_proxy_dbuser`: The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. -* `zabbix_proxy_dbpassword`: The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbname`: Default: zabbix_proxy. The database name which is used by the Zabbix Proxy. +* `zabbix_proxy_dbuser`: Default: zabbix_proxy. The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbpassword`: Default: zabbix_proxy. The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. * `zabbix_proxy_dbport`: The database port which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. -* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. +* `zabbix_proxy_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. * `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client. Default true -* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. +* `zabbix_proxy_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. * `zabbix_proxy_dbencoding`: Default: `utf8`. The encoding for the MySQL database. * `zabbix_proxy_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database.zabbix_proxy_ -* `zabbix_server_allowunsupporteddbversions`: Allow proxy to work with unsupported database versions. -* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. -### TLS Specific configuration - -These variables are specific for Zabbix 3.0 and higher: - -* `zabbix_proxy_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_proxy_tlsaccept`: What incoming connections to accept. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_proxy_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. -* `zabbix_proxy_tlscrlfile`: Full pathname of a file containing revoked certificates. -* `zabbix_proxy_tlsservercertissuer`: Allowed server certificate issuer. -* `zabbix_proxy_tlsservercertsubject`: Allowed server certificate subject. -* `zabbix_proxy_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. -* `zabbix_proxy_tlskeyfile`: Full pathname of a file containing the agent private key. -* `zabbix_proxy_dbtlsconnect`: Setting this option enforces to use TLS connection to database: - -`required` - connect using TLS -`verify_ca` - connect using TLS and verify certificate -`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate - -On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported. -By default not set to any option and the behaviour depends on database configuration. -This parameter is supported since Zabbix 5.0.0. - -* `zabbix_proxy_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscertfile`: Full pathname of file containing Zabbix Proxy certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscipher`: The list of encryption ciphers that Zabbix Proxy permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscipher13`: The list of encryption ciphersuites that Zabbix Proxy permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0. - -## proxy + +### Yum/APT +* `zabbix_repo_yum`: A list with Yum repository configuration. +* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) +* `zabbix_repo_yum_gpgcheck`: Default: `0`. Should yum perform a GPG check on the repository +* `zabbix_proxy_disable_repo`: A list of repos to disable during install. Default `epel`. +* `zabbix_proxy_apt_priority`: APT priority for the zabbix repository +* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. +### SElinux + +* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. + +## Proxy When the target host does not have access to the internet, but you do have a proxy available then the following properties needs to be set to download the packages via the proxy: @@ -210,9 +148,9 @@ When the target host does not have access to the internet, but you do have a pro With Zabbix Proxy you can make use of 2 different databases: -* `mysql` -* `postgresql` -* `SQLite3` +* MySQL +* PostgreSQL +* SQLite3 In the following paragraphs we dive into both setups. @@ -232,12 +170,12 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: mysql -zabbix_proxy_database_long: mysql zabbix_proxy_dbport: 3306 zabbix_proxy_dbpassword: <SOME_SECRET_STRING> ``` Please generate a value for the `zabbix_proxy_dbpassword` property (Maybe use `ansible-vault` for this). The zabbix-proxy role will create an database and username (With the provided value for the password) in `MySQL`. + 3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Proxy with `MySQL` will be running. #### Separate Setup @@ -249,7 +187,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: mysql -zabbix_proxy_database_long: mysql zabbix_proxy_dbport: 3306 zabbix_proxy_dbhost: mysql-host zabbix_proxy_dbhost_run_install: false @@ -283,7 +220,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: pgsql -zabbix_proxy_database_long: postgresql zabbix_proxy_dbport: 5432 zabbix_proxy_dbpassword: <SOME_SECRET_STRING> ``` @@ -300,7 +236,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: pgsql -zabbix_proxy_database_long: postgresql zabbix_proxy_dbport: 5432 zabbix_proxy_dbhost: pgsql-host zabbix_proxy_dbhost_run_install: false @@ -326,7 +261,6 @@ The following properties needs to be set when using `SQLite3` as the database: ```yaml zabbix_proxy_database: sqlite3 -zabbix_proxy_database_long: sqlite3 zabbix_proxy_dbname: /path/to/sqlite3.db ``` @@ -336,20 +270,140 @@ NOTE: When using `zabbix_proxy_dbname: zabbix_proxy` (Which is default with this These variables need to be overridden when you want to make use of the Zabbix API for automatically creating and or updating proxies, i.e. when `zabbix_api_create_proxy` is set to `True`. -* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth. -* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth. * `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com -* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080 -* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS -* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used +* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false` +* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080 * `zabbix_api_login_user`: Username of user which has API access. * `zabbix_api_login_pass`: Password for the user which has API access. +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used. +* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds) * `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu` * `zabbix_api_create_proxy`: When you want to enable the Zabbix API to create/delete the proxy. This has to be set to `True` if you want to make use of `zabbix_proxy_state`. Default: `False` * `zabbix_proxy_name`: name of the Zabbix proxy as it is seen by Zabbix server * `zabbix_proxy_state`: present (Default) if the proxy needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_proxy` is set to `True`. * `zabbix_proxy_status`: active (Default) if the proxy needs to be active or passive. -* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds) + +## Configuration Variables + +The following table lists all variables that are exposed to modify the configuration of the zabbix_proxy.conf file. Specific details of each variable can be found in the Zabbix documentation. + +**NOTE**: Only variables with a default value appear in the defaults file, all others must be added. + +| Zabbix Name | Variable Name | Default Value |Notes | +|-----------|------------------|--------|--------| +| AllowRoot | zabbix_proxy_allowroot |0| | +| AllowUnsupportedDBVersions | zabbix_proxy_allowunsupporteddbversions |0| | +| CacheSize | zabbix_proxy_cachesize | 8M| | +| ConfigFrequency | zabbix_proxy_configfrequency |3600| | +| DataSenderFrequency | zabbix_proxy_datasenderfrequency |1| | +| DBHost | zabbix_proxy_dbhost | localhost| | +| DBName | zabbix_proxy_dbname | zabbix_proxy| | +| DBPassword | zabbix_proxy_dbpassword | zabbix_proxy| | +| DBSchema | zabbix_proxy_dbschema || | +| DBSocket | zabbix_proxy_dbsocket || | +| DBTLSCAFile | zabbix_proxy_dbtlscafile || | +| DBTLSCertFile | zabbix_proxy_dbtlscertfile || | +| DBTLSCipher | zabbix_proxy_dbtlscipher || | +| DBTLSCipher13 | zabbix_proxy_dbtlscipher13 || | +| DBTLSConnect | zabbix_proxy_dbtlsconnect || | +| DBTLSKeyFile | zabbix_proxy_dbtlskeyfile || | +| DBUser | zabbix_proxy_dbuser | zabbix_proxy| | +| DebugLevel | zabbix_proxy_debuglevel |3| | +| EnableRemoteCommands | zabbix_proxy_enableremotecommands |0| | +| ExternalScripts | zabbix_proxy_externalscripts | /usr/lib/zabbix/externalscripts| | +| Fping6Location | zabbix_proxy_fping6location | OS Specific Value | | +| FpingLocation | zabbix_proxy_fpinglocation | OS Specific Value | | +| HeartbeatFrequency | zabbix_proxy_heartbeatfrequency |60| Version 6.2 or Lower| +| HistoryCacheSize | zabbix_proxy_historycachesize | 8M| | +| HistoryIndexCacheSize | zabbix_proxy_historyindexcachesize | 4M| | +| Hostname | zabbix_proxy_hostname | "{{ inventory_hostname }}"| | +| HostnameItem | zabbix_proxy_hostnameitem || | +| HousekeepingFrequency | zabbix_proxy_housekeepingfrequency |1| | +| Include | zabbix_proxy_include | /etc/zabbix/zabbix_proxy.conf.d| | +| JavaGateway | zabbix_proxy_javagateway || | +| JavaGatewayPort | zabbix_proxy_javagatewayport |10052| | +| ListenBacklog | zabbix_proxy_listenbacklog || | +| ListenIP | zabbix_proxy_listenip || | +| ListenPort | zabbix_proxy_listenport |10051| | +| LoadModule | zabbix_proxy_loadmodule || | +| LoadModulePath | zabbix_proxy_loadmodulepath | /usr/lib/zabbix/modules| | +| LogFile | zabbix_proxy_logfile | /var/log/zabbix/zabbix_proxy.log| | +| LogFileSize | zabbix_proxy_logfilesize |10| | +| LogRemoteCommands | zabbix_proxy_logremotecommands || | +| LogSlowQueries | zabbix_proxy_logslowqueries || | +| LogType | zabbix_proxy_logtype | file| | +| PidFile | zabbix_proxy_pidfile | /var/run/zabbix/zabbix_proxy.pid| | +| ProxyLocalBuffer | zabbix_proxy_proxylocalbuffer |0| | +| ProxyMode | zabbix_proxy_proxymode || | +| ProxyOfflineBuffer | zabbix_proxy_proxyofflinebuffer |1| | +| Server | zabbix_proxy_server | 192.168.1.1| | +| SNMPTrapperFile | zabbix_proxy_snmptrapperfile | /tmp/zabbix_traps.tmp| | +| SocketDir | zabbix_proxy_socketdir | /var/run/zabbix| | +| SourceIP | zabbix_proxy_sourceip || | +| SSHKeyLocation | zabbix_proxy_sshkeylocation || | +| SSLCALocation | zabbix_proxy_sslcalocation || | +| SSLCertLocation | zabbix_proxy_sslcertlocation || | +| SSLKeyLocation | zabbix_proxy_sslkeylocation || | +| StartDBSyncers | zabbix_proxy_startdbsyncers |4| | +| StartDiscoverers | zabbix_proxy_startdiscoverers |1| | +| StartHTTPPollers | zabbix_proxy_starthttppollers |1| | +| StartIPMIPollers | zabbix_proxy_startipmipollers |0| | +| StartJavaPollers | zabbix_proxy_startjavapollers || | +| StartODBCPollers | zabbix_proxy_startodbcpollers |1| | +| StartPingers | zabbix_proxy_startpingers |1| | +| StartPollers | zabbix_proxy_startpollers |5| | +| StartPollersUnreachable | zabbix_proxy_startpollersunreachable |1| | +| StartPreprocessors | zabbix_proxy_startpreprocessors |3| | +| StartSNMPTrapper | zabbix_proxy_startsnmptrapper || | +| StartTrappers | zabbix_proxy_starttrappers |5| | +| StartVMwareCollectors | zabbix_proxy_startvmwarecollectors || | +| StatsAllowedIP | zabbix_proxy_statsallowedip | "127.0.0.1"| | +| Timeout | zabbix_proxy_timeout |3| | +| TLSAccept | zabbix_proxy_tlsaccept || | +| TLSCAFile | zabbix_proxy_tlscafile || | +| TLSCertFile | zabbix_proxy_tlscertfile || | +| TLSCipherAll | zabbix_proxy_tlscipherall || | +| TLSCipherAll13 | zabbix_proxy_tlscipherall13 || | +| TLSCipherCert | zabbix_proxy_tlsciphercert || | +| TLSCipherCert13 | zabbix_proxy_tlsciphercert13 || | +| TLSCipherPSK | zabbix_proxy_tlscipherpsk || | +| TLSCipherPSK13 | zabbix_proxy_tlscipherpsk13 || | +| TLSConnect | zabbix_proxy_tlsconnect || | +| TLSCRLFile | zabbix_proxy_tlscrlfile || | +| TLSKeyFile | zabbix_proxy_tlskeyfile || | +| TLSPSKFile | zabbix_proxy_tlspskfile || | +| TLSPSKIdentity | zabbix_proxy_tlspskidentity || | +| TLSServerCertIssuer | zabbix_proxy_tlsservercertissuer || | +| TLSServerCertSubject | zabbix_proxy_tlsservercertsubject || | +| TmpDir | zabbix_proxy_tmpdir | /tmp| | +| TrapperTimeout | zabbix_proxy_trappertimeout |300| | +| UnavailableDelay | zabbix_proxy_unavailabledelay || | +| UnreachableDelay | zabbix_proxy_unreachabledelay || | +| UnreachablePeriod | zabbix_proxy_unreachableperiod |45| | +| User | zabbix_proxy_user || | +| Vault | zabbix_proxy_vault || Version 6.2 or Greater | +| VaultDBPath | zabbix_proxy_vaultdbpath || | +| VaultTLSCertFile | zabbix_proxy_vaulttlscertfile || Version 6.2 or Greater | +| VaultTLSKeyFile | zabbix_proxy_vaulttlskeyfile || Version 6.2 or Greater | +| VaultToken | zabbix_proxy_vaulttoken || | +| VaultURL | zabbix_proxy_vaulturl |https://127.0.0.1:8200| | +| VMwareCacheSize | zabbix_proxy_vmwarecachesize | 8M| | +| VMwareFrequency | zabbix_proxy_vmwarefrequency |60| | +| VMwarePerfFrequency | zabbix_proxy_vmwareperffrequency | | | +| VMwareTimeout | zabbix_proxy_vmwaretimeout | | | + +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. # Example Playbook @@ -361,7 +415,6 @@ Including an example of how to use your role (for instance, with variables passe - role: community.zabbix.zabbix_proxy zabbix_proxy_server: 192.168.1.1 zabbix_proxy_database: mysql - zabbix_proxy_database_long: mysql ``` # Molecule @@ -385,3 +438,4 @@ See LICENCE to see the full text. Please send suggestion or pull requests to make this role better. Also let us know if you encounter any issues installing or using this role. Github: https://github.com/ansible-collections/community.zabbix + diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml index 82a70cb09..f46c9c64e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml @@ -1,32 +1,53 @@ --- # defaults file for zabbix_proxy +# zabbix_proxy_version: 6.4 +zabbix_os_user: zabbix +zabbix_proxy_selinux: false +zabbix_proxy_interface: + useip: "{{ zabbix_useuip }}" + ip: "{{ zabbix_proxy_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ zabbix_proxy_listenport }}" +zabbix_useuip: 1 -# zabbix_proxy_version: 6.0 -zabbix_proxy_version_minor: "*" -zabbix_version: "{{ zabbix_proxy_version }}" -zabbix_selinux: false - -# These variables are optional. They specify the version of Zabbix proxy package. +# Database +zabbix_proxy_database: mysql +zabbix_proxy_database_creation: true +zabbix_proxy_database_sqlload: true +zabbix_proxy_dbhost_run_install: true +zabbix_proxy_dbcollation: utf8_bin +zabbix_proxy_dbencoding: utf8 +zabbix_proxy_dbhost: localhost +zabbix_proxy_dbname: zabbix_proxy +zabbix_proxy_dbpassword: zabbix_proxy +zabbix_proxy_dbpassword_hash_method: md5 +zabbix_proxy_dbuser: zabbix_proxy +zabbix_proxy_install_database_client: true -# zabbix_proxy_rhel_version: 4.4.4 -# zabbix_proxy_debian_version: 1:4.4.4-1+stretch -# zabbix_proxy_ubuntu_version: 1:4.4.4-1+xenial +# Misc. +zabbix_proxy_cat_cmd: cat +zabbix_proxy_conf_mode: "0644" +zabbix_proxy_config: /etc/zabbix/zabbix_proxy.conf +zabbix_proxy_include_mode: "0755" +zabbix_proxy_manage_service: true +zabbix_proxy_privileged_host: localhost +zabbix_proxy_server: 192.168.1.1 +zabbix_proxy_tls_config: + no_encryption: "no_encryption" + psk: "PSK" + cert: "certificate" +zabbix_proxy_version_minor: "*" -zabbix_repo: zabbix -zabbix_proxy_apt_priority: -zabbix_proxy_package_state: present -zabbix_proxy_install_recommends: true -zabbix_proxy_install_database_client: true -zabbix_install_pip_packages: true +# Yum/APT Variables zabbix_repo_yum_schema: https -zabbix_proxy_conf_mode: "0644" zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_disabled: "*" -zabbix_repo_yum_enabled: [] +zabbix_repo_deb_component: main +zabbix_proxy_disable_repo: + - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_proxy_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" mode: "0644" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX @@ -38,159 +59,71 @@ zabbix_repo_yum: gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present +zabbix_proxy_apt_priority: +zabbix_proxy_package_state: present -# User (EPEL specific) -zabbix_proxy_username: zabbix -zabbix_proxy_groupname: zabbix - -zabbix_server_host: 192.168.1.1 # Will be deprecated in 2.0.0 -zabbix_proxy_server: "{{ zabbix_server_host }}" -zabbix_server_port: 10051 # Will be deprecated in 2.0.0 -zabbix_proxy_serverport: "{{ zabbix_server_port }}" -zabbix_database_creation: true -zabbix_database_sqlload: true -zabbix_proxy_dbtlsconnect: -zabbix_proxy_dbtlscafile: -zabbix_proxy_dbtlscertfile: -zabbix_proxy_dbtlskeyfile: -zabbix_proxy_dbtlscipher: -zabbix_proxy_dbtlscipher13: +# Proxy Configuration Variables (Only ones with role provided defaults) +zabbix_proxy_allowroot: 0 zabbix_proxy_allowunsupporteddbversions: 0 - -# Some role specific vars -zabbix_proxy_database: mysql -zabbix_proxy_database_long: mysql -# zabbix_proxy_database: pgsql -# zabbix_proxy_database_long: postgresql -# zabbix_proxy_database: sqlite3 -# zabbix_proxy_database_long: sqlite3 - -# zabbix-proxy specific vars -zabbix_proxy_mode: 0 +zabbix_proxy_cachesize: 8M +zabbix_proxy_configfrequency: 3600 +zabbix_proxy_datasenderfrequency: 1 +zabbix_proxy_dbport: 5432 +zabbix_proxy_debuglevel: 3 +zabbix_proxy_enableremotecommands: 0 +zabbix_proxy_externalscripts: /usr/lib/zabbix/externalscripts +zabbix_proxy_heartbeatfrequency: 60 +zabbix_proxy_historycachesize: 8M +zabbix_proxy_historyindexcachesize: 4M zabbix_proxy_hostname: "{{ inventory_hostname }}" +zabbix_proxy_housekeepingfrequency: 1 +zabbix_proxy_include: /etc/zabbix/zabbix_proxy.conf.d +zabbix_proxy_javagatewayport: 10052 +zabbix_proxy_libdir: /usr/lib/zabbix zabbix_proxy_listenport: 10051 -zabbix_proxy_sourceip: -zabbix_proxy_logtype: file +zabbix_proxy_loadmodulepath: "{{ zabbix_proxy_libdir }}/modules" zabbix_proxy_logfile: /var/log/zabbix/zabbix_proxy.log zabbix_proxy_logfilesize: 10 -zabbix_proxy_enableremotecommands: 0 -zabbix_proxy_debuglevel: 3 +zabbix_proxy_logtype: file zabbix_proxy_pidfile: /var/run/zabbix/zabbix_proxy.pid +zabbix_proxy_proxylocalbuffer: 0 +zabbix_proxy_proxyofflinebuffer: 1 +zabbix_proxy_snmptrapperfile: /tmp/zabbix_traps.tmp zabbix_proxy_socketdir: /var/run/zabbix -zabbix_proxy_dbencoding: utf8 -zabbix_proxy_dbcollation: utf8_bin -zabbix_proxy_dbhost: localhost -zabbix_proxy_dbname: zabbix_proxy -zabbix_proxy_dbschema: -zabbix_proxy_dbuser: zabbix_proxy -zabbix_proxy_dbpassword: zabbix_proxy -zabbix_proxy_dbsocket: -zabbix_proxy_dbport: 5432 -zabbix_proxy_dbpassword_hash_method: md5 +zabbix_proxy_startdbsyncers: 4 +zabbix_proxy_startdiscoverers: 1 +zabbix_proxy_starthttppollers: 1 +zabbix_proxy_startipmipollers: 0 zabbix_proxy_startodbcpollers: 1 -zabbix_proxy_dbhost_run_install: true -zabbix_proxy_privileged_host: localhost -zabbix_proxy_localbuffer: 0 # Will be deprecated in 2.0.0 -zabbix_proxy_proxylocalbuffer: "{{ zabbix_proxy_localbuffer }}" -zabbix_proxy_offlinebuffer: 1 # Will be deprecated in 2.0.0 -zabbix_proxy_proxyofflinebuffer: "{{ zabbix_proxy_offlinebuffer }}" -zabbix_proxy_heartbeatfrequency: 60 -zabbix_proxy_configfrequency: 3600 -zabbix_proxy_datasenderfrequency: 1 +zabbix_proxy_startpingers: 1 zabbix_proxy_startpollers: 5 -zabbix_proxy_startipmipollers: 0 zabbix_proxy_startpollersunreachable: 1 -zabbix_proxy_starttrappers: 5 -zabbix_proxy_startpingers: 1 -zabbix_proxy_startdiscoverers: 1 -zabbix_proxy_starthttppollers: 1 zabbix_proxy_startpreprocessors: 3 -zabbix_proxy_javagateway: -zabbix_proxy_javagatewayport: 10052 -zabbix_proxy_startjavapollers: 5 -zabbix_proxy_startvmwarecollector: 0 -zabbix_proxy_vmwarefrequency: 60 -zabbix_proxy_vmwarecachesize: 8 -zabbix_proxy_snmptrapperfile: /tmp/zabbix_traps.tmp -zabbix_proxy_snmptrapper: 0 -zabbix_proxy_listenip: -zabbix_proxy_housekeepingfrequency: 1 -zabbix_proxy_cachesize: 8 -zabbix_proxy_startdbsyncers: 4 -zabbix_proxy_historycachesize: 8 -zabbix_proxy_historyindexcachesize: 4 -zabbix_proxy_historytextcachesize: 16 +zabbix_proxy_starttrappers: 5 +zabbix_proxy_statsallowedip: "127.0.0.1" zabbix_proxy_timeout: 3 +zabbix_proxy_tmpdir: /tmp zabbix_proxy_trappertimeout: 300 zabbix_proxy_unreachableperiod: 45 -zabbix_proxy_unavaliabledelay: 60 -zabbix_proxy_unreachabedelay: 15 -zabbix_proxy_externalscripts: /usr/lib/zabbix/externalscripts -zabbix_proxy_fpinglocation: /usr/sbin/fping -zabbix_proxy_fping6location: /usr/sbin/fping6 -zabbix_proxy_sshkeylocation: -zabbix_proxy_loglowqueries: 0 -zabbix_proxy_tmpdir: /tmp -zabbix_proxy_allowroot: 0 -zabbix_proxy_include: /etc/zabbix/zabbix_proxy.conf.d -zabbix_proxy_include_mode: "0755" -zabbix_proxy_libdir: /usr/lib/zabbix -zabbix_proxy_loadmodulepath: "{{ zabbix_proxy_libdir }}/modules" -zabbix_proxy_manage_service: true -zabbix_proxy_statsallowedip: "127.0.0.1" -zabbix_proxy_vaulttoken: zabbix_proxy_vaulturl: https://127.0.0.1:8200 -zabbix_proxy_vaultdbpath: -zabbix_proxy_listenbacklog: - -# TLS settings -zabbix_proxy_tlsconnect: -zabbix_proxy_tlsaccept: -zabbix_proxy_tlscafile: -zabbix_proxy_tlscrlfile: -zabbix_proxy_tlsservercertissuer: -zabbix_proxy_tlsservercertsubject: -zabbix_proxy_tls_subject: "{{ zabbix_proxy_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression -zabbix_proxy_tlscertfile: -zabbix_proxy_tlskeyfile: -zabbix_proxy_tlspskidentity: - -zabbix_proxy_tls_config: - no_encryption: "no_encryption" - psk: "PSK" - cert: "certificate" +zabbix_proxy_vmwarecachesize: 8M +zabbix_proxy_vmwarefrequency: 60 # Zabbix API stuff -zabbix_validate_certs: true # Will be deprecated in 2.0.0 -zabbix_api_validate_certs: "{{ zabbix_validate_certs }}" -zabbix_url: http://localhost # Will be deprecated in 2.0.0 -zabbix_api_server_url: "{{ zabbix_url }}" -zabbix_api_server_host: "{{ zabbix_api_server_url | urlsplit('hostname') }}" -zabbix_api_port_from_url: "{{ zabbix_api_server_port | default(zabbix_api_server_url | urlsplit('port')) }}" -zabbix_api_scheme_from_url: "{{ zabbix_api_server_url | urlsplit('scheme') }}" -zabbix_api_port_from_shema: "{{ (zabbix_api_scheme_from_url == 'https') | ternary(443, 80) }}" -# zabbix_http_user: admin # Will be deprecated in 2.0.0 -# zabbix_http_password: admin # Will be deprecated in 2.0.0 -# zabbix_api_http_user: admin -# zabbix_api_http_password: admin -zabbix_api_user: Admin # Will be deprecated in 2.0.0 -zabbix_api_pass: !unsafe zabbix # Will be deprecated in 2.0.0 -zabbix_api_login_user: "{{ zabbix_api_user }}" -zabbix_api_login_pass: "{{ zabbix_api_pass }}" +zabbix_api_server_host: localhost +zabbix_api_use_ssl: false +# zabbix_api_server_port: 80 +zabbix_api_login_user: Admin +zabbix_api_login_pass: !unsafe zabbix +zabbix_api_validate_certs: false ansible_httpapi_pass: "{{ zabbix_api_login_pass }}" -ansible_httpapi_port: "{{ (zabbix_api_port_from_url == '') | ternary(zabbix_api_port_from_shema, zabbix_api_port_from_url) }}" -ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl | default((zabbix_api_scheme_from_url == 'https') | ternary(true, false)) }}" +ansible_httpapi_port: "{{ zabbix_api_server_port }}" ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}" -zabbix_api_create_proxy: false zabbix_api_timeout: 30 -zabbix_create_proxy: present # or absent # Will be deprecated in 2.0.0 -zabbix_proxy_state: "{{ zabbix_create_proxy }}" +zabbix_api_create_proxy: false +zabbix_proxy_state: present zabbix_proxy_status: active # or passive -zabbix_useuip: 1 -zabbix_proxy_become_on_localhost: true -zabbix_proxy_interface: - useip: "{{ zabbix_useuip }}" - ip: "{{ zabbix_proxy_ip }}" - dns: "{{ ansible_fqdn }}" - port: "{{ zabbix_proxy_listenport }}" +# TLS setttings +zabbix_proxy_tlsaccept: +zabbix_proxy_tlsconnect: diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml index 8f42133be..9d5b88ee3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml @@ -2,27 +2,16 @@ # handlers file for zabbix-proxy - name: restart zabbix-proxy - service: + ansible.builtin.service: name: zabbix-proxy state: restarted enabled: true become: true when: - zabbix_proxy_manage_service | bool - - zabbix_repo != 'epel' - -- name: restart zabbix-proxy - service: - name: zabbix-proxy-mysql{{ zabbix_proxy_database_long }} - state: restarted - enabled: true - become: true - when: - - zabbix_proxy_manage_service | bool - - zabbix_repo == 'epel' - name: "clean repo files from proxy creds" - shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true become: true when: - ansible_os_family == 'RedHat' diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml index fae6b5b96..8e27e7d27 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml @@ -1,76 +1,48 @@ --- -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml - -- name: "Set some variables" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_proxy_apt_repository: - - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/" - - "{{ ansible_distribution_release }}" - - "main" - zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" - zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" - when: - - ansible_machine != "aarch64" - -- name: "Set some variables" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_proxy_apt_repository: - - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/" - - "{{ ansible_distribution_release }}" - - "main" - zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" +- name: "Debian | Set short version name" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" - when: - - ansible_machine == "aarch64" - -- name: "Debian | Set some facts" - set_fact: - apache_log: apache2 - datafiles_path: "/usr/share/zabbix-proxy-{{ zabbix_proxy_database }}" - when: - - zabbix_version is version_compare('3.0', '<') + zabbix_underscore_version: "{{ zabbix_proxy_version | regex_replace('\\.', '_') }}" tags: - - zabbix-proxy - - init - - config + - always -- name: "Debian | Set some facts for Zabbix >= 3.0 && < 5.4" - set_fact: - apache_log: apache2 - datafiles_path: /usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }} - when: - - zabbix_version is version('3.0', '>=') - - zabbix_version is version('5.4', '<') +- name: "Debian | Installing lsb-release" + ansible.builtin.apt: + pkg: lsb-release + update_cache: true + cache_valid_time: 3600 + force: true + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true tags: - - zabbix-proxy - - init - - config + - install -- name: "Debian | Set some facts for Zabbix == 5.4" - set_fact: - datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_database_long }} +- name: "Debian | Update ansible_lsb fact" + ansible.builtin.setup: + gather_subset: + - lsb + +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}" when: - - zabbix_version is version('5.4', '==') + - zabbix_repo_deb_url is undefined tags: - - zabbix-proxy - - init - - config + - always -- name: "Debian | Set some facts for Zabbix >= 6.0" - set_fact: - datafiles_path: /usr/share/zabbix-sql-scripts/{{ zabbix_proxy_database_long }} - when: - - zabbix_version is version('6.0', '>=') +- name: "Debian | Set some facts for Zabbix" + ansible.builtin.set_fact: + datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }} tags: - - zabbix-proxy - - init + - install - config - name: "Debian | Installing gnupg" - apt: + ansible.builtin.apt: pkg: gnupg update_cache: true cache_valid_time: 3600 @@ -82,108 +54,97 @@ register: gnupg_installed until: gnupg_installed is succeeded become: true + tags: + - install + +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" + become: true + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") -- name: "Debian | Install gpg key" - apt_key: - id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}" +- name: "Debian | Download gpg key" + ansible.builtin.get_url: url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true register: are_zabbix_proxy_dependency_packages_installed until: are_zabbix_proxy_dependency_packages_installed is succeeded - when: - - zabbix_repo == "zabbix" become: true tags: - - zabbix-proxy - - init + - install - name: "Debian | Installing repository {{ ansible_distribution }}" - apt_repository: - repo: "{{ item }} {{ zabbix_proxy_apt_repository | join(' ') }}" - state: present - when: zabbix_repo == "zabbix" + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} become: true - with_items: - - deb-src - - deb tags: - - zabbix-proxy - - init - + - install + - name: "Debian | Create /etc/apt/preferences.d/" - file: + ansible.builtin.file: path: /etc/apt/preferences.d/ state: directory - mode: '0755' + mode: "0755" when: - zabbix_proxy_apt_priority | int become: true - + tags: + - install + - name: "Debian | Configuring the weight for APT" - copy: + ansible.builtin.copy: dest: "/etc/apt/preferences.d/zabbix-proxy-{{ zabbix_proxy_database }}" content: | Package: zabbix-proxy-{{ zabbix_proxy_database }} Pin: origin repo.zabbix.com Pin-Priority: {{ zabbix_proxy_apt_priority }} owner: root - mode: '0644' + mode: "0644" when: - zabbix_proxy_apt_priority | int become: true - -- name: Check if warn parameter can be used for shell module - set_fact: - produce_warn: False - when: ansible_version.full is version("2.14", "<") - -- name: apt-get clean - shell: apt-get clean; apt-get update - args: - warn: "{{ produce_warn | default(omit) }}" - changed_when: false - become: true tags: - - skip_ansible_lint - -# On certain 18.04 images, such as docker or lxc, dpkg is configured not to -# install files into paths /usr/share/doc/* -# Since this is where Zabbix installs its database schemas, we need to allow -# files to be installed to /usr/share/doc/zabbix* -- name: Check for the dpkg exclude line - command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes - register: dpkg_exclude_line - failed_when: false - changed_when: false - check_mode: false - -- name: Allow Zabbix dpkg installs to /usr/share/doc/zabbix* - lineinfile: - path: /etc/dpkg/dpkg.cfg.d/excludes - line: 'path-include=/usr/share/doc/zabbix*' - become: true - when: - - dpkg_exclude_line.rc == 0 + - install - name: "Debian | Installing zabbix-proxy-{{ zabbix_proxy_database }}" - apt: - pkg: zabbix-proxy-{{ zabbix_proxy_database }} - state: "{{ zabbix_proxy_package_state }}" + ansible.builtin.apt: + pkg: "zabbix-proxy-{{ zabbix_proxy_database }}" update_cache: true cache_valid_time: 0 - install_recommends: "{{ zabbix_proxy_install_recommends }}" + force: true + state: "{{ zabbix_proxy_package_state }}" default_release: "{{ ansible_distribution_release }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_package_installed - until: zabbix_proxy_package_installed is succeeded + register: is_zabbix_proxy_package_installed + until: is_zabbix_proxy_package_installed is succeeded become: true tags: - - zabbix-proxy - - init + - install - name: "Debian | Installing zabbix-sql-scripts" - apt: + ansible.builtin.apt: pkg: zabbix-sql-scripts state: "{{ zabbix_proxy_package_state }}" update_cache: true @@ -195,14 +156,13 @@ register: zabbix_proxy_package_sql_installed until: zabbix_proxy_package_sql_installed is succeeded when: - - zabbix_version is version('5.4', '>=') + - zabbix_proxy_version is version('6.0', '>=') become: true tags: - - zabbix-proxy - - init + - install - name: "Debian | Install Ansible module dependencies" - apt: + ansible.builtin.apt: name: "{{ zabbix_python_prefix }}-psycopg2" state: present environment: @@ -212,16 +172,14 @@ until: zabbix_proxy_dependencies_installed is succeeded become: true when: - - zabbix_database_creation + - zabbix_proxy_database_creation tags: - - zabbix-proxy - - init + - install + - dependencies - name: "Debian | Install Mysql Client package" - apt: - name: - - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + ansible.builtin.apt: + name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}" state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" @@ -232,35 +190,13 @@ when: - zabbix_proxy_database == 'mysql' - zabbix_proxy_install_database_client - - ansible_distribution_release != "buster" tags: - - zabbix-proxy - - init - - database - -- name: "Debian 10 | Install Mysql Client package" - apt: - name: - - mariadb-client - - "{{ zabbix_python_prefix }}-mysqldb" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - zabbix_proxy_database == 'mysql' - - zabbix_proxy_install_database_client - - ansible_distribution_release == "buster" - tags: - - zabbix-proxy - - init + - install + - dependencies - database - name: "Debian | Install PostgreSQL Client package" - apt: + ansible.builtin.apt: name: postgresql-client state: present environment: @@ -270,16 +206,16 @@ until: are_zabbix_proxy_dependency_packages_installed is succeeded become: true when: - - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - zabbix_proxy_database == 'pgsql' - zabbix_proxy_install_database_client tags: - - zabbix-proxy - - init + - install + - dependencies - database - name: "Debian | Install sqlite3" - apt: + ansible.builtin.apt: name: sqlite3 state: present environment: @@ -291,4 +227,6 @@ when: - zabbix_proxy_database == 'sqlite3' tags: - - zabbix-proxy + - install + - dependencies + - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml index 34a40396e..f35b3c7b3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml @@ -1,323 +1,147 @@ --- # Tasks specific for RedHat systems -- name: "Set short version name" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - -- name: "RedHat | Use EPEL package name" - set_fact: - zabbix_proxy_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-proxy" - when: - - zabbix_repo == "epel" +- name: "RedHat | Set short version name" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" tags: - - zabbix-proxy - - init - -- name: "RedHat | Define package with version" - set_fact: - zabbix_proxy_package: "zabbix{{ zabbix_short_version }}-proxy-{{ zabbix_proxy_database }}" - cacheable: true - when: - - zabbix_proxy_rhel_version is defined - - zabbix_repo != "epel" + - always - name: "RedHat | Define package without version" - set_fact: + ansible.builtin.set_fact: zabbix_proxy_package: "zabbix-proxy-{{ zabbix_proxy_database }}" cacheable: true - when: - - zabbix_proxy_rhel_version is not defined - - zabbix_repo != "epel" - -- name: "RedHat | Set some facts Zabbix < 3.0" - set_fact: - apache_log: httpd - datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*/create" - when: - - zabbix_version is version('3.0', '<') - tags: - - zabbix-proxy - -- name: "RedHat | Set facts for Zabbix >= 3.0 && < 5.4" - set_fact: - apache_log: httpd - datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*" - when: - - zabbix_version is version('3.0', '>=') - - zabbix_version is version('5.4', '<') tags: - - zabbix-proxy + - always -- name: "RedHat | Set facts for Zabbix == 5.4" - set_fact: - datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}" - when: - - zabbix_version is version('5.4', '==') +- name: "RedHat | Set facts for Zabbix" + ansible.builtin.set_fact: + datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}" tags: - - zabbix-server - -- name: "RedHat | Set facts for Zabbix >= 6.0" - set_fact: - datafiles_path: "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}" - when: - - zabbix_version is version('6.0', '>=') - tags: - - zabbix-server - -- name: "RedHat | Set facts for Zabbix >= 3.0 and RedHat 8" - set_fact: - apache_log: httpd - datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}" - when: - - zabbix_version is version('3.0', '>=') - - zabbix_version is version('5.4', '<') - - ansible_distribution_major_version == '8' - tags: - - zabbix-proxy - -- name: "RedHat | Set some facts EPEL" - set_fact: - datafiles_path: "/usr/share/zabbix-{{ zabbix_proxy_database_long }}" - when: - - zabbix_repo == "epel" - tags: - - zabbix-server - -- name: "RedHat | Create 'zabbix' group (EPEL)" - group: - name: "{{ zabbix_proxy_groupname | default('zabbix') }}" - gid: "{{ zabbix_proxy_groupid | default(omit) }}" - state: present - become: true - when: - - zabbix_repo == "epel" + - always -- name: "RedHat | Create 'zabbix' user (EPEL)" - user: - name: "{{ zabbix_proxy_username | default('zabbix') }}" - comment: Zabbix Monitoring System - uid: "{{ zabbix_proxy_userid | default(omit) }}" - group: zabbix - become: true - when: - - zabbix_repo == "epel" - -- name: "Make sure old file is absent" - file: +- name: "RedHat | Make sure old file is absent" + ansible.builtin.file: path: /etc/yum.repos.d/zabbix-supported.repo state: absent become: true + tags: + - install - name: "RedHat | Install basic repo file" - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" + priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true - when: - - zabbix_repo == "zabbix" notify: - "clean repo files from proxy creds" tags: - - zabbix-agent - -- name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}" - package: - pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - when: - zabbix_repo != "other" - register: is_zabbix_proxy_package_installed - until: is_zabbix_proxy_package_installed is succeeded - -- name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }} (When zabbix_repo == other)" - package: - pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - become: true - when: - zabbix_repo == "other" - register: is_zabbix_proxy_package_installed - until: is_zabbix_proxy_package_installed is succeeded - -- name: "RedHat | Installing zabbix-sql-scripts" - package: - pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_sql_package_installed - until: zabbix_proxy_sql_package_installed is succeeded - when: - - zabbix_version is version('5.4', '>=') - - zabbix_repo != "other" - become: true - tags: - - zabbix-server - -- name: "RedHat | Installing zabbix-sql-scripts (When zabbix_repo == other)" - package: - pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - register: zabbix_proxy_sql_package_installed - until: zabbix_proxy_sql_package_installed is succeeded - when: - - zabbix_version is version('5.4', '>=') - - zabbix_repo == "other" - become: true - tags: - - zabbix-server - -- name: "RedHat | Install Ansible PostgreSQL module dependencies" - yum: - name: python-psycopg2 + - install + +- name: Install packages for Zabbix Repository + block: + - name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}" + ansible.builtin.yum: + pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" + state: "{{ zabbix_proxy_package_state }}" + disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + register: is_zabbix_proxy_package_installed + until: is_zabbix_proxy_package_installed is succeeded + + - name: "RedHat | Installing zabbix-sql-scripts" + ansible.builtin.yum: + pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" + state: "{{ zabbix_proxy_package_state }}" + disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_proxy_sql_package_installed + until: zabbix_proxy_sql_package_installed is succeeded + become: true + tags: + - install + +- name: "RedHat | Install Ansible PostgreSQL Client package" + ansible.builtin.yum: + name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}" state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" become: true - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded + register: are_zabbix_proxy_pgsql_packages_installed + until: are_zabbix_proxy_pgsql_packages_installed is succeeded when: - - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - zabbix_proxy_database == 'pgsql' - - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" - tags: - - zabbix-proxy - - init - -- name: "RedHat | Install Ansible module dependencies on RHEL9 or RHEL8" - yum: - name: python3-psycopg2 - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - zabbix_database_creation - - zabbix_proxy_database == 'pgsql' - - ansible_distribution_major_version|int >= 8 - tags: - - zabbix-server - -- name: "RedHat | Install Mysql Client package RHEL7" - yum: - name: - - mariadb - - MySQL-python - state: installed - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - when: - - zabbix_database_creation or zabbix_database_sqlload - - zabbix_proxy_database == 'mysql' - - ansible_distribution_major_version == '7' - tags: - - zabbix-proxy - - init - -- name: "RedHat | Install Mysql Client packages RHEL9 or RHEL8" - yum: - name: - - mysql - - python3-PyMySQL - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - zabbix_proxy_database == 'mysql' - - ansible_distribution_major_version|int >= 8 tags: - - zabbix-proxy - - init - -- name: "RedHat | Install Mysql Client package RHEL5 - 6" - yum: - name: - - mysql - - MySQL-python - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - when: - - zabbix_database_creation or zabbix_database_sqlload - - zabbix_proxy_database == 'mysql' - - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5" - - zabbix_proxy_install_database_client - tags: - - zabbix-proxy - - init + - install - database - -- name: "RedHat | Install PostgreSQL client package" - yum: - name: postgresql - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - when: - - zabbix_database_creation or zabbix_database_sqlload - - zabbix_proxy_database == 'pgsql' + - dependencies + +- name: "RedHat | Install Mysql Client Package" + block: + - name: "RedHat | Add Mysql Repo (Centos 7 Only)" + ansible.builtin.yum_repository: + name: mariadb + description: MariaDB 10.8 CentOS repository list + file: mariadb + baseurl: "https://mirror.rackspace.com/mariadb/yum/10.11/centos{{ ansible_distribution_major_version }}-amd64" + gpgcheck: no + when: ansible_distribution_major_version == '7' + + - name: "RedHat | Install Mysql Client package" + ansible.builtin.yum: + name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}" + state: installed + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + register: are_zabbix_proxy_mysql_packages_installed + until: are_zabbix_proxy_mysql_packages_installed is succeeded + when: + - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - zabbix_proxy_install_database_client + - zabbix_proxy_database == 'mysql' tags: - - zabbix-proxy - - init + - install - database + - dependencies - name: "RedHat | Install sqlite3" - yum: + ansible.builtin.yum: name: - sqlite state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded + register: zabbix_proxy_sqlite_packages_installed + until: zabbix_proxy_sqlite_packages_installed is succeeded become: true when: - zabbix_proxy_database == 'sqlite3' tags: - - zabbix-proxy + - install + - database + - dependencies - name: "Configure SELinux when enabled" - include_tasks: selinux.yml + ansible.builtin.include_tasks: selinux.yml when: - - zabbix_selinux | bool + - zabbix_proxy_selinux | bool diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml index bd39b5b8a..f564635b1 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml @@ -1,71 +1,114 @@ --- # tasks file for zabbix_proxy - name: "Include OS-specific variables" - include_vars: "{{ ansible_os_family }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always - name: Determine Latest Supported Zabbix Version - set_fact: - zabbix_proxy_version: "{{ zabbix_valid_proxy_versions[ansible_distribution_major_version][0] | default(6.0) }}" - when: zabbix_proxy_version is not defined + ansible.builtin.set_fact: + zabbix_proxy_version: "{{ zabbix_valid_proxy_versions[ansible_distribution_major_version][0] | default(6.4) }}" + when: zabbix_proxy_version is not defined or zabbix_proxy_version is none + tags: + - always -- name: "Replace Sangoma with RedHat task" - set_fact: - ansible_os_family: "RedHat" - when: - - ansible_os_family == 'Sangoma' +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_proxy_db_long: "{{ 'postgresql' if zabbix_proxy_database == 'pgsql' else zabbix_proxy_database }}" + zabbix_valid_version: "{{ zabbix_proxy_version|float in zabbix_valid_proxy_versions[ansible_distribution_major_version] }}" + zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" + zabbix_proxy_fpinglocation: "{{ zabbix_proxy_fpinglocation if zabbix_proxy_fpinglocation is defined else _zabbix_proxy_fpinglocation}}" + zabbix_proxy_fping6location: "{{ zabbix_proxy_fping6location if zabbix_proxy_fping6location is defined else _zabbix_proxy_fping6location}}" + tags: + - always + +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_proxy_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version + tags: + - always + +- name: Setting Zabbix API Server Port + ansible.builtin.set_fact: + zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" + when: zabbix_api_server_port is undefined + +- name: Set Path to SQL File + ansible.builtin.set_fact: + datafile_path: "{{ db_file_path[zabbix_short_version] }}" + tags: + - install + - config - name: "Set default ip address for zabbix_proxy_ip" - set_fact: + ansible.builtin.set_fact: zabbix_proxy_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" when: - zabbix_proxy_ip is not defined - "'ansible_default_ipv4' in hostvars[inventory_hostname]" + tags: + - install + - config + - api -- name: "Set OS dependent variables" - include_vars: "{{ item }}" - with_first_found: - - "../vars/{{ ansible_distribution }}.yml" - - "../vars/main.yml" +- name: "Complete OS Specific Tasks" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" -- name: "Install the correct repository" - include_tasks: "{{ ansible_os_family }}.yml" +- name: "Get the file for database schema" + ansible.builtin.shell: ls -1 {{ db_file_path[zabbix_short_version] }} + changed_when: false + become: true + when: + - zabbix_proxy_database_sqlload + register: ls_output_schema + tags: + - database -- name: "Installing the {{ zabbix_proxy_database_long }} database" - include_tasks: "{{ zabbix_proxy_database_long }}.yml" +- name: "Installing the database" + ansible.builtin.include_tasks: "{{ zabbix_proxy_db_long }}.yml" - name: "Create include dir zabbix-proxy" - file: + ansible.builtin.file: path: "{{ zabbix_proxy_include }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: "{{ zabbix_proxy_include_mode }}" state: directory become: true + tags: + - install + - config - name: "Create module dir zabbix-proxy" - file: + ansible.builtin.file: path: "{{ zabbix_proxy_loadmodulepath }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" state: directory mode: "0755" become: true + tags: + - install + - config - name: "Create directory for PSK file if not exist." - file: + ansible.builtin.file: path: "{{ zabbix_proxy_tlspskfile | dirname }}" mode: 0755 state: directory become: true when: - zabbix_proxy_tlspskfile is defined + tags: + - config - name: "Place TLS PSK File" - copy: + ansible.builtin.copy: dest: "{{ zabbix_proxy_tlspskfile }}" content: "{{ zabbix_proxy_tlspsk_secret }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: 0400 become: true when: @@ -73,34 +116,20 @@ - zabbix_proxy_tlspsk_secret is defined notify: - restart zabbix-proxy - -- name: "Allow zabbix-proxy to open connections (SELinux)" - ansible.posix.seboolean: - name: zabbix_can_network - persistent: true - state: true - become: true - when: ansible_selinux.status == "enabled" - tags: selinux - -- name: "Allow zabbix-proxy to connect to zabbix_proxy_preprocessing.sock (SELinux)" - ansible.posix.seboolean: - name: daemons_enable_cluster_mode - persistent: true - state: true - become: true - when: ansible_selinux.status == "enabled" - tags: selinux + tags: + - config - name: "Configure zabbix-proxy" - template: + ansible.builtin.template: src: zabbix_proxy.conf.j2 - dest: /etc/zabbix/zabbix_proxy.conf - owner: zabbix - group: zabbix + dest: "{{ zabbix_proxy_config }}" + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: "{{ zabbix_proxy_conf_mode }}" notify: restart zabbix-proxy become: true + tags: + - config - name: Ensure proxy definition is up-to-date (added/updated/removed) vars: @@ -108,9 +137,9 @@ ansible_user: "{{ zabbix_api_login_user }}" ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi - # Can't think of a way to make http_login_* vars be undefined -( - http_login_user: "{{ zabbix_api_http_user | default(zabbix_http_user | default(-42)) }}" - http_login_password: "{{ zabbix_api_http_password | default(zabbix_http_password | default(-42)) }}" + ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}" + http_login_user: "{{ zabbix_api_http_user | default(-42) }}" + http_login_password: "{{ zabbix_api_http_password | default(-42) }}" community.zabbix.zabbix_proxy: state: "{{ zabbix_proxy_state }}" status: "{{ zabbix_proxy_status }}" @@ -125,14 +154,15 @@ when: - zabbix_api_create_proxy | bool delegate_to: "{{ zabbix_api_server_host }}" - become: false tags: - api - name: "zabbix-proxy started" - service: + ansible.builtin.service: name: zabbix-proxy state: started enabled: true become: true when: zabbix_proxy_manage_service | bool + tags: + - service diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml index 6d699ea83..dde847a53 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml @@ -1,21 +1,35 @@ --- # task file for mysql -- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - set_fact: +- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" when: - zabbix_proxy_dbhost_run_install + tags: + - database -- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - set_fact: +- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ inventory_hostname }}" when: - not zabbix_proxy_dbhost_run_install + tags: + - database -- name: "Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer" - set_fact: +- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_proxy_real_dbhost }}" when: zabbix_proxy_real_dbhost | default(false) + tags: + - database + +- name: PyMySQL + ansible.builtin.pip: + name: PyMySQL + register: installation_dependencies + until: installation_dependencies is succeeded + tags: + - database - name: "MySQL | Create database" community.mysql.mysql_db: @@ -28,11 +42,10 @@ login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" state: present - when: zabbix_database_creation + when: zabbix_proxy_database_creation register: zabbix_database_created delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-proxy - database - skip_ansible_lint @@ -47,31 +60,22 @@ password: "{{ zabbix_proxy_dbpassword }}" priv: "{{ zabbix_proxy_dbname }}.*:ALL" host: "{{ zabbix_proxy_privileged_host }}" + plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}" state: present - when: zabbix_database_creation + when: zabbix_proxy_database_creation delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-proxy - database -- name: "Get the file for schema.sql" - shell: ls -1 {{ datafiles_path }}/{{ 'schema' if zabbix_version is version('6.0', '<') else 'proxy' }}.sq* - changed_when: false - when: - - zabbix_database_sqlload - - zabbix_repo != "epel" - register: ls_output_create - tags: - - zabbix-proxy - - database - -- name: "Check if we have done files" - stat: +- name: "MySQL | Check if we have done files" + ansible.builtin.stat: path: /etc/zabbix/schema.done register: done_file + become: true when: - - zabbix_database_sqlload - - zabbix_repo != "epel" + - zabbix_proxy_database_sqlload + tags: + - database - name: "MySQL | Get version_comment" community.mysql.mysql_variables: @@ -84,7 +88,6 @@ delegate_to: "{{ delegated_dbhost }}" register: install_mysql_version tags: - - zabbix-proxy - database - name: "MySQL | Get current value for innodb_default_row_format" @@ -100,7 +103,6 @@ when: - install_mysql_version.msg is version('5.6', '>=') tags: - - zabbix-proxy - database - name: "MySQL | Set innodb_default_row_format to dynamic" @@ -113,15 +115,12 @@ login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_proxy_database_sqlload | bool - not done_file.stat.exists - install_mysql_version.msg is version('5.6', '>=') - mysql_innodb_default_row_format.msg != 'dynamic' delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-proxy - database - name: "MySQL | Create database and import file" @@ -135,42 +134,39 @@ encoding: "{{ zabbix_proxy_dbencoding }}" collation: "{{ zabbix_proxy_dbcollation }}" state: import - target: "{{ ls_output_create.stdout }}" + target: "{{ ls_output_schema.stdout }}" when: - - zabbix_database_sqlload - - zabbix_repo != "epel" + - zabbix_proxy_database_sqlload - not done_file.stat.exists delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-proxy - database - name: "MySQL | Revert innodb_default_row_format to previous value" community.mysql.mysql_variables: variable: innodb_default_row_format - value: '{{ mysql_innodb_default_row_format.msg }}' + value: "{{ mysql_innodb_default_row_format.msg }}" login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_proxy_database_sqlload | bool - not done_file.stat.exists - mysql_innodb_default_row_format.msg != 'dynamic' delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-proxy - database -- name: "Create done file" - file: +- name: "MySQL | Create done file" + ansible.builtin.file: path: /etc/zabbix/schema.done state: touch - mode: '0644' + mode: "0644" + become: true when: - - zabbix_database_sqlload - - zabbix_repo != "epel" + - zabbix_proxy_database_sqlload - not done_file.stat.exists + tags: + - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml index f32618d94..e71af9aba 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml @@ -1,17 +1,21 @@ --- # task file for postgresql -- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - set_fact: +- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" when: - zabbix_proxy_dbhost_run_install + tags: + - database -- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - set_fact: +- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ inventory_hostname }}" when: - not zabbix_proxy_dbhost_run_install + tags: + - database - name: "PostgreSQL | Delegated" block: @@ -20,8 +24,9 @@ name: "{{ zabbix_proxy_dbname }}" port: "{{ zabbix_proxy_dbport }}" state: present + - name: "PostgreSQL | Delegated | Create database user" - postgresql_user: + community.postgresql.postgresql_user: db: "{{ zabbix_proxy_dbname }}" name: "{{ zabbix_proxy_dbuser }}" password: "{{ ('md5' + (zabbix_proxy_dbpassword + zabbix_proxy_dbuser)|hash('md5')) if zabbix_proxy_dbpassword_hash_method == 'md5' else zabbix_proxy_dbpassword }}" @@ -33,10 +38,9 @@ become_user: postgres delegate_to: "{{ delegated_dbhost }}" when: - - zabbix_database_creation + - zabbix_proxy_database_creation - zabbix_proxy_pgsql_login_host is not defined tags: - - zabbix-proxy - database - name: "PostgreSQL | Remote" @@ -51,7 +55,7 @@ port: "{{ zabbix_proxy_dbport }}" state: present - name: "PostgreSQL | Remote | Create database user" - postgresql_user: + community.postgresql.postgresql_user: login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}" login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}" login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}" @@ -63,30 +67,30 @@ state: present encrypted: true when: - - zabbix_database_creation + - zabbix_proxy_database_creation - zabbix_proxy_pgsql_login_host is defined tags: - - zabbix-proxy + - database + +- name: "PostgreSQL | Handle Compressed Schema File" + ansible.builtin.set_fact: + zabbix_proxy_cat_cmd: zcat + when: "'.gz' in ls_output_schema.stdout" + tags: - database - name: "PostgreSQL | Importing schema file" - shell: | + ansible.builtin.shell: | set -euxo pipefail - FILE={{ 'schema.sql' if zabbix_version is version('6.0', '<') else 'proxy.sql' }} - cd {{ datafiles_path }} - if [ -f ${FILE}.gz ] - then zcat ${FILE}.gz > /tmp/schema.sql - else - cp ${FILE} /tmp/schema.sql - fi - cat /tmp/schema.sql | psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' \ - -d '{{ zabbix_proxy_dbname }}' + {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' -d '{{ zabbix_proxy_dbname }}' touch /etc/zabbix/schema.done - rm -f /tmp/schema.sql args: creates: /etc/zabbix/schema.done executable: /bin/bash environment: - PGPASSWORD: '{{ zabbix_proxy_dbpassword }}' + PGPASSWORD: "{{ zabbix_proxy_dbpassword }}" + become: true when: - - zabbix_database_creation + - zabbix_proxy_database_creation + tags: + - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml index 02fb4ebaf..0dca77c52 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml @@ -1,11 +1,7 @@ --- - - name: "SELinux | RedHat | Install related SELinux package to fix issues" - yum: - name: - - policycoreutils-python - - libsemanage-python - - checkpolicy + ansible.builtin.yum: + name: "{{ selinux_pkgs[ansible_distribution_major_version] }}" state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" @@ -13,38 +9,32 @@ register: zabbix_proxy_dependencies_installed until: zabbix_proxy_dependencies_installed is succeeded become: true - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" - tags: - - zabbix-proxy - -- name: "SELinux | RedHat | Install related SELinux package to fix issues on RHEL8" - yum: - name: - - policycoreutils - - checkpolicy - - python3-libsemanage - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - ansible_os_family == "RedHat" - - ansible_distribution_major_version|int >= 8 tags: - zabbix-proxy - name: "SELinux | RedHat | Add SEmodule to fix SELinux issue: zabbix_proxy_alerter.sock" - script: + ansible.builtin.script: cmd: files/install_semodule.bsx args: creates: /etc/selinux/targeted/active/modules/400/zabbix_proxy_add/cil become: true - when: - - ansible_os_family == "RedHat" tags: - zabbix-proxy + +- name: "Allow zabbix-proxy to open connections (SELinux)" + ansible.posix.seboolean: + name: zabbix_can_network + persistent: true + state: true + become: true + when: ansible_selinux.status == "enabled" + tags: selinux + +- name: "Allow zabbix-proxy to connect to zabbix_proxy_preprocessing.sock (SELinux)" + ansible.posix.seboolean: + name: daemons_enable_cluster_mode + persistent: true + state: true + become: true + when: ansible_selinux.status == "enabled" + tags: selinux diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml index 03fbf6fb3..3d74b73e7 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml @@ -2,49 +2,54 @@ # task file for sqlite3 - name: "Sqlite3 | Default Database Path" - set_fact: + ansible.builtin.set_fact: zabbix_proxy_dbname: /var/lib/zabbix/zabbix_proxy.db when: - zabbix_proxy_dbname == "zabbix_proxy" + tags: + - database - name: "Sqlite3 | Create database" - file: + ansible.builtin.file: name: "{{ zabbix_proxy_dbname | dirname }}" mode: 0744 - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" seuser: system_u serole: object_r setype: zabbix_var_lib_t state: directory become: true when: - - zabbix_database_creation + - zabbix_proxy_database_creation + tags: + - database + +- name: "Sqlite3 | Handle Compressed Schema File" + ansible.builtin.set_fact: + zabbix_proxy_cat_cmd: zcat + when: "'.gz' in ls_output_schema.stdout" + tags: + - database - name: "Sqlite3 | Importing schema file" become: true - become_user: zabbix - shell: | - set -o pipefail - FILE={{ 'schema.sql' if zabbix_version is version('6.0', '<') else 'proxy.sql' }} - cd {{ datafiles_path }} - if [ -f ${FILE}.gz ] - then zcat ${FILE}.gz > /tmp/schema.sql - else - cp ${FILE} /tmp/schema.sql - fi - cat /tmp/schema.sql | sqlite3 {{ zabbix_proxy_dbname }} - rm -f /tmp/schema.sql + become_user: "{{ zabbix_os_user }}" + ansible.builtin.shell: | + set -euxo pipefail + {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | sqlite3 {{ zabbix_proxy_dbname }} args: creates: "{{ zabbix_proxy_dbname }}" executable: /bin/bash environment: - PGPASSWORD: '{{ zabbix_proxy_dbpassword }}' + PGPASSWORD: "{{ zabbix_proxy_dbpassword }}" when: - - zabbix_database_creation + - zabbix_proxy_database_creation + tags: + - database -- name: "Fix zabbix db file permission (SELinux)" - file: +- name: "Sqlite3 | Fix zabbix db file permission (SELinux)" + ansible.builtin.file: path: "{{ zabbix_proxy_dbname }}" state: file seuser: system_u @@ -53,5 +58,6 @@ become: true when: - ansible_selinux.status == "enabled" - - zabbix_database_creation - tags: selinux + - zabbix_proxy_database_creation + tags: + - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 index b61842d12..60ae3f0a5 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 @@ -4,197 +4,116 @@ # This configuration file is "minimalized", which means all the original comments # are removed. The full documentation for your Zabbix Proxy can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_proxy +# https://www.zabbix.com/documentation/{{ zabbix_proxy_version }}/en/manual/appendix/config/zabbix_proxy -ProxyMode={{ zabbix_proxy_mode }} -Server={{ zabbix_proxy_server }} -{% if zabbix_version is version('6.0', '<') %} -ServerPort={{ zabbix_proxy_serverport }} -{% endif %} -{% if zabbix_proxy_hostname is defined and zabbix_proxy_hostname %} -Hostname={{ zabbix_proxy_hostname }} -{% endif %} -{% if zabbix_proxy_hostnameitem is defined and zabbix_proxy_hostnameitem %} -HostnameItem={{ zabbix_proxy_hostnameitem }} -{% endif %} -ListenPort={{ zabbix_proxy_listenport }} -{% if zabbix_proxy_sourceip is defined and zabbix_proxy_sourceip %} -SourceIP={{ zabbix_proxy_sourceip }} -{% endif %} -{% if zabbix_version is version('6.0', '>=') %} -LogType={{ zabbix_proxy_logtype }} -{% endif %} -LogFile={{ zabbix_proxy_logfile }} -LogFileSize={{ zabbix_proxy_logfilesize }} -EnableRemoteCommands={{ zabbix_proxy_enableremotecommands }} -DebugLevel={{ zabbix_proxy_debuglevel }} -PidFile={{ zabbix_proxy_pidfile }} -{% if zabbix_version is version('3.2', '>') %} -SocketDir={{ zabbix_proxy_socketdir }} -{% endif %} -DBHost={{ zabbix_proxy_dbhost }} -DBName={{ zabbix_proxy_dbname }} -{% if zabbix_proxy_dbschema is defined and zabbix_proxy_dbschema %} -DBSchema={{ zabbix_proxy_dbschema }} -{% endif %} -DBUser={{ zabbix_proxy_dbuser }} -DBPassword={{ zabbix_proxy_dbpassword }} -DBPort={{ zabbix_proxy_dbport }} -{% if zabbix_version is version('6.0', '>=') %} -AllowUnsupportedDBVersions={{ zabbix_proxy_allowunsupporteddbversions }} -{% endif %} -ProxyLocalBuffer={{ zabbix_proxy_proxylocalbuffer }} -ProxyOfflineBuffer={{ zabbix_proxy_proxyofflinebuffer }} -{% if zabbix_version is version('6.4', '<') %} -HeartbeatFrequency={{ zabbix_proxy_heartbeatfrequency }} -{% endif %} -{% if zabbix_proxy_configfrequency is defined and zabbix_proxy_configfrequency is not none %} -{% if zabbix_version is version('6.4', '<') %} -ConfigFrequency={{ zabbix_proxy_configfrequency }} -{% else %} -ProxyConfigFrequency={{ zabbix_proxy_configfrequency }} -{% endif %} -{% else %} -{% if zabbix_version is version('6.2', '<') %} -ConfigFrequency=3600 -{% elif zabbix_version is version('6.4', '<') %} -ConfigFrequency=300 -{% else %} -ProxyConfigFrequency=10 -{% endif %} -{% endif %} -DataSenderFrequency={{ zabbix_proxy_datasenderfrequency }} -StartPollers={{ zabbix_proxy_startpollers }} -StartIPMIPollers={{ zabbix_proxy_startipmipollers }} -{% if zabbix_version is version('4.2', '>=') %} -StartPreprocessors={{ zabbix_proxy_startpreprocessors }} -{% endif %} -StartPollersUnreachable={{ zabbix_proxy_startpollersunreachable }} -StartTrappers={{ zabbix_proxy_starttrappers }} -StartPingers={{ zabbix_proxy_startpingers }} -StartDiscoverers={{ zabbix_proxy_startdiscoverers }} -StartHTTPPollers={{ zabbix_proxy_starthttppollers }} -{% if zabbix_proxy_javagateway is defined and zabbix_proxy_javagateway %} -JavaGateway={{ zabbix_proxy_javagateway }} -JavaGatewayPort={{ zabbix_proxy_javagatewayport }} -StartJavaPollers={{ zabbix_proxy_startjavapollers }} -{% endif %} -{% if zabbix_version is version_compare('2.4', '>=') %} -StartVMwareCollectors={{ zabbix_proxy_startvmwarecollector }} -VMwareFrequency={{ zabbix_proxy_vmwarefrequency }} -VMwareCacheSize={{ zabbix_proxy_vmwarecachesize -}}M -{% endif %} -SNMPTrapperFile={{ zabbix_proxy_snmptrapperfile }} -StartSNMPTrapper={{ zabbix_proxy_snmptrapper }} -{% if zabbix_proxy_listenip is defined and zabbix_proxy_listenip %} -ListenIP={{ zabbix_proxy_listenip }} -{% endif %} -HousekeepingFrequency={{ zabbix_proxy_housekeepingfrequency }} -CacheSize={{ zabbix_proxy_cachesize -}}M -StartDBSyncers={{ zabbix_proxy_startdbsyncers }} -HistoryCacheSize={{ zabbix_proxy_historycachesize -}}M -{% if zabbix_version is version_compare('3.2', '>=') %} -HistoryIndexCacheSize={{ zabbix_proxy_historyindexcachesize -}}M -{% endif %} -{% if zabbix_version is