summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/zabbix/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/community/zabbix/roles')
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/README.md109
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml74
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml14
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml4
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml26
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml177
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml237
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml93
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml124
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml55
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml118
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml25
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml12
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml55
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml125
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml10
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml48
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml12
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml29
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml32
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml30
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml21
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml32
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml30
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml146
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j217
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j225
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml6
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml34
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml9
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml7
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml7
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml285
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md51
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml11
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml4
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml129
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml15
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml57
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j22
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml34
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml18
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml258
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/README.md278
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml237
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml15
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml266
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml354
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml142
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml86
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml50
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml52
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml52
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2305
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml2
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml53
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml51
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml255
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/README.md241
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml196
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml15
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml321
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml300
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml66
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml196
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml130
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml18
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml55
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2373
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml23
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml28
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml261
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/README.md141
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml148
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml30
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml208
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml172
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml32
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml84
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml54
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml17
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml126
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml186
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml43
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml20
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j288
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2112
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j218
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j22
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml30
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml8
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml34
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml258
108 files changed, 3044 insertions, 5871 deletions
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
index f3fe06c9d..aa73fab3a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
@@ -44,15 +44,10 @@
This role will work on the following operating systems:
* Red Hat
- * Fedora
* Debian
* Ubuntu
- * opensuse
* Windows (Best effort)
- * macOS
-
-So, you'll need one of those operating systems.. :-)
-Please send Pull Requests or suggestions when you want to use this role for other Operating systems.
+ * macOS (Best effort)
## Ansible 2.10 and higher
@@ -62,7 +57,7 @@ With the release of Ansible 2.10, modules have been moved into collections. Wit
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.general
```
-If you are willing to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too:
+If you are wanting to create host_groups and hosts in Zabbix via API as a part of this role execution then you need to install `ansible.netcommon` collection too:
```
ansible-galaxy collection install ansible.netcommon
@@ -95,24 +90,18 @@ To successfully complete the install the role requires `python-netaddr` on the c
See the following list of supported Operating systems with the Zabbix releases:
-| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) |
-|---------------------|-----|-----|-----|-----|-----|----------|-----|-----------|-----------|
-| Red Hat Fam 9 | V | V | V | | | | | | |
-| Red Hat Fam 8 | V | V | V | V | V | V | V | | |
-| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V |
-| Red Hat Fam 6 | V | V | V | V | V | V | | | V |
-| Red Hat Fam 5 | | | V | V | V | V | | | V |
-| Fedora | | | | | | | V | V | |
-| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | |
-| Ubuntu 18.04 bionic | V | V | V | V | V | V | V | V | |
-| Ubuntu 16.04 xenial | V | V | V | V | V | V | V | V | |
-| Ubuntu 14.04 trusty | V | V | V | V | V | V | V | V | V |
-| Debian 10 buster | V | V | V | V | V | V | V | | |
-| Debian 9 stretch | V | V | | V | V | V | V | V | |
-| Debian 8 jessie | | | | | V | V | V | V | V |
-| Debian 7 wheezy | | | | | | | | V | V |
-| macOS 10.15 | | | | | | | V | V | |
-| macOS 10.14 | | | | | | | V | V | |
+| Zabbix | 6.4 | 6.2 | 6.0 |
+|---------------------|-----|-----|-----|
+| Red Hat Fam 9 | V | V | V |
+| Red Hat Fam 8 | V | V | V |
+| Red Hat Fam 7 | V | V | V |
+| Ubuntu 22.04 jammy | V | V | V |
+| Ubuntu 20.04 focal | V | V | V |
+| Ubuntu 18.04 bionic | V | V | V |
+| Debian 12 bookworm | V | V | V |
+| Debian 11 bullseye | V | V | V |
+| Debian 10 buster | V | V | V |
+
# Getting started
@@ -124,7 +113,7 @@ In order to get the Zabbix Agent running, you'll have to define the following pr
* `zabbix_agent(2)_server`
* `zabbix_agent(2)_serveractive` (When using active checks)
-The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 4.0`, `zabbix_agent_version: 3.4` or `zabbix_agent_version: 2.2`.
+The `zabbix_agent_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_agent_version: 6.0`.
The `zabbix_agent(2)_server` (and `zabbix_agent(2)_serveractive`) should contain the ip or fqdn of the host running the Zabbix Server.
@@ -140,16 +129,13 @@ The following is an overview of all available configuration default for this rol
### Overall Zabbix
-* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
+* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4, 6.2, or 6.0
* `zabbix_agent_version_minor`: When you want to specify a minor version to be installed. Is also used for `zabbix_sender` and `zabbix_get`. RedHat only. Default set to: `*` (latest available)
-* `zabbix_repo`: Default: `zabbix`
- * `epel`: install agent from EPEL repo
- * `zabbix`: (default) install agent from Zabbix repo
- * `other`: install agent from pre-existing or other repo
* `zabbix_repo_yum`: A list with Yum repository configuration.
* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
-* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`.
-* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages.
+* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`.
+* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
+* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
### SElinux
@@ -158,7 +144,7 @@ The following is an overview of all available configuration default for this rol
### Zabbix Agent
* `zabbix_agent_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact.
-* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`.
+* `zabbix_agent2`: Default: `False`. When you want to install the `Zabbix Agent2` instead of the "old" `Zabbix Agent`.zabbix_agent_version
* `zabbix_agent_listeninterface`: Interface zabbix-agent listens on. Leave blank for all.
* `zabbix_agent_package_remove`: If `zabbix_agent2: True` and you want to remove the old installation. Default: `False`.
* `zabbix_agent_package`: The name of the zabbix-agent package. Default: `zabbix-agent`. In case for EPEL, it is automatically renamed.
@@ -174,7 +160,6 @@ The following is an overview of all available configuration default for this rol
* `zabbix_agent_userparameters_scripts_src`: indicates the relative path (from `files/`) where userparameter scripts are searched
* `zabbix_agent_runas_user`: Drop privileges to a specific, existing user on the system. Only has effect if run as 'root' and AllowRoot is disabled.
* `zabbix_agent_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip.
-* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely.
* `zabbix_agent_apt_priority`: Add a weight (`Pin-Priority`) for the APT repository.
* `zabbix_agent_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_agent_dont_detect_ip`: Default `false`. When set to `true`, it won't detect available ip addresses on the host and no need for the Python module `netaddr` to be installed.
@@ -193,6 +178,7 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2.
* `zabbix_agent(2)_pidfile`: name of pid file.
* `zabbix_agent(2)_logfile`: name of log file.
* `zabbix_agent(2)_logfilesize`: maximum size of log file in mb.
+* `zabbix_agent(2)_additional_include`: A list of additional complete paths to include in configuration
* `zabbix_agent(2)_logtype`: Specifies where log messages are written to
* `zabbix_agent(2)_debuglevel`: specifies debug level
* `zabbix_agent(2)_sourceip`: source ip address for outgoing connections.
@@ -261,16 +247,17 @@ These variables need to be overridden when you want to make use of the Zabbix AP
Host encryption configuration will be set to match agent configuration.
-* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth.
-* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth.
-* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`.
-* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False`
* `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com
-* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080
-* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS
-* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used
+* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false`
+* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080
* `zabbix_api_login_user`: Username of user which has API access.
* `zabbix_api_login_pass`: Password for the user which has API access.
+* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth).
+* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth).
+* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used.
+* `zabbix_api_timeout`: How many seconds to wait for API response (default 30s).
+* `zabbix_api_create_hosts`: Default: `False`. When you want to enable the Zabbix API to create/delete the host. This has to be set to `True` if you want to make use of `zabbix_agent_host_state`.
+* `zabbix_api_create_hostgroup`: When you want to enable the Zabbix API to create/delete the hostgroups. This has to be set to `True` if you want to make use of `zabbix_agent_hostgroups_state`.Default: `False`
* `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu`
* `zabbix_agent_hostgroups_state`: present (Default) if the hostgroup needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_hostgroup` is set to `True`.
* `zabbix_host_status`: enabled (Default) when host in monitored, disabled when host is disabled for monitoring.
@@ -290,7 +277,7 @@ Host encryption configuration will be set to match agent configuration.
**NOTE**
-_Supporting Windows is a best effort (I don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._
+_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._
When `(2)` is used in the name of the property, like `zabbix_agent(2)_win_logfile`, it will show that you can configure `zabbix_agent_win_logfile` for the Zabbix Agent configuration file and `zabbix_agent2_win_logfile` for the Zabbix Agent 2 configuration file.
Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2.
@@ -308,6 +295,10 @@ Otherwise it just for the Zabbix Agent or for the Zabbix Agent 2.
## macOS Variables
+**NOTE**
+
+_Supporting Windows is a best effort (We don't have the possibility to either test/verify changes on the various amount of available Windows instances). PRs specific to Windows will almost immediately be merged, unless someone is able to provide a Windows test mechanism via Travis for Pull Requests._
+
* `zabbix_version_long`: The long (major.minor.patch) version of the Zabbix Agent. This will be used to generate the `zabbix_mac_download_link` link.
* `zabbix_mac_download_link`: The download url to the `pkg` file.
@@ -344,17 +335,6 @@ Keep in mind that using the Zabbix Agent in a Container requires changes to the
* `zabbix_agent_docker_volumes`: A list with all directories that needs to be available in the Container.
* `zabbix_agent_docker_env`: A dict with all environment variables that needs to be set for the Container.
-## FirewallD/Iptables
-
-* `zabbix_agent_firewall_enable`: If IPtables needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport`.
-* `zabbix_agent_firewall_source`: When provided, IPtables will be configuring to only allow traffic from this IP address/range.
-* `zabbix_agent_firewalld_enable`: If firewalld needs to be updated by opening an TCP port for port configured in `zabbix_agent_listenport` and `zabbix_agent_jmx_listenport` if defined.
-* `zabbix_agent_firewalld_source`: When provided, firewalld will be configuring to only allow traffic for IP configured in `zabbix_agent_server`.
-* `zabbix_agent_firewalld_zone`: When provided, the firewalld rule will be attached to this zone (only if zabbix_agent_firewalld_enable is set to true). The default behavior is to use the default zone define by the remote host firewalld configuration.
-* `zabbix_agent_firewall_action`: Default: `insert`. When to `insert` the rule or to `append` to IPTables.
-* `zabbix_agent_firewall_chain`: Default `INPUT`. Which `chain` to add the rule to IPTables.
-
-
## IPMI variables
* `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default.
@@ -369,6 +349,17 @@ When the target host does not have access to the internet, but you do have a pro
* `zabbix_http_proxy`
* `zabbix_https_proxy`
+## Tags
+
+The majority of tasks within this role are tagged as follows:
+
+* `install`: Tasks associated with the installation of software.
+* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation.
+* `database`: Tasks associated with the installation or configuration of the database.
+* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server.
+* `config`: Tasks associated with the configuration of Zabbix or a supporting service.
+* `service`: Tasks associated with managing a service.
+
# Dependencies
There are no dependencies on other roles.
@@ -440,10 +431,11 @@ Including an example of how to use your role (for instance, with variables passe
- role: community.zabbix.zabbix_agent
zabbix_agent_server: 192.168.33.30
zabbix_agent_serveractive: 192.168.33.30
- zabbix_api_server_url: http://zabbix.example.com
- zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0
+ zabbix_api_server_host: zabbix.example.com
zabbix_api_login_user: Admin
zabbix_api_login_pass: zabbix
+ zabbix_api_create_hostgroup: true
+ zabbix_api_create_hosts: true
zabbix_agent_host_state: present
zabbix_host_groups:
- Linux Servers
@@ -465,10 +457,11 @@ You can also use the group_vars or the host_vars files for setting the variables
```yaml
zabbix_agent_server: 192.168.33.30
zabbix_agent_serveractive: 192.168.33.30
- zabbix_api_server_url: http://zabbix.example.com
- zabbix_api_use: true # use zabbix_api_create_hosts and/or zabbix_api_create_hostgroup from 0.8.0
+ zabbix_api_server_host: zabbix.example.com
zabbix_api_login_user: Admin
zabbix_api_login_pass: zabbix
+ zabbix_api_create_hostgroup: true
+ zabbix_api_create_hosts: true
zabbix_agent_host_state: present
zabbix_host_groups:
- Linux Servers
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
index 5fc96071a..dbd5db5db 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
@@ -2,11 +2,9 @@
# defaults file for zabbix_agent
zabbix_agent2: false
-# zabbix_agent_version: 6.0
+# zabbix_agent_version: 6.4
zabbix_agent_version_minor: "*"
-zabbix_version: "{{ zabbix_agent_version }}"
zabbix_version_patch: 0
-zabbix_repo: zabbix
zabbix_agent_package_remove: false
zabbix_agent_package: zabbix-agent
zabbix_sender_package: zabbix-sender
@@ -17,7 +15,6 @@ zabbix_agent_serveractive:
zabbix_agent2_server: "{{ zabbix_agent_server }}"
zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive }}"
zabbix_selinux: false
-zabbix_agent_src_reinstall: false
zabbix_agent_apt_priority:
zabbix_agent_conf_mode: "0644"
zabbix_agent_dont_detect_ip: false
@@ -36,22 +33,20 @@ zabbix_agent_packages:
- "{{ zabbix_get_package }}"
# Zabbix role related vars
-zabbix_install_pip_packages: true
zabbix_apt_force_apt_get: true
zabbix_apt_install_recommends: false
# Override Ansible specific facts
zabbix_agent_distribution_major_version: "{{ ansible_distribution_major_version }}"
zabbix_agent_distribution_release: "{{ ansible_distribution_release }}"
-zabbix_agent_os_family: "{{ ansible_os_family }}"
zabbix_repo_yum_gpgcheck: 0
zabbix_repo_yum_schema: https
-zabbix_repo_yum_disabled: "*"
-zabbix_repo_yum_enabled: []
+zabbix_agent_disable_repo:
+ - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
- baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/"
+ baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ zabbix_agent_distribution_major_version }}/$basearch/"
mode: "0644"
gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
@@ -71,48 +66,32 @@ zabbix_repo_yum:
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_repo_deb_component: main
+
# Zabbix API stuff
-zabbix_validate_certs: true # Will be deprecated in 2.0.0
-zabbix_api_validate_certs: "{{ zabbix_validate_certs }}"
-zabbix_agent_server_url: http://localhost # Will be deprecated in 2.0.0
-zabbix_url: "{{ zabbix_agent_server_url }}" # Will be deprecated in 2.0.0
-zabbix_api_server_url: "{{ zabbix_agent_server_url }}"
-zabbix_api_server_host: "{{ zabbix_api_server_url | urlsplit('hostname') }}"
-zabbix_api_port_from_url: "{{ zabbix_api_server_port | default(zabbix_api_server_url | urlsplit('port')) }}"
-zabbix_api_scheme_from_url: "{{ zabbix_api_server_url | urlsplit('scheme') }}"
-zabbix_api_port_from_shema: "{{ (zabbix_api_scheme_from_url == 'https') | ternary(443, 80) }}"
-# zabbix_http_user: admin # Will be deprecated in 2.0.0
-# zabbix_http_password: admin # Will be deprecated in 2.0.0
-# zabbix_api_http_user: admin
-# zabbix_api_http_password: admin
-zabbix_api_user: Admin # Will be deprecated in 2.0.0
-zabbix_api_pass: !unsafe zabbix # Will be deprecated in 2.0.0
-zabbix_api_login_user: "{{ zabbix_api_user }}"
-zabbix_api_login_pass: "{{ zabbix_api_pass }}"
+zabbix_api_server_host: localhost
+# zabbix_api_server_port: 80
+zabbix_api_login_user: Admin
+zabbix_api_use_ssl: false
+zabbix_api_login_pass: !unsafe zabbix
+zabbix_api_validate_certs: false
ansible_httpapi_pass: "{{ zabbix_api_login_pass }}"
-ansible_httpapi_port: "{{ (zabbix_api_port_from_url == '') | ternary(zabbix_api_port_from_shema, zabbix_api_port_from_url) }}"
-ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl | default((zabbix_api_scheme_from_url == 'https') | ternary(true, false)) }}"
+ansible_httpapi_port: "{{ zabbix_api_server_port }}"
ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}"
+zabbix_api_timeout: 30
zabbix_api_create_hostgroup: false
zabbix_api_create_hosts: false
-zabbix_api_timeout: 30
-zabbix_create_hostgroup: present # or absent # Will be deprecated in 2.0.0
-zabbix_agent_hostgroups_state: "{{ zabbix_create_hostgroup }}"
-zabbix_create_host: present # or absent # Will be deprecated in 2.0.0
-zabbix_agent_host_state: "{{ zabbix_create_host }}"
-zabbix_update_host: true # Will be deprecated in 2.0.0
-zabbix_agent_host_update: "{{ zabbix_update_host }}"
+zabbix_agent_hostgroups_state: present # or absent
+zabbix_agent_host_state: present # or absent
+zabbix_agent_host_update: true
zabbix_host_status: enabled # or disabled
-zabbix_proxy: null # Will be deprecated in 2.0.0
-zabbix_agent_proxy: "{{ zabbix_proxy }}"
-zabbix_inventory_mode: disabled # Will be deprecated in 2.0.0
-zabbix_agent_inventory_mode: "{{ zabbix_inventory_mode }}"
+zabbix_agent_proxy: null
+zabbix_agent_inventory_mode: disabled
zabbix_useuip: 1
zabbix_host_groups:
- Linux servers
-zabbix_link_templates: # Will be deprecated in 2.0.0
+zabbix_agent_link_templates:
- Template Linux by Zabbix agent
-zabbix_agent_link_templates: "{{ zabbix_link_templates }}"
zabbix_agent_interfaces:
- type: 1
@@ -122,14 +101,6 @@ zabbix_agent_interfaces:
dns: "{{ ansible_fqdn }}"
port: "{{ (zabbix_agent2 == True) | ternary(zabbix_agent2_listenport, zabbix_agent_listenport) }}"
-zabbix_agent_firewall_enable: false
-zabbix_agent_firewalld_enable: false
-zabbix_agent_firewalld_source: "{{ zabbix_agent_server }}"
-zabbix_agent_firewall_action: insert
-zabbix_agent_firewall_chain: INPUT
-
-# By default, a null zone will trigger the use of the default zone on the remote host
-zabbix_agent_firewalld_zone:
# Zabbix configuration variables
zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid
zabbix_agent_logtype: file
@@ -171,8 +142,7 @@ zabbix_agent_become_on_localhost: true
zabbix_agent_description:
zabbix_agent_inventory_zabbix: {}
zabbix_agent_heartbeatfrequency: 60
-zabbix_macros: [] # Will be deprecated in 2.0.0
-zabbix_agent_macros: "{{ zabbix_macros }}"
+zabbix_agent_macros: []
zabbix_agent_tags: []
zabbix_agent_chassis: false
@@ -272,7 +242,7 @@ zabbix_agent_docker: false
zabbix_agent_docker_state: started
zabbix_agent_docker_name: zabbix-agent
zabbix_agent_docker_image: "zabbix/zabbix-agent"
-zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_version }}.{{ zabbix_version_patch }}"
+zabbix_agent_docker_image_tag: "ubuntu-{{ zabbix_agent_version }}.{{ zabbix_version_patch }}"
zabbix_agent_docker_user_gid: 101
zabbix_agent_docker_user_uid: 101
zabbix_agent_docker_network_mode: host
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml
index cd0f9d932..9f04b1a9b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/handlers/main.yml
@@ -2,17 +2,17 @@
# handlers file for zabbix-agent
- name: restart zabbix-agent
- service:
+ ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
state: restarted
enabled: true
become: true
when:
- not zabbix_agent_docker
- - zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin"
+ - ansible_os_family != "Windows" and ansible_os_family != "Darwin"
- name: firewalld-reload
- command: "firewall-cmd --reload"
+ ansible.builtin.command: "firewall-cmd --reload"
become: true
when:
- ansible_facts.services["firewalld"] is defined
@@ -23,17 +23,17 @@
name: "{{ zabbix_win_svc_name }}"
state: restarted
when:
- - zabbix_agent_os_family == "Windows"
+ - ansible_os_family == "Windows"
- name: restart mac zabbix agent
- command: "launchctl kickstart -k system/{{ zabbix_agent_service }}"
+ ansible.builtin.command: "launchctl kickstart -k system/{{ zabbix_agent_service }}"
become: true
when:
- not zabbix_agent_docker
- - zabbix_agent_os_family == "Darwin"
+ - ansible_os_family == "Darwin"
- name: "clean repo files from proxy creds"
- shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+ ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
become: true
when:
- ansible_os_family == 'RedHat'
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml
index e7b8e06ae..137eac314 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/molecule.yml
@@ -3,9 +3,6 @@ dependency:
name: galaxy
driver:
name: docker
-lint:
- name: yamllint
-
platforms:
- name: zabbix-server-centos
image: milcom/centos7-systemd:latest
@@ -46,12 +43,9 @@ provisioner:
docker:
create: ../default/create.yml
destroy: ../default/destroy.yml
- lint:
- name: ansible-lint
inventory:
group_vars:
all:
- zabbix_agent_src_reinstall: false
zabbix_api_create_hosts: true
zabbix_api_create_hostgroup: true
zabbix_api_server_url: http://zabbix-server-centos
@@ -77,5 +71,3 @@ scenario:
verifier:
name: testinfra
- lint:
- name: flake8
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml
index e1bb7d8d4..2f0795448 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/playbook.yml
@@ -3,7 +3,7 @@
hosts: all:!zabbix_server
pre_tasks:
- name: "Get IP Server"
- shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
+ ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
register: ip_address
delegate_to: zabbix-server-centos
changed_when: false
@@ -11,7 +11,7 @@
- skip_ansible_lint
- name: "Get IP hosts"
- shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
+ ansible.builtin.shell: grep $(hostname) /etc/hosts | awk '{ print $1 }' | tail -n 1
register: ip_address_host
changed_when: false
tags:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
index 6722e5fea..582006d4e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
@@ -3,14 +3,14 @@
hosts: zabbix_server
pre_tasks:
- name: "Installing EPEL"
- yum:
+ ansible.builtin.yum:
name:
- epel-release
state: present
when: ansible_distribution == 'CentOS'
- name: "Installing packages"
- yum:
+ ansible.builtin.yum:
name:
- net-tools
- which
@@ -21,7 +21,7 @@
when: ansible_distribution == 'CentOS'
- name: "Installing which on NON-CentOS"
- apt:
+ ansible.builtin.apt:
name:
- net-tools
- python-pip
@@ -30,19 +30,19 @@
when: ansible_distribution != 'CentOS'
- name: "Configure SUDO."
- lineinfile:
+ ansible.builtin.lineinfile:
dest: /etc/sudoers
line: "Defaults !requiretty"
state: present
- name: "Make sure the docs are installed."
- lineinfile:
+ ansible.builtin.lineinfile:
dest: /etc/yum.conf
line: "tsflags=nodocs"
state: absent
- name: "Installing some python dependencies"
- pip:
+ ansible.builtin.pip:
name: py-zabbix
state: present
@@ -55,7 +55,7 @@
hosts: all:!zabbix_server:!docker
tasks:
- name: "Installing packages on CentOS family"
- yum:
+ ansible.builtin.yum:
name:
- net-tools
- which
@@ -64,7 +64,7 @@
- ansible_os_family == 'RedHat'
- name: "Installing packages on Debian family"
- apt:
+ ansible.builtin.apt:
name:
- net-tools
state: present
@@ -75,7 +75,7 @@
hosts: docker
tasks:
- name: "Download Docker CE repo file"
- get_url:
+ ansible.builtin.get_url:
url: https://download.docker.com/linux/centos/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
mode: 0644
@@ -83,7 +83,7 @@
until: zabbix_agent_prepare_docker_repo is succeeded
- name: "Installing Epel"
- package:
+ ansible.builtin.package:
pkg:
- epel-release
state: present
@@ -91,7 +91,7 @@
until: zabbix_agent_prepare_docker_install is succeeded
- name: "Installing Docker"
- package:
+ ansible.builtin.package:
pkg:
- docker-ce
- python-pip
@@ -101,7 +101,7 @@
until: zabbix_agent_prepare_docker_install is succeeded
- name: "Installing Docker Python"
- pip:
+ ansible.builtin.pip:
name:
- docker
state: present
@@ -109,6 +109,6 @@
until: zabbix_agent_prepare_docker_install is succeeded
- name: "Starting Docker service"
- service:
+ ansible.builtin.service:
name: docker
state: started
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml
deleted file mode 100644
index e98576f61..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Darwin.yml
+++ /dev/null
@@ -1,177 +0,0 @@
----
-
-- name: "Set default ip address for zabbix_agent_ip"
- set_fact:
- zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}"
- when:
- - zabbix_agent_ip is not defined
- - "'ansible_default_ipv4' in hostvars[inventory_hostname]"
-
-- name: "Get Total Private IP Addresses"
- set_fact:
- total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | length }}"
- when:
- - ansible_all_ipv4_addresses is defined
-
-- name: "Set first public ip address for zabbix_agent_ip"
- set_fact:
- zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}"
- zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}"
- zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}"
- zabbix_agent2_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent2_server) }}"
- zabbix_agent2_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent2_serveractive) }}"
- when:
- - zabbix_agent_ip is not defined
- - total_private_ip_addresses is defined
- - total_private_ip_addresses == '0'
-
-- name: "Set first private ip address for zabbix_agent_ip"
- set_fact:
- zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}"
- when:
- - zabbix_agent_ip is not defined
- - total_private_ip_addresses is defined
- - total_private_ip_addresses != '0'
-
-- name: "Fail invalid specified agent_listeninterface"
- fail:
- msg: "The specified network interface does not exist"
- when:
- - zabbix_agent_listeninterface
- - (zabbix_agent_listeninterface not in ansible_all_ipv4_addresses)
- tags:
- - zabbix-agent
- - config
-
-- name: "Set network interface"
- set_fact:
- network_interface: ansible_{{ zabbix_agent_listeninterface }}
- when:
- - zabbix_agent_listeninterface
- - not zabbix_agent_listenip
-
-- name: "Get IP of agent_listeninterface when no agent_listenip specified"
- set_fact:
- zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}"
- zabbix_agent_ip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}"
- when:
- - zabbix_agent_listeninterface
- - not zabbix_agent_listenip
- tags:
- - zabbix-agent
- - config
- - api
-
-- name: "Default agent_listenip to all when not specified"
- set_fact:
- zabbix_agent_listenip: '0.0.0.0'
- when:
- - not zabbix_agent_listenip
- tags:
- - zabbix-agent
- - config
-
-- name: "Fail invalid specified agent_listenip"
- fail:
- msg: "The agent_listenip does not exist"
- when:
- - zabbix_agent_listenip != '0.0.0.0'
- - zabbix_agent_listenip != '127.0.0.1'
- - (zabbix_agent_listenip not in ansible_all_ipv4_addresses)
- tags:
- - zabbix-agent
- - config
-
-- name: "Installing Agent"
- include_tasks: macOS.yml
- tags:
- - always
-
-- name: "Configure zabbix-agent"
- template:
- src: zabbix_agentd.conf.j2
- dest: "/usr/local/etc/zabbix/{{ zabbix_agent_conf }}"
- owner: zabbix
- group: wheel
- mode: 0644
- notify:
- - restart mac zabbix agent
- become: true
- when:
- - not (zabbix_agent_docker | bool)
- tags:
- - zabbix-agent
- - config
- - init
-
-- name: "Create directory for PSK file if not exist."
- file:
- path: "{{ zabbix_agent_tlspskfile | dirname }}"
- mode: 0755
- state: directory
- become: true
- when:
- - zabbix_agent_tlspskfile is defined
-
-- name: "Place TLS PSK File"
- copy:
- dest: "{{ zabbix_agent_tlspskfile }}"
- content: "{{ zabbix_agent_tlspsk_secret }}"
- owner: zabbix
- group: zabbix
- mode: 0400
- become: true
- when:
- - zabbix_agent_tlspskfile is defined
- - zabbix_agent_tlspsk_secret is defined
- notify:
- - restart mac zabbix agent
-
-- name: "Create include dir zabbix-agent"
- file:
- path: "{{ zabbix_agent_include }}"
- owner: zabbix
- group: zabbix
- mode: 0750
- state: directory
- become: true
- tags:
- - config
- - include
-
-- name: "Create pid file directory for zabbix-agent"
- file:
- path: /var/run/zabbix
- state: directory
- owner: zabbix
- group: zabbix
- mode: 0755
- become: true
-
-- name: "Install the Docker container"
- include_tasks: Docker.yml
- when:
- - zabbix_agent_docker | bool
-
-- name: "Check if zabbix-agent service is running"
- shell: |
- set -o pipefail
- launchctl list | grep com.zabbix.zabbix_agentd | awk '{print $1}'
- register: launchctl_pid
- check_mode: false
- changed_when: false
- failed_when: launchctl_pid.rc == 2
- become: true
- tags:
- - init
- - service
-
-- name: "Make sure the zabbix-agent service is running"
- command: launchctl start com.zabbix.zabbix_agentd
- become: true
- when:
- - not (zabbix_agent_docker | bool)
- - launchctl_pid.stdout == "-"
- tags:
- - init
- - service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
index ec4a01879..6ded0ba03 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
@@ -1,17 +1,16 @@
---
# Tasks specific for Debian/Ubuntu Systems
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
-
-- name: "Set short version name"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}"
+- name: "Debian | Set some variables"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}"
+ zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}"
+ tags:
+ - always
-- name: "Debian | Installing gnupg"
- apt:
- pkg: gnupg
+- name: "Debian | Installing lsb-release"
+ ansible.builtin.apt:
+ pkg: lsb-release
update_cache: true
cache_valid_time: 3600
force: true
@@ -19,174 +18,111 @@
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: gnupg_installed
- until: gnupg_installed is succeeded
- become: true
-
-- name: "Debian | Install gpg key"
- apt_key:
- id: "{{ sign_keys[zabbix_short_version][zabbix_agent_distribution_release]['sign_key'] }}"
- url: http://repo.zabbix.com/zabbix-official-repo.key
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - zabbix_repo == "zabbix"
become: true
tags:
- - zabbix-agent
- - init
+ - install
-- name: "Debian | Check for zabbix repositories"
- find:
- paths: /etc/apt/sources.list.d
- patterns: repo_zabbix_com_zabbix*.list
- excludes: "repo_zabbix_com_zabbix_{{ zabbix_underscore_version }}_ubuntu.list"
- register: repositories
- become: true
- when:
- - ansible_distribution in ['Ubuntu', 'Debian']
- - zabbix_repo == "zabbix"
- tags:
- - zabbix-agent
- - init
+- name: "Debian | Update ansible_lsb fact"
+ ansible.builtin.setup:
+ gather_subset:
+ - lsb
-- name: "Debian | Remove unecessary zabbix repositories"
- file:
- path: "{{ item.path }}"
- state: absent
- loop: "{{ repositories.files }}"
+- name: "Debian | Repo URL"
+ ansible.builtin.set_fact:
+ zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
when:
- - ansible_distribution in ['Ubuntu', 'Debian']
- - zabbix_repo == "zabbix"
- - zabbix_agent_src_reinstall
- become: true
+ - zabbix_repo_deb_url is undefined
tags:
- - zabbix-agent
- - init
+ - always
-- name: "Debian | Installing deb-src repository Debian"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - ansible_distribution == "Debian"
- - zabbix_repo == "zabbix"
- become: true
- tags:
- - zabbix-agent
- - init
-
-- name: "Debian | Installing deb repository Debian"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ zabbix_agent_distribution_release }} main"
+- name: "Debian | Installing gnupg"
+ ansible.builtin.apt:
+ pkg: gnupg
+ update_cache: true
+ cache_valid_time: 3600
+ force: true
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - ansible_distribution == "Debian"
- - zabbix_repo == "zabbix"
+ register: gnupg_installed
+ until: gnupg_installed is succeeded
become: true
tags:
- - zabbix-agent
- - init
-
-- name: "Debian | Installing deb-src repository Ubuntu Arm64"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu-arm64/ {{ zabbix_agent_distribution_release }} main"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine == "aarch64"
- - zabbix_repo == "zabbix"
+ - install
+
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/
+ state: directory
+ mode: "0755"
become: true
- tags:
- - zabbix-agent
- - init
-
-- name: "Debian | Installing deb repository Ubuntu Arm64"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu-arm64/ {{ zabbix_agent_distribution_release }} main"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine == "aarch64"
- - zabbix_repo == "zabbix"
- become: true
- tags:
- - zabbix-agent
- - init
+ - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
-- name: "Debian | Installing deb-src repository Ubuntu"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main"
- state: present
+- name: "Debian | Download gpg key"
+ ansible.builtin.get_url:
+ url: http://repo.zabbix.com/zabbix-official-repo.key
+ dest: "{{ zabbix_gpg_key }}"
+ mode: "0644"
+ force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine != "aarch64"
- - zabbix_repo == "zabbix"
become: true
tags:
- - zabbix-agent
- - init
+ - install
-- name: "Debian | Installing deb repository Ubuntu"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ zabbix_agent_distribution_release }} main"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine != "aarch64"
- - zabbix_repo == "zabbix"
+- name: "Debian | Installing repository {{ ansible_distribution }}"
+ ansible.builtin.copy:
+ dest: /etc/apt/sources.list.d/zabbix.sources
+ owner: root
+ group: root
+ mode: 0644
+ content: |
+ Types: deb deb-src
+ Enabled: yes
+ URIs: {{ zabbix_repo_deb_url }}
+ Suites: {{ ansible_distribution_release }}
+ Components: {{ zabbix_repo_deb_component }}
+ Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+ Signed-By: {{ zabbix_gpg_key }}
become: true
tags:
- - zabbix-agent
- - init
+ - install
- name: "Debian | Create /etc/apt/preferences.d/"
- file:
+ ansible.builtin.file:
path: /etc/apt/preferences.d/
state: directory
- mode: '0755'
+ mode: "0755"
when:
- zabbix_agent_apt_priority | int
become: true
+ tags:
+ - install
- name: "Debian | Configuring the weight for APT"
- copy:
+ ansible.builtin.copy:
dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}"
content: |
Package: {{ zabbix_agent_package }}
Pin: origin repo.zabbix.com
Pin-Priority: {{ zabbix_agent_apt_priority | int }}
owner: root
- mode: '0644'
+ mode: "0644"
when:
- zabbix_agent_apt_priority | int
become: true
+ tags:
+ - install
-# Note: set cache_valid_time=0 to ensure that an apt-get update after the added repo-key
-# else you often get 'WARNING: The following packages cannot be authenticated!
-# See also:
-# http://askubuntu.com/questions/75565/why-am-i-getting-authentication-errors-for-packages-from-an-ubuntu-repository
- name: "Debian | Installing zabbix-agent"
- apt:
+ ansible.builtin.apt:
pkg: "{{ zabbix_agent_package }}"
state: "{{ zabbix_agent_package_state }}"
update_cache: true
@@ -196,16 +132,14 @@
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when: ansible_distribution in ['Ubuntu', 'Debian']
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
tags:
- - zabbix-agent
- - init
+ - install
- name: "Debian | Installing zabbix-{sender,get}"
- apt:
+ ansible.builtin.apt:
pkg:
- "{{ zabbix_sender_package }}"
- "{{ zabbix_get_package }}"
@@ -218,42 +152,19 @@
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
when:
- - ansible_distribution in ['Ubuntu', 'Debian']
- not zabbix_agent_install_agent_only
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
become: true
check_mode: false
tags:
- - zabbix-agent
- - init
-
-- name: "Mint | Installing zabbix-agent"
- apt:
- pkg: "zabbix-agent"
- state: "{{ zabbix_agent_package_state }}"
- update_cache: true
- cache_valid_time: 0
- force_apt_get: "{{ zabbix_apt_force_apt_get }}"
- install_recommends: "{{ zabbix_apt_install_recommends }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when: ansible_distribution not in ['Ubuntu', 'Debian']
- register: zabbix_agent_package_installed
- until: zabbix_agent_package_installed is succeeded
- become: true
- tags:
- - zabbix-agent
- - init
+ - install
- name: "Debian | Enable the service"
- service:
+ ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
enabled: true
use: service
become: true
tags:
- - zabbix-agent
- - init
- service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml
index cbbef204d..031a5fe61 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Docker.yml
@@ -1,7 +1,6 @@
---
-
- name: "Create volume mount string"
- set_fact:
+ ansible.builtin.set_fact:
volume_mount: "{{ zabbix_agent_tlspskfile }}:/var/lib/zabbix/enc/tlspskfile"
tls_key:
ZBX_TLSPSKFILE: tlspskfile
@@ -9,7 +8,7 @@
- zabbix_agent_tlspskfile is defined
- name: "Add zabbix_agent_tlspskfile to volume mount"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_docker_volumes: "{{ zabbix_agent_docker_volumes + [ volume_mount ] }}"
zabbix_agent_docker_env: "{{ zabbix_agent_docker_env | combine(tls_key) }}"
when:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml
index d2c0ba82c..c4c8fc401 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Linux.yml
@@ -1,21 +1,24 @@
---
-
- name: "Set default ip address for zabbix_agent_ip"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}"
when:
- zabbix_agent_ip is not defined
- "'ansible_default_ipv4' in hostvars[inventory_hostname]"
+ tags:
+ - config
- name: "Get Total Private IP Addresses"
- set_fact:
+ ansible.builtin.set_fact:
total_private_ip_addresses: "{{ ansible_all_ipv4_addresses | ansible.utils.ipaddr('private') | length }}"
when:
- ansible_all_ipv4_addresses is defined
- not (zabbix_agent_dont_detect_ip)
+ tags:
+ - config
- name: "Set first public ip address for zabbix_agent_ip"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('public') | first }}"
zabbix_agent_server: "{{ zabbix_agent_server_public_ip | default(zabbix_agent_server) }}"
zabbix_agent_serveractive: "{{ zabbix_agent_serveractive_public_ip | default(zabbix_agent_serveractive) }}"
@@ -25,79 +28,83 @@
- zabbix_agent_ip is not defined
- total_private_ip_addresses is defined
- total_private_ip_addresses == '0'
+ tags:
+ - config
- name: "Set first private ip address for zabbix_agent_ip"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_ip: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr('private') | first }}"
when:
- zabbix_agent_ip is not defined
- total_private_ip_addresses is defined
- total_private_ip_addresses != '0'
+ tags:
+ - config
- name: "Fail invalid specified agent_listeninterface"
- fail:
+ ansible.builtin.fail:
msg: "The specified network interface does not exist"
when:
- (zabbix_agent_listeninterface)
- (zabbix_agent_listeninterface not in ansible_interfaces)
tags:
- - zabbix-agent
- config
- name: "Set network interface"
- set_fact:
+ ansible.builtin.set_fact:
network_interface: ansible_{{ zabbix_agent_listeninterface }}
when:
- (zabbix_agent_listeninterface)
- not zabbix_agent_listenip
+ tags:
+ - config
- name: "Get IP of agent_listeninterface when no agent_listenip specified"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_listenip: "{{ hostvars[inventory_hostname][network_interface]['ipv4'].address | default('0.0.0.0') }}"
when:
- (zabbix_agent_listeninterface)
- not zabbix_agent_listenip
tags:
- - zabbix-agent
- config
- api
- name: "Default agent_listenip to all when not specified"
- set_fact:
- zabbix_agent_listenip: '0.0.0.0'
+ ansible.builtin.set_fact:
+ zabbix_agent_listenip: "0.0.0.0"
when:
- not (zabbix_agent_listenip)
tags:
- - zabbix-agent
- config
- name: "Fail invalid specified agent_listenip"
- fail:
+ ansible.builtin.fail:
msg: "The agent_listenip does not exist"
when:
- zabbix_agent_listenip != '0.0.0.0'
- zabbix_agent_listenip != '127.0.0.1'
- (zabbix_agent_listenip not in ansible_all_ipv4_addresses)
tags:
- - zabbix-agent
- config
- name: "Configure SELinux when enabled"
- include_tasks: selinux.yml
+ ansible.builtin.include_tasks: selinux.yml
when:
- zabbix_selinux | bool
- name: "Adding zabbix group"
- group:
+ ansible.builtin.group:
name: zabbix
state: present
gid: "{{ zabbix_agent_docker_user_gid | default(omit) }}"
become: true
when:
- zabbix_agent_docker | bool
+ tags:
+ - config
- name: "Adding zabbix user"
- user:
+ ansible.builtin.user:
name: zabbix
group: zabbix
state: present
@@ -108,9 +115,11 @@
become: true
when:
- zabbix_agent_docker | bool
+ tags:
+ - config
- name: "Configure zabbix-agent"
- template:
+ ansible.builtin.template:
src: "{{ 'zabbix_agentd.conf.j2' if not zabbix_agent2 else 'zabbix_agent2.conf.j2' }}"
dest: "/etc/zabbix/{{ zabbix_agent_conf if not zabbix_agent2 else zabbix_agent2_conf }}"
owner: root
@@ -122,34 +131,36 @@
when:
- not (zabbix_agent_docker | bool)
tags:
- - zabbix-agent
- config
- - init
- name: "Create directory for PSK file if not exist."
- file:
+ ansible.builtin.file:
path: "{{ zabbix_agent_tlspskfile | dirname }}"
mode: 0755
state: directory
become: true
when:
- zabbix_agent_tlspskfile is defined
- - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+ - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- not (zabbix_agent2 | bool)
+ tags:
+ - config
- name: "Create directory for PSK file if not exist (zabbix-agent2)"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_agent2_tlspskfile | dirname }}"
mode: 0755
state: directory
become: true
when:
- zabbix_agent2_tlspskfile is defined
- - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+ - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent2 | bool
+ tags:
+ - config
- name: "Place TLS PSK File"
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
owner: zabbix
@@ -158,14 +169,16 @@
become: true
when:
- zabbix_agent_tlspskfile is defined
- - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+ - zabbix_agent_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent_tlspsk_secret is defined
- not (zabbix_agent2 | bool)
notify:
- restart zabbix-agent
+ tags:
+ - config
- name: "Place TLS PSK File (zabbix-agent2)"
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
owner: zabbix
@@ -174,14 +187,16 @@
become: true
when:
- zabbix_agent2_tlspskfile is defined
- - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
+ - zabbix_agent2_tlspskfile # https://github.com/ansible-collections/community.zabbix/issues/680
- zabbix_agent2_tlspsk_secret is defined
- zabbix_agent2 | bool
notify:
- restart zabbix-agent
+ tags:
+ - config
- name: "Create include dir zabbix-agent"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_agent_include if not zabbix_agent2 else zabbix_agent2_include }}"
owner: root
group: zabbix
@@ -190,26 +205,20 @@
become: true
tags:
- config
- - include
- name: "Install the Docker container"
- include_tasks: Docker.yml
+ ansible.builtin.include_tasks: Docker.yml
when:
- zabbix_agent_docker | bool
-- name: "Configure the firewall(d|iptables)"
- include_tasks: firewall.yml
- when:
- - (zabbix_agent_firewall_enable | bool) or (zabbix_agent_firewalld_enable | bool)
-
- name: "Remove zabbix-agent installation when zabbix-agent2 is used."
