diff options
Diffstat (limited to 'ansible_collections/community/zabbix/docs')
7 files changed, 460 insertions, 575 deletions
diff --git a/ansible_collections/community/zabbix/docs/PUBLISHING_TO_GALAXY.md b/ansible_collections/community/zabbix/docs/PUBLISHING_TO_GALAXY.md index 7258bf6c8..7272f1006 100644 --- a/ansible_collections/community/zabbix/docs/PUBLISHING_TO_GALAXY.md +++ b/ansible_collections/community/zabbix/docs/PUBLISHING_TO_GALAXY.md @@ -26,16 +26,19 @@ git push origin X.Y.Z ``` -2. Create new Release pointing to new X.Y.Z tag https://github.com/ansible-collections/community.zabbix/releases +2. All community.* collections are usually published by Zuul, which works by you having to push a tag, and Zuul will build the collection from that tag (with the version in galaxy.yml set to the tag's version) and publish it. It's usually a good idea to take a look at [Zuul](https://ansible.softwarefactory-project.io/zuul/status) when pushing a tag and watch the release process to see whether it succeeds or not (and afterwards check on [Galaxy](https://galaxy.ansible.com/community/zabbix) whether the newest version shows up - note that it can make a few seconds after publishing finished until it actually shows up; that's new with the new Galaxy). -Additional manual steps are required when automatic publish to Ansible Galaxy is not enabled in the repository. This -requires a user who has access to the `community.zabbix` namespace on Ansible Galaxy to publish the build artifact. + If there is an error in building and it seems to be on Zuul side, the best thing is to re-push the tag to trigger the publish step another time. For that, assuming the remote for github.com/ansible-collections/community.zabbix is called upstream, you can do -3. Run the following commands to build and release the new version on Galaxy: - ``` - ansible-galaxy collection build - ansible-galaxy collection publish ./community-zabbix-$VERSION_HERE.tar.gz - ``` + ``` + git push upstream :2.3.0 # to delete the tag + git push --tags upstream # to re-push all tags + ``` + That should delete and re-create the tag, and thus trigger Zuul again to publish the collection. + +3. If still having problems in step 2. then create a post in "Get Help" section of [Ansible forum](https://forum.ansible.com/c/help/6/none) so somebody from admins can take a look and see/fix why new version has not been published to Galaxy (e.g. https://forum.ansible.com/t/access-to-collection/2295/4). + +4. Create new Release pointing to new X.Y.Z tag https://github.com/ansible-collections/community.zabbix/releases + -After the version is published, verify it exists on the [Zabbix Collection Galaxy page](https://galaxy.ansible.com/community/zabbix). diff --git a/ansible_collections/community/zabbix/docs/UPGRADE.md b/ansible_collections/community/zabbix/docs/UPGRADE.md deleted file mode 100644 index 7784f5842..000000000 --- a/ansible_collections/community/zabbix/docs/UPGRADE.md +++ /dev/null @@ -1,194 +0,0 @@ -__Upgrade__ - -Table of content - -- [1.0.0](#100) - * [Roles](#roles) - + [Proxy](#proxy) - + [Java Gateway](#java-gateway) -- [0.2.0](#020) - * [Roles](#roles-1) - + [Agent](#agent) - + [Server](#server) - + [Proxy](#proxy-1) - + [Web](#web) - + [Java Gateway](#java-gateway-1) - -This document provides an overview of all the changes that are needed to be applied to have a correctly working environment per version. If a version is not part of this document, then there are no changes needed to apply. - -## 1.5.0 - -### Roles - -#### Agent - -The following properties are added in the `zabbix_agent` role. - -* `zabbix_api_timeout = 30` -* `zabbix_agent_tls_subject = "{{ zabbix_agent_tlsservercertsubject }}"` -* `zabbix_agent2_server = "{{ zabbix_agent_server }}"` -* `zabbix_agent2_serveractive = "{{ zabbix_agent_serveractive }}"` -* `zabbix_agent2_allow_key = "{{ zabbix_agent_allow_key }}"` -* `zabbix_agent2_deny_key = "{{ zabbix_agent_deny_key }}"` -* `zabbix_agent2_tls_subject = "{{ zabbix_agent2_tlsservercertsubject }}"` - -NOTE: The original properties can still be used but it's suggested to update to -use the new ones. - -The following properties are renamed in the `zabbix_agent` role. - -| From | To | -|-------------------------------|-------------------------------| -| zabbix_url | zabbix_api_server_url | -| zabbix_agent_server_url | zabbix_api_server_url | -| zabbix_http_user | zabbix_api_http_user | -| zabbix_http_password | zabbix_api_http_password | -| zabbix_api_user | zabbix_api_login_user | -| zabbix_api_pass | zabbix_api_login_pass | -| zabbix_validate_certs | zabbix_api_validate_certs | -| zabbix_create_hostgroup | zabbix_agent_hostgroups_state | -| zabbix_macros | zabbix_agent_macros | -| zabbix_inventory_mode | zabbix_agent_inventory_mode | -| zabbix_link_templates | zabbix_agent_link_templates | -| zabbix_proxy | zabbix_agent_proxy | -| zabbix_update_host | zabbix_agent_host_update | -| zabbix_create_host | zabbix_agent_host_state | -| zabbix_visible_hostname | zabbix_agent_visible_hostname | - -NOTE: the old parameters are still valid but it's suggested to update to use the -new ones. - -#### Proxy - -The following properties are added in the `zabbix_proxy` role. - -* `zabbix_api_timeout = 30` -* `zabbix_proxy_tls_subject = "{{ zabbix_proxy_tlsservercertsubject }}"` - -The following properties are renamed in the `zabbix_proxy` role. - -| From | To | -|----------------------------|---------------------------------| -| zabbix_server_host | zabbix_proxy_server | -| zabbix_server_port | zabbix_proxy_serverport | -| zabbix_proxy_localbuffer | zabbix_proxy_proxylocalbuffer | -| zabbix_proxy_offlinebuffer | zabbix_proxy_proxyofflinebuffer | -| zabbix_create_proxy | zabbix_proxy_state | -| zabbix_url | zabbix_api_server_url | -| zabbix_http_user | zabbix_api_http_user | -| zabbix_http_password | zabbix_api_http_password | -| zabbix_api_user | zabbix_api_login_user | -| zabbix_api_pass | zabbix_api_login_pass | -| zabbix_validate_certs | zabbix_api_validate_certs | - -NOTE: the old parameters are still valid but it's suggested to update to use the -new ones. - -## 1.0.0 - -### Roles - -#### Proxy - -The following property is renamed in the `zabbix_proxy` role. - -|From|To| -|----|--| -|`zabbix_version`|`zabbix_proxy_version`| - -NOTE: The `zabbix_version` can still be used, but will be deprecated in later releases. - -#### Java Gateway - -The following properties are renamed in the `zabbix_javagateway` role. - -|From|To| -|----|--| -|`zabbix_version`|`zabbix_javagateway_version`| -|`javagateway_package_state`|`zabbix_javagateway_package_state`| -|`javagateway_pidfile`|`zabbix_javagateway_pidfile`| -|`javagateway_listenip`|`zabbix_javagateway_listenip`| -|`javagateway_listenport`|`zabbix_javagateway_listenport`| -|`javagateway_startpollers`|`zabbix_javagateway_startpollers`| - -NOTE: The `zabbix_version` can still be used, but will be deprecated in later releases. - -## 0.2.0 - -### Roles - -#### Agent - -A 1-on-1 copy of the Ansible role `dj-wasabi.zabbix-agent` to this collection. Due to naming of roles as part of a collection, some characters (Like the `-`) are not allowed anymore. This role is therefore renamed from `zabbix-agent` to `zabbix_agent`. - -Example of using the role in this collection: -```yaml -- hosts: all - roles: - - role: community.zabbix.zabbix_agent - zabbix_agent_server: 192.168.33.30 - zabbix_agent_serveractive: 192.168.33.30 -``` - -#### Server - -A 1-on-1 copy of the Ansible role `dj-wasabi.zabbix-server` to this collection. Due to naming of roles as part of a collection, some characters (Like the `-`) are not allowed anymore. This role is therefore renamed from `zabbix-server` to `zabbix_server`. - -Example of using the role in this collection:: -```yaml -- hosts: zabbix-server - roles: - - role: community.zabbix.zabbix_server - zabbix_server_database: mysql - zabbix_server_database_long: mysql - zabbix_server_dbport: 3306 -``` - -#### Proxy - -A 1-on-1 copy of the Ansible role `dj-wasabi.zabbix-proxy` to this collection. Due to naming of roles as part of a collection, some characters (Like the `-`) are not allowed anymore. This role is therefore renamed from `zabbix-proxy` to `zabbix_proxy`. - -Example of using the role in this collection:: -```yaml -- hosts: zabbix-proxy - roles: - - role: community.zabbix.zabbix_proxy - zabbix_proxy_server: 192.168.1.1 - zabbix_server_database: mysql - zabbix_server_database_long: mysql - zabbix_server_dbport: 3306 -``` - -#### Web - -A 1-on-1 copy of the Ansible role `dj-wasabi.zabbix-web` to this collection. Due to naming of roles as part of a collection, some characters (Like the `-`) are not allowed anymore. This role is therefore renamed from `zabbix-web` to `zabbix_web`. - -Example of using the role in this collection:: -```yaml -- hosts: zabbix-web - become: yes - roles: - - role: geerlingguy.apache - - role: community.zabbix.zabbix_web - zabbix_url: zabbix.mydomain.com - zabbix_server_hostname: zabbix-server - zabbix_server_database: mysql - zabbix_server_database_long: mysql - zabbix_server_dbport: 3306 -``` - -#### Java Gateway - -A 1-on-1 copy of the Ansible role `dj-wasabi.zabbix-javagateway` to this collection. Due to naming of roles as part of a collection, some characters (Like the `-`) are not allowed anymore. This role is therefore renamed from `zabbix-javagateway` to `zabbix_javagateway`. - -Example of using the role in this collection:: -```yaml -- hosts: zabbix-server - roles: - - role: community.zabbix.zabbix_server - zabbix_server_database: mysql - zabbix_server_database_long: mysql - zabbix_server_dbport: 3306 - zabbix_server_javagateway: 192.168.1.1 - - role: community.zabbix.zabbix_javagateway -``` diff --git a/ansible_collections/community/zabbix/docs/ZABBIX_AGENT_ROLE.md b/ansible_collections/community/zabbix/docs/ZABBIX_AGENT_ROLE.md index f3fe06c9d..aa73fab3a 100644 --- a/ansible_collections/community/zabbix/docs/ZABBIX_AGENT_ROLE.md +++ b/ansible_collections/community/zabbix/docs/ZABBIX_AGENT_ROLE.md @@ -44,15 +44,10 @@ This role will work on the following operating systems: * Red Hat - * Fedora * Debian * Ubuntu - * opensuse * Windows (Best effort) - * macOS - -So, you'll need one of those operating systems.. :-) -Please send Pull Requests or suggestions when you want to use this role for other Operating systems. + * macOS (Best effort) ## Ansible 2.10 and higher @@ -62,7 +57,7 @@ With the release of Ansible 2.10, modules have been moved into collections. Wit ansible-galaxy collection install ansible.posix ansible-galaxy collection install community.general ``` -If you are willing to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too: +If you are wanting to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too: ``` ansible-galaxy collection install ansible.netcommon @@ -95,24 +90,18 @@ To successfully complete the install the role requires `python-netaddr` on the c See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | V | V | V | V | V | V | | | V | -| Red Hat Fam 5 | | | V | V | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | V | V | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | V | V | V | V | V | V | V | V | | -| Ubuntu 14.04 trusty | V | V | V | V | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | V | | | -| Debian 9 stretch | V | V | | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | V | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | + # Getting started @@ -124,7 +113,7 @@ In order to get the Zabbix Agent running, you'll have to define the following pr * `zabbix_agent(2)_server` * `zabbix_agent(2)_serveractive` (When using active checks) -The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 4.0`, `zabbix_agent_version: 3.4` or `zabbix_agent_version: 2.2`. +The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 6.0`. The `zabbix_agent(2)_server` (and `zabbix_agent(2)_serveractive`) should contain the ip or fqdn of the host running the Zabbix Server. @@ -140,16 +129,13 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4, 6.2, or 6.0 * `zabbix_agent_version_minor`: When you want to specify a minor version to be installed. Is also used for `zabbix_sender` and `zabbix_get`. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### SElinux @@ -158,7 +144,7 @@ The following is an overview of all available configuration default for this rol ### Zabbix Agent * `zabbix_agent_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. -* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`. +* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`.zabbix_agent_version * `zabbix_agent_listeninterface`: Interface zabbix-agent listens on. Leave blank for all. * `zabbix_agent_package_remove`: If `zabbix_agent2: True` and you want to remove the old installation. Default: `False`. * `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent`. In case for EPEL, it is automatically renamed. @@ -174,7 +160,6 @@ The following is an overview of all available configuration default for this rol * `zabbix_agent_userparameters_scripts_src`: indicates the relative path (from `files/`) where userparameter scripts are searched * `zabbix_agent_runas_user`: Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled. * `zabbix_agent_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. -* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. * `zabbix_agent_apt_priority`: Add a weight (`Pin-Priority`) for the APT repository. * `zabbix_agent_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. * `zabbix_agent_dont_detect_ip`: Default `false`. When set to `true`, it won't detect available ip addresses on the host and no need for the Python module `netaddr` to be installed. @@ -193,6 +178,7 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. * `zabbix_agent(2)_pidfile`: name of pid file. * `zabbix_agent(2)_logfile`: name of log file. * `zabbix_agent(2)_logfilesize`: maximum size of log file in mb. +* `zabbix_agent(2)_additional_include`: A list of additional complete paths to include in configuration * `zabbix_agent(2)_logtype`: Specifies where log messages are written to * `zabbix_agent(2)_debuglevel`: specifies debug level * `zabbix_agent(2)_sourceip`: source ip address for outgoing connections. @@ -261,16 +247,17 @@ These variables need to be overridden when you want to make use of the Zabbix AP Host encryption configuration will be set to match agent configuration. -* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth. -* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth. -* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`. -* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False` * `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com -* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080 -* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS -* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used +* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false` +* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080 * `zabbix_api_login_user`: Username of user which has API access. * `zabbix_api_login_pass`: Password for the user which has API access. +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used. +* `zabbix_api_timeout`: How many seconds to wait for API response (default 30s). +* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`. +* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False` * `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu` * `zabbix_agent_hostgroups_state`: present (Default) if the hostgroup needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_hostgroup` is set to `True`. * `zabbix_host_status`: enabled (Default) when host in monitored, disabled when host is disabled for monitoring. @@ -290,7 +277,7 @@ Host encryption configuration will be set to match agent configuration. **NOTE** -_Supporting Windows is a best effort (I don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ +_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ When `(2)` is used in the name of the property, like `zabbix_agent(2)_win_logfile`, it will show that you can configure `zabbix_agent_win_logfile` for the Zabbix Agent configuration file and `zabbix_agent2_win_logfile` for the Zabbix Agent 2 configuration file. Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. @@ -308,6 +295,10 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2. ## macOS Variables +**NOTE** + +_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._ + * `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_mac_download_link` link. * `zabbix_mac_download_link`: The download url to the `pkg` file. @@ -344,17 +335,6 @@ Keep in mind that using the Zabbix Agent in a Container requires changes to the * `zabbix_agent_docker_volumes`: A list with all directories that needs to be available in the Container. * `zabbix_agent_docker_env`: A dict with all environment variables that needs to be set for the Container. -## FirewallD/Iptables - -* `zabbix_agent_firewall_enable`: If IPtables needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport`. -* `zabbix_agent_firewall_source`: When provided, IPtables will be configuring to only allow traffic from this IP address/range. -* `zabbix_agent_firewalld_enable`: If firewalld needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport` and `zabbix_agent_jmx_listenport` if defined. -* `zabbix_agent_firewalld_source`: When provided, firewalld will be configuring to only allow traffic for IP configured in `zabbix_agent_server`. -* `zabbix_agent_firewalld_zone`: When provided, the firewalld rule will be attached to this zone (only if zabbix_agent_firewalld_enable is set to true). The default behavior is to use the default zone define by the remote host firewalld configuration. -* `zabbix_agent_firewall_action`: Default: `insert`. When to `insert` the rule or to `append` to IPTables. -* `zabbix_agent_firewall_chain`: Default `INPUT`. Which `chain` to add the rule to IPTables. - - ## IPMI variables * `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default. @@ -369,6 +349,17 @@ When the target host does not have access to the internet, but you do have a pro * `zabbix_http_proxy` * `zabbix_https_proxy` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Dependencies There are no dependencies on other roles. @@ -440,10 +431,11 @@ Including an example of how to use your role (for instance, with variables passe - role: community.zabbix.zabbix_agent zabbix_agent_server: 192.168.33.30 zabbix_agent_serveractive: 192.168.33.30 - zabbix_api_server_url: http://zabbix.example.com - zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_server_host: zabbix.example.com zabbix_api_login_user: Admin zabbix_api_login_pass: zabbix + zabbix_api_create_hostgroup: true + zabbix_api_create_hosts: true zabbix_agent_host_state: present zabbix_host_groups: - Linux Servers @@ -465,10 +457,11 @@ You can also use the group_vars or the host_vars files for setting the variables ```yaml zabbix_agent_server: 192.168.33.30 zabbix_agent_serveractive: 192.168.33.30 - zabbix_api_server_url: http://zabbix.example.com - zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0 + zabbix_api_server_host: zabbix.example.com zabbix_api_login_user: Admin zabbix_api_login_pass: zabbix + zabbix_api_create_hostgroup: true + zabbix_api_create_hosts: true zabbix_agent_host_state: present zabbix_host_groups: - Linux Servers diff --git a/ansible_collections/community/zabbix/docs/ZABBIX_JAVAGATEWAY_ROLE.md b/ansible_collections/community/zabbix/docs/ZABBIX_JAVAGATEWAY_ROLE.md index 70427d97c..1761c7f8b 100644 --- a/ansible_collections/community/zabbix/docs/ZABBIX_JAVAGATEWAY_ROLE.md +++ b/ansible_collections/community/zabbix/docs/ZABBIX_JAVAGATEWAY_ROLE.md @@ -29,29 +29,22 @@ This role will work on the following operating systems: * Ubuntu So, you'll need one of those operating systems.. :-) -Please send Pull Requests or suggestions when you want to use this role for other Operating systems. ## Zabbix Versions See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.2 | 5.0 | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----------|-----|-----|-----|-----------|-----------| -| Red Hat Fam 8 | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | | | V | V | V | V | V | -| Red Hat Fam 6 | | | | V | V | | | V | -| Red Hat Fam 5 | | | | V | V | | | V | -| Fedora | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | | | -| Debian 9 stretch | | | | V | V | V | V | | -| Debian 8 jessie | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | V | V | -| macOS 10.15 | | | | | | V | V | | -| macOS 10.14 | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | # Role Variables @@ -61,17 +54,14 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_javagateway_version`: This is the version of zabbix. Default: 5.2. Can be overridden to 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo +The `zabbix_javagateway_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_javagateway_version: 6.0`. * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_javagateway_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_javagateway_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. * `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### Java Gatewaty @@ -106,6 +96,17 @@ or when using the zabbix-proxy: zabbix_proxy_javagateway: 192.168.1.2 ``` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: diff --git a/ansible_collections/community/zabbix/docs/ZABBIX_PROXY_ROLE.md b/ansible_collections/community/zabbix/docs/ZABBIX_PROXY_ROLE.md index 6682f6c18..baec42155 100644 --- a/ansible_collections/community/zabbix/docs/ZABBIX_PROXY_ROLE.md +++ b/ansible_collections/community/zabbix/docs/ZABBIX_PROXY_ROLE.md @@ -77,24 +77,17 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | V | | V | V | V | V | V | | | -| Debian 9 stretch | V | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Red Hat Fam 7 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | V | V | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | V | V | V | # Role Variables @@ -102,104 +95,49 @@ See the following list of supported Operating systems with the Zabbix releases. The following is an overview of all available configuration default for this role. -### Overall Zabbix - -* `zabbix_proxy_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. -* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. - -### SElinux - -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. - ### Zabbix Proxy +* `zabbix_proxy_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_proxy_version: 6.0`. +* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) * `zabbix_proxy_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact. * `zabbix_proxy_server`: The ip or dns name for the zabbix-server machine. -* `zabbix_proxy_serverport`: The port on which the zabbix-server is running. Default: 10051 -* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages * `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client. -* `zabbix_proxy_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. * `zabbix_proxy_manage_service`: Default: `True`. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service. -* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. -* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started.This parameter is supported since Zabbix 4.2.0. -* `zabbix_proxy_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_logtype`: Specifies where log messages are written to: system, file, console. -* `zabbix_proxy_logfile`: Name of log file. -* `zabbix_proxy_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_proxy_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used. * `zabbix_proxy_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_proxy_include`. * `zabbix_proxy_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. -* `zabbix_proxy_statsallowedip`: Default: `127.0.0.1`. Allowed IP foe remote gathering of the ZabbixPorixy internal metrics. -* `zabbix_proxy_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission -* `zabbix_proxy_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. -* `zabbix_proxy_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -* `zabbix_proxy_listenbacklog`: The maximum number of pending connections in the queue. ### Database specific * `zabbix_proxy_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database. * `zabbix_proxy_database`: Default: `mysql`. The type of database used. Can be: `mysql`, `pgsql` or `sqlite3` -* `zabbix_proxy_database_long`: Default: `mysql`. The type of database used, but long name. Can be: `mysql`, `postgresql` or `sqlite3` -* `zabbix_proxy_dbhost`: The hostname on which the database is running. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbhost`: Default: localhost. The hostname on which the database is running. Will be ignored when `sqlite3` is used as database. * `zabbix_proxy_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections) Will be ignored when `sqlite3` is used as database. -* `zabbix_proxy_dbname`: The database name which is used by the Zabbix Proxy. -* `zabbix_proxy_dbuser`: The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. -* `zabbix_proxy_dbpassword`: The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbname`: Default: zabbix_proxy. The database name which is used by the Zabbix Proxy. +* `zabbix_proxy_dbuser`: Default: zabbix_proxy. The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbpassword`: Default: zabbix_proxy. The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. +* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. * `zabbix_proxy_dbport`: The database port which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database. -* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. +* `zabbix_proxy_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. * `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client. Default true -* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. +* `zabbix_proxy_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. * `zabbix_proxy_dbencoding`: Default: `utf8`. The encoding for the MySQL database. * `zabbix_proxy_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database.zabbix_proxy_ -* `zabbix_server_allowunsupporteddbversions`: Allow proxy to work with unsupported database versions. -* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. -### TLS Specific configuration - -These variables are specific for Zabbix 3.0 and higher: - -* `zabbix_proxy_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_proxy_tlsaccept`: What incoming connections to accept. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_proxy_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. -* `zabbix_proxy_tlscrlfile`: Full pathname of a file containing revoked certificates. -* `zabbix_proxy_tlsservercertissuer`: Allowed server certificate issuer. -* `zabbix_proxy_tlsservercertsubject`: Allowed server certificate subject. -* `zabbix_proxy_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. -* `zabbix_proxy_tlskeyfile`: Full pathname of a file containing the agent private key. -* `zabbix_proxy_dbtlsconnect`: Setting this option enforces to use TLS connection to database: - -`required` - connect using TLS -`verify_ca` - connect using TLS and verify certificate -`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate - -On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported. -By default not set to any option and the behaviour depends on database configuration. -This parameter is supported since Zabbix 5.0.0. - -* `zabbix_proxy_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscertfile`: Full pathname of file containing Zabbix Proxy certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscipher`: The list of encryption ciphers that Zabbix Proxy permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0. -* `zabbix_proxy_dbtlscipher13`: The list of encryption ciphersuites that Zabbix Proxy permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0. - -## proxy + +### Yum/APT +* `zabbix_repo_yum`: A list with Yum repository configuration. +* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) +* `zabbix_repo_yum_gpgcheck`: Default: `0`. Should yum perform a GPG check on the repository +* `zabbix_proxy_disable_repo`: A list of repos to disable during install. Default `epel`. +* `zabbix_proxy_apt_priority`: APT priority for the zabbix repository +* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. +### SElinux + +* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. + +## Proxy When the target host does not have access to the internet, but you do have a proxy available then the following properties needs to be set to download the packages via the proxy: @@ -210,9 +148,9 @@ When the target host does not have access to the internet, but you do have a pro With Zabbix Proxy you can make use of 2 different databases: -* `mysql` -* `postgresql` -* `SQLite3` +* MySQL +* PostgreSQL +* SQLite3 In the following paragraphs we dive into both setups. @@ -232,12 +170,12 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: mysql -zabbix_proxy_database_long: mysql zabbix_proxy_dbport: 3306 zabbix_proxy_dbpassword: <SOME_SECRET_STRING> ``` Please generate a value for the `zabbix_proxy_dbpassword` property (Maybe use `ansible-vault` for this). The zabbix-proxy role will create an database and username (With the provided value for the password) in `MySQL`. + 3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Proxy with `MySQL` will be running. #### Separate Setup @@ -249,7 +187,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: mysql -zabbix_proxy_database_long: mysql zabbix_proxy_dbport: 3306 zabbix_proxy_dbhost: mysql-host zabbix_proxy_dbhost_run_install: false @@ -283,7 +220,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: pgsql -zabbix_proxy_database_long: postgresql zabbix_proxy_dbport: 5432 zabbix_proxy_dbpassword: <SOME_SECRET_STRING> ``` @@ -300,7 +236,6 @@ We need to have the following dependencies met: ```yaml zabbix_proxy_database: pgsql -zabbix_proxy_database_long: postgresql zabbix_proxy_dbport: 5432 zabbix_proxy_dbhost: pgsql-host zabbix_proxy_dbhost_run_install: false @@ -326,7 +261,6 @@ The following properties needs to be set when using `SQLite3` as the database: ```yaml zabbix_proxy_database: sqlite3 -zabbix_proxy_database_long: sqlite3 zabbix_proxy_dbname: /path/to/sqlite3.db ``` @@ -336,20 +270,140 @@ NOTE: When using `zabbix_proxy_dbname: zabbix_proxy` (Which is default with this These variables need to be overridden when you want to make use of the Zabbix API for automatically creating and or updating proxies, i.e. when `zabbix_api_create_proxy` is set to `True`. -* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth. -* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth. * `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com -* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080 -* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS -* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used +* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false` +* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080 * `zabbix_api_login_user`: Username of user which has API access. * `zabbix_api_login_pass`: Password for the user which has API access. +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth). +* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used. +* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds) * `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu` * `zabbix_api_create_proxy`: When you want to enable the Zabbix API to create/delete the proxy. This has to be set to `True` if you want to make use of `zabbix_proxy_state`. Default: `False` * `zabbix_proxy_name`: name of the Zabbix proxy as it is seen by Zabbix server * `zabbix_proxy_state`: present (Default) if the proxy needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_proxy` is set to `True`. * `zabbix_proxy_status`: active (Default) if the proxy needs to be active or passive. -* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds) + +## Configuration Variables + +The following table lists all variables that are exposed to modify the configuration of the zabbix_proxy.conf file. Specific details of each variable can be found in the Zabbix documentation. + +**NOTE**: Only variables with a default value appear in the defaults file, all others must be added. + +| Zabbix Name | Variable Name | Default Value |Notes | +|-----------|------------------|--------|--------| +| AllowRoot | zabbix_proxy_allowroot |0| | +| AllowUnsupportedDBVersions | zabbix_proxy_allowunsupporteddbversions |0| | +| CacheSize | zabbix_proxy_cachesize | 8M| | +| ConfigFrequency | zabbix_proxy_configfrequency |3600| | +| DataSenderFrequency | zabbix_proxy_datasenderfrequency |1| | +| DBHost | zabbix_proxy_dbhost | localhost| | +| DBName | zabbix_proxy_dbname | zabbix_proxy| | +| DBPassword | zabbix_proxy_dbpassword | zabbix_proxy| | +| DBSchema | zabbix_proxy_dbschema || | +| DBSocket | zabbix_proxy_dbsocket || | +| DBTLSCAFile | zabbix_proxy_dbtlscafile || | +| DBTLSCertFile | zabbix_proxy_dbtlscertfile || | +| DBTLSCipher | zabbix_proxy_dbtlscipher || | +| DBTLSCipher13 | zabbix_proxy_dbtlscipher13 || | +| DBTLSConnect | zabbix_proxy_dbtlsconnect || | +| DBTLSKeyFile | zabbix_proxy_dbtlskeyfile || | +| DBUser | zabbix_proxy_dbuser | zabbix_proxy| | +| DebugLevel | zabbix_proxy_debuglevel |3| | +| EnableRemoteCommands | zabbix_proxy_enableremotecommands |0| | +| ExternalScripts | zabbix_proxy_externalscripts | /usr/lib/zabbix/externalscripts| | +| Fping6Location | zabbix_proxy_fping6location | OS Specific Value | | +| FpingLocation | zabbix_proxy_fpinglocation | OS Specific Value | | +| HeartbeatFrequency | zabbix_proxy_heartbeatfrequency |60| Version 6.2 or Lower| +| HistoryCacheSize | zabbix_proxy_historycachesize | 8M| | +| HistoryIndexCacheSize | zabbix_proxy_historyindexcachesize | 4M| | +| Hostname | zabbix_proxy_hostname | "{{ inventory_hostname }}"| | +| HostnameItem | zabbix_proxy_hostnameitem || | +| HousekeepingFrequency | zabbix_proxy_housekeepingfrequency |1| | +| Include | zabbix_proxy_include | /etc/zabbix/zabbix_proxy.conf.d| | +| JavaGateway | zabbix_proxy_javagateway || | +| JavaGatewayPort | zabbix_proxy_javagatewayport |10052| | +| ListenBacklog | zabbix_proxy_listenbacklog || | +| ListenIP | zabbix_proxy_listenip || | +| ListenPort | zabbix_proxy_listenport |10051| | +| LoadModule | zabbix_proxy_loadmodule || | +| LoadModulePath | zabbix_proxy_loadmodulepath | /usr/lib/zabbix/modules| | +| LogFile | zabbix_proxy_logfile | /var/log/zabbix/zabbix_proxy.log| | +| LogFileSize | zabbix_proxy_logfilesize |10| | +| LogRemoteCommands | zabbix_proxy_logremotecommands || | +| LogSlowQueries | zabbix_proxy_logslowqueries || | +| LogType | zabbix_proxy_logtype | file| | +| PidFile | zabbix_proxy_pidfile | /var/run/zabbix/zabbix_proxy.pid| | +| ProxyLocalBuffer | zabbix_proxy_proxylocalbuffer |0| | +| ProxyMode | zabbix_proxy_proxymode || | +| ProxyOfflineBuffer | zabbix_proxy_proxyofflinebuffer |1| | +| Server | zabbix_proxy_server | 192.168.1.1| | +| SNMPTrapperFile | zabbix_proxy_snmptrapperfile | /tmp/zabbix_traps.tmp| | +| SocketDir | zabbix_proxy_socketdir | /var/run/zabbix| | +| SourceIP | zabbix_proxy_sourceip || | +| SSHKeyLocation | zabbix_proxy_sshkeylocation || | +| SSLCALocation | zabbix_proxy_sslcalocation || | +| SSLCertLocation | zabbix_proxy_sslcertlocation || | +| SSLKeyLocation | zabbix_proxy_sslkeylocation || | +| StartDBSyncers | zabbix_proxy_startdbsyncers |4| | +| StartDiscoverers | zabbix_proxy_startdiscoverers |1| | +| StartHTTPPollers | zabbix_proxy_starthttppollers |1| | +| StartIPMIPollers | zabbix_proxy_startipmipollers |0| | +| StartJavaPollers | zabbix_proxy_startjavapollers || | +| StartODBCPollers | zabbix_proxy_startodbcpollers |1| | +| StartPingers | zabbix_proxy_startpingers |1| | +| StartPollers | zabbix_proxy_startpollers |5| | +| StartPollersUnreachable | zabbix_proxy_startpollersunreachable |1| | +| StartPreprocessors | zabbix_proxy_startpreprocessors |3| | +| StartSNMPTrapper | zabbix_proxy_startsnmptrapper || | +| StartTrappers | zabbix_proxy_starttrappers |5| | +| StartVMwareCollectors | zabbix_proxy_startvmwarecollectors || | +| StatsAllowedIP | zabbix_proxy_statsallowedip | "127.0.0.1"| | +| Timeout | zabbix_proxy_timeout |3| | +| TLSAccept | zabbix_proxy_tlsaccept || | +| TLSCAFile | zabbix_proxy_tlscafile || | +| TLSCertFile | zabbix_proxy_tlscertfile || | +| TLSCipherAll | zabbix_proxy_tlscipherall || | +| TLSCipherAll13 | zabbix_proxy_tlscipherall13 || | +| TLSCipherCert | zabbix_proxy_tlsciphercert || | +| TLSCipherCert13 | zabbix_proxy_tlsciphercert13 || | +| TLSCipherPSK | zabbix_proxy_tlscipherpsk || | +| TLSCipherPSK13 | zabbix_proxy_tlscipherpsk13 || | +| TLSConnect | zabbix_proxy_tlsconnect || | +| TLSCRLFile | zabbix_proxy_tlscrlfile || | +| TLSKeyFile | zabbix_proxy_tlskeyfile || | +| TLSPSKFile | zabbix_proxy_tlspskfile || | +| TLSPSKIdentity | zabbix_proxy_tlspskidentity || | +| TLSServerCertIssuer | zabbix_proxy_tlsservercertissuer || | +| TLSServerCertSubject | zabbix_proxy_tlsservercertsubject || | +| TmpDir | zabbix_proxy_tmpdir | /tmp| | +| TrapperTimeout | zabbix_proxy_trappertimeout |300| | +| UnavailableDelay | zabbix_proxy_unavailabledelay || | +| UnreachableDelay | zabbix_proxy_unreachabledelay || | +| UnreachablePeriod | zabbix_proxy_unreachableperiod |45| | +| User | zabbix_proxy_user || | +| Vault | zabbix_proxy_vault || Version 6.2 or Greater | +| VaultDBPath | zabbix_proxy_vaultdbpath || | +| VaultTLSCertFile | zabbix_proxy_vaulttlscertfile || Version 6.2 or Greater | +| VaultTLSKeyFile | zabbix_proxy_vaulttlskeyfile || Version 6.2 or Greater | +| VaultToken | zabbix_proxy_vaulttoken || | +| VaultURL | zabbix_proxy_vaulturl |https://127.0.0.1:8200| | +| VMwareCacheSize | zabbix_proxy_vmwarecachesize | 8M| | +| VMwareFrequency | zabbix_proxy_vmwarefrequency |60| | +| VMwarePerfFrequency | zabbix_proxy_vmwareperffrequency | | | +| VMwareTimeout | zabbix_proxy_vmwaretimeout | | | + +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. # Example Playbook @@ -361,7 +415,6 @@ Including an example of how to use your role (for instance, with variables passe - role: community.zabbix.zabbix_proxy zabbix_proxy_server: 192.168.1.1 zabbix_proxy_database: mysql - zabbix_proxy_database_long: mysql ``` # Molecule @@ -385,3 +438,4 @@ See LICENCE to see the full text. Please send suggestion or pull requests to make this role better. Also let us know if you encounter any issues installing or using this role. Github: https://github.com/ansible-collections/community.zabbix + diff --git a/ansible_collections/community/zabbix/docs/ZABBIX_SERVER_ROLE.md b/ansible_collections/community/zabbix/docs/ZABBIX_SERVER_ROLE.md index 4643fbc3f..f154f4951 100644 --- a/ansible_collections/community/zabbix/docs/ZABBIX_SERVER_ROLE.md +++ b/ansible_collections/community/zabbix/docs/ZABBIX_SERVER_ROLE.md @@ -75,26 +75,16 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | | | | | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | | | V | V | V | V | V | | | -| Debian 9 stretch | | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | - -See https://support.zabbix.com/browse/ZBX-18790 why RHEL7 is not supported anymore. +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | | | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | | | V | # Installation @@ -110,112 +100,48 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_server_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_server_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_server_version: 6.0`. * `zabbix_server_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. +* `zabbix_server_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_service_state`: Default: `started`. Can be overridden to stopped if needed * `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### SElinux -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. * `selinux_allow_zabbix_can_network`: Default: `False`. * `selinux_allow_zabbix_can_http`: Default: `False`. ### Zabbix Server * `zabbix_server_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. -* `zabbix_server_listenport`: Default: `10051`. On which port the Zabbix Server is available. * `zabbix_server_install_recommends`: Default: `True`. `False` does not install the recommended packages that come with the zabbix-server install. * `zabbix_server_manage_service`: Default: `True`. When you run multiple Zabbix servers in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-server service, because Pacemaker is in control of zabbix-server service and in this case, it needs to be set to `False`. -* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started. This parameter is supported since Zabbix 4.2.0. -* `zabbix_server_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used. -* `zabbix_server_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used. * `zabbix_server_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_server_include`. * `zabbix_server_conf_mode`: Default: `0640`. The "mode" for the Zabbix configuration file. -* `zabbix_server_listenbacklog`: The maximum number of pending connections in the queue. -* `zabbix_server_trendcachesize`: Size of trend cache, in bytes. -* `zabbix_server_trendfunctioncachesize`: Size of trend function cache, in bytes. -* `zabbix_server_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission -* `zabbix_server_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. -* `zabbix_server_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -* `zabbix_server_startreportwriters`: Number of pre-forked report writer instances. -* `zabbix_server_webserviceurl`: URL to Zabbix web service, used to perform web related tasks. -* `zabbix_server_servicemanagersyncfrequency`: How often Zabbix will synchronize configuration of a service manager (in