version_compare('2.4', '<') %} -HistoryTextCacheSize={{ zabbix_proxy_historytextcachesize -}}M -{% endif %} -Timeout={{ zabbix_proxy_timeout }} -TrapperTimeout={{ zabbix_proxy_trappertimeout }} -UnreachablePeriod={{ zabbix_proxy_unreachableperiod }} -UnavailableDelay={{ zabbix_proxy_unavaliabledelay }} -UnreachableDelay={{ zabbix_proxy_unreachabedelay }} -{% if zabbix_version is version_compare('6.2', '>=') %} -StartODBCPollers={{ zabbix_proxy_startodbcpollers }} -{% endif %} -ExternalScripts={{ zabbix_proxy_externalscripts }} -FpingLocation={{ zabbix_proxy_fpinglocation }} -Fping6Location={{ zabbix_proxy_fping6location }} -{% if zabbix_proxy_sshkeylocation is defined and zabbix_proxy_sshkeylocation %} -SSHKeyLocation={{ zabbix_proxy_sshkeylocation }} -{% endif %} -LogSlowQueries={{ zabbix_proxy_loglowqueries }} -TmpDir={{ zabbix_proxy_tmpdir }} -{% if zabbix_version is version_compare('2.4', '<') %} -AllowRoot={{ zabbix_proxy_allowroot }} -{% endif %} -Include={{ zabbix_proxy_include }} -{% if zabbix_version is version_compare('3.0', '<') %} -LoadModulePath={{ zabbix_proxy_loadmodulepath }} -{% endif %} -{% if zabbix_proxy_loadmodule is defined and zabbix_proxy_loadmodule %} -LoadModule={{ zabbix_proxy_loadmodule }} -{% endif %} -{% if zabbix_version is version_compare('4.0', '>=') %} -StatsAllowedIP={{ zabbix_proxy_statsallowedip }} -{% endif %} -{% if zabbix_version is version_compare('3.0', '>=') %} -{% if zabbix_proxy_tlsconnect is defined and zabbix_proxy_tlsconnect %} -TLSConnect={{ zabbix_proxy_tlsconnect }} -{% endif %} -{% if zabbix_proxy_tlsaccept is defined and zabbix_proxy_tlsaccept %} -TLSAccept={{ zabbix_proxy_tlsaccept }} -{% endif %} -{% if zabbix_proxy_tlscafile is defined and zabbix_proxy_tlscafile %} -TLSCAFile={{ zabbix_proxy_tlscafile }} -{% endif %} -{% if zabbix_proxy_tlscrlfile is defined and zabbix_proxy_tlscrlfile %} -TLSCRLFile={{ zabbix_proxy_tlscrlfile }} -{% endif %} -{% if zabbix_proxy_tlsservercertissuer is defined and zabbix_proxy_tlsservercertissuer %} -TLSServerCertIssuer={{ zabbix_proxy_tlsservercertissuer }} -{% endif %} -{% if zabbix_proxy_tlsservercertsubject is defined and zabbix_proxy_tlsservercertsubject %} -TLSServerCertSubject={{ zabbix_proxy_tlsservercertsubject }} -{% endif %} -{% if zabbix_proxy_tlscertfile is defined and zabbix_proxy_tlscertfile %} -TLSCertFile={{ zabbix_proxy_tlscertfile }} -{% endif %} -{% if zabbix_proxy_tlskeyfile is defined and zabbix_proxy_tlskeyfile %} -TLSKeyFile={{ zabbix_proxy_tlskeyfile }} -{% endif %} -{% if zabbix_proxy_tlspskidentity is defined and zabbix_proxy_tlspskidentity %} -TLSPSKIdentity={{ zabbix_proxy_tlspskidentity }} -{% endif %} -{% if zabbix_proxy_tlspskfile is defined and zabbix_proxy_tlspskfile %} -TLSPSKFile={{ zabbix_proxy_tlspskfile }} -{% endif %} -{% endif %} -{% if zabbix_proxy_dbtlsconnect is defined and zabbix_proxy_dbtlsconnect is not none %} -DBTLSConnect={{ zabbix_proxy_dbtlsconnect }} -{% endif %} -{% if zabbix_proxy_dbtlscafile is defined and zabbix_proxy_dbtlscafile is not none %} -DBTLSCAFile={{ zabbix_proxy_dbtlscafile }} -{% endif %} -{% if zabbix_proxy_dbtlscertfile is defined and zabbix_proxy_dbtlscertfile is not none %} -DBTLSCertFile={{ zabbix_proxy_dbtlscertfile }} -{% endif %} -{% if zabbix_proxy_dbtlskeyfile is defined and zabbix_proxy_dbtlskeyfile is not none %} -DBTLSKeyFile={{ zabbix_proxy_dbtlskeyfile }} -{% endif %} -{% if zabbix_proxy_dbtlscipher is defined and zabbix_proxy_dbtlscipher is not none %} -DBTLSCipher={{ zabbix_proxy_dbtlscipher }} -{% endif %} -{% if zabbix_proxy_dbtlscipher13 is defined and zabbix_proxy_dbtlscipher13 is not none %} -DBTLSCipher13={{ zabbix_proxy_dbtlscipher13 }} -{% endif %} -{% if zabbix_version is version('6.0', '>=') %} -{% if zabbix_proxy_vaulttoken is defined and zabbix_proxy_vaulttoken is not none %} -VaultToken={{ zabbix_proxy_vaulttoken }} -{% endif %} -{% if zabbix_proxy_vaulturl is defined and zabbix_proxy_vaulturl is not none %} -VaultURL={{ zabbix_proxy_vaulturl }} -{% endif %} -{% if zabbix_proxy_vaultdbpath is defined and zabbix_proxy_vaultdbpath is not none %} -VaultDBPath={{ zabbix_proxy_vaultdbpath }} -{% endif %} -{% if zabbix_proxy_vaulttlscertfile is defined and zabbix_proxy_vaulttlscertfile is not none %} -VaultTLSKeyFile={{ zabbix_proxy_vaulttlscertfile }} -{% endif %} -{% if zabbix_proxy_vaulttlskeyfile is defined and zabbix_proxy_vaulttlskeyfile is not none %} -VaultTLSCertFile={{ zabbix_proxy_vaulttlskeyfile }} -{% endif %} -{% if zabbix_proxy_listenbacklog is defined and zabbix_proxy_listenbacklog is not none %} -ListenBacklog={{ zabbix_proxy_listenbacklog }} -{% endif %} -{% endif %} +{{ (zabbix_proxy_allowroot is defined and zabbix_proxy_allowroot is not none) | ternary('','# ') }}AllowRoot={{ zabbix_proxy_allowroot | default('') }} +{% if zabbix_proxy_version is version('6.0', '>=') %} +{{ (zabbix_proxy_allowunsupporteddbversions is defined and zabbix_proxy_allowunsupporteddbversions is not none) | ternary('','# ') }}AllowUnsupportedDBVersions={{ zabbix_proxy_allowunsupporteddbversions | default('') }} +{% endif %} +{{ (zabbix_proxy_cachesize is defined and zabbix_proxy_cachesize is not none) | ternary('','# ') }}CacheSize={{ zabbix_proxy_cachesize | default('') }} +{{ (zabbix_proxy_configfrequency is defined and zabbix_proxy_configfrequency is not none) | ternary('','# ') }}ConfigFrequency={{ zabbix_proxy_configfrequency | default('') }} +{{ (zabbix_proxy_datasenderfrequency is defined and zabbix_proxy_datasenderfrequency is not none) | ternary('','# ') }}DataSenderFrequency={{ zabbix_proxy_datasenderfrequency | default('') }} +{{ (zabbix_proxy_dbhost is defined and zabbix_proxy_dbhost is not none) | ternary('','# ') }}DBHost={{ zabbix_proxy_dbhost | default('') }} +{{ (zabbix_proxy_dbname is defined and zabbix_proxy_dbname is not none) | ternary('','# ') }}DBName={{ zabbix_proxy_dbname | default('') }} +{{ (zabbix_proxy_dbpassword is defined and zabbix_proxy_dbpassword is not none) | ternary('','# ') }}DBPassword={{ zabbix_proxy_dbpassword | default('') }} +{{ (zabbix_proxy_dbschema is defined and zabbix_proxy_dbschema is not none) | ternary('','# ') }}DBSchema={{ zabbix_proxy_dbschema | default('') }} +{{ (zabbix_proxy_dbsocket is defined and zabbix_proxy_dbsocket is not none) | ternary('','# ') }}DBSocket={{ zabbix_proxy_dbsocket | default('') }} +{{ (zabbix_proxy_dbtlscafile is defined and zabbix_proxy_dbtlscafile is not none) | ternary('','# ') }}DBTLSCAFile={{ zabbix_proxy_dbtlscafile | default('') }} +{{ (zabbix_proxy_dbtlscertfile is defined and zabbix_proxy_dbtlscertfile is not none) | ternary('','# ') }}DBTLSCertFile={{ zabbix_proxy_dbtlscertfile | default('') }} +{{ (zabbix_proxy_dbtlscipher is defined and zabbix_proxy_dbtlscipher is not none) | ternary('','# ') }}DBTLSCipher={{ zabbix_proxy_dbtlscipher | default('') }} +{{ (zabbix_proxy_dbtlscipher13 is defined and zabbix_proxy_dbtlscipher13 is not none) | ternary('','# ') }}DBTLSCipher13={{ zabbix_proxy_dbtlscipher13 | default('') }} +{{ (zabbix_proxy_dbtlsconnect is defined and zabbix_proxy_dbtlsconnect is not none) | ternary('','# ') }}DBTLSConnect={{ zabbix_proxy_dbtlsconnect | default('') }} +{{ (zabbix_proxy_dbtlskeyfile is defined and zabbix_proxy_dbtlskeyfile is not none) | ternary('','# ') }}DBTLSKeyFile={{ zabbix_proxy_dbtlskeyfile | default('') }} +{{ (zabbix_proxy_dbuser is defined and zabbix_proxy_dbuser is not none) | ternary('','# ') }}DBUser={{ zabbix_proxy_dbuser | default('') }} +{{ (zabbix_proxy_debuglevel is defined and zabbix_proxy_debuglevel is not none) | ternary('','# ') }}DebugLevel={{ zabbix_proxy_debuglevel | default('') }} +{{ (zabbix_proxy_enableremotecommands is defined and zabbix_proxy_enableremotecommands is not none) | ternary('','# ') }}EnableRemoteCommands={{ zabbix_proxy_enableremotecommands | default('') }} +{{ (zabbix_proxy_externalscripts is defined and zabbix_proxy_externalscripts is not none) | ternary('','# ') }}ExternalScripts={{ zabbix_proxy_externalscripts | default('') }} +{{ (zabbix_proxy_fping6location is defined and zabbix_proxy_fping6location is not none) | ternary('','# ') }}Fping6Location={{ zabbix_proxy_fping6location | default('') }} +{{ (zabbix_proxy_fpinglocation is defined and zabbix_proxy_fpinglocation is not none) | ternary('','# ') }}FpingLocation={{ zabbix_proxy_fpinglocation | default('') }} +{% if zabbix_proxy_version is version('6.4', '<') %} +{{ (zabbix_proxy_heartbeatfrequency is defined and zabbix_proxy_heartbeatfrequency is not none) | ternary('','# ') }}HeartbeatFrequency={{ zabbix_proxy_heartbeatfrequency | default('') }} +{% endif %} +{{ (zabbix_proxy_historycachesize is defined and zabbix_proxy_historycachesize is not none) | ternary('','# ') }}HistoryCacheSize={{ zabbix_proxy_historycachesize | default('') }} +{{ (zabbix_proxy_historyindexcachesize is defined and zabbix_proxy_historyindexcachesize is not none) | ternary('','# ') }}HistoryIndexCacheSize={{ zabbix_proxy_historyindexcachesize | default('') }} +{{ (zabbix_proxy_hostname is defined and zabbix_proxy_hostname is not none) | ternary('','# ') }}Hostname={{ zabbix_proxy_hostname | default('') }} +{{ (zabbix_proxy_hostnameitem is defined and zabbix_proxy_hostnameitem is not none) | ternary('','# ') }}HostnameItem={{ zabbix_proxy_hostnameitem | default('') }} +{{ (zabbix_proxy_housekeepingfrequency is defined and zabbix_proxy_housekeepingfrequency is not none) | ternary('','# ') }}HousekeepingFrequency={{ zabbix_proxy_housekeepingfrequency | default('') }} +{{ (zabbix_proxy_include is defined and zabbix_proxy_include is not none) | ternary('','# ') }}Include={{ zabbix_proxy_include | default('') }} +{{ (zabbix_proxy_javagateway is defined and zabbix_proxy_javagateway is not none) | ternary('','# ') }}JavaGateway={{ zabbix_proxy_javagateway | default('') }} +{{ (zabbix_proxy_javagatewayport is defined and zabbix_proxy_javagatewayport is not none) | ternary('','# ') }}JavaGatewayPort={{ zabbix_proxy_javagatewayport | default('') }} +{{ (zabbix_proxy_listenbacklog is defined and zabbix_proxy_listenbacklog is not none) | ternary('','# ') }}ListenBacklog={{ zabbix_proxy_listenbacklog | default('') }} +{{ (zabbix_proxy_listenip is defined and zabbix_proxy_listenip is not none) | ternary('','# ') }}ListenIP={{ zabbix_proxy_listenip | default('') }} +{{ (zabbix_proxy_listenport is defined and zabbix_proxy_listenport is not none) | ternary('','# ') }}ListenPort={{ zabbix_proxy_listenport | default('') }} +{{ (zabbix_proxy_loadmodule is defined and zabbix_proxy_loadmodule is not none) | ternary('','# ') }}LoadModule={{ zabbix_proxy_loadmodule | default('') }} +{{ (zabbix_proxy_loadmodulepath is defined and zabbix_proxy_loadmodulepath is not none) | ternary('','# ') }}LoadModulePath={{ zabbix_proxy_loadmodulepath | default('') }} +{{ (zabbix_proxy_logfile is defined and zabbix_proxy_logfile is not none) | ternary('','# ') }}LogFile={{ zabbix_proxy_logfile | default('') }} +{{ (zabbix_proxy_logfilesize is defined and zabbix_proxy_logfilesize is not none) | ternary('','# ') }}LogFileSize={{ zabbix_proxy_logfilesize | default('') }} +{{ (zabbix_proxy_logremotecommands is defined and zabbix_proxy_logremotecommands is not none) | ternary('','# ') }}LogRemoteCommands={{ zabbix_proxy_logremotecommands | default('') }} +{{ (zabbix_proxy_logslowqueries is defined and zabbix_proxy_logslowqueries is not none) | ternary('','# ') }}LogSlowQueries={{ zabbix_proxy_logslowqueries | default('') }} +{{ (zabbix_proxy_logtype is defined and zabbix_proxy_logtype is not none) | ternary('','# ') }}LogType={{ zabbix_proxy_logtype | default('') }} +{{ (zabbix_proxy_pidfile is defined and zabbix_proxy_pidfile is not none) | ternary('','# ') }}PidFile={{ zabbix_proxy_pidfile | default('') }} +{{ (zabbix_proxy_proxylocalbuffer is defined and zabbix_proxy_proxylocalbuffer is not none) | ternary('','# ') }}ProxyLocalBuffer={{ zabbix_proxy_proxylocalbuffer | default('') }} +{{ (zabbix_proxy_proxymode is defined and zabbix_proxy_proxymode is not none) | ternary('','# ') }}ProxyMode={{ zabbix_proxy_proxymode | default('') }} +{{ (zabbix_proxy_proxyofflinebuffer is defined and zabbix_proxy_proxyofflinebuffer is not none) | ternary('','# ') }}ProxyOfflineBuffer={{ zabbix_proxy_proxyofflinebuffer | default('') }} +{{ (zabbix_proxy_server is defined and zabbix_proxy_server is not none) | ternary('','# ') }}Server={{ zabbix_proxy_server | default('') }} +{{ (zabbix_proxy_snmptrapperfile is defined and zabbix_proxy_snmptrapperfile is not none) | ternary('','# ') }}SNMPTrapperFile={{ zabbix_proxy_snmptrapperfile | default('') }} +{{ (zabbix_proxy_socketdir is defined and zabbix_proxy_socketdir is not none) | ternary('','# ') }}SocketDir={{ zabbix_proxy_socketdir | default('') }} +{{ (zabbix_proxy_sourceip is defined and zabbix_proxy_sourceip is not none) | ternary('','# ') }}SourceIP={{ zabbix_proxy_sourceip | default('') }} +{{ (zabbix_proxy_sshkeylocation is defined and zabbix_proxy_sshkeylocation is not none) | ternary('','# ') }}SSHKeyLocation={{ zabbix_proxy_sshkeylocation | default('') }} +{{ (zabbix_proxy_sslcalocation is defined and zabbix_proxy_sslcalocation is not none) | ternary('','# ') }}SSLCALocation={{ zabbix_proxy_sslcalocation | default('') }} +{{ (zabbix_proxy_sslcertlocation is defined and zabbix_proxy_sslcertlocation is not none) | ternary('','# ') }}SSLCertLocation={{ zabbix_proxy_sslcertlocation | default('') }} +{{ (zabbix_proxy_sslkeylocation is defined and zabbix_proxy_sslkeylocation is not none) | ternary('','# ') }}SSLKeyLocation={{ zabbix_proxy_sslkeylocation | default('') }} +{{ (zabbix_proxy_startdbsyncers is defined and zabbix_proxy_startdbsyncers is not none) | ternary('','# ') }}StartDBSyncers={{ zabbix_proxy_startdbsyncers | default('') }} +{{ (zabbix_proxy_startdiscoverers is defined and zabbix_proxy_startdiscoverers is not none) | ternary('','# ') }}StartDiscoverers={{ zabbix_proxy_startdiscoverers | default('') }} +{% if zabbix_proxy_version is version('6.0', '==') %} +{{ (zabbix_proxy_starthistorypollers is defined and zabbix_proxy_starthistorypollers is not none) | ternary('','# ') }}={{ zabbix_proxy_starthistorypollers | default('') }} +{% endif %} +{{ (zabbix_proxy_starthttppollers is defined and zabbix_proxy_starthttppollers is not none) | ternary('','# ') }}StartHTTPPollers={{ zabbix_proxy_starthttppollers | default('') }} +{{ (zabbix_proxy_startipmipollers is defined and zabbix_proxy_startipmipollers is not none) | ternary('','# ') }}StartIPMIPollers={{ zabbix_proxy_startipmipollers | default('') }} +{{ (zabbix_proxy_startjavapollers is defined and zabbix_proxy_startjavapollers is not none) | ternary('','# ') }}StartJavaPollers={{ zabbix_proxy_startjavapollers | default('') }} +{{ (zabbix_proxy_startodbcpollers is defined and zabbix_proxy_startodbcpollers is not none) | ternary('','# ') }}StartODBCPollers={{ zabbix_proxy_startodbcpollers | default('') }} +{{ (zabbix_proxy_startpingers is defined and zabbix_proxy_startpingers is not none) | ternary('','# ') }}StartPingers={{ zabbix_proxy_startpingers | default('') }} +{{ (zabbix_proxy_startpollers is defined and zabbix_proxy_startpollers is not none) | ternary('','# ') }}StartPollers={{ zabbix_proxy_startpollers | default('') }} +{{ (zabbix_proxy_startpollersunreachable is defined and zabbix_proxy_startpollersunreachable is not none) | ternary('','# ') }}StartPollersUnreachable={{ zabbix_proxy_startpollersunreachable | default('') }} +{{ (zabbix_proxy_startpreprocessors is defined and zabbix_proxy_startpreprocessors is not none) | ternary('','# ') }}StartPreprocessors={{ zabbix_proxy_startpreprocessors | default('') }} +{{ (zabbix_proxy_startsnmptrapper is defined and zabbix_proxy_startsnmptrapper is not none) | ternary('','# ') }}StartSNMPTrapper={{ zabbix_proxy_startsnmptrapper | default('') }} +{{ (zabbix_proxy_starttrappers is defined and zabbix_proxy_starttrappers is not none) | ternary('','# ') }}StartTrappers={{ zabbix_proxy_starttrappers | default('') }} +{{ (zabbix_proxy_startvmwarecollectors is defined and zabbix_proxy_startvmwarecollectors is not none) | ternary('','# ') }}StartVMwareCollectors={{ zabbix_proxy_startvmwarecollectors | default('') }} +{{ (zabbix_proxy_statsallowedip is defined and zabbix_proxy_statsallowedip is not none) | ternary('','# ') }}StatsAllowedIP={{ zabbix_proxy_statsallowedip | default('') }} +{{ (zabbix_proxy_timeout is defined and zabbix_proxy_timeout is not none) | ternary('','# ') }}Timeout={{ zabbix_proxy_timeout | default('') }} +{{ (zabbix_proxy_tlsaccept is defined and zabbix_proxy_tlsaccept is not none) | ternary('','# ') }}TLSAccept={{ zabbix_proxy_tlsaccept | default('') }} +{{ (zabbix_proxy_tlscafile is defined and zabbix_proxy_tlscafile is not none) | ternary('','# ') }}TLSCAFile={{ zabbix_proxy_tlscafile | default('') }} +{{ (zabbix_proxy_tlscertfile is defined and zabbix_proxy_tlscertfile is not none) | ternary('','# ') }}TLSCertFile={{ zabbix_proxy_tlscertfile | default('') }} +{{ (zabbix_proxy_tlscipherall is defined and zabbix_proxy_tlscipherall is not none) | ternary('','# ') }}TLSCipherAll={{ zabbix_proxy_tlscipherall | default('') }} +{{ (zabbix_proxy_tlscipherall13 is defined and zabbix_proxy_tlscipherall13 is not none) | ternary('','# ') }}TLSCipherAll13={{ zabbix_proxy_tlscipherall13 | default('') }} +{{ (zabbix_proxy_tlsciphercert is defined and zabbix_proxy_tlsciphercert is not none) | ternary('','# ') }}TLSCipherCert={{ zabbix_proxy_tlsciphercert | default('') }} +{{ (zabbix_proxy_tlsciphercert13 is defined and zabbix_proxy_tlsciphercert13 is not none) | ternary('','# ') }}TLSCipherCert13={{ zabbix_proxy_tlsciphercert13 | default('') }} +{{ (zabbix_proxy_tlscipherpsk is defined and zabbix_proxy_tlscipherpsk is not none) | ternary('','# ') }}TLSCipherPSK={{ zabbix_proxy_tlscipherpsk | default('') }} +{{ (zabbix_proxy_tlscipherpsk13 is defined and zabbix_proxy_tlscipherpsk13 is not none) | ternary('','# ') }}TLSCipherPSK13={{ zabbix_proxy_tlscipherpsk13 | default('') }} +{{ (zabbix_proxy_tlsconnect is defined and zabbix_proxy_tlsconnect is not none) | ternary('','# ') }}TLSConnect={{ zabbix_proxy_tlsconnect | default('') }} +{{ (zabbix_proxy_tlscrlfile is defined and zabbix_proxy_tlscrlfile is not none) | ternary('','# ') }}TLSCRLFile={{ zabbix_proxy_tlscrlfile | default('') }} +{{ (zabbix_proxy_tlskeyfile is defined and zabbix_proxy_tlskeyfile is not none) | ternary('','# ') }}TLSKeyFile={{ zabbix_proxy_tlskeyfile | default('') }} +{{ (zabbix_proxy_tlspskfile is defined and zabbix_proxy_tlspskfile is not none) | ternary('','# ') }}TLSPSKFile={{ zabbix_proxy_tlspskfile | default('') }} +{{ (zabbix_proxy_tlspskidentity is defined and zabbix_proxy_tlspskidentity is not none) | ternary('','# ') }}TLSPSKIdentity={{ zabbix_proxy_tlspskidentity | default('') }} +{{ (zabbix_proxy_tlsservercertissuer is defined and zabbix_proxy_tlsservercertissuer is not none) | ternary('','# ') }}TLSServerCertIssuer={{ zabbix_proxy_tlsservercertissuer | default('') }} +{{ (zabbix_proxy_tlsservercertsubject is defined and zabbix_proxy_tlsservercertsubject is not none) | ternary('','# ') }}TLSServerCertSubject={{ zabbix_proxy_tlsservercertsubject | default('') }} +{{ (zabbix_proxy_tmpdir is defined and zabbix_proxy_tmpdir is not none) | ternary('','# ') }}TmpDir={{ zabbix_proxy_tmpdir | default('') }} +{{ (zabbix_proxy_trappertimeout is defined and zabbix_proxy_trappertimeout is not none) | ternary('','# ') }}TrapperTimeout={{ zabbix_proxy_trappertimeout | default('') }} +{{ (zabbix_proxy_unavailabledelay is defined and zabbix_proxy_unavailabledelay is not none) | ternary('','# ') }}UnavailableDelay={{ zabbix_proxy_unavailabledelay | default('') }} +{{ (zabbix_proxy_unreachabledelay is defined and zabbix_proxy_unreachabledelay is not none) | ternary('','# ') }}UnreachableDelay={{ zabbix_proxy_unreachabledelay | default('') }} +{{ (zabbix_proxy_unreachableperiod is defined and zabbix_proxy_unreachableperiod is not none) | ternary('','# ') }}UnreachablePeriod={{ zabbix_proxy_unreachableperiod | default('') }} +{{ (zabbix_proxy_user is defined and zabbix_proxy_user is not none) | ternary('','# ') }}User={{ zabbix_proxy_user | default('') }} +{% if zabbix_proxy_version is version('6.2', '>=') %} +{{ (zabbix_proxy_vault is defined and zabbix_proxy_vault is not none) | ternary('','# ') }}Vault={{ zabbix_proxy_vault | default('') }} +{% endif %} +{{ (zabbix_proxy_vaultdbpath is defined and zabbix_proxy_vaultdbpath is not none) | ternary('','# ') }}VaultDBPath={{ zabbix_proxy_vaultdbpath | default('') }} +{% if zabbix_proxy_version is version('6.2', '>=') %} +{{ (zabbix_proxy_vaulttlscertfile is defined and zabbix_proxy_vaulttlscertfile is not none) | ternary('','# ') }}VaultTLSCertFile={{ zabbix_proxy_vaulttlscertfile | default('') }} +{{ (zabbix_proxy_vaulttlskeyfile is defined and zabbix_proxy_vaulttlskeyfile is not none) | ternary('','# ') }}VaultTLSKeyFile={{ zabbix_proxy_vaulttlskeyfile | default('') }} +{% endif %} +{{ (zabbix_proxy_vaulttoken is defined and zabbix_proxy_vaulttoken is not none) | ternary('','# ') }}VaultToken={{ zabbix_proxy_vaulttoken | default('') }} +{{ (zabbix_proxy_vaulturl is defined and zabbix_proxy_vaulturl is not none) | ternary('','# ') }}VaultURL={{ zabbix_proxy_vaulturl | default('') }} +{{ (zabbix_proxy_vmwarecachesize is defined and zabbix_proxy_vmwarecachesize is not none) | ternary('','# ') }}VMwareCacheSize={{ zabbix_proxy_vmwarecachesize | default('') }} +{{ (zabbix_proxy_vmwarefrequency is defined and zabbix_proxy_vmwarefrequency is not none) | ternary('','# ') }}VMwareFrequency={{ zabbix_proxy_vmwarefrequency | default('') }} +{{ (zabbix_proxy_vmwareperffrequency is defined and zabbix_proxy_vmwareperffrequency is not none) | ternary('','# ') }}VMwarePerfFrequency={{ zabbix_proxy_vmwareperffrequency | default('') }} +{{ (zabbix_proxy_vmwaretimeout is defined and zabbix_proxy_vmwaretimeout is not none) | ternary('','# ') }}VMwareTimeout={{ zabbix_proxy_vmwaretimeout | default('') }} diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml deleted file mode 100644 index 605be3896..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_distribution_major_version: "6" diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml index 2c87e2d61..cd9527eb2 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml @@ -1,26 +1,57 @@ zabbix_valid_proxy_versions: # Debian + "12": + - 6.4 + - 6.0 "11": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "10": + - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 - "9": - - 4.0 - # Ubuntu "22": - 6.4 + - 6.2 - 6.0 "20": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "18": + - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 + +mysql_client_pkgs: + # Debian + "12": + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + "11": + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + "10": + - mariadb-client + - "{{ zabbix_python_prefix }}-mysqldb" + # Ubuntu + "22": + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + "20": + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + "18": + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + +mysql_plugin: + "18": mysql_native_password + "10": mysql_native_password + +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}" +_zabbix_proxy_fping6location: /usr/bin/fping6 +_zabbix_proxy_fpinglocation: /usr/bin/fping diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml index 31da6800f..e8ee7e2ae 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml @@ -1,12 +1,55 @@ zabbix_valid_proxy_versions: "9": - 6.4 + - 6.2 - 6.0 "8": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "7": - - 5.0 - - 4.0 + - 6.4 + - 6.2 + - 6.0 + +pgsql_depenencies: + "9": + - python3-psycopg2 + - postgresql + "8": + - python3-psycopg2 + - postgresql + "7": + - python-psycopg2 + - postgresql + +mysql_client_pkgs: + "9": + - mysql + - python3-PyMySQL + "8": + - mysql + - python3-PyMySQL + "7": + - MariaDB-client + - MySQL-python + +selinux_pkgs: + "9": + - policycoreutils + - checkpolicy + - python3-libsemanage + "8": + - policycoreutils + - checkpolicy + - python3-libsemanage + "7": + - policycoreutils-python + - libsemanage-python + - checkpolicy + +mysql_plugin: + "7": mysql_native_password + +_zabbix_proxy_fping6location: /usr/sbin/fping6 +_zabbix_proxy_fpinglocation: /usr/sbin/fping diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml index ea434bdc4..90779c270 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml @@ -1,2 +1,7 @@ --- # vars file for zabbix_proxy +db_file_path: + "62": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" + "64": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" + "60": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" + "50": "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}*/schema.sql.gz" diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml deleted file mode 100644 index 7ac7dc354..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml +++ /dev/null @@ -1,255 +0,0 @@ ---- -sign_keys: - "64": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "62": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "60": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "54": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "52": - # bullseye: not available upstream - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "50": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "44": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "42": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "40": - bullseye: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "34": - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "32": - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - sonya: - sign_key: 79EA5ED4 - serena: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "30": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "24": - jessie: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - "22": - squeeze: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - lucid: - sign_key: 79EA5ED4 - -suse: - "openSUSE Leap": - "42": - name: server:monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ - "openSUSE": - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} - "SLES": - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/README.md b/ansible_collections/community/zabbix/roles/zabbix_server/README.md index 4643fbc3f..f154f4951 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/README.md +++ b/ansible_collections/community/zabbix/roles/zabbix_server/README.md @@ -75,26 +75,16 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | | | | | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | | | V | V | V | V | V | | | -| Debian 9 stretch | | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | - -See https://support.zabbix.com/browse/ZBX-18790 why RHEL7 is not supported anymore. +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | | | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | | | V | # Installation @@ -110,112 +100,48 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_server_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_server_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_server_version: 6.0`. * `zabbix_server_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_server_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_service_state`: Default: `started`. Can be overridden to stopped if needed * `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### SElinux -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. * `selinux_allow_zabbix_can_network`: Default: `False`. * `selinux_allow_zabbix_can_http`: Default: `False`. ### Zabbix Server * `zabbix_server_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. -* `zabbix_server_listenport`: Default: `10051`. On which port the Zabbix Server is available. * `zabbix_server_install_recommends`: Default: `True`. `False` does not install the recommended packages that come with the zabbix-server install. * `zabbix_server_manage_service`: Default: `True`. When you run multiple Zabbix servers in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-server service, because Pacemaker is in control of zabbix-server service and in this case, it needs to be set to `False`. -* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started. This parameter is supported since Zabbix 4.2.0. -* `zabbix_server_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used. * `zabbix_server_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_server_include`. * `zabbix_server_conf_mode`: Default: `0640`. The "mode" for the Zabbix configuration file. -* `zabbix_server_listenbacklog`: The maximum number of pending connections in the queue. -* `zabbix_server_trendcachesize`: Size of trend cache, in bytes. -* `zabbix_server_trendfunctioncachesize`: Size of trend function cache, in bytes. -* `zabbix_server_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission -* `zabbix_server_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. -* `zabbix_server_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -* `zabbix_server_startreportwriters`: Number of pre-forked report writer instances. -* `zabbix_server_webserviceurl`: URL to Zabbix web service, used to perform web related tasks. -* `zabbix_server_servicemanagersyncfrequency`: How often Zabbix will synchronize configuration of a service manager (in seconds). -* `zabbix_server_problemhousekeepingfrequency`: How often Zabbix will delete problems for deleted triggers (in seconds). -* `zabbix_server_connectors`: Number of pre-forked instances of preprocessing workers. - -### High Availability - -These variables are specific for Zabbix 6.0 and higher: - -* `zabbix_server_hanodename`: The high availability cluster node name. When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. (Default: empty) -* `zabbix_server_nodeaddress`: IP or hostname with optional port to specify how frontend should connect to the server. ### Database specific * `zabbix_server_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database. * `zabbix_server_database`: Default: `pgsql`. The type of database used. Can be: `mysql` or `pgsql` -* `zabbix_server_database_long`: Default: `postgresql`. The type of database used, but long name. Can be: `mysql` or `postgresql` * `zabbix_server_dbhost`: The hostname on which the database is running. * `zabbix_server_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections) * `zabbix_server_dbname`: The database name which is used by the Zabbix Server. * `zabbix_server_dbuser`: The database username which is used by the Zabbix Server. * `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server. +* `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. * `zabbix_server_dbport`: The database port which is used by the Zabbix Server. * `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. -* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. +* `zabbix_server_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. * `zabbix_server_install_database_client`: Default: `True`. False does not install database client. Default true -* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. -* `zabbix_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database). +* `zabbix_server_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. +* `zabbix_server_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database). * `zabbix_server_dbencoding`: Default: `utf8`. The encoding for the MySQL database. * `zabbix_server_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database. -* `zabbix_server_allowunsupporteddbversions`: Allow server to work with unsupported database versions. - -### TLS Specific configuration - -These variables are specific for Zabbix 3.0 and higher: - -* `zabbix_server_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_server_tlsaccept`: What incoming connections to accept. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_server_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. -* `zabbix_server_tlscrlfile`: Full pathname of a file containing revoked certificates. -* `zabbix_server_tlsservercertissuer`: Allowed server certificate issuer. -* `zabbix_server_tlsservercertsubject`: Allowed server certificate subject. -* `zabbix_server_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. -* `zabbix_server_tlskeyfile`: Full pathname of a file containing the agent private key. -* `zabbix_server_dbtlsconnect`: Setting this option enforces to use TLS connection to database: - -`required` - connect using TLS -`verify_ca` - connect using TLS and verify certificate -`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate - -On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported. -By default not set to any option and the behaviour depends on database configuration. -This parameter is supported since Zabbix 5.0.0. - -* `zabbix_server_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscertfile`: Full pathname of file containing Zabbix server certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscipher`: The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscipher13`: The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0. ### Custom Zabbix Scripts @@ -350,6 +276,135 @@ The `zabbix_server_privileged_host` can be set to the hostname/ip of the host ru 3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Server with `PgSQL` on a different host will be running. +## Configuration Variables + +The following table lists all variables that are exposed to modify the configuration of the zabbix_server.conf file. Specific details of each variable can be found in the Zabbix documentation. + +**NOTE**: Only variables with a default value appear in the defaults file, all others must be added. + +| Zabbix Name | Variable Name | Default Value |Notes | +|-----------|------------------|--------|--------| +|AlertScriptsPath | zabbix_server_alertscriptspath | /usr/lib/zabbix/alertscripts | | +|AllowRoot | zabbix_server_allowroot | 0 | | +|AllowUnsupportedDBVersions | zabbix_server_allowunsupporteddbversions |0 | | +|CacheSize | zabbix_server_cachesize | | | +|CacheUpdateFrequency | zabbix_server_cacheupdatefrequency | | | +|DBHost | zabbix_server_dbhost | localhost | | +|DBName | zabbix_server_dbname | zabbix-server | | +|DBPassword | zabbix_server_dbpassword | zabbix-server | | +|DBPort | zabbix_server_dbport | 5432 | | +|DBSchema | zabbix_server_dbschema | | | +|DBSocket | zabbix_server_dbsocket | | | +|DBTLSCAFile | zabbix_server_dbtlscafile | | | +|DBTLSCertFile | zabbix_server_dbtlscertfile | | | +|DBTLSCipher | zabbix_server_dbtlscipher | | | +|DBTLSCipher13 | zabbix_server_dbtlscipher13 | | | +|DBTLSConnect | zabbix_server_dbtlsconnect | | | +|DBTLSKeyFile | zabbix_server_dbtlskeyfile | | | +|DBUser | zabbix_server_dbuser | zabbix-server | | +|DebugLevel | zabbix_server_debuglevel | 3 | | +|ExportDir | zabbix_server_exportdir | | | +|ExportFileSize | zabbix_server_exportfilesize | 1G | | +|ExportType | zabbix_server_exporttype | | | +|ExternalScripts | zabbix_server_externalscriptspath | /usr/lib/zabbix/externalscripts | | +|Fping6Location | zabbix_server_fping6location | OS Specific Value | | +|FpingLocation | zabbix_server_fpinglocation | OS Specific Value | | +|HANodeName | zabbix_server_hanodename | | | +|HistoryCacheSize | zabbix_server_historycachesize | | | +|HistoryIndexCacheSize | zabbix_server_historyindexcachesize | | | +|HistoryStorageDateIndex | zabbix_server_historystoragedateindex | 0 | | +|HistoryStorageTypes | zabbix_server_historystoragetypes | uint,dbl,str,log,text | | +|HistoryStorageURL | zabbix_server_historystorageurl | | | +|HousekeepingFrequency | zabbix_server_housekeepingfrequency | 1 | | +|Include | zabbix_server_include | /etc/zabbix/zabbix_server.conf.d | | +|JavaGateway | zabbix_server_javagateway | | | +|JavaGatewayPort | zabbix_server_javagatewayport | 10052 | | +|ListenBacklog | zabbix_server_listenbacklog | | | +|ListenIP | zabbix_server_listenip | | | +|ListenPort | zabbix_server_listenport | 10051 | | +|LoadModule | zabbix_server_loadmodule | | | +|LoadModulePath | zabbix_server_loadmodulepath | ${libdir}/modules | | +|LogFile | zabbix_server_logfile | /var/log/zabbix/zabbix_server.log | | +|LogFileSize | zabbix_server_logfilesize | 10 | | +|LogSlowQueries | zabbix_server_logslowqueries | 0 | | +|LogType | zabbix_server_logtype | file | | +|MaxHousekeeperDelete | zabbix_server_maxhousekeeperdelete | 500 | | +|NodeAddress | zabbix_server_nodeaddress | | | +|PidFile | zabbix_server_pidfile | /var/run/zabbix/zabbix_server.pid | | +|ProxyConfigFrequency | zabbix_server_proxyconfigfrequency | | | +|ProxyDataFrequency | zabbix_server_proxydatafrequency | 1 | | +|SNMPTrapperFile | zabbix_server_snmptrapperfile | | | +|SocketDir | zabbix_server_socketdir | /var/run/zabbix | | +|SourceIP | zabbix_server_sourceip | | | +|SSHKeyLocation | zabbix_server_sshkeylocation | | | +|SSLCALocation | zabbix_server_sslcalocation | | | +|SSLCertLocation | zabbix_server_sslcertlocation | ${datadir}/zabbix/ssl/certs | | +|SSLKeyLocation | zabbix_server_sslkeylocation | ${datadir}/zabbix/ssl/keys | | +|StartAlerters | zabbix_server_startalerters | | | +|StartConnectors | zabbix_server_connectors | | Version 6.4 or later | +|StartDBSyncers | zabbix_server_startdbsyncers | 4 | | +|StartDiscoverers | zabbix_server_startdiscoverers | 1 | | +|StartEscalators | zabbix_server_startescalators | 1 | | +|StartHistoryPollers | zabbix_server_starthistorypollers | | | +|StartHTTPPollers | zabbix_server_starthttppollers | 1 | | +|StartIPMIPollers | zabbix_server_startipmipollers | 0 | | +|StartJavaPollers | zabbix_server_startjavapollers | 0 | | +|StartLLDProcessors | zabbix_server_startlldprocessors | | | +|StartODBCPollers | zabbix_server_startodbcpollers | | | +|StartPingers | zabbix_server_startpingers | 1 | | +|StartPollers | zabbix_server_startpollers | 5 | | +|StartPollersUnreachable | zabbix_server_startpollersunreachable | 1 | | +|StartPreprocessors | zabbix_server_startpreprocessors | | | +|StartProxyPollers | zabbix_server_startproxypollers | | | +|StartReportWriters | zabbix_server_startreportwriters | 0 | | +|StartSNMPTrapper | zabbix_server_startsnmptrapper | 0 | | +|StartTimers | zabbix_server_starttimers | 1 | | +|StartTrappers | zabbix_server_starttrappers | 5 | | +|StartVMwareCollectors | zabbix_server_startvmwarecollectors | 0 | | +|StasAllowedIP | zabbix_server_statsallowedip | | | +|Timeout | zabbix_server_timeout | 3 | | +|TLSCAFile | zabbix_server_tlscafile | | | +|TLSCertFile | zabbix_server_tlscertfile | | | +|TLSCipherAll | zabbix_server_tlscipherall | | | +|TLSCipherAll13 | zabbix_server_tlscipherall13 | | | +|TLSCipherCert | zabbix_server_tlsciphercert | | | +|TLSCipherCert13 | zabbix_server_tlsciphercert13 | | | +|TLSCipherPSK | zabbix_server_tlscipherpsk | | | +|TLSCipherPSK13 | zabbix_server_tlscipherpsk13 | | | +|TLSCRLFile | zabbix_server_tlscrlfile | | | +|TLSKeyFile | zabbix_server_tlskeyfile | | | +|TmpDir | zabbix_server_tmpdir | /tmp | | +|TrapperTimeout | zabbix_server_trappertimeout | 300 | | +|TrendCacheSize | zabbix_server_trendcachesize | | | +|TrendFunctionCacheSize | zabbix_server_trendfunctioncachesize | | | +|UnavailableDelay | zabbix_server_unavailabledelay | 60 | | +|UnreachableDelay | zabbix_server_unreachabledelay | 15 | | +|UnreachablePeriod | zabbix_server_unreachableperiod | 45 | | +|User | zabbix_server_user | zabbix | | +|ValueCacheSize | zabbix_server_valuecachesize | | | +|Vault | zabbix_server_vault | | Version 6.2 or later | +|VaultDBPath | zabbix_server_vaultdbpath | | | +|VaultTLSKeyFile | zabbix_server_vaulttlskeyfile | | Version 6.2 or later | +|VaultTLSCertFile | zabbix_server_vaulttlscertfile | | Version 6.2 or later | +|VaultToken | zabbix_server_vaulttoken | | | +|VaultURL | zabbix_server_vaulturl | https://127.0.0.1:8200 | | +|VMwareCacheSize | zabbix_server_vmwarecachesize | | | +|VMwareFrequency | zabbix_server_vmwarefrequency | 60 | | +|VMwarePerfFrequency | zabbix_server_vmwareperffrequency | 60 | | +|VMwareTimeout | zabbix_server_vmwaretimeout | 10 | | +|WebServiceURL | zabbix_server_webserviceurl | | | + +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml index e9b837c99..6aec202dd 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml @@ -1,28 +1,52 @@ --- # defaults file for zabbix_server +# zabbix_server_version: +zabbix_os_user: zabbix +zabbix_service_enabled: true +zabbix_server_manage_service: true -# zabbix_server_version: 6.0 -zabbix_server_version_minor: "*" -zabbix_version: "{{ zabbix_server_version }}" -zabbix_repo: zabbix - -zabbix_server_apt_priority: -zabbix_server_package_state: present -zabbix_server_install_recommends: true +# Database +zabbix_server_database_sqlload: true +zabbix_server_database_timescaledb: false +zabbix_server_real_dbhost: +zabbix_server_dbhost: localhost +zabbix_server_dbname: zabbix-server +zabbix_server_privileged_host: localhost +zabbix_server_dbencoding: utf8 +zabbix_server_dbcollation: utf8_bin +zabbix_server_dbschema: +zabbix_server_dbuser: zabbix-server +zabbix_server_dbpassword: zabbix-server +zabbix_server_dbpassword_hash_method: md5 +zabbix_server_dbsocket: +zabbix_server_dbport: 5432 +zabbix_server_dbhost_run_install: true +zabbix_server_database: pgsql +zabbix_server_database_creation: true zabbix_server_install_database_client: true -zabbix_server_conf_mode: 0640 +# SELinux specific +zabbix_server_selinux: false +selinux_allow_zabbix_can_network: false +selinux_allow_zabbix_can_http: false + +#Misc. +zabbix_server_include_mode: "0755" +zabbix_server_config: /etc/zabbix/zabbix_server.conf zabbix_service_state: started -zabbix_service_enabled: true +# Yum/APT Variables +zabbix_server_version_minor: "*" +zabbix_server_package_state: present zabbix_repo_yum_gpgcheck: 0 zabbix_repo_yum_schema: https -zabbix_repo_yum_disabled: "*" -zabbix_repo_yum_enabled: [] +zabbix_repo_deb_component: main +zabbix_server_disable_repo: + - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_server_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" mode: "0644" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX @@ -34,128 +58,58 @@ zabbix_repo_yum: gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present +zabbix_server_apt_priority: +zabbix_server_install_recommends: true +zabbix_server_conf_mode: 0640 -# User (EPEL specific) -zabbix_server_username: zabbix -zabbix_server_groupname: zabbix - -# Database -zabbix_server_database: pgsql -zabbix_server_database_long: postgresql -zabbix_database_creation: true -zabbix_database_sqlload: true -zabbix_database_timescaledb: false -zabbix_server_dbtlsconnect: -zabbix_server_dbtlscafile: -zabbix_server_dbtlscertfile: -zabbix_server_dbtlskeyfile: -zabbix_server_dbtlscipher: -zabbix_server_dbtlscipher13: - -# zabbix-server specific vars +# Server Configuration Variables (Only ones with role provided defaults) +zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts +zabbix_server_allowroot: 0 +zabbix_server_allowunsupporteddbversions: 0 +zabbix_server_debuglevel: 3 +zabbix_server_exportfilesize: 1G +zabbix_server_externalscriptspath: /usr/lib/zabbix/externalscripts +zabbix_server_historystoragedateindex: 0 +zabbix_server_historystoragetypes: uint,dbl,str,log,text +zabbix_server_housekeepingfrequency: 1 +zabbix_server_include: /etc/zabbix/zabbix_server.conf.d +zabbix_server_javagatewayport: 10052 zabbix_server_listenport: 10051 -zabbix_server_sourceip: -zabbix_server_logtype: file +zabbix_server_loadmodulepath: ${libdir}/modules zabbix_server_logfile: /var/log/zabbix/zabbix_server.log zabbix_server_logfilesize: 10 -zabbix_server_debuglevel: 3 +zabbix_server_logslowqueries: 0 +zabbix_server_logtype: file +zabbix_server_maxhousekeeperdelete: 500 zabbix_server_pidfile: /var/run/zabbix/zabbix_server.pid +zabbix_server_proxydatafrequency: 1 +zabbix_server_snmptrapperfile: /tmp/zabbix_traps.tmp zabbix_server_socketdir: /var/run/zabbix -zabbix_server_real_dbhost: -zabbix_server_dbhost: localhost -zabbix_server_dbname: zabbix-server -zabbix_server_dbencoding: utf8 -zabbix_server_dbcollation: utf8_bin -zabbix_server_dbschema: -zabbix_server_dbuser: zabbix-server -zabbix_server_dbpassword: zabbix-server -zabbix_server_dbsocket: -zabbix_server_dbport: 5432 -zabbix_server_dbhost_run_install: true -zabbix_server_dbpassword_hash_method: md5 -zabbix_server_allowunsupporteddbversions: 0 -zabbix_server_privileged_host: localhost -zabbix_server_historystorageurl: -zabbix_server_historystoragetypes: uint,dbl,str,log,text -zabbix_server_historystoragedateindex: 0 -zabbix_server_exportdir: -zabbix_server_exportfilesize: 1G -zabbix_server_startpollers: 5 -zabbix_server_startlldprocessors: 2 -zabbix_server_startipmipollers: 0 -zabbix_server_startpollersunreachable: 1 -zabbix_server_starttrappers: 5 -zabbix_server_startpingers: 1 +zabbix_server_sslcertlocation: ${datadir}/zabbix/ssl/certs +zabbix_server_sslkeylocation: ${datadir}/zabbix/ssl/keys +zabbix_server_startdbsyncers: 4 zabbix_server_startdiscoverers: 1 +zabbix_server_startescalators: 1 zabbix_server_starthttppollers: 1 -zabbix_server_startpreprocessors: 3 -zabbix_server_connectors: 0 -zabbix_server_startodbcpollers: 1 +zabbix_server_startipmipollers: 0 +zabbix_server_startjavapollers: 0 +zabbix_server_startpingers: 1 +zabbix_server_startpollers: 5 +zabbix_server_startpollersunreachable: 1 +zabbix_server_startproxypollers: 1 +zabbix_server_startreportwriters: 0 +zabbix_server_startsnmptrapper: 0 zabbix_server_starttimers: 1 -zabbix_server_starthistorypollers: 5 -zabbix_server_javagateway: -zabbix_server_javagatewayport: 10052 -zabbix_server_startjavapollers: 5 +zabbix_server_starttrappers: 5 zabbix_server_startvmwarecollectors: 0 -zabbix_server_vmwarefrequency: 60 -zabbix_server_vmwarecachesize: 8M -zabbix_server_snmptrapperfile: /tmp/zabbix_traps.tmp -zabbix_server_startsnmptrapper: 0 -zabbix_server_listenip: -zabbix_server_housekeepingfrequency: 1 -zabbix_server_maxhousekeeperdelete: 500 -zabbix_server_senderfrequency: 30 -zabbix_server_cachesize: 32M -zabbix_server_startdbsyncers: 4 -zabbix_server_historycachesize: 16M -zabbix_server_historyindexcachesize: 4M -zabbix_server_trendcachesize: 4M -zabbix_server_trendfunctioncachesize: 4M -zabbix_server_historytextcachesize: 16M -zabbix_server_valuecachesize: 8M -zabbix_server_nodenoevents: 0 -zabbix_server_nodenohistory: 0 zabbix_server_timeout: 3 +zabbix_server_tmpdir: /tmp zabbix_server_trappertimeout: 300 -zabbix_server_unreachableperiod: 45 zabbix_server_unavailabledelay: 60 zabbix_server_unreachabledelay: 15 -zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts -zabbix_server_externalscriptspath: /usr/lib/zabbix/externalscripts -zabbix_server_sshkeylocation: -zabbix_server_logslowqueries: 0 -zabbix_server_tmpdir: /tmp -zabbix_server_startproxypollers: 1 -zabbix_server_proxydatafrequency: 1 -zabbix_server_allowroot: 0 +zabbix_server_unreachableperiod: 45 zabbix_server_user: zabbix -zabbix_server_include: /etc/zabbix/zabbix_server.conf.d -zabbix_server_include_mode: "0755" -zabbix_server_sslcertlocation: ${datadir}/zabbix/ssl/certs -zabbix_server_sslkeylocation: ${datadir}/zabbix/ssl/keys -zabbix_server_sslcalocation: -zabbix_server_loadmodulepath: ${libdir}/modules -zabbix_server_loadmodule: -zabbix_server_tlscafile: -zabbix_server_tlscrlfile: -zabbix_server_tlscertfile: -zabbix_server_tlskeyfile: -zabbix_server_startescalators: 1 +zabbix_server_vaulturl: https://127.0.0.1:8200 +zabbix_server_vmwarefrequency: 60 zabbix_server_vmwareperffrequency: 60 zabbix_server_vmwaretimeout: 10 -zabbix_server_manage_service: true -zabbix_server_vaulttoken: -zabbix_server_vaulturl: https://127.0.0.1:8200 -zabbix_server_vaultdbpath: -zabbix_server_startreportwriters: 0 -zabbix_server_webserviceurl: -zabbix_server_servicemanagersyncfrequency: 60 -zabbix_server_problemhousekeepingfrequency: 60 -zabbix_server_listenbacklog: -zabbix_server_hanodename: -zabbix_server_nodeaddress: - -# SELinux specific -zabbix_selinux: false -selinux_allow_zabbix_can_network: false -selinux_allow_zabbix_can_http: false diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml index 74b15bdc5..b0e272e2d 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml @@ -2,7 +2,7 @@ # handlers file for wdijkerman.zabbix - name: zabbix-server restarted - service: + ansible.builtin.service: name: zabbix-server state: restarted enabled: true @@ -10,20 +10,9 @@ become: true when: - zabbix_server_manage_service | bool - - zabbix_repo != 'epel' - -- name: zabbix-server restarted - service: - name: zabbix-proxy-mysql{{ zabbix_proxy_database_long }} - state: restarted - enabled: true - become: true - when: - - zabbix_proxy_manage_service | bool - - zabbix_repo == 'epel' - name: "clean repo files from proxy creds" - shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true become: true when: - ansible_os_family == 'RedHat' diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml index d7d9a08e3..ccfe6f121 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml @@ -1,76 +1,47 @@ --- - -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml - -- name: "Set some variables" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_server_apt_repository: - - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/" - - "{{ ansible_distribution_release }}" - - "main" - zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" - zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" - when: - - ansible_machine != "aarch64" - -- name: "Set some variables" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_server_apt_repository: - - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/" - - "{{ ansible_distribution_release }}" - - "main" - zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}" +- name: "Debian | Set some variables" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" + zabbix_underscore_version: "{{ zabbix_server_version | regex_replace('\\.', '_') }}" zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" - when: - - ansible_machine == "aarch64" - - -- name: "Debian | Set some facts" - set_fact: - datafiles_path: /usr/share/zabbix-server-{{ zabbix_server_database }} - when: - - zabbix_version is version('3.0', '<') tags: - - zabbix-server - - init - - config + - always -- name: "Debian | Set some facts for Zabbix >= 3.0 && < 5.4" - set_fact: - datafiles_path: /usr/share/doc/zabbix-server-{{ zabbix_server_database }} - when: - - zabbix_version is version('3.0', '>=') - - zabbix_version is version('5.4', '<') +- name: "Debian | Installing lsb-release" + ansible.builtin.apt: + pkg: lsb-release + update_cache: true + cache_valid_time: 3600 + force: true + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true tags: - - zabbix-server - - init - - config + - install -- name: "Debian | Set some facts for Zabbix == 5.4" - set_fact: - datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_server_database_long }} +- name: "Debian | Update ansible_lsb fact" + ansible.builtin.setup: + gather_subset: + - lsb + +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}" when: - - zabbix_version is version('5.4', '==') + - zabbix_repo_deb_url is undefined tags: - - zabbix-server - - init - - config + - always -- name: "Debian | Set some facts for Zabbix >= 6.0" - set_fact: - datafiles_path: /usr/share/zabbix-sql-scripts/{{ zabbix_server_database_long }} - when: - - zabbix_version is version('6.0', '>=') +- name: "Debian | Set some facts for Zabbix" + ansible.builtin.set_fact: + datafiles_path: /usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }} tags: - - zabbix-server - - init - - config + - always - name: "Debian | Installing gnupg" - apt: + ansible.builtin.apt: pkg: gnupg update_cache: true cache_valid_time: 3600 @@ -82,90 +53,104 @@ register: gnupg_installed until: gnupg_installed is succeeded become: true + tags: + - install + +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" + become: true + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") -- name: "Debian | Install gpg key" - apt_key: - id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}" +- name: "Debian | Download gpg key" + ansible.builtin.get_url: url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true register: zabbix_server_repo_files_installed until: zabbix_server_repo_files_installed is succeeded - when: - - zabbix_repo == "zabbix" become: true tags: - - zabbix-server - - init + - install - name: "Debian | Installing repository {{ ansible_distribution }}" - apt_repository: - repo: "{{ item }} {{ zabbix_server_apt_repository | join(' ') }}" - state: present - when: zabbix_repo == "zabbix" + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} become: true - with_items: - - deb-src - - deb tags: - - zabbix-server - - init + - install - name: "Debian | Create /etc/apt/preferences.d/" - file: + ansible.builtin.file: path: /etc/apt/preferences.d/ state: directory - mode: '0755' + mode: "0755" when: - zabbix_server_apt_priority | int become: true + tags: + - install - name: "Debian | Configuring the weight for APT" - copy: + ansible.builtin.copy: dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" content: | Package: zabbix_server-{{ zabbix_proxy_database }} Pin: origin repo.zabbix.com Pin-Priority: {{ zabbix_server_apt_priority }} owner: root - mode: '0644' + mode: "0644" when: - zabbix_server_apt_priority | int become: true - -- name: Check if warn parameter can be used for shell module - set_fact: - produce_warn: False - when: ansible_version.full is version("2.14", "<") - -- name: apt-get clean - shell: apt-get clean; apt-get update - args: - warn: "{{ produce_warn | default(omit) }}" - changed_when: false - become: true tags: - - skip_ansible_lint + - install # On certain 18.04 images, such as docker or lxc, dpkg is configured not to # install files into paths /usr/share/doc/* # Since this is where Zabbix installs its database schemas, we need to allow # files to be installed to /usr/share/doc/zabbix* -- name: Check for the dpkg exclude line - command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes +- name: "Debian | Check for the dpkg exclude line" + ansible.builtin.command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes register: dpkg_exclude_line failed_when: false changed_when: false check_mode: false + become: true + tags: + - install -- name: Allow Zabbix dpkg installs to /usr/share/doc/zabbix* - lineinfile: +- name: "Debian | Allow Zabbix dpkg installs to /usr/share/doc/zabbix*" + ansible.builtin.lineinfile: path: /etc/dpkg/dpkg.cfg.d/excludes - line: 'path-include=/usr/share/doc/zabbix*' + line: "path-include=/usr/share/doc/zabbix*" become: true when: - dpkg_exclude_line.rc == 0 + tags: + - install - name: "Debian | Installing zabbix-server-{{ zabbix_server_database }}" - apt: + ansible.builtin.apt: pkg: zabbix-server-{{ zabbix_server_database }} state: "{{ zabbix_server_package_state }}" update_cache: true @@ -179,11 +164,10 @@ until: zabbix_server_package_installed is succeeded become: true tags: - - zabbix-server - - init + - install - name: "Debian | Installing zabbix-sql-scripts" - apt: + ansible.builtin.apt: pkg: zabbix-sql-scripts state: "{{ zabbix_server_package_state }}" update_cache: true @@ -196,84 +180,61 @@ register: zabbix_server_package_sql_installed until: zabbix_server_package_sql_installed is succeeded when: - - zabbix_version is version('5.4', '>=') - become: true - tags: - - zabbix-server - - init - -- name: "Debian | Install Ansible module dependencies" - apt: - name: "{{ zabbix_python_prefix }}-psycopg2" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_database_creation - tags: - - zabbix-server - - init - -- name: "Debian | Install Mysql Client package" - apt: - name: - - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded + - zabbix_server_version is version('5.4', '>=') become: true - when: - - zabbix_server_database == 'mysql' - - zabbix_server_install_database_client - - ansible_distribution_release != "buster" tags: - - zabbix-server - - init - - database - -- name: "Debian 10 | Install Mysql Client package" - apt: - name: - - mariadb-client - - "{{ zabbix_python_prefix }}-mysqldb" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'mysql' - - zabbix_server_install_database_client - - ansible_distribution_release == "buster" - tags: - - zabbix-server - - init - - database - -- name: "Debian | Install PostgreSQL Client package" - apt: - name: postgresql-client - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'pgsql' - - zabbix_server_install_database_client + - install + +- name: "Debian | Install Database Client Package" + block: + - name: "Debian | Install Mysql Client package" + ansible.builtin.apt: + name: + - default-mysql-client + - "{{ zabbix_python_prefix }}-mysqldb" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + become: true + when: + - zabbix_server_database == 'mysql' + - ansible_distribution_release != "buster" + + - name: "Debian 10 | Install Mysql Client package" + ansible.builtin.apt: + name: + - mariadb-client + - "{{ zabbix_python_prefix }}-mysqldb" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + become: true + when: + - zabbix_server_database == 'mysql' + - ansible_distribution_release == "buster" + + - name: "Debian | Install PostgreSQL Client package" + ansible.builtin.apt: + name: + - postgresql-client + - "{{ zabbix_python_prefix }}-psycopg2" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + become: true + when: + - zabbix_server_database == 'pgsql' + when: zabbix_server_install_database_client tags: - - zabbix-server - - init + - install - database + - dependencies diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml index 5d6c33b31..fefd7e86c 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml @@ -1,191 +1,84 @@ --- # Tasks specific for RedHat systems -- name: "Set short version name" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" +- name: "RedHat | Set short version name" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" + tags: + - always - name: "RedHat | Use Zabbix package name" - set_fact: + ansible.builtin.set_fact: zabbix_server_package: "zabbix-server-{{ zabbix_server_database }}" - when: - - zabbix_repo == "zabbix" or zabbix_repo == "other" - tags: - - zabbix-server - -- name: "RedHat | Use EPEL package name" - set_fact: - zabbix_server_package: "zabbix{{ zabbix_short_version }}-server-{{ zabbix_server_database }}" - when: - - zabbix_repo == "epel" - tags: - - zabbix-server - -- name: "RedHat | Set some facts Zabbix <= 3.2" - set_fact: - datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}-{{ zabbix_version }}*" - when: - - zabbix_version is version('3.2', '<=') tags: - - zabbix-server + - always -- name: "RedHat | Set facts for Zabbix > 3.2 && < 5.4" - set_fact: - datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}*" - when: - - zabbix_version is version('3.2', '>') - - zabbix_version is version('5.4', '<') +- name: "RedHat | Set facts for Zabbix" + ansible.builtin.set_fact: + datafiles_path: "/usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}" tags: - - zabbix-server + - always -- name: "RedHat | Set facts for Zabbix == 5.4" - set_fact: - datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_server_database_long }}" - when: - - zabbix_version is version('5.4', '==') - tags: - - zabbix-server - -- name: "RedHat | Set facts for Zabbix >= 6.0" - set_fact: - datafiles_path: "/usr/share/zabbix-sql-scripts/{{ zabbix_server_database_long }}" - when: - - zabbix_version is version('6.0', '>=') - tags: - - zabbix-server - -- name: "RedHat | Set facts for RHEL8" - set_fact: - datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}" - when: - - ansible_distribution_major_version == "8" - - zabbix_version is version('5.4', '<') - tags: - - zabbix-server - -- name: "RedHat | Set some facts EPEL" - set_fact: - datafiles_path: "/usr/share/zabbix-{{ zabbix_server_database_long }}" - when: - - zabbix_repo == "epel" - tags: - - zabbix-server - -- name: "RedHat | Create 'zabbix' group (EPEL)" - group: - name: "{{ zabbix_server_groupname | default('zabbix') }}" - gid: "{{ zabbix_server_groupid | default(omit) }}" - state: present - become: true - when: - - zabbix_repo == "epel" - -- name: "RedHat | Create 'zabbix' user (EPEL)" - user: - name: "{{ zabbix_server_username | default('zabbix') }}" - comment: Zabbix Monitoring System - uid: "{{ zabbix_server_userid | default(omit) }}" - group: zabbix - become: true - when: - - zabbix_repo == "epel" - -- name: "Make sure old file is absent" - file: +- name: "RedHat | Make sure old file is absent" + ansible.builtin.file: path: /etc/yum.repos.d/zabbix-supported.repo state: absent become: true + tags: + - install - name: "RedHat | Install basic repo file" - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: "{{ item.gpgcheck }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" + priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true - when: - zabbix_repo == "zabbix" notify: - "clean repo files from proxy creds" tags: - - zabbix-server + - install - name: "RedHat | Installing zabbix-server-{{ zabbix_server_database }}" - package: + ansible.builtin.package: pkg: "{{ zabbix_server_package }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}" state: "{{ zabbix_server_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_server_package_installed until: zabbix_server_package_installed is succeeded - when: - zabbix_repo != "other" become: true tags: - - zabbix-server - -- name: "RedHat | Installing zabbix-server-{{ zabbix_server_database }} (When zabbix_repo == other)" - package: - pkg: "{{ zabbix_server_package }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}" - state: "{{ zabbix_server_package_state }}" - register: zabbix_server_package_installed - until: zabbix_server_package_installed is succeeded - when: - zabbix_repo == "other" - become: true - tags: - - zabbix-server + - install - name: "RedHat | Installing zabbix-sql-scripts" - package: - pkg: "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}" - state: "{{ zabbix_server_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_sql_package_installed - until: zabbix_server_sql_package_installed is succeeded - when: - - zabbix_version is version('5.4', '>=') - - zabbix_repo != "other" - become: true - tags: - - zabbix-server - - -- name: "RedHat | Installing zabbix-sql-scripts (When zabbix_repo == other)" - package: + ansible.builtin.package: pkg: "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}" state: "{{ zabbix_server_package_state }}" - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_server_sql_package_installed until: zabbix_server_sql_package_installed is succeeded when: - - zabbix_version is version('5.4', '>=') - - zabbix_repo == "other" + - zabbix_server_version is version('6.0', '>=') become: true tags: - - zabbix-server + - install - name: "RedHat | Install Ansible module dependencies" - yum: - name: python-psycopg2 + ansible.builtin.yum: + name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}" state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" @@ -194,103 +87,46 @@ until: zabbix_server_dependencies_installed is succeeded become: true when: - - zabbix_database_creation + - zabbix_server_database_creation - zabbix_server_database == 'pgsql' - - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" tags: - - zabbix-server - -- name: "RedHat | Install Ansible module dependencies on RHEL9 or RHEL8" - yum: - name: python3-psycopg2 - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_database_creation - - zabbix_server_database == 'pgsql' - - ansible_distribution_major_version|int >= 8 - tags: - - zabbix-server - -- name: "RedHat | Install Mysql Client packages RHEL9 or RHEL8" - yum: - name: - - mysql - - python3-PyMySQL - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'mysql' - - zabbix_server_install_database_client - - ansible_distribution_major_version|int >= 8 - tags: - - zabbix-server - -- name: "RedHat | Install Mysql Client package RHEL7" - yum: - name: - - mariadb - - MySQL-python - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'mysql' - - zabbix_server_install_database_client - - ansible_distribution_major_version == "7" - tags: - - zabbix-server - -- name: "RedHat | Install Mysql Client package RHEL5 - 6" - yum: - name: - - mysql - - MySQL-python - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'mysql' - - zabbix_server_install_database_client - - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5" - tags: - - zabbix-server - -- name: "RedHat | Install PostgreSQL client package" - yum: - name: postgresql - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_dependencies_installed - until: zabbix_server_dependencies_installed is succeeded - become: true - when: - - zabbix_server_database == 'pgsql' - - zabbix_server_install_database_client - tags: - - zabbix-server - -- name: "Configure SELinux when enabled" - include_tasks: selinux.yml - when: - - zabbix_selinux | bool + - install + - dependencies + +- name: RedHat | Install Database Client Package + block: + - name: "RedHat | Install Mysql Client packages" + ansible.builtin.yum: + name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}" + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + become: true + when: + - zabbix_server_database == 'mysql' + + - name: "RedHat | Install PostgreSQL client package" + ansible.builtin.yum: + name: postgresql + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + become: true + when: + - zabbix_server_database == 'pgsql' + when: zabbix_server_install_database_client + tags: + - install + - dependencies + - database + +- name: "RedHat | Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: + - zabbix_server_selinux | bool diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml index d3264883d..62674a7ff 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml @@ -1,56 +1,74 @@ --- -# tasks file for wdijkerman.zabbix - -- name: "Include OS-specific variables" - include_vars: "{{ ansible_os_family }}.yml" +- name: Include OS-specific variables + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always - name: Determine Latest Supported Zabbix Version - set_fact: - zabbix_server_version: "{{ zabbix_valid_server_versions[ansible_distribution_major_version][0] | default(6.0) }}" + ansible.builtin.set_fact: + zabbix_server_version: "{{ zabbix_valid_server_versions[ansible_distribution_major_version][0] | default(6.4) }}" when: zabbix_server_version is not defined + tags: + - always + +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}" + zabbix_valid_version: "{{ zabbix_server_version|float in zabbix_valid_server_versions[ansible_distribution_major_version] }}" + zabbix_server_fpinglocation: "{{ zabbix_server_fpinglocation if zabbix_server_fpinglocation is defined else _zabbix_server_fpinglocation}}" + zabbix_server_fping6location: "{{ zabbix_server_fping6location if zabbix_server_fping6location is defined else _zabbix_server_fping6location}}" + tags: + - always + +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_server_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version + tags: + - always -- name: "Install the correct repository" - include_tasks: "{{ ansible_os_family }}.yml" +- name: Install the correct repository + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" -- name: "Installing the {{ zabbix_server_database_long }} database" - include_tasks: "{{ zabbix_server_database_long }}.yml" +- name: Installing the {{ zabbix_db_type_long }} database + ansible.builtin.include_tasks: "{{ zabbix_db_type_long }}.yml" - name: "Configure zabbix-server" - template: + ansible.builtin.template: src: zabbix_server.conf.j2 - dest: /etc/zabbix/zabbix_server.conf - owner: zabbix - group: zabbix + dest: "{{ zabbix_server_config }}" + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: "{{ zabbix_server_conf_mode }}" + become: true notify: - zabbix-server restarted tags: - - zabbix-server - - init - config - name: "Create include dir zabbix-server" - file: + ansible.builtin.file: path: "{{ zabbix_server_include }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" state: directory mode: "{{ zabbix_server_include_mode }}" + become: true tags: - - zabbix-server - - init + - install - config - name: "Add zabbix-server scripts" - include_tasks: "scripts.yml" + ansible.builtin.include_tasks: "scripts.yml" when: ( zabbix_server_alertscripts is defined ) or ( zabbix_server_externalscripts is defined ) - name: "Zabbix-server started" - service: + ansible.builtin.service: name: zabbix-server state: "{{ zabbix_service_state }}" enabled: "{{ zabbix_service_enabled }}" + become: true tags: - - zabbix-server + - service when: zabbix_server_manage_service | bool diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml index 9e419b125..aad009816 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml @@ -1,21 +1,28 @@ --- # task file for mysql -- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - set_fact: + +- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}" when: - zabbix_server_dbhost_run_install + tags: + - database -- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - set_fact: +- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ inventory_hostname }}" when: - not zabbix_server_dbhost_run_install + tags: + - database -- name: "Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer" - set_fact: +- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_server_real_dbhost }}" when: zabbix_server_real_dbhost | default(false) + tags: + - database - name: "MySQL | Create database" community.mysql.mysql_db: @@ -28,11 +35,10 @@ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" state: present - when: zabbix_database_creation + when: zabbix_server_database_creation register: zabbix_database_created delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database - skip_ansible_lint @@ -45,57 +51,44 @@ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" name: "{{ zabbix_server_dbuser }}" password: "{{ zabbix_server_dbpassword }}" + plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}" priv: "{{ zabbix_server_dbname }}.*:ALL" host: "{{ zabbix_server_privileged_host }}" state: present - when: zabbix_database_creation + when: zabbix_server_database_creation delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database -- name: "Get the file for create.sql >= 3.0" - shell: ls -1 {{ datafiles_path }}/{{ 'create' if zabbix_version is version('6.0', '<') else 'server' }}.sq* +- name: "MySQL | Get the file for create.sql" + ansible.builtin.shell: ls -1 {{ datafiles_path }}/{{ 'create' if zabbix_server_version is version('6.0', '<') else 'server' }}.sq* changed_when: false + become: true when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool register: ls_output_create tags: - - zabbix-server - database - name: MySQL | Get current database version - shell: | + ansible.builtin.shell: | mysql -h {{ zabbix_server_dbhost }} -u{{ zabbix_server_dbuser }} \ -p'{{ zabbix_server_dbpassword }}' -D '{{ zabbix_server_dbname }}' \ -e 'SELECT mandatory FROM dbversion;' register: mysql_db_version + become: true changed_when: false ignore_errors: true + tags: + - database # If the above check failed, then there was no dbversion table in the database. # We'll create it, below. Otherwise, we can access the database version in # `mysql_db_version["stdout_lines"][1]`, for example 5000000 for Zabbix 5.0. - name: MySQL | Check if database needs to be populated - set_fact: + ansible.builtin.set_fact: mysql_schema_empty: "{{ mysql_db_version is failed }}" -- name: "MySQL | Get version_comment" - community.mysql.mysql_variables: - variable: version - login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" - delegate_to: "{{ delegated_dbhost }}" - register: install_mysql_version - tags: - - zabbix-server - - database - - name: "MySQL | Get current value for innodb_default_row_format" community.mysql.mysql_variables: variable: innodb_default_row_format @@ -106,11 +99,7 @@ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" delegate_to: "{{ delegated_dbhost }}" register: mysql_innodb_default_row_format - when: - - not ansible_check_mode - - install_mysql_version.msg is version('5.6', '>=') tags: - - zabbix-server - database - name: "MySQL | Set innodb_default_row_format to dynamic" @@ -123,15 +112,11 @@ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty - - install_mysql_version.msg is version('5.6', '>=') - mysql_innodb_default_row_format.msg != 'dynamic' delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database - name: "MySQL | Disable InnoDB Strict Mode" @@ -144,45 +129,45 @@ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty - - install_mysql_version.msg is version('5.6', '>=') - ansible_distribution_release == "buster" delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database -- name: "Fetch sql create file" +- name: "MySQL | Fetch sql create file" fetch: src: "{{ ls_output_create.stdout }}" dest: /tmp/{{ role_name }}/ flat: true + become: true when: - delegated_dbhost != inventory_hostname - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty + tags: + - database -- name: "Copy sql create file" - copy: +- name: "MySQL | Copy sql create file" + ansible.builtin.copy: src: /tmp/{{ role_name }}/ dest: "{{ ls_output_create.stdout | dirname }}" - mode: '0640' + mode: "0640" delegate_to: "{{ delegated_dbhost }}" + become: true when: - delegated_dbhost != inventory_hostname - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty + tags: + - database -- name: "MySQL | Create database and import file >= 3.0" +- name: "MySQL | Create database and import file" community.mysql.mysql_db: login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}" + login_user: "{{ zabbix_server_dbuser if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_user }}" + login_password: "{{ zabbix_server_dbpassword if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_password }}" login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" name: "{{ zabbix_server_dbname }}" @@ -190,118 +175,39 @@ collation: "{{ zabbix_server_dbcollation }}" state: import target: "{{ ls_output_create.stdout }}" + use_shell: "{{ true if zabbix_server_version is version('5.0', '==') else false }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database - name: "MySQL | Revert innodb_default_row_format to previous value" community.mysql.mysql_variables: variable: innodb_default_row_format - value: '{{ mysql_innodb_default_row_format.msg }}' + value: "{{ mysql_innodb_default_row_format.msg }}" login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}" login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}" login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}" login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}" when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty - mysql_innodb_default_row_format.msg != 'dynamic' delegate_to: "{{ delegated_dbhost }}" tags: - - zabbix-server - database -- name: "Check if we have sql_done files >= 3.0" - file: +- name: "MySQL | Check if we have sql_done files" + ansible.builtin.file: path: /etc/zabbix/create.done state: touch - mode: '0644' + mode: "0644" + become: true when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload | bool - - zabbix_repo != "epel" + - zabbix_server_database_sqlload | bool - mysql_schema_empty - -- name: "Get the correct path for the SQL files < 3.0" - shell: ls -1 {{ datafiles_path }}/{{ mysql_create_dir }}{{ item }}.sql* - changed_when: false - register: ls_output_schema - with_items: - - schema - - images - - data - when: - - zabbix_version is version('3.0', '<') - - zabbix_database_sqlload | bool - tags: - - zabbix-server - - database - -- name: "Check if we have done files < 3.0" - stat: - path: /etc/zabbix/{{ item }}.done - register: done_files - with_items: - - schema - - images - - data - when: - - zabbix_version is version('3.0', '<') - - zabbix_database_sqlload | bool - tags: - - zabbix-server - - database - -- name: "Create fact if sql_done files exists" - set_fact: - sql_files_executed: "{{ sql_files_executed | default({}) | combine({item.item: item.stat}) }}" - with_items: "{{ done_files.results }}" - when: - - zabbix_version is version('3.0', '<') - - zabbix_database_sqlload | bool - tags: - - zabbix-server - - database - -- name: "MySQL | Create database and import files < 3.0" - community.mysql.mysql_db: - name: "{{ zabbix_server_dbname }}" - encoding: "{{ zabbix_server_dbencoding }}" - collation: "{{ zabbix_server_dbcollation }}" - state: import - target: "{{ item.stdout }}" - with_items: "{{ ls_output_schema.results }}" - when: - - zabbix_version is version('3.0', '<') - - zabbix_database_sqlload | bool - - not sql_files_executed[item.item].exists - delegate_to: "{{ delegated_dbhost }}" - tags: - - zabbix-server - - database - -- name: "Check if we have sql_done files < 3.0" - file: - path: /etc/zabbix/{{ item }}.done - state: touch - mode: '0644' - with_items: - - schema - - images - - data - when: - - zabbix_version is version('3.0', '<') - - zabbix_database_sqlload | bool - - not sql_files_executed[item].exists tags: - - zabbix-server - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml index 77e300c01..5177a55be 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml @@ -1,17 +1,21 @@ --- # task file for postgresql -- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - set_fact: +- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}" when: - zabbix_server_dbhost_run_install + tags: + - database -- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - set_fact: +- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + ansible.builtin.set_fact: delegated_dbhost: "{{ inventory_hostname }}" when: - not zabbix_server_dbhost_run_install + tags: + - database - name: "PostgreSQL | Delegated" block: @@ -20,6 +24,7 @@ name: "{{ zabbix_server_dbname }}" port: "{{ zabbix_server_dbport }}" state: present + - name: "PostgreSQL | Delegated | Create database user" community.postgresql.postgresql_user: db: "{{ zabbix_server_dbname }}" @@ -29,19 +34,19 @@ priv: ALL state: present encrypted: true + - name: "PostgreSQL | Delegated | Create timescaledb extension" community.postgresql.postgresql_ext: db: "{{ zabbix_server_dbname }}" name: timescaledb - when: zabbix_database_timescaledb + when: zabbix_server_database_timescaledb become: true become_user: postgres delegate_to: "{{ delegated_dbhost }}" when: - - zabbix_database_creation + - zabbix_server_database_creation - zabbix_server_pgsql_login_host is not defined tags: - - zabbix-server - database - name: "PostgreSQL | Remote" @@ -55,6 +60,7 @@ name: "{{ zabbix_server_dbname }}" port: "{{ zabbix_server_dbport }}" state: present + - name: "PostgreSQL | Remote | Create database user" community.postgresql.postgresql_user: login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}" @@ -67,6 +73,7 @@ priv: ALL state: present encrypted: true + - name: "PostgreSQL | Remote | Create timescaledb extension" community.postgresql.postgresql_ext: login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}" @@ -75,23 +82,17 @@ login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}" db: "{{ zabbix_server_dbname }}" name: timescaledb - when: zabbix_database_timescaledb + when: zabbix_server_database_timescaledb when: - - zabbix_database_creation + - zabbix_server_database_creation - zabbix_server_pgsql_login_host is defined tags: - - zabbix-server - database -- name: Check if warn parameter can be used for shell module - set_fact: - produce_warn: False - when: ansible_version.full is version("2.14", "<") - - name: "PostgreSQL | Create schema" - shell: | + ansible.builtin.shell: | set -euxo pipefail - FILE={{ 'create.sql' if zabbix_version is version('6.0', '<') else 'server.sql' }} + FILE={{ 'create.sql' if zabbix_server_version is version('6.0', '<') else 'server.sql' }} cd {{ datafiles_path }} if [ -f ${FILE}.gz ] then zcat ${FILE}.gz > /tmp/create.sql @@ -110,15 +111,14 @@ warn: "{{ produce_warn | default(omit) }}" environment: PGPASSWORD: "{{ zabbix_server_dbpassword }}" + become: true when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_sqlload + - zabbix_server_database_sqlload tags: - - zabbix-server - database - name: "PostgreSQL | Create TimescaleDB hypertables" - shell: | + ansible.builtin.shell: | set -euxo pipefail cd {{ datafiles_path }} && if [ -f timescaledb.sql.gz ]; then zcat timescaledb.sql.gz > /etc/timescaledb.sql ; else cp -p timescaledb.sql /etc/timescaledb.sql ; fi @@ -134,92 +134,8 @@ warn: "{{ produce_warn | default(omit) }}" environment: PGPASSWORD: "{{ zabbix_server_dbpassword }}" + become: true when: - - zabbix_version is version('3.0', '>=') - - zabbix_database_timescaledb - tags: - - zabbix-server - - database - -- name: "Get complete path" - shell: ls -d {{ datafiles_path }} - register: datafiles_path_full - changed_when: false - when: - - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) - tags: - - skip_ansible_lint - -- name: "Check if we have a create dir" - stat: - path: "{{ datafiles_path_full.stdout }}/create" - register: create_dir_or_not - when: - - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) - -- name: "Set fact" - set_fact: - datafiles_path: "{{ datafiles_path }}/create" - when: - - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) - - create_dir_or_not.stat.isdir is defined and create_dir_or_not.stat.isdir - - create_dir_or_not.stat.exists - -- name: "PostgreSQL | Importing schema file" - shell: | - set -euxo pipefail - cd {{ datafiles_path }} - if [ -f schema.sql.gz ]; then zcat schema.sql.gz > /tmp/schema.sql ; else cp -p schema.sql /tmp/schema.sql ;fi - cat /tmp/schema.sql | psql -h '{{ zabbix_server_dbhost }}' \ - -U '{{ zabbix_server_dbuser }}' \ - -d '{{ zabbix_server_dbname }}' \ - -p '{{ zabbix_server_dbport }}' - touch /etc/zabbix/schema.done - rm -f /etc/schema.sql - args: - creates: /etc/zabbix/schema.done - executable: /bin/bash - warn: "{{ produce_warn | default(omit) }}" - environment: - PGPASSWORD: "{{ zabbix_server_dbpassword }}" - when: - - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) - tags: - - zabbix-server - - database - -- name: "PostgreSQL | Importing images file" - shell: > - cd {{ datafiles_path }} && - psql -h '{{ zabbix_server_dbhost }}' - -U '{{ zabbix_server_dbuser }}' - -d '{{ zabbix_server_dbname }}' - -p '{{ zabbix_server_dbport }}' - -f images.sql && touch /etc/zabbix/images.done - args: - creates: /etc/zabbix/images.done - warn: "{{ produce_warn | default(omit) }}" - environment: - PGPASSWORD: "{{ zabbix_server_dbpassword }}" - when: (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) - tags: - - zabbix-server - - database - -- name: "PostgreSQL | Importing data file" - shell: > - cd {{ datafiles_path }} && - psql -h '{{ zabbix_server_dbhost }}' - -U '{{ zabbix_server_dbuser }}' - -d '{{ zabbix_server_dbname }}' - -p '{{ zabbix_server_dbport }}' - -f data.sql && touch /etc/zabbix/data.done - args: - creates: /etc/zabbix/data.done - warn: "{{ produce_warn | default(omit) }}" - environment: - PGPASSWORD: "{{ zabbix_server_dbpassword }}" - when: (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + - zabbix_server_database_timescaledb tags: - - zabbix-server - database diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml index 418436128..b253f325a 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml @@ -1,20 +1,26 @@ --- - name: "Configure zabbix-server alertscripts" - template: + ansible.builtin.template: src: "{{ item.path }}" dest: "{{ zabbix_server_alertscriptspath }}/{{ item.name }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: 0755 with_items: "{{ zabbix_server_alertscripts }}" + become: true when: zabbix_server_alertscripts is defined + tags: + - config - name: "Configure zabbix-server externalscripts" - template: + ansible.builtin.template: src: "{{ item.path }}" dest: "{{ zabbix_server_externalscriptspath }}/{{ item.name }}" - owner: zabbix - group: zabbix + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" mode: 0755 with_items: "{{ zabbix_server_externalscripts }}" + become: true when: zabbix_server_externalscripts is defined + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml index 38a8d85fe..fe203aed1 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml @@ -1,27 +1,32 @@ --- - # straight to getenforce binary , workaround for missing python_selinux library -- name: "Get getenforce binary" - stat: +- name: "SELinux | Get getenforce binary" + ansible.builtin.stat: path: /usr/sbin/getenforce register: getenforce_bin become: true + tags: + - always -- name: "Collect getenforce output" - command: getenforce +- name: "SELinux | Collect getenforce output" + ansible.builtin.command: getenforce register: sestatus - when: 'getenforce_bin.stat.exists' + when: "getenforce_bin.stat.exists" changed_when: false become: true check_mode: false + tags: + - always -- name: "Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" - set_fact: - zabbix_selinux: "{{ true }}" +- name: "Set zabbix_server_selinux to true if getenforce returns Enforcing or Permissive" + ansible.builtin.set_fact: + zabbix_server_selinux: "{{ true }}" when: 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' + tags: + - config - name: "SELinux | RedHat | Install related SELinux package" - yum: + ansible.builtin.yum: name: - libsemanage-python - policycoreutils @@ -38,10 +43,10 @@ - selinux_allow_zabbix_can_network - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" tags: - - zabbix-server + - install -- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8" - yum: +- name: "SELinux | RedHat | Install related SELinux package on RHEL8" + ansible.builtin.yum: name: - python3-libsemanage state: present @@ -54,9 +59,9 @@ when: - ansible_os_family == "RedHat" - selinux_allow_zabbix_can_network - - ansible_distribution_major_version|int >= 8 + - ansible_distribution_major_version == "8" tags: - - zabbix-server + - install - name: "SELinux | RedHat | Enable httpd_can_connect_zabbix SELinux boolean" ansible.posix.seboolean: @@ -67,7 +72,7 @@ when: - selinux_allow_zabbix_can_http tags: - - zabbix-server + - config - name: "SELinux | RedHat | Enable zabbix_can_network SELinux boolean" ansible.posix.seboolean: @@ -78,10 +83,10 @@ when: - selinux_allow_zabbix_can_network tags: - - zabbix-server + - config - name: "SELinux | RedHat | Install related SELinux package to fix issues" - yum: + ansible.builtin.yum: name: - policycoreutils-python state: present @@ -95,10 +100,10 @@ - ansible_os_family == "RedHat" - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" tags: - - zabbix-server + - install -- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8" - yum: +- name: "SELinux | RedHat | Install related SELinux package to fix issues on RHEL8" + ansible.builtin.yum: name: - policycoreutils - checkpolicy @@ -112,13 +117,15 @@ become: true when: - ansible_os_family == "RedHat" - - ansible_distribution_major_version|int >= 8 + - ansible_distribution_major_version == "8" tags: - - zabbix-server + - install - name: "SELinux | RedHat | Add SEmodule to fix SELinux issue: zabbix_server_alerter.sock" - script: + ansible.builtin.script: cmd: files/install_semodule.bsx args: creates: /etc/selinux/targeted/active/modules/400/zabbix_server_add/cil become: true + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2 index 19c99aa33..489e9c9f5 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2 @@ -4,261 +4,120 @@ # This configuration file is "minimalized", which means all the original comments # are removed. The full documentation for your Zabbix Server can be found here: -# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_server +# https://www.zabbix.com/documentation/{{ zabbix_server_version }}/en/manual/appendix/config/zabbix_server -ListenPort={{ zabbix_server_listenport }} -{% if zabbix_server_sourceip is defined and zabbix_server_sourceip %} -SourceIP={{ zabbix_server_sourceip }} -{% endif %} -{% if zabbix_version is version('3.0', '>=') %} -LogType={{ zabbix_server_logtype }} -{% endif %} -LogFile={{ zabbix_server_logfile }} -LogFileSize={{ zabbix_server_logfilesize }} -DebugLevel={{ zabbix_server_debuglevel }} -{% if zabbix_version is version('3.4', '>=') %} -SocketDir={{ zabbix_server_socketdir }} -{% endif %} -PidFile={{ zabbix_server_pidfile }} -DBHost={{ zabbix_server_dbhost }} -DBName={{ zabbix_server_dbname }} -{% if zabbix_server_dbschema is defined and zabbix_server_dbschema %} -DBSchema={{ zabbix_server_dbschema }} -{% endif %} -DBUser={{ zabbix_server_dbuser }} -DBPassword={{ zabbix_server_dbpassword }} -{% if zabbix_server_dbsocket is defined and zabbix_server_dbsocket %} -DBSocket={{ zabbix_server_dbsocket }} -{% endif %} -{% if zabbix_server_dbport is defined and zabbix_server_dbport %} -DBPort={{ zabbix_server_dbport }} -{% endif %} -{% if zabbix_version is version('6.0', '>=') %} -AllowUnsupportedDBVersions={{ zabbix_server_allowunsupporteddbversions }} -{% endif %} -{% if zabbix_server_historystorageurl is defined and zabbix_server_historystorageurl %} -HistoryStorageURL={{ zabbix_server_historystorageurl }} -{% endif %} -{% if zabbix_version is version('3.4', '>=') %} -HistoryStorageTypes={{ zabbix_server_historystoragetypes }} -{% endif %} -{% if zabbix_version is version('4.0', '>=') %} -HistoryStorageDateIndex={{ zabbix_server_historystoragedateindex }} -{% endif %} -{% if zabbix_version is version('4.0', '>=') %} -{% if zabbix_server_exportdir is defined and zabbix_server_exportdir %} -ExportDir={{ zabbix_server_exportdir }} -{% endif %} -{% endif %} -{% if zabbix_version is version('4.0', '>=') %} -ExportFileSize={{ zabbix_server_exportfilesize }} -{% endif %} -StartPollers={{ zabbix_server_startpollers }} -StartIPMIPollers={{ zabbix_server_startipmipollers }} -{% if zabbix_version is version('4.2', '>=') %} -StartLLDProcessors={{ zabbix_server_startlldprocessors }} -{% endif %} -{% if zabbix_version is version('4.2', '>=') %} -StartPreprocessors={{ zabbix_server_startpreprocessors }} -{% endif %} -StartPollersUnreachable={{ zabbix_server_startpollersunreachable }} -{% if zabbix_version is version('6.4', '>=') %} -StartConnectors={{ zabbix_server_connectors }} -{% endif %} -{% if zabbix_version is version('6.2', '>=') %} -StartHistoryPollers={{ zabbix_server_starthistorypollers }} -{% endif %} -StartTrappers={{ zabbix_server_starttrappers }} -StartPingers={{ zabbix_server_startpingers }} -StartDiscoverers={{ zabbix_server_startdiscoverers }} -StartHTTPPollers={{ zabbix_server_starthttppollers }} -{% if zabbix_version is version('2.0', '>=') %} -StartTimers={{ zabbix_server_starttimers }} -{% endif %} -{% if zabbix_version is version('3.0', '>=') %} -StartEscalators={{ zabbix_server_startescalators }} -{% endif %} -{% if zabbix_server_javagateway is defined and zabbix_server_javagateway %} -JavaGateway={{ zabbix_server_javagateway }} -JavaGatewayPort={{ zabbix_server_javagatewayport }} -StartJavaPollers={{ zabbix_server_startjavapollers }} -{% endif %} -{% if zabbix_version is version('2.2', '>=') %} -StartVMwareCollectors={{ zabbix_server_startvmwarecollectors }} -VMwareFrequency={{ zabbix_server_vmwarefrequency }} -{% if zabbix_version is version('3.0', '>=') %} -VMwarePerfFrequency={{ zabbix_server_vmwareperffrequency }} -{% endif %} -VMwareCacheSize={{ zabbix_server_vmwarecachesize }} -{% endif %} -{% if zabbix_version is version('3.0', '>=') %} -VMwareTimeout={{ zabbix_server_vmwaretimeout }} -{% endif %} -SNMPTrapperFile={{ zabbix_server_snmptrapperfile }} -StartSNMPTrapper={{ zabbix_server_startsnmptrapper }} -{% if zabbix_server_listenip is defined and zabbix_server_listenip %} -ListenIP={{ zabbix_server_listenip }} -{% endif %} -HousekeepingFrequency={{ zabbix_server_housekeepingfrequency }} -MaxHousekeeperDelete={{ zabbix_server_maxhousekeeperdelete }} -{% if zabbix_version is version('3.2', '<=') %} -SenderFrequency={{ zabbix_server_senderfrequency }} -{% endif %} -{% if zabbix_server_cachesize is defined and zabbix_server_cachesize is not none %} -CacheSize={{ zabbix_server_cachesize }} -{% else %} -{% if zabbix_version is version('6.2', '<') %} -CacheSize=8M -{% else %} -CacheSize=32M -{% endif %} -{% endif %} -{% if zabbix_server_cacheupdatefrequency is defined and zabbix_server_cacheupdatefrequency is not none %} -CacheUpdateFrequency={{ zabbix_server_cacheupdatefrequency }} -{% else %} -{% if zabbix_version is version('6.4', '<') %} -CacheUpdateFrequency=60 -{% else %} -CacheUpdateFrequency=10 -{%endif %} -{%endif %} -StartDBSyncers={{ zabbix_server_startdbsyncers }} -HistoryCacheSize={{ zabbix_server_historycachesize }} -{% if zabbix_version is version('3.0', '>=') %} -HistoryIndexCacheSize={{ zabbix_server_historyindexcachesize }} -{% endif %} -TrendCacheSize={{ zabbix_server_trendcachesize }} -{% if zabbix_version is version('6.0', '>=') %} -TrendFunctionCacheSize={{ zabbix_server_trendfunctioncachesize }} -{% endif %} -{% if zabbix_version is version('3.0', '<') %} - ### option: historytextcachesize -HistoryTextCacheSize={{ zabbix_server_historytextcachesize }} -{% endif %} -{% if zabbix_version is version('2.2', '>=') %} -ValueCacheSize={{ zabbix_server_valuecachesize }} -{% endif %} -{% if zabbix_version is version('2.4', '<') %} -NodeNoEvents={{ zabbix_server_nodenoevents }} -NodeNoHistory={{ zabbix_server_nodenohistory }} -{% endif %} -Timeout={{ zabbix_server_timeout }} -TrapperTimeout={{ zabbix_server_trappertimeout }} -UnreachablePeriod={{ zabbix_server_unreachableperiod }} -UnavailableDelay={{ zabbix_server_unavailabledelay }} -UnreachableDelay={{ zabbix_server_unreachabledelay }} -AlertScriptsPath={{ zabbix_server_alertscriptspath }} -ExternalScripts={{ zabbix_server_externalscriptspath }} -FpingLocation={{ zabbix_server_fpinglocation }} -Fping6Location={{ zabbix_server_fping6location }} -{% if zabbix_server_sshkeylocation is defined and zabbix_server_sshkeylocation %} -SSHKeyLocation={{ zabbix_server_sshkeylocation }} -{% endif %} -LogSlowQueries={{ zabbix_server_logslowqueries }} -TmpDir={{ zabbix_server_tmpdir }} -StartProxyPollers={{ zabbix_server_startproxypollers }} -{% if zabbix_server_proxyconfigfrequency is defined and zabbix_server_proxyconfigfrequency is not none %} -ProxyConfigFrequency={{ zabbix_server_proxyconfigfrequency }} -{% else %} -{% if zabbix_version is version('6.2', '<') %} -ProxyConfigFrequency=3600 -{% elif zabbix_version is version('6.4', '<') %} -ProxyConfigFrequency=300 -{% else %} -ProxyConfigFrequency=10 -{% endif %} -{% endif %} -ProxyDataFrequency={{ zabbix_server_proxydatafrequency }} -{% if zabbix_version is version('2.2', '>=') %} -AllowRoot={{ zabbix_server_allowroot }} -{% endif %} -{% if zabbix_version is version('3.0', '>=') %} -User={{ zabbix_server_user }} -{% endif %} -Include={{ zabbix_server_include }} -{% if zabbix_version is version('3.0', '>=') %} -SSLCertLocation={{ zabbix_server_sslcertlocation }} -SSLKeyLocation={{ zabbix_server_sslkeylocation }} -{% if zabbix_server_sslcalocation is defined and zabbix_server_sslcalocation is not none %} -SSLCALocation={{ zabbix_server_sslcalocation }} -{% endif %} -{% endif %} -{% if zabbix_version is version('2.2', '>=') %} -LoadModulePath={{ zabbix_server_loadmodulepath }} -{% endif %} -{% if zabbix_server_loadmodule is defined and zabbix_server_loadmodule %} -LoadModule = {{ zabbix_server_loadmodule }} -{% endif %} -{% if zabbix_version is version('3.0', '>=') %} -{% if zabbix_server_tlscafile is defined and zabbix_server_tlscafile is not none %} -TLSCAFile={{ zabbix_server_tlscafile }} -{% endif %} -{% if zabbix_server_tlscrlfile is defined and zabbix_server_tlscrlfile is not