- include_tasks: remove.yml
+ ansible.builtin.include_tasks: remove.yml
when:
- zabbix_agent2 | bool
- zabbix_agent_package_remove
- name: "Make sure the zabbix-agent service is running"
- service:
+ ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
state: started
enabled: true
@@ -217,12 +226,14 @@
when:
- not (zabbix_agent_docker | bool)
tags:
- - init
- service
- name: "Give zabbix-agent access to system.hw.chassis info"
- file:
+ ansible.builtin.file:
path: /sys/firmware/dmi/tables/DMI
owner: root
group: zabbix
+ become: true
when: zabbix_agent_chassis | bool
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml
index ef8cfaf09..f23cb46ad 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/RedHat.yml
@@ -1,133 +1,53 @@
---
# Tasks specific for RedHat systems
-- name: "RedHat | Use EPEL package name"
- set_fact:
- zabbix_agent_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-agent"
- zabbix_sender_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-sender"
- zabbix_get_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-get"
- when:
- - zabbix_repo == "epel"
- tags:
- - zabbix-agent
- - init
-
-- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Amazon"
- set_fact:
- zabbix_agent_distribution_major_version: 6
- when:
- - ansible_distribution == "Amazon"
- - ansible_distribution_major_version == "NA"
-
-- name: "RedHat | Set zabbix_agent_distribution_major_version to 6 when Major Version is 2018.03"
- set_fact:
- zabbix_agent_distribution_major_version: 6
- when:
- - ansible_distribution == "Amazon"
- - ansible_distribution_major_version == "2018"
-
-- name: "RedHat | Set zabbix_agent_distribution_major_version to 7 when Amazon 2"
- set_fact:
- zabbix_agent_distribution_major_version: 7
- when:
- - ansible_distribution == "Amazon"
- - ansible_distribution_major_version == "2"
-
-- name: "Fedora | Override zabbix_agent_distribution_major_version for Fedora <= 27"
- set_fact:
- zabbix_agent_distribution_major_version: 7
- when:
- - ansible_distribution == "Fedora"
- - ansible_distribution_major_version <= "27"
-
-- name: "Fedora | Override zabbix_agent_distribution_major_version for Fedora >= 27"
- set_fact:
- zabbix_agent_distribution_major_version: 8
- when:
- - ansible_distribution == "Fedora"
- - ansible_distribution_major_version >= "27"
-
-- name: "XCP-ng | Override zabbix_agent_distribution_major_version for XCP-ng"
- set_fact:
- zabbix_agent_distribution_major_version: 7
- when:
- - ansible_distribution == "XCP-ng"
-
- name: "RedHat | Install basic repo file"
- yum_repository:
+ ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
+ priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
- when:
- zabbix_repo == "zabbix"
notify:
- "clean repo files from proxy creds"
tags:
- - zabbix-agent
+ - install
- name: Check if warn parameter can be used for shell module
- set_fact:
+ ansible.builtin.set_fact:
produce_warn: False
when: ansible_version.full is version("2.14", "<")
-
-- name: "Do a yum clean"
- shell: yum clean all
- args:
- warn: "{{ produce_warn | default(omit) }}"
- when: yum_repo_installed.changed
- become: true
tags:
- - skip_ansible_lint
+ - always
- name: "RedHat | Installing zabbix-agent"
- package:
+ ansible.builtin.package:
pkg:
- "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
- when:
- zabbix_repo != "other"
become: true
tags:
- - init
- - zabbix-agent
-
-- name: "RedHat | Installing zabbix-agent (When zabbix_repo == other)"
- package:
- pkg:
- - "{{ zabbix_agent_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- state: "{{ zabbix_agent_package_state }}"
- register: zabbix_agent_package_installed
- until: zabbix_agent_package_installed is succeeded
- when:
- zabbix_repo == "other"
- become: true
- tags:
- - init
- - zabbix-agent
+ - install
- name: "RedHat | Installing zabbix-{sender,get}"
- package:
+ ansible.builtin.package:
pkg:
- "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
state: "{{ zabbix_agent_package_state }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
@@ -135,36 +55,16 @@
register: zabbix_agent_package_installed
until: zabbix_agent_package_installed is succeeded
when:
- - zabbix_repo not in ['epel', 'other']
- - not zabbix_agent_install_agent_only
- become: true
- tags:
- - init
- - zabbix-agent
-
-- name: "RedHat | Installing zabbix-{sender,get} (When zabbix_repo == other)"
- package:
- pkg:
- - "{{ zabbix_sender_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- - "{{ zabbix_get_package }}-{{ zabbix_agent_version }}.{{ zabbix_agent_version_minor }}"
- state: "{{ zabbix_agent_package_state }}"
- register: zabbix_agent_package_installed
- until: zabbix_agent_package_installed is succeeded
- when:
- - zabbix_repo == "other"
- not zabbix_agent_install_agent_only
become: true
tags:
- - init
- - zabbix-agent
+ - install
- name: "RedHat | Enable the service"
- service:
+ ansible.builtin.service:
name: "{{ zabbix_agent_service }}"
enabled: true
use: service
become: true
tags:
- - zabbix-agent
- - init
- service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml
deleted file mode 100644
index 82dc3ce7d..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Suse.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-# Tasks specific for OpenSuse Systems
-
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
-
-- name: "Install zypper repo dependency"
- community.general.zypper:
- name:
- - python-xml
- - "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['python_libxml2_package'] }}"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- register: zabbix_agent_package_dependency
- until: zabbix_agent_package_dependency is succeeded
-
-- name: "Suse | Install basic repo file"
- community.general.zypper_repository:
- repo: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['url'] }}"
- name: "{{ suse[ansible_distribution][zabbix_agent_distribution_major_version]['name'] }}"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- when:
- - zabbix_repo == "zabbix"
- become: true
- tags:
- - zabbix-agent
- - init
-
-- name: "Only install the Zabbix Agent"
- set_fact:
- zabbix_agent_packages:
- - "{{ zabbix_agent_package }}"
- when:
- - zabbix_agent_install_agent_only
-
-- name: "Suse | Install zabbix-agent"
- community.general.zypper:
- name: "{{ zabbix_agent_packages }}"
- state: "{{ zabbix_agent_package_state }}"
- disable_gpg_check: true
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_agent_package_installed
- until: zabbix_agent_package_installed is succeeded
- become: true
- tags:
- - zabbix-agent
- - init
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml
index 61e12361e..9b7501d9a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows.yml
@@ -1,36 +1,44 @@
---
- name: "Windows | Set default architecture"
- set_fact:
+ ansible.builtin.set_fact:
windows_arch: 32
+ tags:
+ - always
- name: "Windows | Override architecture if 64-bit"
- set_fact:
+ ansible.builtin.set_fact:
windows_arch: 64
when:
- ansible_architecture == "64-bit"
+ tags:
+ - always
- name: "Windows | Set path to zabbix.exe"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\win{{ windows_arch }}\zabbix_agentd.exe'
+ tags:
+ - always
-- name: "Windows | Set variables specific to Zabbix >= 4"
- set_fact:
+- name: "Windows | Set variables specific to Zabbix"
+ ansible.builtin.set_fact:
zabbix_win_svc_name: Zabbix Agent
zabbix_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agentd.exe'
- zabbix_win_config_name: 'zabbix_agentd.conf'
+ zabbix_win_config_name: "zabbix_agentd.conf"
zabbix2_win_svc_name: Zabbix Agent 2
zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe'
- zabbix2_win_config_name: 'zabbix_agent2.conf'
- when:
- - zabbix_version_long is version('4.0.0', '>=')
+ zabbix2_win_config_name: "zabbix_agent2.conf"
+ tags:
+ - always
- name: "Windows | Check if Zabbix agent is present"
ansible.windows.win_stat:
- path: '{{ item }}'
+ path: "{{ item }}"
with_items:
- "{{ zabbix_win_exe_path }}"
- "{{ zabbix2_win_exe_path }}"
register: agent_file_info
+ tags:
+ - always
- name: "Windows | Get Installed Zabbix Agent Version"
community.windows.win_file_version:
@@ -39,9 +47,11 @@
when:
- item.stat.exists | bool
with_items: "{{ agent_file_info.results }}"
+ tags:
+ - always
- name: "Windows | Set facts current zabbix agent installation"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_1_binary_exist: true
zabbix_agent_1_version: zabbix_win_exe_info.results[0].win_file_version.product_version
when:
@@ -49,9 +59,11 @@
- zabbix_win_exe_info.results[0].item.stat.exists
- zabbix_win_exe_info.results[0].item.stat.path == zabbix_win_exe_path
- zabbix_win_exe_info.results[0].win_file_version.product_version
+ tags:
+ - always
- name: "Windows | Set facts current zabbix agent installation (agent 2)"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_2_binary_exist: true
zabbix_agent_2_version: zabbix_win_exe_info.results[1].win_file_version.product_version
when:
@@ -59,6 +71,8 @@
- zabbix_win_exe_info.results[1].item.stat.exists
- zabbix_win_exe_info.results[1].item.stat.path == zabbix2_win_exe_path
- zabbix_win_exe_info.results[1].win_file_version.product_version
+ tags:
+ - always
- name: "Windows | Check Zabbix service"
ansible.windows.win_service:
@@ -66,25 +80,31 @@
register: zabbix_service_info
when: item.item.stat.exists
with_items: "{{ zabbix_win_exe_info.results }}"
+ tags:
+ - always
- name: "Windows | Set facts about current zabbix agent service state"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_1_service_exist: true
when:
- zabbix_service_info.results[0].exists is defined
- zabbix_service_info.results[0].exists
- zabbix_service_info.results[0].display_name == zabbix_win_svc_name
+ tags:
+ - always
- name: "Windows | Set facts about current zabbix agent service state (agent 2)"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_2_service_exist: true
when:
- zabbix_service_info.results[1].exists is defined
- zabbix_service_info.results[1].exists
- zabbix_service_info.results[1].display_name == zabbix2_win_svc_name
+ tags:
+ - always
- name: "Windows | Set fact about version change requirement"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_version_change: true
when: >
(zabbix_agent_1_binary_exist | default(false) and
@@ -94,6 +114,8 @@
zabbix_win_exe_info.results[1].win_file_version.product_version is version(zabbix_version_long, '<>'))
or (zabbix_agent_1_binary_exist | default(false) and zabbix_agent2)
or (zabbix_agent_2_binary_exist | default(false) and not zabbix_agent2)
+ tags:
+ - always
##################
# delete section #
@@ -131,10 +153,11 @@
- name: "Windows | Removing Zabbix Directory"
ansible.windows.win_file:
- path: '{{ zabbix_win_install_dir }}'
+ path: "{{ zabbix_win_install_dir }}"
state: absent
- when: ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or
- ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false))
+ when:
+ ((zabbix_agent_version_change | default(false) or zabbix_agent2) and zabbix_agent_1_binary_exist | default(false)) or
+ ((zabbix_agent_version_change | default(false) or not zabbix_agent2) and zabbix_agent_2_binary_exist | default(false))
###################
# install section #
@@ -146,6 +169,8 @@
state: directory
with_items:
- "{{ zabbix_win_install_dir }}"
+ tags:
+ - install
- name: "Windows | Create directory structure, includes"
ansible.windows.win_file:
@@ -155,25 +180,33 @@
- "{{ zabbix_agent_win_include }}"
when:
- ('.conf' not in zabbix_agent_win_include)
+ tags:
+ - install
- name: "Windows | Set installation settings (agent 2)"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_win_package: "{{ zabbix2_win_package }}"
zabbix_win_download_link: "{{ zabbix2_win_download_link }}"
zabbix_win_exe_path: "{{ zabbix2_win_exe_path }}"
zabbix_win_config_name: "{{ zabbix2_win_config_name }}"
zabbix_win_svc_name: "{{ zabbix2_win_svc_name }}"
when: zabbix_agent2 | bool
+ tags:
+ - install
- name: "Windows | Check if agent file is already downloaded"
ansible.windows.win_stat:
path: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
register: file_info
+ tags:
+ - install
- name: "Windows | Check if agent binaries in place"
ansible.windows.win_stat:
path: "{{ zabbix_win_exe_path }}"
register: zabbix_windows_binaries
+ tags:
+ - install
- name: "Windows | Download Zabbix Agent Zip file"
ansible.windows.win_get_url:
@@ -192,12 +225,16 @@
register: zabbix_agent_win_download_zip
until: zabbix_agent_win_download_zip is succeeded
throttle: "{{ zabbix_download_throttle | default(5) | int }}"
+ tags:
+ - install
- name: "Windows | Unzip file"
community.windows.win_unzip:
src: '{{ zabbix_win_install_dir }}\{{ zabbix_win_package }}'
dest: "{{ zabbix_win_install_dir }}"
creates: "{{ zabbix_win_exe_path }}"
+ tags:
+ - install
- name: "Windows | Cleanup downloaded Zabbix Agent Zip file"
ansible.windows.win_file:
@@ -205,6 +242,8 @@
state: absent
when:
- zabbix_agent_win_download_zip.changed
+ tags:
+ - install
- name: "Windows | Copy binary files to expected location"
ansible.windows.win_copy:
@@ -217,6 +256,8 @@
when:
- zabbix_win_install_dir_bin is defined
- not (zabbix_agent2 | bool)
+ tags:
+ - install
- name: "Windows | Copy binary files to expected location (zabbix-agent2)"
ansible.windows.win_copy:
@@ -228,39 +269,49 @@
when:
- zabbix_win_install_dir_bin is defined
- zabbix_agent2 | bool
+ tags:
+ - install
- set_fact:
zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agentd.exe"
when:
- zabbix_win_install_dir_bin is defined
- not (zabbix_agent2 | bool)
+ tags:
+ - install
- set_fact:
zabbix_win_exe_path: "{{ zabbix_win_install_dir_bin }}\\zabbix_agent2.exe"
when:
- zabbix_win_install_dir_bin is defined
- zabbix_agent2 | bool
+ tags:
+ - install
- name: "Create directory for PSK file if not exist."
- win_file:
+ ansible.windows.win_file:
path: "{{ zabbix_agent_tlspskfile | win_dirname }}"
state: directory
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspskfile
- not (zabbix_agent2 | bool)
+ tags:
+ - config
- name: "Create directory for PSK file if not exist (zabbix-agent2)"
- win_file:
+ ansible.windows.win_file:
path: "{{ zabbix_agent2_tlspskfile | win_dirname }}"
state: directory
when:
- zabbix_agent2_tlspskfile is defined
- zabbix_agent2_tlspskfile
- zabbix_agent2 | bool
+ tags:
+ - config
- name: "Place TLS PSK File"
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
when:
@@ -270,9 +321,11 @@
- not (zabbix_agent2 | bool)
notify:
- restart win zabbix agent
+ tags:
+ - config
- name: "Place TLS PSK File (zabbix-agent2)"
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
when:
@@ -282,25 +335,18 @@
- zabbix_agent2 | bool
notify:
- restart win zabbix agent
+ tags:
+ - config
- name: "Windows | Check if windows service exist"
ansible.windows.win_service:
name: "{{ zabbix_win_svc_name }}"
register: zabbix_windows_service
+ tags:
+ - service
- name: "Windows | Register Service"
ansible.windows.win_command: '"{{ zabbix_win_exe_path }}" --config "{{ zabbix_win_install_dir_conf }}\{{ zabbix_win_config_name }}" --install'
when: not zabbix_windows_service.exists
-
-- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery"
- ansible.windows.win_service:
- name: "{{ zabbix_win_svc_name }}"
- start_mode: auto
- failure_actions:
- - type: restart
- delay_ms: 5000
- - type: restart
- delay_ms: 10000
- - type: restart
- delay_ms: 20000
- failure_reset_period_sec: 86400
+ tags:
+ - service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml
index f6c5c331e..72dee230f 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Windows_conf.yml
@@ -1,17 +1,20 @@
---
-
- name: "Set default ip address for zabbix_agent_ip"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_ip: "{{ hostvars[inventory_hostname]['ansible_ip_addresses'] | ansible.utils.ipv4 | first }}"
when:
- zabbix_agent_ip is not defined
- "'ansible_ip_addresses' in hostvars[inventory_hostname]"
+ tags:
+ - config
- name: "Windows | Configure zabbix-agent"
ansible.windows.win_template:
src: "{{ zabbix_win_config_name }}.j2"
dest: "{{ zabbix_win_install_dir_conf }}\\{{ zabbix_win_config_name }}"
notify: restart win zabbix agent
+ tags:
+ - config
- name: "Windows | Set service startup mode to auto, ensure it is started and set auto-recovery"
ansible.windows.win_service:
@@ -19,19 +22,23 @@
start_mode: auto
state: started
failure_actions:
- - type: restart
- delay_ms: 5000
- - type: restart
- delay_ms: 10000
- - type: restart
- delay_ms: 20000
+ - type: restart
+ delay_ms: 5000
+ - type: restart
+ delay_ms: 10000
+ - type: restart
+ delay_ms: 20000
failure_reset_period_sec: 86400
+ tags:
+ - config
- name: "Windows | Check firewall service"
ansible.windows.win_service_info:
name: MpsSvc
register: firewall_info
when: zabbix_win_firewall_management
+ tags:
+ - config
- name: "Windows | Firewall rule"
community.windows.win_firewall_rule:
@@ -45,3 +52,5 @@
when:
- zabbix_win_firewall_management
- firewall_info.services[0].state == 'started' or firewall_info.services[0].start_mode == 'auto'
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml
index 13f734edc..4de342645 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/api.yml
@@ -3,14 +3,11 @@
community.zabbix.zabbix_group:
host_group: "{{ zabbix_host_groups }}"
state: "{{ zabbix_agent_hostgroups_state }}"
- validate_certs: "{{ zabbix_api_validate_certs|default(omit) }}"
- timeout: "{{ zabbix_api_timeout }}"
when:
- zabbix_api_create_hostgroup | bool
register: zabbix_api_hostgroup_created
until: zabbix_api_hostgroup_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
- become: false
tags:
- api
@@ -32,8 +29,6 @@
tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}"
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}"
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}"
- validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}"
- timeout: "{{ zabbix_api_timeout }}"
description: "{{ zabbix_agent_description | default(omit) }}"
inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
@@ -46,7 +41,6 @@
register: zabbix_api_host_created
until: zabbix_api_host_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
- become: false
changed_when: false
tags:
- api
@@ -69,8 +63,6 @@
tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}"
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}"
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}"
- validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}"
- timeout: "{{ zabbix_api_timeout }}"
description: "{{ zabbix_agent_description | default(omit) }}"
inventory_zabbix: "{{ zabbix_agent_inventory_zabbix | default({}) }}"
ipmi_authtype: "{{ zabbix_agent_ipmi_authtype | default(omit) }}"
@@ -83,7 +75,6 @@
register: zabbix_api_host_created
until: zabbix_api_host_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
- become: false
changed_when: false
tags:
- api
@@ -94,8 +85,6 @@
macro_name: "{{ item.macro_key }}"
macro_value: "{{ item.macro_value }}"
macro_type: "{{ item.macro_type|default('text') }}"
- validate_certs: "{{ zabbix_api_validate_certs | default(omit) }}"
- timeout: "{{ zabbix_api_timeout }}"
with_items: "{{ zabbix_agent_macros | default([]) }}"
when:
- zabbix_agent_macros is defined
@@ -103,6 +92,5 @@
register: zabbix_api_hostmarcro_created
until: zabbix_api_hostmarcro_created is succeeded
delegate_to: "{{ zabbix_api_server_host }}"
- become: false
tags:
- api
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml
deleted file mode 100644
index 24ba96cb0..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/firewall.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-
-- name: "Firewall | Configure IPTables (zabbix_agent_listenport)"
- iptables:
- action: "{{ zabbix_agent_firewall_action }}"
- destination_port: "{{ zabbix_agent_listenport | string }}"
- source: "{{ zabbix_agent_firewall_source | default(omit) }}"
- protocol: tcp
- chain: "{{ zabbix_agent_firewall_chain }}"
- jump: ACCEPT
- become: true
- when:
- - zabbix_agent_firewall_enable | bool
-
-- name: "Firewall | Configure IPTables (zabbix_agent_jmx_listenport)"
- iptables:
- action: "{{ zabbix_agent_firewall_action }}"
- destination_port: "{{ zabbix_agent_listenport | string }}"
- source: "{{ zabbix_agent_firewall_source | default(omit) }}"
- protocol: tcp
- chain: "{{ zabbix_agent_firewall_chain }}"
- jump: ACCEPT
- become: true
- when:
- - zabbix_agent_firewall_enable | bool
- - zabbix_agent_jmx_listenport | bool
-
-- name: "Firewall | Configure firewalld (zabbix_agent_listenport)"
- ansible.posix.firewalld:
- rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_listenport }}" accept'
- zone: "{{ zabbix_agent_firewalld_zone }}"
- permanent: true
- immediate: true
- state: enabled
- become: true
- when:
- - zabbix_agent_firewalld_enable | bool
- notify:
- - firewalld-reload
- tags: zabbix_agent_firewalld_enable
-
-- name: "Firewall | Configure firewalld (zabbix_agent_jmx_listenport)"
- ansible.posix.firewalld:
- rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_jmx_listenport }}" accept'
- zone: "{{ zabbix_agent_firewalld_zone }}"
- permanent: true
- immediate: true
- state: enabled
- become: true
- when:
- - zabbix_agent_firewalld_enable | bool
- - zabbix_agent_jmx_listenport | bool
- notify:
- - firewalld-reload
- tags: zabbix_agent_firewalld_enable
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml
index 0904c39f1..7bcdd6fe3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/macOS.yml
@@ -1,7 +1,7 @@
---
# Tasks specific for macOS
- name: "macOS | Check installed package version"
- shell: |
+ ansible.builtin.shell: |
set -o pipefail
pkgutil --pkg-info 'com.zabbix.pkg.ZabbixAgent' | grep 'version:' | cut -d ' ' -f 2
register: pkgutil_version
@@ -10,15 +10,13 @@
failed_when: pkgutil_version.rc == 2
- name: "macOS | Download the Zabbix package"
- get_url:
+ ansible.builtin.get_url:
url: "{{ zabbix_mac_download_link }}"
dest: "/tmp/{{ zabbix_mac_package }}"
mode: 0644
when: pkgutil_version.stdout != zabbix_version_long
- name: "macOS | Install the Zabbix package"
- command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target /
+ ansible.builtin.command: installer -pkg "/tmp/{{ zabbix_mac_package }}" -target /
become: true
when: pkgutil_version.stdout != zabbix_version_long
- tags:
- - zabbix-agent
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
index 5ce427ce4..f5f87d18f 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
@@ -1,90 +1,52 @@
---
# tasks file for zabbix_agent
-
-- name: "Set variables specific for Zabbix Agent 2"
- set_fact:
- zabbix_agent_service: zabbix-agent2
- zabbix_agent_package: zabbix-agent2
- when:
- - zabbix_agent2 is defined
- - zabbix_agent2
+- name: "Include OS-specific variables"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
tags:
- always
-- name: "Fix facts for linuxmint - distribution release"
- set_fact:
- zabbix_agent_distribution_release: xenial
- when:
- - ansible_os_family == "Linuxmint"
- - ansible_distribution_release == "sonya" or ansible_distribution_release == "serena"
+- name: Determine Latest Supported Zabbix Version
+ ansible.builtin.set_fact:
+ zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.4) }}"
+ when: zabbix_agent_version is not defined or zabbix_agent_version is none
tags:
- always
-- name: "Fix facts for linuxmint - family"
- set_fact:
- zabbix_agent_os_family: Debian
- when:
- - ansible_os_family == "Linuxmint"
+- name: Set More Variables
+ ansible.builtin.set_fact:
+ zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}"
tags:
- always
-- name: "Fix facts for XCP-ng - family"
- set_fact:
- zabbix_agent_os_family: RedHat
- when:
- - ansible_os_family == "XCP-ng"
-
-- name: "Include OS-specific variables"
- include_vars: "{{ zabbix_agent_os_family }}.yml"
+- name: Stopping Install of Invalid Version
+ ansible.builtin.fail:
+ msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+ when: not zabbix_valid_version
tags:
- always
-- name: Determine Latest Supported Zabbix Version
- set_fact:
- zabbix_agent_version: "{{ zabbix_valid_agent_versions[ansible_distribution_major_version][0] | default(6.0) }}"
- when: zabbix_agent_version is not defined
+- name: Setting Zabbix API Server Port
+ ansible.builtin.set_fact:
+ zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}"
+ when: zabbix_api_server_port is undefined
-- name: "Reset zabbix_agent_version for Ubuntu 22.04 to 6.0"
- # README https://support.zabbix.com/browse/ZBXNEXT-7624
- set_fact:
- zabbix_version: 6.0
- zabbix_agent_version: 6.0
- when:
- - ansible_distribution_release is defined
- - ansible_distribution_release == "jammy"
- - ( zabbix_agent_version is version ('6.0','lt') or
- zabbix_version is version ('6.0','lt') )
-
-- name: "Install the correct repository"
- include_tasks: "{{ zabbix_agent_os_family if (zabbix_agent_os_family not in ['Sangoma']) else 'RedHat' }}.yml"
+- name: "Set variables specific for Zabbix Agent 2"
+ ansible.builtin.set_fact:
+ zabbix_agent_service: zabbix-agent2
+ zabbix_agent_package: zabbix-agent2
when:
- - not (zabbix_agent_docker | bool)
+ - zabbix_agent2 is defined
+ - zabbix_agent2
tags:
- always
-- name: "Set the 'ansible_python_interpreter' to the one we use for running this playbook."
- set_fact:
- ansible_python_interpreter: "{{ ansible_playbook_python }}"
- delegate_to: localhost
- delegate_facts: true
- when:
- - (zabbix_install_pip_packages | bool) or (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool)
-
-- name: "Install local python-netaddr package"
- pip:
- name: netaddr
- state: present
- register: zabbix_python_netaddr_package_installed
- until: zabbix_python_netaddr_package_installed is succeeded
- delegate_to: localhost
- run_once: true
- become: "{{ zabbix_agent_become_on_localhost }}"
+- name: "Install the correct repository"
+ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
when:
- - zabbix_install_pip_packages | bool
- - ansible_all_ipv4_addresses is defined or (zabbix_agent_ip is not defined and total_private_ip_addresses is defined)
+ - not (zabbix_agent_docker | bool)
- name: "Encrypt with TLS PSK auto management"
- include_tasks: tlspsk_auto.yml
+ ansible.builtin.include_tasks: tlspsk_auto.yml
when:
- not zabbix_agent2
- zabbix_agent_tlspsk_auto | bool
@@ -92,7 +54,7 @@
- (zabbix_agent_tlspsk_secret is undefined) or (zabbix_agent_tlspsk_secret | length == '0')
- name: "Encrypt with TLS PSK auto management"
- include_tasks: tlspsk_auto_agent2.yml
+ ansible.builtin.include_tasks: tlspsk_auto_agent2.yml
when:
- zabbix_agent2 | bool
- zabbix_agent2_tlspsk_auto | bool
@@ -100,44 +62,33 @@
- (zabbix_agent2_tlspsk_secret is undefined) or (zabbix_agent2_tlspsk_secret | length == '0')
- name: "Configure Agent"
- include_tasks: Windows_conf.yml
+ ansible.builtin.include_tasks: Windows_conf.yml
when:
- - zabbix_agent_os_family == "Windows"
- tags:
- - always
+ - ansible_os_family == "Windows"
- name: "Configure Agent"
- include_tasks: Darwin.yml
+ ansible.builtin.include_tasks: Linux.yml
when:
- - zabbix_agent_os_family == "Darwin"
- tags:
- - always
-
-- name: "Configure Agent"
- include_tasks: Linux.yml
- when:
- - (zabbix_agent_os_family != "Windows" and zabbix_agent_os_family != "Darwin") or (zabbix_agent_docker | bool)
- tags:
- - always
+ - (ansible_os_family != "Windows" and ansible_os_family != "Darwin") or (zabbix_agent_docker | bool)
- name: "Run the API calls to Zabbix Server"
vars:
gather_facts: false
ansible_user: "{{ zabbix_api_login_user }}"
+ ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}"
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
# Can't think of a way to make http_login_* vars be undefined -(
- http_login_user: "{{ zabbix_api_http_user | default(zabbix_http_user | default(-42)) }}"
- http_login_password: "{{ zabbix_api_http_password | default(zabbix_http_password | default(-42)) }}"
- include_tasks: api.yml
+ http_login_user: "{{ zabbix_api_http_user | default(-42) }}"
+ http_login_password: "{{ zabbix_api_http_password | default(-42) }}"
+ ansible.builtin.include_tasks: api.yml
when:
- (zabbix_api_create_hostgroup | bool) or (zabbix_api_create_hosts | bool)
tags:
- api
- name: "Including userparameters"
- include_tasks: "userparameter.yml"
+ ansible.builtin.include_tasks: "userparameter.yml"
when: zabbix_agent_userparameters|length > 0
tags:
- - zabbix-agent
- - userparameter
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml
index 57968146c..181329a32 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/remove.yml
@@ -1,9 +1,9 @@
---
- name: Pull service facts
- service_facts:
+ ansible.builtin.service_facts:
-- name: "Remove | Make sure the \"old\" zabbix-agent service stopped"
- service:
+- name: 'Remove | Make sure the "old" zabbix-agent service stopped'
+ ansible.builtin.service:
name: "zabbix-agent"
state: stopped
enabled: false
@@ -13,13 +13,13 @@
ansible_facts.services["zabbix-agent"] is defined
- name: "Remove | Package removal"
- package:
+ ansible.builtin.package:
name: "zabbix-agent"
state: absent
become: true
- name: "Remove | Remove the agent-include-dir"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_agent_include }}"
state: absent
become: true
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml
index b7ec69e7b..2b11d1a47 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/selinux.yml
@@ -1,7 +1,6 @@
---
-
- name: "SELinux | Debian | Install policycoreutils-python"
- apt:
+ ansible.builtin.apt:
pkg: policycoreutils-python-utils
state: present
update_cache: true
@@ -15,10 +14,12 @@
until: zabbix_agent_package_installed is succeeded
become: true
when:
- - zabbix_agent_os_family == "Debian"
+ - ansible_os_family == "Debian"
+ tags:
+ - install
- name: "SELinux | RedHat | Install policycoreutils-python"
- package:
+ ansible.builtin.package:
name: policycoreutils-python
state: installed
environment:
@@ -27,15 +28,14 @@
register: zabbix_agent_policycoreutils_installed
until: zabbix_agent_policycoreutils_installed is succeeded
when:
- - zabbix_agent_os_family == "RedHat"
+ - ansible_os_family == "RedHat"
- (zabbix_agent_distribution_major_version == "6" or zabbix_agent_distribution_major_version == "7")
become: true
tags:
- - init
- - zabbix-agent
+ - install
- name: "SELinux | RedHat | Install python3-policycoreutils on RHEL8"
- package:
+ ansible.builtin.package:
name: python3-policycoreutils
state: installed
environment:
@@ -44,59 +44,67 @@
register: zabbix_agent_policycoreutils_installed
until: zabbix_agent_policycoreutils_installed is succeeded
when:
- - zabbix_agent_os_family == "RedHat"
+ - ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
become: true
tags:
- - init
- - zabbix-agent
+ - install
- name: "SELinux | RedHat | Install selinux-policy-targeted"
- package:
+ ansible.builtin.package:
name: selinux-policy-targeted
state: installed
register: zabbix_agent_selinuxpolicytargeted_installed
until: zabbix_agent_selinuxpolicytargeted_installed is succeeded
when:
- - zabbix_agent_os_family == "RedHat"
+ - ansible_os_family == "RedHat"
become: true
tags:
- - init
- - zabbix-agent
+ - install
# straight to getenforce binary , workaround for missing python_selinux library
- name: "SELinux | Get getenforce binary"
- stat:
+ ansible.builtin.stat:
path: /usr/sbin/getenforce
register: getenforce_bin
become: true
+ tags:
+ - always
- name: "SELinux | Collect getenforce output"
- command: /usr/sbin/getenforce
+ ansible.builtin.command: /usr/sbin/getenforce
register: sestatus
- when: 'getenforce_bin.stat.exists'
+ when: "getenforce_bin.stat.exists"
changed_when: false
become: true
check_mode: false
+ tags:
+ - always
- name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_selinux: "{{ true }}"
when:
- 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)'
+ tags:
+ - always
- name: "SELinux | Allow zabbix_agent to start (SELinux)"
community.general.selinux_permissive:
name: zabbix_agent_t
permissive: true
become: true
+ tags:
+ - config
- name: "SELinux | Allow zabbix to run sudo commands (SELinux)"
ansible.posix.seboolean:
name: zabbix_run_sudo
persistent: true
state: true
+ become: true
when:
- ansible_selinux.status == "enabled"
- selinux_allow_zabbix_run_sudo|bool
- tags: selinux
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml
index aaa733872..ad7d49aa3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto.yml
@@ -1,12 +1,14 @@
---
-- include_tasks: tlspsk_auto_linux.yml
- when: (zabbix_agent_os_family != "Windows") or (zabbix_agent_docker | bool)
+- ansible.builtin.include_tasks: tlspsk_auto_linux.yml
+ when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
-- include_tasks: tlspsk_auto_windows.yml
- when: zabbix_agent_os_family == "Windows"
+- ansible.builtin.include_tasks: tlspsk_auto_windows.yml
+ when: ansible_os_family == "Windows"
- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlsaccept: psk
zabbix_agent_tlsconnect: psk
when: zabbix_api_create_hosts
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml
index 77eafc878..6e5f8dc4d 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2.yml
@@ -1,12 +1,14 @@
---
- include_tasks: tlspsk_auto_agent2_linux.yml
- when: (zabbix_agent_os_family != "Windows") or (zabbix_agent_docker | bool)
+ when: (ansible_os_family != "Windows") or (zabbix_agent_docker | bool)
- include_tasks: tlspsk_auto_agent2_windows.yml
- when: zabbix_agent_os_family == "Windows"
+ when: ansible_os_family == "Windows"
- name: AutoPSK | Default tlsaccept and tlsconnect to enforce PSK
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlsaccept: psk
zabbix_agent2_tlsconnect: psk
when: zabbix_api_create_hosts
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml
index 4a7b897ae..3f6e0d2cd 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_common.yml
@@ -1,38 +1,45 @@
---
-# Process PSK Secret
+# Process PSK Secret
- name: AutoPSK | Save existing TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspsk_read: "{{ zabbix_agent2_tlspsk_base64['content'] | b64decode | trim }}"
when: zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Use existing TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspsk_secret: "{{ zabbix_agent2_tlspsk_read }}"
- when:
- - zabbix_agent2_tlspskcheck.stat.exists
+ when:
+ - zabbix_agent2_tlspskcheck.stat.exists
- zabbix_agent2_tlspsk_read|length >= 32
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Generate new TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
when:
- not zabbix_agent2_tlspskcheck.stat.exists
- (zabbix_agent2_tlspsk_read is not defined) or (zabbix_agent2_tlspsk_read|length < 32)
no_log: "{{ ansible_verbosity < 3 }}"
-
+ tags:
+ - config
# Process PSK Identity
- name: AutoPSK | Use existing TLS PSK identity
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspskidentity: "{{ zabbix_agent2_tlspskidentity_base64['content'] | b64decode | trim }}"
- when:
+ when:
- zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Generate new TLS PSK identity
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspskidentity: >-
{{
zabbix_agent_visible_hostname
@@ -42,3 +49,5 @@
}}
when: not zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml
index 721f1cb86..aaff36128 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_linux.yml
@@ -1,42 +1,52 @@
---
- name: AutoPSK | Set default path variables (Linux)
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
zabbix_agent2_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK file (Linux)
- stat:
+ ansible.builtin.stat:
path: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspskcheck
become: true
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK identity (Linux)
- stat:
+ ansible.builtin.stat:
path: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_check
become: true
+ tags:
+ - config
- name: AutoPSK | read existing TLS PSK file (Linux)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspsk_base64
become: true
- when:
+ when:
- zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Read existing TLS PSK identity file (Linux)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_base64
become: true
when: zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- include_tasks: tlspsk_auto_agent2_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Linux)
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskidentity_file }}"
content: "{{ zabbix_agent2_tlspskidentity }}"
owner: zabbix
@@ -49,9 +59,11 @@
notify:
- restart zabbix-agent
- restart mac zabbix agent
-
+ tags:
+ - config
+
- name: AutoPSK | Template TLS PSK secret in file (Linux)
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
owner: zabbix
@@ -64,3 +76,5 @@
notify:
- restart zabbix-agent
- restart mac zabbix agent
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml
index 770d60776..3e1529e6b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_agent2_windows.yml
@@ -1,38 +1,48 @@
---
- name: AutoPSK | Set default path variables for Windows
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent2_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
zabbix_agent2_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK file (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspskcheck
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK identity (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_check
+ tags:
+ - config
- name: AutoPSK | read existing TLS PSK file (Windows)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskfile }}"
register: zabbix_agent2_tlspsk_base64
- when:
+ when:
- zabbix_agent2_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Read existing TLS PSK identity file (Windows)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent2_tlspskidentity_file }}"
register: zabbix_agent2_tlspskidentity_base64
when: zabbix_agent2_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
-- include_tasks: tlspsk_auto_agent2_common.yml
+- ansible.builtin.include_tasks: tlspsk_auto_agent2_common.yml
- name: Windows | AutoPSK | Template TLS PSK identity in file (Windows)
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskidentity_file }}"
content: "{{ zabbix_agent2_tlspskidentity }}"
when:
@@ -40,9 +50,11 @@
- zabbix_agent2_tlspskidentity is defined
notify:
- restart win zabbix agent
-
+ tags:
+ - config
+
- name: AutoPSK | Template TLS PSK secret in file (Windows)
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent2_tlspskfile }}"
content: "{{ zabbix_agent2_tlspsk_secret }}"
when:
@@ -50,3 +62,5 @@
- zabbix_agent2_tlspsk_secret is defined
notify:
- restart win zabbix agent
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml
index 4b02fafb6..05ef24d0e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_common.yml
@@ -1,37 +1,44 @@
---
# Process PSK Secret
- name: AutoPSK | Save existing TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}"
when: zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Use existing TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}"
when:
- zabbix_agent_tlspskcheck.stat.exists
- zabbix_agent_tlspsk_read|length >= 32
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Generate new TLS PSK secret
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
when:
- (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32)
no_log: "{{ ansible_verbosity < 3 }}"
-
+ tags:
+ - config
# Process PSK Identity
- name: AutoPSK | Use existing TLS PSK identity
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}"
when:
- zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Generate new TLS PSK identity
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspskidentity: >-
{{
zabbix_agent_visible_hostname
@@ -41,3 +48,5 @@
}}
when: not zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml
index 1dbea4082..8cc711fcb 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_linux.yml
@@ -1,42 +1,52 @@
---
- name: AutoPSK | Set default path variables (Linux)
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspskfile: "/etc/zabbix/tls_psk_auto.secret"
zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity"
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK file (Linux)
- stat:
+ ansible.builtin.stat:
path: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspskcheck
become: true
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK identity (Linux)
- stat:
+ ansible.builtin.stat:
path: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_check
become: true
+ tags:
+ - config
- name: AutoPSK | read existing TLS PSK file (Linux)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspsk_base64
become: true
- when:
+ when:
- zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Read existing TLS PSK identity file (Linux)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_base64
become: true
when: zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- include_tasks: tlspsk_auto_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Linux)
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskidentity_file }}"
content: "{{ zabbix_agent_tlspskidentity }}"
owner: zabbix
@@ -49,9 +59,11 @@
notify:
- restart zabbix-agent
- restart mac zabbix agent
-
+ tags:
+ - config
+
- name: AutoPSK | Template TLS PSK secret in file (Linux)
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
owner: zabbix
@@ -64,3 +76,5 @@
notify:
- restart zabbix-agent
- restart mac zabbix agent
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml
index 146cfd457..b9289ac49 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/tlspsk_auto_windows.yml
@@ -1,38 +1,48 @@
---
- name: AutoPSK | Set default path variables for Windows
- set_fact:
+ ansible.builtin.set_fact:
zabbix_agent_tlspskfile: "{{ zabbix_win_install_dir }}\\tls_psk_auto.secret.txt"
zabbix_agent_tlspskidentity_file: "{{ zabbix_win_install_dir }}\\tls_psk_auto.identity.txt"
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK file (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspskcheck
+ tags:
+ - config
- name: AutoPSK | Check for existing TLS PSK identity (Windows)
ansible.windows.win_stat:
path: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_check
+ tags:
+ - config
- name: AutoPSK | read existing TLS PSK file (Windows)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskfile }}"
register: zabbix_agent_tlspsk_base64
- when:
+ when:
- zabbix_agent_tlspskcheck.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- name: AutoPSK | Read existing TLS PSK identity file (Windows)
- slurp:
+ ansible.builtin.slurp:
src: "{{ zabbix_agent_tlspskidentity_file }}"
register: zabbix_agent_tlspskidentity_base64
when: zabbix_agent_tlspskidentity_check.stat.exists
no_log: "{{ ansible_verbosity < 3 }}"
+ tags:
+ - config
- include_tasks: tlspsk_auto_common.yml
- name: AutoPSK | Template TLS PSK identity in file (Windows)
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskidentity_file }}"
content: "{{ zabbix_agent_tlspskidentity }}"
when:
@@ -40,14 +50,18 @@
- zabbix_agent_tlspskidentity is defined
notify:
- restart win zabbix agent
-
+ tags:
+ - config
+
- name: AutoPSK | Template TLS PSK secret in file (Windows)
- win_copy:
+ ansible.windows.win_copy:
dest: "{{ zabbix_agent_tlspskfile }}"
content: "{{ zabbix_agent_tlspsk_secret }}"
when:
- zabbix_agent_tlspskfile is defined
- zabbix_agent_tlspsk_secret is defined
- - zabbix_agent_os_family == "Windows"
+ - ansible_os_family == "Windows"
notify:
- restart win zabbix agent
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
index 9a86b536a..a80be1736 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
@@ -1,85 +1,87 @@
---
- block:
- - name: "Windows | Installing user-defined userparameters"
- ansible.windows.win_template:
- src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
- dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf'
- notify:
- - restart win zabbix agent
- with_items: "{{ zabbix_agent_userparameters }}"
-
- - name: "Windows | Installing user-defined scripts"
- ansible.windows.win_copy:
- src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
- dest: '{{ zabbix_win_install_dir }}\scripts\'
- notify:
- - restart win zabbix agent
- with_items: "{{ zabbix_agent_userparameters }}"
- when: item.scripts_dir is defined
-
- when: zabbix_agent_os_family == "Windows"
+ - name: "Windows | Installing user-defined userparameters"
+ ansible.windows.win_template:
+ src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+ dest: '{{ zabbix_agent_win_include }}\{{ item.name }}.conf'
+ notify:
+ - restart win zabbix agent
+ with_items: "{{ zabbix_agent_userparameters }}"
+ - name: "Windows | Installing user-defined scripts"
+ ansible.windows.win_copy:
+ src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+ dest: '{{ zabbix_win_install_dir }}\scripts\'
+ notify:
+ - restart win zabbix agent
+ with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is defined
+ when: ansible_os_family == "Windows"
+ tags:
+ - config
- block:
- - name: "Installing user-defined userparameters"
- template:
- src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
- dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf"
- owner: zabbix
- group: zabbix
- mode: 0644
- notify:
- - restart zabbix-agent
- - restart mac zabbix agent
- become: true
- with_items: "{{ zabbix_agent_userparameters }}"
-
- - name: "Installing user-defined scripts"
- copy:
- src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
- dest: "/etc/zabbix/scripts/"
- owner: zabbix
- group: zabbix
- mode: 0755
- notify:
- - restart zabbix-agent
- - restart mac zabbix agent
- become: true
- with_items: "{{ zabbix_agent_userparameters }}"
- when: item.scripts_dir is defined
+ - name: "Installing user-defined userparameters"
+ ansible.builtin.template:
+ src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+ dest: "{{ zabbix_agent_include }}/userparameter_{{ item.name }}.conf"
+ owner: zabbix
+ group: zabbix
+ mode: 0644
+ notify:
+ - restart zabbix-agent
+ - restart mac zabbix agent
+ become: true
+ with_items: "{{ zabbix_agent_userparameters }}"
+ - name: "Installing user-defined scripts"
+ ansible.builtin.copy:
+ src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+ dest: "/etc/zabbix/scripts/"
+ owner: zabbix
+ group: zabbix
+ mode: 0755
+ notify:
+ - restart zabbix-agent
+ - restart mac zabbix agent
+ become: true
+ with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is defined
when:
- - zabbix_agent_os_family != "Windows"
+ - ansible_os_family != "Windows"
- not zabbix_agent2
+ tags:
+ - config
- block:
- - name: "Installing user-defined userparameters"
- template:
- src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
- dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf"
- owner: zabbix
- group: zabbix
- mode: 0644
- notify:
- - restart zabbix-agent
- - restart mac zabbix agent
- become: true
- with_items: "{{ zabbix_agent_userparameters }}"
-
- - name: "Installing user-defined scripts"
- copy:
- src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
- dest: "/etc/zabbix/scripts/"
- owner: zabbix
- group: zabbix
- mode: 0755
- notify:
- - restart zabbix-agent
- - restart mac zabbix agent
- become: true
- with_items: "{{ zabbix_agent_userparameters }}"
- when: item.scripts_dir is defined
+ - name: "Installing user-defined userparameters"
+ ansible.builtin.template:
+ src: "{{ zabbix_agent_userparameters_templates_src }}/{{ item.name }}.j2"
+ dest: "{{ zabbix_agent2_include }}/userparameter_{{ item.name }}.conf"
+ owner: zabbix
+ group: zabbix
+ mode: 0644
+ notify:
+ - restart zabbix-agent
+ - restart mac zabbix agent
+ become: true
+ with_items: "{{ zabbix_agent_userparameters }}"
+ - name: "Installing user-defined scripts"
+ ansible.builtin.copy:
+ src: "{{ zabbix_agent_userparameters_scripts_src }}/{{ item.scripts_dir }}"
+ dest: "/etc/zabbix/scripts/"
+ owner: zabbix
+ group: zabbix
+ mode: 0755
+ notify:
+ - restart zabbix-agent
+ - restart mac zabbix agent
+ become: true
+ with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is defined
when:
- - zabbix_agent_os_family != "Windows"
+ - ansible_os_family != "Windows"
- zabbix_agent2
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2
index 39829abc3..ea60d032e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agent2.conf.j2
@@ -4,13 +4,13 @@
# This configuration file is "minimalized", which means all the original comments
# are removed. The full documentation for your Zabbix Agent 2 can be found here:
-# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if zabbix_agent_os_family == "Windows" else "" }}
+# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agent2{{ "_win" if ansible_os_family == "Windows" else "" }}
-{% if zabbix_agent_os_family != "Windows" %}
+{% if ansible_os_family != "Windows" %}
PidFile={{ zabbix_agent2_pidfile }}
{% endif %}
LogType={{ zabbix_agent2_logtype }}
-{% if zabbix_agent_os_family == "Windows" %}
+{% if ansible_os_family == "Windows" %}
LogFile={{ zabbix_agent2_win_logfile }}
{% else %}
LogFile={{ zabbix_agent2_logfile }}
@@ -79,13 +79,18 @@ Alias={{ item }}
{% endif %}
{% endif %}
Timeout={{ zabbix_agent2_timeout }}
-{% if zabbix_agent_os_family == "Windows" %}
+{% if ansible_os_family == "Windows" %}
Include={{ zabbix_agent_win_include }}
{% else %}
Include={{ zabbix_agent2_include }}/{{ zabbix_agent2_include_pattern }}
{% endif %}
+{% if zabbix_agent2_additional_include is defined and zabbix_agent2_additional_include is iterable and zabbix_agent2_additional_include is not string %}
+{% for include in zabbix_agent2_additional_include %}
+Include={{ include }}
+{% endfor %}
+{% endif %}
UnsafeUserParameters={{ zabbix_agent2_unsafeuserparameters }}
-{% if zabbix_agent_os_family != "Windows" %}
+{% if ansible_os_family != "Windows" %}
ControlSocket={{ zabbix_agent2_controlsocket }}
{% endif %}
{% if zabbix_agent2_tlsconnect is defined and zabbix_agent2_tlsconnect %}
@@ -128,7 +133,7 @@ Plugins.{{ my_name }}.{{ param }}={{ value }}
{% endfor %}
{% endfor %}
{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
+{% if zabbix_agent_version is version('6.0', '>=') %}
{% if zabbix_agent2_listenbacklog is defined and zabbix_agent2_listenbacklog %}
ListenBacklog={{ zabbix_agent2_listenbacklog }}
{% endif %}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2
index 5e5d31d9b..24af45bc3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/templates/zabbix_agentd.conf.j2
@@ -4,15 +4,15 @@
# This configuration file is "minimalized", which means all the original comments
# are removed. The full documentation for your Zabbix Agent can be found here:
-# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if zabbix_agent_os_family == "Windows" else "" }}
+# https://www.zabbix.com/documentation/{{ zabbix_agent_version }}/en/manual/appendix/config/zabbix_agentd{{ "_win" if ansible_os_family == "Windows" else "" }}
-{% if zabbix_agent_os_family != "Windows" %}
+{% if ansible_os_family != "Windows" %}
PidFile={{ zabbix_agent_pidfile }}
{% endif %}
{% if zabbix_agent_version is version('3.0', '>=') %}
LogType={{ zabbix_agent_logtype }}
{% endif %}
-{% if zabbix_agent_os_family == "Windows" %}
+{% if ansible_os_family == "Windows" %}
LogFile={{ zabbix_agent_win_logfile }}
{% else %}
LogFile={{ zabbix_agent_logfile }}
@@ -66,7 +66,7 @@ RefreshActiveChecks={{ zabbix_agent_refreshactivechecks }}
BufferSend={{ zabbix_agent_buffersend }}
BufferSize={{ zabbix_agent_buffersize }}
MaxLinesPerSecond={{ zabbix_agent_maxlinespersecond }}
-{% if zabbix_version is version_compare('6.2', '>=') %}
+{% if zabbix_agent_version is version_compare('6.2', '>=') %}
HeartbeatFrequency={{ zabbix_agent_heartbeatfrequency }}
{% endif %}
{% if zabbix_agent_zabbix_alias is defined and zabbix_agent_zabbix_alias %}
@@ -79,20 +79,25 @@ Alias={{ item }}
{% endif %}
{% endif %}
Timeout={{ zabbix_agent_timeout }}
-{% if zabbix_agent_os_family != "Windows" %}
+{% if ansible_os_family != "Windows" %}
AllowRoot={{ zabbix_agent_allowroot }}
{% endif %}
{% if zabbix_agent_runas_user is defined and zabbix_agent_runas_user %}
User={{ zabbix_agent_runas_user }}
{% endif %}
-{% if zabbix_agent_os_family == "Windows" %}
+{% if ansible_os_family == "Windows" %}
Include={{ zabbix_agent_win_include }}
{% else %}
Include={{ zabbix_agent_include }}/{{ zabbix_agent_include_pattern }}
{% endif %}
+{% if zabbix_agent_additional_include is defined and zabbix_agent_additional_include is iterable and zabbix_agent_additional_include is not string %}
+{% for include in zabbix_agent_additional_include %}
+Include={{ include }}
+{% endfor %}
+{% endif %}
UnsafeUserParameters={{ zabbix_agent_unsafeuserparameters }}
-{% if zabbix_version is version_compare('2.2', '>=') %}
-{% if zabbix_agent_os_family != "Windows" %}
+{% if zabbix_agent_version is version_compare('2.2', '>=') %}
+{% if ansible_os_family != "Windows" %}
LoadModulePath={{ zabbix_agent_loadmodulepath }}
{% endif %}
{% endif %}
@@ -105,7 +110,7 @@ LoadModule={{ module }}
{% endfor %}
{% endif %}
{% endif %}
-{% if zabbix_version is version_compare('3.0', '>=') %}
+{% if zabbix_agent_version is version_compare('3.0', '>=') %}
{% if zabbix_agent_tlsconnect is defined and zabbix_agent_tlsconnect %}
TLSConnect={{ zabbix_agent_tlsconnect }}
{% endif %}
@@ -137,7 +142,7 @@ TLSPSKIdentity={{ zabbix_agent_tlspskidentity }}
TLSPSKFile={{ zabbix_agent_tlspskfile }}
{% endif %}
{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
+{% if zabbix_agent_version is version('6.0', '>=') %}
{% if zabbix_agent_listenbacklog is defined and zabbix_agent_listenbacklog %}
ListenBacklog={{ zabbix_agent_listenbacklog }}
{% endif %}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml
deleted file mode 100644
index 164b02460..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Darwin.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# vars file for zabbix_agent (Debian)
-
-zabbix_agent: zabbix-agent
-zabbix_agent_service: com.zabbix.zabbix_agentd
-zabbix_agent_conf: zabbix_agentd.conf
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
index 3100ca957..4a65dfbeb 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
@@ -8,31 +8,41 @@ zabbix_agent2_conf: zabbix_agent2.conf
zabbix_valid_agent_versions:
# Debian
+ "12":
+ - 6.4
+ - 6.2
+ - 6.0
+
"11":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
"10":
+ - 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
"9":
+ - 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
# Ubuntu
"22":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
"20":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
"18":
+ - 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml
index b9f2378dd..50f0b01ec 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/RedHat.yml
@@ -9,16 +9,13 @@ zabbix_agent2_conf: zabbix_agent2.conf
zabbix_valid_agent_versions:
"9":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"8":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"7":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml
deleted file mode 100644
index 5bcc846ab..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Sangoma.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# vars file for zabbix_agent (Sangola)
-
-zabbix_agent: zabbix-agent
-zabbix_agent_service: zabbix-agent
-zabbix_agent_conf: zabbix_agentd.conf
-zabbix_agent2_conf: zabbix_agent2.conf
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml
deleted file mode 100644
index abecd9c23..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Suse.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# vars file for zabbix_agent (Suse)
-
-zabbix_agent: zabbix-agentd
-zabbix_agent_service: zabbix_agentd
-zabbix_agent_conf: zabbix_agentd.conf
-zabbix_agent2_conf: zabbix-agent2.conf
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml
index 8add26238..4dd64ba02 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Windows.yml
@@ -1,2 +1,7 @@
---
# vars file for zabbix_agent (Windows)
+zabbix_valid_agent_versions:
+ "10":
+ - 6.4
+ - 6.2
+ - 6.0
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml
deleted file mode 100644
index c78d3a76e..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/zabbix.yml
+++ /dev/null
@@ -1,285 +0,0 @@
----
-sign_keys:
- "64":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "62":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "60":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- "54":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "52":
- # bullseye: not available upstream
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "50":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "44":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "42":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "40":
- bullseye:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "34":
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "32":
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: 79EA5ED4
- serena:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "30":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "24":
- jessie:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- "22":
- squeeze:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- lucid:
- sign_key: 79EA5ED4
-
-suse:
- "openSUSE Leap":
- "42":
- name: server:monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
- python_libxml2_package: python-libxml2
- "openSUSE":
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
- python_libxml2_package: python-libxml2
- "SLES":
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
- python_libxml2_package: python-libxml2
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP5/
- python_libxml2_package: python-libxml2
- "15":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_15_SP3/
- python_libxml2_package: python3-libxml2-python
- "SLES_SAP": # SAP specific version of SLES
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
- python_libxml2_package: python-libxml2
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP5/
- python_libxml2_package: python-libxml2
- "15":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_15_SP3/
- python_libxml2_package: python3-libxml2-python
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
index 70427d97c..1761c7f8b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
@@ -29,29 +29,22 @@ This role will work on the following operating systems:
* Ubuntu
So, you'll need one of those operating systems.. :-)
-Please send Pull Requests or suggestions when you want to use this role for other Operating systems.