seconds). -* `zabbix_server_problemhousekeepingfrequency`: How often Zabbix will delete problems for deleted triggers (in seconds). -* `zabbix_server_connectors`: Number of pre-forked instances of preprocessing workers. - -### High Availability - -These variables are specific for Zabbix 6.0 and higher: - -* `zabbix_server_hanodename`: The high availability cluster node name. When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. (Default: empty) -* `zabbix_server_nodeaddress`: IP or hostname with optional port to specify how frontend should connect to the server. ### Database specific * `zabbix_server_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database. * `zabbix_server_database`: Default: `pgsql`. The type of database used. Can be: `mysql` or `pgsql` -* `zabbix_server_database_long`: Default: `postgresql`. The type of database used, but long name. Can be: `mysql` or `postgresql` * `zabbix_server_dbhost`: The hostname on which the database is running. * `zabbix_server_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections) * `zabbix_server_dbname`: The database name which is used by the Zabbix Server. * `zabbix_server_dbuser`: The database username which is used by the Zabbix Server. * `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server. +* `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. * `zabbix_server_dbport`: The database port which is used by the Zabbix Server. * `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`. -* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. +* `zabbix_server_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False. * `zabbix_server_install_database_client`: Default: `True`. False does not install database client. Default true -* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. -* `zabbix_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database). +* `zabbix_server_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. +* `zabbix_server_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database). * `zabbix_server_dbencoding`: Default: `utf8`. The encoding for the MySQL database. * `zabbix_server_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database. -* `zabbix_server_allowunsupporteddbversions`: Allow server to work with unsupported database versions. - -### TLS Specific configuration - -These variables are specific for Zabbix 3.0 and higher: - -* `zabbix_server_tlsconnect`: How the agent should connect to server or proxy. Used for active checks. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_server_tlsaccept`: What incoming connections to accept. - Possible values: - * unencrypted - * psk - * cert -* `zabbix_server_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. -* `zabbix_server_tlscrlfile`: Full pathname of a file containing revoked certificates. -* `zabbix_server_tlsservercertissuer`: Allowed server certificate issuer. -* `zabbix_server_tlsservercertsubject`: Allowed server certificate subject. -* `zabbix_server_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. -* `zabbix_server_tlskeyfile`: Full pathname of a file containing the agent private key. -* `zabbix_server_dbtlsconnect`: Setting this option enforces to use TLS connection to database: - -`required` - connect using TLS -`verify_ca` - connect using TLS and verify certificate -`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate - -On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported. -By default not set to any option and the behaviour depends on database configuration. -This parameter is supported since Zabbix 5.0.0. - -* `zabbix_server_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscertfile`: Full pathname of file containing Zabbix server certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscipher`: The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0. -* `zabbix_server_dbtlscipher13`: The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0. ### Custom Zabbix Scripts @@ -350,6 +276,135 @@ The `zabbix_server_privileged_host` can be set to the hostname/ip of the host ru 3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Server with `PgSQL` on a different host will be running. +## Configuration Variables + +The following table lists all variables that are exposed to modify the configuration of the zabbix_server.conf file. Specific details of each variable can be found in the Zabbix documentation. + +**NOTE**: Only variables with a default value appear in the defaults file, all others must be added. + +| Zabbix Name | Variable Name | Default Value |Notes | +|-----------|------------------|--------|--------| +|AlertScriptsPath | zabbix_server_alertscriptspath | /usr/lib/zabbix/alertscripts | | +|AllowRoot | zabbix_server_allowroot | 0 | | +|AllowUnsupportedDBVersions | zabbix_server_allowunsupporteddbversions |0 | | +|CacheSize | zabbix_server_cachesize | | | +|CacheUpdateFrequency | zabbix_server_cacheupdatefrequency | | | +|DBHost | zabbix_server_dbhost | localhost | | +|DBName | zabbix_server_dbname | zabbix-server | | +|DBPassword | zabbix_server_dbpassword | zabbix-server | | +|DBPort | zabbix_server_dbport | 5432 | | +|DBSchema | zabbix_server_dbschema | | | +|DBSocket | zabbix_server_dbsocket | | | +|DBTLSCAFile | zabbix_server_dbtlscafile | | | +|DBTLSCertFile | zabbix_server_dbtlscertfile | | | +|DBTLSCipher | zabbix_server_dbtlscipher | | | +|DBTLSCipher13 | zabbix_server_dbtlscipher13 | | | +|DBTLSConnect | zabbix_server_dbtlsconnect | | | +|DBTLSKeyFile | zabbix_server_dbtlskeyfile | | | +|DBUser | zabbix_server_dbuser | zabbix-server | | +|DebugLevel | zabbix_server_debuglevel | 3 | | +|ExportDir | zabbix_server_exportdir | | | +|ExportFileSize | zabbix_server_exportfilesize | 1G | | +|ExportType | zabbix_server_exporttype | | | +|ExternalScripts | zabbix_server_externalscriptspath | /usr/lib/zabbix/externalscripts | | +|Fping6Location | zabbix_server_fping6location | OS Specific Value | | +|FpingLocation | zabbix_server_fpinglocation | OS Specific Value | | +|HANodeName | zabbix_server_hanodename | | | +|HistoryCacheSize | zabbix_server_historycachesize | | | +|HistoryIndexCacheSize | zabbix_server_historyindexcachesize | | | +|HistoryStorageDateIndex | zabbix_server_historystoragedateindex | 0 | | +|HistoryStorageTypes | zabbix_server_historystoragetypes | uint,dbl,str,log,text | | +|HistoryStorageURL | zabbix_server_historystorageurl | | | +|HousekeepingFrequency | zabbix_server_housekeepingfrequency | 1 | | +|Include | zabbix_server_include | /etc/zabbix/zabbix_server.conf.d | | +|JavaGateway | zabbix_server_javagateway | | | +|JavaGatewayPort | zabbix_server_javagatewayport | 10052 | | +|ListenBacklog | zabbix_server_listenbacklog | | | +|ListenIP | zabbix_server_listenip | | | +|ListenPort | zabbix_server_listenport | 10051 | | +|LoadModule | zabbix_server_loadmodule | | | +|LoadModulePath | zabbix_server_loadmodulepath | ${libdir}/modules | | +|LogFile | zabbix_server_logfile | /var/log/zabbix/zabbix_server.log | | +|LogFileSize | zabbix_server_logfilesize | 10 | | +|LogSlowQueries | zabbix_server_logslowqueries | 0 | | +|LogType | zabbix_server_logtype | file | | +|MaxHousekeeperDelete | zabbix_server_maxhousekeeperdelete | 500 | | +|NodeAddress | zabbix_server_nodeaddress | | | +|PidFile | zabbix_server_pidfile | /var/run/zabbix/zabbix_server.pid | | +|ProxyConfigFrequency | zabbix_server_proxyconfigfrequency | | | +|ProxyDataFrequency | zabbix_server_proxydatafrequency | 1 | | +|SNMPTrapperFile | zabbix_server_snmptrapperfile | | | +|SocketDir | zabbix_server_socketdir | /var/run/zabbix | | +|SourceIP | zabbix_server_sourceip | | | +|SSHKeyLocation | zabbix_server_sshkeylocation | | | +|SSLCALocation | zabbix_server_sslcalocation | | | +|SSLCertLocation | zabbix_server_sslcertlocation | ${datadir}/zabbix/ssl/certs | | +|SSLKeyLocation | zabbix_server_sslkeylocation | ${datadir}/zabbix/ssl/keys | | +|StartAlerters | zabbix_server_startalerters | | | +|StartConnectors | zabbix_server_connectors | | Version 6.4 or later | +|StartDBSyncers | zabbix_server_startdbsyncers | 4 | | +|StartDiscoverers | zabbix_server_startdiscoverers | 1 | | +|StartEscalators | zabbix_server_startescalators | 1 | | +|StartHistoryPollers | zabbix_server_starthistorypollers | | | +|StartHTTPPollers | zabbix_server_starthttppollers | 1 | | +|StartIPMIPollers | zabbix_server_startipmipollers | 0 | | +|StartJavaPollers | zabbix_server_startjavapollers | 0 | | +|StartLLDProcessors | zabbix_server_startlldprocessors | | | +|StartODBCPollers | zabbix_server_startodbcpollers | | | +|StartPingers | zabbix_server_startpingers | 1 | | +|StartPollers | zabbix_server_startpollers | 5 | | +|StartPollersUnreachable | zabbix_server_startpollersunreachable | 1 | | +|StartPreprocessors | zabbix_server_startpreprocessors | | | +|StartProxyPollers | zabbix_server_startproxypollers | | | +|StartReportWriters | zabbix_server_startreportwriters | 0 | | +|StartSNMPTrapper | zabbix_server_startsnmptrapper | 0 | | +|StartTimers | zabbix_server_starttimers | 1 | | +|StartTrappers | zabbix_server_starttrappers | 5 | | +|StartVMwareCollectors | zabbix_server_startvmwarecollectors | 0 | | +|StasAllowedIP | zabbix_server_statsallowedip | | | +|Timeout | zabbix_server_timeout | 3 | | +|TLSCAFile | zabbix_server_tlscafile | | | +|TLSCertFile | zabbix_server_tlscertfile | | | +|TLSCipherAll | zabbix_server_tlscipherall | | | +|TLSCipherAll13 | zabbix_server_tlscipherall13 | | | +|TLSCipherCert | zabbix_server_tlsciphercert | | | +|TLSCipherCert13 | zabbix_server_tlsciphercert13 | | | +|TLSCipherPSK | zabbix_server_tlscipherpsk | | | +|TLSCipherPSK13 | zabbix_server_tlscipherpsk13 | | | +|TLSCRLFile | zabbix_server_tlscrlfile | | | +|TLSKeyFile | zabbix_server_tlskeyfile | | | +|TmpDir | zabbix_server_tmpdir | /tmp | | +|TrapperTimeout | zabbix_server_trappertimeout | 300 | | +|TrendCacheSize | zabbix_server_trendcachesize | | | +|TrendFunctionCacheSize | zabbix_server_trendfunctioncachesize | | | +|UnavailableDelay | zabbix_server_unavailabledelay | 60 | | +|UnreachableDelay | zabbix_server_unreachabledelay | 15 | | +|UnreachablePeriod | zabbix_server_unreachableperiod | 45 | | +|User | zabbix_server_user | zabbix | | +|ValueCacheSize | zabbix_server_valuecachesize | | | +|Vault | zabbix_server_vault | | Version 6.2 or later | +|VaultDBPath | zabbix_server_vaultdbpath | | | +|VaultTLSKeyFile | zabbix_server_vaulttlskeyfile | | Version 6.2 or later | +|VaultTLSCertFile | zabbix_server_vaulttlscertfile | | Version 6.2 or later | +|VaultToken | zabbix_server_vaulttoken | | | +|VaultURL | zabbix_server_vaulturl | https://127.0.0.1:8200 | | +|VMwareCacheSize | zabbix_server_vmwarecachesize | | | +|VMwareFrequency | zabbix_server_vmwarefrequency | 60 | | +|VMwarePerfFrequency | zabbix_server_vmwareperffrequency | 60 | | +|VMwareTimeout | zabbix_server_vmwaretimeout | 10 | | +|WebServiceURL | zabbix_server_webserviceurl | | | + +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: diff --git a/ansible_collections/community/zabbix/docs/ZABBIX_WEB_ROLE.md b/ansible_collections/community/zabbix/docs/ZABBIX_WEB_ROLE.md index cef5d62e7..5904f8288 100644 --- a/ansible_collections/community/zabbix/docs/ZABBIX_WEB_ROLE.md +++ b/ansible_collections/community/zabbix/docs/ZABBIX_WEB_ROLE.md @@ -43,7 +43,7 @@ Please send Pull Requests or suggestions when you want to use this role for othe ## Ansible 2.10 and higher -With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. The `community.general` collection is required when defining the `zabbix_web_htpasswd` variable (see variable section below). Installing the collections: +With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. Installing the collections: ```sh ansible-galaxy collection install ansible.posix @@ -54,25 +54,16 @@ ansible-galaxy collection install community.general See the following list of supported Operating Systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) | -|---------------------|-----|-----|-----------|-----|-----|------------|-----|-----------|-----------| -| Red Hat Fam 9 | V | V | V | | | | | | | -| Red Hat Fam 8 | V | V | V | V | V | V | V | | | -| Red Hat Fam 7 | | V | V | V | V | V | V | V | V | -| Red Hat Fam 6 | | | | | V | V | | | V | -| Red Hat Fam 5 | | | | | V | V | | | V | -| Fedora | | | | | | | V | V | | -| Ubuntu 22.04 jammy | V | V | V | | | | | | | -| Ubuntu 20.04 focal | V | V | V | V | V | V | V | | | -| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | | -| Ubuntu 16.04 xenial | | | | | V | V | V | V | | -| Ubuntu 14.04 trusty | | | | | V | V | V | V | V | -| Debian 10 buster | V | V | V | V | V | V | V | | | -| Debian 9 stretch | | | V | V | V | V | V | V | | -| Debian 8 jessie | | | | | V | V | V | V | V | -| Debian 7 wheezy | | | | | | | | V | V | -| macOS 10.15 | | | | | | | V | V | | -| macOS 10.14 | | | | | | | V | V | | +| Zabbix | 6.4 | 6.2 | 6.0 | +|---------------------|-----|-----|-----| +| Red Hat Fam 9 | V | V | V | +| Red Hat Fam 8 | V | V | V | +| Ubuntu 22.04 jammy | V | V | V | +| Ubuntu 20.04 focal | V | V | V | +| Ubuntu 18.04 bionic | | | V | +| Debian 12 bookworm | V | | V | +| Debian 11 bullseye | V | V | V | +| Debian 10 buster | | | V | # Installation @@ -93,107 +84,77 @@ The following is an overview of all available configuration defaults for this ro ### Overall Zabbix -* `zabbix_web_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility. +* `zabbix_web_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_web_version: 6.0`. * `zabbix_web_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo`: Default: `zabbix` - * `epel`: install agent from EPEL repo - * `zabbix`: (default) install agent from Zabbix repo - * `other`: install agent from pre-existing or other repo * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) -* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`. -* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages. - +* `zabbix_web_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_web_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. -* `zabbix_web_centos_release`: Default: True. When the `centos-release-scl` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`. -* `zabbix_web_rhel_release`: Default: True. When the `scl-utils` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`. * `zabbix_web_doubleprecision`: Default: `False`. For upgraded installations, please read database [upgrade notes](https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500) (Paragraph "Enabling extended range of numeric (float) values") before enabling this option. * `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. ### Zabbix Web specific * `zabbix_api_server_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook" +* `zabbix_web_http_server`: Which web server is in use. Valid values are 'apache' and 'nginx'. Default is `apache` * `zabbix_url_aliases`: A list with Aliases for the Apache Virtual Host configuration. * `zabbix_timezone`: Default: `Europe/Amsterdam`. This is the timezone. The Apache Virtual Host needs this parameter. -* `zabbix_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False. +* `zabbix_web_create_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False. +* `zabbix_web_create_php_fpm`: Configure php-fpm (Debian hosts only). Default is to use the same value as `zabbix_web_create_vhost`. * `zabbix_web_env`: (Optional) A Dictionary of PHP Environments settings. -* `zabbix_web_conf_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). -* `zabbix_web_conf_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). -* `zabbix_web_htpasswd`: (Optional) Allow HTTP authentication at the webserver level via a htpasswd file. -* `zabbix_web_htpasswd_file`: Default: `/etc/zabbix/web/htpasswd`. Allows the change the default path to the htpasswd file. -* `zabbix_web_htpasswd_users`: (Optional) Dictionary for creating users via `htpasswd_user` and passphrases via `htpasswd_pass` in htpasswd file. -* `zabbix_web_allowlist_ips`: (Optional) Allow web access at webserver level to a list of defined IPs or CIDR. +* `zabbix_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). +* `zabbix_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`). * `zabbix_web_connect_ha_backend`: (Optional) Default: `false`. When set to `true` values for Zabbix server will not be written and frontend gets values from database to connect to active cluster node. Set `true` when operating Zabbix servers in a cluste (only >=6.0). * `zabbix_saml_idp_crt`: (Optional) The path to the certificate of the Identity Provider used for SAML authentication * `zabbix_saml_sp_crt`: (Optional) The path to the public certificate of Zabbix as Service Provider * `zabbix_saml_sp_key`: (Optional) The path to the private certificate of Zabbix as Service Provider -#### Apache configuration +#### Apache/Nginx