none %} -TLSCRLFile={{ zabbix_server_tlscrlfile }} -{% endif %} -{% if zabbix_server_tlscertfile is defined and zabbix_server_tlscertfile is not none %} -TLSCertFile={{ zabbix_server_tlscertfile }} -{% endif %} -{% if zabbix_server_tlskeyfile is defined and zabbix_server_tlskeyfile is not none %} -TLSKeyFile={{ zabbix_server_tlskeyfile }} -{% endif %} -{% endif %} -{% if zabbix_server_dbtlsconnect is defined and zabbix_server_dbtlsconnect is not none %} -DBTLSConnect={{ zabbix_server_dbtlsconnect }} -{% endif %} -{% if zabbix_server_dbtlscafile is defined and zabbix_server_dbtlscafile is not none %} -DBTLSCAFile={{ zabbix_server_dbtlscafile }} -{% endif %} -{% if zabbix_server_dbtlscertfile is defined and zabbix_server_dbtlscertfile is not none %} -DBTLSCertFile={{ zabbix_server_dbtlscertfile }} -{% endif %} -{% if zabbix_server_dbtlskeyfile is defined and zabbix_server_dbtlskeyfile is not none %} -DBTLSKeyFile={{ zabbix_server_dbtlskeyfile }} -{% endif %} -{% if zabbix_server_dbtlscipher is defined and zabbix_server_dbtlscipher is not none %} -DBTLSCipher={{ zabbix_server_dbtlscipher }} -{% endif %} -{% if zabbix_server_dbtlscipher13 is defined and zabbix_server_dbtlscipher13 is not none %} -DBTLSCipher13={{ zabbix_server_dbtlscipher13 }} -{% endif %} -{% if zabbix_version is version('6.0', '>=') %} -{% if zabbix_server_vaulttoken is defined and zabbix_server_vaulttoken is not none %} -VaultToken={{ zabbix_server_vaulttoken }} -{% endif %} -{% if zabbix_server_vaulturl is defined and zabbix_server_vaulturl is not none %} -VaultURL={{ zabbix_server_vaulturl }} -{% endif %} -{% if zabbix_server_vaultdbpath is defined and zabbix_server_vaultdbpath is not none %} -VaultDBPath={{ zabbix_server_vaultdbpath }} -{% endif %} -{% if zabbix_server_vaulttlscertfile is defined and zabbix_server_vaulttlscertfile is not none %} -VaultTLSKeyFile={{ zabbix_server_vaulttlscertfile }} -{% endif %} -{% if zabbix_server_vaulttlskeyfile is defined and zabbix_server_vaulttlskeyfile is not none %} -VaultTLSCertFile={{ zabbix_server_vaulttlskeyfile }} -{% endif %} -{% if zabbix_server_startreportwriters is defined and zabbix_server_startreportwriters is not none %} -StartReportWriters={{ zabbix_server_startreportwriters }} -{% endif %} -{% if zabbix_server_webserviceurl is defined and zabbix_server_webserviceurl is not none %} -WebServiceURL={{ zabbix_server_webserviceurl }} -{% endif %} -{% if zabbix_server_servicemanagersyncfrequency is defined and zabbix_server_servicemanagersyncfrequency is not none %} -ServiceManagerSyncFrequency={{ zabbix_server_servicemanagersyncfrequency }} -{% endif %} -{% if zabbix_server_problemhousekeepingfrequency is defined and zabbix_server_problemhousekeepingfrequency is not none %} -ProblemHousekeepingFrequency={{ zabbix_server_problemhousekeepingfrequency }} -{% endif %} -{% if zabbix_version is version('6.2', '>=') %} -StartODBCPollers={{ zabbix_server_startodbcpollers }} -{% endif %} -{% if zabbix_server_listenbacklog is defined and zabbix_server_listenbacklog is not none %} -ListenBacklog={{ zabbix_server_listenbacklog }} -{% endif %} -{% if zabbix_server_hanodename is defined and zabbix_server_hanodename is not none %} -HANodeName={{ zabbix_server_hanodename }} -{% endif %} -{% if zabbix_server_nodeaddress is defined and zabbix_server_nodeaddress is not none %} -NodeAddress={{ zabbix_server_nodeaddress }} -{% endif %} -{% endif %} +{{ (zabbix_server_alertscriptspath is defined and zabbix_server_alertscriptspath is not none) | ternary('', '# ') }}AlertScriptsPath={{ zabbix_server_alertscriptspath | default('') }} +{{ (zabbix_server_allowroot is defined and zabbix_server_allowroot is not none) | ternary('', '# ') }}AllowRoot={{ zabbix_server_allowroot | default('') }} +{{ (zabbix_server_allowunsupporteddbversions is defined and zabbix_server_allowunsupporteddbversions is not none) | ternary('', '# ') }}AllowUnsupportedDBVersions={{ zabbix_server_allowunsupporteddbversions | default('') }} +{{ (zabbix_server_cachesize is defined and zabbix_server_cachesize is not none) | ternary('', '# ') }}CacheSize={{ zabbix_server_cachesize | default('') }} +{{ (zabbix_server_cacheupdatefrequency is defined and zabbix_server_cacheupdatefrequency is not none) | ternary('', '# ') }}CacheUpdateFrequency={{ zabbix_server_cacheupdatefrequency | default('') }} +{{ (zabbix_server_dbhost is defined and zabbix_server_dbhost is not none) | ternary('', '# ') }}DBHost={{ zabbix_server_dbhost | default('') }} +{{ (zabbix_server_dbname is defined and zabbix_server_dbname is not none) | ternary('', '# ') }}DBName={{ zabbix_server_dbname | default('') }} +{{ (zabbix_server_dbpassword is defined and zabbix_server_dbpassword is not none) | ternary('', '# ') }}DBPassword={{ zabbix_server_dbpassword | default('') }} +{{ (zabbix_server_dbport is defined and zabbix_server_dbport is not none) | ternary('', '# ') }}DBPort={{ zabbix_server_dbport | default('') }} +{{ (zabbix_server_dbschema is defined and zabbix_server_dbschema is not none) | ternary('', '# ') }}DBSchema={{ zabbix_server_dbschema | default('') }} +{{ (zabbix_server_dbsocket is defined and zabbix_server_dbsocket is not none) | ternary('', '# ') }}DBSocket={{ zabbix_server_dbsocket | default('') }} +{{ (zabbix_server_dbtlscafile is defined and zabbix_server_dbtlscafile is not none) | ternary('', '# ') }}DBTLSCAFile={{ zabbix_server_dbtlscafile | default('') }} +{{ (zabbix_server_dbtlscertfile is defined and zabbix_server_dbtlscertfile is not none) | ternary('', '# ') }}DBTLSCertFile={{ zabbix_server_dbtlscertfile | default('') }} +{{ (zabbix_server_dbtlscipher is defined and zabbix_server_dbtlscipher is not none) | ternary('', '# ') }}DBTLSCipher={{ zabbix_server_dbtlscipher | default('') }} +{{ (zabbix_server_dbtlscipher13 is defined and zabbix_server_dbtlscipher13 is not none) | ternary('', '# ') }}DBTLSCipher13={{ zabbix_server_dbtlscipher13 | default('') }} +{{ (zabbix_server_dbtlsconnect is defined and zabbix_server_dbtlsconnect is not none) | ternary('', '# ') }}DBTLSConnect={{ zabbix_server_dbtlsconnect | default('') }} +{{ (zabbix_server_dbtlskeyfile is defined and zabbix_server_dbtlskeyfile is not none) | ternary('', '# ') }}DBTLSKeyFile={{ zabbix_server_dbtlskeyfile | default('') }} +{{ (zabbix_server_dbuser is defined and zabbix_server_dbuser is not none) | ternary('', '# ') }}DBUser={{ zabbix_server_dbuser | default('') }} +{{ (zabbix_server_debuglevel is defined and zabbix_server_debuglevel is not none) | ternary('', '# ') }}DebugLevel={{ zabbix_server_debuglevel | default('') }} +{{ (zabbix_server_exportdir is defined and zabbix_server_exportdir is not none) | ternary('', '# ') }}ExportDir={{ zabbix_server_exportdir | default('') }} +{{ (zabbix_server_exportfilesize is defined and zabbix_server_exportfilesize is not none) | ternary('', '# ') }}ExportFileSize={{ zabbix_server_exportfilesize | default('') }} +{{ (zabbix_server_exporttype is defined and zabbix_server_exporttype is not none) | ternary('', '# ') }}ExportType={{ zabbix_server_exporttype | default('') }} +{{ (zabbix_server_externalscriptspath is defined and zabbix_server_externalscriptspath is not none) | ternary('', '# ') }}ExternalScripts={{ zabbix_server_externalscriptspath | default('') }} +{{ (zabbix_server_fping6location is defined and zabbix_server_fping6location is not none) | ternary('', '# ') }}Fping6Location={{ zabbix_server_fping6location | default('') }} +{{ (zabbix_server_fpinglocation is defined and zabbix_server_fpinglocation is not none) | ternary('', '# ') }}FpingLocation={{ zabbix_server_fpinglocation | default('') }} +{{ (zabbix_server_hanodename is defined and zabbix_server_hanodename is not none) | ternary('', '# ') }}HANodeName={{ zabbix_server_hanodename | default('') }} +{{ (zabbix_server_historycachesize is defined and zabbix_server_historycachesize is not none) | ternary('', '# ') }}HistoryCacheSize={{ zabbix_server_historycachesize | default('') }} +{{ (zabbix_server_historyindexcachesize is defined and zabbix_server_historyindexcachesize is not none) | ternary('', '# ') }}HistoryIndexCacheSize={{ zabbix_server_historyindexcachesize | default('') }} +{{ (zabbix_server_historystoragedateindex is defined and zabbix_server_historystoragedateindex is not none) | ternary('', '# ') }}HistoryStorageDateIndex={{ zabbix_server_historystoragedateindex | default('') }} +{{ (zabbix_server_historystoragetypes is defined and zabbix_server_historystoragetypes is not none) | ternary('', '# ') }}HistoryStorageTypes={{ zabbix_server_historystoragetypes | default('') }} +{{ (zabbix_server_historystorageurl is defined and zabbix_server_historystorageurl is not none) | ternary('', '# ') }}HistoryStorageURL={{ zabbix_server_historystorageurl | default('') }} +{{ (zabbix_server_housekeepingfrequency is defined and zabbix_server_housekeepingfrequency is not none) | ternary('', '# ') }}HousekeepingFrequency={{ zabbix_server_housekeepingfrequency | default('') }} +{{ (zabbix_server_include is defined and zabbix_server_include is not none) | ternary('', '# ') }}Include={{ zabbix_server_include | default('') }} +{{ (zabbix_server_javagateway is defined and zabbix_server_javagateway is not none) | ternary('', '# ') }}JavaGateway={{ zabbix_server_javagateway | default('') }} +{{ (zabbix_server_javagatewayport is defined and zabbix_server_javagatewayport is not none) | ternary('', '# ') }}JavaGatewayPort={{ zabbix_server_javagatewayport | default('') }} +{{ (zabbix_server_listenbacklog is defined and zabbix_server_listenbacklog is not none) | ternary('', '# ') }}ListenBacklog={{ zabbix_server_listenbacklog | default('') }} +{{ (zabbix_server_listenip is defined and zabbix_server_listenip is not none) | ternary('', '# ') }}ListenIP={{ zabbix_server_listenip | default('') }} +{{ (zabbix_server_listenport is defined and zabbix_server_listenport is not none) | ternary('', '# ') }}ListenPort={{ zabbix_server_listenport | default('') }} +{{ (zabbix_server_loadmodule is defined and zabbix_server_loadmodule is not none) | ternary('', '# ') }}LoadModule={{ zabbix_server_loadmodule | default('') }} +{{ (zabbix_server_loadmodulepath is defined and zabbix_server_loadmodulepath is not none) | ternary('', '# ') }}LoadModulePath={{ zabbix_server_loadmodulepath | default('') }} +{{ (zabbix_server_logfile is defined and zabbix_server_logfile is not none) | ternary('', '# ') }}LogFile={{ zabbix_server_logfile | default('') }} +{{ (zabbix_server_logfilesize is defined and zabbix_server_logfilesize is not none) | ternary('', '# ') }}LogFileSize={{ zabbix_server_logfilesize | default('') }} +{{ (zabbix_server_logslowqueries is defined and zabbix_server_logslowqueries is not none) | ternary('', '# ') }}LogSlowQueries={{ zabbix_server_logslowqueries | default('') }} +{{ (zabbix_server_logtype is defined and zabbix_server_logtype is not none) | ternary('', '# ') }}LogType={{ zabbix_server_logtype | default('') }} +{{ (zabbix_server_maxhousekeeperdelete is defined and zabbix_server_maxhousekeeperdelete is not none) | ternary('', '# ') }}MaxHousekeeperDelete={{ zabbix_server_maxhousekeeperdelete | default('') }} +{{ (zabbix_server_nodeaddress is defined and zabbix_server_nodeaddress is not none) | ternary('', '# ') }}NodeAddress={{ zabbix_server_nodeaddress | default('') }} +{{ (zabbix_server_pidfile is defined and zabbix_server_pidfile is not none) | ternary('', '# ') }}PidFile={{ zabbix_server_pidfile | default('') }} +{{ (zabbix_server_proxyconfigfrequency is defined and zabbix_server_proxyconfigfrequency is not none) | ternary('', '# ') }}ProxyConfigFrequency={{ zabbix_server_proxyconfigfrequency | default('') }} +{{ (zabbix_server_proxydatafrequency is defined and zabbix_server_proxydatafrequency is not none) | ternary('', '# ') }}ProxyDataFrequency={{ zabbix_server_proxydatafrequency | default('') }} +{{ (zabbix_server_snmptrapperfile is defined and zabbix_server_snmptrapperfile is not none) | ternary('', '# ') }}SNMPTrapperFile={{ zabbix_server_snmptrapperfile | default('') }} +{{ (zabbix_server_socketdir is defined and zabbix_server_socketdir is not none) | ternary('', '# ') }}SocketDir={{ zabbix_server_socketdir | default('') }} +{{ (zabbix_server_sourceip is defined and zabbix_server_sourceip is not none) | ternary('', '# ') }}SourceIP={{ zabbix_server_sourceip | default('') }} +{{ (zabbix_server_sshkeylocation is defined and zabbix_server_sshkeylocation is not none) | ternary('', '# ') }}SSHKeyLocation={{ zabbix_server_sshkeylocation | default('') }} +{{ (zabbix_server_sslcalocation is defined and zabbix_server_sslcalocation is not none) | ternary('', '# ') }}SSLCALocation={{ zabbix_server_sslcalocation | default('') }} +{{ (zabbix_server_sslcertlocation is defined and zabbix_server_sslcertlocation is not none) | ternary('', '# ') }}SSLCertLocation={{ zabbix_server_sslcertlocation | default('') }} +{{ (zabbix_server_sslkeylocation is defined and zabbix_server_sslkeylocation is not none) | ternary('', '# ') }}SSLKeyLocation={{ zabbix_server_sslkeylocation | default('') }} +{{ (zabbix_server_startalerters is defined and zabbix_server_startalerters is not none) | ternary('', '# ') }}StartAlerters={{ zabbix_server_startalerters | default('') }} +{{ (zabbix_server_startdbsyncers is defined and zabbix_server_startdbsyncers is not none) | ternary('', '# ') }}StartDBSyncers={{ zabbix_server_startdbsyncers | default('') }} +{{ (zabbix_server_startdiscoverers is defined and zabbix_server_startdiscoverers is not none) | ternary('', '# ') }}StartDiscoverers={{ zabbix_server_startdiscoverers | default('') }} +{{ (zabbix_server_startescalators is defined and zabbix_server_startescalators is not none) | ternary('', '# ') }}StartEscalators={{ zabbix_server_startescalators | default('') }} +{{ (zabbix_server_starthistorypollers is defined and zabbix_server_starthistorypollers is not none) | ternary('', '# ') }}StartHistoryPollers={{ zabbix_server_starthistorypollers | default('') }} +{{ (zabbix_server_starthttppollers is defined and zabbix_server_starthttppollers is not none) | ternary('', '# ') }}StartHTTPPollers={{ zabbix_server_starthttppollers | default('') }} +{{ (zabbix_server_startipmipollers is defined and zabbix_server_startipmipollers is not none) | ternary('', '# ') }}StartIPMIPollers={{ zabbix_server_startipmipollers | default('') }} +{{ (zabbix_server_startjavapollers is defined and zabbix_server_startjavapollers is not none) | ternary('', '# ') }}StartJavaPollers={{ zabbix_server_startjavapollers | default('') }} +{{ (zabbix_server_startlldprocessors is defined and zabbix_server_startlldprocessors is not none) | ternary('', '# ') }}StartLLDProcessors={{ zabbix_server_startlldprocessors | default('') }} +{{ (zabbix_server_startodbcpollers is defined and zabbix_server_startodbcpollers is not none) | ternary('', '# ', '# ') }}StartODBCPollers={{ zabbix_server_startodbcpollers | default('') }} +{{ (zabbix_server_startpingers is defined and zabbix_server_startpingers is not none) | ternary('', '# ') }}StartPingers={{ zabbix_server_startpingers | default('') }} +{{ (zabbix_server_startpollers is defined and zabbix_server_startpollers is not none) | ternary('', '# ') }}StartPollers={{ zabbix_server_startpollers | default('') }} +{{ (zabbix_server_startpollersunreachable is defined and zabbix_server_startpollersunreachable is not none) | ternary('', '# ') }}StartPollersUnreachable={{ zabbix_server_startpollersunreachable | default('') }} +{{ (zabbix_server_startpreprocessors is defined and zabbix_server_startpreprocessors is not none) | ternary('', '# ') }}StartPreprocessors={{ zabbix_server_startpreprocessors | default('') }} +{{ (zabbix_server_startproxypollers is defined and zabbix_server_startproxypollers is not none) | ternary('', '# ') }}StartProxyPollers={{ zabbix_server_startproxypollers | default('') }} +{{ (zabbix_server_startreportwriters is defined and zabbix_server_startreportwriters is not none) | ternary('', '# ') }}StartReportWriters={{ zabbix_server_startreportwriters | default('') }} +{{ (zabbix_server_startsnmptrapper is defined and zabbix_server_startsnmptrapper is not none) | ternary('', '# ') }}StartSNMPTrapper={{ zabbix_server_startsnmptrapper | default('') }} +{{ (zabbix_server_starttimers is defined and zabbix_server_starttimers is not none) | ternary('', '# ') }}StartTimers={{ zabbix_server_starttimers | default('') }} +{{ (zabbix_server_starttrappers is defined and zabbix_server_starttrappers is not none) | ternary('', '# ') }}StartTrappers={{ zabbix_server_starttrappers | default('') }} +{{ (zabbix_server_startvmwarecollectors is defined and zabbix_server_startvmwarecollectors is not none) | ternary('', '# ') }}StartVMwareCollectors={{ zabbix_server_startvmwarecollectors | default('') }} +{{ (zabbix_server_statsallowedip is defined and zabbix_server_statsallowedip is not none) | ternary('', '# ') }}StatsAllowedIP={{ zabbix_server_statsallowedip | default('') }} +{{ (zabbix_server_timeout is defined and zabbix_server_timeout is not none) | ternary('', '# ') }}Timeout={{ zabbix_server_timeout | default('') }} +{{ (zabbix_server_tlscafile is defined and zabbix_server_tlscafile is not none) | ternary('', '# ') }}TLSCAFile={{ zabbix_server_tlscafile | default('') }} +{{ (zabbix_server_tlscertfile is defined and zabbix_server_tlscertfile is not none) | ternary('', '# ') }}TLSCertFile={{ zabbix_server_tlscertfile | default('') }} +{{ (zabbix_server_tlscipherall is defined and zabbix_server_tlscipherall is not none) | ternary('', '# ') }}TLSCipherAll={{ zabbix_server_tlscipherall | default('') }} +{{ (zabbix_server_tlscipherall13 is defined and zabbix_server_tlscipherall13 is not none) | ternary('', '# ') }}TLSCipherAll13={{ zabbix_server_tlscipherall13 | default('') }} +{{ (zabbix_server_tlsciphercert is defined and zabbix_server_tlsciphercert is not none) | ternary('', '# ') }}TLSCipherCert={{ zabbix_server_tlsciphercert | default('') }} +{{ (zabbix_server_tlsciphercert13 is defined and zabbix_server_tlsciphercert13 is not none) | ternary('', '# ') }}TLSCipherCert13={{ zabbix_server_tlsciphercert13 | default('') }} +{{ (zabbix_server_tlscipherpsk is defined and zabbix_server_tlscipherpsk is not none) | ternary('', '# ') }}TLSCipherPSK={{ zabbix_server_tlscipherpsk | default('') }} +{{ (zabbix_server_tlscipherpsk13 is defined and zabbix_server_tlscipherpsk13 is not none) | ternary('', '# ') }}TLSCipherPSK13={{ zabbix_server_tlscipherpsk13 | default('') }} +{{ (zabbix_server_tlscrlfile is defined and zabbix_server_tlscrlfile is not none) | ternary('', '# ') }}TLSCRLFile={{ zabbix_server_tlscrlfile | default('') }} +{{ (zabbix_server_tlskeyfile is defined and zabbix_server_tlskeyfile is not none) | ternary('', '# ') }}TLSKeyFile={{ zabbix_server_tlskeyfile | default('') }} +{{ (zabbix_server_tmpdir is defined and zabbix_server_tmpdir is not none) | ternary('', '# ') }}TmpDir={{ zabbix_server_tmpdir | default('') }} +{{ (zabbix_server_trappertimeout is defined and zabbix_server_trappertimeout is not none) | ternary('', '# ') }}TrapperTimeout={{ zabbix_server_trappertimeout | default('') }} +{{ (zabbix_server_trendcachesize is defined and zabbix_server_trendcachesize is not none) | ternary('', '# ') }}TrendCacheSize={{ zabbix_server_trendcachesize | default('') }} +{{ (zabbix_server_trendfunctioncachesize is defined and zabbix_server_trendfunctioncachesize is not none) | ternary('', '# ') }}TrendFunctionCacheSize={{ zabbix_server_trendfunctioncachesize | default('') }} +{{ (zabbix_server_unavailabledelay is defined and zabbix_server_unavailabledelay is not none) | ternary('', '# ') }}UnavailableDelay={{ zabbix_server_unavailabledelay | default('') }} +{{ (zabbix_server_unreachabledelay is defined and zabbix_server_unreachabledelay is not none) | ternary('', '# ') }}UnreachableDelay={{ zabbix_server_unreachabledelay | default('') }} +{{ (zabbix_server_unreachableperiod is defined and zabbix_server_unreachableperiod is not none) | ternary('', '# ') }}UnreachablePeriod={{ zabbix_server_unreachableperiod | default('') }} +{{ (zabbix_server_user is defined and zabbix_server_user is not none) | ternary('', '# ') }}User={{ zabbix_server_user | default('') }} +{{ (zabbix_server_valuecachesize is defined and zabbix_server_valuecachesize is not none) | ternary('', '# ') }}ValueCacheSize={{ zabbix_server_valuecachesize | default('') }} +{% if zabbix_server_version is version('6.2', '>=') %} +{{ (zabbix_server_vault is defined and zabbix_server_vault is not none) | ternary('', '# ') }}Vault={{ zabbix_server_vault | default('') }} +{% endif %} +{% if zabbix_server_version is version('6.4', '>=') %} +{{ (zabbix_server_connectors is defined and zabbix_server_connectors is not none) | ternary('', '# ') }}StartConnectors={{ zabbix_server_connectors | default('') }} +{% endif %} +{{ (zabbix_server_vaultdbpath is defined and zabbix_server_vaultdbpath is not none) | ternary('', '# ') }}VaultDBPath={{ zabbix_server_vaultdbpath | default('') }} +{% if zabbix_server_version is version('6.2', '>=') %} +{{ (zabbix_server_vaulttlskeyfile is defined and zabbix_server_vaulttlskeyfile is not none) | ternary('', '# ') }}VaultTLSKeyFile={{ zabbix_server_vaulttlskeyfile | default('') }} +{{ (zabbix_server_vaulttlscertfile is defined and zabbix_server_vaulttlscertfile is not none) | ternary('', '# ') }}VaultTLSCertFile={{ zabbix_server_vaulttlscertfile | default('') }} +{% endif %} +{{ (zabbix_server_vaulttoken is defined and zabbix_server_vaulttoken is not none) | ternary('', '# ') }}VaultToken={{ zabbix_server_vaulttoken | default('') }} +{{ (zabbix_server_vaulturl is defined and zabbix_server_vaulturl is not none) | ternary('', '# ') }}VaultURL={{ zabbix_server_vaulturl | default('') }} +{{ (zabbix_server_vmwarecachesize is defined and zabbix_server_vmwarecachesize is not none) | ternary('', '# ') }}VMwareCacheSize={{ zabbix_server_vmwarecachesize | default('') }} +{{ (zabbix_server_vmwarefrequency is defined and zabbix_server_vmwarefrequency is not none) | ternary('', '# ') }}VMwareFrequency={{ zabbix_server_vmwarefrequency | default('') }} +{{ (zabbix_server_vmwareperffrequency is defined and zabbix_server_vmwareperffrequency is not none) | ternary('', '# ') }}VMwarePerfFrequency={{ zabbix_server_vmwareperffrequency | default('') }} +{{ (zabbix_server_vmwaretimeout is defined and zabbix_server_vmwaretimeout is not none) | ternary('', '# ') }}VMwareTimeout={{ zabbix_server_vmwaretimeout | default('') }} +{{ (zabbix_server_webserviceurl is defined and zabbix_server_webserviceurl is not none) | ternary('', '# ') }}WebServiceURL={{ zabbix_server_webserviceurl | default('') }} diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml index 1639e94b3..4074869e6 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml @@ -7,30 +7,29 @@ mysql_create_dir: "" zabbix_valid_server_versions: # Debian + "12": + - 6.4 + - 6.0 "11": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "10": - 6.0 - - 5.0 - - 4.0 - "9": - - 4.0 # Ubuntu "22": - 6.4 + - 6.2 - 6.0 "20": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "18": - 6.0 - - 5.0 - - 4.0 -zabbix_server_fpinglocation: /usr/bin/fping -zabbix_server_fping6location: /usr/bin/fping6 +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}" +_zabbix_server_fping6location: /usr/bin/fping6 +_zabbix_server_fpinglocation: /usr/bin/fping diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml index 016eae514..c2e0f14f3 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml @@ -5,18 +5,32 @@ apache_log: httpd mysql_create_dir: create/ +__epel_repo: + - epel + zabbix_valid_server_versions: "9": - 6.4 + - 6.2 - 6.0 "8": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 - "7": - - 5.0 - - 4.0 -zabbix_server_fpinglocation: /usr/sbin/fping -zabbix_server_fping6location: /usr/sbin/fping6 +pgsql_depenencies: + "9": + - python3-psycopg2 + "8": + - python3-psycopg2 + +mysql_client_pkgs: + "9": + - mysql + - python3-PyMySQL + "8": + - mysql + - python3-PyMySQL + +_zabbix_server_fping6location: /usr/sbin/fping6 +_zabbix_server_fpinglocation: /usr/sbin/fping diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml deleted file mode 100644 index 7a642c9d6..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml +++ /dev/null @@ -1,261 +0,0 @@ ---- -sign_keys: - "64": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "62": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "60": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "54": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - jessie: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "52": - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - jessie: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "50": - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - jessie: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "44": - focal: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "42": - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "40": - focal: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "34": - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "32": - bionic: - sign_key: A14FE591 - sonya: - sign_key: 79EA5ED4 - serena: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - jessie: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "30": - bionic: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "24": - wheezy: - sign_key: 79EA5ED4 - jessie: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - "22": - squeeze: - sign_key: 79EA5ED4 - jessie: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - lucid: - sign_key: 79EA5ED4 - -suse: - "openSUSE Leap": - "42": - name: server:monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ - "openSUSE": - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} - "SLES": - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/ diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/README.md b/ansible_collections/community/zabbix/roles/zabbix_web/README.md index cef5d62e7..5904f8288 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/README.md +++ b/ansible_collections/community/zabbix/roles/zabbix_web/README.md @@ -43,7 +43,7 @@ Please send Pull Requests or suggestions when you want to use this role for othe ## Ansible 2.10 and higher -With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. The `community.general` collection is required when defining the `zabbix_web_htpasswd` variable (see variable section below). Installing the collections: +With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. Installing the collections: ```sh ansible-galaxy collection install ansible.posix @@ -54,25 +54,16 @@ ansible-galaxy collection install community.general See the following list of supported Operating Systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----------|-----|-----|------------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 22.04 jammy | V | V | V | | | | | | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | V | | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | V | | | -| Debian 9 stretch | | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | | | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | | | V | # Installation @@ -93,107 +84,77 @@ The following is an overview of all available configuration defaults for this ro ### Overall Zabbix -* `zabbix_web_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_web_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_web_version: 6.0`. * `zabbix_web_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. - +* `zabbix_web_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_web_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. -* `zabbix_web_centos_release`: Default: True. When the `centos-release-scl` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`. -* `zabbix_web_rhel_release`: Default: True. When the `scl-utils` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`. * `zabbix_web_doubleprecision`: Default: `False`. For upgraded installations, please read database [upgrade notes](https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500) (Paragraph "Enabling extended range of numeric (float) values") before enabling this option. * `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### Zabbix Web specific * `zabbix_api_server_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook" +* `zabbix_web_http_server`: Which web server is in use. Valid values are 'apache' and 'nginx'. Default is `apache` * `zabbix_url_aliases`: A list with Aliases for the Apache Virtual Host configuration. * `zabbix_timezone`: Default: `Europe/Amsterdam`. This is the timezone. The Apache Virtual Host needs this parameter. -* `zabbix_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False. +* `zabbix_web_create_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False. +* `zabbix_web_create_php_fpm`: Configure php-fpm (Debian hosts only). Default is to use the same value as `zabbix_web_create_vhost`. * `zabbix_web_env`: (Optional) A Dictionary of PHP Environments settings. -* `zabbix_web_conf_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). -* `zabbix_web_conf_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). -* `zabbix_web_htpasswd`: (Optional) Allow HTTP authentication at the webserver level via a htpasswd file. -* `zabbix_web_htpasswd_file`: Default: `/etc/zabbix/web/htpasswd`. Allows the change the default path to the htpasswd file. -* `zabbix_web_htpasswd_users`: (Optional) Dictionary for creating users via `htpasswd_user` and passphrases via `htpasswd_pass` in htpasswd file. -* `zabbix_web_allowlist_ips`: (Optional) Allow web access at webserver level to a list of defined IPs or CIDR. +* `zabbix_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). +* `zabbix_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). * `zabbix_web_connect_ha_backend`: (Optional) Default: `false`. When set to `true` values for Zabbix server will not be written and frontend gets values from database to connect to active cluster node. Set `true` when operating Zabbix servers in a cluste (only >=6.0). * `zabbix_saml_idp_crt`: (Optional) The path to the certificate of the Identity Provider used for SAML authentication * `zabbix_saml_sp_crt`: (Optional) The path to the public certificate of Zabbix as Service Provider * `zabbix_saml_sp_key`: (Optional) The path to the private certificate of Zabbix as Service Provider -#### Apache configuration +#### Apache/Nginx Configuration -* `zabbix_apache_vhost_port`: The port on which Zabbix HTTP vhost is running. -* `zabbix_apache_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. -* `zabbix_apache_vhost_listen_ip`: On which interface the Apache Virtual Host is available. +* `zabbix_web_vhost_port`: The port on which Zabbix HTTP vhost is running. +* `zabbix_web_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. +* `zabbix_web_vhost_listen_ip`: On which interface the Apache Virtual Host is available. * `zabbix_apache_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP. -* `zabbix_php_install`: Default: `true`. True / False. Switch for extra install of packages for PHP, currently on for Debian/Ubuntu. -* `zabbix_web_max_execution_time`: -* `zabbix_web_memory_limit`: -* `zabbix_web_post_max_size`: -* `zabbix_web_upload_max_filesize`: +* `zabbix_web_max_execution_time`: PHP max execution time +* `zabbix_web_memory_limit`: PHP memory limit +* `zabbix_web_post_max_size`: PHP maximum post size +* `zabbix_web_upload_max_filesize`: PHP maximum file size * `zabbix_web_max_input_time`: -* `zabbix_apache_include_custom_fragment`: Default: `true`. Includes php_value vars max_execution_time, memory_limit, post_max_size, upload_max_filesize, max_input_time and date.timezone in vhost file.. place those in php-fpm configuration. -* `zabbix_apache_tls`: If the Apache vhost should be configured with TLS encryption or not. -* `zabbix_apache_redirect`: If a redirect should take place from