## Zabbix Versions
See the following list of supported Operating systems with the Zabbix releases.
-| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.2 | 5.0 | 4.4 | 4.0 (LTS) | 3.0 (LTS) |
-|---------------------|-----|-----|-----------|-----|-----|-----|-----------|-----------|
-| Red Hat Fam 8 | V | V | V | V | V | V | | |
-| Red Hat Fam 7 | | | | V | V | V | V | V |
-| Red Hat Fam 6 | | | | V | V | | | V |
-| Red Hat Fam 5 | | | | V | V | | | V |
-| Fedora | | | | | | V | V | |
-| Ubuntu 20.04 focal | V | V | V | V | V | | V | |
-| Ubuntu 18.04 bionic | | | | V | V | V | V | |
-| Ubuntu 16.04 xenial | | | | V | V | V | V | |
-| Ubuntu 14.04 trusty | | | | V | V | V | V | V |
-| Debian 10 buster | V | V | V | V | V | V | | |
-| Debian 9 stretch | | | | V | V | V | V | |
-| Debian 8 jessie | | | | V | V | V | V | V |
-| Debian 7 wheezy | | | | | | | V | V |
-| macOS 10.15 | | | | | | V | V | |
-| macOS 10.14 | | | | | | V | V | |
+| Zabbix | 6.4 | 6.2 | 6.0 |
+|---------------------|-----|-----|-----|
+| Red Hat Fam 9 | V | V | V |
+| Red Hat Fam 8 | V | V | V |
+| Red Hat Fam 7 | V | V | V |
+| Ubuntu 22.04 jammy | V | V | V |
+| Ubuntu 20.04 focal | V | V | V |
+| Ubuntu 18.04 bionic | V | V | V |
+| Debian 12 bookworm | V | | V |
+| Debian 11 bullseye | V | V | V |
+| Debian 10 buster | V | V | V |
# Role Variables
@@ -61,17 +54,14 @@ The following is an overview of all available configuration default for this rol
### Overall Zabbix
-* `zabbix_javagateway_version`: This is the version of zabbix. Default: 5.2. Can be overridden to 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
-* `zabbix_repo`: Default: `zabbix`
- * `epel`: install agent from EPEL repo
- * `zabbix`: (default) install agent from Zabbix repo
- * `other`: install agent from pre-existing or other repo
+The `zabbix_javagateway_version` is optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_javagateway_version: 6.0`.
* `zabbix_repo_yum`: A list with Yum repository configuration.
* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
-* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`.
-* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages.
+* `zabbix_javagateway_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_javagateway_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed.
* `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
+* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
+* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
### Java Gatewaty
@@ -106,6 +96,17 @@ or when using the zabbix-proxy:
zabbix_proxy_javagateway: 192.168.1.2
```
+## Tags
+
+The majority of tasks within this role are tagged as follows:
+
+* `install`: Tasks associated with the installation of software.
+* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation.
+* `database`: Tasks associated with the installation or configuration of the database.
+* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server.
+* `config`: Tasks associated with the configuration of Zabbix or a supporting service.
+* `service`: Tasks associated with managing a service.
+
# Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
index a34046616..4356f61a4 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
@@ -1,17 +1,14 @@
---
# defaults file for zabbix_javagateway
-zabbix_javagateway_version: 6.4
-zabbix_version: "{{ zabbix_javagateway_version }}"
+#zabbix_javagateway_version:6.4
zabbix_javagateway_package_state: present
-zabbix_selinux: false
-zabbix_repo: zabbix
zabbix_repo_yum_schema: https
zabbix_java_gateway_conf_mode: "0644"
zabbix_repo_yum_gpgcheck: 0
-zabbix_repo_yum_disabled: "*"
-zabbix_repo_yum_enabled: []
+zabbix_javagateway_disable_repo:
+ - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
@@ -28,6 +25,8 @@ zabbix_repo_yum:
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_repo_deb_component: main
+
zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid
zabbix_javagateway_listenip: 0.0.0.0
zabbix_javagateway_listenport: 10052
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml
index c7034aa7d..9b6ed50c1 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/handlers/main.yml
@@ -2,14 +2,14 @@
# handlers file for zabbix-javagateway
- name: zabbix-java-gateway restarted
- service:
+ ansible.builtin.service:
name: zabbix-java-gateway
state: restarted
enabled: true
become: true
- name: "clean repo files from proxy creds"
- shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+ ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
become: true
when:
- ansible_os_family == 'RedHat'
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
index d025e6ca8..4c4cff06d 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
@@ -1,80 +1,80 @@
---
-
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
-
-- name: "Set some variables"
- set_fact:
+- name: "Debian | Set some variables"
+ ansible.builtin.set_fact:
zabbix_short_version: "{{ zabbix_javagateway_version | regex_replace('\\.', '') }}"
+ tags:
+ - always
-- name: "Debian | Install gpg key"
- apt_key:
- id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}"
- url: http://repo.zabbix.com/zabbix-official-repo.key
- become: true
-
-- name: "Debian | Installing repository Debian"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/debian/ {{ ansible_distribution_release }} main"
+- name: "Debian | Installing lsb-release"
+ ansible.builtin.apt:
+ pkg: lsb-release
+ update_cache: true
+ cache_valid_time: 3600
+ force: true
state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
- when:
- - ansible_distribution == "Debian"
- - zabbix_repo == "zabbix"
+ tags:
+ - install
-- name: "Debian | Installing repository Debian"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/debian/ {{ ansible_distribution_release }} main"
- state: present
- become: true
- when:
- - ansible_distribution == "Debian"
- - ansible_machine == "aarch64"
- - zabbix_repo == "zabbix"
+- name: "Debian | Update ansible_lsb fact"
+ ansible.builtin.setup:
+ gather_subset:
+ - lsb
-- name: "Debian | Installing repository Ubuntu"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu-arm64/ {{ ansible_distribution_release }} main"
- state: present
- become: true
+- name: "Debian | Repo URL"
+ ansible.builtin.set_fact:
+ zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine == "aarch64"
- - zabbix_repo == "zabbix"
-
+ - zabbix_repo_deb_url is undefined
+ tags:
+ - always
-- name: "Debian | Installing repository Ubuntu"
- apt_repository:
- repo: "deb http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu/ {{ ansible_distribution_release }} main"
- state: present
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/
+ state: directory
+ mode: "0755"
become: true
when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine != "aarch64"
- - zabbix_repo == "zabbix"
+ - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
-- name: "Debian | Installing repository Ubuntu"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu-arm64/ {{ ansible_distribution_release }} main"
- state: present
+- name: "Debian | Download gpg key"
+ ansible.builtin.get_url:
+ url: http://repo.zabbix.com/zabbix-official-repo.key
+ dest: "{{ zabbix_gpg_key }}"
+ mode: "0644"
+ force: true
become: true
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_machine == "aarch64"
- - zabbix_repo == "zabbix"
-
+ tags:
+ - install
-- name: "Debian | Installing repository Ubuntu"
- apt_repository:
- repo: "deb-src http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/ubuntu/ {{ ansible_distribution_release }} main"
- state: present
+- name: "Debian | Installing repository {{ ansible_distribution }}"
+ ansible.builtin.copy:
+ dest: /etc/apt/sources.list.d/zabbix.sources
+ owner: root
+ group: root
+ mode: 0644
+ content: |
+ Types: deb deb-src
+ Enabled: yes
+ URIs: {{ zabbix_repo_deb_url }}
+ Suites: {{ ansible_distribution_release }}
+ Components: {{ zabbix_repo_deb_component }}
+ Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+ Signed-By: {{ zabbix_gpg_key }}
become: true
- when:
- - ansible_distribution == "Ubuntu"
- - zabbix_repo == "zabbix"
+ tags:
+ - install
- name: "Debian | Installing zabbix-java-gateway"
- apt:
+ ansible.builtin.apt:
pkg: zabbix-java-gateway
state: "{{ zabbix_javagateway_package_state }}"
update_cache: true
@@ -86,12 +86,17 @@
register: zabbix_java_gateway_install
until: zabbix_java_gateway_install is succeeded
become: true
+ tags:
+ - install
-- name: "Make sure Zabbix Java Gateway is not yet running"
- systemd:
+- name: "Debian | Make sure Zabbix Java Gateway is not yet running"
+ ansible.builtin.systemd:
name: zabbix-java-gateway
state: stopped
enabled: true
daemon_reload: true
+ become: true
when:
- zabbix_java_gateway_install.changed
+ tags:
+ - service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml
index 877628381..96d9d3928 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/RedHat.yml
@@ -2,33 +2,34 @@
# Tasks specific for RedHat systems
- name: "RedHat | Install basic repo file"
- yum_repository:
+ ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
+ priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
- when:
- zabbix_repo == "zabbix"
notify:
- "clean repo files from proxy creds"
+ tags:
+ - install
- name: "RedHat | Installing zabbix-java-gateway"
- package:
+ ansible.builtin.package:
pkg: zabbix-java-gateway
state: "{{ zabbix_javagateway_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_java_gateway_install
until: zabbix_java_gateway_install is succeeded
become: true
+ tags:
+ - install
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
index b95322426..6b56d43d3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
@@ -1,46 +1,53 @@
---
-# tasks file for zabbix_proxy
+# tasks file for zabbix_javagateway
-- name: "Install the correct repository"
- include_tasks: "RedHat.yml"
- when:
- - ansible_os_family == "RedHat"
+- name: Include OS-specific variables
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - always
-- name: "Install the correct repository"
- include_tasks: "Debian.yml"
- when:
- - ansible_os_family == "Debian"
+- name: Determine Latest Supported Zabbix Version
+ ansible.builtin.set_fact:
+ zabbix_javagateway_version: "{{ zabbix_valid_javagateway_versions[ansible_distribution_major_version][0] | default(6.4) }}"
+ when: zabbix_javagateway_version is not defined
+ tags:
+ - always
-- name: "Place systemd unit file"
- copy:
- src: systemd.service
- dest: /etc/systemd/system/zabbix-java-gateway.service
- mode: '0644'
- register: systemd_state
- when:
- - zabbix_version is version('5.4', '<')
+- name: Set More Variables
+ ansible.builtin.set_fact:
+ zabbix_valid_version: "{{ zabbix_javagateway_version|float in zabbix_valid_javagateway_versions[ansible_distribution_major_version] }}"
+ tags:
+ - always
-- name: "Reload systemd"
- shell: systemctl daemon-reload
- when:
- - zabbix_version is version('5.4', '<')
- - systemd_state.changed
+- name: Stopping Install of Invalid Version
+ ansible.builtin.fail:
+ msg: Zabbix version {{ zabbix_javagateway_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+ when: not zabbix_valid_version
tags:
- - skip_ansible_lint
+ - always
+
+- name: "Install the correct repository"
+ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
- name: "Configure zabbix-proxy"
- template:
+ ansible.builtin.template:
src: zabbix_java_gateway.conf.j2
dest: /etc/zabbix/zabbix_java_gateway.conf
owner: zabbix
group: zabbix
mode: "{{ zabbix_java_gateway_conf_mode }}"
+ become: true
notify:
- zabbix-java-gateway restarted
+ tags:
+ - config
- name: "Make sure Zabbix Java Gateway is running"
- systemd:
+ ansible.builtin.systemd:
name: zabbix-java-gateway
state: started
enabled: true
daemon_reload: true
+ become: true
+ tags:
+ - service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2
index 9b197600d..7c697cd3b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/templates/zabbix_java_gateway.conf.j2
@@ -4,7 +4,7 @@
# This configuration file is "minimalized", which means all the original comments
# are removed. The full documentation for your Zabbix Java Gateway can be found here:
-# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/concepts/java
+# https://www.zabbix.com/documentation/{{ zabbix_javagateway_version }}/en/manual/concepts/java
LISTEN_IP={{ zabbix_javagateway_listenip }}
LISTEN_PORT={{ zabbix_javagateway_listenport }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
index 1eecc3170..2253f5b7b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
@@ -1,6 +1,30 @@
----
-apache_user: www-data
-apache_group: www-data
-apache_log: apache2
+zabbix_valid_javagateway_versions:
+ # Debian
+ "12":
+ - 6.4
+ - 6.0
+ "11":
+ - 6.4
+ - 6.2
+ - 6.0
+ "10":
+ - 6.4
+ - 6.2
+ - 6.0
+ # Ubuntu
+ "22":
+ - 6.4
+ - 6.2
+ - 6.0
+ "20":
+ - 6.4
+ - 6.2
+ - 6.0
+ "18":
+ - 6.4
+ - 6.2
+ - 6.0
-mysql_create_dir: ''
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml
index 8c1997706..62af028ff 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/RedHat.yml
@@ -1,6 +1,14 @@
---
-apache_user: apache
-apache_group: apache
-apache_log: httpd
-
-mysql_create_dir: create/
+zabbix_valid_javagateway_versions:
+ "9":
+ - 6.4
+ - 6.2
+ - 6.0
+ "8":
+ - 6.4
+ - 6.2
+ - 6.0
+ "7":
+ - 6.4
+ - 6.2
+ - 6.0
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml
deleted file mode 100644
index bd960deba..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/zabbix.yml
+++ /dev/null
@@ -1,258 +0,0 @@
----
-sign_keys:
- "64":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- "62":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- "60":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- "54":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "52":
- # bullseye: not available upstream
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "50":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "44":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "42":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "40":
- bullseye:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "34":
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "32":
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: 79EA5ED4
- serena:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "30":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "24":
- jessie:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- "22":
- squeeze:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- lucid:
- sign_key: 79EA5ED4
-
-suse:
- "openSUSE Leap":
- "42":
- name: server:monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
- "openSUSE":
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
- "SLES":
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
index 6682f6c18..baec42155 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
@@ -77,24 +77,17 @@ ansible-galaxy collection install community.postgresql
See the following list of supported Operating systems with the Zabbix releases.
-| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS)| 4.4 | 4.0 (LTS) | 3.0 (LTS) |
-|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------|
-| Red Hat Fam 9 | V | V | V | | | | | | |
-| Red Hat Fam 8 | V | V | V | V | V | V | V | | |
-| Red Hat Fam 7 | V | V | V | V | V | V | V | V | V |
-| Red Hat Fam 6 | | | | | V | V | | | V |
-| Red Hat Fam 5 | | | | | V | V | | | V |
-| Fedora | | | | | | | V | V | |
-| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | |
-| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | |
-| Ubuntu 16.04 xenial | | | | | V | V | V | V | |
-| Ubuntu 14.04 trusty | | | | | V | V | V | V | V |
-| Debian 10 buster | V | | V | V | V | V | V | | |
-| Debian 9 stretch | V | | V | V | V | V | V | V | |
-| Debian 8 jessie | | | | | V | V | V | V | V |
-| Debian 7 wheezy | | | | | | | | V | V |
-| macOS 10.15 | | | | | | | V | V | |
-| macOS 10.14 | | | | | | | V | V | |
+| Zabbix | 6.4 | 6.2 | 6.0 |
+|---------------------|-----|-----|-----|
+| Red Hat Fam 9 | V | V | V |
+| Red Hat Fam 8 | V | V | V |
+| Red Hat Fam 7 | V | V | V |
+| Ubuntu 22.04 jammy | V | V | V |
+| Ubuntu 20.04 focal | V | V | V |
+| Ubuntu 18.04 bionic | V | V | V |
+| Debian 12 bookworm | V | | V |
+| Debian 11 bullseye | V | V | V |
+| Debian 10 buster | V | V | V |
# Role Variables
@@ -102,104 +95,49 @@ See the following list of supported Operating systems with the Zabbix releases.
The following is an overview of all available configuration default for this role.
-### Overall Zabbix
-
-* `zabbix_proxy_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
-* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available)
-* `zabbix_repo`: Default: `zabbix`
- * `epel`: install agent from EPEL repo
- * `zabbix`: (default) install agent from Zabbix repo
- * `other`: install agent from pre-existing or other repo
-* `zabbix_repo_yum`: A list with Yum repository configuration.
-* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
-* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`.
-* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages.
-
-### SElinux
-
-* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.
-
### Zabbix Proxy
+* `zabbix_proxy_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_proxy_version: 6.0`.
+* `zabbix_proxy_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available)
* `zabbix_proxy_ip`: The IP address of the host. When not provided, it will be determined via the `ansible_default_ipv4` fact.
* `zabbix_proxy_server`: The ip or dns name for the zabbix-server machine.
-* `zabbix_proxy_serverport`: The port on which the zabbix-server is running. Default: 10051
-* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
* `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client.
-* `zabbix_proxy_become_on_localhost`: Default: `True`. Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip.
* `zabbix_proxy_manage_service`: Default: `True`. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service.
-* `zabbix_install_pip_packages`: Default: `True`. Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely.
-* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started.This parameter is supported since Zabbix 4.2.0.
-* `zabbix_proxy_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_proxy_logtype`: Specifies where log messages are written to: system, file, console.
-* `zabbix_proxy_logfile`: Name of log file.
-* `zabbix_proxy_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_proxy_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_proxy_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used.
* `zabbix_proxy_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_proxy_include`.
* `zabbix_proxy_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
-* `zabbix_proxy_statsallowedip`: Default: `127.0.0.1`. Allowed IP foe remote gathering of the ZabbixPorixy internal metrics.
-* `zabbix_proxy_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
-* `zabbix_proxy_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
-* `zabbix_proxy_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-* `zabbix_proxy_listenbacklog`: The maximum number of pending connections in the queue.
### Database specific
* `zabbix_proxy_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database.
* `zabbix_proxy_database`: Default: `mysql`. The type of database used. Can be: `mysql`, `pgsql` or `sqlite3`
-* `zabbix_proxy_database_long`: Default: `mysql`. The type of database used, but long name. Can be: `mysql`, `postgresql` or `sqlite3`
-* `zabbix_proxy_dbhost`: The hostname on which the database is running. Will be ignored when `sqlite3` is used as database.
+* `zabbix_proxy_dbhost`: Default: localhost. The hostname on which the database is running. Will be ignored when `sqlite3` is used as database.
* `zabbix_proxy_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections) Will be ignored when `sqlite3` is used as database.
-* `zabbix_proxy_dbname`: The database name which is used by the Zabbix Proxy.
-* `zabbix_proxy_dbuser`: The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database.
-* `zabbix_proxy_dbpassword`: The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database.
+* `zabbix_proxy_dbname`: Default: zabbix_proxy. The database name which is used by the Zabbix Proxy.
+* `zabbix_proxy_dbuser`: Default: zabbix_proxy. The database username which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database.
+* `zabbix_proxy_dbpassword`: Default: zabbix_proxy. The database user password which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database.
+* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`.
* `zabbix_proxy_dbport`: The database port which is used by the Zabbix Proxy. Will be ignored when `sqlite3` is used as database.
-* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False.
+* `zabbix_proxy_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False.
* `zabbix_proxy_install_database_client`: Default: `True`. False does not install database client. Default true
-* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False.
+* `zabbix_proxy_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False.
* `zabbix_proxy_dbencoding`: Default: `utf8`. The encoding for the MySQL database.
* `zabbix_proxy_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database.zabbix_proxy_
-* `zabbix_server_allowunsupporteddbversions`: Allow proxy to work with unsupported database versions.
-* `zabbix_proxy_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`.
-### TLS Specific configuration
-
-These variables are specific for Zabbix 3.0 and higher:
-
-* `zabbix_proxy_tlsconnect`: How the agent should connect to server or proxy. Used for active checks.
- Possible values:
- * unencrypted
- * psk
- * cert
-* `zabbix_proxy_tlsaccept`: What incoming connections to accept.
- Possible values:
- * unencrypted
- * psk
- * cert
-* `zabbix_proxy_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification.
-* `zabbix_proxy_tlscrlfile`: Full pathname of a file containing revoked certificates.
-* `zabbix_proxy_tlsservercertissuer`: Allowed server certificate issuer.
-* `zabbix_proxy_tlsservercertsubject`: Allowed server certificate subject.
-* `zabbix_proxy_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain.
-* `zabbix_proxy_tlskeyfile`: Full pathname of a file containing the agent private key.
-* `zabbix_proxy_dbtlsconnect`: Setting this option enforces to use TLS connection to database:
-
-`required` - connect using TLS
-`verify_ca` - connect using TLS and verify certificate
-`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate
-
-On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported.
-By default not set to any option and the behaviour depends on database configuration.
-This parameter is supported since Zabbix 5.0.0.
-
-* `zabbix_proxy_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_proxy_dbtlscertfile`: Full pathname of file containing Zabbix Proxy certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_proxy_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_proxy_dbtlscipher`: The list of encryption ciphers that Zabbix Proxy permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0.
-* `zabbix_proxy_dbtlscipher13`: The list of encryption ciphersuites that Zabbix Proxy permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0.
-
-## proxy
+
+### Yum/APT
+* `zabbix_repo_yum`: A list with Yum repository configuration.
+* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
+* `zabbix_repo_yum_gpgcheck`: Default: `0`. Should yum perform a GPG check on the repository
+* `zabbix_proxy_disable_repo`: A list of repos to disable during install. Default `epel`.
+* `zabbix_proxy_apt_priority`: APT priority for the zabbix repository
+* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
+* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}`
+* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+### SElinux
+
+* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.
+
+## Proxy
When the target host does not have access to the internet, but you do have a proxy available then the following properties needs to be set to download the packages via the proxy:
@@ -210,9 +148,9 @@ When the target host does not have access to the internet, but you do have a pro
With Zabbix Proxy you can make use of 2 different databases:
-* `mysql`
-* `postgresql`
-* `SQLite3`
+* MySQL
+* PostgreSQL
+* SQLite3
In the following paragraphs we dive into both setups.
@@ -232,12 +170,12 @@ We need to have the following dependencies met:
```yaml
zabbix_proxy_database: mysql
-zabbix_proxy_database_long: mysql
zabbix_proxy_dbport: 3306
zabbix_proxy_dbpassword: <SOME_SECRET_STRING>
```
Please generate a value for the `zabbix_proxy_dbpassword` property (Maybe use `ansible-vault` for this). The zabbix-proxy role will create an database and username (With the provided value for the password) in `MySQL`.
+
3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Proxy with `MySQL` will be running.
#### Separate Setup
@@ -249,7 +187,6 @@ We need to have the following dependencies met:
```yaml
zabbix_proxy_database: mysql
-zabbix_proxy_database_long: mysql
zabbix_proxy_dbport: 3306
zabbix_proxy_dbhost: mysql-host
zabbix_proxy_dbhost_run_install: false
@@ -283,7 +220,6 @@ We need to have the following dependencies met:
```yaml
zabbix_proxy_database: pgsql
-zabbix_proxy_database_long: postgresql
zabbix_proxy_dbport: 5432
zabbix_proxy_dbpassword: <SOME_SECRET_STRING>
```
@@ -300,7 +236,6 @@ We need to have the following dependencies met:
```yaml
zabbix_proxy_database: pgsql
-zabbix_proxy_database_long: postgresql
zabbix_proxy_dbport: 5432
zabbix_proxy_dbhost: pgsql-host
zabbix_proxy_dbhost_run_install: false
@@ -326,7 +261,6 @@ The following properties needs to be set when using `SQLite3` as the database:
```yaml
zabbix_proxy_database: sqlite3
-zabbix_proxy_database_long: sqlite3
zabbix_proxy_dbname: /path/to/sqlite3.db
```
@@ -336,20 +270,140 @@ NOTE: When using `zabbix_proxy_dbname: zabbix_proxy` (Which is default with this
These variables need to be overridden when you want to make use of the Zabbix API for automatically creating and or updating proxies, i.e. when `zabbix_api_create_proxy` is set to `True`.
-* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth.
-* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth.
* `zabbix_api_server_host`: The IP or hostname/FQDN of Zabbix server. Example: zabbix.example.com
-* `zabbix_api_server_port`: TCP port to use to connect to Zabbix server. Example: 8080
-* `zabbix_api_use_ssl`: yes (Default) if we need to connect to Zabbix server over HTTPS
-* `zabbix_api_validate_certs` : yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used
+* `zabbix_api_use_ssl`: Is SSL required to connect to the Zabbix API server? Default: `false`
+* `zabbix_api_server_port`: 80 if `zabbix_api_use_ssl` is `false` and 443 if `true` (Default) TCP port to use to connect to Zabbix server. Example: 8080
* `zabbix_api_login_user`: Username of user which has API access.
* `zabbix_api_login_pass`: Password for the user which has API access.
+* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth).
+* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth (if your Zabbix is behind a proxy with HTTP Basic Auth).
+* `zabbix_api_validate_certs`: yes (Default) if we need to validate tls certificates of the API. Use `no` in case self-signed certificates are used.
+* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds)
* `ansible_zabbix_url_path`: URL path if Zabbix WebUI running on non-default (zabbix) path, e.g. if http://<FQDN>/zabbixeu then set to `zabbixeu`
* `zabbix_api_create_proxy`: When you want to enable the Zabbix API to create/delete the proxy. This has to be set to `True` if you want to make use of `zabbix_proxy_state`. Default: `False`
* `zabbix_proxy_name`: name of the Zabbix proxy as it is seen by Zabbix server
* `zabbix_proxy_state`: present (Default) if the proxy needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_proxy` is set to `True`.
* `zabbix_proxy_status`: active (Default) if the proxy needs to be active or passive.
-* `zabbix_api_timeout`: timeout for API calls (default to 30 seconds)
+
+## Configuration Variables
+
+The following table lists all variables that are exposed to modify the configuration of the zabbix_proxy.conf file. Specific details of each variable can be found in the Zabbix documentation.
+
+**NOTE**: Only variables with a default value appear in the defaults file, all others must be added.
+
+| Zabbix Name | Variable Name | Default Value |Notes |
+|-----------|------------------|--------|--------|
+| AllowRoot | zabbix_proxy_allowroot |0| |
+| AllowUnsupportedDBVersions | zabbix_proxy_allowunsupporteddbversions |0| |
+| CacheSize | zabbix_proxy_cachesize | 8M| |
+| ConfigFrequency | zabbix_proxy_configfrequency |3600| |
+| DataSenderFrequency | zabbix_proxy_datasenderfrequency |1| |
+| DBHost | zabbix_proxy_dbhost | localhost| |
+| DBName | zabbix_proxy_dbname | zabbix_proxy| |
+| DBPassword | zabbix_proxy_dbpassword | zabbix_proxy| |
+| DBSchema | zabbix_proxy_dbschema || |
+| DBSocket | zabbix_proxy_dbsocket || |
+| DBTLSCAFile | zabbix_proxy_dbtlscafile || |
+| DBTLSCertFile | zabbix_proxy_dbtlscertfile || |
+| DBTLSCipher | zabbix_proxy_dbtlscipher || |
+| DBTLSCipher13 | zabbix_proxy_dbtlscipher13 || |
+| DBTLSConnect | zabbix_proxy_dbtlsconnect || |
+| DBTLSKeyFile | zabbix_proxy_dbtlskeyfile || |
+| DBUser | zabbix_proxy_dbuser | zabbix_proxy| |
+| DebugLevel | zabbix_proxy_debuglevel |3| |
+| EnableRemoteCommands | zabbix_proxy_enableremotecommands |0| |
+| ExternalScripts | zabbix_proxy_externalscripts | /usr/lib/zabbix/externalscripts| |
+| Fping6Location | zabbix_proxy_fping6location | OS Specific Value | |
+| FpingLocation | zabbix_proxy_fpinglocation | OS Specific Value | |
+| HeartbeatFrequency | zabbix_proxy_heartbeatfrequency |60| Version 6.2 or Lower|
+| HistoryCacheSize | zabbix_proxy_historycachesize | 8M| |
+| HistoryIndexCacheSize | zabbix_proxy_historyindexcachesize | 4M| |
+| Hostname | zabbix_proxy_hostname | "{{ inventory_hostname }}"| |
+| HostnameItem | zabbix_proxy_hostnameitem || |
+| HousekeepingFrequency | zabbix_proxy_housekeepingfrequency |1| |
+| Include | zabbix_proxy_include | /etc/zabbix/zabbix_proxy.conf.d| |
+| JavaGateway | zabbix_proxy_javagateway || |
+| JavaGatewayPort | zabbix_proxy_javagatewayport |10052| |
+| ListenBacklog | zabbix_proxy_listenbacklog || |
+| ListenIP | zabbix_proxy_listenip || |
+| ListenPort | zabbix_proxy_listenport |10051| |
+| LoadModule | zabbix_proxy_loadmodule || |
+| LoadModulePath | zabbix_proxy_loadmodulepath | /usr/lib/zabbix/modules| |
+| LogFile | zabbix_proxy_logfile | /var/log/zabbix/zabbix_proxy.log| |
+| LogFileSize | zabbix_proxy_logfilesize |10| |
+| LogRemoteCommands | zabbix_proxy_logremotecommands || |
+| LogSlowQueries | zabbix_proxy_logslowqueries || |
+| LogType | zabbix_proxy_logtype | file| |
+| PidFile | zabbix_proxy_pidfile | /var/run/zabbix/zabbix_proxy.pid| |
+| ProxyLocalBuffer | zabbix_proxy_proxylocalbuffer |0| |
+| ProxyMode | zabbix_proxy_proxymode || |
+| ProxyOfflineBuffer | zabbix_proxy_proxyofflinebuffer |1| |
+| Server | zabbix_proxy_server | 192.168.1.1| |
+| SNMPTrapperFile | zabbix_proxy_snmptrapperfile | /tmp/zabbix_traps.tmp| |
+| SocketDir | zabbix_proxy_socketdir | /var/run/zabbix| |
+| SourceIP | zabbix_proxy_sourceip || |
+| SSHKeyLocation | zabbix_proxy_sshkeylocation || |
+| SSLCALocation | zabbix_proxy_sslcalocation || |
+| SSLCertLocation | zabbix_proxy_sslcertlocation || |
+| SSLKeyLocation | zabbix_proxy_sslkeylocation || |
+| StartDBSyncers | zabbix_proxy_startdbsyncers |4| |
+| StartDiscoverers | zabbix_proxy_startdiscoverers |1| |
+| StartHTTPPollers | zabbix_proxy_starthttppollers |1| |
+| StartIPMIPollers | zabbix_proxy_startipmipollers |0| |
+| StartJavaPollers | zabbix_proxy_startjavapollers || |
+| StartODBCPollers | zabbix_proxy_startodbcpollers |1| |
+| StartPingers | zabbix_proxy_startpingers |1| |
+| StartPollers | zabbix_proxy_startpollers |5| |
+| StartPollersUnreachable | zabbix_proxy_startpollersunreachable |1| |
+| StartPreprocessors | zabbix_proxy_startpreprocessors |3| |
+| StartSNMPTrapper | zabbix_proxy_startsnmptrapper || |
+| StartTrappers | zabbix_proxy_starttrappers |5| |
+| StartVMwareCollectors | zabbix_proxy_startvmwarecollectors || |
+| StatsAllowedIP | zabbix_proxy_statsallowedip | "127.0.0.1"| |
+| Timeout | zabbix_proxy_timeout |3| |
+| TLSAccept | zabbix_proxy_tlsaccept || |
+| TLSCAFile | zabbix_proxy_tlscafile || |
+| TLSCertFile | zabbix_proxy_tlscertfile || |
+| TLSCipherAll | zabbix_proxy_tlscipherall || |
+| TLSCipherAll13 | zabbix_proxy_tlscipherall13 || |
+| TLSCipherCert | zabbix_proxy_tlsciphercert || |
+| TLSCipherCert13 | zabbix_proxy_tlsciphercert13 || |
+| TLSCipherPSK | zabbix_proxy_tlscipherpsk || |
+| TLSCipherPSK13 | zabbix_proxy_tlscipherpsk13 || |
+| TLSConnect | zabbix_proxy_tlsconnect || |
+| TLSCRLFile | zabbix_proxy_tlscrlfile || |
+| TLSKeyFile | zabbix_proxy_tlskeyfile || |
+| TLSPSKFile | zabbix_proxy_tlspskfile || |
+| TLSPSKIdentity | zabbix_proxy_tlspskidentity || |
+| TLSServerCertIssuer | zabbix_proxy_tlsservercertissuer || |
+| TLSServerCertSubject | zabbix_proxy_tlsservercertsubject || |
+| TmpDir | zabbix_proxy_tmpdir | /tmp| |
+| TrapperTimeout | zabbix_proxy_trappertimeout |300| |
+| UnavailableDelay | zabbix_proxy_unavailabledelay || |
+| UnreachableDelay | zabbix_proxy_unreachabledelay || |
+| UnreachablePeriod | zabbix_proxy_unreachableperiod |45| |
+| User | zabbix_proxy_user || |
+| Vault | zabbix_proxy_vault || Version 6.2 or Greater |
+| VaultDBPath | zabbix_proxy_vaultdbpath || |
+| VaultTLSCertFile | zabbix_proxy_vaulttlscertfile || Version 6.2 or Greater |
+| VaultTLSKeyFile | zabbix_proxy_vaulttlskeyfile || Version 6.2 or Greater |
+| VaultToken | zabbix_proxy_vaulttoken || |
+| VaultURL | zabbix_proxy_vaulturl |https://127.0.0.1:8200| |
+| VMwareCacheSize | zabbix_proxy_vmwarecachesize | 8M| |
+| VMwareFrequency | zabbix_proxy_vmwarefrequency |60| |
+| VMwarePerfFrequency | zabbix_proxy_vmwareperffrequency | | |
+| VMwareTimeout | zabbix_proxy_vmwaretimeout | | |
+
+## Tags
+
+The majority of tasks within this role are tagged as follows:
+
+* `install`: Tasks associated with the installation of software.
+* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation.
+* `database`: Tasks associated with the installation or configuration of the database.
+* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server.
+* `config`: Tasks associated with the configuration of Zabbix or a supporting service.
+* `service`: Tasks associated with managing a service.
# Example Playbook
@@ -361,7 +415,6 @@ Including an example of how to use your role (for instance, with variables passe
- role: community.zabbix.zabbix_proxy
zabbix_proxy_server: 192.168.1.1
zabbix_proxy_database: mysql
- zabbix_proxy_database_long: mysql
```
# Molecule
@@ -385,3 +438,4 @@ See LICENCE to see the full text.
Please send suggestion or pull requests to make this role better. Also let us know if you encounter any issues installing or using this role.
Github: https://github.com/ansible-collections/community.zabbix
+
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
index 82a70cb09..f46c9c64e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
@@ -1,32 +1,53 @@
---
# defaults file for zabbix_proxy
+# zabbix_proxy_version: 6.4
+zabbix_os_user: zabbix
+zabbix_proxy_selinux: false
+zabbix_proxy_interface:
+ useip: "{{ zabbix_useuip }}"
+ ip: "{{ zabbix_proxy_ip }}"
+ dns: "{{ ansible_fqdn }}"
+ port: "{{ zabbix_proxy_listenport }}"
+zabbix_useuip: 1
-# zabbix_proxy_version: 6.0
-zabbix_proxy_version_minor: "*"
-zabbix_version: "{{ zabbix_proxy_version }}"
-zabbix_selinux: false
-
-# These variables are optional. They specify the version of Zabbix proxy package.
+# Database
+zabbix_proxy_database: mysql
+zabbix_proxy_database_creation: true
+zabbix_proxy_database_sqlload: true
+zabbix_proxy_dbhost_run_install: true
+zabbix_proxy_dbcollation: utf8_bin
+zabbix_proxy_dbencoding: utf8
+zabbix_proxy_dbhost: localhost
+zabbix_proxy_dbname: zabbix_proxy
+zabbix_proxy_dbpassword: zabbix_proxy
+zabbix_proxy_dbpassword_hash_method: md5
+zabbix_proxy_dbuser: zabbix_proxy
+zabbix_proxy_install_database_client: true
-# zabbix_proxy_rhel_version: 4.4.4
-# zabbix_proxy_debian_version: 1:4.4.4-1+stretch
-# zabbix_proxy_ubuntu_version: 1:4.4.4-1+xenial
+# Misc.