Configuration -* `zabbix_apache_vhost_port`: The port on which Zabbix HTTP vhost is running. -* `zabbix_apache_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. -* `zabbix_apache_vhost_listen_ip`: On which interface the Apache Virtual Host is available. +* `zabbix_web_vhost_port`: The port on which Zabbix HTTP vhost is running. +* `zabbix_web_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. +* `zabbix_web_vhost_listen_ip`: On which interface the Apache Virtual Host is available. * `zabbix_apache_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP. -* `zabbix_php_install`: Default: `true`. True / False. Switch for extra install of packages for PHP, currently on for Debian/Ubuntu. -* `zabbix_web_max_execution_time`: -* `zabbix_web_memory_limit`: -* `zabbix_web_post_max_size`: -* `zabbix_web_upload_max_filesize`: +* `zabbix_web_max_execution_time`: PHP max execution time +* `zabbix_web_memory_limit`: PHP memory limit +* `zabbix_web_post_max_size`: PHP maximum post size +* `zabbix_web_upload_max_filesize`: PHP maximum file size * `zabbix_web_max_input_time`: -* `zabbix_apache_include_custom_fragment`: Default: `true`. Includes php_value vars max_execution_time, memory_limit, post_max_size, upload_max_filesize, max_input_time and date.timezone in vhost file.. place those in php-fpm configuration. -* `zabbix_apache_tls`: If the Apache vhost should be configured with TLS encryption or not. -* `zabbix_apache_redirect`: If a redirect should take place from HTTP to HTTPS -* `zabbix_apache_tls_crt`: The path to the TLS certificate file. -* `zabbix_apache_tls_key`: The path to the TLS key file. -* `zabbix_apache_tls_chain`: The path to the TLS certificate chain file. -* `zabbix_apache_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys. -* `zabbix_apache_SSLSessionCache`: Type of the global/inter-process SSL Session Cache -* `zabbix_apache_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache -* `zabbix_apache_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator +* `zabbix_web_tls`: If the Apache vhost should be configured with TLS encryption or not. +* `zabbix_web_redirect`: If a redirect should take place from HTTP to HTTPS +* `zabbix_web_tls_crt`: The path to the TLS certificate file. +* `zabbix_web_tls_key`: The path to the TLS key file. +* `zabbix_web_tls_chain`: The path to the TLS certificate chain file. +* `zabbix_web_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys. +* `zabbix_web_SSLSessionCache`: Type of the global/inter-process SSL Session Cache +* `zabbix_web_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache +* `zabbix_web_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator * `zabbix_apache_custom_includes`: Configure custom includes. Default: `[]` -When `zabbix_apache_tls_crt`, `zabbix_apache_tls_key` and/or `zabbix_apache_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. +When `zabbix_web_tls_crt`, `zabbix_web_tls_key` and/or `zabbix_web_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. See https://httpd.apache.org/docs/current/mod/mod_ssl.html for SSL* configuration options for Apache HTTPD. #### Nginx configuration -* `zabbix_nginx_vhost_port`: The port on which Zabbix HTTP vhost is running. -* `zabbix_nginx_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running. -* `zabbix_nginx_tls`: If the Nginx vhost should be configured with TLS encryption or not. -* `zabbix_nginx_tls_crt`: The path to the TLS certificate file. -* `zabbix_nginx_tls_key`: The path to the TLS key file. -* `zabbix_nginx_tls_dhparam`: The path to the TLS DHParam file. -* `zabbix_nginx_tls_session_cache`: Type of the global/inter-process SSL Session Cache -* `zabbix_nginx_tls_session_timeout`: -* `zabbix_nginx_tls_session_tickets`: -* `zabbix_nginx_tls_protocols`: The TLS Protocols to accept. -* `zabbix_nginx_tls_ciphers`: The TLS Ciphers to be allowed. - -When `zabbix_nginx_tls_crt` and `zabbix_nginx_tls_key` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files. #### PHP-FPM The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) configuration: -* `zabbix_php_version`: Either `7.3` or `7.4` (Based on the OS Family). When you want to override the PHP Version. * `zabbix_php_fpm_session`: The directory where sessions will be stored. If none are provided, defaults are used. * `zabbix_php_fpm_listen`: The path to a socket file or ipaddress:port combination on which PHP-FPM needs to listen. If none are provided, defaults are used. * `zabbix_php_fpm_conf_listen`: Default: `true`. If we want to configure the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. * `zabbix_php_fpm_conf_user`: The owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_user`: Default: `true`. If we want to configure the owner of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. + * `zabbix_php_fpm_conf_group`: The group of the owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_group`: Default: `true`. If we want to configure the group of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. -* `zabbix_php_fpm_conf_mode`: The mode for the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file). -* `zabbix_php_fpm_conf_enable_mode`: Default: `true`. If we want to configure the mode of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file. -* `zabbix_php_fpm_dir_etc`: etc HOME root directory of PHP-FPM setup. -* `zabbix_php_fpm_dir_var`: Var HOME root directory of PHP-FPM setup. ### Zabbix Server * `zabbix_server_name`: The name of the Zabbix Server. * `zabbix_server_database`: The type of database used. Can be: mysql or pgsql -* `zabbix_server_database_long`: The type of database used, but long name. Can be: mysql or postgresql * `zabbix_server_hostname`: The hostname on which the zabbix-server is running. Default set to: {{ inventory_hostname }} * `zabbix_server_listenport`: On which port the Zabbix Server is available. Default: 10051 * `zabbix_server_dbhost`: The hostname on which the database is running. @@ -201,6 +162,7 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config * `zabbix_server_dbuser`: The database username which is used by the Zabbix Server. * `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server. * `zabbix_server_dbport`: The database port which is used by the Zabbix Server. +* `zabbix_server_dbencryption`: Use encryption with the database connection The following properties are related when using Elasticsearch for history storage: @@ -218,6 +180,17 @@ When the target host does not have access to the internet, but you do have a pro * `zabbix_http_proxy` * `zabbix_https_proxy` +## Tags + +The majority of tasks within this role are tagged as follows: + +* `install`: Tasks associated with the installation of software. +* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation. +* `database`: Tasks associated with the installation or configuration of the database. +* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server. +* `config`: Tasks associated with the configuration of Zabbix or a supporting service. +* `service`: Tasks associated with managing a service. + # Example Playbook There are two ways of using the zabbix-web: @@ -237,12 +210,12 @@ When there is one host running both Zabbix Server and the Zabbix Web (Running My - role: geerlingguy.php - role: community.zabbix.zabbix_server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 - role: community.zabbix.zabbix_web zabbix_api_server_url: zabbix.mydomain.com zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 ``` @@ -256,7 +229,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server roles: - role: community.zabbix.zabbix_server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 - hosts: zabbix-web @@ -268,7 +241,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server zabbix_api_server_url: zabbix.mydomain.com zabbix_server_hostname: zabbix-server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 ``` @@ -289,13 +262,13 @@ zabbix.conf.php, for example to add LDAP CA certificates. To do this add a `zabb php_packages: - php - php-fpm - - php-acpu + - php-apcu - role: geerlingguy.apache-php-fpm - role: community.zabbix.zabbix_web zabbix_api_server_url: zabbix.mydomain.com zabbix_server_hostname: zabbix-server zabbix_server_database: mysql - zabbix_server_database_long: mysql + zabbix_db_type_long: mysql zabbix_server_dbport: 3306 zabbix_web_env: LDAPTLS_CACERT: /etc/ssl/certs/ourcert.pem |