HTTP to HTTPS -* `zabbix_apache_tls_crt`: The path to the TLS certificate file. -* `zabbix_apache_tls_key`: The path to the TLS key file. -* `zabbix_apache_tls_chain`: The path to the TLS certificate chain file. -* `zabbix_apache_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys. -* `zabbix_apache_SSLSessionCache`: Type of the global/inter-process SSL Session Cache -* `zabbix_apache_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache -* `zabbix_apache_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator +* `zabbix_web_tls`: If the Apache vhost should be configured with TLS encryption or not. +* `zabbix_web_redirect`: If a redirect should take place from HTTP to HTTPS +* `zabbix_web_tls_crt`: The path to the TLS certificate file. +* `zabbix_web_tls_key`: The path to the TLS key file. +* `zabbix_web_tls_chain`: The path to the TLS certificate chain file. +* `zabbix_web_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys. +* `zabbix_web_SSLSessionCache`: Type of the global/inter-process SSL Session Cache +* `zabbix_web_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache +* `zabbix_web_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator * `zabbix_apache_custom_includes`: Configure custom includes. Default: `[]` -When `zabbix_apache_tls_crt`, `zabbix_apache_tls_key` and/or `zabbix_apache_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. +When `zabbix_web_tls_crt`, `zabbix_web_tls_key` and/or `zabbix_web_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. See https://httpd.apache.org/docs/current/mod/mod_ssl.html for SSL* configuration options for Apache HTTPD. #### Nginx configuration -* `zabbix_nginx_vhost_port`: The port on which Zabbix HTTP vhost is running. -* `zabbix_nginx_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. -* `zabbix_nginx_tls`: If the Nginx vhost should be configured with TLS encryption or not. -* `zabbix_nginx_tls_crt`: The path to the TLS certificate file. -* `zabbix_nginx_tls_key`: The path to the TLS key file. -* `zabbix_nginx_tls_dhparam`: The path to the TLS DHParam file. -* `zabbix_nginx_tls_session_cache`: Type of the global/inter-process SSL Session Cache -* `zabbix_nginx_tls_session_timeout`: -* `zabbix_nginx_tls_session_tickets`: -* `zabbix_nginx_tls_protocols`: The TLS Protocols to accept. -* `zabbix_nginx_tls_ciphers`: The TLS Ciphers to be allowed. - -When `zabbix_nginx_tls_crt` and `zabbix_nginx_tls_key` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. #### PHP-FPM The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) configuration: -* `zabbix_php_version`: Either `7.3` or `7.4` (Based on the OS Family). When you want to override the PHP Version. * `zabbix_php_fpm_session`: The directory where sessions will be stored. If none are provided, defaults are used. * `zabbix_php_fpm_listen`: The path to a socket file or ipaddress:port combination on which PHP-FPM needs to listen. If none are provided, defaults are used. * `zabbix_php_fpm_conf_listen`: Default: `true`. If we want to configure the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. * `zabbix_php_fpm_conf_user`: The owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_user`: Default: `true`. If we want to configure the owner of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. + * `zabbix_php_fpm_conf_group`: The group of the owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_group`: Default: `true`. If we want to configure the group of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. -* `zabbix_php_fpm_conf_mode`: The mode for the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_mode`: Default: `true`. If we want to configure the mode of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. -* `zabbix_php_fpm_dir_etc`: etc HOME root directory of PHP-FPM setup. -* `zabbix_php_fpm_dir_var`: Var HOME root directory of PHP-FPM setup. ### Zabbix Server * `zabbix_server_name`: The name of the Zabbix Server. * `zabbix_server_database`: The type of database used. Can be: mysql or pgsql -* `zabbix_server_database_long`: The type of database used, but long name. Can be: mysql or postgresql * `zabbix_server_hostname`: The hostname on which the zabbix-server is running. Default set to: {{ inventory_hostname }} * `zabbix_server_listenport`: On which port the Zabbix Server is available. Default: 10051 * `zabbix_server_dbhost`: The hostname on which the database is running. @@ -201,6 +162,7 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config * `zabbix_server_dbuser`: The database username which is used by the Zabbix Server. * `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server. * `zabbix_server_dbport`: The database port which is used by the Zabbix Server. +* `zabbix_server_dbencryption`: Use encryption with the database connection The following properties are related when using Elasticsearch for history storage: @@ -218,6 +180,17 @@ When the target host does not have access to the internet, but you do have a pro * `zabbix_http_proxy` * `zabbix_https_proxy` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook There are two ways of using the zabbix-web: @@ -237,12 +210,12 @@ When there is one host running both Zabbix Server and the Zabbix Web (Running My - role: geerlingguy.php - role: community.zabbix.zabbix_server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 - role: community.zabbix.zabbix_web zabbix_api_server_url: zabbix.mydomain.com zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 ``` @@ -256,7 +229,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server roles: - role: community.zabbix.zabbix_server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 - hosts: zabbix-web @@ -268,7 +241,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server zabbix_api_server_url: zabbix.mydomain.com zabbix_server_hostname: zabbix-server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 ``` @@ -289,13 +262,13 @@ zabbix.conf.php, for example to add LDAP CA certificates. To do this add a `zabb php_packages: - php - php-fpm - - php-acpu + - php-apcu - role: geerlingguy.apache-php-fpm - role: community.zabbix.zabbix_web zabbix_api_server_url: zabbix.mydomain.com zabbix_server_hostname: zabbix-server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 zabbix_web_env: LDAPTLS_CACERT: /etc/ssl/certs/ourcert.pem diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml index 6e326461e..f37bb07da 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml @@ -1,79 +1,66 @@ --- # defaults file for zabbix-web -# zabbix_web_version: 6.0 -zabbix_web_version_minor: "*" -zabbix_version: "{{ zabbix_web_version }}" -zabbix_repo: zabbix +# zabbix_web_version: 6.4 zabbix_web_package_state: present -zabbix_web_centos_release: true -zabbix_web_rhel_release: true -zabbix_selinux: false zabbix_web_doubleprecision: false -zabbix_web_conf_mode: "0640" +zabbix_web_conf_mode: "0644" zabbix_web_connect_ha_backend: false - -zabbix_url: zabbix.example.com # Will be deprecated in 2.0.0 -zabbix_api_server_url: "{{ zabbix_url }}" -zabbix_websrv: apache -zabbix_websrv_servername: "{{ zabbix_api_server_url | regex_findall('(?:https?\\://)?([\\w\\-\\.]+)') | first }}" +zabbix_api_server_url: zabbix.example.com +zabbix_web_http_server: apache zabbix_url_aliases: [] -zabbix_web_htpasswd: false -zabbix_web_htpasswd_file: /etc/zabbix/web/htpasswd -zabbix_timezone: Europe/Amsterdam -zabbix_vhost: true +zabbix_web_create_vhost: true +zabbix_web_create_php_fpm: "{{ zabbix_web_create_vhost }}" -zabbix_php_install: true -zabbix_php_frontend_deprecated: false -zabbix_php_fpm: false -zabbix_php_fpm_dir_etc: /etc/opt/rh/rh-php72/ -zabbix_php_fpm_dir_var: /var/opt/rh/rh-php72/ -zabbix_php_fpm_conf_listen: true -zabbix_php_fpm_conf_enable_user: true -zabbix_php_fpm_conf_enable_group: true -zabbix_php_fpm_conf_mode: "0664" -zabbix_php_fpm_conf_enable_mode: true -zabbix_php_install_state: present +zabbix_server_name: "{{ inventory_hostname }}" +zabbix_server_hostname: "{{ inventory_hostname }}" +zabbix_server_listenport: 10051 -zabbix_apache_vhost_port: 80 -zabbix_apache_vhost_tls_port: 443 -zabbix_apache_vhost_listen_ip: "*" -zabbix_apache_tls: false -zabbix_apache_redirect: false -zabbix_apache_tls_crt: /etc/pki/server.crt -zabbix_apache_tls_key: /etc/pki/server.key -zabbix_apache_tls_chain: -zabbix_apache_can_connect_ldap: false -zabbix_apache_include_custom_fragment: true -zabbix_apache_SSLPassPhraseDialog: exec:/usr/libexec/httpd-ssl-pass-dialog -zabbix_apache_SSLSessionCache: shmcb:/run/httpd/sslcache(512000) -zabbix_apache_SSLSessionCacheTimeout: 300 -zabbix_apache_SSLCryptoDevice: builtin +zabbix_web_vhost_port: 80 +zabbix_web_vhost_tls_port: 443 +zabbix_web_vhost_listen_ip: "*" +zabbix_web_tls: false +zabbix_timezone: Europe/Amsterdam +zabbix_php_fpm_conf_listen: true +# zabbix_web_tls_crt: /etc/pki/server.crt +# zabbix_web_tls_key: /etc/pki/server.key +# zabbix_web_tls_chain: +# zabbix_web_SSLPassPhraseDialog: exec:/usr/libexec/httpd-ssl-pass-dialog +# zabbix_web_SSLSessionCache: shmcb:/run/httpd/sslcache(512000) +# zabbix_web_SSLSessionCacheTimeout: 300 +# zabbix_web_SSLCryptoDevice: builtin +# zabbix_web_max_execution_time: 300 +# zabbix_web_memory_limit: 128M +# zabbix_web_post_max_size: 16M +# zabbix_web_upload_max_filesize: 2M +# zabbix_web_max_input_time: 300 +# zabbix_web_max_input_vars: 10000 zabbix_apache_custom_includes: [] -zabbix_nginx_vhost_port: 80 -zabbix_nginx_vhost_tls_port: 443 -zabbix_nginx_tls: false -zabbix_nginx_redirect: false -zabbix_nginx_tls_session_timeout: 1d -zabbix_nginx_tls_session_cache: shared:MySSL:10m -zabbix_nginx_tls_session_tickets: !!str off -zabbix_nginx_tls_protocols: TLSv1.2 -zabbix_nginx_tls_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - -zabbix_letsencrypt: false -zabbix_letsencrypt_webroot_path: /var/www/letsencrypt -zabbix_letsencrypt_webroot_mode: 0755 +# Database +zabbix_server_database: pgsql +zabbix_server_dbhost: localhost +zabbix_server_dbname: zabbix-server +zabbix_server_dbuser: zabbix-server +zabbix_server_dbpassword: zabbix-server +zabbix_server_dbport: 5432 +zabbix_server_dbencryption: false +zabbix_server_dbverifyhost: false +zabbix_server_dbschema: +# Yum/APT Variables +zabbix_web_apt_priority: +zabbix_web_version_minor: "*" zabbix_repo_yum_gpgcheck: 0 zabbix_repo_yum_schema: https -zabbix_repo_yum_disabled: "*" -zabbix_repo_yum_enabled: [] +zabbix_repo_deb_component: main +zabbix_web_disable_repo: + - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_web_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" mode: "0644" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present @@ -81,41 +68,10 @@ zabbix_repo_yum: description: Zabbix Official Repository non-supported - $basearch baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX state: present -zabbix_5_repo_yum: - - name: zabbix-frontend - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/frontend/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_web_max_execution_time: 300 -zabbix_web_memory_limit: 128M -zabbix_web_post_max_size: 16M -zabbix_web_upload_max_filesize: 2M -zabbix_web_max_input_time: 300 -zabbix_web_max_input_vars: 10000 - -# Database -zabbix_server_database: pgsql -zabbix_server_database_long: postgresql -zabbix_server_name: "{{ inventory_hostname }}" -zabbix_server_hostname: "{{ inventory_hostname }}" -zabbix_server_listenport: 10051 -zabbix_server_dbhost: localhost -zabbix_server_dbname: zabbix-server -zabbix_server_dbuser: zabbix-server -zabbix_server_dbpassword: zabbix-server -zabbix_server_dbport: 5432 -zabbix_server_dbencryption: false -zabbix_server_dbverifyhost: false -zabbix_server_dbschema: - # Elasticsearch # zabbix_server_history_url: # - "'uint' => 'http://localhost:9200'" @@ -130,15 +86,13 @@ zabbix_server_history_types: - "uint" - "dbl" -selinux_allow_zabbix_can_network: false -_zabbix_web_apache_php_addition: false +zabbix_selinux: false +# selinux_allow_zabbix_can_network: false +# zabbix_apache_can_connect_ldap: false # SAML certificates # zabbix_saml_idp_crt: # zabbix_saml_sp_crt: # zabbix_saml_sp_key: -# When the `geerlingguys apache role` is not provided, we have some defaults. -apache_ssl_cipher_suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 -apache_ssl_protocol: all -SSLv3 -TLSv1 -TLSv1.1 -apache_vhosts_version: "2.4" +# zabbix_web_ssl_cipher_suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml index 0d0974632..e97787b12 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml @@ -1,53 +1,43 @@ --- - - name: restart apache - service: + ansible.builtin.service: name: "{{ _apache_service }}" state: restarted enabled: true become: true when: - - zabbix_websrv == 'apache' + - zabbix_web_http_server == 'apache' - name: test nginx config listen: restart nginx - command: nginx -t + ansible.builtin.command: nginx -t register: zabbix_nginx_cfg_check notify: restart nginx tested become: true when: - - zabbix_websrv == 'nginx' + - zabbix_web_http_server == 'nginx' - name: restart nginx tested - service: + ansible.builtin.service: name: nginx state: restarted enabled: true become: true when: - - zabbix_websrv == 'nginx' + - zabbix_web_http_server == 'nginx' - zabbix_nginx_cfg_check.rc == 0 -- name: restart redhat-php-fpm - service: - name: "{{ 'rh-php72-php-fpm' if zabbix_php_fpm else 'php-fpm' }}" - state: restarted - enabled: true - become: true - when: - - zabbix_version is version('5.0', '>=') - - name: restart php-fpm-version - service: - name: php{{ zabbix_php_version }}-fpm + ansible.builtin.service: + name: php{{ zabbix_web_php_installed_version }}-fpm state: restarted enabled: true become: true when: - - zabbix_version is version('5.0', '>=') + - zabbix_web_version is version('5.0', '>=') - name: "clean repo files from proxy creds" - shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true become: true when: - ansible_os_family == 'RedHat' diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml index 8a27b841c..ae1c7de26 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml @@ -1,63 +1,149 @@ --- +- name: "Debian | Set PHP Dependencies" + ansible.builtin.set_fact: + zabbix_web_php_dependencies: "{{ _apache_php_dependencies if zabbix_web_http_server == 'apache' else _nginx_php_dependencies }}" + tags: + - config -- name: "Include Zabbix gpg ids" - include_vars: zabbix.yml +- name: "Debian | Set some variables" + ansible.builtin.set_fact: + zabbix_short_version: "{{ zabbix_web_version | regex_replace('\\.', '') }}" + zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" + zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" + tags: + - always -- name: "Set short version name" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" +- name: "Debian | Update ansible_lsb fact" + ansible.builtin.setup: + gather_subset: + - lsb -- name: "Debian | Install gpg key" - apt_key: - id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}" - url: http://repo.zabbix.com/zabbix-official-repo.key +- name: "Debian | Installing lsb-release" + ansible.builtin.apt: + pkg: lsb-release + update_cache: true + cache_valid_time: 3600 + force: true + state: present + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + tags: + - install + +- name: "Debian | Repo URL" + ansible.builtin.set_fact: + zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}" when: - - zabbix_repo == "zabbix" + - zabbix_repo_deb_url is undefined + tags: + - always + +- name: "Debian | Install PHP Dependencies" + ansible.builtin.apt: + pkg: "{{ zabbix_web_php_dependencies }}" + state: "present" + update_cache: true + cache_valid_time: 0 + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_web_php_dependencies_install + until: zabbix_web_php_dependencies_install is succeeded become: true tags: - - zabbix-web - - init - - config + - install + - dependencies -- name: "Debian | Installing repository {{ ansible_distribution }}" - apt_repository: - repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/ {{ ansible_distribution_release }} main" - state: present +- name: "Debian | Install PgSQL Dependencies" + ansible.builtin.apt: + pkg: "php{{ zabbix_web_php_installed_version }}-pgsql" + state: "present" + update_cache: true + cache_valid_time: 0 + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_web_php_dependencies_install + until: zabbix_web_php_dependencies_install is succeeded + become: true + when: zabbix_server_database == 'pgsql' + tags: + - install + - dependencies + - database + +# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. +# It SHOULD be created with permissions 0755 if it is needed and does not already exist. +# See: https://wiki.debian.org/DebianRepository/UseThirdParty +- name: "Debian | Create /etc/apt/keyrings/ on older versions" + ansible.builtin.file: + path: /etc/apt/keyrings/ + state: directory + mode: "0755" become: true when: - - zabbix_repo == "zabbix" - - ansible_machine != "aarch64" - with_items: - - deb-src - - deb + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or + (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") + +- name: "Debian | Download gpg key" + ansible.builtin.get_url: + url: http://repo.zabbix.com/zabbix-official-repo.key + dest: "{{ zabbix_gpg_key }}" + mode: "0644" + force: true + become: true tags: - - zabbix-web - - init - - config + - install - name: "Debian | Installing repository {{ ansible_distribution }}" - apt_repository: - repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/ {{ ansible_distribution_release }} main" - state: present + ansible.builtin.copy: + dest: /etc/apt/sources.list.d/zabbix.sources + owner: root + group: root + mode: 0644 + content: | + Types: deb deb-src + Enabled: yes + URIs: {{ zabbix_repo_deb_url }} + Suites: {{ ansible_distribution_release }} + Components: {{ zabbix_repo_deb_component }} + Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + Signed-By: {{ zabbix_gpg_key }} become: true + tags: + - install + +- name: "Debian | Create /etc/apt/preferences.d/" + ansible.builtin.file: + path: /etc/apt/preferences.d/ + state: directory + mode: "0755" when: - - zabbix_repo == "zabbix" - - ansible_machine == "aarch64" - with_items: - - deb-src - - deb + - zabbix_web_apt_priority | int + become: true tags: - - zabbix-web - - init - - config + - install -- name: "Debian | Install PHP apart from zabbix-frontend-php deps" - include_tasks: "php_Debian.yml" - when: zabbix_php_install +- name: "Debian | Configuring the weight for APT" + ansible.builtin.copy: + dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" + content: | + Package: zabbix_server-{{ zabbix_proxy_database }} + Pin: origin repo.zabbix.com + Pin-Priority: {{ zabbix_web_apt_priority }} + owner: root + mode: "0644" + when: + - zabbix_web_apt_priority | int + become: true + tags: + - install - name: "Debian | Install zabbix-web" - apt: - pkg: "zabbix-frontend-php{{ '-deprecated' if zabbix_php_frontend_deprecated else '' }}" + ansible.builtin.apt: + pkg: "zabbix-frontend-php" state: "{{ zabbix_web_package_state }}" update_cache: true cache_valid_time: 0 @@ -68,41 +154,13 @@ until: zabbix_web_package_install is succeeded become: true tags: - - zabbix-web - - init - - config + - install - name: "Debian | Link graphfont.ttf (workaround ZBX-10467)" - file: - src: '/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf' - path: '/usr/share/zabbix/fonts/graphfont.ttf' + ansible.builtin.file: + src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf" + path: "/usr/share/zabbix/fonts/graphfont.ttf" state: link - tags: - - zabbix-web - - init - - config - -- name: "Debian | Install PHP" - template: - src: php-fpm.conf.j2 - dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf" - owner: "{{ _apache_user }}" - group: "{{ _apache_group }}" - mode: 0644 become: true - when: - - zabbix_vhost - notify: - - restart php-fpm-version - -- name: "Including Apache Configuration" - include_tasks: apache_Debian.yml - vars: - zabbix_apache_servername: "{{ zabbix_websrv_servername }}" - when: - - zabbix_websrv == 'apache' - -- name: "Configure SELinux when enabled" - include_tasks: selinux.yml - when: - - zabbix_selinux | bool + tags: + - install diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml index bcd4dd666..30871017e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml @@ -1,183 +1,59 @@ ---- -# Tasks specific for RedHat systems +- name: "RedHat | Setting Short PHP Version" + ansible.builtin.set_fact: + zabbix_web_php_installed_version: "{{ zabbix_web_php_installed_version | regex_replace('\\.', '') }}" + tags: + - always - name: "RedHat | Install basic repo file" - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" - description: "{{ item.description }}" + description: "{{ item.description | default(omit) }}" baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" + gpgcheck: "{{ item.gpgcheck | default(omit) }}" + gpgkey: "{{ item.gpgkey | default(omit) }}" mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" + priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true - when: - zabbix_repo == "zabbix" - notify: - - "clean repo files from proxy creds" - tags: - - zabbix-web - -- name: "RedHat | Install basic repo file (Zabbix 5.x)" - yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('98') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_5_repo_yum }}" - become: true - when: - - zabbix_repo == "zabbix" - - zabbix_version is version('5.0', '>=') - - ansible_distribution_major_version != '8' - - ansible_distribution_major_version != '9' notify: - "clean repo files from proxy creds" tags: - - zabbix-web - -- name: "RedHat | Install zabbix-web dependency (Zabbix 5.x) (CentOS)" - yum: - pkg: - - centos-release-scl - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_dependency_package_install - until: zabbix_web_dependency_package_install is succeeded - become: true - when: - - zabbix_version is version('5.0', '>=') - - zabbix_web_centos_release - - ansible_distribution_major_version != '9' - - ansible_distribution_major_version != '8' - - ansible_distribution == "CentOS" - tags: - - zabbix-web - -- name: "RedHat | Install zabbix-web dependency (Zabbix 5.x) (RHEL)" - yum: - pkg: - - scl-utils - - scl-utils-build - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_dependency_package_install - until: zabbix_web_dependency_package_install is succeeded - become: true - when: - - zabbix_version is version('5.0', '>=') - - zabbix_web_centos_release - - ansible_distribution_major_version != '9' - - ansible_distribution_major_version != '8' - - ansible_distribution == "RedHat" - tags: - - zabbix-web + - install -- name: "RedHat | Install zabbix-web (Zabbix 5.x)" - yum: - pkg: - - zabbix-apache-conf-scl-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }} +- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" + ansible.builtin.yum: + name: + - "zabbix-web-{{ zabbix_server_database }}" state: "{{ zabbix_web_package_state }}" update_cache: true - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_web_package_install until: zabbix_web_package_install is succeeded become: true - when: - - zabbix_version is version('5.0', '>=') - - ansible_distribution_major_version != '9' - - ansible_distribution_major_version != '8' - - zabbix_websrv == 'apache' tags: - - zabbix-web + - install -- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" - yum: - pkg: zabbix-web-{{ zabbix_server_database }}{{ '-scl' if zabbix_version is version('5.0', '>=') and ansible_distribution_major_version|int < 8 else '' }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }} +- name: "RedHat | Install zabbix-web-configuration" + ansible.builtin.yum: + name: + - "zabbix-{{ zabbix_web_http_server }}-conf" state: "{{ zabbix_web_package_state }}" update_cache: true - disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}" - enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}" + disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_web_package_install until: zabbix_web_package_install is succeeded become: true - tags: - - zabbix-web - -- name: RedHat 9 | Install PHP" - package: - name: php - state: "{{ zabbix_php_install_state }}" when: - - zabbix_version is version('6.0', '>=') + - zabbix_web_version is version('6.0', '!=') - ansible_distribution_major_version == '9' - - zabbix_vhost - -- name: "RedHat | Install PHP" - template: - src: php-fpm.conf.j2 - dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf" - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" - mode: 0644 - become: true - when: - - zabbix_vhost - notify: - - restart redhat-php-fpm - -- include_tasks: apache_RedHat.yml - vars: - zabbix_apache_servername: "{{ zabbix_websrv_servername }}" - when: - - zabbix_websrv == 'apache' - -- name: "RedHat | Install Nginx vhost" - template: - src: nginx_vhost.conf.j2 - dest: /etc/nginx/conf.d/zabbix.conf - owner: root - group: root - mode: 0644 - when: - - zabbix_vhost - - zabbix_websrv == 'nginx' - become: true - notify: - - restart nginx tags: - - zabbix-web - - init - - config - - nginx - -- name: "Configure SELinux when enabled" - include_tasks: selinux.yml - when: - - zabbix_selinux | bool + - install diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml deleted file mode 100644 index f02a6ebe4..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: "htpasswd | check Python version to set prefix variable" - set_fact: - zabbix_python_prefix: "python{% if ansible_python_version is version_compare('3', '>=') %}3{% endif %}" - when: - - zabbix_web_htpasswd is defined - - zabbix_web_htpasswd - - zabbix_web_htpasswd_users is defined - -- name: "htpasswd | install passlib for Python interpreter" - package: - name: "{{ zabbix_python_prefix }}-passlib" - state: present - when: - - zabbix_web_htpasswd is defined - - zabbix_web_htpasswd - - zabbix_web_htpasswd_users is defined - -- name: "htpasswd | manage HTTP authentication controls" - community.general.htpasswd: - path: "{{ zabbix_web_htpasswd_file }}" - name: "{{ item.value.htpasswd_user }}" - password: "{{ item.value.htpasswd_pass }}" - group: www-data - state: present - loop_control: - label: "{{ item.value.htpasswd_user }}" - with_dict: "{{ zabbix_web_htpasswd_users }}" - when: - - zabbix_web_htpasswd is defined - - zabbix_web_htpasswd - - zabbix_web_htpasswd_users is defined diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml index f33b9b765..7e55fe3e9 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml @@ -1,6 +1,47 @@ --- +- name: Setting Web Server Facts + ansible.builtin.set_fact: + zabbix_web_user: "{{ zabbix_web_user if zabbix_web_user is defined else _apache_user }}" + zabbix_web_group: "{{ zabbix_web_group if zabbix_web_group is defined else _apache_group }}" + zabbix_web_vhost_location: "{{ zabbix_web_vhost_location if zabbix_web_vhost_location is defined else _apache_vhost_location }}" + tags: + - always + +- name: "Apache | Installing Zabbix Apache Conf" + block: + - name: "Debian | Install zabbix-apache-conf" + ansible.builtin.apt: + pkg: "zabbix-apache-conf" + state: "{{ zabbix_web_package_state }}" + update_cache: true + cache_valid_time: 0 + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true + when: ansible_os_family == "Debian" + + - name: "RedHat | Install zabbix-apache-conf" + ansible.builtin.yum: + name: + - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true + when: ansible_os_family == "RedHat" + tags: + - install + - name: "Apache | Get Apache version" - shell: | + ansible.builtin.shell: | PATH=/usr/sbin:$PATH set -o pipefail apachectl -v | grep 'version' | awk -F '/' '{ print $2 }'| awk '{ print $1 }' | cut -c 1-3 @@ -10,26 +51,37 @@ args: executable: /bin/bash tags: - - zabbix-web + - config - name: "Apache | Set correct apache_version" - set_fact: + ansible.builtin.set_fact: apache_version: "{{ apachectl_version.stdout }}" tags: - - zabbix-web + - config -- name: "Set some" - set_fact: - _zabbix_web_apache_php_addition: true - when: - - zabbix_version is version('4.4', '<=') +- name: "Apache | Install apache vhost" + ansible.builtin.template: + src: apache_vhost.conf.j2 + dest: "{{ zabbix_web_vhost_location }}" + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" + mode: 0644 + when: zabbix_web_create_vhost + become: true + notify: + - restart apache tags: - - zabbix-web + - config -- name: "Set some" - set_fact: - _zabbix_web_apache_php_addition: true - when: - - ansible_os_family == "Debian" +- name: "Apache | Enable Site (Debian Only)" + ansible.builtin.file: + src: "{{ zabbix_web_vhost_location }}" + dest: /etc/apache2/sites-enabled/zabbix.conf + state: link + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" + mode: 0644 + become: true + when: ansible_os_family == "Debian" and zabbix_web_create_vhost tags: - - zabbix-web + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml deleted file mode 100644 index 732feaea9..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -- name: "Debian | Install legacy PHP integration for Apache" - apt: - state: present - update_cache: true - cache_valid_time: 3600 - name: - - libapache2-mod-php - become: true - -- name: "Debian | install apache vhost" - template: - src: apache_vhost.conf.j2 - dest: /etc/apache2/sites-available/zabbix.conf - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" - mode: 0644 - when: zabbix_vhost - become: true - notify: - - restart apache - tags: - - zabbix-web - - init - - config - - apache - -- name: "Debian | Remove provided zabbix.conf files" - file: - path: "{{ item }}" - state: absent - when: zabbix_vhost - become: true - with_items: - - /etc/apache2/conf-available/zabbix.conf - - /etc/apache2/conf-enabled/zabbix.conf - -- name: "Debian | enable apache vhost" - file: - src: /etc/apache2/sites-available/zabbix.conf - dest: /etc/apache2/sites-enabled/zabbix.conf - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" - state: link - when: zabbix_vhost - become: true - notify: - - restart apache - tags: - - zabbix-server - - init - - config - - apache diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml deleted file mode 100644 index 3a271331d..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -- include_tasks: apache.yml - -- name: "RedHat | Install apache vhost" - template: - src: apache_vhost.conf.j2 - dest: /etc/httpd/conf.d/zabbix.conf - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" - mode: 0644 - when: zabbix_vhost - become: true - notify: - - restart apache - tags: - - zabbix-server diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml index fad607b1d..b82d8486b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml @@ -1,103 +1,97 @@ --- -# tasks file for wdijkerman.zabbix-web - - name: "Include OS-specific variables" - include_vars: "{{ ansible_os_family }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" tags: - always - name: Determine Latest Supported Zabbix Version - set_fact: - zabbix_web_version: "{{ zabbix_valid_web_versions[ansible_distribution_major_version][0] | default(6.0) }}" + ansible.builtin.set_fact: + zabbix_web_version: "{{ zabbix_valid_web_versions[ansible_distribution_major_version][0] | default(6.4) }}" when: zabbix_web_version is not defined - -- name: "Include distribution and version-specific vars" - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" tags: - always -- name: "Set some versions" - set_fact: - zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" - zabbix_php_version: "{{ zabbix_php_version if zabbix_php_version is defined else _zabbix_php_version }}" - _zabbix_php_package_prefix: "" +- name: Set More Variables + ansible.builtin.set_fact: + zabbix_valid_version: "{{ zabbix_web_version|float in zabbix_valid_web_versions[ansible_distribution_major_version] }}" + zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}" tags: - always -- name: "Set default PHP-FPM variables" - set_fact: - zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}" - zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _php_fpm_session }}" - zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _php_fpm_listen }}" - when: - - not zabbix_php_fpm - -- name: "Set default PHP-FPM variables specific RH provided" - set_fact: - zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}" - zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _zabbix_php_fpm_session }}" - zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _zabbix_php_fpm_listen }}" - when: - - zabbix_php_fpm - - ansible_os_family == "RedHat" - -- name: "Set websrv specific variables (Apache)" - set_fact: - zabbix_web_conf_web_user: "{{ zabbix_web_conf_web_user if zabbix_web_conf_web_user is defined else _apache_user }}" - zabbix_web_conf_web_group: "{{ zabbix_web_conf_web_group if zabbix_web_conf_web_group is defined else _apache_group }}" - when: - - zabbix_websrv == 'apache' +- name: Stopping Install of Invalid Version + ansible.builtin.fail: + msg: Zabbix version {{ zabbix_web_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }} + when: not zabbix_valid_version + tags: + - always -- include_tasks: nginx.yml - when: - - zabbix_websrv == 'nginx' +- name: Determine PHP Version + ansible.builtin.shell: php --version | head -1 | awk '{ print $2 }' | awk -F '.' '{print $1"."