+zabbix_proxy_cat_cmd: cat
+zabbix_proxy_conf_mode: "0644"
+zabbix_proxy_config: /etc/zabbix/zabbix_proxy.conf
+zabbix_proxy_include_mode: "0755"
+zabbix_proxy_manage_service: true
+zabbix_proxy_privileged_host: localhost
+zabbix_proxy_server: 192.168.1.1
+zabbix_proxy_tls_config:
+ no_encryption: "no_encryption"
+ psk: "PSK"
+ cert: "certificate"
+zabbix_proxy_version_minor: "*"
-zabbix_repo: zabbix
-zabbix_proxy_apt_priority:
-zabbix_proxy_package_state: present
-zabbix_proxy_install_recommends: true
-zabbix_proxy_install_database_client: true
-zabbix_install_pip_packages: true
+# Yum/APT Variables
zabbix_repo_yum_schema: https
-zabbix_proxy_conf_mode: "0644"
zabbix_repo_yum_gpgcheck: 0
-zabbix_repo_yum_disabled: "*"
-zabbix_repo_yum_enabled: []
+zabbix_repo_deb_component: main
+zabbix_proxy_disable_repo:
+ - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
- baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
+ baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_proxy_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
mode: "0644"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
@@ -38,159 +59,71 @@ zabbix_repo_yum:
gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_proxy_apt_priority:
+zabbix_proxy_package_state: present
-# User (EPEL specific)
-zabbix_proxy_username: zabbix
-zabbix_proxy_groupname: zabbix
-
-zabbix_server_host: 192.168.1.1 # Will be deprecated in 2.0.0
-zabbix_proxy_server: "{{ zabbix_server_host }}"
-zabbix_server_port: 10051 # Will be deprecated in 2.0.0
-zabbix_proxy_serverport: "{{ zabbix_server_port }}"
-zabbix_database_creation: true
-zabbix_database_sqlload: true
-zabbix_proxy_dbtlsconnect:
-zabbix_proxy_dbtlscafile:
-zabbix_proxy_dbtlscertfile:
-zabbix_proxy_dbtlskeyfile:
-zabbix_proxy_dbtlscipher:
-zabbix_proxy_dbtlscipher13:
+# Proxy Configuration Variables (Only ones with role provided defaults)
+zabbix_proxy_allowroot: 0
zabbix_proxy_allowunsupporteddbversions: 0
-
-# Some role specific vars
-zabbix_proxy_database: mysql
-zabbix_proxy_database_long: mysql
-# zabbix_proxy_database: pgsql
-# zabbix_proxy_database_long: postgresql
-# zabbix_proxy_database: sqlite3
-# zabbix_proxy_database_long: sqlite3
-
-# zabbix-proxy specific vars
-zabbix_proxy_mode: 0
+zabbix_proxy_cachesize: 8M
+zabbix_proxy_configfrequency: 3600
+zabbix_proxy_datasenderfrequency: 1
+zabbix_proxy_dbport: 5432
+zabbix_proxy_debuglevel: 3
+zabbix_proxy_enableremotecommands: 0
+zabbix_proxy_externalscripts: /usr/lib/zabbix/externalscripts
+zabbix_proxy_heartbeatfrequency: 60
+zabbix_proxy_historycachesize: 8M
+zabbix_proxy_historyindexcachesize: 4M
zabbix_proxy_hostname: "{{ inventory_hostname }}"
+zabbix_proxy_housekeepingfrequency: 1
+zabbix_proxy_include: /etc/zabbix/zabbix_proxy.conf.d
+zabbix_proxy_javagatewayport: 10052
+zabbix_proxy_libdir: /usr/lib/zabbix
zabbix_proxy_listenport: 10051
-zabbix_proxy_sourceip:
-zabbix_proxy_logtype: file
+zabbix_proxy_loadmodulepath: "{{ zabbix_proxy_libdir }}/modules"
zabbix_proxy_logfile: /var/log/zabbix/zabbix_proxy.log
zabbix_proxy_logfilesize: 10
-zabbix_proxy_enableremotecommands: 0
-zabbix_proxy_debuglevel: 3
+zabbix_proxy_logtype: file
zabbix_proxy_pidfile: /var/run/zabbix/zabbix_proxy.pid
+zabbix_proxy_proxylocalbuffer: 0
+zabbix_proxy_proxyofflinebuffer: 1
+zabbix_proxy_snmptrapperfile: /tmp/zabbix_traps.tmp
zabbix_proxy_socketdir: /var/run/zabbix
-zabbix_proxy_dbencoding: utf8
-zabbix_proxy_dbcollation: utf8_bin
-zabbix_proxy_dbhost: localhost
-zabbix_proxy_dbname: zabbix_proxy
-zabbix_proxy_dbschema:
-zabbix_proxy_dbuser: zabbix_proxy
-zabbix_proxy_dbpassword: zabbix_proxy
-zabbix_proxy_dbsocket:
-zabbix_proxy_dbport: 5432
-zabbix_proxy_dbpassword_hash_method: md5
+zabbix_proxy_startdbsyncers: 4
+zabbix_proxy_startdiscoverers: 1
+zabbix_proxy_starthttppollers: 1
+zabbix_proxy_startipmipollers: 0
zabbix_proxy_startodbcpollers: 1
-zabbix_proxy_dbhost_run_install: true
-zabbix_proxy_privileged_host: localhost
-zabbix_proxy_localbuffer: 0 # Will be deprecated in 2.0.0
-zabbix_proxy_proxylocalbuffer: "{{ zabbix_proxy_localbuffer }}"
-zabbix_proxy_offlinebuffer: 1 # Will be deprecated in 2.0.0
-zabbix_proxy_proxyofflinebuffer: "{{ zabbix_proxy_offlinebuffer }}"
-zabbix_proxy_heartbeatfrequency: 60
-zabbix_proxy_configfrequency: 3600
-zabbix_proxy_datasenderfrequency: 1
+zabbix_proxy_startpingers: 1
zabbix_proxy_startpollers: 5
-zabbix_proxy_startipmipollers: 0
zabbix_proxy_startpollersunreachable: 1
-zabbix_proxy_starttrappers: 5
-zabbix_proxy_startpingers: 1
-zabbix_proxy_startdiscoverers: 1
-zabbix_proxy_starthttppollers: 1
zabbix_proxy_startpreprocessors: 3
-zabbix_proxy_javagateway:
-zabbix_proxy_javagatewayport: 10052
-zabbix_proxy_startjavapollers: 5
-zabbix_proxy_startvmwarecollector: 0
-zabbix_proxy_vmwarefrequency: 60
-zabbix_proxy_vmwarecachesize: 8
-zabbix_proxy_snmptrapperfile: /tmp/zabbix_traps.tmp
-zabbix_proxy_snmptrapper: 0
-zabbix_proxy_listenip:
-zabbix_proxy_housekeepingfrequency: 1
-zabbix_proxy_cachesize: 8
-zabbix_proxy_startdbsyncers: 4
-zabbix_proxy_historycachesize: 8
-zabbix_proxy_historyindexcachesize: 4
-zabbix_proxy_historytextcachesize: 16
+zabbix_proxy_starttrappers: 5
+zabbix_proxy_statsallowedip: "127.0.0.1"
zabbix_proxy_timeout: 3
+zabbix_proxy_tmpdir: /tmp
zabbix_proxy_trappertimeout: 300
zabbix_proxy_unreachableperiod: 45
-zabbix_proxy_unavaliabledelay: 60
-zabbix_proxy_unreachabedelay: 15
-zabbix_proxy_externalscripts: /usr/lib/zabbix/externalscripts
-zabbix_proxy_fpinglocation: /usr/sbin/fping
-zabbix_proxy_fping6location: /usr/sbin/fping6
-zabbix_proxy_sshkeylocation:
-zabbix_proxy_loglowqueries: 0
-zabbix_proxy_tmpdir: /tmp
-zabbix_proxy_allowroot: 0
-zabbix_proxy_include: /etc/zabbix/zabbix_proxy.conf.d
-zabbix_proxy_include_mode: "0755"
-zabbix_proxy_libdir: /usr/lib/zabbix
-zabbix_proxy_loadmodulepath: "{{ zabbix_proxy_libdir }}/modules"
-zabbix_proxy_manage_service: true
-zabbix_proxy_statsallowedip: "127.0.0.1"
-zabbix_proxy_vaulttoken:
zabbix_proxy_vaulturl: https://127.0.0.1:8200
-zabbix_proxy_vaultdbpath:
-zabbix_proxy_listenbacklog:
-
-# TLS settings
-zabbix_proxy_tlsconnect:
-zabbix_proxy_tlsaccept:
-zabbix_proxy_tlscafile:
-zabbix_proxy_tlscrlfile:
-zabbix_proxy_tlsservercertissuer:
-zabbix_proxy_tlsservercertsubject:
-zabbix_proxy_tls_subject: "{{ zabbix_proxy_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
-zabbix_proxy_tlscertfile:
-zabbix_proxy_tlskeyfile:
-zabbix_proxy_tlspskidentity:
-
-zabbix_proxy_tls_config:
- no_encryption: "no_encryption"
- psk: "PSK"
- cert: "certificate"
+zabbix_proxy_vmwarecachesize: 8M
+zabbix_proxy_vmwarefrequency: 60
# Zabbix API stuff
-zabbix_validate_certs: true # Will be deprecated in 2.0.0
-zabbix_api_validate_certs: "{{ zabbix_validate_certs }}"
-zabbix_url: http://localhost # Will be deprecated in 2.0.0
-zabbix_api_server_url: "{{ zabbix_url }}"
-zabbix_api_server_host: "{{ zabbix_api_server_url | urlsplit('hostname') }}"
-zabbix_api_port_from_url: "{{ zabbix_api_server_port | default(zabbix_api_server_url | urlsplit('port')) }}"
-zabbix_api_scheme_from_url: "{{ zabbix_api_server_url | urlsplit('scheme') }}"
-zabbix_api_port_from_shema: "{{ (zabbix_api_scheme_from_url == 'https') | ternary(443, 80) }}"
-# zabbix_http_user: admin # Will be deprecated in 2.0.0
-# zabbix_http_password: admin # Will be deprecated in 2.0.0
-# zabbix_api_http_user: admin
-# zabbix_api_http_password: admin
-zabbix_api_user: Admin # Will be deprecated in 2.0.0
-zabbix_api_pass: !unsafe zabbix # Will be deprecated in 2.0.0
-zabbix_api_login_user: "{{ zabbix_api_user }}"
-zabbix_api_login_pass: "{{ zabbix_api_pass }}"
+zabbix_api_server_host: localhost
+zabbix_api_use_ssl: false
+# zabbix_api_server_port: 80
+zabbix_api_login_user: Admin
+zabbix_api_login_pass: !unsafe zabbix
+zabbix_api_validate_certs: false
ansible_httpapi_pass: "{{ zabbix_api_login_pass }}"
-ansible_httpapi_port: "{{ (zabbix_api_port_from_url == '') | ternary(zabbix_api_port_from_shema, zabbix_api_port_from_url) }}"
-ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl | default((zabbix_api_scheme_from_url == 'https') | ternary(true, false)) }}"
+ansible_httpapi_port: "{{ zabbix_api_server_port }}"
ansible_httpapi_validate_certs: "{{ zabbix_api_validate_certs }}"
-zabbix_api_create_proxy: false
zabbix_api_timeout: 30
-zabbix_create_proxy: present # or absent # Will be deprecated in 2.0.0
-zabbix_proxy_state: "{{ zabbix_create_proxy }}"
+zabbix_api_create_proxy: false
+zabbix_proxy_state: present
zabbix_proxy_status: active # or passive
-zabbix_useuip: 1
-zabbix_proxy_become_on_localhost: true
-zabbix_proxy_interface:
- useip: "{{ zabbix_useuip }}"
- ip: "{{ zabbix_proxy_ip }}"
- dns: "{{ ansible_fqdn }}"
- port: "{{ zabbix_proxy_listenport }}"
+# TLS setttings
+zabbix_proxy_tlsaccept:
+zabbix_proxy_tlsconnect:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml
index 8f42133be..9d5b88ee3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/handlers/main.yml
@@ -2,27 +2,16 @@
# handlers file for zabbix-proxy
- name: restart zabbix-proxy
- service:
+ ansible.builtin.service:
name: zabbix-proxy
state: restarted
enabled: true
become: true
when:
- zabbix_proxy_manage_service | bool
- - zabbix_repo != 'epel'
-
-- name: restart zabbix-proxy
- service:
- name: zabbix-proxy-mysql{{ zabbix_proxy_database_long }}
- state: restarted
- enabled: true
- become: true
- when:
- - zabbix_proxy_manage_service | bool
- - zabbix_repo == 'epel'
- name: "clean repo files from proxy creds"
- shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+ ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
become: true
when:
- ansible_os_family == 'RedHat'
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
index fae6b5b96..8e27e7d27 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
@@ -1,76 +1,48 @@
---
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
-
-- name: "Set some variables"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_proxy_apt_repository:
- - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/"
- - "{{ ansible_distribution_release }}"
- - "main"
- zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}"
- zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
- when:
- - ansible_machine != "aarch64"
-
-- name: "Set some variables"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_proxy_apt_repository:
- - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/"
- - "{{ ansible_distribution_release }}"
- - "main"
- zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}"
+- name: "Debian | Set short version name"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}"
zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
- when:
- - ansible_machine == "aarch64"
-
-- name: "Debian | Set some facts"
- set_fact:
- apache_log: apache2
- datafiles_path: "/usr/share/zabbix-proxy-{{ zabbix_proxy_database }}"
- when:
- - zabbix_version is version_compare('3.0', '<')
+ zabbix_underscore_version: "{{ zabbix_proxy_version | regex_replace('\\.', '_') }}"
tags:
- - zabbix-proxy
- - init
- - config
+ - always
-- name: "Debian | Set some facts for Zabbix >= 3.0 && < 5.4"
- set_fact:
- apache_log: apache2
- datafiles_path: /usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}
- when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_version is version('5.4', '<')
+- name: "Debian | Installing lsb-release"
+ ansible.builtin.apt:
+ pkg: lsb-release
+ update_cache: true
+ cache_valid_time: 3600
+ force: true
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ become: true
tags:
- - zabbix-proxy
- - init
- - config
+ - install
-- name: "Debian | Set some facts for Zabbix == 5.4"
- set_fact:
- datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}
+- name: "Debian | Update ansible_lsb fact"
+ ansible.builtin.setup:
+ gather_subset:
+ - lsb
+
+- name: "Debian | Repo URL"
+ ansible.builtin.set_fact:
+ zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
when:
- - zabbix_version is version('5.4', '==')
+ - zabbix_repo_deb_url is undefined
tags:
- - zabbix-proxy
- - init
- - config
+ - always
-- name: "Debian | Set some facts for Zabbix >= 6.0"
- set_fact:
- datafiles_path: /usr/share/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}
- when:
- - zabbix_version is version('6.0', '>=')
+- name: "Debian | Set some facts for Zabbix"
+ ansible.builtin.set_fact:
+ datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}
tags:
- - zabbix-proxy
- - init
+ - install
- config
- name: "Debian | Installing gnupg"
- apt:
+ ansible.builtin.apt:
pkg: gnupg
update_cache: true
cache_valid_time: 3600
@@ -82,108 +54,97 @@
register: gnupg_installed
until: gnupg_installed is succeeded
become: true
+ tags:
+ - install
+
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/
+ state: directory
+ mode: "0755"
+ become: true
+ when:
+ - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
-- name: "Debian | Install gpg key"
- apt_key:
- id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}"
+- name: "Debian | Download gpg key"
+ ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
+ dest: "{{ zabbix_gpg_key }}"
+ mode: "0644"
+ force: true
register: are_zabbix_proxy_dependency_packages_installed
until: are_zabbix_proxy_dependency_packages_installed is succeeded
- when:
- - zabbix_repo == "zabbix"
become: true
tags:
- - zabbix-proxy
- - init
+ - install
- name: "Debian | Installing repository {{ ansible_distribution }}"
- apt_repository:
- repo: "{{ item }} {{ zabbix_proxy_apt_repository | join(' ') }}"
- state: present
- when: zabbix_repo == "zabbix"
+ ansible.builtin.copy:
+ dest: /etc/apt/sources.list.d/zabbix.sources
+ owner: root
+ group: root
+ mode: 0644
+ content: |
+ Types: deb deb-src
+ Enabled: yes
+ URIs: {{ zabbix_repo_deb_url }}
+ Suites: {{ ansible_distribution_release }}
+ Components: {{ zabbix_repo_deb_component }}
+ Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+ Signed-By: {{ zabbix_gpg_key }}
become: true
- with_items:
- - deb-src
- - deb
tags:
- - zabbix-proxy
- - init
-
+ - install
+
- name: "Debian | Create /etc/apt/preferences.d/"
- file:
+ ansible.builtin.file:
path: /etc/apt/preferences.d/
state: directory
- mode: '0755'
+ mode: "0755"
when:
- zabbix_proxy_apt_priority | int
become: true
-
+ tags:
+ - install
+
- name: "Debian | Configuring the weight for APT"
- copy:
+ ansible.builtin.copy:
dest: "/etc/apt/preferences.d/zabbix-proxy-{{ zabbix_proxy_database }}"
content: |
Package: zabbix-proxy-{{ zabbix_proxy_database }}
Pin: origin repo.zabbix.com
Pin-Priority: {{ zabbix_proxy_apt_priority }}
owner: root
- mode: '0644'
+ mode: "0644"
when:
- zabbix_proxy_apt_priority | int
become: true
-
-- name: Check if warn parameter can be used for shell module
- set_fact:
- produce_warn: False
- when: ansible_version.full is version("2.14", "<")
-
-- name: apt-get clean
- shell: apt-get clean; apt-get update
- args:
- warn: "{{ produce_warn | default(omit) }}"
- changed_when: false
- become: true
tags:
- - skip_ansible_lint
-
-# On certain 18.04 images, such as docker or lxc, dpkg is configured not to
-# install files into paths /usr/share/doc/*
-# Since this is where Zabbix installs its database schemas, we need to allow
-# files to be installed to /usr/share/doc/zabbix*
-- name: Check for the dpkg exclude line
- command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes
- register: dpkg_exclude_line
- failed_when: false
- changed_when: false
- check_mode: false
-
-- name: Allow Zabbix dpkg installs to /usr/share/doc/zabbix*
- lineinfile:
- path: /etc/dpkg/dpkg.cfg.d/excludes
- line: 'path-include=/usr/share/doc/zabbix*'
- become: true
- when:
- - dpkg_exclude_line.rc == 0
+ - install
- name: "Debian | Installing zabbix-proxy-{{ zabbix_proxy_database }}"
- apt:
- pkg: zabbix-proxy-{{ zabbix_proxy_database }}
- state: "{{ zabbix_proxy_package_state }}"
+ ansible.builtin.apt:
+ pkg: "zabbix-proxy-{{ zabbix_proxy_database }}"
update_cache: true
cache_valid_time: 0
- install_recommends: "{{ zabbix_proxy_install_recommends }}"
+ force: true
+ state: "{{ zabbix_proxy_package_state }}"
default_release: "{{ ansible_distribution_release }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_package_installed
- until: zabbix_proxy_package_installed is succeeded
+ register: is_zabbix_proxy_package_installed
+ until: is_zabbix_proxy_package_installed is succeeded
become: true
tags:
- - zabbix-proxy
- - init
+ - install
- name: "Debian | Installing zabbix-sql-scripts"
- apt:
+ ansible.builtin.apt:
pkg: zabbix-sql-scripts
state: "{{ zabbix_proxy_package_state }}"
update_cache: true
@@ -195,14 +156,13 @@
register: zabbix_proxy_package_sql_installed
until: zabbix_proxy_package_sql_installed is succeeded
when:
- - zabbix_version is version('5.4', '>=')
+ - zabbix_proxy_version is version('6.0', '>=')
become: true
tags:
- - zabbix-proxy
- - init
+ - install
- name: "Debian | Install Ansible module dependencies"
- apt:
+ ansible.builtin.apt:
name: "{{ zabbix_python_prefix }}-psycopg2"
state: present
environment:
@@ -212,16 +172,14 @@
until: zabbix_proxy_dependencies_installed is succeeded
become: true
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
tags:
- - zabbix-proxy
- - init
+ - install
+ - dependencies
- name: "Debian | Install Mysql Client package"
- apt:
- name:
- - default-mysql-client
- - "{{ zabbix_python_prefix }}-mysqldb"
+ ansible.builtin.apt:
+ name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}"
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
@@ -232,35 +190,13 @@
when:
- zabbix_proxy_database == 'mysql'
- zabbix_proxy_install_database_client
- - ansible_distribution_release != "buster"
tags:
- - zabbix-proxy
- - init
- - database
-
-- name: "Debian 10 | Install Mysql Client package"
- apt:
- name:
- - mariadb-client
- - "{{ zabbix_python_prefix }}-mysqldb"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_dependencies_installed
- until: zabbix_proxy_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_proxy_database == 'mysql'
- - zabbix_proxy_install_database_client
- - ansible_distribution_release == "buster"
- tags:
- - zabbix-proxy
- - init
+ - install
+ - dependencies
- database
- name: "Debian | Install PostgreSQL Client package"
- apt:
+ ansible.builtin.apt:
name: postgresql-client
state: present
environment:
@@ -270,16 +206,16 @@
until: are_zabbix_proxy_dependency_packages_installed is succeeded
become: true
when:
- - zabbix_database_creation or zabbix_database_sqlload
+ - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload
- zabbix_proxy_database == 'pgsql'
- zabbix_proxy_install_database_client
tags:
- - zabbix-proxy
- - init
+ - install
+ - dependencies
- database
- name: "Debian | Install sqlite3"
- apt:
+ ansible.builtin.apt:
name: sqlite3
state: present
environment:
@@ -291,4 +227,6 @@
when:
- zabbix_proxy_database == 'sqlite3'
tags:
- - zabbix-proxy
+ - install
+ - dependencies
+ - database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml
index 34a40396e..f35b3c7b3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/RedHat.yml
@@ -1,323 +1,147 @@
---
# Tasks specific for RedHat systems
-- name: "Set short version name"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
-
-- name: "RedHat | Use EPEL package name"
- set_fact:
- zabbix_proxy_package: "zabbix{{ zabbix_version | regex_replace('\\.', '') }}-proxy"
- when:
- - zabbix_repo == "epel"
+- name: "RedHat | Set short version name"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}"
tags:
- - zabbix-proxy
- - init
-
-- name: "RedHat | Define package with version"
- set_fact:
- zabbix_proxy_package: "zabbix{{ zabbix_short_version }}-proxy-{{ zabbix_proxy_database }}"
- cacheable: true
- when:
- - zabbix_proxy_rhel_version is defined
- - zabbix_repo != "epel"
+ - always
- name: "RedHat | Define package without version"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_proxy_package: "zabbix-proxy-{{ zabbix_proxy_database }}"
cacheable: true
- when:
- - zabbix_proxy_rhel_version is not defined
- - zabbix_repo != "epel"
-
-- name: "RedHat | Set some facts Zabbix < 3.0"
- set_fact:
- apache_log: httpd
- datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*/create"
- when:
- - zabbix_version is version('3.0', '<')
- tags:
- - zabbix-proxy
-
-- name: "RedHat | Set facts for Zabbix >= 3.0 && < 5.4"
- set_fact:
- apache_log: httpd
- datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*"
- when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_version is version('5.4', '<')
tags:
- - zabbix-proxy
+ - always
-- name: "RedHat | Set facts for Zabbix == 5.4"
- set_fact:
- datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}"
- when:
- - zabbix_version is version('5.4', '==')
+- name: "RedHat | Set facts for Zabbix"
+ ansible.builtin.set_fact:
+ datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}"
tags:
- - zabbix-server
-
-- name: "RedHat | Set facts for Zabbix >= 6.0"
- set_fact:
- datafiles_path: "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_database_long }}"
- when:
- - zabbix_version is version('6.0', '>=')
- tags:
- - zabbix-server
-
-- name: "RedHat | Set facts for Zabbix >= 3.0 and RedHat 8"
- set_fact:
- apache_log: httpd
- datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}"
- when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_version is version('5.4', '<')
- - ansible_distribution_major_version == '8'
- tags:
- - zabbix-proxy
-
-- name: "RedHat | Set some facts EPEL"
- set_fact:
- datafiles_path: "/usr/share/zabbix-{{ zabbix_proxy_database_long }}"
- when:
- - zabbix_repo == "epel"
- tags:
- - zabbix-server
-
-- name: "RedHat | Create 'zabbix' group (EPEL)"
- group:
- name: "{{ zabbix_proxy_groupname | default('zabbix') }}"
- gid: "{{ zabbix_proxy_groupid | default(omit) }}"
- state: present
- become: true
- when:
- - zabbix_repo == "epel"
+ - always
-- name: "RedHat | Create 'zabbix' user (EPEL)"
- user:
- name: "{{ zabbix_proxy_username | default('zabbix') }}"
- comment: Zabbix Monitoring System
- uid: "{{ zabbix_proxy_userid | default(omit) }}"
- group: zabbix
- become: true
- when:
- - zabbix_repo == "epel"
-
-- name: "Make sure old file is absent"
- file:
+- name: "RedHat | Make sure old file is absent"
+ ansible.builtin.file:
path: /etc/yum.repos.d/zabbix-supported.repo
state: absent
become: true
+ tags:
+ - install
- name: "RedHat | Install basic repo file"
- yum_repository:
+ ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
+ priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
- when:
- - zabbix_repo == "zabbix"
notify:
- "clean repo files from proxy creds"
tags:
- - zabbix-agent
-
-- name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}"
- package:
- pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
- state: "{{ zabbix_proxy_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- when:
- zabbix_repo != "other"
- register: is_zabbix_proxy_package_installed
- until: is_zabbix_proxy_package_installed is succeeded
-
-- name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }} (When zabbix_repo == other)"
- package:
- pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
- state: "{{ zabbix_proxy_package_state }}"
- become: true
- when:
- zabbix_repo == "other"
- register: is_zabbix_proxy_package_installed
- until: is_zabbix_proxy_package_installed is succeeded
-
-- name: "RedHat | Installing zabbix-sql-scripts"
- package:
- pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
- state: "{{ zabbix_proxy_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_sql_package_installed
- until: zabbix_proxy_sql_package_installed is succeeded
- when:
- - zabbix_version is version('5.4', '>=')
- - zabbix_repo != "other"
- become: true
- tags:
- - zabbix-server
-
-- name: "RedHat | Installing zabbix-sql-scripts (When zabbix_repo == other)"
- package:
- pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
- state: "{{ zabbix_proxy_package_state }}"
- register: zabbix_proxy_sql_package_installed
- until: zabbix_proxy_sql_package_installed is succeeded
- when:
- - zabbix_version is version('5.4', '>=')
- - zabbix_repo == "other"
- become: true
- tags:
- - zabbix-server
-
-- name: "RedHat | Install Ansible PostgreSQL module dependencies"
- yum:
- name: python-psycopg2
+ - install
+
+- name: Install packages for Zabbix Repository
+ block:
+ - name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}"
+ ansible.builtin.yum:
+ pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
+ state: "{{ zabbix_proxy_package_state }}"
+ disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ become: true
+ register: is_zabbix_proxy_package_installed
+ until: is_zabbix_proxy_package_installed is succeeded
+
+ - name: "RedHat | Installing zabbix-sql-scripts"
+ ansible.builtin.yum:
+ pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}"
+ state: "{{ zabbix_proxy_package_state }}"
+ disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_proxy_sql_package_installed
+ until: zabbix_proxy_sql_package_installed is succeeded
+ become: true
+ tags:
+ - install
+
+- name: "RedHat | Install Ansible PostgreSQL Client package"
+ ansible.builtin.yum:
+ name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}"
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
- register: are_zabbix_proxy_dependency_packages_installed
- until: are_zabbix_proxy_dependency_packages_installed is succeeded
+ register: are_zabbix_proxy_pgsql_packages_installed
+ until: are_zabbix_proxy_pgsql_packages_installed is succeeded
when:
- - zabbix_database_creation or zabbix_database_sqlload
+ - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload
- zabbix_proxy_database == 'pgsql'
- - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
- tags:
- - zabbix-proxy
- - init
-
-- name: "RedHat | Install Ansible module dependencies on RHEL9 or RHEL8"
- yum:
- name: python3-psycopg2
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_dependencies_installed
- until: zabbix_proxy_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_database_creation
- - zabbix_proxy_database == 'pgsql'
- - ansible_distribution_major_version|int >= 8
- tags:
- - zabbix-server
-
-- name: "RedHat | Install Mysql Client package RHEL7"
- yum:
- name:
- - mariadb
- - MySQL-python
- state: installed
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- register: are_zabbix_proxy_dependency_packages_installed
- until: are_zabbix_proxy_dependency_packages_installed is succeeded
- when:
- - zabbix_database_creation or zabbix_database_sqlload
- - zabbix_proxy_database == 'mysql'
- - ansible_distribution_major_version == '7'
- tags:
- - zabbix-proxy
- - init
-
-- name: "RedHat | Install Mysql Client packages RHEL9 or RHEL8"
- yum:
- name:
- - mysql
- - python3-PyMySQL
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_dependencies_installed
- until: zabbix_proxy_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_proxy_database == 'mysql'
- - ansible_distribution_major_version|int >= 8
tags:
- - zabbix-proxy
- - init
-
-- name: "RedHat | Install Mysql Client package RHEL5 - 6"
- yum:
- name:
- - mysql
- - MySQL-python
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- register: are_zabbix_proxy_dependency_packages_installed
- until: are_zabbix_proxy_dependency_packages_installed is succeeded
- when:
- - zabbix_database_creation or zabbix_database_sqlload
- - zabbix_proxy_database == 'mysql'
- - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5"
- - zabbix_proxy_install_database_client
- tags:
- - zabbix-proxy
- - init
+ - install
- database
-
-- name: "RedHat | Install PostgreSQL client package"
- yum:
- name: postgresql
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- register: are_zabbix_proxy_dependency_packages_installed
- until: are_zabbix_proxy_dependency_packages_installed is succeeded
- when:
- - zabbix_database_creation or zabbix_database_sqlload
- - zabbix_proxy_database == 'pgsql'
+ - dependencies
+
+- name: "RedHat | Install Mysql Client Package"
+ block:
+ - name: "RedHat | Add Mysql Repo (Centos 7 Only)"
+ ansible.builtin.yum_repository:
+ name: mariadb
+ description: MariaDB 10.8 CentOS repository list
+ file: mariadb
+ baseurl: "https://mirror.rackspace.com/mariadb/yum/10.11/centos{{ ansible_distribution_major_version }}-amd64"
+ gpgcheck: no
+ when: ansible_distribution_major_version == '7'
+
+ - name: "RedHat | Install Mysql Client package"
+ ansible.builtin.yum:
+ name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}"
+ state: installed
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ become: true
+ register: are_zabbix_proxy_mysql_packages_installed
+ until: are_zabbix_proxy_mysql_packages_installed is succeeded
+ when:
+ - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload
- zabbix_proxy_install_database_client
+ - zabbix_proxy_database == 'mysql'
tags:
- - zabbix-proxy
- - init
+ - install
- database
+ - dependencies
- name: "RedHat | Install sqlite3"
- yum:
+ ansible.builtin.yum:
name:
- sqlite
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_dependencies_installed
- until: zabbix_proxy_dependencies_installed is succeeded
+ register: zabbix_proxy_sqlite_packages_installed
+ until: zabbix_proxy_sqlite_packages_installed is succeeded
become: true
when:
- zabbix_proxy_database == 'sqlite3'
tags:
- - zabbix-proxy
+ - install
+ - database
+ - dependencies
- name: "Configure SELinux when enabled"
- include_tasks: selinux.yml
+ ansible.builtin.include_tasks: selinux.yml
when:
- - zabbix_selinux | bool
+ - zabbix_proxy_selinux | bool
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
index bd39b5b8a..f564635b1 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
@@ -1,71 +1,114 @@
---
# tasks file for zabbix_proxy
- name: "Include OS-specific variables"
- include_vars: "{{ ansible_os_family }}.yml"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - always
- name: Determine Latest Supported Zabbix Version
- set_fact:
- zabbix_proxy_version: "{{ zabbix_valid_proxy_versions[ansible_distribution_major_version][0] | default(6.0) }}"
- when: zabbix_proxy_version is not defined
+ ansible.builtin.set_fact:
+ zabbix_proxy_version: "{{ zabbix_valid_proxy_versions[ansible_distribution_major_version][0] | default(6.4) }}"
+ when: zabbix_proxy_version is not defined or zabbix_proxy_version is none
+ tags:
+ - always
-- name: "Replace Sangoma with RedHat task"
- set_fact:
- ansible_os_family: "RedHat"
- when:
- - ansible_os_family == 'Sangoma'
+- name: Set More Variables
+ ansible.builtin.set_fact:
+ zabbix_proxy_db_long: "{{ 'postgresql' if zabbix_proxy_database == 'pgsql' else zabbix_proxy_database }}"
+ zabbix_valid_version: "{{ zabbix_proxy_version|float in zabbix_valid_proxy_versions[ansible_distribution_major_version] }}"
+ zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}"
+ zabbix_proxy_fpinglocation: "{{ zabbix_proxy_fpinglocation if zabbix_proxy_fpinglocation is defined else _zabbix_proxy_fpinglocation}}"
+ zabbix_proxy_fping6location: "{{ zabbix_proxy_fping6location if zabbix_proxy_fping6location is defined else _zabbix_proxy_fping6location}}"
+ tags:
+ - always
+
+- name: Stopping Install of Invalid Version
+ ansible.builtin.fail:
+ msg: Zabbix version {{ zabbix_proxy_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+ when: not zabbix_valid_version
+ tags:
+ - always
+
+- name: Setting Zabbix API Server Port
+ ansible.builtin.set_fact:
+ zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}"
+ when: zabbix_api_server_port is undefined
+
+- name: Set Path to SQL File
+ ansible.builtin.set_fact:
+ datafile_path: "{{ db_file_path[zabbix_short_version] }}"
+ tags:
+ - install
+ - config
- name: "Set default ip address for zabbix_proxy_ip"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_proxy_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}"
when:
- zabbix_proxy_ip is not defined
- "'ansible_default_ipv4' in hostvars[inventory_hostname]"
+ tags:
+ - install
+ - config
+ - api
-- name: "Set OS dependent variables"
- include_vars: "{{ item }}"
- with_first_found:
- - "../vars/{{ ansible_distribution }}.yml"
- - "../vars/main.yml"
+- name: "Complete OS Specific Tasks"
+ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
-- name: "Install the correct repository"
- include_tasks: "{{ ansible_os_family }}.yml"
+- name: "Get the file for database schema"
+ ansible.builtin.shell: ls -1 {{ db_file_path[zabbix_short_version] }}
+ changed_when: false
+ become: true
+ when:
+ - zabbix_proxy_database_sqlload
+ register: ls_output_schema
+ tags:
+ - database
-- name: "Installing the {{ zabbix_proxy_database_long }} database"
- include_tasks: "{{ zabbix_proxy_database_long }}.yml"
+- name: "Installing the database"
+ ansible.builtin.include_tasks: "{{ zabbix_proxy_db_long }}.yml"
- name: "Create include dir zabbix-proxy"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_proxy_include }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: "{{ zabbix_proxy_include_mode }}"
state: directory
become: true
+ tags:
+ - install
+ - config
- name: "Create module dir zabbix-proxy"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_proxy_loadmodulepath }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
state: directory
mode: "0755"
become: true
+ tags:
+ - install
+ - config
- name: "Create directory for PSK file if not exist."
- file:
+ ansible.builtin.file:
path: "{{ zabbix_proxy_tlspskfile | dirname }}"
mode: 0755
state: directory
become: true
when:
- zabbix_proxy_tlspskfile is defined
+ tags:
+ - config
- name: "Place TLS PSK File"
- copy:
+ ansible.builtin.copy:
dest: "{{ zabbix_proxy_tlspskfile }}"
content: "{{ zabbix_proxy_tlspsk_secret }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: 0400
become: true
when:
@@ -73,34 +116,20 @@
- zabbix_proxy_tlspsk_secret is defined
notify:
- restart zabbix-proxy
-
-- name: "Allow zabbix-proxy to open connections (SELinux)"
- ansible.posix.seboolean:
- name: zabbix_can_network
- persistent: true
- state: true
- become: true
- when: ansible_selinux.status == "enabled"
- tags: selinux
-
-- name: "Allow zabbix-proxy to connect to zabbix_proxy_preprocessing.sock (SELinux)"
- ansible.posix.seboolean:
- name: daemons_enable_cluster_mode
- persistent: true
- state: true
- become: true
- when: ansible_selinux.status == "enabled"
- tags: selinux
+ tags:
+ - config
- name: "Configure zabbix-proxy"
- template:
+ ansible.builtin.template:
src: zabbix_proxy.conf.j2
- dest: /etc/zabbix/zabbix_proxy.conf
- owner: zabbix
- group: zabbix
+ dest: "{{ zabbix_proxy_config }}"
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: "{{ zabbix_proxy_conf_mode }}"
notify: restart zabbix-proxy
become: true
+ tags:
+ - config
- name: Ensure proxy definition is up-to-date (added/updated/removed)
vars:
@@ -108,9 +137,9 @@
ansible_user: "{{ zabbix_api_login_user }}"
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
- # Can't think of a way to make http_login_* vars be undefined -(
- http_login_user: "{{ zabbix_api_http_user | default(zabbix_http_user | default(-42)) }}"
- http_login_password: "{{ zabbix_api_http_password | default(zabbix_http_password | default(-42)) }}"
+ ansible_httpapi_use_ssl: "{{ zabbix_api_use_ssl }}"
+ http_login_user: "{{ zabbix_api_http_user | default(-42) }}"
+ http_login_password: "{{ zabbix_api_http_password | default(-42) }}"
community.zabbix.zabbix_proxy:
state: "{{ zabbix_proxy_state }}"
status: "{{ zabbix_proxy_status }}"
@@ -125,14 +154,15 @@
when:
- zabbix_api_create_proxy | bool
delegate_to: "{{ zabbix_api_server_host }}"
- become: false
tags:
- api
- name: "zabbix-proxy started"
- service:
+ ansible.builtin.service:
name: zabbix-proxy
state: started
enabled: true
become: true
when: zabbix_proxy_manage_service | bool
+ tags:
+ - service
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml
index 6d699ea83..dde847a53 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/mysql.yml
@@ -1,21 +1,35 @@
---
# task file for mysql
-- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- set_fact:
+- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}"
when:
- zabbix_proxy_dbhost_run_install
+ tags:
+ - database
-- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- set_fact:
+- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ inventory_hostname }}"
when:
- not zabbix_proxy_dbhost_run_install
+ tags:
+ - database
-- name: "Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer"
- set_fact:
+- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_proxy_real_dbhost }}"
when: zabbix_proxy_real_dbhost | default(false)
+ tags:
+ - database
+
+- name: PyMySQL
+ ansible.builtin.pip:
+ name: PyMySQL
+ register: installation_dependencies
+ until: installation_dependencies is succeeded
+ tags:
+ - database
- name: "MySQL | Create database"
community.mysql.mysql_db:
@@ -28,11 +42,10 @@
login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}"
state: present
- when: zabbix_database_creation
+ when: zabbix_proxy_database_creation
register: zabbix_database_created
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-proxy
- database
- skip_ansible_lint
@@ -47,31 +60,22 @@
password: "{{ zabbix_proxy_dbpassword }}"
priv: "{{ zabbix_proxy_dbname }}.*:ALL"
host: "{{ zabbix_proxy_privileged_host }}"
+ plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}"
state: present
- when: zabbix_database_creation
+ when: zabbix_proxy_database_creation
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-proxy
- database
-- name: "Get the file for schema.sql"
- shell: ls -1 {{ datafiles_path }}/{{ 'schema' if zabbix_version is version('6.0', '<') else 'proxy' }}.sq*
- changed_when: false
- when:
- - zabbix_database_sqlload
- - zabbix_repo != "epel"
- register: ls_output_create
- tags:
- - zabbix-proxy
- - database
-
-- name: "Check if we have done files"
- stat:
+- name: "MySQL | Check if we have done files"
+ ansible.builtin.stat:
path: /etc/zabbix/schema.done
register: done_file
+ become: true
when:
- - zabbix_database_sqlload
- - zabbix_repo != "epel"
+ - zabbix_proxy_database_sqlload
+ tags:
+ - database
- name: "MySQL | Get version_comment"
community.mysql.mysql_variables:
@@ -84,7 +88,6 @@
delegate_to: "{{ delegated_dbhost }}"
register: install_mysql_version
tags:
- - zabbix-proxy
- database
- name: "MySQL | Get current value for innodb_default_row_format"
@@ -100,7 +103,6 @@
when:
- install_mysql_version.msg is version('5.6', '>=')
tags:
- - zabbix-proxy
- database
- name: "MySQL | Set innodb_default_row_format to dynamic"
@@ -113,15 +115,12 @@
login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_proxy_database_sqlload | bool
- not done_file.stat.exists
- install_mysql_version.msg is version('5.6', '>=')
- mysql_innodb_default_row_format.msg != 'dynamic'
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-proxy
- database
- name: "MySQL | Create database and import file"
@@ -135,42 +134,39 @@
encoding: "{{ zabbix_proxy_dbencoding }}"
collation: "{{ zabbix_proxy_dbcollation }}"
state: import
- target: "{{ ls_output_create.stdout }}"
+ target: "{{ ls_output_schema.stdout }}"
when:
- - zabbix_database_sqlload
- - zabbix_repo != "epel"
+ - zabbix_proxy_database_sqlload
- not done_file.stat.exists
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-proxy
- database
- name: "MySQL | Revert innodb_default_row_format to previous value"
community.mysql.mysql_variables:
variable: innodb_default_row_format
- value: '{{ mysql_innodb_default_row_format.msg }}'
+ value: "{{ mysql_innodb_default_row_format.msg }}"
login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}"
login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}"
login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}"
login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_proxy_database_sqlload | bool
- not done_file.stat.exists
- mysql_innodb_default_row_format.msg != 'dynamic'
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-proxy
- database
-- name: "Create done file"
- file:
+- name: "MySQL | Create done file"
+ ansible.builtin.file:
path: /etc/zabbix/schema.done
state: touch
- mode: '0644'
+ mode: "0644"
+ become: true
when:
- - zabbix_database_sqlload
- - zabbix_repo != "epel"
+ - zabbix_proxy_database_sqlload
- not done_file.stat.exists
+ tags:
+ - database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml
index f32618d94..e71af9aba 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/postgresql.yml
@@ -1,17 +1,21 @@
---
# task file for postgresql
-- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- set_fact:
+- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}"
when:
- zabbix_proxy_dbhost_run_install
+ tags:
+ - database
-- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- set_fact:
+- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ inventory_hostname }}"
when:
- not zabbix_proxy_dbhost_run_install
+ tags:
+ - database
- name: "PostgreSQL | Delegated"
block:
@@ -20,8 +24,9 @@
name: "{{ zabbix_proxy_dbname }}"
port: "{{ zabbix_proxy_dbport }}"
state: present
+
- name: "PostgreSQL | Delegated | Create database user"
- postgresql_user:
+ community.postgresql.postgresql_user:
db: "{{ zabbix_proxy_dbname }}"
name: "{{ zabbix_proxy_dbuser }}"
password: "{{ ('md5' + (zabbix_proxy_dbpassword + zabbix_proxy_dbuser)|hash('md5')) if zabbix_proxy_dbpassword_hash_method == 'md5' else zabbix_proxy_dbpassword }}"
@@ -33,10 +38,9 @@
become_user: postgres
delegate_to: "{{ delegated_dbhost }}"
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
- zabbix_proxy_pgsql_login_host is not defined
tags:
- - zabbix-proxy
- database
- name: "PostgreSQL | Remote"
@@ -51,7 +55,7 @@
port: "{{ zabbix_proxy_dbport }}"
state: present
- name: "PostgreSQL | Remote | Create database user"
- postgresql_user:
+ community.postgresql.postgresql_user:
login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}"
login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}"
@@ -63,30 +67,30 @@
state: present
encrypted: true
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
- zabbix_proxy_pgsql_login_host is defined
tags:
- - zabbix-proxy
+ - database
+
+- name: "PostgreSQL | Handle Compressed Schema File"
+ ansible.builtin.set_fact:
+ zabbix_proxy_cat_cmd: zcat
+ when: "'.gz' in ls_output_schema.stdout"
+ tags:
- database
- name: "PostgreSQL | Importing schema file"
- shell: |
+ ansible.builtin.shell: |
set -euxo pipefail
- FILE={{ 'schema.sql' if zabbix_version is version('6.0', '<') else 'proxy.sql' }}
- cd {{ datafiles_path }}
- if [ -f ${FILE}.gz ]
- then zcat ${FILE}.gz > /tmp/schema.sql
- else
- cp ${FILE} /tmp/schema.sql
- fi
- cat /tmp/schema.sql | psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' \
- -d '{{ zabbix_proxy_dbname }}'
+ {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' -d '{{ zabbix_proxy_dbname }}'
touch /etc/zabbix/schema.done
- rm -f /tmp/schema.sql
args:
creates: /etc/zabbix/schema.done
executable: /bin/bash
environment:
- PGPASSWORD: '{{ zabbix_proxy_dbpassword }}'
+ PGPASSWORD: "{{ zabbix_proxy_dbpassword }}"
+ become: true
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
+ tags:
+ - database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml
index 02fb4ebaf..0dca77c52 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/selinux.yml
@@ -1,11 +1,7 @@
---
-
- name: "SELinux | RedHat | Install related SELinux package to fix issues"
- yum:
- name:
- - policycoreutils-python
- - libsemanage-python
- - checkpolicy
+ ansible.builtin.yum:
+ name: "{{ selinux_pkgs[ansible_distribution_major_version] }}"
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
@@ -13,38 +9,32 @@
register: zabbix_proxy_dependencies_installed
until: zabbix_proxy_dependencies_installed is succeeded
become: true
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
- tags:
- - zabbix-proxy
-
-- name: "SELinux | RedHat | Install related SELinux package to fix issues on RHEL8"
- yum:
- name:
- - policycoreutils
- - checkpolicy
- - python3-libsemanage
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_proxy_dependencies_installed
- until: zabbix_proxy_dependencies_installed is succeeded
- become: true
- when:
- - ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
tags:
- zabbix-proxy
- name: "SELinux | RedHat | Add SEmodule to fix SELinux issue: zabbix_proxy_alerter.sock"
- script:
+ ansible.builtin.script:
cmd: files/install_semodule.bsx
args:
creates: /etc/selinux/targeted/active/modules/400/zabbix_proxy_add/cil
become: true
- when:
- - ansible_os_family == "RedHat"
tags:
- zabbix-proxy
+
+- name: "Allow zabbix-proxy to open connections (SELinux)"
+ ansible.posix.seboolean:
+ name: zabbix_can_network
+ persistent: true
+ state: true
+ become: true
+ when: ansible_selinux.status == "enabled"
+ tags: selinux
+
+- name: "Allow zabbix-proxy to connect to zabbix_proxy_preprocessing.sock (SELinux)"
+ ansible.posix.seboolean:
+ name: daemons_enable_cluster_mode
+ persistent: true
+ state: true
+ become: true
+ when: ansible_selinux.status == "enabled"
+ tags: selinux
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml
index 03fbf6fb3..3d74b73e7 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/sqlite3.yml
@@ -2,49 +2,54 @@
# task file for sqlite3
- name: "Sqlite3 | Default Database Path"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_proxy_dbname: /var/lib/zabbix/zabbix_proxy.db
when:
- zabbix_proxy_dbname == "zabbix_proxy"
+ tags:
+ - database
- name: "Sqlite3 | Create database"
- file:
+ ansible.builtin.file:
name: "{{ zabbix_proxy_dbname | dirname }}"
mode: 0744
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
seuser: system_u
serole: object_r
setype: zabbix_var_lib_t
state: directory
become: true
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
+ tags:
+ - database
+
+- name: "Sqlite3 | Handle Compressed Schema File"
+ ansible.builtin.set_fact:
+ zabbix_proxy_cat_cmd: zcat
+ when: "'.gz' in ls_output_schema.stdout"
+ tags:
+ - database
- name: "Sqlite3 | Importing schema file"
become: true
- become_user: zabbix
- shell: |
- set -o pipefail
- FILE={{ 'schema.sql' if zabbix_version is version('6.0', '<') else 'proxy.sql' }}
- cd {{ datafiles_path }}
- if [ -f ${FILE}.gz ]
- then zcat ${FILE}.gz > /tmp/schema.sql
- else
- cp ${FILE} /tmp/schema.sql
- fi
- cat /tmp/schema.sql | sqlite3 {{ zabbix_proxy_dbname }}
- rm -f /tmp/schema.sql
+ become_user: "{{ zabbix_os_user }}"
+ ansible.builtin.shell: |
+ set -euxo pipefail
+ {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | sqlite3 {{ zabbix_proxy_dbname }}
args:
creates: "{{ zabbix_proxy_dbname }}"
executable: /bin/bash
environment:
- PGPASSWORD: '{{ zabbix_proxy_dbpassword }}'
+ PGPASSWORD: "{{ zabbix_proxy_dbpassword }}"
when:
- - zabbix_database_creation
+ - zabbix_proxy_database_creation
+ tags:
+ - database
-- name: "Fix zabbix db file permission (SELinux)"
- file:
+- name: "Sqlite3 | Fix zabbix db file permission (SELinux)"
+ ansible.builtin.file:
path: "{{ zabbix_proxy_dbname }}"
state: file
seuser: system_u
@@ -53,5 +58,6 @@
become: true
when:
- ansible_selinux.status == "enabled"
- - zabbix_database_creation
- tags: selinux
+ - zabbix_proxy_database_creation
+ tags:
+ - database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
index b61842d12..60ae3f0a5 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
@@ -4,197 +4,116 @@
# This configuration file is "minimalized", which means all the original comments
# are removed. The full documentation for your Zabbix Proxy can be found here:
-# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_proxy
+# https://www.zabbix.com/documentation/{{ zabbix_proxy_version }}/en/manual/appendix/config/zabbix_proxy
-ProxyMode={{ zabbix_proxy_mode }}
-Server={{ zabbix_proxy_server }}
-{% if zabbix_version is version('6.0', '<') %}
-ServerPort={{ zabbix_proxy_serverport }}