$2}' + register: _zabbix_web_php_installed_version + changed_when: false + tags: + - config + - install -- name: "Install the correct repository" - include_tasks: "RedHat.yml" - when: ansible_os_family == "RedHat" +- name: Set PHP Version + ansible.builtin.set_fact: + zabbix_web_php_installed_version: "{{ _zabbix_web_php_installed_version.stdout }}" tags: - - zabbix-web + - config + - install -- name: "Install the correct repository" - include_tasks: "Debian.yml" - when: ansible_os_family == "Debian" +- name: Set PHP Variables + ansible.builtin.set_fact: + zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _zabbix_php_fpm_listen }}" + zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}" + zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _php_fpm_session }}" tags: - - zabbix-web + - config + - install + +- name: Include OS Specific Tasks + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" + +- name: "Install the web server specific tasks" + ansible.builtin.include_tasks: "{{ zabbix_web_http_server }}.yml" - name: "Create zabbix-web directory" - file: + ansible.builtin.file: path: /etc/zabbix/web - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" state: directory mode: 0755 + become: true tags: - - zabbix-web - - init + - install - config - name: "Configure zabbix-web" - template: + ansible.builtin.template: src: zabbix.conf.php.j2 dest: /etc/zabbix/web/zabbix.conf.php - owner: "{{ zabbix_web_conf_web_user }}" - group: "{{ zabbix_web_conf_web_group }}" + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" mode: "{{ zabbix_web_conf_mode }}" + become: true notify: - - restart apache + - "restart {{ zabbix_web_http_server }}" tags: - - zabbix-web - - init - config -- include_tasks: access.yml +- name: "Debian | Install PHP" + ansible.builtin.template: + src: php-fpm.conf.j2 + dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf" + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" + mode: 0644 + become: true when: - - zabbix_web_htpasswd + - zabbix_web_create_php_fpm + - ansible_os_family == "Debian" + notify: + - restart php-fpm-version tags: - - zabbix-web - - init - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml index 9e4ec41f1..1f50263ca 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml @@ -1,153 +1,59 @@ --- - name: "Nginx | Set websrv specific variables" - set_fact: - zabbix_web_conf_web_user: "{{ zabbix_web_conf_web_user if zabbix_web_conf_web_user is defined else _nginx_user }}" - zabbix_web_conf_web_group: "{{ zabbix_web_conf_web_group if zabbix_web_conf_web_group is defined else _nginx_group }}" - zabbix_nginx_config_path: "{{ zabbix_nginx_config_path if zabbix_nginx_config_path is defined else _nginx_config_path }}" + ansible.builtin.set_fact: + zabbix_web_user: "{{ zabbix_web_user if zabbix_web_user is defined else _nginx_user }}" + zabbix_web_group: "{{ zabbix_web_group if zabbix_web_group is defined else _nginx_group }}" + zabbix_web_vhost_location: "{{ zabbix_web_vhost_location if zabbix_web_vhost_location is defined else _nginx_vhost_location }}" zabbix_nginx_log_path: "{{ zabbix_nginx_log_path if zabbix_nginx_log_path is defined else _nginx_log_path }}" zabbix_nginx_service: "{{ zabbix_nginx_service if zabbix_nginx_service is defined else _nginx_service }}" - zabbix_nginx_tls_crt: "{{ zabbix_nginx_tls_crt if zabbix_nginx_tls_crt is defined else _nginx_tls_crt }}" - zabbix_nginx_tls_key: "{{ zabbix_nginx_tls_key if zabbix_nginx_tls_key is defined else _nginx_tls_key }}" - zabbix_nginx_tls_dhparam: "{{ zabbix_nginx_tls_dhparam if zabbix_nginx_tls_dhparam is defined else _nginx_tls_dhparam }}" - zabbix_apache_service: "{{ zabbix_apache_service if zabbix_apache_service is defined else _apache_service }}" - -- name: "Nginx | Check Apache service if same ports" - command: systemctl status "{{ zabbix_apache_service }}" - failed_when: false - register: zabbix_apache_service_check - changed_when: zabbix_apache_service_check.rc == 0 - check_mode: false - when: - - zabbix_apache_vhost_port == zabbix_nginx_vhost_port - - zabbix_apache_vhost_tls_port == zabbix_nginx_vhost_tls_port - -- name: "Nginx | Stop Apache running on same ports" - service: - name: "{{ zabbix_apache_service }}" - state: stopped - enabled: false tags: - - zabbix-web - when: - - zabbix_apache_vhost_port == zabbix_nginx_vhost_port - - zabbix_apache_vhost_tls_port == zabbix_nginx_vhost_tls_port - - zabbix_apache_service_check.rc == 0 - -- name: "Nginx | Debian | Install Nginx and ssl-cert packages" - # README don't go for HTTP2 with nginx-full yet due to: - # https://support.zabbix.com/browse/ZBXNEXT-4670 - apt: - state: present - name: - - nginx-light - - ssl-cert - when: ansible_os_family == "Debian" - -- name: "Nginx | RedHat | Install Nginx packages" - yum: - state: present - name: - - nginx - when: ansible_os_family == "RedHat" - -- name: "Nginx | Start and enable service" - service: - name: "{{ zabbix_nginx_service }}" - state: started - enabled: true - -- name: "Nginx | Install OpenSSL package for DH parameters" - package: - name: openssl - state: present - -- name: "Nginx | Generate SSL DH parameters" - command: "openssl dhparam -out {{ zabbix_nginx_tls_dhparam }} {{ zabbix_nginx_tls_dhparam_bits | default('2048') }}" - args: - creates: "{{ zabbix_nginx_tls_dhparam }}" - -- name: "Let's Encrypt | check for certificate created by certbot" - stat: - path: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem" - register: zabbix_letsencrypt_cert - failed_when: false - when: zabbix_letsencrypt - -- name: "Let's Encrypt | Create directory for certbot webroot if not exist" - file: - path: "{{ zabbix_letsencrypt_webroot_path }}" - mode: "{{ zabbix_letsencrypt_webroot_mode }}" - state: directory - when: - - zabbix_letsencrypt - become: true + - config + - install + +- name: "Nginx | Installing Zabbix Nginx Conf" + block: + - name: "Debian | Install zabbix-nginx-conf" + ansible.builtin.apt: + pkg: "zabbix-nginx-conf" + state: "{{ zabbix_web_package_state }}" + update_cache: true + cache_valid_time: 0 + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true + when: ansible_os_family == "Debian" + + - name: "RedHat | Install zabbix-nginx-conf" + ansible.builtin.yum: + name: + - "zabbix-nginx-conf" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true + when: ansible_os_family == "RedHat" + tags: + - install - name: "Nginx | Install vhost in conf.d" - template: + ansible.builtin.template: src: nginx_vhost.conf.j2 - dest: "{{ zabbix_nginx_config_path }}/zabbix.conf" - owner: root - group: root + dest: "{{ zabbix_web_vhost_location }}" + owner: "{{ zabbix_web_user }}" + group: "{{ zabbix_web_group }}" mode: 0644 when: - - zabbix_vhost - become: true - notify: - - restart nginx - -- name: "Let's Encrypt | Check if zabbix_websrv_servername is resolvable" - set_fact: - zabbix_websrv_servername_ip: "{{ lookup('dig', 'qtype=A', zabbix_websrv_servername) }}" - changed_when: zabbix_websrv_servername_ip != ansible_default_ipv4.address - register: zabbix_letsencrypt_resolve - when: zabbix_letsencrypt - -- name: "Let's Encrypt | check if certbot CLI is present" - shell: "certbot --version" - register: zabbix_cerbot_check - changed_when: zabbix_cerbot_check.rc != 0 - check_mode: false - when: zabbix_letsencrypt - -- name: "Let's Encrypt | flash all handlers before certbot" - meta: flush_handlers - when: - - zabbix_letsencrypt - - zabbix_letsencrypt_resolve is not changed - - zabbix_cerbot_check.rc == 0 - -- name: "Let's Encrypt | generate certs with certbot CLI" - command: > - certbot --non-interactive certonly --expand - -a webroot --webroot-path={{ zabbix_letsencrypt_webroot_path }} - --email {{ zabbix_letsencrypt_account_email }} --agree-tos - --cert-name {{ zabbix_websrv_servername }} - -d {{ zabbix_websrv_servername }} - args: - creates: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem" - when: - - zabbix_letsencrypt - - zabbix_letsencrypt_resolve is not changed - - zabbix_cerbot_check.rc == 0 - -- name: "Let's Encrypt | Check for certificate created by certbot" - stat: - path: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem" - register: zabbix_letsencrypt_cert - failed_when: false - when: zabbix_letsencrypt - -- name: "Let's Encrypt | Reinstall Nginx vhost" - template: - src: nginx_vhost.conf.j2 - dest: /etc/nginx/conf.d/zabbix.conf - owner: root - group: root - mode: 0644 - when: - - zabbix_letsencrypt - - zabbix_letsencrypt_resolve is not changed - - zabbix_cerbot_check.rc == 0 + - zabbix_web_create_vhost become: true notify: - restart nginx + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml deleted file mode 100644 index 6a2f329b6..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- include_tasks: apache.yml - when: - - zabbix_websrv == 'apache' - -# This obviously needs to have some improvements.. :) - -- name: "Debian | Determine php prefix for packages installations (legacy php5)" - set_fact: - _zabbix_php_package_prefix: 5 - when: - - ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '<') - or ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('9', '<') - -- name: "Debian | Determine php prefix for packages installations (Current distros)" - set_fact: - _zabbix_php_package_prefix: "{{ zabbix_php_version }}" - when: - - ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '>=') or - ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('9', '>=') - - zabbix_version is version_compare('5.0', '>=') - - not _zabbix_web_apache_php_addition - -- name: "Debian | Install php packages" - apt: - state: present - update_cache: true - cache_valid_time: 3600 - name: - - php{{ _zabbix_php_package_prefix }}-{{ zabbix_server_database }} - - php{{ _zabbix_php_package_prefix }}-bcmath - - php{{ _zabbix_php_package_prefix }}-mbstring - - php{{ _zabbix_php_package_prefix }}-ldap - - php{{ _zabbix_php_package_prefix }}-xml - - php{{ _zabbix_php_package_prefix }}-gd - - php{{ _zabbix_php_package_prefix }}-fpm - register: zabbix_web_php_dependency_install - until: zabbix_web_php_dependency_install is succeeded - become: true - tags: - - zabbix-web - - init diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml index df8936eb1..56e2ae05e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml @@ -1,7 +1,6 @@ --- - - name: "SELinux | RedHat | Install related SELinux package" - yum: + ansible.builtin.yum: name: - libsemanage-python state: present @@ -16,10 +15,10 @@ - selinux_allow_zabbix_can_network - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" tags: - - zabbix-web + - install - name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8" - yum: + ansible.builtin.yum: name: - python3-libsemanage state: present @@ -34,7 +33,7 @@ - selinux_allow_zabbix_can_network - ansible_distribution_major_version|int >= 8 tags: - - zabbix-web + - install - name: "SELinux | RedHat | Enable zabbix_can_network SELinux boolean" ansible.posix.seboolean: @@ -46,7 +45,7 @@ - ansible_os_family == "RedHat" - selinux_allow_zabbix_can_network tags: - - zabbix-web + - config - name: "SELinux | Allow httpd to connect to db (SELinux)" ansible.posix.seboolean: @@ -57,7 +56,8 @@ when: - ansible_selinux.status == "enabled" - selinux_allow_zabbix_can_network - tags: selinux + tags: + - config - name: "SELinux | Allow httpd to connect to zabbix (SELinux)" ansible.posix.seboolean: @@ -68,7 +68,8 @@ when: - ansible_selinux.status == "enabled" - selinux_allow_zabbix_can_network - tags: selinux + tags: + - config - name: "SELinux | Allow httpd to connect to ldap (SELinux)" ansible.posix.seboolean: @@ -79,4 +80,5 @@ when: - ansible_selinux.status == "enabled" - zabbix_apache_can_connect_ldap | bool - tags: selinux + tags: + - config diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2 index 4149c43fa..334861d9b 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2 @@ -1,5 +1,5 @@ -<VirtualHost {{ zabbix_apache_vhost_listen_ip }}:{{ zabbix_apache_vhost_port }}> - ServerName {{ zabbix_apache_servername }} +<VirtualHost {{ zabbix_web_vhost_listen_ip }}:{{ zabbix_web_vhost_port }}> + ServerName {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases %} ServerAlias {{ alias }} {% endfor %} @@ -13,7 +13,7 @@ {% endfor %} {% endif %} -{% if zabbix_apache_redirect and zabbix_apache_tls %} +{% if zabbix_web_redirect|default(false) and zabbix_web_tls|default(false) %} RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] @@ -57,50 +57,27 @@ {% endfor %} ## Logging - ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_error.log" + ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_error.log" ServerSignature Off - CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_access.log" combined + CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_access.log" combined ## Rewrite rules RewriteEngine On RewriteRule ^$ /index.php [L] - -{% if _zabbix_web_apache_php_addition | default(false) %} -{% if zabbix_apache_include_custom_fragment | default(true) %} - ## Custom fragment - {% if zabbix_php_fpm %} - ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1 - ProxyTimeout 1800 - {% else %} - php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }} - php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }} - php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }} - php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }} - php_value max_input_time {{ zabbix_web_max_input_time | default('300') }} - - {% if zabbix_version is version('5.0', '>=') %} - php_value max_input_vars {{ zabbix_web_max_input_vars | default('10000') }} - {% endif %} - - # Set correct timezone. - php_value date.timezone {{ zabbix_timezone }} - {% endif %} -{% endif %} -{% endif %} </VirtualHost> {# Set up TLS vhosts #} -{% if zabbix_apache_tls and zabbix_apache_vhost_tls_port %} +{% if zabbix_web_tls and zabbix_web_vhost_tls_port %} -SSLPassPhraseDialog {{ zabbix_apache_SSLPassPhraseDialog }} -SSLSessionCache {{ zabbix_apache_SSLSessionCache }} -SSLSessionCacheTimeout {{ zabbix_apache_SSLSessionCacheTimeout }} +{{ (zabbix_web_SSLPassPhraseDialog is defined and zabbix_web_SSLPassPhraseDialog is not none) | ternary('', '# ') }}SSLPassPhraseDialog {{ zabbix_web_SSLPassPhraseDialog | default('') }} +{{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}SSLSessionCache {{ zabbix_web_SSLSessionCache | default('') }} +{{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}SSLSessionCacheTimeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }} +{{ (zabbix_web_SSLCryptoDevice is defined and zabbix_web_SSLCryptoDevice is not none) | ternary('', '# ') }}SSLCryptoDevice {{ zabbix_web_SSLCryptoDevice | default('') }} SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin -SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }} -<VirtualHost _default_:{{ zabbix_apache_vhost_tls_port }}> - ServerName {{ zabbix_apache_servername }} +<VirtualHost {{ zabbix_web_vhost_listen_ip }}:{{ zabbix_web_vhost_tls_port }}> + ServerName {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases %} ServerAlias {{ alias }} {% endfor %} @@ -115,17 +92,14 @@ SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }} {% endif %} SSLEngine on - SSLCipherSuite {{ apache_ssl_cipher_suite }} - SSLProtocol {{ apache_ssl_protocol }} - SSLHonorCipherOrder On -{% if apache_vhosts_version == "2.4" %} + {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}SSLCipherSuite {{ zabbix_web_ssl_cipher_suite | default('') }} + {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}SSLHonorCipherOrder On +{% if apache_version|string() == '2.4' %} SSLCompression off {% endif %} - SSLCertificateFile {{ zabbix_apache_tls_crt }} - SSLCertificateKeyFile {{ zabbix_apache_tls_key }} -{% if zabbix_apache_tls_chain %} - SSLCertificateChainFile {{ zabbix_apache_tls_chain }} -{% endif %} + SSLCertificateFile {{ zabbix_web_tls_crt }} + SSLCertificateKeyFile {{ zabbix_web_tls_key }} + {{ (zabbix_web_tls_chain is defined and zabbix_web_tls_chain is not none) | ternary('', '# ') }}SSLCertificateChainFile {{ zabbix_web_tls_chain | default('') }} {% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/app', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %} @@ -165,35 +139,13 @@ SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }} {% endfor %} ## Logging - ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_tls_error.log" + ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_tls_error.log" ServerSignature Off - CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_tls_access.log" combined + CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_tls_access.log" combined ## Rewrite rules RewriteEngine On RewriteRule ^$ /index.php [L] -{% if _zabbix_web_apache_php_addition | default(false) %} -{% if zabbix_apache_include_custom_fragment | default(true) %} - ## Custom fragment - {% if zabbix_php_fpm %} - ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1 - ProxyTimeout 1800 - {% else %} - php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }} - php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }} - php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }} - php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }} - php_value max_input_time {{ zabbix_web_max_input_time | default('300') }} - - {% if zabbix_version is version('5.0', '>=') %} - php_value max_input_vars {{ zabbix_web_max_input_vars | default('10000') }} - {% endif %} - - # Set correct timezone. - php_value date.timezone {{ zabbix_timezone }} - {% endif %} -{% endif %} -{% endif %} </VirtualHost> {% endif %} diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 index 49671984c..7854b83ce 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 @@ -1,61 +1,78 @@ # Nginx configuration for Zabbix Web server { -{% if not zabbix_nginx_tls %} - listen {{ zabbix_nginx_vhost_port }}; -{% else %} -{% if zabbix_letsencrypt %} - listen 80; + listen {{ zabbix_web_vhost_port }}; server_tokens off; - server_name {{ zabbix_websrv_servername }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %}; - location ^~ /.well-known/acme-challenge { - root {{ zabbix_letsencrypt_webroot_path | default('/var/www/letsencrypt') }}; - # disables IP restrictions and HTTP auth - allow all; - default_type text/plain; - try_files $uri =404; + server_name {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %}; + + {% if zabbix_web_redirect|default(false) and zabbix_web_tls|default(false) %} + return 301 https://{{ zabbix_api_server_url }}$request_uri; + {% else %} + root /usr/share/zabbix; + + index index.php; + + location = /favicon.ico { + log_not_found off; } - location / { return 301 https://$host:{{ zabbix_nginx_vhost_tls_port }}$request_uri; } -} -server { -{% endif %} - listen {{ zabbix_nginx_vhost_tls_port }} ssl; -{% if zabbix_letsencrypt and zabbix_letsencrypt_cert.stat.exists %} - ssl_certificate /etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ zabbix_websrv_servername }}/privkey.pem; -{% else %} - ssl_certificate {{ zabbix_nginx_tls_crt }}; - ssl_certificate_key {{ zabbix_nginx_tls_key }}; -{% endif %} - ssl_session_timeout {{ zabbix_nginx_tls_session_timeout }}; - ssl_session_cache {{ zabbix_nginx_tls_session_cache }}; - ssl_session_tickets {{ zabbix_nginx_tls_session_tickets }}; - ssl_dhparam {{ zabbix_nginx_tls_dhparam }}; + location / { + try_files $uri $uri/ =404; + } - ssl_protocols {{ zabbix_nginx_tls_protocols }}; - ssl_ciphers {{ zabbix_nginx_tls_ciphers }}; - ssl_prefer_server_ciphers off; + location /assets { + access_log off; + expires 10d; + } -{% endif %} - server_tokens off; - server_name {{ zabbix_websrv_servername }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %}; + location ~ /\.ht { + deny all; + } -{% if zabbix_web_allowlist_ips is defined and zabbix_web_allowlist_ips %} - # Allow list IPs via zabbix_web_allowlist_ips - satisfy any; -{% for ip in zabbix_web_allowlist_ips | ansible.netcommon.ipaddr %} - allow {{ ip }}; -{% endfor %} - deny all; + location ~ /(api\/|conf[^\.]|include|locale) { + deny all; + return 404; + } -{% endif %} -{% if zabbix_web_htpasswd is defined and zabbix_web_htpasswd %} - # HTTP authentication via zabbix_web_htpasswd - auth_basic "Restricted"; - auth_basic_user_file {{ zabbix_web_htpasswd_file }}; + location ~ [^/]\.php(/|$) { + fastcgi_pass unix:{{ zabbix_php_fpm_listen }}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; -{% endif %} + fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; + fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + {% endif %} +} + +{% if zabbix_web_tls|default(false) %} +server { + listen {{ zabbix_web_vhost_tls_port }} ssl; + server_tokens off; + server_name {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %}; + + ssl_certificate {{ zabbix_web_tls_crt }}; + ssl_certificate_key {{ zabbix_web_tls_key }}; + {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}ssl_ciphers {{ zabbix_web_ssl_cipher_suite | default('') }} + {{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}ssl_session_cache {{ zabbix_web_SSLSessionCache | default('') }} + {{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}ssl_session_timeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }} root /usr/share/zabbix; index index.php; @@ -108,3 +125,4 @@ server { fastcgi_temp_file_write_size 256k; } } +{% endif %} diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2 index bf2faef7a..e6b02cc9e 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2 @@ -1,20 +1,14 @@ [zabbix] -user = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }} -group = {{ zabbix_php_fpm_conf_group if zabbix_php_fpm_conf_group is defined else zabbix_web_conf_web_group }} +user = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }} +group = {{ zabbix_php_fpm_conf_group if zabbix_php_fpm_conf_group is defined else zabbix_web_group }} listen = {{ zabbix_php_fpm_listen }} {% if zabbix_php_fpm_conf_listen and ansible_os_family != 'Debian' %} -listen.acl_users = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }} -{% endif %} -{% if zabbix_php_fpm_conf_enable_user is defined %} -listen.owner = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }} -{% endif %} -{% if zabbix_php_fpm_conf_enable_group %} -listen.group = {{ _nginx_group if zabbix_websrv=='nginx' else _apache_group }} -{% endif %} -{% if zabbix_php_fpm_conf_enable_mode %} -listen.mode = {{ zabbix_php_fpm_conf_mode }} +listen.acl_users = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }} {% endif %} +listen.owner = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }} +listen.group = {{ _nginx_group if zabbix_web_http_server=='nginx' else _apache_group }} +listen.mode = 0644 listen.allowed_clients = 127.0.0.1 pm = dynamic diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2 index 880ed36f0..79ff73b15 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2 +++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2 @@ -6,7 +6,7 @@ global $DB, $HISTORY; global $DB; {% endif %} -$DB['TYPE'] = '{{ zabbix_server_database_long | upper() }}'; +$DB['TYPE'] = '{{ zabbix_db_type_long | upper() }}'; $DB['SERVER'] = '{{ zabbix_server_dbhost }}'; $DB['PORT'] = '{{ zabbix_server_dbport }}'; $DB['DATABASE'] = '{{ zabbix_server_dbname }}'; diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml deleted file mode 100644 index 8ed439680..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.2 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml deleted file mode 100644 index 9d28ef9e3..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.4 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml deleted file mode 100644 index b4537abdf..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.3 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml deleted file mode 100644 index 9d28ef9e3..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.4 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml index 9840e6505..7b60c70bd 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml @@ -3,16 +3,20 @@ _apache_user: www-data _apache_group: www-data _apache_log: apache2 _apache_service: apache2 +_apache_vhost_location: /etc/apache2/sites-available/zabbix.conf -_php_fpm_dir: /etc/php/{{ _zabbix_php_version }}/fpm/pool.d +_php_fpm_dir: /etc/php/{{ zabbix_web_php_installed_version }}/fpm/pool.d _php_fpm_session: /tmp -_php_fpm_listen: /run/php/zabbix.sock +_zabbix_php_fpm_listen: /run/php/zabbix.sock _zabbix_php_fpm_mode: "0666" _zabbix_php_fpm_allowed_clients: 127.0.0.1 +_apache_php_dependencies: libapache2-mod-php{{ zabbix_web_php_installed_version }} +_nginx_php_dependencies: [] + _nginx_user: www-data _nginx_group: www-data -_nginx_config_path: /etc/nginx/conf.d +_nginx_vhost_location: /etc/nginx/conf.d/zabbix.conf _nginx_log_path: /var/log/nginx _nginx_service: nginx _nginx_tls_crt: /etc/ssl/certs/ssl-cert-snakeoil.pem @@ -21,27 +25,27 @@ _nginx_tls_dhparam: /etc/ssl/private/dhparams.pem zabbix_valid_web_versions: # Debian + "12": + - 6.4 + - 6.0 "11": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "10": - 6.0 - - 5.0 - - 4.0 - "9": - - 4.0 # Ubuntu "22": - 6.4 + - 6.2 - 6.0 "20": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 "18": - 6.0 - - 5.0 - - 4.0 + +debian_keyring_path: /etc/apt/keyrings/ +zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc" +_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}" diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml deleted file mode 100644 index 5109c4793..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -_php_fpm_dir: /etc/opt/rh/rh-php72/php-fpm.d/ -_php_fpm_session: /var/lib/php/session -_php_fpm_listen: "/run/php-fpm/zabbix.sock" - -_zabbix_php_version: 7.2 -_zabbix_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/ -_zabbix_php_fpm_listen: /var/opt/rh/rh-php72/run/php-fpm/zabbix.sock diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml deleted file mode 100644 index 72022a460..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -_php_fpm_dir: /etc/php-fpm.d -_php_fpm_session: /var/lib/php/session -_php_fpm_listen: "/run/php-fpm/zabbix.sock" - -_zabbix_php_version: 7.4 -_zabbix_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/ -_zabbix_php_fpm_listen: /var/opt/rh/rh-php72/run/php-fpm/zabbix.sock diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml deleted file mode 100644 index bfcca82d3..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -_php_fpm_dir: /etc/php-fpm.d -_php_fpm_session: /var/lib/php/session -_php_fpm_listen: "/run/php-fpm/zabbix.sock" - -_zabbix_php_version: 8.0 -_zabbix_php_fpm_session: /var/lib/php/session -_zabbix_php_fpm_listen: /run/php-fpm/zabbix.sock diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml index 89a950683..785c18c99 100644 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml +++ b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml @@ -3,29 +3,41 @@ _apache_user: apache _apache_group: apache _apache_log: httpd _apache_service: httpd +_apache_vhost_location: /etc/httpd/conf.d/zabbix.conf _php_fpm_dir: /etc/php-fpm.d -_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/ -_php_fpm_listen: /run/php-fpm/zabbix.sock +_php_fpm_session: /var/lib/php/session +_zabbix_php_fpm_listen: /run/php-fpm/zabbix.sock _nginx_user: nginx _nginx_group: nginx -_nginx_config_path: /etc/nginx/conf.d +_nginx_vhost_location: /etc/nginx/conf.d/zabbix.conf _nginx_log_path: /var/log/nginx _nginx_service: nginx -_nginx_tls_crt: /etc/pki/server.crt -_nginx_tls_key: /etc/pki/server.key -_nginx_tls_dhparam: /etc/pki/dhparam-server.pem + +__epel_repo: + - epel zabbix_valid_web_versions: "9": - 6.4 + - 6.2 - 6.0 "8": - 6.4 + - 6.2 - 6.0 - - 5.0 - - 4.0 - "7": - - 5.0 - - 4.0 + +zabbix_web_php_dependencies: + - "php-gd" + - "php-bcmath" + - "php-xml" + - "php-mbstring" + - "php-ldap" + - "php-{{ 'pgsql' if zabbix_server_database == 'pgsql' else 'mysqlnd' }}" + +zabbix_selinux_dependencies: + "9": + - python3-libsemanage + "8": + - python3-libsemanage diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml deleted file mode 100644 index 8ed439680..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.2 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml deleted file mode 100644 index 9d28ef9e3..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 7.4 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml deleted file mode 100644 index 39525f373..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -_zabbix_php_version: 8.1 diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml deleted file mode 100644 index 6de493b2e..000000000 --- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml +++ /dev/null @@ -1,258 +0,0 @@ ---- -sign_keys: - "64": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "62": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "60": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - jammy: - sign_key: E709712C - "54": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "52": - # bullseye: not available upstream - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "50": - bullseye: - sign_key: E709712C - buster: - sign_key: E709712C - jessie: - sign_key: E709712C - stretch: - sign_key: E709712C - focal: - sign_key: E709712C - bionic: - sign_key: E709712C - xenial: - sign_key: E709712C - trusty: - sign_key: E709712C - tricia: - sign_key: E709712C - "44": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "42": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - eoan: - sign_key: A14FE591 - cosmic: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "40": - bullseye: - sign_key: A14FE591 - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - focal: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "34": - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: A14FE591 - bionic: - sign_key: A14FE591 - sonya: - sign_key: A14FE591 - serena: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "32": - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - sonya: - sign_key: 79EA5ED4 - serena: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "30": - buster: - sign_key: A14FE591 - jessie: - sign_key: 79EA5ED4 - stretch: - sign_key: A14FE591 - wheezy: - sign_key: 79EA5ED4 - bionic: - sign_key: A14FE591 - trusty: - sign_key: 79EA5ED4 - xenial: - sign_key: E709712C - "24": - jessie: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - "22": - squeeze: - sign_key: 79EA5ED4 - wheezy: - sign_key: 79EA5ED4 - precise: - sign_key: 79EA5ED4 - trusty: - sign_key: 79EA5ED4 - lucid: - sign_key: 79EA5ED4 - -suse: - "openSUSE Leap": - "42": - name: server:monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ - "openSUSE": - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} - "SLES": - "11": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/ - "12": - name: server_monitoring - url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/ |