-{% endif %}
-{% if zabbix_proxy_hostname is defined and zabbix_proxy_hostname %}
-Hostname={{ zabbix_proxy_hostname }}
-{% endif %}
-{% if zabbix_proxy_hostnameitem is defined and zabbix_proxy_hostnameitem %}
-HostnameItem={{ zabbix_proxy_hostnameitem }}
-{% endif %}
-ListenPort={{ zabbix_proxy_listenport }}
-{% if zabbix_proxy_sourceip is defined and zabbix_proxy_sourceip %}
-SourceIP={{ zabbix_proxy_sourceip }}
-{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
-LogType={{ zabbix_proxy_logtype }}
-{% endif %}
-LogFile={{ zabbix_proxy_logfile }}
-LogFileSize={{ zabbix_proxy_logfilesize }}
-EnableRemoteCommands={{ zabbix_proxy_enableremotecommands }}
-DebugLevel={{ zabbix_proxy_debuglevel }}
-PidFile={{ zabbix_proxy_pidfile }}
-{% if zabbix_version is version('3.2', '>') %}
-SocketDir={{ zabbix_proxy_socketdir }}
-{% endif %}
-DBHost={{ zabbix_proxy_dbhost }}
-DBName={{ zabbix_proxy_dbname }}
-{% if zabbix_proxy_dbschema is defined and zabbix_proxy_dbschema %}
-DBSchema={{ zabbix_proxy_dbschema }}
-{% endif %}
-DBUser={{ zabbix_proxy_dbuser }}
-DBPassword={{ zabbix_proxy_dbpassword }}
-DBPort={{ zabbix_proxy_dbport }}
-{% if zabbix_version is version('6.0', '>=') %}
-AllowUnsupportedDBVersions={{ zabbix_proxy_allowunsupporteddbversions }}
-{% endif %}
-ProxyLocalBuffer={{ zabbix_proxy_proxylocalbuffer }}
-ProxyOfflineBuffer={{ zabbix_proxy_proxyofflinebuffer }}
-{% if zabbix_version is version('6.4', '<') %}
-HeartbeatFrequency={{ zabbix_proxy_heartbeatfrequency }}
-{% endif %}
-{% if zabbix_proxy_configfrequency is defined and zabbix_proxy_configfrequency is not none %}
-{% if zabbix_version is version('6.4', '<') %}
-ConfigFrequency={{ zabbix_proxy_configfrequency }}
-{% else %}
-ProxyConfigFrequency={{ zabbix_proxy_configfrequency }}
-{% endif %}
-{% else %}
-{% if zabbix_version is version('6.2', '<') %}
-ConfigFrequency=3600
-{% elif zabbix_version is version('6.4', '<') %}
-ConfigFrequency=300
-{% else %}
-ProxyConfigFrequency=10
-{% endif %}
-{% endif %}
-DataSenderFrequency={{ zabbix_proxy_datasenderfrequency }}
-StartPollers={{ zabbix_proxy_startpollers }}
-StartIPMIPollers={{ zabbix_proxy_startipmipollers }}
-{% if zabbix_version is version('4.2', '>=') %}
-StartPreprocessors={{ zabbix_proxy_startpreprocessors }}
-{% endif %}
-StartPollersUnreachable={{ zabbix_proxy_startpollersunreachable }}
-StartTrappers={{ zabbix_proxy_starttrappers }}
-StartPingers={{ zabbix_proxy_startpingers }}
-StartDiscoverers={{ zabbix_proxy_startdiscoverers }}
-StartHTTPPollers={{ zabbix_proxy_starthttppollers }}
-{% if zabbix_proxy_javagateway is defined and zabbix_proxy_javagateway %}
-JavaGateway={{ zabbix_proxy_javagateway }}
-JavaGatewayPort={{ zabbix_proxy_javagatewayport }}
-StartJavaPollers={{ zabbix_proxy_startjavapollers }}
-{% endif %}
-{% if zabbix_version is version_compare('2.4', '>=') %}
-StartVMwareCollectors={{ zabbix_proxy_startvmwarecollector }}
-VMwareFrequency={{ zabbix_proxy_vmwarefrequency }}
-VMwareCacheSize={{ zabbix_proxy_vmwarecachesize -}}M
-{% endif %}
-SNMPTrapperFile={{ zabbix_proxy_snmptrapperfile }}
-StartSNMPTrapper={{ zabbix_proxy_snmptrapper }}
-{% if zabbix_proxy_listenip is defined and zabbix_proxy_listenip %}
-ListenIP={{ zabbix_proxy_listenip }}
-{% endif %}
-HousekeepingFrequency={{ zabbix_proxy_housekeepingfrequency }}
-CacheSize={{ zabbix_proxy_cachesize -}}M
-StartDBSyncers={{ zabbix_proxy_startdbsyncers }}
-HistoryCacheSize={{ zabbix_proxy_historycachesize -}}M
-{% if zabbix_version is version_compare('3.2', '>=') %}
-HistoryIndexCacheSize={{ zabbix_proxy_historyindexcachesize -}}M
-{% endif %}
-{% if zabbix_version is version_compare('2.4', '<') %}
-HistoryTextCacheSize={{ zabbix_proxy_historytextcachesize -}}M
-{% endif %}
-Timeout={{ zabbix_proxy_timeout }}
-TrapperTimeout={{ zabbix_proxy_trappertimeout }}
-UnreachablePeriod={{ zabbix_proxy_unreachableperiod }}
-UnavailableDelay={{ zabbix_proxy_unavaliabledelay }}
-UnreachableDelay={{ zabbix_proxy_unreachabedelay }}
-{% if zabbix_version is version_compare('6.2', '>=') %}
-StartODBCPollers={{ zabbix_proxy_startodbcpollers }}
-{% endif %}
-ExternalScripts={{ zabbix_proxy_externalscripts }}
-FpingLocation={{ zabbix_proxy_fpinglocation }}
-Fping6Location={{ zabbix_proxy_fping6location }}
-{% if zabbix_proxy_sshkeylocation is defined and zabbix_proxy_sshkeylocation %}
-SSHKeyLocation={{ zabbix_proxy_sshkeylocation }}
-{% endif %}
-LogSlowQueries={{ zabbix_proxy_loglowqueries }}
-TmpDir={{ zabbix_proxy_tmpdir }}
-{% if zabbix_version is version_compare('2.4', '<') %}
-AllowRoot={{ zabbix_proxy_allowroot }}
-{% endif %}
-Include={{ zabbix_proxy_include }}
-{% if zabbix_version is version_compare('3.0', '<') %}
-LoadModulePath={{ zabbix_proxy_loadmodulepath }}
-{% endif %}
-{% if zabbix_proxy_loadmodule is defined and zabbix_proxy_loadmodule %}
-LoadModule={{ zabbix_proxy_loadmodule }}
-{% endif %}
-{% if zabbix_version is version_compare('4.0', '>=') %}
-StatsAllowedIP={{ zabbix_proxy_statsallowedip }}
-{% endif %}
-{% if zabbix_version is version_compare('3.0', '>=') %}
-{% if zabbix_proxy_tlsconnect is defined and zabbix_proxy_tlsconnect %}
-TLSConnect={{ zabbix_proxy_tlsconnect }}
-{% endif %}
-{% if zabbix_proxy_tlsaccept is defined and zabbix_proxy_tlsaccept %}
-TLSAccept={{ zabbix_proxy_tlsaccept }}
-{% endif %}
-{% if zabbix_proxy_tlscafile is defined and zabbix_proxy_tlscafile %}
-TLSCAFile={{ zabbix_proxy_tlscafile }}
-{% endif %}
-{% if zabbix_proxy_tlscrlfile is defined and zabbix_proxy_tlscrlfile %}
-TLSCRLFile={{ zabbix_proxy_tlscrlfile }}
-{% endif %}
-{% if zabbix_proxy_tlsservercertissuer is defined and zabbix_proxy_tlsservercertissuer %}
-TLSServerCertIssuer={{ zabbix_proxy_tlsservercertissuer }}
-{% endif %}
-{% if zabbix_proxy_tlsservercertsubject is defined and zabbix_proxy_tlsservercertsubject %}
-TLSServerCertSubject={{ zabbix_proxy_tlsservercertsubject }}
-{% endif %}
-{% if zabbix_proxy_tlscertfile is defined and zabbix_proxy_tlscertfile %}
-TLSCertFile={{ zabbix_proxy_tlscertfile }}
-{% endif %}
-{% if zabbix_proxy_tlskeyfile is defined and zabbix_proxy_tlskeyfile %}
-TLSKeyFile={{ zabbix_proxy_tlskeyfile }}
-{% endif %}
-{% if zabbix_proxy_tlspskidentity is defined and zabbix_proxy_tlspskidentity %}
-TLSPSKIdentity={{ zabbix_proxy_tlspskidentity }}
-{% endif %}
-{% if zabbix_proxy_tlspskfile is defined and zabbix_proxy_tlspskfile %}
-TLSPSKFile={{ zabbix_proxy_tlspskfile }}
-{% endif %}
-{% endif %}
-{% if zabbix_proxy_dbtlsconnect is defined and zabbix_proxy_dbtlsconnect is not none %}
-DBTLSConnect={{ zabbix_proxy_dbtlsconnect }}
-{% endif %}
-{% if zabbix_proxy_dbtlscafile is defined and zabbix_proxy_dbtlscafile is not none %}
-DBTLSCAFile={{ zabbix_proxy_dbtlscafile }}
-{% endif %}
-{% if zabbix_proxy_dbtlscertfile is defined and zabbix_proxy_dbtlscertfile is not none %}
-DBTLSCertFile={{ zabbix_proxy_dbtlscertfile }}
-{% endif %}
-{% if zabbix_proxy_dbtlskeyfile is defined and zabbix_proxy_dbtlskeyfile is not none %}
-DBTLSKeyFile={{ zabbix_proxy_dbtlskeyfile }}
-{% endif %}
-{% if zabbix_proxy_dbtlscipher is defined and zabbix_proxy_dbtlscipher is not none %}
-DBTLSCipher={{ zabbix_proxy_dbtlscipher }}
-{% endif %}
-{% if zabbix_proxy_dbtlscipher13 is defined and zabbix_proxy_dbtlscipher13 is not none %}
-DBTLSCipher13={{ zabbix_proxy_dbtlscipher13 }}
-{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
-{% if zabbix_proxy_vaulttoken is defined and zabbix_proxy_vaulttoken is not none %}
-VaultToken={{ zabbix_proxy_vaulttoken }}
-{% endif %}
-{% if zabbix_proxy_vaulturl is defined and zabbix_proxy_vaulturl is not none %}
-VaultURL={{ zabbix_proxy_vaulturl }}
-{% endif %}
-{% if zabbix_proxy_vaultdbpath is defined and zabbix_proxy_vaultdbpath is not none %}
-VaultDBPath={{ zabbix_proxy_vaultdbpath }}
-{% endif %}
-{% if zabbix_proxy_vaulttlscertfile is defined and zabbix_proxy_vaulttlscertfile is not none %}
-VaultTLSKeyFile={{ zabbix_proxy_vaulttlscertfile }}
-{% endif %}
-{% if zabbix_proxy_vaulttlskeyfile is defined and zabbix_proxy_vaulttlskeyfile is not none %}
-VaultTLSCertFile={{ zabbix_proxy_vaulttlskeyfile }}
-{% endif %}
-{% if zabbix_proxy_listenbacklog is defined and zabbix_proxy_listenbacklog is not none %}
-ListenBacklog={{ zabbix_proxy_listenbacklog }}
-{% endif %}
-{% endif %}
+{{ (zabbix_proxy_allowroot is defined and zabbix_proxy_allowroot is not none) | ternary('','# ') }}AllowRoot={{ zabbix_proxy_allowroot | default('') }}
+{% if zabbix_proxy_version is version('6.0', '>=') %}
+{{ (zabbix_proxy_allowunsupporteddbversions is defined and zabbix_proxy_allowunsupporteddbversions is not none) | ternary('','# ') }}AllowUnsupportedDBVersions={{ zabbix_proxy_allowunsupporteddbversions | default('') }}
+{% endif %}
+{{ (zabbix_proxy_cachesize is defined and zabbix_proxy_cachesize is not none) | ternary('','# ') }}CacheSize={{ zabbix_proxy_cachesize | default('') }}
+{{ (zabbix_proxy_configfrequency is defined and zabbix_proxy_configfrequency is not none) | ternary('','# ') }}ConfigFrequency={{ zabbix_proxy_configfrequency | default('') }}
+{{ (zabbix_proxy_datasenderfrequency is defined and zabbix_proxy_datasenderfrequency is not none) | ternary('','# ') }}DataSenderFrequency={{ zabbix_proxy_datasenderfrequency | default('') }}
+{{ (zabbix_proxy_dbhost is defined and zabbix_proxy_dbhost is not none) | ternary('','# ') }}DBHost={{ zabbix_proxy_dbhost | default('') }}
+{{ (zabbix_proxy_dbname is defined and zabbix_proxy_dbname is not none) | ternary('','# ') }}DBName={{ zabbix_proxy_dbname | default('') }}
+{{ (zabbix_proxy_dbpassword is defined and zabbix_proxy_dbpassword is not none) | ternary('','# ') }}DBPassword={{ zabbix_proxy_dbpassword | default('') }}
+{{ (zabbix_proxy_dbschema is defined and zabbix_proxy_dbschema is not none) | ternary('','# ') }}DBSchema={{ zabbix_proxy_dbschema | default('') }}
+{{ (zabbix_proxy_dbsocket is defined and zabbix_proxy_dbsocket is not none) | ternary('','# ') }}DBSocket={{ zabbix_proxy_dbsocket | default('') }}
+{{ (zabbix_proxy_dbtlscafile is defined and zabbix_proxy_dbtlscafile is not none) | ternary('','# ') }}DBTLSCAFile={{ zabbix_proxy_dbtlscafile | default('') }}
+{{ (zabbix_proxy_dbtlscertfile is defined and zabbix_proxy_dbtlscertfile is not none) | ternary('','# ') }}DBTLSCertFile={{ zabbix_proxy_dbtlscertfile | default('') }}
+{{ (zabbix_proxy_dbtlscipher is defined and zabbix_proxy_dbtlscipher is not none) | ternary('','# ') }}DBTLSCipher={{ zabbix_proxy_dbtlscipher | default('') }}
+{{ (zabbix_proxy_dbtlscipher13 is defined and zabbix_proxy_dbtlscipher13 is not none) | ternary('','# ') }}DBTLSCipher13={{ zabbix_proxy_dbtlscipher13 | default('') }}
+{{ (zabbix_proxy_dbtlsconnect is defined and zabbix_proxy_dbtlsconnect is not none) | ternary('','# ') }}DBTLSConnect={{ zabbix_proxy_dbtlsconnect | default('') }}
+{{ (zabbix_proxy_dbtlskeyfile is defined and zabbix_proxy_dbtlskeyfile is not none) | ternary('','# ') }}DBTLSKeyFile={{ zabbix_proxy_dbtlskeyfile | default('') }}
+{{ (zabbix_proxy_dbuser is defined and zabbix_proxy_dbuser is not none) | ternary('','# ') }}DBUser={{ zabbix_proxy_dbuser | default('') }}
+{{ (zabbix_proxy_debuglevel is defined and zabbix_proxy_debuglevel is not none) | ternary('','# ') }}DebugLevel={{ zabbix_proxy_debuglevel | default('') }}
+{{ (zabbix_proxy_enableremotecommands is defined and zabbix_proxy_enableremotecommands is not none) | ternary('','# ') }}EnableRemoteCommands={{ zabbix_proxy_enableremotecommands | default('') }}
+{{ (zabbix_proxy_externalscripts is defined and zabbix_proxy_externalscripts is not none) | ternary('','# ') }}ExternalScripts={{ zabbix_proxy_externalscripts | default('') }}
+{{ (zabbix_proxy_fping6location is defined and zabbix_proxy_fping6location is not none) | ternary('','# ') }}Fping6Location={{ zabbix_proxy_fping6location | default('') }}
+{{ (zabbix_proxy_fpinglocation is defined and zabbix_proxy_fpinglocation is not none) | ternary('','# ') }}FpingLocation={{ zabbix_proxy_fpinglocation | default('') }}
+{% if zabbix_proxy_version is version('6.4', '<') %}
+{{ (zabbix_proxy_heartbeatfrequency is defined and zabbix_proxy_heartbeatfrequency is not none) | ternary('','# ') }}HeartbeatFrequency={{ zabbix_proxy_heartbeatfrequency | default('') }}
+{% endif %}
+{{ (zabbix_proxy_historycachesize is defined and zabbix_proxy_historycachesize is not none) | ternary('','# ') }}HistoryCacheSize={{ zabbix_proxy_historycachesize | default('') }}
+{{ (zabbix_proxy_historyindexcachesize is defined and zabbix_proxy_historyindexcachesize is not none) | ternary('','# ') }}HistoryIndexCacheSize={{ zabbix_proxy_historyindexcachesize | default('') }}
+{{ (zabbix_proxy_hostname is defined and zabbix_proxy_hostname is not none) | ternary('','# ') }}Hostname={{ zabbix_proxy_hostname | default('') }}
+{{ (zabbix_proxy_hostnameitem is defined and zabbix_proxy_hostnameitem is not none) | ternary('','# ') }}HostnameItem={{ zabbix_proxy_hostnameitem | default('') }}
+{{ (zabbix_proxy_housekeepingfrequency is defined and zabbix_proxy_housekeepingfrequency is not none) | ternary('','# ') }}HousekeepingFrequency={{ zabbix_proxy_housekeepingfrequency | default('') }}
+{{ (zabbix_proxy_include is defined and zabbix_proxy_include is not none) | ternary('','# ') }}Include={{ zabbix_proxy_include | default('') }}
+{{ (zabbix_proxy_javagateway is defined and zabbix_proxy_javagateway is not none) | ternary('','# ') }}JavaGateway={{ zabbix_proxy_javagateway | default('') }}
+{{ (zabbix_proxy_javagatewayport is defined and zabbix_proxy_javagatewayport is not none) | ternary('','# ') }}JavaGatewayPort={{ zabbix_proxy_javagatewayport | default('') }}
+{{ (zabbix_proxy_listenbacklog is defined and zabbix_proxy_listenbacklog is not none) | ternary('','# ') }}ListenBacklog={{ zabbix_proxy_listenbacklog | default('') }}
+{{ (zabbix_proxy_listenip is defined and zabbix_proxy_listenip is not none) | ternary('','# ') }}ListenIP={{ zabbix_proxy_listenip | default('') }}
+{{ (zabbix_proxy_listenport is defined and zabbix_proxy_listenport is not none) | ternary('','# ') }}ListenPort={{ zabbix_proxy_listenport | default('') }}
+{{ (zabbix_proxy_loadmodule is defined and zabbix_proxy_loadmodule is not none) | ternary('','# ') }}LoadModule={{ zabbix_proxy_loadmodule | default('') }}
+{{ (zabbix_proxy_loadmodulepath is defined and zabbix_proxy_loadmodulepath is not none) | ternary('','# ') }}LoadModulePath={{ zabbix_proxy_loadmodulepath | default('') }}
+{{ (zabbix_proxy_logfile is defined and zabbix_proxy_logfile is not none) | ternary('','# ') }}LogFile={{ zabbix_proxy_logfile | default('') }}
+{{ (zabbix_proxy_logfilesize is defined and zabbix_proxy_logfilesize is not none) | ternary('','# ') }}LogFileSize={{ zabbix_proxy_logfilesize | default('') }}
+{{ (zabbix_proxy_logremotecommands is defined and zabbix_proxy_logremotecommands is not none) | ternary('','# ') }}LogRemoteCommands={{ zabbix_proxy_logremotecommands | default('') }}
+{{ (zabbix_proxy_logslowqueries is defined and zabbix_proxy_logslowqueries is not none) | ternary('','# ') }}LogSlowQueries={{ zabbix_proxy_logslowqueries | default('') }}
+{{ (zabbix_proxy_logtype is defined and zabbix_proxy_logtype is not none) | ternary('','# ') }}LogType={{ zabbix_proxy_logtype | default('') }}
+{{ (zabbix_proxy_pidfile is defined and zabbix_proxy_pidfile is not none) | ternary('','# ') }}PidFile={{ zabbix_proxy_pidfile | default('') }}
+{{ (zabbix_proxy_proxylocalbuffer is defined and zabbix_proxy_proxylocalbuffer is not none) | ternary('','# ') }}ProxyLocalBuffer={{ zabbix_proxy_proxylocalbuffer | default('') }}
+{{ (zabbix_proxy_proxymode is defined and zabbix_proxy_proxymode is not none) | ternary('','# ') }}ProxyMode={{ zabbix_proxy_proxymode | default('') }}
+{{ (zabbix_proxy_proxyofflinebuffer is defined and zabbix_proxy_proxyofflinebuffer is not none) | ternary('','# ') }}ProxyOfflineBuffer={{ zabbix_proxy_proxyofflinebuffer | default('') }}
+{{ (zabbix_proxy_server is defined and zabbix_proxy_server is not none) | ternary('','# ') }}Server={{ zabbix_proxy_server | default('') }}
+{{ (zabbix_proxy_snmptrapperfile is defined and zabbix_proxy_snmptrapperfile is not none) | ternary('','# ') }}SNMPTrapperFile={{ zabbix_proxy_snmptrapperfile | default('') }}
+{{ (zabbix_proxy_socketdir is defined and zabbix_proxy_socketdir is not none) | ternary('','# ') }}SocketDir={{ zabbix_proxy_socketdir | default('') }}
+{{ (zabbix_proxy_sourceip is defined and zabbix_proxy_sourceip is not none) | ternary('','# ') }}SourceIP={{ zabbix_proxy_sourceip | default('') }}
+{{ (zabbix_proxy_sshkeylocation is defined and zabbix_proxy_sshkeylocation is not none) | ternary('','# ') }}SSHKeyLocation={{ zabbix_proxy_sshkeylocation | default('') }}
+{{ (zabbix_proxy_sslcalocation is defined and zabbix_proxy_sslcalocation is not none) | ternary('','# ') }}SSLCALocation={{ zabbix_proxy_sslcalocation | default('') }}
+{{ (zabbix_proxy_sslcertlocation is defined and zabbix_proxy_sslcertlocation is not none) | ternary('','# ') }}SSLCertLocation={{ zabbix_proxy_sslcertlocation | default('') }}
+{{ (zabbix_proxy_sslkeylocation is defined and zabbix_proxy_sslkeylocation is not none) | ternary('','# ') }}SSLKeyLocation={{ zabbix_proxy_sslkeylocation | default('') }}
+{{ (zabbix_proxy_startdbsyncers is defined and zabbix_proxy_startdbsyncers is not none) | ternary('','# ') }}StartDBSyncers={{ zabbix_proxy_startdbsyncers | default('') }}
+{{ (zabbix_proxy_startdiscoverers is defined and zabbix_proxy_startdiscoverers is not none) | ternary('','# ') }}StartDiscoverers={{ zabbix_proxy_startdiscoverers | default('') }}
+{% if zabbix_proxy_version is version('6.0', '==') %}
+{{ (zabbix_proxy_starthistorypollers is defined and zabbix_proxy_starthistorypollers is not none) | ternary('','# ') }}={{ zabbix_proxy_starthistorypollers | default('') }}
+{% endif %}
+{{ (zabbix_proxy_starthttppollers is defined and zabbix_proxy_starthttppollers is not none) | ternary('','# ') }}StartHTTPPollers={{ zabbix_proxy_starthttppollers | default('') }}
+{{ (zabbix_proxy_startipmipollers is defined and zabbix_proxy_startipmipollers is not none) | ternary('','# ') }}StartIPMIPollers={{ zabbix_proxy_startipmipollers | default('') }}
+{{ (zabbix_proxy_startjavapollers is defined and zabbix_proxy_startjavapollers is not none) | ternary('','# ') }}StartJavaPollers={{ zabbix_proxy_startjavapollers | default('') }}
+{{ (zabbix_proxy_startodbcpollers is defined and zabbix_proxy_startodbcpollers is not none) | ternary('','# ') }}StartODBCPollers={{ zabbix_proxy_startodbcpollers | default('') }}
+{{ (zabbix_proxy_startpingers is defined and zabbix_proxy_startpingers is not none) | ternary('','# ') }}StartPingers={{ zabbix_proxy_startpingers | default('') }}
+{{ (zabbix_proxy_startpollers is defined and zabbix_proxy_startpollers is not none) | ternary('','# ') }}StartPollers={{ zabbix_proxy_startpollers | default('') }}
+{{ (zabbix_proxy_startpollersunreachable is defined and zabbix_proxy_startpollersunreachable is not none) | ternary('','# ') }}StartPollersUnreachable={{ zabbix_proxy_startpollersunreachable | default('') }}
+{{ (zabbix_proxy_startpreprocessors is defined and zabbix_proxy_startpreprocessors is not none) | ternary('','# ') }}StartPreprocessors={{ zabbix_proxy_startpreprocessors | default('') }}
+{{ (zabbix_proxy_startsnmptrapper is defined and zabbix_proxy_startsnmptrapper is not none) | ternary('','# ') }}StartSNMPTrapper={{ zabbix_proxy_startsnmptrapper | default('') }}
+{{ (zabbix_proxy_starttrappers is defined and zabbix_proxy_starttrappers is not none) | ternary('','# ') }}StartTrappers={{ zabbix_proxy_starttrappers | default('') }}
+{{ (zabbix_proxy_startvmwarecollectors is defined and zabbix_proxy_startvmwarecollectors is not none) | ternary('','# ') }}StartVMwareCollectors={{ zabbix_proxy_startvmwarecollectors | default('') }}
+{{ (zabbix_proxy_statsallowedip is defined and zabbix_proxy_statsallowedip is not none) | ternary('','# ') }}StatsAllowedIP={{ zabbix_proxy_statsallowedip | default('') }}
+{{ (zabbix_proxy_timeout is defined and zabbix_proxy_timeout is not none) | ternary('','# ') }}Timeout={{ zabbix_proxy_timeout | default('') }}
+{{ (zabbix_proxy_tlsaccept is defined and zabbix_proxy_tlsaccept is not none) | ternary('','# ') }}TLSAccept={{ zabbix_proxy_tlsaccept | default('') }}
+{{ (zabbix_proxy_tlscafile is defined and zabbix_proxy_tlscafile is not none) | ternary('','# ') }}TLSCAFile={{ zabbix_proxy_tlscafile | default('') }}
+{{ (zabbix_proxy_tlscertfile is defined and zabbix_proxy_tlscertfile is not none) | ternary('','# ') }}TLSCertFile={{ zabbix_proxy_tlscertfile | default('') }}
+{{ (zabbix_proxy_tlscipherall is defined and zabbix_proxy_tlscipherall is not none) | ternary('','# ') }}TLSCipherAll={{ zabbix_proxy_tlscipherall | default('') }}
+{{ (zabbix_proxy_tlscipherall13 is defined and zabbix_proxy_tlscipherall13 is not none) | ternary('','# ') }}TLSCipherAll13={{ zabbix_proxy_tlscipherall13 | default('') }}
+{{ (zabbix_proxy_tlsciphercert is defined and zabbix_proxy_tlsciphercert is not none) | ternary('','# ') }}TLSCipherCert={{ zabbix_proxy_tlsciphercert | default('') }}
+{{ (zabbix_proxy_tlsciphercert13 is defined and zabbix_proxy_tlsciphercert13 is not none) | ternary('','# ') }}TLSCipherCert13={{ zabbix_proxy_tlsciphercert13 | default('') }}
+{{ (zabbix_proxy_tlscipherpsk is defined and zabbix_proxy_tlscipherpsk is not none) | ternary('','# ') }}TLSCipherPSK={{ zabbix_proxy_tlscipherpsk | default('') }}
+{{ (zabbix_proxy_tlscipherpsk13 is defined and zabbix_proxy_tlscipherpsk13 is not none) | ternary('','# ') }}TLSCipherPSK13={{ zabbix_proxy_tlscipherpsk13 | default('') }}
+{{ (zabbix_proxy_tlsconnect is defined and zabbix_proxy_tlsconnect is not none) | ternary('','# ') }}TLSConnect={{ zabbix_proxy_tlsconnect | default('') }}
+{{ (zabbix_proxy_tlscrlfile is defined and zabbix_proxy_tlscrlfile is not none) | ternary('','# ') }}TLSCRLFile={{ zabbix_proxy_tlscrlfile | default('') }}
+{{ (zabbix_proxy_tlskeyfile is defined and zabbix_proxy_tlskeyfile is not none) | ternary('','# ') }}TLSKeyFile={{ zabbix_proxy_tlskeyfile | default('') }}
+{{ (zabbix_proxy_tlspskfile is defined and zabbix_proxy_tlspskfile is not none) | ternary('','# ') }}TLSPSKFile={{ zabbix_proxy_tlspskfile | default('') }}
+{{ (zabbix_proxy_tlspskidentity is defined and zabbix_proxy_tlspskidentity is not none) | ternary('','# ') }}TLSPSKIdentity={{ zabbix_proxy_tlspskidentity | default('') }}
+{{ (zabbix_proxy_tlsservercertissuer is defined and zabbix_proxy_tlsservercertissuer is not none) | ternary('','# ') }}TLSServerCertIssuer={{ zabbix_proxy_tlsservercertissuer | default('') }}
+{{ (zabbix_proxy_tlsservercertsubject is defined and zabbix_proxy_tlsservercertsubject is not none) | ternary('','# ') }}TLSServerCertSubject={{ zabbix_proxy_tlsservercertsubject | default('') }}
+{{ (zabbix_proxy_tmpdir is defined and zabbix_proxy_tmpdir is not none) | ternary('','# ') }}TmpDir={{ zabbix_proxy_tmpdir | default('') }}
+{{ (zabbix_proxy_trappertimeout is defined and zabbix_proxy_trappertimeout is not none) | ternary('','# ') }}TrapperTimeout={{ zabbix_proxy_trappertimeout | default('') }}
+{{ (zabbix_proxy_unavailabledelay is defined and zabbix_proxy_unavailabledelay is not none) | ternary('','# ') }}UnavailableDelay={{ zabbix_proxy_unavailabledelay | default('') }}
+{{ (zabbix_proxy_unreachabledelay is defined and zabbix_proxy_unreachabledelay is not none) | ternary('','# ') }}UnreachableDelay={{ zabbix_proxy_unreachabledelay | default('') }}
+{{ (zabbix_proxy_unreachableperiod is defined and zabbix_proxy_unreachableperiod is not none) | ternary('','# ') }}UnreachablePeriod={{ zabbix_proxy_unreachableperiod | default('') }}
+{{ (zabbix_proxy_user is defined and zabbix_proxy_user is not none) | ternary('','# ') }}User={{ zabbix_proxy_user | default('') }}
+{% if zabbix_proxy_version is version('6.2', '>=') %}
+{{ (zabbix_proxy_vault is defined and zabbix_proxy_vault is not none) | ternary('','# ') }}Vault={{ zabbix_proxy_vault | default('') }}
+{% endif %}
+{{ (zabbix_proxy_vaultdbpath is defined and zabbix_proxy_vaultdbpath is not none) | ternary('','# ') }}VaultDBPath={{ zabbix_proxy_vaultdbpath | default('') }}
+{% if zabbix_proxy_version is version('6.2', '>=') %}
+{{ (zabbix_proxy_vaulttlscertfile is defined and zabbix_proxy_vaulttlscertfile is not none) | ternary('','# ') }}VaultTLSCertFile={{ zabbix_proxy_vaulttlscertfile | default('') }}
+{{ (zabbix_proxy_vaulttlskeyfile is defined and zabbix_proxy_vaulttlskeyfile is not none) | ternary('','# ') }}VaultTLSKeyFile={{ zabbix_proxy_vaulttlskeyfile | default('') }}
+{% endif %}
+{{ (zabbix_proxy_vaulttoken is defined and zabbix_proxy_vaulttoken is not none) | ternary('','# ') }}VaultToken={{ zabbix_proxy_vaulttoken | default('') }}
+{{ (zabbix_proxy_vaulturl is defined and zabbix_proxy_vaulturl is not none) | ternary('','# ') }}VaultURL={{ zabbix_proxy_vaulturl | default('') }}
+{{ (zabbix_proxy_vmwarecachesize is defined and zabbix_proxy_vmwarecachesize is not none) | ternary('','# ') }}VMwareCacheSize={{ zabbix_proxy_vmwarecachesize | default('') }}
+{{ (zabbix_proxy_vmwarefrequency is defined and zabbix_proxy_vmwarefrequency is not none) | ternary('','# ') }}VMwareFrequency={{ zabbix_proxy_vmwarefrequency | default('') }}
+{{ (zabbix_proxy_vmwareperffrequency is defined and zabbix_proxy_vmwareperffrequency is not none) | ternary('','# ') }}VMwarePerfFrequency={{ zabbix_proxy_vmwareperffrequency | default('') }}
+{{ (zabbix_proxy_vmwaretimeout is defined and zabbix_proxy_vmwaretimeout is not none) | ternary('','# ') }}VMwareTimeout={{ zabbix_proxy_vmwaretimeout | default('') }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml
deleted file mode 100644
index 605be3896..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Amazon.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-ansible_distribution_major_version: "6"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
index 2c87e2d61..cd9527eb2 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
@@ -1,26 +1,57 @@
zabbix_valid_proxy_versions:
# Debian
+ "12":
+ - 6.4
+ - 6.0
"11":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"10":
+ - 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
- "9":
- - 4.0
- # Ubuntu
"22":
- 6.4
+ - 6.2
- 6.0
"20":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"18":
+ - 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
+
+mysql_client_pkgs:
+ # Debian
+ "12":
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ "11":
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ "10":
+ - mariadb-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ # Ubuntu
+ "22":
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ "20":
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ "18":
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+
+mysql_plugin:
+ "18": mysql_native_password
+ "10": mysql_native_password
+
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}"
+_zabbix_proxy_fping6location: /usr/bin/fping6
+_zabbix_proxy_fpinglocation: /usr/bin/fping
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml
index 31da6800f..e8ee7e2ae 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/RedHat.yml
@@ -1,12 +1,55 @@
zabbix_valid_proxy_versions:
"9":
- 6.4
+ - 6.2
- 6.0
"8":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"7":
- - 5.0
- - 4.0
+ - 6.4
+ - 6.2
+ - 6.0
+
+pgsql_depenencies:
+ "9":
+ - python3-psycopg2
+ - postgresql
+ "8":
+ - python3-psycopg2
+ - postgresql
+ "7":
+ - python-psycopg2
+ - postgresql
+
+mysql_client_pkgs:
+ "9":
+ - mysql
+ - python3-PyMySQL
+ "8":
+ - mysql
+ - python3-PyMySQL
+ "7":
+ - MariaDB-client
+ - MySQL-python
+
+selinux_pkgs:
+ "9":
+ - policycoreutils
+ - checkpolicy
+ - python3-libsemanage
+ "8":
+ - policycoreutils
+ - checkpolicy
+ - python3-libsemanage
+ "7":
+ - policycoreutils-python
+ - libsemanage-python
+ - checkpolicy
+
+mysql_plugin:
+ "7": mysql_native_password
+
+_zabbix_proxy_fping6location: /usr/sbin/fping6
+_zabbix_proxy_fpinglocation: /usr/sbin/fping
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml
index ea434bdc4..90779c270 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/main.yml
@@ -1,2 +1,7 @@
---
# vars file for zabbix_proxy
+db_file_path:
+ "62": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql"
+ "64": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql"
+ "60": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql"
+ "50": "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}*/schema.sql.gz"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml
deleted file mode 100644
index 7ac7dc354..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/zabbix.yml
+++ /dev/null
@@ -1,255 +0,0 @@
----
-sign_keys:
- "64":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "62":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "60":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "54":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "52":
- # bullseye: not available upstream
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "50":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "44":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "42":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "40":
- bullseye:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "34":
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "32":
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: 79EA5ED4
- serena:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "30":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "24":
- jessie:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- "22":
- squeeze:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- lucid:
- sign_key: 79EA5ED4
-
-suse:
- "openSUSE Leap":
- "42":
- name: server:monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
- "openSUSE":
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
- "SLES":
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/README.md b/ansible_collections/community/zabbix/roles/zabbix_server/README.md
index 4643fbc3f..f154f4951 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/README.md
@@ -75,26 +75,16 @@ ansible-galaxy collection install community.postgresql
See the following list of supported Operating systems with the Zabbix releases:
-| Zabbix | 6.4 | 6.2 | 6.0 | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) |
-|---------------------|-----|-----|-----|-----|-----|-----------|-----|-----------|-----------|
-| Red Hat Fam 9 | V | V | V | | | | | | |
-| Red Hat Fam 8 | V | V | V | V | V | V | V | | |
-| Red Hat Fam 7 | | | | | | V | V | V | V |
-| Red Hat Fam 6 | | | | | V | V | | | V |
-| Red Hat Fam 5 | | | | | V | V | | | V |
-| Fedora | | | | | | | V | V | |
-| Ubuntu 20.04 focal | V | V | V | V | V | V | | V | |
-| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | |
-| Ubuntu 16.04 xenial | | | | | V | V | V | V | |
-| Ubuntu 14.04 trusty | | | | | V | V | V | V | V |
-| Debian 10 buster | | | V | V | V | V | V | | |
-| Debian 9 stretch | | | V | V | V | V | V | V | |
-| Debian 8 jessie | | | | | V | V | V | V | V |
-| Debian 7 wheezy | | | | | | | | V | V |
-| macOS 10.15 | | | | | | | V | V | |
-| macOS 10.14 | | | | | | | V | V | |
-
-See https://support.zabbix.com/browse/ZBX-18790 why RHEL7 is not supported anymore.
+| Zabbix | 6.4 | 6.2 | 6.0 |
+|---------------------|-----|-----|-----|
+| Red Hat Fam 9 | V | V | V |
+| Red Hat Fam 8 | V | V | V |
+| Ubuntu 22.04 jammy | V | V | V |
+| Ubuntu 20.04 focal | V | V | V |
+| Ubuntu 18.04 bionic | | | V |
+| Debian 12 bookworm | V | | V |
+| Debian 11 bullseye | V | V | V |
+| Debian 10 buster | | | V |
# Installation
@@ -110,112 +100,48 @@ The following is an overview of all available configuration default for this rol
### Overall Zabbix
-* `zabbix_server_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
+* `zabbix_server_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_server_version: 6.0`.
* `zabbix_server_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available)
-* `zabbix_repo`: Default: `zabbix`
- * `epel`: install agent from EPEL repo
- * `zabbix`: (default) install agent from Zabbix repo
- * `other`: install agent from pre-existing or other repo
* `zabbix_repo_yum`: A list with Yum repository configuration.
* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
-* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`.
-* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages.
+* `zabbix_server_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_service_state`: Default: `started`. Can be overridden to stopped if needed
* `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed
+* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}`
+* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
### SElinux
-* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run.
+* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run.
* `selinux_allow_zabbix_can_network`: Default: `False`.
* `selinux_allow_zabbix_can_http`: Default: `False`.
### Zabbix Server
* `zabbix_server_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed.
-* `zabbix_server_listenport`: Default: `10051`. On which port the Zabbix Server is available.
* `zabbix_server_install_recommends`: Default: `True`. `False` does not install the recommended packages that come with the zabbix-server install.
* `zabbix_server_manage_service`: Default: `True`. When you run multiple Zabbix servers in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-server service, because Pacemaker is in control of zabbix-server service and in this case, it needs to be set to `False`.
-* `zabbix_proxy_startpreprocessors`: Number of pre-forked instances of preprocessing workers. The preprocessing manager process is automatically started when a preprocessor worker is started. This parameter is supported since Zabbix 4.2.0.
-* `zabbix_server_username`: Default: `zabbix`. The name of the account on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_server_userid`: The UID of the account on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_server_groupname`: Default: `zabbix`. The name of the group of the user on the host. Will only be used when `zabbix_repo: epel` is used.
-* `zabbix_server_groupid`: The GID of the group on the host. Will only be used when `zabbix_repo: epel` is used.
* `zabbix_server_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_server_include`.
* `zabbix_server_conf_mode`: Default: `0640`. The "mode" for the Zabbix configuration file.
-* `zabbix_server_listenbacklog`: The maximum number of pending connections in the queue.
-* `zabbix_server_trendcachesize`: Size of trend cache, in bytes.
-* `zabbix_server_trendfunctioncachesize`: Size of trend function cache, in bytes.
-* `zabbix_server_vaulttoken`: Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
-* `zabbix_server_vaulturl`: Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
-* `zabbix_server_vaultdbpath`: Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
-* `zabbix_server_startreportwriters`: Number of pre-forked report writer instances.
-* `zabbix_server_webserviceurl`: URL to Zabbix web service, used to perform web related tasks.
-* `zabbix_server_servicemanagersyncfrequency`: How often Zabbix will synchronize configuration of a service manager (in seconds).
-* `zabbix_server_problemhousekeepingfrequency`: How often Zabbix will delete problems for deleted triggers (in seconds).
-* `zabbix_server_connectors`: Number of pre-forked instances of preprocessing workers.
-
-### High Availability
-
-These variables are specific for Zabbix 6.0 and higher:
-
-* `zabbix_server_hanodename`: The high availability cluster node name. When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. (Default: empty)
-* `zabbix_server_nodeaddress`: IP or hostname with optional port to specify how frontend should connect to the server.
### Database specific
* `zabbix_server_dbhost_run_install`: Default: `True`. When set to `True`, sql files will be executed on the host running the database.
* `zabbix_server_database`: Default: `pgsql`. The type of database used. Can be: `mysql` or `pgsql`
-* `zabbix_server_database_long`: Default: `postgresql`. The type of database used, but long name. Can be: `mysql` or `postgresql`
* `zabbix_server_dbhost`: The hostname on which the database is running.
* `zabbix_server_real_dbhost`: The hostname of the dbhost that is running behind a loadbalancer/VIP (loadbalancers doesn't accept ssh connections)
* `zabbix_server_dbname`: The database name which is used by the Zabbix Server.
* `zabbix_server_dbuser`: The database username which is used by the Zabbix Server.
* `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server.
+* `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`.
* `zabbix_server_dbport`: The database port which is used by the Zabbix Server.
* `zabbix_server_dbpassword_hash_method`: Default: `md5`. Allow switching postgresql user password creation to `scram-sha-256`, when anything other than `md5` is used then ansible won't hash the password with `md5`.
-* `zabbix_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False.
+* `zabbix_server_database_creation`: Default: `True`. When you don't want to create the database including user, you can set it to False.
* `zabbix_server_install_database_client`: Default: `True`. False does not install database client. Default true
-* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False.
-* `zabbix_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database).
+* `zabbix_server_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False.
+* `zabbix_server_database_timescaledb`:False / True. When you want to use timescaledb extension into the database, you can set it to True (this option only works for postgreSQL database).
* `zabbix_server_dbencoding`: Default: `utf8`. The encoding for the MySQL database.
* `zabbix_server_dbcollation`: Default: `utf8_bin`. The collation for the MySQL database.
-* `zabbix_server_allowunsupporteddbversions`: Allow server to work with unsupported database versions.
-
-### TLS Specific configuration
-
-These variables are specific for Zabbix 3.0 and higher:
-
-* `zabbix_server_tlsconnect`: How the agent should connect to server or proxy. Used for active checks.
- Possible values:
- * unencrypted
- * psk
- * cert
-* `zabbix_server_tlsaccept`: What incoming connections to accept.
- Possible values:
- * unencrypted
- * psk
- * cert
-* `zabbix_server_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification.
-* `zabbix_server_tlscrlfile`: Full pathname of a file containing revoked certificates.
-* `zabbix_server_tlsservercertissuer`: Allowed server certificate issuer.
-* `zabbix_server_tlsservercertsubject`: Allowed server certificate subject.
-* `zabbix_server_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain.
-* `zabbix_server_tlskeyfile`: Full pathname of a file containing the agent private key.
-* `zabbix_server_dbtlsconnect`: Setting this option enforces to use TLS connection to database:
-
-`required` - connect using TLS
-`verify_ca` - connect using TLS and verify certificate
-`verify_full` - connect using TLS, verify certificate and verify that database identity specified by DBHost matches its certificate
-
-On `MySQL` starting from 5.7.11 and `PostgreSQL` the following values are supported: `required`, `verify`, `verify_full`. On MariaDB starting from version 10.2.6 `required` and `verify_full` values are supported.
-By default not set to any option and the behaviour depends on database configuration.
-This parameter is supported since Zabbix 5.0.0.
-
-* `zabbix_server_dbtlscafile`: Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_server_dbtlscertfile`: Full pathname of file containing Zabbix server certificate for authenticating to database. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_server_dbtlskeyfile`: Full pathname of file containing the private key for authenticating to database. This parameter is supported since Zabbix 5.0.0.
-* `zabbix_server_dbtlscipher`: The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2. Supported only for MySQL.This parameter is supported since Zabbix 5.0.0.
-* `zabbix_server_dbtlscipher13`: The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol. Supported only for MySQL, starting from version 8.0.16. This parameter is supported since Zabbix 5.0.0.
### Custom Zabbix Scripts
@@ -350,6 +276,135 @@ The `zabbix_server_privileged_host` can be set to the hostname/ip of the host ru
3. Execute the role by running the Ansible playbook that calls this role. At the end of this run, the Zabbix Server with `PgSQL` on a different host will be running.
+## Configuration Variables
+
+The following table lists all variables that are exposed to modify the configuration of the zabbix_server.conf file. Specific details of each variable can be found in the Zabbix documentation.
+
+**NOTE**: Only variables with a default value appear in the defaults file, all others must be added.
+
+| Zabbix Name | Variable Name | Default Value |Notes |
+|-----------|------------------|--------|--------|
+|AlertScriptsPath | zabbix_server_alertscriptspath | /usr/lib/zabbix/alertscripts | |
+|AllowRoot | zabbix_server_allowroot | 0 | |
+|AllowUnsupportedDBVersions | zabbix_server_allowunsupporteddbversions |0 | |
+|CacheSize | zabbix_server_cachesize | | |
+|CacheUpdateFrequency | zabbix_server_cacheupdatefrequency | | |
+|DBHost | zabbix_server_dbhost | localhost | |
+|DBName | zabbix_server_dbname | zabbix-server | |
+|DBPassword | zabbix_server_dbpassword | zabbix-server | |
+|DBPort | zabbix_server_dbport | 5432 | |
+|DBSchema | zabbix_server_dbschema | | |
+|DBSocket | zabbix_server_dbsocket | | |
+|DBTLSCAFile | zabbix_server_dbtlscafile | | |
+|DBTLSCertFile | zabbix_server_dbtlscertfile | | |
+|DBTLSCipher | zabbix_server_dbtlscipher | | |
+|DBTLSCipher13 | zabbix_server_dbtlscipher13 | | |
+|DBTLSConnect | zabbix_server_dbtlsconnect | | |
+|DBTLSKeyFile | zabbix_server_dbtlskeyfile | | |
+|DBUser | zabbix_server_dbuser | zabbix-server | |
+|DebugLevel | zabbix_server_debuglevel | 3 | |
+|ExportDir | zabbix_server_exportdir | | |
+|ExportFileSize | zabbix_server_exportfilesize | 1G | |
+|ExportType | zabbix_server_exporttype | | |
+|ExternalScripts | zabbix_server_externalscriptspath | /usr/lib/zabbix/externalscripts | |
+|Fping6Location | zabbix_server_fping6location | OS Specific Value | |
+|FpingLocation | zabbix_server_fpinglocation | OS Specific Value | |
+|HANodeName | zabbix_server_hanodename | | |
+|HistoryCacheSize | zabbix_server_historycachesize | | |
+|HistoryIndexCacheSize | zabbix_server_historyindexcachesize | | |
+|HistoryStorageDateIndex | zabbix_server_historystoragedateindex | 0 | |
+|HistoryStorageTypes | zabbix_server_historystoragetypes | uint,dbl,str,log,text | |
+|HistoryStorageURL | zabbix_server_historystorageurl | | |
+|HousekeepingFrequency | zabbix_server_housekeepingfrequency | 1 | |
+|Include | zabbix_server_include | /etc/zabbix/zabbix_server.conf.d | |
+|JavaGateway | zabbix_server_javagateway | | |
+|JavaGatewayPort | zabbix_server_javagatewayport | 10052 | |
+|ListenBacklog | zabbix_server_listenbacklog | | |
+|ListenIP | zabbix_server_listenip | | |
+|ListenPort | zabbix_server_listenport | 10051 | |
+|LoadModule | zabbix_server_loadmodule | | |
+|LoadModulePath | zabbix_server_loadmodulepath | ${libdir}/modules | |
+|LogFile | zabbix_server_logfile | /var/log/zabbix/zabbix_server.log | |
+|LogFileSize | zabbix_server_logfilesize | 10 | |
+|LogSlowQueries | zabbix_server_logslowqueries | 0 | |
+|LogType | zabbix_server_logtype | file | |
+|MaxHousekeeperDelete | zabbix_server_maxhousekeeperdelete | 500 | |
+|NodeAddress | zabbix_server_nodeaddress | | |
+|PidFile | zabbix_server_pidfile | /var/run/zabbix/zabbix_server.pid | |
+|ProxyConfigFrequency | zabbix_server_proxyconfigfrequency | | |
+|ProxyDataFrequency | zabbix_server_proxydatafrequency | 1 | |
+|SNMPTrapperFile | zabbix_server_snmptrapperfile | | |
+|SocketDir | zabbix_server_socketdir | /var/run/zabbix | |
+|SourceIP | zabbix_server_sourceip | | |
+|SSHKeyLocation | zabbix_server_sshkeylocation | | |
+|SSLCALocation | zabbix_server_sslcalocation | | |
+|SSLCertLocation | zabbix_server_sslcertlocation | ${datadir}/zabbix/ssl/certs | |
+|SSLKeyLocation | zabbix_server_sslkeylocation | ${datadir}/zabbix/ssl/keys | |
+|StartAlerters | zabbix_server_startalerters | | |
+|StartConnectors | zabbix_server_connectors | | Version 6.4 or later |
+|StartDBSyncers | zabbix_server_startdbsyncers | 4 | |
+|StartDiscoverers | zabbix_server_startdiscoverers | 1 | |
+|StartEscalators | zabbix_server_startescalators | 1 | |
+|StartHistoryPollers | zabbix_server_starthistorypollers | | |
+|StartHTTPPollers | zabbix_server_starthttppollers | 1 | |
+|StartIPMIPollers | zabbix_server_startipmipollers | 0 | |
+|StartJavaPollers | zabbix_server_startjavapollers | 0 | |
+|StartLLDProcessors | zabbix_server_startlldprocessors | | |
+|StartODBCPollers | zabbix_server_startodbcpollers | | |
+|StartPingers | zabbix_server_startpingers | 1 | |
+|StartPollers | zabbix_server_startpollers | 5 | |
+|StartPollersUnreachable | zabbix_server_startpollersunreachable | 1 | |
+|StartPreprocessors | zabbix_server_startpreprocessors | | |
+|StartProxyPollers | zabbix_server_startproxypollers | | |
+|StartReportWriters | zabbix_server_startreportwriters | 0 | |
+|StartSNMPTrapper | zabbix_server_startsnmptrapper | 0 | |
+|StartTimers | zabbix_server_starttimers | 1 | |
+|StartTrappers | zabbix_server_starttrappers | 5 | |
+|StartVMwareCollectors | zabbix_server_startvmwarecollectors | 0 | |
+|StasAllowedIP | zabbix_server_statsallowedip | | |
+|Timeout | zabbix_server_timeout | 3 | |
+|TLSCAFile | zabbix_server_tlscafile | | |
+|TLSCertFile | zabbix_server_tlscertfile | | |
+|TLSCipherAll | zabbix_server_tlscipherall | | |
+|TLSCipherAll13 | zabbix_server_tlscipherall13 | | |
+|TLSCipherCert | zabbix_server_tlsciphercert | | |
+|TLSCipherCert13 | zabbix_server_tlsciphercert13 | | |
+|TLSCipherPSK | zabbix_server_tlscipherpsk | | |
+|TLSCipherPSK13 | zabbix_server_tlscipherpsk13 | | |
+|TLSCRLFile | zabbix_server_tlscrlfile | | |
+|TLSKeyFile | zabbix_server_tlskeyfile | | |
+|TmpDir | zabbix_server_tmpdir | /tmp | |
+|TrapperTimeout | zabbix_server_trappertimeout | 300 | |
+|TrendCacheSize | zabbix_server_trendcachesize | | |
+|TrendFunctionCacheSize | zabbix_server_trendfunctioncachesize | | |
+|UnavailableDelay | zabbix_server_unavailabledelay | 60 | |
+|UnreachableDelay | zabbix_server_unreachabledelay | 15 | |
+|UnreachablePeriod | zabbix_server_unreachableperiod | 45 | |
+|User | zabbix_server_user | zabbix | |
+|ValueCacheSize | zabbix_server_valuecachesize | | |
+|Vault | zabbix_server_vault | | Version 6.2 or later |
+|VaultDBPath | zabbix_server_vaultdbpath | | |
+|VaultTLSKeyFile | zabbix_server_vaulttlskeyfile | | Version 6.2 or later |
+|VaultTLSCertFile | zabbix_server_vaulttlscertfile | | Version 6.2 or later |
+|VaultToken | zabbix_server_vaulttoken | | |
+|VaultURL | zabbix_server_vaulturl | https://127.0.0.1:8200 | |
+|VMwareCacheSize | zabbix_server_vmwarecachesize | | |
+|VMwareFrequency | zabbix_server_vmwarefrequency | 60 | |
+|VMwarePerfFrequency | zabbix_server_vmwareperffrequency | 60 | |
+|VMwareTimeout | zabbix_server_vmwaretimeout | 10 | |
+|WebServiceURL | zabbix_server_webserviceurl | | |
+
+## Tags
+
+The majority of tasks within this role are tagged as follows:
+
+* `install`: Tasks associated with the installation of software.
+* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation.
+* `database`: Tasks associated with the installation or configuration of the database.
+* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server.
+* `config`: Tasks associated with the configuration of Zabbix or a supporting service.
+* `service`: Tasks associated with managing a service.
+
# Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
index e9b837c99..6aec202dd 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
@@ -1,28 +1,52 @@
---
# defaults file for zabbix_server
+# zabbix_server_version:
+zabbix_os_user: zabbix
+zabbix_service_enabled: true
+zabbix_server_manage_service: true
-# zabbix_server_version: 6.0
-zabbix_server_version_minor: "*"
-zabbix_version: "{{ zabbix_server_version }}"
-zabbix_repo: zabbix
-
-zabbix_server_apt_priority:
-zabbix_server_package_state: present
-zabbix_server_install_recommends: true
+# Database
+zabbix_server_database_sqlload: true
+zabbix_server_database_timescaledb: false
+zabbix_server_real_dbhost:
+zabbix_server_dbhost: localhost
+zabbix_server_dbname: zabbix-server
+zabbix_server_privileged_host: localhost
+zabbix_server_dbencoding: utf8
+zabbix_server_dbcollation: utf8_bin
+zabbix_server_dbschema:
+zabbix_server_dbuser: zabbix-server
+zabbix_server_dbpassword: zabbix-server
+zabbix_server_dbpassword_hash_method: md5
+zabbix_server_dbsocket:
+zabbix_server_dbport: 5432
+zabbix_server_dbhost_run_install: true
+zabbix_server_database: pgsql
+zabbix_server_database_creation: true
zabbix_server_install_database_client: true
-zabbix_server_conf_mode: 0640
+# SELinux specific
+zabbix_server_selinux: false
+selinux_allow_zabbix_can_network: false
+selinux_allow_zabbix_can_http: false
+
+#Misc.
+zabbix_server_include_mode: "0755"
+zabbix_server_config: /etc/zabbix/zabbix_server.conf
zabbix_service_state: started
-zabbix_service_enabled: true
+# Yum/APT Variables
+zabbix_server_version_minor: "*"
+zabbix_server_package_state: present
zabbix_repo_yum_gpgcheck: 0
zabbix_repo_yum_schema: https
-zabbix_repo_yum_disabled: "*"
-zabbix_repo_yum_enabled: []
+zabbix_repo_deb_component: main
+zabbix_server_disable_repo:
+ - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
- baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
+ baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_server_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
mode: "0644"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
@@ -34,128 +58,58 @@ zabbix_repo_yum:
gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_server_apt_priority:
+zabbix_server_install_recommends: true
+zabbix_server_conf_mode: 0640
-# User (EPEL specific)
-zabbix_server_username: zabbix
-zabbix_server_groupname: zabbix
-
-# Database
-zabbix_server_database: pgsql
-zabbix_server_database_long: postgresql
-zabbix_database_creation: true
-zabbix_database_sqlload: true
-zabbix_database_timescaledb: false
-zabbix_server_dbtlsconnect:
-zabbix_server_dbtlscafile:
-zabbix_server_dbtlscertfile:
-zabbix_server_dbtlskeyfile:
-zabbix_server_dbtlscipher:
-zabbix_server_dbtlscipher13:
-
-# zabbix-server specific vars
+# Server Configuration Variables (Only ones with role provided defaults)
+zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts
+zabbix_server_allowroot: 0
+zabbix_server_allowunsupporteddbversions: 0
+zabbix_server_debuglevel: 3
+zabbix_server_exportfilesize: 1G
+zabbix_server_externalscriptspath: /usr/lib/zabbix/externalscripts
+zabbix_server_historystoragedateindex: 0
+zabbix_server_historystoragetypes: uint,dbl,str,log,text
+zabbix_server_housekeepingfrequency: 1
+zabbix_server_include: /etc/zabbix/zabbix_server.conf.d
+zabbix_server_javagatewayport: 10052
zabbix_server_listenport: 10051
-zabbix_server_sourceip:
-zabbix_server_logtype: file
+zabbix_server_loadmodulepath: ${libdir}/modules
zabbix_server_logfile: /var/log/zabbix/zabbix_server.log
zabbix_server_logfilesize: 10
-zabbix_server_debuglevel: 3
+zabbix_server_logslowqueries: 0
+zabbix_server_logtype: file
+zabbix_server_maxhousekeeperdelete: 500
zabbix_server_pidfile: /var/run/zabbix/zabbix_server.pid
+zabbix_server_proxydatafrequency: 1
+zabbix_server_snmptrapperfile: /tmp/zabbix_traps.tmp
zabbix_server_socketdir: /var/run/zabbix
-zabbix_server_real_dbhost:
-zabbix_server_dbhost: localhost
-zabbix_server_dbname: zabbix-server
-zabbix_server_dbencoding: utf8
-zabbix_server_dbcollation: utf8_bin
-zabbix_server_dbschema:
-zabbix_server_dbuser: zabbix-server
-zabbix_server_dbpassword: zabbix-server
-zabbix_server_dbsocket:
-zabbix_server_dbport: 5432
-zabbix_server_dbhost_run_install: true
-zabbix_server_dbpassword_hash_method: md5
-zabbix_server_allowunsupporteddbversions: 0
-zabbix_server_privileged_host: localhost
-zabbix_server_historystorageurl:
-zabbix_server_historystoragetypes: uint,dbl,str,log,text
-zabbix_server_historystoragedateindex: 0
-zabbix_server_exportdir:
-zabbix_server_exportfilesize: 1G
-zabbix_server_startpollers: 5
-zabbix_server_startlldprocessors: 2
-zabbix_server_startipmipollers: 0
-zabbix_server_startpollersunreachable: 1
-zabbix_server_starttrappers: 5
-zabbix_server_startpingers: 1
+zabbix_server_sslcertlocation: ${datadir}/zabbix/ssl/certs
+zabbix_server_sslkeylocation: ${datadir}/zabbix/ssl/keys
+zabbix_server_startdbsyncers: 4
zabbix_server_startdiscoverers: 1
+zabbix_server_startescalators: 1
zabbix_server_starthttppollers: 1
-zabbix_server_startpreprocessors: 3
-zabbix_server_connectors: 0
-zabbix_server_startodbcpollers: 1
+zabbix_server_startipmipollers: 0
+zabbix_server_startjavapollers: 0
+zabbix_server_startpingers: 1
+zabbix_server_startpollers: 5
+zabbix_server_startpollersunreachable: 1
+zabbix_server_startproxypollers: 1
+zabbix_server_startreportwriters: 0
+zabbix_server_startsnmptrapper: 0
zabbix_server_starttimers: 1
-zabbix_server_starthistorypollers: 5
-zabbix_server_javagateway:
-zabbix_server_javagatewayport: 10052
-zabbix_server_startjavapollers: 5
+zabbix_server_starttrappers: 5
zabbix_server_startvmwarecollectors: 0
-zabbix_server_vmwarefrequency: 60
-zabbix_server_vmwarecachesize: 8M
-zabbix_server_snmptrapperfile: /tmp/zabbix_traps.tmp
-zabbix_server_startsnmptrapper: 0
-zabbix_server_listenip:
-zabbix_server_housekeepingfrequency: 1
-zabbix_server_maxhousekeeperdelete: 500
-zabbix_server_senderfrequency: 30
-zabbix_server_cachesize: 32M
-zabbix_server_startdbsyncers: 4
-zabbix_server_historycachesize: 16M
-zabbix_server_historyindexcachesize: 4M
-zabbix_server_trendcachesize: 4M
-zabbix_server_trendfunctioncachesize: 4M
-zabbix_server_historytextcachesize: 16M
-zabbix_server_valuecachesize: 8M
-zabbix_server_nodenoevents: 0
-zabbix_server_nodenohistory: 0
zabbix_server_timeout: 3
+zabbix_server_tmpdir: /tmp
zabbix_server_trappertimeout: 300
-zabbix_server_unreachableperiod: 45
zabbix_server_unavailabledelay: 60
zabbix_server_unreachabledelay: 15
-zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts
-zabbix_server_externalscriptspath: /usr/lib/zabbix/externalscripts
-zabbix_server_sshkeylocation:
-zabbix_server_logslowqueries: 0
-zabbix_server_tmpdir: /tmp
-zabbix_server_startproxypollers: 1
-zabbix_server_proxydatafrequency: 1
-zabbix_server_allowroot: 0
+zabbix_server_unreachableperiod: 45
zabbix_server_user: zabbix
-zabbix_server_include: /etc/zabbix/zabbix_server.conf.d
-zabbix_server_include_mode: "0755"
-zabbix_server_sslcertlocation: ${datadir}/zabbix/ssl/certs
-zabbix_server_sslkeylocation: ${datadir}/zabbix/ssl/keys
-zabbix_server_sslcalocation:
-zabbix_server_loadmodulepath: ${libdir}/modules
-zabbix_server_loadmodule:
-zabbix_server_tlscafile:
-zabbix_server_tlscrlfile:
-zabbix_server_tlscertfile:
-zabbix_server_tlskeyfile:
-zabbix_server_startescalators: 1
+zabbix_server_vaulturl: https://127.0.0.1:8200
+zabbix_server_vmwarefrequency: 60
zabbix_server_vmwareperffrequency: 60
zabbix_server_vmwaretimeout: 10
-zabbix_server_manage_service: true
-zabbix_server_vaulttoken:
-zabbix_server_vaulturl: https://127.0.0.1:8200
-zabbix_server_vaultdbpath:
-zabbix_server_startreportwriters: 0
-zabbix_server_webserviceurl:
-zabbix_server_servicemanagersyncfrequency: 60
-zabbix_server_problemhousekeepingfrequency: 60
-zabbix_server_listenbacklog:
-zabbix_server_hanodename:
-zabbix_server_nodeaddress:
-
-# SELinux specific
-zabbix_selinux: false
-selinux_allow_zabbix_can_network: false
-selinux_allow_zabbix_can_http: false
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml
index 74b15bdc5..b0e272e2d 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/handlers/main.yml
@@ -2,7 +2,7 @@
# handlers file for wdijkerman.zabbix
- name: zabbix-server restarted
- service:
+ ansible.builtin.service:
name: zabbix-server
state: restarted
enabled: true
@@ -10,20 +10,9 @@
become: true
when:
- zabbix_server_manage_service | bool
- - zabbix_repo != 'epel'
-
-- name: zabbix-server restarted
- service:
- name: zabbix-proxy-mysql{{ zabbix_proxy_database_long }}
- state: restarted
- enabled: true
- become: true
- when:
- - zabbix_proxy_manage_service | bool
- - zabbix_repo == 'epel'
- name: "clean repo files from proxy creds"
- shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+ ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
become: true
when:
- ansible_os_family == 'RedHat'
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
index d7d9a08e3..ccfe6f121 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
@@ -1,76 +1,47 @@
---
-
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
-
-- name: "Set some variables"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_server_apt_repository:
- - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/"
- - "{{ ansible_distribution_release }}"
- - "main"
- zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}"
- zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
- when:
- - ansible_machine != "aarch64"
-
-- name: "Set some variables"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_server_apt_repository:
- - "http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/"
- - "{{ ansible_distribution_release }}"
- - "main"
- zabbix_underscore_version: "{{ zabbix_version | regex_replace('\\.', '_') }}"
+- name: "Debian | Set some variables"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}"
+ zabbix_underscore_version: "{{ zabbix_server_version | regex_replace('\\.', '_') }}"
zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
- when:
- - ansible_machine == "aarch64"
-
-
-- name: "Debian | Set some facts"
- set_fact:
- datafiles_path: /usr/share/zabbix-server-{{ zabbix_server_database }}
- when:
- - zabbix_version is version('3.0', '<')
tags:
- - zabbix-server
- - init
- - config
+ - always
-- name: "Debian | Set some facts for Zabbix >= 3.0 && < 5.4"
- set_fact:
- datafiles_path: /usr/share/doc/zabbix-server-{{ zabbix_server_database }}
- when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_version is version('5.4', '<')
+- name: "Debian | Installing lsb-release"
+ ansible.builtin.apt:
+ pkg: lsb-release
+ update_cache: true
+ cache_valid_time: 3600
+ force: true
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ become: true
tags:
- - zabbix-server
- - init
- - config
+ - install
-- name: "Debian | Set some facts for Zabbix == 5.4"
- set_fact:
- datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_server_database_long }}
+- name: "Debian | Update ansible_lsb fact"
+ ansible.builtin.setup:
+ gather_subset:
+ - lsb
+
+- name: "Debian | Repo URL"
+ ansible.builtin.set_fact:
+ zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
when:
- - zabbix_version is version('5.4', '==')
+ - zabbix_repo_deb_url is undefined
tags:
- - zabbix-server
- - init
- - config
+ - always
-- name: "Debian | Set some facts for Zabbix >= 6.0"
- set_fact:
- datafiles_path: /usr/share/zabbix-sql-scripts/{{ zabbix_server_database_long }}
- when:
- - zabbix_version is version('6.0', '>=')
+- name: "Debian | Set some facts for Zabbix"
+ ansible.builtin.set_fact:
+ datafiles_path: /usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}
tags:
- - zabbix-server
- - init
- - config
+ - always
- name: "Debian | Installing gnupg"
- apt:
+ ansible.builtin.apt:
pkg: gnupg
update_cache: true
cache_valid_time: 3600
@@ -82,90 +53,104 @@
register: gnupg_installed
until: gnupg_installed is succeeded
become: true
+ tags:
+ - install
+
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/
+ state: directory
+ mode: "0755"
+ become: true
+ when:
+ - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
-- name: "Debian | Install gpg key"
- apt_key:
- id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}"
+- name: "Debian | Download gpg key"
+ ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
+ dest: "{{ zabbix_gpg_key }}"
+ mode: "0644"
+ force: true
register: zabbix_server_repo_files_installed
until: zabbix_server_repo_files_installed is succeeded
- when:
- - zabbix_repo == "zabbix"
become: true
tags:
- - zabbix-server
- - init
+ - install
- name: "Debian | Installing repository {{ ansible_distribution }}"
- apt_repository:
- repo: "{{ item }} {{ zabbix_server_apt_repository | join(' ') }}"
- state: present
- when: zabbix_repo == "zabbix"
+ ansible.builtin.copy:
+ dest: /etc/apt/sources.list.d/zabbix.sources
+ owner: root
+ group: root
+ mode: 0644
+ content: |
+ Types: deb deb-src
+ Enabled: yes
+ URIs: {{ zabbix_repo_deb_url }}
+ Suites: {{ ansible_distribution_release }}
+ Components: {{ zabbix_repo_deb_component }}
+ Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+ Signed-By: {{ zabbix_gpg_key }}
become: true
- with_items:
- - deb-src
- - deb
tags:
- - zabbix-server
- - init
+ - install
- name: "Debian | Create /etc/apt/preferences.d/"
- file:
+ ansible.builtin.file:
path: /etc/apt/preferences.d/
state: directory
- mode: '0755'
+ mode: "0755"
when:
- zabbix_server_apt_priority | int
become: true
+ tags:
+ - install
- name: "Debian | Configuring the weight for APT"
- copy:
+ ansible.builtin.copy:
dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}"
content: |
Package: zabbix_server-{{ zabbix_proxy_database }}
Pin: origin repo.zabbix.com
Pin-Priority: {{ zabbix_server_apt_priority }}
owner: root
- mode: '0644'
+ mode: "0644"
when:
- zabbix_server_apt_priority | int
become: true
-
-- name: Check if warn parameter can be used for shell module
- set_fact:
- produce_warn: False
- when: ansible_version.full is version("2.14", "<")
-
-- name: apt-get clean
- shell: apt-get clean; apt-get update
- args:
- warn: "{{ produce_warn | default(omit) }}"
- changed_when: false
- become: true
tags:
- - skip_ansible_lint
+ - install
# On certain 18.04 images, such as docker or lxc, dpkg is configured not to
# install files into paths /usr/share/doc/*
# Since this is where Zabbix installs its database schemas, we need to allow
# files to be installed to /usr/share/doc/zabbix*
-- name: Check for the dpkg exclude line
- command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes
+- name: "Debian | Check for the dpkg exclude line"
+ ansible.builtin.command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes
register: dpkg_exclude_line
failed_when: false
changed_when: false
check_mode: false
+ become: true
+ tags:
+ - install
-- name: Allow Zabbix dpkg installs to /usr/share/doc/zabbix*
- lineinfile:
+- name: "Debian | Allow Zabbix dpkg installs to /usr/share/doc/zabbix*"
+ ansible.builtin.lineinfile:
path: /etc/dpkg/dpkg.cfg.d/excludes
- line: 'path-include=/usr/share/doc/zabbix*'
+ line: "path-include=/usr/share/doc/zabbix*"
become: true
when:
- dpkg_exclude_line.rc == 0
+ tags:
+ - install
- name: "Debian | Installing zabbix-server-{{ zabbix_server_database }}"
- apt:
+ ansible.builtin.apt:
pkg: zabbix-server-{{ zabbix_server_database }}
state: "{{ zabbix_server_package_state }}"
update_cache: true
@@ -179,11 +164,10 @@
until: zabbix_server_package_installed is succeeded
become: true
tags:
- - zabbix-server
- - init
+ - install
- name: "Debian | Installing zabbix-sql-scripts"
- apt:
+ ansible.builtin.apt:
pkg: zabbix-sql-scripts
state: "{{ zabbix_server_package_state }}"
update_cache: true
@@ -196,84 +180,61 @@
register: zabbix_server_package_sql_installed
until: zabbix_server_package_sql_installed is succeeded
when:
- - zabbix_version is version('5.4', '>=')
- become: true
- tags:
- - zabbix-server
- - init
-
-- name: "Debian | Install Ansible module dependencies"
- apt:
- name: "{{ zabbix_python_prefix }}-psycopg2"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_database_creation
- tags:
- - zabbix-server
- - init
-
-- name: "Debian | Install Mysql Client package"
- apt:
- name:
- - default-mysql-client
- - "{{ zabbix_python_prefix }}-mysqldb"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
+ - zabbix_server_version is version('5.4', '>=')
become: true
- when:
- - zabbix_server_database == 'mysql'
- - zabbix_server_install_database_client
- - ansible_distribution_release != "buster"
tags:
- - zabbix-server
- - init
- - database
-
-- name: "Debian 10 | Install Mysql Client package"
- apt:
- name:
- - mariadb-client
- - "{{ zabbix_python_prefix }}-mysqldb"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - zabbix_server_install_database_client
- - ansible_distribution_release == "buster"
- tags:
- - zabbix-server
- - init
- - database
-
-- name: "Debian | Install PostgreSQL Client package"
- apt:
- name: postgresql-client
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'pgsql'
- - zabbix_server_install_database_client
+ - install
+
+- name: "Debian | Install Database Client Package"
+ block:
+ - name: "Debian | Install Mysql Client package"
+ ansible.builtin.apt:
+ name:
+ - default-mysql-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_server_dependencies_installed
+ until: zabbix_server_dependencies_installed is succeeded
+ become: true
+ when:
+ - zabbix_server_database == 'mysql'
+ - ansible_distribution_release != "buster"
+
+ - name: "Debian 10 | Install Mysql Client package"
+ ansible.builtin.apt:
+ name:
+ - mariadb-client
+ - "{{ zabbix_python_prefix }}-mysqldb"
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_server_dependencies_installed
+ until: zabbix_server_dependencies_installed is succeeded
+ become: true
+ when:
+ - zabbix_server_database == 'mysql'
+ - ansible_distribution_release == "buster"
+
+ - name: "Debian | Install PostgreSQL Client package"
+ ansible.builtin.apt:
+ name:
+ - postgresql-client
+ - "{{ zabbix_python_prefix }}-psycopg2"
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_server_dependencies_installed
+ until: zabbix_server_dependencies_installed is succeeded
+ become: true
+ when:
+ - zabbix_server_database == 'pgsql'
+ when: zabbix_server_install_database_client
tags:
- - zabbix-server
- - init
+ - install
- database
+ - dependencies
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
index 5d6c33b31..fefd7e86c 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
@@ -1,191 +1,84 @@
---
# Tasks specific for RedHat systems
-- name: "Set short version name"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
+- name: "RedHat | Set short version name"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}"
+ tags:
+ - always
- name: "RedHat | Use Zabbix package name"
- set_fact:
+ ansible.builtin.set_fact:
zabbix_server_package: "zabbix-server-{{ zabbix_server_database }}"
- when:
- - zabbix_repo == "zabbix" or zabbix_repo == "other"
- tags:
- - zabbix-server
-
-- name: "RedHat | Use EPEL package name"
- set_fact:
- zabbix_server_package: "zabbix{{ zabbix_short_version }}-server-{{ zabbix_server_database }}"
- when:
- - zabbix_repo == "epel"
- tags:
- - zabbix-server
-
-- name: "RedHat | Set some facts Zabbix <= 3.2"
- set_fact:
- datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}-{{ zabbix_version }}*"
- when:
- - zabbix_version is version('3.2', '<=')
tags:
- - zabbix-server
+ - always
-- name: "RedHat | Set facts for Zabbix > 3.2 && < 5.4"
- set_fact:
- datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}*"
- when:
- - zabbix_version is version('3.2', '>')
- - zabbix_version is version('5.4', '<')
+- name: "RedHat | Set facts for Zabbix"
+ ansible.builtin.set_fact:
+ datafiles_path: "/usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
tags:
- - zabbix-server
+ - always
-- name: "RedHat | Set facts for Zabbix == 5.4"
- set_fact:
- datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_server_database_long }}"
- when:
- - zabbix_version is version('5.4', '==')
- tags:
- - zabbix-server
-
-- name: "RedHat | Set facts for Zabbix >= 6.0"
- set_fact:
- datafiles_path: "/usr/share/zabbix-sql-scripts/{{ zabbix_server_database_long }}"
- when:
- - zabbix_version is version('6.0', '>=')
- tags:
- - zabbix-server
-
-- name: "RedHat | Set facts for RHEL8"
- set_fact:
- datafiles_path: "/usr/share/doc/zabbix-server-{{ zabbix_server_database }}"
- when:
- - ansible_distribution_major_version == "8"
- - zabbix_version is version('5.4', '<')
- tags:
- - zabbix-server
-
-- name: "RedHat | Set some facts EPEL"
- set_fact:
- datafiles_path: "/usr/share/zabbix-{{ zabbix_server_database_long }}"
- when:
- - zabbix_repo == "epel"
- tags:
- - zabbix-server
-
-- name: "RedHat | Create 'zabbix' group (EPEL)"
- group:
- name: "{{ zabbix_server_groupname | default('zabbix') }}"
- gid: "{{ zabbix_server_groupid | default(omit) }}"
- state: present
- become: true
- when:
- - zabbix_repo == "epel"
-
-- name: "RedHat | Create 'zabbix' user (EPEL)"
- user:
- name: "{{ zabbix_server_username | default('zabbix') }}"
- comment: Zabbix Monitoring System
- uid: "{{ zabbix_server_userid | default(omit) }}"
- group: zabbix
- become: true
- when:
- - zabbix_repo == "epel"
-
-- name: "Make sure old file is absent"
- file:
+- name: "RedHat | Make sure old file is absent"
+ ansible.builtin.file:
path: /etc/yum.repos.d/zabbix-supported.repo
state: absent
become: true
+ tags:
+ - install
- name: "RedHat | Install basic repo file"
- yum_repository:
+ ansible.builtin.yum_repository:
name: "{{ item.name }}"
description: "{{ item.description }}"
baseurl: "{{ item.baseurl }}"
gpgcheck: "{{ item.gpgcheck }}"
gpgkey: "{{ item.gpgkey }}"
mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
+ priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
- when:
- zabbix_repo == "zabbix"
notify:
- "clean repo files from proxy creds"
tags:
- - zabbix-server
+ - install
- name: "RedHat | Installing zabbix-server-{{ zabbix_server_database }}"
- package:
+ ansible.builtin.package:
pkg: "{{ zabbix_server_package }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
state: "{{ zabbix_server_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_server_package_installed
until: zabbix_server_package_installed is succeeded
- when:
- zabbix_repo != "other"
become: true
tags:
- - zabbix-server
-
-- name: "RedHat | Installing zabbix-server-{{ zabbix_server_database }} (When zabbix_repo == other)"
- package:
- pkg: "{{ zabbix_server_package }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
- state: "{{ zabbix_server_package_state }}"
- register: zabbix_server_package_installed
- until: zabbix_server_package_installed is succeeded
- when:
- zabbix_repo == "other"
- become: true
- tags:
- - zabbix-server
+ - install
- name: "RedHat | Installing zabbix-sql-scripts"
- package:
- pkg: "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
- state: "{{ zabbix_server_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_sql_package_installed
- until: zabbix_server_sql_package_installed is succeeded
- when:
- - zabbix_version is version('5.4', '>=')
- - zabbix_repo != "other"
- become: true
- tags:
- - zabbix-server
-
-
-- name: "RedHat | Installing zabbix-sql-scripts (When zabbix_repo == other)"
- package:
+ ansible.builtin.package:
pkg: "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
state: "{{ zabbix_server_package_state }}"
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_server_sql_package_installed
until: zabbix_server_sql_package_installed is succeeded
when:
- - zabbix_version is version('5.4', '>=')
- - zabbix_repo == "other"
+ - zabbix_server_version is version('6.0', '>=')
become: true
tags:
- - zabbix-server
+ - install
- name: "RedHat | Install Ansible module dependencies"
- yum:
- name: python-psycopg2
+ ansible.builtin.yum:
+ name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}"
state: present
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
@@ -194,103 +87,46 @@
until: zabbix_server_dependencies_installed is succeeded
become: true
when:
- - zabbix_database_creation
+ - zabbix_server_database_creation
- zabbix_server_database == 'pgsql'
- - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
tags:
- - zabbix-server
-
-- name: "RedHat | Install Ansible module dependencies on RHEL9 or RHEL8"
- yum:
- name: python3-psycopg2
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_database_creation
- - zabbix_server_database == 'pgsql'
- - ansible_distribution_major_version|int >= 8
- tags:
- - zabbix-server
-
-- name: "RedHat | Install Mysql Client packages RHEL9 or RHEL8"
- yum:
- name:
- - mysql
- - python3-PyMySQL
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - zabbix_server_install_database_client
- - ansible_distribution_major_version|int >= 8
- tags:
- - zabbix-server
-
-- name: "RedHat | Install Mysql Client package RHEL7"
- yum:
- name:
- - mariadb
- - MySQL-python
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - zabbix_server_install_database_client
- - ansible_distribution_major_version == "7"
- tags:
- - zabbix-server
-
-- name: "RedHat | Install Mysql Client package RHEL5 - 6"
- yum:
- name:
- - mysql
- - MySQL-python
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - zabbix_server_install_database_client
- - ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5"
- tags:
- - zabbix-server
-
-- name: "RedHat | Install PostgreSQL client package"
- yum:
- name: postgresql
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'pgsql'
- - zabbix_server_install_database_client
- tags:
- - zabbix-server
-
-- name: "Configure SELinux when enabled"
- include_tasks: selinux.yml
- when:
- - zabbix_selinux | bool
+ - install
+ - dependencies
+
+- name: RedHat | Install Database Client Package
+ block:
+ - name: "RedHat | Install Mysql Client packages"
+ ansible.builtin.yum:
+ name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}"
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_server_dependencies_installed
+ until: zabbix_server_dependencies_installed is succeeded
+ become: true
+ when:
+ - zabbix_server_database == 'mysql'
+
+ - name: "RedHat | Install PostgreSQL client package"
+ ansible.builtin.yum:
+ name: postgresql
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_server_dependencies_installed
+ until: zabbix_server_dependencies_installed is succeeded
+ become: true
+ when:
+ - zabbix_server_database == 'pgsql'
+ when: zabbix_server_install_database_client
+ tags:
+ - install
+ - dependencies
+ - database
+
+- name: "RedHat | Configure SELinux when enabled"
+ ansible.builtin.include_tasks: selinux.yml
+ when:
+ - zabbix_server_selinux | bool
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
index d3264883d..62674a7ff 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
@@ -1,56 +1,74 @@
---
-# tasks file for wdijkerman.zabbix
-
-- name: "Include OS-specific variables"
- include_vars: "{{ ansible_os_family }}.yml"
+- name: Include OS-specific variables
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+ tags:
+ - always
- name: Determine Latest Supported Zabbix Version
- set_fact:
- zabbix_server_version: "{{ zabbix_valid_server_versions[ansible_distribution_major_version][0] | default(6.0) }}"
+ ansible.builtin.set_fact:
+ zabbix_server_version: "{{ zabbix_valid_server_versions[ansible_distribution_major_version][0] | default(6.4) }}"
when: zabbix_server_version is not defined
+ tags:
+ - always
+
+- name: Set More Variables
+ ansible.builtin.set_fact:
+ zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
+ zabbix_valid_version: "{{ zabbix_server_version|float in zabbix_valid_server_versions[ansible_distribution_major_version] }}"
+ zabbix_server_fpinglocation: "{{ zabbix_server_fpinglocation if zabbix_server_fpinglocation is defined else _zabbix_server_fpinglocation}}"
+ zabbix_server_fping6location: "{{ zabbix_server_fping6location if zabbix_server_fping6location is defined else _zabbix_server_fping6location}}"
+ tags:
+ - always
+
+- name: Stopping Install of Invalid Version
+ ansible.builtin.fail:
+ msg: Zabbix version {{ zabbix_server_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+ when: not zabbix_valid_version
+ tags:
+ - always
-- name: "Install the correct repository"
- include_tasks: "{{ ansible_os_family }}.yml"
+- name: Install the correct repository
+ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
-- name: "Installing the {{ zabbix_server_database_long }} database"
- include_tasks: "{{ zabbix_server_database_long }}.yml"
+- name: Installing the {{ zabbix_db_type_long }} database
+ ansible.builtin.include_tasks: "{{ zabbix_db_type_long }}.yml"
- name: "Configure zabbix-server"
- template:
+ ansible.builtin.template:
src: zabbix_server.conf.j2
- dest: /etc/zabbix/zabbix_server.conf
- owner: zabbix
- group: zabbix
+ dest: "{{ zabbix_server_config }}"
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: "{{ zabbix_server_conf_mode }}"
+ become: true
notify:
- zabbix-server restarted
tags:
- - zabbix-server
- - init
- config
- name: "Create include dir zabbix-server"
- file:
+ ansible.builtin.file:
path: "{{ zabbix_server_include }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
state: directory
mode: "{{ zabbix_server_include_mode }}"
+ become: true
tags:
- - zabbix-server
- - init
+ - install
- config
- name: "Add zabbix-server scripts"
- include_tasks: "scripts.yml"
+ ansible.builtin.include_tasks: "scripts.yml"
when: ( zabbix_server_alertscripts is defined ) or
( zabbix_server_externalscripts is defined )
- name: "Zabbix-server started"
- service:
+ ansible.builtin.service:
name: zabbix-server
state: "{{ zabbix_service_state }}"
enabled: "{{ zabbix_service_enabled }}"
+ become: true
tags:
- - zabbix-server
+ - service
when: zabbix_server_manage_service | bool
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml
index 9e419b125..aad009816 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml
@@ -1,21 +1,28 @@
---
# task file for mysql
-- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- set_fact:
+
+- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}"
when:
- zabbix_server_dbhost_run_install
+ tags:
+ - database
-- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- set_fact:
+- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ inventory_hostname }}"
when:
- not zabbix_server_dbhost_run_install
+ tags:
+ - database
-- name: "Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer"
- set_fact:
+- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_server_real_dbhost }}"
when: zabbix_server_real_dbhost | default(false)
+ tags:
+ - database
- name: "MySQL | Create database"
community.mysql.mysql_db:
@@ -28,11 +35,10 @@
login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
state: present
- when: zabbix_database_creation
+ when: zabbix_server_database_creation
register: zabbix_database_created
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
- skip_ansible_lint
@@ -45,57 +51,44 @@
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbuser }}"
password: "{{ zabbix_server_dbpassword }}"
+ plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}"
priv: "{{ zabbix_server_dbname }}.*:ALL"
host: "{{ zabbix_server_privileged_host }}"
state: present
- when: zabbix_database_creation
+ when: zabbix_server_database_creation
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
-- name: "Get the file for create.sql >= 3.0"
- shell: ls -1 {{ datafiles_path }}/{{ 'create' if zabbix_version is version('6.0', '<') else 'server' }}.sq*
+- name: "MySQL | Get the file for create.sql"
+ ansible.builtin.shell: ls -1 {{ datafiles_path }}/{{ 'create' if zabbix_server_version is version('6.0', '<') else 'server' }}.sq*
changed_when: false
+ become: true
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
register: ls_output_create
tags:
- - zabbix-server
- database
- name: MySQL | Get current database version
- shell: |
+ ansible.builtin.shell: |
mysql -h {{ zabbix_server_dbhost }} -u{{ zabbix_server_dbuser }} \
-p'{{ zabbix_server_dbpassword }}' -D '{{ zabbix_server_dbname }}' \
-e 'SELECT mandatory FROM dbversion;'
register: mysql_db_version
+ become: true
changed_when: false
ignore_errors: true
+ tags:
+ - database
# If the above check failed, then there was no dbversion table in the database.
# We'll create it, below. Otherwise, we can access the database version in
# `mysql_db_version["stdout_lines"][1]`, for example 5000000 for Zabbix 5.0.
- name: MySQL | Check if database needs to be populated
- set_fact:
+ ansible.builtin.set_fact:
mysql_schema_empty: "{{ mysql_db_version is failed }}"
-- name: "MySQL | Get version_comment"
- community.mysql.mysql_variables:
- variable: version
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- delegate_to: "{{ delegated_dbhost }}"
- register: install_mysql_version
- tags:
- - zabbix-server
- - database
-
- name: "MySQL | Get current value for innodb_default_row_format"
community.mysql.mysql_variables:
variable: innodb_default_row_format
@@ -106,11 +99,7 @@
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
delegate_to: "{{ delegated_dbhost }}"
register: mysql_innodb_default_row_format
- when:
- - not ansible_check_mode
- - install_mysql_version.msg is version('5.6', '>=')
tags:
- - zabbix-server
- database
- name: "MySQL | Set innodb_default_row_format to dynamic"
@@ -123,15 +112,11 @@
login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
- - install_mysql_version.msg is version('5.6', '>=')
- mysql_innodb_default_row_format.msg != 'dynamic'
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
- name: "MySQL | Disable InnoDB Strict Mode"
@@ -144,45 +129,45 @@
login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
- - install_mysql_version.msg is version('5.6', '>=')
- ansible_distribution_release == "buster"
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
-- name: "Fetch sql create file"
+- name: "MySQL | Fetch sql create file"
fetch:
src: "{{ ls_output_create.stdout }}"
dest: /tmp/{{ role_name }}/
flat: true
+ become: true
when:
- delegated_dbhost != inventory_hostname
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
+ tags:
+ - database
-- name: "Copy sql create file"
- copy:
+- name: "MySQL | Copy sql create file"
+ ansible.builtin.copy:
src: /tmp/{{ role_name }}/
dest: "{{ ls_output_create.stdout | dirname }}"
- mode: '0640'
+ mode: "0640"
delegate_to: "{{ delegated_dbhost }}"
+ become: true
when:
- delegated_dbhost != inventory_hostname
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
+ tags:
+ - database
-- name: "MySQL | Create database and import file >= 3.0"
+- name: "MySQL | Create database and import file"
community.mysql.mysql_db:
login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_user: "{{ zabbix_server_dbuser if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_user }}"
+ login_password: "{{ zabbix_server_dbpassword if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_password }}"
login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbname }}"
@@ -190,118 +175,39 @@
collation: "{{ zabbix_server_dbcollation }}"
state: import
target: "{{ ls_output_create.stdout }}"
+ use_shell: "{{ true if zabbix_server_version is version('5.0', '==') else false }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
- name: "MySQL | Revert innodb_default_row_format to previous value"
community.mysql.mysql_variables:
variable: innodb_default_row_format
- value: '{{ mysql_innodb_default_row_format.msg }}'
+ value: "{{ mysql_innodb_default_row_format.msg }}"
login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
- mysql_innodb_default_row_format.msg != 'dynamic'
delegate_to: "{{ delegated_dbhost }}"
tags:
- - zabbix-server
- database
-- name: "Check if we have sql_done files >= 3.0"
- file:
+- name: "MySQL | Check if we have sql_done files"
+ ansible.builtin.file:
path: /etc/zabbix/create.done
state: touch
- mode: '0644'
+ mode: "0644"
+ become: true
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload | bool
- - zabbix_repo != "epel"
+ - zabbix_server_database_sqlload | bool
- mysql_schema_empty
-
-- name: "Get the correct path for the SQL files < 3.0"
- shell: ls -1 {{ datafiles_path }}/{{ mysql_create_dir }}{{ item }}.sql*
- changed_when: false
- register: ls_output_schema
- with_items:
- - schema
- - images
- - data
- when:
- - zabbix_version is version('3.0', '<')
- - zabbix_database_sqlload | bool
- tags:
- - zabbix-server
- - database
-
-- name: "Check if we have done files < 3.0"
- stat:
- path: /etc/zabbix/{{ item }}.done
- register: done_files
- with_items:
- - schema
- - images
- - data
- when:
- - zabbix_version is version('3.0', '<')
- - zabbix_database_sqlload | bool
- tags:
- - zabbix-server
- - database
-
-- name: "Create fact if sql_done files exists"
- set_fact:
- sql_files_executed: "{{ sql_files_executed | default({}) | combine({item.item: item.stat}) }}"
- with_items: "{{ done_files.results }}"
- when:
- - zabbix_version is version('3.0', '<')
- - zabbix_database_sqlload | bool
- tags:
- - zabbix-server
- - database
-
-- name: "MySQL | Create database and import files < 3.0"
- community.mysql.mysql_db:
- name: "{{ zabbix_server_dbname }}"
- encoding: "{{ zabbix_server_dbencoding }}"
- collation: "{{ zabbix_server_dbcollation }}"
- state: import
- target: "{{ item.stdout }}"
- with_items: "{{ ls_output_schema.results }}"
- when:
- - zabbix_version is version('3.0', '<')
- - zabbix_database_sqlload | bool
- - not sql_files_executed[item.item].exists
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - zabbix-server
- - database
-
-- name: "Check if we have sql_done files < 3.0"
- file:
- path: /etc/zabbix/{{ item }}.done
- state: touch
- mode: '0644'
- with_items:
- - schema
- - images
- - data
- when:
- - zabbix_version is version('3.0', '<')
- - zabbix_database_sqlload | bool
- - not sql_files_executed[item].exists
tags:
- - zabbix-server
- database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml
index 77e300c01..5177a55be 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml
@@ -1,17 +1,21 @@
---
# task file for postgresql
-- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- set_fact:
+- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}"
when:
- zabbix_server_dbhost_run_install
+ tags:
+ - database
-- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- set_fact:
+- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
+ ansible.builtin.set_fact:
delegated_dbhost: "{{ inventory_hostname }}"
when:
- not zabbix_server_dbhost_run_install
+ tags:
+ - database
- name: "PostgreSQL | Delegated"
block:
@@ -20,6 +24,7 @@
name: "{{ zabbix_server_dbname }}"
port: "{{ zabbix_server_dbport }}"
state: present
+
- name: "PostgreSQL | Delegated | Create database user"
community.postgresql.postgresql_user:
db: "{{ zabbix_server_dbname }}"
@@ -29,19 +34,19 @@
priv: ALL
state: present
encrypted: true
+
- name: "PostgreSQL | Delegated | Create timescaledb extension"
community.postgresql.postgresql_ext:
db: "{{ zabbix_server_dbname }}"
name: timescaledb
- when: zabbix_database_timescaledb
+ when: zabbix_server_database_timescaledb
become: true
become_user: postgres
delegate_to: "{{ delegated_dbhost }}"
when:
- - zabbix_database_creation
+ - zabbix_server_database_creation
- zabbix_server_pgsql_login_host is not defined
tags:
- - zabbix-server
- database
- name: "PostgreSQL | Remote"
@@ -55,6 +60,7 @@
name: "{{ zabbix_server_dbname }}"
port: "{{ zabbix_server_dbport }}"
state: present
+
- name: "PostgreSQL | Remote | Create database user"
community.postgresql.postgresql_user:
login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
@@ -67,6 +73,7 @@
priv: ALL
state: present
encrypted: true
+
- name: "PostgreSQL | Remote | Create timescaledb extension"
community.postgresql.postgresql_ext:
login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
@@ -75,23 +82,17 @@
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
db: "{{ zabbix_server_dbname }}"
name: timescaledb
- when: zabbix_database_timescaledb
+ when: zabbix_server_database_timescaledb
when:
- - zabbix_database_creation
+ - zabbix_server_database_creation
- zabbix_server_pgsql_login_host is defined
tags:
- - zabbix-server
- database
-- name: Check if warn parameter can be used for shell module
- set_fact:
- produce_warn: False
- when: ansible_version.full is version("2.14", "<")
-
- name: "PostgreSQL | Create schema"
- shell: |
+ ansible.builtin.shell: |
set -euxo pipefail
- FILE={{ 'create.sql' if zabbix_version is version('6.0', '<') else 'server.sql' }}
+ FILE={{ 'create.sql' if zabbix_server_version is version('6.0', '<') else 'server.sql' }}
cd {{ datafiles_path }}
if [ -f ${FILE}.gz ]
then zcat ${FILE}.gz > /tmp/create.sql
@@ -110,15 +111,14 @@
warn: "{{ produce_warn | default(omit) }}"
environment:
PGPASSWORD: "{{ zabbix_server_dbpassword }}"
+ become: true
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_sqlload
+ - zabbix_server_database_sqlload
tags:
- - zabbix-server
- database
- name: "PostgreSQL | Create TimescaleDB hypertables"
- shell: |
+ ansible.builtin.shell: |
set -euxo pipefail
cd {{ datafiles_path }} &&
if [ -f timescaledb.sql.gz ]; then zcat timescaledb.sql.gz > /etc/timescaledb.sql ; else cp -p timescaledb.sql /etc/timescaledb.sql ; fi
@@ -134,92 +134,8 @@
warn: "{{ produce_warn | default(omit) }}"
environment:
PGPASSWORD: "{{ zabbix_server_dbpassword }}"
+ become: true
when:
- - zabbix_version is version('3.0', '>=')
- - zabbix_database_timescaledb
- tags:
- - zabbix-server
- - database
-
-- name: "Get complete path"
- shell: ls -d {{ datafiles_path }}
- register: datafiles_path_full
- changed_when: false
- when:
- - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
- tags:
- - skip_ansible_lint
-
-- name: "Check if we have a create dir"
- stat:
- path: "{{ datafiles_path_full.stdout }}/create"
- register: create_dir_or_not
- when:
- - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
-
-- name: "Set fact"
- set_fact:
- datafiles_path: "{{ datafiles_path }}/create"
- when:
- - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
- - create_dir_or_not.stat.isdir is defined and create_dir_or_not.stat.isdir
- - create_dir_or_not.stat.exists
-
-- name: "PostgreSQL | Importing schema file"
- shell: |
- set -euxo pipefail
- cd {{ datafiles_path }}
- if [ -f schema.sql.gz ]; then zcat schema.sql.gz > /tmp/schema.sql ; else cp -p schema.sql /tmp/schema.sql ;fi
- cat /tmp/schema.sql | psql -h '{{ zabbix_server_dbhost }}' \
- -U '{{ zabbix_server_dbuser }}' \
- -d '{{ zabbix_server_dbname }}' \
- -p '{{ zabbix_server_dbport }}'
- touch /etc/zabbix/schema.done
- rm -f /etc/schema.sql
- args:
- creates: /etc/zabbix/schema.done
- executable: /bin/bash
- warn: "{{ produce_warn | default(omit) }}"
- environment:
- PGPASSWORD: "{{ zabbix_server_dbpassword }}"
- when:
- - (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
- tags:
- - zabbix-server
- - database
-
-- name: "PostgreSQL | Importing images file"
- shell: >
- cd {{ datafiles_path }} &&
- psql -h '{{ zabbix_server_dbhost }}'
- -U '{{ zabbix_server_dbuser }}'
- -d '{{ zabbix_server_dbname }}'
- -p '{{ zabbix_server_dbport }}'
- -f images.sql && touch /etc/zabbix/images.done
- args:
- creates: /etc/zabbix/images.done
- warn: "{{ produce_warn | default(omit) }}"
- environment:
- PGPASSWORD: "{{ zabbix_server_dbpassword }}"
- when: (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
- tags:
- - zabbix-server
- - database
-
-- name: "PostgreSQL | Importing data file"
- shell: >
- cd {{ datafiles_path }} &&
- psql -h '{{ zabbix_server_dbhost }}'
- -U '{{ zabbix_server_dbuser }}'
- -d '{{ zabbix_server_dbname }}'
- -p '{{ zabbix_server_dbport }}'
- -f data.sql && touch /etc/zabbix/data.done
- args:
- creates: /etc/zabbix/data.done
- warn: "{{ produce_warn | default(omit) }}"
- environment:
- PGPASSWORD: "{{ zabbix_server_dbpassword }}"
- when: (zabbix_version is version('3.0', '<') and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
+ - zabbix_server_database_timescaledb
tags:
- - zabbix-server
- database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml
index 418436128..b253f325a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/scripts.yml
@@ -1,20 +1,26 @@
---
- name: "Configure zabbix-server alertscripts"
- template:
+ ansible.builtin.template:
src: "{{ item.path }}"
dest: "{{ zabbix_server_alertscriptspath }}/{{ item.name }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: 0755
with_items: "{{ zabbix_server_alertscripts }}"
+ become: true
when: zabbix_server_alertscripts is defined
+ tags:
+ - config
- name: "Configure zabbix-server externalscripts"
- template:
+ ansible.builtin.template:
src: "{{ item.path }}"
dest: "{{ zabbix_server_externalscriptspath }}/{{ item.name }}"
- owner: zabbix
- group: zabbix
+ owner: "{{ zabbix_os_user }}"
+ group: "{{ zabbix_os_user }}"
mode: 0755
with_items: "{{ zabbix_server_externalscripts }}"
+ become: true
when: zabbix_server_externalscripts is defined
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
index 38a8d85fe..fe203aed1 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
@@ -1,27 +1,32 @@
---
-
# straight to getenforce binary , workaround for missing python_selinux library
-- name: "Get getenforce binary"
- stat:
+- name: "SELinux | Get getenforce binary"
+ ansible.builtin.stat:
path: /usr/sbin/getenforce
register: getenforce_bin
become: true
+ tags:
+ - always
-- name: "Collect getenforce output"
- command: getenforce
+- name: "SELinux | Collect getenforce output"
+ ansible.builtin.command: getenforce
register: sestatus
- when: 'getenforce_bin.stat.exists'
+ when: "getenforce_bin.stat.exists"
changed_when: false
become: true
check_mode: false
+ tags:
+ - always
-- name: "Set zabbix_selinux to true if getenforce returns Enforcing or Permissive"
- set_fact:
- zabbix_selinux: "{{ true }}"
+- name: "Set zabbix_server_selinux to true if getenforce returns Enforcing or Permissive"
+ ansible.builtin.set_fact:
+ zabbix_server_selinux: "{{ true }}"
when: 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)'
+ tags:
+ - config
- name: "SELinux | RedHat | Install related SELinux package"
- yum:
+ ansible.builtin.yum:
name:
- libsemanage-python
- policycoreutils
@@ -38,10 +43,10 @@
- selinux_allow_zabbix_can_network
- ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
tags:
- - zabbix-server
+ - install
-- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8"
- yum:
+- name: "SELinux | RedHat | Install related SELinux package on RHEL8"
+ ansible.builtin.yum:
name:
- python3-libsemanage
state: present
@@ -54,9 +59,9 @@
when:
- ansible_os_family == "RedHat"
- selinux_allow_zabbix_can_network
- - ansible_distribution_major_version|int >= 8
+ - ansible_distribution_major_version == "8"
tags:
- - zabbix-server
+ - install
- name: "SELinux | RedHat | Enable httpd_can_connect_zabbix SELinux boolean"
ansible.posix.seboolean:
@@ -67,7 +72,7 @@
when:
- selinux_allow_zabbix_can_http
tags:
- - zabbix-server
+ - config
- name: "SELinux | RedHat | Enable zabbix_can_network SELinux boolean"
ansible.posix.seboolean:
@@ -78,10 +83,10 @@
when:
- selinux_allow_zabbix_can_network
tags:
- - zabbix-server
+ - config
- name: "SELinux | RedHat | Install related SELinux package to fix issues"
- yum:
+ ansible.builtin.yum:
name:
- policycoreutils-python
state: present
@@ -95,10 +100,10 @@
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
tags:
- - zabbix-server
+ - install
-- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8"
- yum:
+- name: "SELinux | RedHat | Install related SELinux package to fix issues on RHEL8"
+ ansible.builtin.yum:
name:
- policycoreutils
- checkpolicy
@@ -112,13 +117,15 @@
become: true
when:
- ansible_os_family == "RedHat"
- - ansible_distribution_major_version|int >= 8
+ - ansible_distribution_major_version == "8"
tags:
- - zabbix-server
+ - install
- name: "SELinux | RedHat | Add SEmodule to fix SELinux issue: zabbix_server_alerter.sock"
- script:
+ ansible.builtin.script:
cmd: files/install_semodule.bsx
args:
creates: /etc/selinux/targeted/active/modules/400/zabbix_server_add/cil
become: true
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2
index 19c99aa33..489e9c9f5 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/templates/zabbix_server.conf.j2
@@ -4,261 +4,120 @@
# This configuration file is "minimalized", which means all the original comments
# are removed. The full documentation for your Zabbix Server can be found here:
-# https://www.zabbix.com/documentation/{{ zabbix_version }}/en/manual/appendix/config/zabbix_server
+# https://www.zabbix.com/documentation/{{ zabbix_server_version }}/en/manual/appendix/config/zabbix_server
-ListenPort={{ zabbix_server_listenport }}
-{% if zabbix_server_sourceip is defined and zabbix_server_sourceip %}
-SourceIP={{ zabbix_server_sourceip }}
-{% endif %}
-{% if zabbix_version is version('3.0', '>=') %}
-LogType={{ zabbix_server_logtype }}
-{% endif %}
-LogFile={{ zabbix_server_logfile }}
-LogFileSize={{ zabbix_server_logfilesize }}
-DebugLevel={{ zabbix_server_debuglevel }}
-{% if zabbix_version is version('3.4', '>=') %}
-SocketDir={{ zabbix_server_socketdir }}
-{% endif %}
-PidFile={{ zabbix_server_pidfile }}
-DBHost={{ zabbix_server_dbhost }}
-DBName={{ zabbix_server_dbname }}
-{% if zabbix_server_dbschema is defined and zabbix_server_dbschema %}
-DBSchema={{ zabbix_server_dbschema }}
-{% endif %}
-DBUser={{ zabbix_server_dbuser }}
-DBPassword={{ zabbix_server_dbpassword }}
-{% if zabbix_server_dbsocket is defined and zabbix_server_dbsocket %}
-DBSocket={{ zabbix_server_dbsocket }}
-{% endif %}
-{% if zabbix_server_dbport is defined and zabbix_server_dbport %}
-DBPort={{ zabbix_server_dbport }}
-{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
-AllowUnsupportedDBVersions={{ zabbix_server_allowunsupporteddbversions }}
-{% endif %}
-{% if zabbix_server_historystorageurl is defined and zabbix_server_historystorageurl %}
-HistoryStorageURL={{ zabbix_server_historystorageurl }}
-{% endif %}
-{% if zabbix_version is version('3.4', '>=') %}
-HistoryStorageTypes={{ zabbix_server_historystoragetypes }}
-{% endif %}
-{% if zabbix_version is version('4.0', '>=') %}
-HistoryStorageDateIndex={{ zabbix_server_historystoragedateindex }}
-{% endif %}
-{% if zabbix_version is version('4.0', '>=') %}
-{% if zabbix_server_exportdir is defined and zabbix_server_exportdir %}
-ExportDir={{ zabbix_server_exportdir }}
-{% endif %}
-{% endif %}
-{% if zabbix_version is version('4.0', '>=') %}
-ExportFileSize={{ zabbix_server_exportfilesize }}
-{% endif %}
-StartPollers={{ zabbix_server_startpollers }}
-StartIPMIPollers={{ zabbix_server_startipmipollers }}
-{% if zabbix_version is version('4.2', '>=') %}
-StartLLDProcessors={{ zabbix_server_startlldprocessors }}
-{% endif %}
-{% if zabbix_version is version('4.2', '>=') %}
-StartPreprocessors={{ zabbix_server_startpreprocessors }}
-{% endif %}
-StartPollersUnreachable={{ zabbix_server_startpollersunreachable }}
-{% if zabbix_version is version('6.4', '>=') %}
-StartConnectors={{ zabbix_server_connectors }}
-{% endif %}
-{% if zabbix_version is version('6.2', '>=') %}
-StartHistoryPollers={{ zabbix_server_starthistorypollers }}
-{% endif %}
-StartTrappers={{ zabbix_server_starttrappers }}
-StartPingers={{ zabbix_server_startpingers }}
-StartDiscoverers={{ zabbix_server_startdiscoverers }}
-StartHTTPPollers={{ zabbix_server_starthttppollers }}
-{% if zabbix_version is version('2.0', '>=') %}
-StartTimers={{ zabbix_server_starttimers }}
-{% endif %}
-{% if zabbix_version is version('3.0', '>=') %}
-StartEscalators={{ zabbix_server_startescalators }}
-{% endif %}
-{% if zabbix_server_javagateway is defined and zabbix_server_javagateway %}
-JavaGateway={{ zabbix_server_javagateway }}
-JavaGatewayPort={{ zabbix_server_javagatewayport }}
-StartJavaPollers={{ zabbix_server_startjavapollers }}
-{% endif %}
-{% if zabbix_version is version('2.2', '>=') %}
-StartVMwareCollectors={{ zabbix_server_startvmwarecollectors }}
-VMwareFrequency={{ zabbix_server_vmwarefrequency }}
-{% if zabbix_version is version('3.0', '>=') %}
-VMwarePerfFrequency={{ zabbix_server_vmwareperffrequency }}
-{% endif %}
-VMwareCacheSize={{ zabbix_server_vmwarecachesize }}
-{% endif %}
-{% if zabbix_version is version('3.0', '>=') %}
-VMwareTimeout={{ zabbix_server_vmwaretimeout }}
-{% endif %}
-SNMPTrapperFile={{ zabbix_server_snmptrapperfile }}
-StartSNMPTrapper={{ zabbix_server_startsnmptrapper }}
-{% if zabbix_server_listenip is defined and zabbix_server_listenip %}
-ListenIP={{ zabbix_server_listenip }}
-{% endif %}
-HousekeepingFrequency={{ zabbix_server_housekeepingfrequency }}
-MaxHousekeeperDelete={{ zabbix_server_maxhousekeeperdelete }}
-{% if zabbix_version is version('3.2', '<=') %}
-SenderFrequency={{ zabbix_server_senderfrequency }}
-{% endif %}
-{% if zabbix_server_cachesize is defined and zabbix_server_cachesize is not none %}
-CacheSize={{ zabbix_server_cachesize }}
-{% else %}
-{% if zabbix_version is version('6.2', '<') %}
-CacheSize=8M
-{% else %}
-CacheSize=32M
-{% endif %}
-{% endif %}
-{% if zabbix_server_cacheupdatefrequency is defined and zabbix_server_cacheupdatefrequency is not none %}
-CacheUpdateFrequency={{ zabbix_server_cacheupdatefrequency }}
-{% else %}
-{% if zabbix_version is version('6.4', '<') %}
-CacheUpdateFrequency=60
-{% else %}
-CacheUpdateFrequency=10
-{%endif %}
-{%endif %}
-StartDBSyncers={{ zabbix_server_startdbsyncers }}
-HistoryCacheSize={{ zabbix_server_historycachesize }}
-{% if zabbix_version is version('3.0', '>=') %}
-HistoryIndexCacheSize={{ zabbix_server_historyindexcachesize }}
-{% endif %}
-TrendCacheSize={{ zabbix_server_trendcachesize }}
-{% if zabbix_version is version('6.0', '>=') %}
-TrendFunctionCacheSize={{ zabbix_server_trendfunctioncachesize }}
-{% endif %}
-{% if zabbix_version is version('3.0', '<') %}
- ### option: historytextcachesize
-HistoryTextCacheSize={{ zabbix_server_historytextcachesize }}
-{% endif %}
-{% if zabbix_version is version('2.2', '>=') %}
-ValueCacheSize={{ zabbix_server_valuecachesize }}
-{% endif %}
-{% if zabbix_version is version('2.4', '<') %}
-NodeNoEvents={{ zabbix_server_nodenoevents }}
-NodeNoHistory={{ zabbix_server_nodenohistory }}
-{% endif %}
-Timeout={{ zabbix_server_timeout }}
-TrapperTimeout={{ zabbix_server_trappertimeout }}
-UnreachablePeriod={{ zabbix_server_unreachableperiod }}
-UnavailableDelay={{ zabbix_server_unavailabledelay }}
-UnreachableDelay={{ zabbix_server_unreachabledelay }}
-AlertScriptsPath={{ zabbix_server_alertscriptspath }}
-ExternalScripts={{ zabbix_server_externalscriptspath }}
-FpingLocation={{ zabbix_server_fpinglocation }}
-Fping6Location={{ zabbix_server_fping6location }}
-{% if zabbix_server_sshkeylocation is defined and zabbix_server_sshkeylocation %}
-SSHKeyLocation={{ zabbix_server_sshkeylocation }}
-{% endif %}
-LogSlowQueries={{ zabbix_server_logslowqueries }}
-TmpDir={{ zabbix_server_tmpdir }}
-StartProxyPollers={{ zabbix_server_startproxypollers }}
-{% if zabbix_server_proxyconfigfrequency is defined and zabbix_server_proxyconfigfrequency is not none %}
-ProxyConfigFrequency={{ zabbix_server_proxyconfigfrequency }}
-{% else %}
-{% if zabbix_version is version('6.2', '<') %}
-ProxyConfigFrequency=3600
-{% elif zabbix_version is version('6.4', '<') %}
-ProxyConfigFrequency=300
-{% else %}
-ProxyConfigFrequency=10
-{% endif %}
-{% endif %}
-ProxyDataFrequency={{ zabbix_server_proxydatafrequency }}
-{% if zabbix_version is version('2.2', '>=') %}
-AllowRoot={{ zabbix_server_allowroot }}
-{% endif %}
-{% if zabbix_version is version('3.0', '>=') %}
-User={{ zabbix_server_user }}
-{% endif %}
-Include={{ zabbix_server_include }}
-{% if zabbix_version is version('3.0', '>=') %}
-SSLCertLocation={{ zabbix_server_sslcertlocation }}
-SSLKeyLocation={{ zabbix_server_sslkeylocation }}
-{% if zabbix_server_sslcalocation is defined and zabbix_server_sslcalocation is not none %}
-SSLCALocation={{ zabbix_server_sslcalocation }}
-{% endif %}
-{% endif %}
-{% if zabbix_version is version('2.2', '>=') %}
-LoadModulePath={{ zabbix_server_loadmodulepath }}
-{% endif %}
-{% if zabbix_server_loadmodule is defined and zabbix_server_loadmodule %}
-LoadModule = {{ zabbix_server_loadmodule }}
-{% endif %}
-{% if zabbix_version is version('3.0', '>=') %}
-{% if zabbix_server_tlscafile is defined and zabbix_server_tlscafile is not none %}
-TLSCAFile={{ zabbix_server_tlscafile }}
-{% endif %}
-{% if zabbix_server_tlscrlfile is defined and zabbix_server_tlscrlfile is not none %}
-TLSCRLFile={{ zabbix_server_tlscrlfile }}
-{% endif %}
-{% if zabbix_server_tlscertfile is defined and zabbix_server_tlscertfile is not none %}
-TLSCertFile={{ zabbix_server_tlscertfile }}
-{% endif %}
-{% if zabbix_server_tlskeyfile is defined and zabbix_server_tlskeyfile is not none %}
-TLSKeyFile={{ zabbix_server_tlskeyfile }}
-{% endif %}
-{% endif %}
-{% if zabbix_server_dbtlsconnect is defined and zabbix_server_dbtlsconnect is not none %}
-DBTLSConnect={{ zabbix_server_dbtlsconnect }}
-{% endif %}
-{% if zabbix_server_dbtlscafile is defined and zabbix_server_dbtlscafile is not none %}
-DBTLSCAFile={{ zabbix_server_dbtlscafile }}
-{% endif %}
-{% if zabbix_server_dbtlscertfile is defined and zabbix_server_dbtlscertfile is not none %}
-DBTLSCertFile={{ zabbix_server_dbtlscertfile }}
-{% endif %}
-{% if zabbix_server_dbtlskeyfile is defined and zabbix_server_dbtlskeyfile is not none %}
-DBTLSKeyFile={{ zabbix_server_dbtlskeyfile }}
-{% endif %}
-{% if zabbix_server_dbtlscipher is defined and zabbix_server_dbtlscipher is not none %}
-DBTLSCipher={{ zabbix_server_dbtlscipher }}
-{% endif %}
-{% if zabbix_server_dbtlscipher13 is defined and zabbix_server_dbtlscipher13 is not none %}
-DBTLSCipher13={{ zabbix_server_dbtlscipher13 }}
-{% endif %}
-{% if zabbix_version is version('6.0', '>=') %}
-{% if zabbix_server_vaulttoken is defined and zabbix_server_vaulttoken is not none %}
-VaultToken={{ zabbix_server_vaulttoken }}
-{% endif %}
-{% if zabbix_server_vaulturl is defined and zabbix_server_vaulturl is not none %}
-VaultURL={{ zabbix_server_vaulturl }}
-{% endif %}
-{% if zabbix_server_vaultdbpath is defined and zabbix_server_vaultdbpath is not none %}
-VaultDBPath={{ zabbix_server_vaultdbpath }}
-{% endif %}
-{% if zabbix_server_vaulttlscertfile is defined and zabbix_server_vaulttlscertfile is not none %}
-VaultTLSKeyFile={{ zabbix_server_vaulttlscertfile }}
-{% endif %}
-{% if zabbix_server_vaulttlskeyfile is defined and zabbix_server_vaulttlskeyfile is not none %}
-VaultTLSCertFile={{ zabbix_server_vaulttlskeyfile }}
-{% endif %}
-{% if zabbix_server_startreportwriters is defined and zabbix_server_startreportwriters is not none %}
-StartReportWriters={{ zabbix_server_startreportwriters }}
-{% endif %}
-{% if zabbix_server_webserviceurl is defined and zabbix_server_webserviceurl is not none %}
-WebServiceURL={{ zabbix_server_webserviceurl }}
-{% endif %}
-{% if zabbix_server_servicemanagersyncfrequency is defined and zabbix_server_servicemanagersyncfrequency is not none %}
-ServiceManagerSyncFrequency={{ zabbix_server_servicemanagersyncfrequency }}
-{% endif %}
-{% if zabbix_server_problemhousekeepingfrequency is defined and zabbix_server_problemhousekeepingfrequency is not none %}
-ProblemHousekeepingFrequency={{ zabbix_server_problemhousekeepingfrequency }}
-{% endif %}
-{% if zabbix_version is version('6.2', '>=') %}
-StartODBCPollers={{ zabbix_server_startodbcpollers }}
-{% endif %}
-{% if zabbix_server_listenbacklog is defined and zabbix_server_listenbacklog is not none %}
-ListenBacklog={{ zabbix_server_listenbacklog }}
-{% endif %}
-{% if zabbix_server_hanodename is defined and zabbix_server_hanodename is not none %}
-HANodeName={{ zabbix_server_hanodename }}
-{% endif %}
-{% if zabbix_server_nodeaddress is defined and zabbix_server_nodeaddress is not none %}
-NodeAddress={{ zabbix_server_nodeaddress }}
-{% endif %}
-{% endif %}
+{{ (zabbix_server_alertscriptspath is defined and zabbix_server_alertscriptspath is not none) | ternary('', '# ') }}AlertScriptsPath={{ zabbix_server_alertscriptspath | default('') }}
+{{ (zabbix_server_allowroot is defined and zabbix_server_allowroot is not none) | ternary('', '# ') }}AllowRoot={{ zabbix_server_allowroot | default('') }}
+{{ (zabbix_server_allowunsupporteddbversions is defined and zabbix_server_allowunsupporteddbversions is not none) | ternary('', '# ') }}AllowUnsupportedDBVersions={{ zabbix_server_allowunsupporteddbversions | default('') }}
+{{ (zabbix_server_cachesize is defined and zabbix_server_cachesize is not none) | ternary('', '# ') }}CacheSize={{ zabbix_server_cachesize | default('') }}
+{{ (zabbix_server_cacheupdatefrequency is defined and zabbix_server_cacheupdatefrequency is not none) | ternary('', '# ') }}CacheUpdateFrequency={{ zabbix_server_cacheupdatefrequency | default('') }}
+{{ (zabbix_server_dbhost is defined and zabbix_server_dbhost is not none) | ternary('', '# ') }}DBHost={{ zabbix_server_dbhost | default('') }}
+{{ (zabbix_server_dbname is defined and zabbix_server_dbname is not none) | ternary('', '# ') }}DBName={{ zabbix_server_dbname | default('') }}
+{{ (zabbix_server_dbpassword is defined and zabbix_server_dbpassword is not none) | ternary('', '# ') }}DBPassword={{ zabbix_server_dbpassword | default('') }}
+{{ (zabbix_server_dbport is defined and zabbix_server_dbport is not none) | ternary('', '# ') }}DBPort={{ zabbix_server_dbport | default('') }}
+{{ (zabbix_server_dbschema is defined and zabbix_server_dbschema is not none) | ternary('', '# ') }}DBSchema={{ zabbix_server_dbschema | default('') }}
+{{ (zabbix_server_dbsocket is defined and zabbix_server_dbsocket is not none) | ternary('', '# ') }}DBSocket={{ zabbix_server_dbsocket | default('') }}
+{{ (zabbix_server_dbtlscafile is defined and zabbix_server_dbtlscafile is not none) | ternary('', '# ') }}DBTLSCAFile={{ zabbix_server_dbtlscafile | default('') }}
+{{ (zabbix_server_dbtlscertfile is defined and zabbix_server_dbtlscertfile is not none) | ternary('', '# ') }}DBTLSCertFile={{ zabbix_server_dbtlscertfile | default('') }}
+{{ (zabbix_server_dbtlscipher is defined and zabbix_server_dbtlscipher is not none) | ternary('', '# ') }}DBTLSCipher={{ zabbix_server_dbtlscipher | default('') }}
+{{ (zabbix_server_dbtlscipher13 is defined and zabbix_server_dbtlscipher13 is not none) | ternary('', '# ') }}DBTLSCipher13={{ zabbix_server_dbtlscipher13 | default('') }}
+{{ (zabbix_server_dbtlsconnect is defined and zabbix_server_dbtlsconnect is not none) | ternary('', '# ') }}DBTLSConnect={{ zabbix_server_dbtlsconnect | default('') }}
+{{ (zabbix_server_dbtlskeyfile is defined and zabbix_server_dbtlskeyfile is not none) | ternary('', '# ') }}DBTLSKeyFile={{ zabbix_server_dbtlskeyfile | default('') }}
+{{ (zabbix_server_dbuser is defined and zabbix_server_dbuser is not none) | ternary('', '# ') }}DBUser={{ zabbix_server_dbuser | default('') }}
+{{ (zabbix_server_debuglevel is defined and zabbix_server_debuglevel is not none) | ternary('', '# ') }}DebugLevel={{ zabbix_server_debuglevel | default('') }}
+{{ (zabbix_server_exportdir is defined and zabbix_server_exportdir is not none) | ternary('', '# ') }}ExportDir={{ zabbix_server_exportdir | default('') }}
+{{ (zabbix_server_exportfilesize is defined and zabbix_server_exportfilesize is not none) | ternary('', '# ') }}ExportFileSize={{ zabbix_server_exportfilesize | default('') }}
+{{ (zabbix_server_exporttype is defined and zabbix_server_exporttype is not none) | ternary('', '# ') }}ExportType={{ zabbix_server_exporttype | default('') }}
+{{ (zabbix_server_externalscriptspath is defined and zabbix_server_externalscriptspath is not none) | ternary('', '# ') }}ExternalScripts={{ zabbix_server_externalscriptspath | default('') }}
+{{ (zabbix_server_fping6location is defined and zabbix_server_fping6location is not none) | ternary('', '# ') }}Fping6Location={{ zabbix_server_fping6location | default('') }}
+{{ (zabbix_server_fpinglocation is defined and zabbix_server_fpinglocation is not none) | ternary('', '# ') }}FpingLocation={{ zabbix_server_fpinglocation | default('') }}
+{{ (zabbix_server_hanodename is defined and zabbix_server_hanodename is not none) | ternary('', '# ') }}HANodeName={{ zabbix_server_hanodename | default('') }}
+{{ (zabbix_server_historycachesize is defined and zabbix_server_historycachesize is not none) | ternary('', '# ') }}HistoryCacheSize={{ zabbix_server_historycachesize | default('') }}
+{{ (zabbix_server_historyindexcachesize is defined and zabbix_server_historyindexcachesize is not none) | ternary('', '# ') }}HistoryIndexCacheSize={{ zabbix_server_historyindexcachesize | default('') }}
+{{ (zabbix_server_historystoragedateindex is defined and zabbix_server_historystoragedateindex is not none) | ternary('', '# ') }}HistoryStorageDateIndex={{ zabbix_server_historystoragedateindex | default('') }}
+{{ (zabbix_server_historystoragetypes is defined and zabbix_server_historystoragetypes is not none) | ternary('', '# ') }}HistoryStorageTypes={{ zabbix_server_historystoragetypes | default('') }}
+{{ (zabbix_server_historystorageurl is defined and zabbix_server_historystorageurl is not none) | ternary('', '# ') }}HistoryStorageURL={{ zabbix_server_historystorageurl | default('') }}
+{{ (zabbix_server_housekeepingfrequency is defined and zabbix_server_housekeepingfrequency is not none) | ternary('', '# ') }}HousekeepingFrequency={{ zabbix_server_housekeepingfrequency | default('') }}
+{{ (zabbix_server_include is defined and zabbix_server_include is not none) | ternary('', '# ') }}Include={{ zabbix_server_include | default('') }}
+{{ (zabbix_server_javagateway is defined and zabbix_server_javagateway is not none) | ternary('', '# ') }}JavaGateway={{ zabbix_server_javagateway | default('') }}
+{{ (zabbix_server_javagatewayport is defined and zabbix_server_javagatewayport is not none) | ternary('', '# ') }}JavaGatewayPort={{ zabbix_server_javagatewayport | default('') }}
+{{ (zabbix_server_listenbacklog is defined and zabbix_server_listenbacklog is not none) | ternary('', '# ') }}ListenBacklog={{ zabbix_server_listenbacklog | default('') }}
+{{ (zabbix_server_listenip is defined and zabbix_server_listenip is not none) | ternary('', '# ') }}ListenIP={{ zabbix_server_listenip | default('') }}
+{{ (zabbix_server_listenport is defined and zabbix_server_listenport is not none) | ternary('', '# ') }}ListenPort={{ zabbix_server_listenport | default('') }}
+{{ (zabbix_server_loadmodule is defined and zabbix_server_loadmodule is not none) | ternary('', '# ') }}LoadModule={{ zabbix_server_loadmodule | default('') }}
+{{ (zabbix_server_loadmodulepath is defined and zabbix_server_loadmodulepath is not none) | ternary('', '# ') }}LoadModulePath={{ zabbix_server_loadmodulepath | default('') }}
+{{ (zabbix_server_logfile is defined and zabbix_server_logfile is not none) | ternary('', '# ') }}LogFile={{ zabbix_server_logfile | default('') }}
+{{ (zabbix_server_logfilesize is defined and zabbix_server_logfilesize is not none) | ternary('', '# ') }}LogFileSize={{ zabbix_server_logfilesize | default('') }}
+{{ (zabbix_server_logslowqueries is defined and zabbix_server_logslowqueries is not none) | ternary('', '# ') }}LogSlowQueries={{ zabbix_server_logslowqueries | default('') }}
+{{ (zabbix_server_logtype is defined and zabbix_server_logtype is not none) | ternary('', '# ') }}LogType={{ zabbix_server_logtype | default('') }}
+{{ (zabbix_server_maxhousekeeperdelete is defined and zabbix_server_maxhousekeeperdelete is not none) | ternary('', '# ') }}MaxHousekeeperDelete={{ zabbix_server_maxhousekeeperdelete | default('') }}
+{{ (zabbix_server_nodeaddress is defined and zabbix_server_nodeaddress is not none) | ternary('', '# ') }}NodeAddress={{ zabbix_server_nodeaddress | default('') }}
+{{ (zabbix_server_pidfile is defined and zabbix_server_pidfile is not none) | ternary('', '# ') }}PidFile={{ zabbix_server_pidfile | default('') }}
+{{ (zabbix_server_proxyconfigfrequency is defined and zabbix_server_proxyconfigfrequency is not none) | ternary('', '# ') }}ProxyConfigFrequency={{ zabbix_server_proxyconfigfrequency | default('') }}
+{{ (zabbix_server_proxydatafrequency is defined and zabbix_server_proxydatafrequency is not none) | ternary('', '# ') }}ProxyDataFrequency={{ zabbix_server_proxydatafrequency | default('') }}
+{{ (zabbix_server_snmptrapperfile is defined and zabbix_server_snmptrapperfile is not none) | ternary('', '# ') }}SNMPTrapperFile={{ zabbix_server_snmptrapperfile | default('') }}
+{{ (zabbix_server_socketdir is defined and zabbix_server_socketdir is not none) | ternary('', '# ') }}SocketDir={{ zabbix_server_socketdir | default('') }}
+{{ (zabbix_server_sourceip is defined and zabbix_server_sourceip is not none) | ternary('', '# ') }}SourceIP={{ zabbix_server_sourceip | default('') }}
+{{ (zabbix_server_sshkeylocation is defined and zabbix_server_sshkeylocation is not none) | ternary('', '# ') }}SSHKeyLocation={{ zabbix_server_sshkeylocation | default('') }}
+{{ (zabbix_server_sslcalocation is defined and zabbix_server_sslcalocation is not none) | ternary('', '# ') }}SSLCALocation={{ zabbix_server_sslcalocation | default('') }}
+{{ (zabbix_server_sslcertlocation is defined and zabbix_server_sslcertlocation is not none) | ternary('', '# ') }}SSLCertLocation={{ zabbix_server_sslcertlocation | default('') }}
+{{ (zabbix_server_sslkeylocation is defined and zabbix_server_sslkeylocation is not none) | ternary('', '# ') }}SSLKeyLocation={{ zabbix_server_sslkeylocation | default('') }}
+{{ (zabbix_server_startalerters is defined and zabbix_server_startalerters is not none) | ternary('', '# ') }}StartAlerters={{ zabbix_server_startalerters | default('') }}
+{{ (zabbix_server_startdbsyncers is defined and zabbix_server_startdbsyncers is not none) | ternary('', '# ') }}StartDBSyncers={{ zabbix_server_startdbsyncers | default('') }}
+{{ (zabbix_server_startdiscoverers is defined and zabbix_server_startdiscoverers is not none) | ternary('', '# ') }}StartDiscoverers={{ zabbix_server_startdiscoverers | default('') }}
+{{ (zabbix_server_startescalators is defined and zabbix_server_startescalators is not none) | ternary('', '# ') }}StartEscalators={{ zabbix_server_startescalators | default('') }}
+{{ (zabbix_server_starthistorypollers is defined and zabbix_server_starthistorypollers is not none) | ternary('', '# ') }}StartHistoryPollers={{ zabbix_server_starthistorypollers | default('') }}
+{{ (zabbix_server_starthttppollers is defined and zabbix_server_starthttppollers is not none) | ternary('', '# ') }}StartHTTPPollers={{ zabbix_server_starthttppollers | default('') }}
+{{ (zabbix_server_startipmipollers is defined and zabbix_server_startipmipollers is not none) | ternary('', '# ') }}StartIPMIPollers={{ zabbix_server_startipmipollers | default('') }}
+{{ (zabbix_server_startjavapollers is defined and zabbix_server_startjavapollers is not none) | ternary('', '# ') }}StartJavaPollers={{ zabbix_server_startjavapollers | default('') }}
+{{ (zabbix_server_startlldprocessors is defined and zabbix_server_startlldprocessors is not none) | ternary('', '# ') }}StartLLDProcessors={{ zabbix_server_startlldprocessors | default('') }}
+{{ (zabbix_server_startodbcpollers is defined and zabbix_server_startodbcpollers is not none) | ternary('', '# ', '# ') }}StartODBCPollers={{ zabbix_server_startodbcpollers | default('') }}
+{{ (zabbix_server_startpingers is defined and zabbix_server_startpingers is not none) | ternary('', '# ') }}StartPingers={{ zabbix_server_startpingers | default('') }}
+{{ (zabbix_server_startpollers is defined and zabbix_server_startpollers is not none) | ternary('', '# ') }}StartPollers={{ zabbix_server_startpollers | default('') }}
+{{ (zabbix_server_startpollersunreachable is defined and zabbix_server_startpollersunreachable is not none) | ternary('', '# ') }}StartPollersUnreachable={{ zabbix_server_startpollersunreachable | default('') }}
+{{ (zabbix_server_startpreprocessors is defined and zabbix_server_startpreprocessors is not none) | ternary('', '# ') }}StartPreprocessors={{ zabbix_server_startpreprocessors | default('') }}
+{{ (zabbix_server_startproxypollers is defined and zabbix_server_startproxypollers is not none) | ternary('', '# ') }}StartProxyPollers={{ zabbix_server_startproxypollers | default('') }}
+{{ (zabbix_server_startreportwriters is defined and zabbix_server_startreportwriters is not none) | ternary('', '# ') }}StartReportWriters={{ zabbix_server_startreportwriters | default('') }}
+{{ (zabbix_server_startsnmptrapper is defined and zabbix_server_startsnmptrapper is not none) | ternary('', '# ') }}StartSNMPTrapper={{ zabbix_server_startsnmptrapper | default('') }}
+{{ (zabbix_server_starttimers is defined and zabbix_server_starttimers is not none) | ternary('', '# ') }}StartTimers={{ zabbix_server_starttimers | default('') }}
+{{ (zabbix_server_starttrappers is defined and zabbix_server_starttrappers is not none) | ternary('', '# ') }}StartTrappers={{ zabbix_server_starttrappers | default('') }}
+{{ (zabbix_server_startvmwarecollectors is defined and zabbix_server_startvmwarecollectors is not none) | ternary('', '# ') }}StartVMwareCollectors={{ zabbix_server_startvmwarecollectors | default('') }}
+{{ (zabbix_server_statsallowedip is defined and zabbix_server_statsallowedip is not none) | ternary('', '# ') }}StatsAllowedIP={{ zabbix_server_statsallowedip | default('') }}
+{{ (zabbix_server_timeout is defined and zabbix_server_timeout is not none) | ternary('', '# ') }}Timeout={{ zabbix_server_timeout | default('') }}
+{{ (zabbix_server_tlscafile is defined and zabbix_server_tlscafile is not none) | ternary('', '# ') }}TLSCAFile={{ zabbix_server_tlscafile | default('') }}
+{{ (zabbix_server_tlscertfile is defined and zabbix_server_tlscertfile is not none) | ternary('', '# ') }}TLSCertFile={{ zabbix_server_tlscertfile | default('') }}
+{{ (zabbix_server_tlscipherall is defined and zabbix_server_tlscipherall is not none) | ternary('', '# ') }}TLSCipherAll={{ zabbix_server_tlscipherall | default('') }}
+{{ (zabbix_server_tlscipherall13 is defined and zabbix_server_tlscipherall13 is not none) | ternary('', '# ') }}TLSCipherAll13={{ zabbix_server_tlscipherall13 | default('') }}
+{{ (zabbix_server_tlsciphercert is defined and zabbix_server_tlsciphercert is not none) | ternary('', '# ') }}TLSCipherCert={{ zabbix_server_tlsciphercert | default('') }}
+{{ (zabbix_server_tlsciphercert13 is defined and zabbix_server_tlsciphercert13 is not none) | ternary('', '# ') }}TLSCipherCert13={{ zabbix_server_tlsciphercert13 | default('') }}
+{{ (zabbix_server_tlscipherpsk is defined and zabbix_server_tlscipherpsk is not none) | ternary('', '# ') }}TLSCipherPSK={{ zabbix_server_tlscipherpsk | default('') }}
+{{ (zabbix_server_tlscipherpsk13 is defined and zabbix_server_tlscipherpsk13 is not none) | ternary('', '# ') }}TLSCipherPSK13={{ zabbix_server_tlscipherpsk13 | default('') }}
+{{ (zabbix_server_tlscrlfile is defined and zabbix_server_tlscrlfile is not none) | ternary('', '# ') }}TLSCRLFile={{ zabbix_server_tlscrlfile | default('') }}
+{{ (zabbix_server_tlskeyfile is defined and zabbix_server_tlskeyfile is not none) | ternary('', '# ') }}TLSKeyFile={{ zabbix_server_tlskeyfile | default('') }}
+{{ (zabbix_server_tmpdir is defined and zabbix_server_tmpdir is not none) | ternary('', '# ') }}TmpDir={{ zabbix_server_tmpdir | default('') }}
+{{ (zabbix_server_trappertimeout is defined and zabbix_server_trappertimeout is not none) | ternary('', '# ') }}TrapperTimeout={{ zabbix_server_trappertimeout | default('') }}
+{{ (zabbix_server_trendcachesize is defined and zabbix_server_trendcachesize is not none) | ternary('', '# ') }}TrendCacheSize={{ zabbix_server_trendcachesize | default('') }}
+{{ (zabbix_server_trendfunctioncachesize is defined and zabbix_server_trendfunctioncachesize is not none) | ternary('', '# ') }}TrendFunctionCacheSize={{ zabbix_server_trendfunctioncachesize | default('') }}
+{{ (zabbix_server_unavailabledelay is defined and zabbix_server_unavailabledelay is not none) | ternary('', '# ') }}UnavailableDelay={{ zabbix_server_unavailabledelay | default('') }}
+{{ (zabbix_server_unreachabledelay is defined and zabbix_server_unreachabledelay is not none) | ternary('', '# ') }}UnreachableDelay={{ zabbix_server_unreachabledelay | default('') }}
+{{ (zabbix_server_unreachableperiod is defined and zabbix_server_unreachableperiod is not none) | ternary('', '# ') }}UnreachablePeriod={{ zabbix_server_unreachableperiod | default('') }}
+{{ (zabbix_server_user is defined and zabbix_server_user is not none) | ternary('', '# ') }}User={{ zabbix_server_user | default('') }}
+{{ (zabbix_server_valuecachesize is defined and zabbix_server_valuecachesize is not none) | ternary('', '# ') }}ValueCacheSize={{ zabbix_server_valuecachesize | default('') }}
+{% if zabbix_server_version is version('6.2', '>=') %}
+{{ (zabbix_server_vault is defined and zabbix_server_vault is not none) | ternary('', '# ') }}Vault={{ zabbix_server_vault | default('') }}
+{% endif %}
+{% if zabbix_server_version is version('6.4', '>=') %}
+{{ (zabbix_server_connectors is defined and zabbix_server_connectors is not none) | ternary('', '# ') }}StartConnectors={{ zabbix_server_connectors | default('') }}
+{% endif %}
+{{ (zabbix_server_vaultdbpath is defined and zabbix_server_vaultdbpath is not none) | ternary('', '# ') }}VaultDBPath={{ zabbix_server_vaultdbpath | default('') }}
+{% if zabbix_server_version is version('6.2', '>=') %}
+{{ (zabbix_server_vaulttlskeyfile is defined and zabbix_server_vaulttlskeyfile is not none) | ternary('', '# ') }}VaultTLSKeyFile={{ zabbix_server_vaulttlskeyfile | default('') }}
+{{ (zabbix_server_vaulttlscertfile is defined and zabbix_server_vaulttlscertfile is not none) | ternary('', '# ') }}VaultTLSCertFile={{ zabbix_server_vaulttlscertfile | default('') }}
+{% endif %}
+{{ (zabbix_server_vaulttoken is defined and zabbix_server_vaulttoken is not none) | ternary('', '# ') }}VaultToken={{ zabbix_server_vaulttoken | default('') }}
+{{ (zabbix_server_vaulturl is defined and zabbix_server_vaulturl is not none) | ternary('', '# ') }}VaultURL={{ zabbix_server_vaulturl | default('') }}
+{{ (zabbix_server_vmwarecachesize is defined and zabbix_server_vmwarecachesize is not none) | ternary('', '# ') }}VMwareCacheSize={{ zabbix_server_vmwarecachesize | default('') }}
+{{ (zabbix_server_vmwarefrequency is defined and zabbix_server_vmwarefrequency is not none) | ternary('', '# ') }}VMwareFrequency={{ zabbix_server_vmwarefrequency | default('') }}
+{{ (zabbix_server_vmwareperffrequency is defined and zabbix_server_vmwareperffrequency is not none) | ternary('', '# ') }}VMwarePerfFrequency={{ zabbix_server_vmwareperffrequency | default('') }}
+{{ (zabbix_server_vmwaretimeout is defined and zabbix_server_vmwaretimeout is not none) | ternary('', '# ') }}VMwareTimeout={{ zabbix_server_vmwaretimeout | default('') }}
+{{ (zabbix_server_webserviceurl is defined and zabbix_server_webserviceurl is not none) | ternary('', '# ') }}WebServiceURL={{ zabbix_server_webserviceurl | default('') }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
index 1639e94b3..4074869e6 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
@@ -7,30 +7,29 @@ mysql_create_dir: ""
zabbix_valid_server_versions:
# Debian
+ "12":
+ - 6.4
+ - 6.0
"11":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"10":
- 6.0
- - 5.0
- - 4.0
- "9":
- - 4.0
# Ubuntu
"22":
- 6.4
+ - 6.2
- 6.0
"20":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"18":
- 6.0
- - 5.0
- - 4.0
-zabbix_server_fpinglocation: /usr/bin/fping
-zabbix_server_fping6location: /usr/bin/fping6
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}"
+_zabbix_server_fping6location: /usr/bin/fping6
+_zabbix_server_fpinglocation: /usr/bin/fping
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
index 016eae514..c2e0f14f3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
@@ -5,18 +5,32 @@ apache_log: httpd
mysql_create_dir: create/
+__epel_repo:
+ - epel
+
zabbix_valid_server_versions:
"9":
- 6.4
+ - 6.2
- 6.0
"8":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
- "7":
- - 5.0
- - 4.0
-zabbix_server_fpinglocation: /usr/sbin/fping
-zabbix_server_fping6location: /usr/sbin/fping6
+pgsql_depenencies:
+ "9":
+ - python3-psycopg2
+ "8":
+ - python3-psycopg2
+
+mysql_client_pkgs:
+ "9":
+ - mysql
+ - python3-PyMySQL
+ "8":
+ - mysql
+ - python3-PyMySQL
+
+_zabbix_server_fping6location: /usr/sbin/fping6
+_zabbix_server_fpinglocation: /usr/sbin/fping
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml
deleted file mode 100644
index 7a642c9d6..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/zabbix.yml
+++ /dev/null
@@ -1,261 +0,0 @@
----
-sign_keys:
- "64":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "62":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "60":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "54":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "52":
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "50":
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "44":
- focal:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "42":
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "40":
- focal:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "34":
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "32":
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: 79EA5ED4
- serena:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- jessie:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "30":
- bionic:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "24":
- wheezy:
- sign_key: 79EA5ED4
- jessie:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- "22":
- squeeze:
- sign_key: 79EA5ED4
- jessie:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- lucid:
- sign_key: 79EA5ED4
-
-suse:
- "openSUSE Leap":
- "42":
- name: server:monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
- "openSUSE":
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
- "SLES":
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/README.md b/ansible_collections/community/zabbix/roles/zabbix_web/README.md
index cef5d62e7..5904f8288 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/README.md
@@ -43,7 +43,7 @@ Please send Pull Requests or suggestions when you want to use this role for othe
## Ansible 2.10 and higher
-With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. The `community.general` collection is required when defining the `zabbix_web_htpasswd` variable (see variable section below). Installing the collections:
+With the release of Ansible 2.10, modules have been moved into collections. With the exception of ansible.builtin modules, this means additonal collections must be installed in order to use modules such as seboolean (now ansible.posix.seboolean). The following collections are now required: `ansible.posix`. Installing the collections:
```sh
ansible-galaxy collection install ansible.posix
@@ -54,25 +54,16 @@ ansible-galaxy collection install community.general
See the following list of supported Operating Systems with the Zabbix releases.
-| Zabbix | 6.4 | 6.2 | 6.0 (LTS) | 5.4 | 5.2 | 5.0 (LTS) | 4.4 | 4.0 (LTS) | 3.0 (LTS) |
-|---------------------|-----|-----|-----------|-----|-----|------------|-----|-----------|-----------|
-| Red Hat Fam 9 | V | V | V | | | | | | |
-| Red Hat Fam 8 | V | V | V | V | V | V | V | | |
-| Red Hat Fam 7 | | V | V | V | V | V | V | V | V |
-| Red Hat Fam 6 | | | | | V | V | | | V |
-| Red Hat Fam 5 | | | | | V | V | | | V |
-| Fedora | | | | | | | V | V | |
-| Ubuntu 22.04 jammy | V | V | V | | | | | | |
-| Ubuntu 20.04 focal | V | V | V | V | V | V | V | | |
-| Ubuntu 18.04 bionic | | | V | V | V | V | V | V | |
-| Ubuntu 16.04 xenial | | | | | V | V | V | V | |
-| Ubuntu 14.04 trusty | | | | | V | V | V | V | V |
-| Debian 10 buster | V | V | V | V | V | V | V | | |
-| Debian 9 stretch | | | V | V | V | V | V | V | |
-| Debian 8 jessie | | | | | V | V | V | V | V |
-| Debian 7 wheezy | | | | | | | | V | V |
-| macOS 10.15 | | | | | | | V | V | |
-| macOS 10.14 | | | | | | | V | V | |
+| Zabbix | 6.4 | 6.2 | 6.0 |
+|---------------------|-----|-----|-----|
+| Red Hat Fam 9 | V | V | V |
+| Red Hat Fam 8 | V | V | V |
+| Ubuntu 22.04 jammy | V | V | V |
+| Ubuntu 20.04 focal | V | V | V |
+| Ubuntu 18.04 bionic | | | V |
+| Debian 12 bookworm | V | | V |
+| Debian 11 bullseye | V | V | V |
+| Debian 10 buster | | | V |
# Installation
@@ -93,107 +84,77 @@ The following is an overview of all available configuration defaults for this ro
### Overall Zabbix
-* `zabbix_web_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.2, 6.0, 5.4, 5.2, 5.0, 4.4, 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
+* `zabbix_web_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_web_version: 6.0`.
* `zabbix_web_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available)
-* `zabbix_repo`: Default: `zabbix`
- * `epel`: install agent from EPEL repo
- * `zabbix`: (default) install agent from Zabbix repo
- * `other`: install agent from pre-existing or other repo
* `zabbix_repo_yum`: A list with Yum repository configuration.
* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https)
-* `zabbix_repo_yum_disabled`: A string with repository names that should be disabled when installing Zabbix component specific packages. Is only used when `zabbix_repo_yum_enabled` contains 1 or more repositories. Default `*`.
-* `zabbix_repo_yum_enabled`: A list with repository names that should be enabled when installing Zabbix component specific packages.
-
+* `zabbix_web_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_web_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed.
-* `zabbix_web_centos_release`: Default: True. When the `centos-release-scl` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`.
-* `zabbix_web_rhel_release`: Default: True. When the `scl-utils` repository needs to be enabled. This is required when using Zabbix 5.0 due to installation of a recent version of `PHP`.
* `zabbix_web_doubleprecision`: Default: `False`. For upgraded installations, please read database [upgrade notes](https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500) (Paragraph "Enabling extended range of numeric (float) values") before enabling this option.
* `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
+* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}`
+* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
### Zabbix Web specific
* `zabbix_api_server_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook"
+* `zabbix_web_http_server`: Which web server is in use. Valid values are 'apache' and 'nginx'. Default is `apache`
* `zabbix_url_aliases`: A list with Aliases for the Apache Virtual Host configuration.
* `zabbix_timezone`: Default: `Europe/Amsterdam`. This is the timezone. The Apache Virtual Host needs this parameter.
-* `zabbix_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False.
+* `zabbix_web_create_vhost`: Default: `true`. When you don't want to create an Apache Virtual Host configuration, you can set it to False.
+* `zabbix_web_create_php_fpm`: Configure php-fpm (Debian hosts only). Default is to use the same value as `zabbix_web_create_vhost`.
* `zabbix_web_env`: (Optional) A Dictionary of PHP Environments settings.
-* `zabbix_web_conf_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`).
-* `zabbix_web_conf_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`).
-* `zabbix_web_htpasswd`: (Optional) Allow HTTP authentication at the webserver level via a htpasswd file.
-* `zabbix_web_htpasswd_file`: Default: `/etc/zabbix/web/htpasswd`. Allows the change the default path to the htpasswd file.
-* `zabbix_web_htpasswd_users`: (Optional) Dictionary for creating users via `htpasswd_user` and passphrases via `htpasswd_pass` in htpasswd file.
-* `zabbix_web_allowlist_ips`: (Optional) Allow web access at webserver level to a list of defined IPs or CIDR.
+* `zabbix_web_user`: When provided, the user (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`).
+* `zabbix_web_group`: When provided, the group (which should already exist on the host) will be used for ownership for web/php related processes. (Default set to either `apache` (`www-data` for Debian) or `nginx`).
* `zabbix_web_connect_ha_backend`: (Optional) Default: `false`. When set to `true` values for Zabbix server will not be written and frontend gets values from database to connect to active cluster node. Set `true` when operating Zabbix servers in a cluste (only >=6.0).
* `zabbix_saml_idp_crt`: (Optional) The path to the certificate of the Identity Provider used for SAML authentication
* `zabbix_saml_sp_crt`: (Optional) The path to the public certificate of Zabbix as Service Provider
* `zabbix_saml_sp_key`: (Optional) The path to the private certificate of Zabbix as Service Provider
-#### Apache configuration
+#### Apache/Nginx Configuration
-* `zabbix_apache_vhost_port`: The port on which Zabbix HTTP vhost is running.
-* `zabbix_apache_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running.
-* `zabbix_apache_vhost_listen_ip`: On which interface the Apache Virtual Host is available.
+* `zabbix_web_vhost_port`: The port on which Zabbix HTTP vhost is running.
+* `zabbix_web_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running.
+* `zabbix_web_vhost_listen_ip`: On which interface the Apache Virtual Host is available.
* `zabbix_apache_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP.
-* `zabbix_php_install`: Default: `true`. True / False. Switch for extra install of packages for PHP, currently on for Debian/Ubuntu.
-* `zabbix_web_max_execution_time`:
-* `zabbix_web_memory_limit`:
-* `zabbix_web_post_max_size`:
-* `zabbix_web_upload_max_filesize`:
+* `zabbix_web_max_execution_time`: PHP max execution time
+* `zabbix_web_memory_limit`: PHP memory limit
+* `zabbix_web_post_max_size`: PHP maximum post size
+* `zabbix_web_upload_max_filesize`: PHP maximum file size
* `zabbix_web_max_input_time`:
-* `zabbix_apache_include_custom_fragment`: Default: `true`. Includes php_value vars max_execution_time, memory_limit, post_max_size, upload_max_filesize, max_input_time and date.timezone in vhost file.. place those in php-fpm configuration.
-* `zabbix_apache_tls`: If the Apache vhost should be configured with TLS encryption or not.
-* `zabbix_apache_redirect`: If a redirect should take place from HTTP to HTTPS
-* `zabbix_apache_tls_crt`: The path to the TLS certificate file.
-* `zabbix_apache_tls_key`: The path to the TLS key file.
-* `zabbix_apache_tls_chain`: The path to the TLS certificate chain file.
-* `zabbix_apache_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys.
-* `zabbix_apache_SSLSessionCache`: Type of the global/inter-process SSL Session Cache
-* `zabbix_apache_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache
-* `zabbix_apache_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator
+* `zabbix_web_tls`: If the Apache vhost should be configured with TLS encryption or not.
+* `zabbix_web_redirect`: If a redirect should take place from HTTP to HTTPS
+* `zabbix_web_tls_crt`: The path to the TLS certificate file.
+* `zabbix_web_tls_key`: The path to the TLS key file.
+* `zabbix_web_tls_chain`: The path to the TLS certificate chain file.
+* `zabbix_web_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys.
+* `zabbix_web_SSLSessionCache`: Type of the global/inter-process SSL Session Cache
+* `zabbix_web_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache
+* `zabbix_web_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator
* `zabbix_apache_custom_includes`: Configure custom includes. Default: `[]`
-When `zabbix_apache_tls_crt`, `zabbix_apache_tls_key` and/or `zabbix_apache_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files.
+When `zabbix_web_tls_crt`, `zabbix_web_tls_key` and/or `zabbix_web_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files.
See https://httpd.apache.org/docs/current/mod/mod_ssl.html for SSL* configuration options for Apache HTTPD.
#### Nginx configuration
-* `zabbix_nginx_vhost_port`: The port on which Zabbix HTTP vhost is running.
-* `zabbix_nginx_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running.
-* `zabbix_nginx_tls`: If the Nginx vhost should be configured with TLS encryption or not.
-* `zabbix_nginx_tls_crt`: The path to the TLS certificate file.
-* `zabbix_nginx_tls_key`: The path to the TLS key file.
-* `zabbix_nginx_tls_dhparam`: The path to the TLS DHParam file.
-* `zabbix_nginx_tls_session_cache`: Type of the global/inter-process SSL Session Cache
-* `zabbix_nginx_tls_session_timeout`:
-* `zabbix_nginx_tls_session_tickets`:
-* `zabbix_nginx_tls_protocols`: The TLS Protocols to accept.
-* `zabbix_nginx_tls_ciphers`: The TLS Ciphers to be allowed.
-
-When `zabbix_nginx_tls_crt` and `zabbix_nginx_tls_key` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files.
#### PHP-FPM
The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) configuration:
-* `zabbix_php_version`: Either `7.3` or `7.4` (Based on the OS Family). When you want to override the PHP Version.
* `zabbix_php_fpm_session`: The directory where sessions will be stored. If none are provided, defaults are used.
* `zabbix_php_fpm_listen`: The path to a socket file or ipaddress:port combination on which PHP-FPM needs to listen. If none are provided, defaults are used.
* `zabbix_php_fpm_conf_listen`: Default: `true`. If we want to configure the `zabbix_php_fpm_listen` in the PHP-FPM configuration file.
* `zabbix_php_fpm_conf_user`: The owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file).
-* `zabbix_php_fpm_conf_enable_user`: Default: `true`. If we want to configure the owner of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file.
+
* `zabbix_php_fpm_conf_group`: The group of the owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file).
-* `zabbix_php_fpm_conf_enable_group`: Default: `true`. If we want to configure the group of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file.
-* `zabbix_php_fpm_conf_mode`: The mode for the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file).
-* `zabbix_php_fpm_conf_enable_mode`: Default: `true`. If we want to configure the mode of the `zabbix_php_fpm_listen` in the PHP-FPM configuration file.
-* `zabbix_php_fpm_dir_etc`: etc HOME root directory of PHP-FPM setup.
-* `zabbix_php_fpm_dir_var`: Var HOME root directory of PHP-FPM setup.
### Zabbix Server
* `zabbix_server_name`: The name of the Zabbix Server.
* `zabbix_server_database`: The type of database used. Can be: mysql or pgsql
-* `zabbix_server_database_long`: The type of database used, but long name. Can be: mysql or postgresql
* `zabbix_server_hostname`: The hostname on which the zabbix-server is running. Default set to: {{ inventory_hostname }}
* `zabbix_server_listenport`: On which port the Zabbix Server is available. Default: 10051
* `zabbix_server_dbhost`: The hostname on which the database is running.
@@ -201,6 +162,7 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config
* `zabbix_server_dbuser`: The database username which is used by the Zabbix Server.
* `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server.
* `zabbix_server_dbport`: The database port which is used by the Zabbix Server.
+* `zabbix_server_dbencryption`: Use encryption with the database connection
The following properties are related when using Elasticsearch for history storage:
@@ -218,6 +180,17 @@ When the target host does not have access to the internet, but you do have a pro
* `zabbix_http_proxy`
* `zabbix_https_proxy`
+## Tags
+
+The majority of tasks within this role are tagged as follows:
+
+* `install`: Tasks associated with the installation of software.
+* `dependencies`: Installation tasks related to dependencies that aren't part of the core zabbix installation.
+* `database`: Tasks associated with the installation or configuration of the database.
+* `api`: Tasks associated with using the Zabbix API to connect and modify the Zabbix server.
+* `config`: Tasks associated with the configuration of Zabbix or a supporting service.
+* `service`: Tasks associated with managing a service.
+
# Example Playbook
There are two ways of using the zabbix-web:
@@ -237,12 +210,12 @@ When there is one host running both Zabbix Server and the Zabbix Web (Running My
- role: geerlingguy.php
- role: community.zabbix.zabbix_server
zabbix_server_database: mysql
- zabbix_server_database_long: mysql
+ zabbix_db_type_long: mysql
zabbix_server_dbport: 3306
- role: community.zabbix.zabbix_web
zabbix_api_server_url: zabbix.mydomain.com
zabbix_server_database: mysql
- zabbix_server_database_long: mysql
+ zabbix_db_type_long: mysql
zabbix_server_dbport: 3306
```
@@ -256,7 +229,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server
roles:
- role: community.zabbix.zabbix_server
zabbix_server_database: mysql
- zabbix_server_database_long: mysql
+ zabbix_db_type_long: mysql
zabbix_server_dbport: 3306
- hosts: zabbix-web
@@ -268,7 +241,7 @@ This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server
zabbix_api_server_url: zabbix.mydomain.com
zabbix_server_hostname: zabbix-server
zabbix_server_database: mysql
- zabbix_server_database_long: mysql
+ zabbix_db_type_long: mysql
zabbix_server_dbport: 3306
```
@@ -289,13 +262,13 @@ zabbix.conf.php, for example to add LDAP CA certificates. To do this add a `zabb
php_packages:
- php
- php-fpm
- - php-acpu
+ - php-apcu
- role: geerlingguy.apache-php-fpm
- role: community.zabbix.zabbix_web
zabbix_api_server_url: zabbix.mydomain.com
zabbix_server_hostname: zabbix-server
zabbix_server_database: mysql
- zabbix_server_database_long: mysql
+ zabbix_db_type_long: mysql
zabbix_server_dbport: 3306
zabbix_web_env:
LDAPTLS_CACERT: /etc/ssl/certs/ourcert.pem
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
index 6e326461e..f37bb07da 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
@@ -1,79 +1,66 @@
---
# defaults file for zabbix-web
-# zabbix_web_version: 6.0
-zabbix_web_version_minor: "*"
-zabbix_version: "{{ zabbix_web_version }}"
-zabbix_repo: zabbix
+# zabbix_web_version: 6.4
zabbix_web_package_state: present
-zabbix_web_centos_release: true
-zabbix_web_rhel_release: true
-zabbix_selinux: false
zabbix_web_doubleprecision: false
-zabbix_web_conf_mode: "0640"
+zabbix_web_conf_mode: "0644"
zabbix_web_connect_ha_backend: false
-
-zabbix_url: zabbix.example.com # Will be deprecated in 2.0.0
-zabbix_api_server_url: "{{ zabbix_url }}"
-zabbix_websrv: apache
-zabbix_websrv_servername: "{{ zabbix_api_server_url | regex_findall('(?:https?\\://)?([\\w\\-\\.]+)') | first }}"
+zabbix_api_server_url: zabbix.example.com
+zabbix_web_http_server: apache
zabbix_url_aliases: []
-zabbix_web_htpasswd: false
-zabbix_web_htpasswd_file: /etc/zabbix/web/htpasswd
-zabbix_timezone: Europe/Amsterdam
-zabbix_vhost: true
+zabbix_web_create_vhost: true
+zabbix_web_create_php_fpm: "{{ zabbix_web_create_vhost }}"
-zabbix_php_install: true
-zabbix_php_frontend_deprecated: false
-zabbix_php_fpm: false
-zabbix_php_fpm_dir_etc: /etc/opt/rh/rh-php72/
-zabbix_php_fpm_dir_var: /var/opt/rh/rh-php72/
-zabbix_php_fpm_conf_listen: true
-zabbix_php_fpm_conf_enable_user: true
-zabbix_php_fpm_conf_enable_group: true
-zabbix_php_fpm_conf_mode: "0664"
-zabbix_php_fpm_conf_enable_mode: true
-zabbix_php_install_state: present
+zabbix_server_name: "{{ inventory_hostname }}"
+zabbix_server_hostname: "{{ inventory_hostname }}"
+zabbix_server_listenport: 10051
-zabbix_apache_vhost_port: 80
-zabbix_apache_vhost_tls_port: 443
-zabbix_apache_vhost_listen_ip: "*"
-zabbix_apache_tls: false
-zabbix_apache_redirect: false
-zabbix_apache_tls_crt: /etc/pki/server.crt
-zabbix_apache_tls_key: /etc/pki/server.key
-zabbix_apache_tls_chain:
-zabbix_apache_can_connect_ldap: false
-zabbix_apache_include_custom_fragment: true
-zabbix_apache_SSLPassPhraseDialog: exec:/usr/libexec/httpd-ssl-pass-dialog
-zabbix_apache_SSLSessionCache: shmcb:/run/httpd/sslcache(512000)
-zabbix_apache_SSLSessionCacheTimeout: 300
-zabbix_apache_SSLCryptoDevice: builtin
+zabbix_web_vhost_port: 80
+zabbix_web_vhost_tls_port: 443
+zabbix_web_vhost_listen_ip: "*"
+zabbix_web_tls: false
+zabbix_timezone: Europe/Amsterdam
+zabbix_php_fpm_conf_listen: true
+# zabbix_web_tls_crt: /etc/pki/server.crt
+# zabbix_web_tls_key: /etc/pki/server.key
+# zabbix_web_tls_chain:
+# zabbix_web_SSLPassPhraseDialog: exec:/usr/libexec/httpd-ssl-pass-dialog
+# zabbix_web_SSLSessionCache: shmcb:/run/httpd/sslcache(512000)
+# zabbix_web_SSLSessionCacheTimeout: 300
+# zabbix_web_SSLCryptoDevice: builtin
+# zabbix_web_max_execution_time: 300
+# zabbix_web_memory_limit: 128M
+# zabbix_web_post_max_size: 16M
+# zabbix_web_upload_max_filesize: 2M
+# zabbix_web_max_input_time: 300
+# zabbix_web_max_input_vars: 10000
zabbix_apache_custom_includes: []
-zabbix_nginx_vhost_port: 80
-zabbix_nginx_vhost_tls_port: 443
-zabbix_nginx_tls: false
-zabbix_nginx_redirect: false
-zabbix_nginx_tls_session_timeout: 1d
-zabbix_nginx_tls_session_cache: shared:MySSL:10m
-zabbix_nginx_tls_session_tickets: !!str off
-zabbix_nginx_tls_protocols: TLSv1.2
-zabbix_nginx_tls_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-
-zabbix_letsencrypt: false
-zabbix_letsencrypt_webroot_path: /var/www/letsencrypt
-zabbix_letsencrypt_webroot_mode: 0755
+# Database
+zabbix_server_database: pgsql
+zabbix_server_dbhost: localhost
+zabbix_server_dbname: zabbix-server
+zabbix_server_dbuser: zabbix-server
+zabbix_server_dbpassword: zabbix-server
+zabbix_server_dbport: 5432
+zabbix_server_dbencryption: false
+zabbix_server_dbverifyhost: false
+zabbix_server_dbschema:
+# Yum/APT Variables
+zabbix_web_apt_priority:
+zabbix_web_version_minor: "*"
zabbix_repo_yum_gpgcheck: 0
zabbix_repo_yum_schema: https
-zabbix_repo_yum_disabled: "*"
-zabbix_repo_yum_enabled: []
+zabbix_repo_deb_component: main
+zabbix_web_disable_repo:
+ - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
- baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
- gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
+ baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_web_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/"
+ gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}"
mode: "0644"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
@@ -81,41 +68,10 @@ zabbix_repo_yum:
description: Zabbix Official Repository non-supported - $basearch
baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/"
mode: "0644"
- gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
+ gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}"
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
-zabbix_5_repo_yum:
- - name: zabbix-frontend
- description: Zabbix Official Repository - $basearch
- baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/frontend/"
- mode: "0644"
- gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}"
- gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
- state: present
-
-zabbix_web_max_execution_time: 300
-zabbix_web_memory_limit: 128M
-zabbix_web_post_max_size: 16M
-zabbix_web_upload_max_filesize: 2M
-zabbix_web_max_input_time: 300
-zabbix_web_max_input_vars: 10000
-
-# Database
-zabbix_server_database: pgsql
-zabbix_server_database_long: postgresql
-zabbix_server_name: "{{ inventory_hostname }}"
-zabbix_server_hostname: "{{ inventory_hostname }}"
-zabbix_server_listenport: 10051
-zabbix_server_dbhost: localhost
-zabbix_server_dbname: zabbix-server
-zabbix_server_dbuser: zabbix-server
-zabbix_server_dbpassword: zabbix-server
-zabbix_server_dbport: 5432
-zabbix_server_dbencryption: false
-zabbix_server_dbverifyhost: false
-zabbix_server_dbschema:
-
# Elasticsearch
# zabbix_server_history_url:
# - "'uint' => 'http://localhost:9200'"
@@ -130,15 +86,13 @@ zabbix_server_history_types:
- "uint"
- "dbl"
-selinux_allow_zabbix_can_network: false
-_zabbix_web_apache_php_addition: false
+zabbix_selinux: false
+# selinux_allow_zabbix_can_network: false
+# zabbix_apache_can_connect_ldap: false
# SAML certificates
# zabbix_saml_idp_crt:
# zabbix_saml_sp_crt:
# zabbix_saml_sp_key:
-# When the `geerlingguys apache role` is not provided, we have some defaults.
-apache_ssl_cipher_suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-apache_ssl_protocol: all -SSLv3 -TLSv1 -TLSv1.1
-apache_vhosts_version: "2.4"
+# zabbix_web_ssl_cipher_suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml
index 0d0974632..e97787b12 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/handlers/main.yml
@@ -1,53 +1,43 @@
---
-
- name: restart apache
- service:
+ ansible.builtin.service:
name: "{{ _apache_service }}"
state: restarted
enabled: true
become: true
when:
- - zabbix_websrv == 'apache'
+ - zabbix_web_http_server == 'apache'
- name: test nginx config
listen: restart nginx
- command: nginx -t
+ ansible.builtin.command: nginx -t
register: zabbix_nginx_cfg_check
notify: restart nginx tested
become: true
when:
- - zabbix_websrv == 'nginx'
+ - zabbix_web_http_server == 'nginx'
- name: restart nginx tested
- service:
+ ansible.builtin.service:
name: nginx
state: restarted
enabled: true
become: true
when:
- - zabbix_websrv == 'nginx'
+ - zabbix_web_http_server == 'nginx'
- zabbix_nginx_cfg_check.rc == 0
-- name: restart redhat-php-fpm
- service:
- name: "{{ 'rh-php72-php-fpm' if zabbix_php_fpm else 'php-fpm' }}"
- state: restarted
- enabled: true
- become: true
- when:
- - zabbix_version is version('5.0', '>=')
-
- name: restart php-fpm-version
- service:
- name: php{{ zabbix_php_version }}-fpm
+ ansible.builtin.service:
+ name: php{{ zabbix_web_php_installed_version }}-fpm
state: restarted
enabled: true
become: true
when:
- - zabbix_version is version('5.0', '>=')
+ - zabbix_web_version is version('5.0', '>=')
- name: "clean repo files from proxy creds"
- shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
+ ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true
become: true
when:
- ansible_os_family == 'RedHat'
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
index 8a27b841c..ae1c7de26 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
@@ -1,63 +1,149 @@
---
+- name: "Debian | Set PHP Dependencies"
+ ansible.builtin.set_fact:
+ zabbix_web_php_dependencies: "{{ _apache_php_dependencies if zabbix_web_http_server == 'apache' else _nginx_php_dependencies }}"
+ tags:
+ - config
-- name: "Include Zabbix gpg ids"
- include_vars: zabbix.yml
+- name: "Debian | Set some variables"
+ ansible.builtin.set_fact:
+ zabbix_short_version: "{{ zabbix_web_version | regex_replace('\\.', '') }}"
+ zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}"
+ zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
+ tags:
+ - always
-- name: "Set short version name"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
+- name: "Debian | Update ansible_lsb fact"
+ ansible.builtin.setup:
+ gather_subset:
+ - lsb
-- name: "Debian | Install gpg key"
- apt_key:
- id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}"
- url: http://repo.zabbix.com/zabbix-official-repo.key
+- name: "Debian | Installing lsb-release"
+ ansible.builtin.apt:
+ pkg: lsb-release
+ update_cache: true
+ cache_valid_time: 3600
+ force: true
+ state: present
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ become: true
+ tags:
+ - install
+
+- name: "Debian | Repo URL"
+ ansible.builtin.set_fact:
+ zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
when:
- - zabbix_repo == "zabbix"
+ - zabbix_repo_deb_url is undefined
+ tags:
+ - always
+
+- name: "Debian | Install PHP Dependencies"
+ ansible.builtin.apt:
+ pkg: "{{ zabbix_web_php_dependencies }}"
+ state: "present"
+ update_cache: true
+ cache_valid_time: 0
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_web_php_dependencies_install
+ until: zabbix_web_php_dependencies_install is succeeded
become: true
tags:
- - zabbix-web
- - init
- - config
+ - install
+ - dependencies
-- name: "Debian | Installing repository {{ ansible_distribution }}"
- apt_repository:
- repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/ {{ ansible_distribution_release }} main"
- state: present
+- name: "Debian | Install PgSQL Dependencies"
+ ansible.builtin.apt:
+ pkg: "php{{ zabbix_web_php_installed_version }}-pgsql"
+ state: "present"
+ update_cache: true
+ cache_valid_time: 0
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_web_php_dependencies_install
+ until: zabbix_web_php_dependencies_install is succeeded
+ become: true
+ when: zabbix_server_database == 'pgsql'
+ tags:
+ - install
+ - dependencies
+ - database
+
+# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
+# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
+# See: https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: "Debian | Create /etc/apt/keyrings/ on older versions"
+ ansible.builtin.file:
+ path: /etc/apt/keyrings/
+ state: directory
+ mode: "0755"
become: true
when:
- - zabbix_repo == "zabbix"
- - ansible_machine != "aarch64"
- with_items:
- - deb-src
- - deb
+ - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or
+ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
+
+- name: "Debian | Download gpg key"
+ ansible.builtin.get_url:
+ url: http://repo.zabbix.com/zabbix-official-repo.key
+ dest: "{{ zabbix_gpg_key }}"
+ mode: "0644"
+ force: true
+ become: true
tags:
- - zabbix-web
- - init
- - config
+ - install
- name: "Debian | Installing repository {{ ansible_distribution }}"
- apt_repository:
- repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}-arm64/ {{ ansible_distribution_release }} main"
- state: present
+ ansible.builtin.copy:
+ dest: /etc/apt/sources.list.d/zabbix.sources
+ owner: root
+ group: root
+ mode: 0644
+ content: |
+ Types: deb deb-src
+ Enabled: yes
+ URIs: {{ zabbix_repo_deb_url }}
+ Suites: {{ ansible_distribution_release }}
+ Components: {{ zabbix_repo_deb_component }}
+ Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}}
+ Signed-By: {{ zabbix_gpg_key }}
become: true
+ tags:
+ - install
+
+- name: "Debian | Create /etc/apt/preferences.d/"
+ ansible.builtin.file:
+ path: /etc/apt/preferences.d/
+ state: directory
+ mode: "0755"
when:
- - zabbix_repo == "zabbix"
- - ansible_machine == "aarch64"
- with_items:
- - deb-src
- - deb
+ - zabbix_web_apt_priority | int
+ become: true
tags:
- - zabbix-web
- - init
- - config
+ - install
-- name: "Debian | Install PHP apart from zabbix-frontend-php deps"
- include_tasks: "php_Debian.yml"
- when: zabbix_php_install
+- name: "Debian | Configuring the weight for APT"
+ ansible.builtin.copy:
+ dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}"
+ content: |
+ Package: zabbix_server-{{ zabbix_proxy_database }}
+ Pin: origin repo.zabbix.com
+ Pin-Priority: {{ zabbix_web_apt_priority }}
+ owner: root
+ mode: "0644"
+ when:
+ - zabbix_web_apt_priority | int
+ become: true
+ tags:
+ - install
- name: "Debian | Install zabbix-web"
- apt:
- pkg: "zabbix-frontend-php{{ '-deprecated' if zabbix_php_frontend_deprecated else '' }}"
+ ansible.builtin.apt:
+ pkg: "zabbix-frontend-php"
state: "{{ zabbix_web_package_state }}"
update_cache: true
cache_valid_time: 0
@@ -68,41 +154,13 @@
until: zabbix_web_package_install is succeeded
become: true
tags:
- - zabbix-web
- - init
- - config
+ - install
- name: "Debian | Link graphfont.ttf (workaround ZBX-10467)"
- file:
- src: '/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf'
- path: '/usr/share/zabbix/fonts/graphfont.ttf'
+ ansible.builtin.file:
+ src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf"
+ path: "/usr/share/zabbix/fonts/graphfont.ttf"
state: link
- tags:
- - zabbix-web
- - init
- - config
-
-- name: "Debian | Install PHP"
- template:
- src: php-fpm.conf.j2
- dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf"
- owner: "{{ _apache_user }}"
- group: "{{ _apache_group }}"
- mode: 0644
become: true
- when:
- - zabbix_vhost
- notify:
- - restart php-fpm-version
-
-- name: "Including Apache Configuration"
- include_tasks: apache_Debian.yml
- vars:
- zabbix_apache_servername: "{{ zabbix_websrv_servername }}"
- when:
- - zabbix_websrv == 'apache'
-
-- name: "Configure SELinux when enabled"
- include_tasks: selinux.yml
- when:
- - zabbix_selinux | bool
+ tags:
+ - install
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
index bcd4dd666..30871017e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
@@ -1,183 +1,59 @@
----
-# Tasks specific for RedHat systems
+- name: "RedHat | Setting Short PHP Version"
+ ansible.builtin.set_fact:
+ zabbix_web_php_installed_version: "{{ zabbix_web_php_installed_version | regex_replace('\\.', '') }}"
+ tags:
+ - always
- name: "RedHat | Install basic repo file"
- yum_repository:
+ ansible.builtin.yum_repository:
name: "{{ item.name }}"
- description: "{{ item.description }}"
+ description: "{{ item.description | default(omit) }}"
baseurl: "{{ item.baseurl }}"
- gpgcheck: "{{ item.gpgcheck }}"
- gpgkey: "{{ item.gpgkey }}"
+ gpgcheck: "{{ item.gpgcheck | default(omit) }}"
+ gpgkey: "{{ item.gpgkey | default(omit) }}"
mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
+ priority: "{{ item.priority | default('99') }}"
state: "{{ item.state | default('present') }}"
proxy: "{{ zabbix_http_proxy | default(omit) }}"
with_items: "{{ zabbix_repo_yum }}"
register: yum_repo_installed
become: true
- when:
- zabbix_repo == "zabbix"
- notify:
- - "clean repo files from proxy creds"
- tags:
- - zabbix-web
-
-- name: "RedHat | Install basic repo file (Zabbix 5.x)"
- yum_repository:
- name: "{{ item.name }}"
- description: "{{ item.description }}"
- baseurl: "{{ item.baseurl }}"
- gpgcheck: "{{ item.gpgcheck }}"
- gpgkey: "{{ item.gpgkey }}"
- mode: "{{ item.mode | default('0644') }}"
- priority: "{{ item.priority | default('98') }}"
- state: "{{ item.state | default('present') }}"
- proxy: "{{ zabbix_http_proxy | default(omit) }}"
- with_items: "{{ zabbix_5_repo_yum }}"
- become: true
- when:
- - zabbix_repo == "zabbix"
- - zabbix_version is version('5.0', '>=')
- - ansible_distribution_major_version != '8'
- - ansible_distribution_major_version != '9'
notify:
- "clean repo files from proxy creds"
tags:
- - zabbix-web
-
-- name: "RedHat | Install zabbix-web dependency (Zabbix 5.x) (CentOS)"
- yum:
- pkg:
- - centos-release-scl
- state: "{{ zabbix_web_package_state }}"
- update_cache: true
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_web_dependency_package_install
- until: zabbix_web_dependency_package_install is succeeded
- become: true
- when:
- - zabbix_version is version('5.0', '>=')
- - zabbix_web_centos_release
- - ansible_distribution_major_version != '9'
- - ansible_distribution_major_version != '8'
- - ansible_distribution == "CentOS"
- tags:
- - zabbix-web
-
-- name: "RedHat | Install zabbix-web dependency (Zabbix 5.x) (RHEL)"
- yum:
- pkg:
- - scl-utils
- - scl-utils-build
- state: "{{ zabbix_web_package_state }}"
- update_cache: true
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_web_dependency_package_install
- until: zabbix_web_dependency_package_install is succeeded
- become: true
- when:
- - zabbix_version is version('5.0', '>=')
- - zabbix_web_centos_release
- - ansible_distribution_major_version != '9'
- - ansible_distribution_major_version != '8'
- - ansible_distribution == "RedHat"
- tags:
- - zabbix-web
+ - install
-- name: "RedHat | Install zabbix-web (Zabbix 5.x)"
- yum:
- pkg:
- - zabbix-apache-conf-scl-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}
+- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}"
+ ansible.builtin.yum:
+ name:
+ - "zabbix-web-{{ zabbix_server_database }}"
state: "{{ zabbix_web_package_state }}"
update_cache: true
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_web_package_install
until: zabbix_web_package_install is succeeded
become: true
- when:
- - zabbix_version is version('5.0', '>=')
- - ansible_distribution_major_version != '9'
- - ansible_distribution_major_version != '8'
- - zabbix_websrv == 'apache'
tags:
- - zabbix-web
+ - install
-- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}"
- yum:
- pkg: zabbix-web-{{ zabbix_server_database }}{{ '-scl' if zabbix_version is version('5.0', '>=') and ansible_distribution_major_version|int < 8 else '' }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}
+- name: "RedHat | Install zabbix-web-configuration"
+ ansible.builtin.yum:
+ name:
+ - "zabbix-{{ zabbix_web_http_server }}-conf"
state: "{{ zabbix_web_package_state }}"
update_cache: true
- disablerepo: "{{ '*' if (zabbix_repo_yum_enabled | length>0) else omit }}"
- enablerepo: "{{ zabbix_repo_yum_enabled if zabbix_repo_yum_enabled is iterable and (zabbix_repo_yum_enabled | length>0) else omit }}"
+ disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}"
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_web_package_install
until: zabbix_web_package_install is succeeded
become: true
- tags:
- - zabbix-web
-
-- name: RedHat 9 | Install PHP"
- package:
- name: php
- state: "{{ zabbix_php_install_state }}"
when:
- - zabbix_version is version('6.0', '>=')
+ - zabbix_web_version is version('6.0', '!=')
- ansible_distribution_major_version == '9'
- - zabbix_vhost
-
-- name: "RedHat | Install PHP"
- template:
- src: php-fpm.conf.j2
- dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf"
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
- mode: 0644
- become: true
- when:
- - zabbix_vhost
- notify:
- - restart redhat-php-fpm
-
-- include_tasks: apache_RedHat.yml
- vars:
- zabbix_apache_servername: "{{ zabbix_websrv_servername }}"
- when:
- - zabbix_websrv == 'apache'
-
-- name: "RedHat | Install Nginx vhost"
- template:
- src: nginx_vhost.conf.j2
- dest: /etc/nginx/conf.d/zabbix.conf
- owner: root
- group: root
- mode: 0644
- when:
- - zabbix_vhost
- - zabbix_websrv == 'nginx'
- become: true
- notify:
- - restart nginx
tags:
- - zabbix-web
- - init
- - config
- - nginx
-
-- name: "Configure SELinux when enabled"
- include_tasks: selinux.yml
- when:
- - zabbix_selinux | bool
+ - install
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml
deleted file mode 100644
index f02a6ebe4..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/access.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-- name: "htpasswd | check Python version to set prefix variable"
- set_fact:
- zabbix_python_prefix: "python{% if ansible_python_version is version_compare('3', '>=') %}3{% endif %}"
- when:
- - zabbix_web_htpasswd is defined
- - zabbix_web_htpasswd
- - zabbix_web_htpasswd_users is defined
-
-- name: "htpasswd | install passlib for Python interpreter"
- package:
- name: "{{ zabbix_python_prefix }}-passlib"
- state: present
- when:
- - zabbix_web_htpasswd is defined
- - zabbix_web_htpasswd
- - zabbix_web_htpasswd_users is defined
-
-- name: "htpasswd | manage HTTP authentication controls"
- community.general.htpasswd:
- path: "{{ zabbix_web_htpasswd_file }}"
- name: "{{ item.value.htpasswd_user }}"
- password: "{{ item.value.htpasswd_pass }}"
- group: www-data
- state: present
- loop_control:
- label: "{{ item.value.htpasswd_user }}"
- with_dict: "{{ zabbix_web_htpasswd_users }}"
- when:
- - zabbix_web_htpasswd is defined
- - zabbix_web_htpasswd
- - zabbix_web_htpasswd_users is defined
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml
index f33b9b765..7e55fe3e9 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache.yml
@@ -1,6 +1,47 @@
---
+- name: Setting Web Server Facts
+ ansible.builtin.set_fact:
+ zabbix_web_user: "{{ zabbix_web_user if zabbix_web_user is defined else _apache_user }}"
+ zabbix_web_group: "{{ zabbix_web_group if zabbix_web_group is defined else _apache_group }}"
+ zabbix_web_vhost_location: "{{ zabbix_web_vhost_location if zabbix_web_vhost_location is defined else _apache_vhost_location }}"
+ tags:
+ - always
+
+- name: "Apache | Installing Zabbix Apache Conf"
+ block:
+ - name: "Debian | Install zabbix-apache-conf"
+ ansible.builtin.apt:
+ pkg: "zabbix-apache-conf"
+ state: "{{ zabbix_web_package_state }}"
+ update_cache: true
+ cache_valid_time: 0
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_apache_conf_install
+ until: zabbix_apache_conf_install is succeeded
+ become: true
+ when: ansible_os_family == "Debian"
+
+ - name: "RedHat | Install zabbix-apache-conf"
+ ansible.builtin.yum:
+ name:
+ - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}"
+ state: "{{ zabbix_web_package_state }}"
+ update_cache: true
+ disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_apache_conf_install
+ until: zabbix_apache_conf_install is succeeded
+ become: true
+ when: ansible_os_family == "RedHat"
+ tags:
+ - install
+
- name: "Apache | Get Apache version"
- shell: |
+ ansible.builtin.shell: |
PATH=/usr/sbin:$PATH
set -o pipefail
apachectl -v | grep 'version' | awk -F '/' '{ print $2 }'| awk '{ print $1 }' | cut -c 1-3
@@ -10,26 +51,37 @@
args:
executable: /bin/bash
tags:
- - zabbix-web
+ - config
- name: "Apache | Set correct apache_version"
- set_fact:
+ ansible.builtin.set_fact:
apache_version: "{{ apachectl_version.stdout }}"
tags:
- - zabbix-web
+ - config
-- name: "Set some"
- set_fact:
- _zabbix_web_apache_php_addition: true
- when:
- - zabbix_version is version('4.4', '<=')
+- name: "Apache | Install apache vhost"
+ ansible.builtin.template:
+ src: apache_vhost.conf.j2
+ dest: "{{ zabbix_web_vhost_location }}"
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
+ mode: 0644
+ when: zabbix_web_create_vhost
+ become: true
+ notify:
+ - restart apache
tags:
- - zabbix-web
+ - config
-- name: "Set some"
- set_fact:
- _zabbix_web_apache_php_addition: true
- when:
- - ansible_os_family == "Debian"
+- name: "Apache | Enable Site (Debian Only)"
+ ansible.builtin.file:
+ src: "{{ zabbix_web_vhost_location }}"
+ dest: /etc/apache2/sites-enabled/zabbix.conf
+ state: link
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
+ mode: 0644
+ become: true
+ when: ansible_os_family == "Debian" and zabbix_web_create_vhost
tags:
- - zabbix-web
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml
deleted file mode 100644
index 732feaea9..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_Debian.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-
-- name: "Debian | Install legacy PHP integration for Apache"
- apt:
- state: present
- update_cache: true
- cache_valid_time: 3600
- name:
- - libapache2-mod-php
- become: true
-
-- name: "Debian | install apache vhost"
- template:
- src: apache_vhost.conf.j2
- dest: /etc/apache2/sites-available/zabbix.conf
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
- mode: 0644
- when: zabbix_vhost
- become: true
- notify:
- - restart apache
- tags:
- - zabbix-web
- - init
- - config
- - apache
-
-- name: "Debian | Remove provided zabbix.conf files"
- file:
- path: "{{ item }}"
- state: absent
- when: zabbix_vhost
- become: true
- with_items:
- - /etc/apache2/conf-available/zabbix.conf
- - /etc/apache2/conf-enabled/zabbix.conf
-
-- name: "Debian | enable apache vhost"
- file:
- src: /etc/apache2/sites-available/zabbix.conf
- dest: /etc/apache2/sites-enabled/zabbix.conf
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
- state: link
- when: zabbix_vhost
- become: true
- notify:
- - restart apache
- tags:
- - zabbix-server
- - init
- - config
- - apache
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml
deleted file mode 100644
index 3a271331d..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/apache_RedHat.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-- include_tasks: apache.yml
-
-- name: "RedHat | Install apache vhost"
- template:
- src: apache_vhost.conf.j2
- dest: /etc/httpd/conf.d/zabbix.conf
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
- mode: 0644
- when: zabbix_vhost
- become: true
- notify:
- - restart apache
- tags:
- - zabbix-server
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
index fad607b1d..b82d8486b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
@@ -1,103 +1,97 @@
---
-# tasks file for wdijkerman.zabbix-web
-
- name: "Include OS-specific variables"
- include_vars: "{{ ansible_os_family }}.yml"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
tags:
- always
- name: Determine Latest Supported Zabbix Version
- set_fact:
- zabbix_web_version: "{{ zabbix_valid_web_versions[ansible_distribution_major_version][0] | default(6.0) }}"
+ ansible.builtin.set_fact:
+ zabbix_web_version: "{{ zabbix_valid_web_versions[ansible_distribution_major_version][0] | default(6.4) }}"
when: zabbix_web_version is not defined
-
-- name: "Include distribution and version-specific vars"
- include_vars: "{{ item }}"
- with_first_found:
- - files:
- - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
tags:
- always
-- name: "Set some versions"
- set_fact:
- zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
- zabbix_php_version: "{{ zabbix_php_version if zabbix_php_version is defined else _zabbix_php_version }}"
- _zabbix_php_package_prefix: ""
+- name: Set More Variables
+ ansible.builtin.set_fact:
+ zabbix_valid_version: "{{ zabbix_web_version|float in zabbix_valid_web_versions[ansible_distribution_major_version] }}"
+ zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
tags:
- always
-- name: "Set default PHP-FPM variables"
- set_fact:
- zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}"
- zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _php_fpm_session }}"
- zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _php_fpm_listen }}"
- when:
- - not zabbix_php_fpm
-
-- name: "Set default PHP-FPM variables specific RH provided"
- set_fact:
- zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}"
- zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _zabbix_php_fpm_session }}"
- zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _zabbix_php_fpm_listen }}"
- when:
- - zabbix_php_fpm
- - ansible_os_family == "RedHat"
-
-- name: "Set websrv specific variables (Apache)"
- set_fact:
- zabbix_web_conf_web_user: "{{ zabbix_web_conf_web_user if zabbix_web_conf_web_user is defined else _apache_user }}"
- zabbix_web_conf_web_group: "{{ zabbix_web_conf_web_group if zabbix_web_conf_web_group is defined else _apache_group }}"
- when:
- - zabbix_websrv == 'apache'
+- name: Stopping Install of Invalid Version
+ ansible.builtin.fail:
+ msg: Zabbix version {{ zabbix_web_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
+ when: not zabbix_valid_version
+ tags:
+ - always
-- include_tasks: nginx.yml
- when:
- - zabbix_websrv == 'nginx'
+- name: Determine PHP Version
+ ansible.builtin.shell: php --version | head -1 | awk '{ print $2 }' | awk -F '.' '{print $1"."$2}'
+ register: _zabbix_web_php_installed_version
+ changed_when: false
+ tags:
+ - config
+ - install
-- name: "Install the correct repository"
- include_tasks: "RedHat.yml"
- when: ansible_os_family == "RedHat"
+- name: Set PHP Version
+ ansible.builtin.set_fact:
+ zabbix_web_php_installed_version: "{{ _zabbix_web_php_installed_version.stdout }}"
tags:
- - zabbix-web
+ - config
+ - install
-- name: "Install the correct repository"
- include_tasks: "Debian.yml"
- when: ansible_os_family == "Debian"
+- name: Set PHP Variables
+ ansible.builtin.set_fact:
+ zabbix_php_fpm_listen: "{{ zabbix_php_fpm_listen if zabbix_php_fpm_listen is defined else _zabbix_php_fpm_listen }}"
+ zabbix_php_fpm_dir: "{{ zabbix_php_fpm_dir if zabbix_php_fpm_dir is defined else _php_fpm_dir }}"
+ zabbix_php_fpm_session: "{{ zabbix_php_fpm_session if zabbix_php_fpm_session is defined else _php_fpm_session }}"
tags:
- - zabbix-web
+ - config
+ - install
+
+- name: Include OS Specific Tasks
+ ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: "Install the web server specific tasks"
+ ansible.builtin.include_tasks: "{{ zabbix_web_http_server }}.yml"
- name: "Create zabbix-web directory"
- file:
+ ansible.builtin.file:
path: /etc/zabbix/web
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
state: directory
mode: 0755
+ become: true
tags:
- - zabbix-web
- - init
+ - install
- config
- name: "Configure zabbix-web"
- template:
+ ansible.builtin.template:
src: zabbix.conf.php.j2
dest: /etc/zabbix/web/zabbix.conf.php
- owner: "{{ zabbix_web_conf_web_user }}"
- group: "{{ zabbix_web_conf_web_group }}"
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
mode: "{{ zabbix_web_conf_mode }}"
+ become: true
notify:
- - restart apache
+ - "restart {{ zabbix_web_http_server }}"
tags:
- - zabbix-web
- - init
- config
-- include_tasks: access.yml
+- name: "Debian | Install PHP"
+ ansible.builtin.template:
+ src: php-fpm.conf.j2
+ dest: "{{ zabbix_php_fpm_dir }}/zabbix.conf"
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
+ mode: 0644
+ become: true
when:
- - zabbix_web_htpasswd
+ - zabbix_web_create_php_fpm
+ - ansible_os_family == "Debian"
+ notify:
+ - restart php-fpm-version
tags:
- - zabbix-web
- - init
- config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml
index 9e4ec41f1..1f50263ca 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/nginx.yml
@@ -1,153 +1,59 @@
---
- name: "Nginx | Set websrv specific variables"
- set_fact:
- zabbix_web_conf_web_user: "{{ zabbix_web_conf_web_user if zabbix_web_conf_web_user is defined else _nginx_user }}"
- zabbix_web_conf_web_group: "{{ zabbix_web_conf_web_group if zabbix_web_conf_web_group is defined else _nginx_group }}"
- zabbix_nginx_config_path: "{{ zabbix_nginx_config_path if zabbix_nginx_config_path is defined else _nginx_config_path }}"
+ ansible.builtin.set_fact:
+ zabbix_web_user: "{{ zabbix_web_user if zabbix_web_user is defined else _nginx_user }}"
+ zabbix_web_group: "{{ zabbix_web_group if zabbix_web_group is defined else _nginx_group }}"
+ zabbix_web_vhost_location: "{{ zabbix_web_vhost_location if zabbix_web_vhost_location is defined else _nginx_vhost_location }}"
zabbix_nginx_log_path: "{{ zabbix_nginx_log_path if zabbix_nginx_log_path is defined else _nginx_log_path }}"
zabbix_nginx_service: "{{ zabbix_nginx_service if zabbix_nginx_service is defined else _nginx_service }}"
- zabbix_nginx_tls_crt: "{{ zabbix_nginx_tls_crt if zabbix_nginx_tls_crt is defined else _nginx_tls_crt }}"
- zabbix_nginx_tls_key: "{{ zabbix_nginx_tls_key if zabbix_nginx_tls_key is defined else _nginx_tls_key }}"
- zabbix_nginx_tls_dhparam: "{{ zabbix_nginx_tls_dhparam if zabbix_nginx_tls_dhparam is defined else _nginx_tls_dhparam }}"
- zabbix_apache_service: "{{ zabbix_apache_service if zabbix_apache_service is defined else _apache_service }}"
-
-- name: "Nginx | Check Apache service if same ports"
- command: systemctl status "{{ zabbix_apache_service }}"
- failed_when: false
- register: zabbix_apache_service_check
- changed_when: zabbix_apache_service_check.rc == 0
- check_mode: false
- when:
- - zabbix_apache_vhost_port == zabbix_nginx_vhost_port
- - zabbix_apache_vhost_tls_port == zabbix_nginx_vhost_tls_port
-
-- name: "Nginx | Stop Apache running on same ports"
- service:
- name: "{{ zabbix_apache_service }}"
- state: stopped
- enabled: false
tags:
- - zabbix-web
- when:
- - zabbix_apache_vhost_port == zabbix_nginx_vhost_port
- - zabbix_apache_vhost_tls_port == zabbix_nginx_vhost_tls_port
- - zabbix_apache_service_check.rc == 0
-
-- name: "Nginx | Debian | Install Nginx and ssl-cert packages"
- # README don't go for HTTP2 with nginx-full yet due to:
- # https://support.zabbix.com/browse/ZBXNEXT-4670
- apt:
- state: present
- name:
- - nginx-light
- - ssl-cert
- when: ansible_os_family == "Debian"
-
-- name: "Nginx | RedHat | Install Nginx packages"
- yum:
- state: present
- name:
- - nginx
- when: ansible_os_family == "RedHat"
-
-- name: "Nginx | Start and enable service"
- service:
- name: "{{ zabbix_nginx_service }}"
- state: started
- enabled: true
-
-- name: "Nginx | Install OpenSSL package for DH parameters"
- package:
- name: openssl
- state: present
-
-- name: "Nginx | Generate SSL DH parameters"
- command: "openssl dhparam -out {{ zabbix_nginx_tls_dhparam }} {{ zabbix_nginx_tls_dhparam_bits | default('2048') }}"
- args:
- creates: "{{ zabbix_nginx_tls_dhparam }}"
-
-- name: "Let's Encrypt | check for certificate created by certbot"
- stat:
- path: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem"
- register: zabbix_letsencrypt_cert
- failed_when: false
- when: zabbix_letsencrypt
-
-- name: "Let's Encrypt | Create directory for certbot webroot if not exist"
- file:
- path: "{{ zabbix_letsencrypt_webroot_path }}"
- mode: "{{ zabbix_letsencrypt_webroot_mode }}"
- state: directory
- when:
- - zabbix_letsencrypt
- become: true
+ - config
+ - install
+
+- name: "Nginx | Installing Zabbix Nginx Conf"
+ block:
+ - name: "Debian | Install zabbix-nginx-conf"
+ ansible.builtin.apt:
+ pkg: "zabbix-nginx-conf"
+ state: "{{ zabbix_web_package_state }}"
+ update_cache: true
+ cache_valid_time: 0
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_apache_conf_install
+ until: zabbix_apache_conf_install is succeeded
+ become: true
+ when: ansible_os_family == "Debian"
+
+ - name: "RedHat | Install zabbix-nginx-conf"
+ ansible.builtin.yum:
+ name:
+ - "zabbix-nginx-conf"
+ state: "{{ zabbix_web_package_state }}"
+ update_cache: true
+ disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: zabbix_apache_conf_install
+ until: zabbix_apache_conf_install is succeeded
+ become: true
+ when: ansible_os_family == "RedHat"
+ tags:
+ - install
- name: "Nginx | Install vhost in conf.d"
- template:
+ ansible.builtin.template:
src: nginx_vhost.conf.j2
- dest: "{{ zabbix_nginx_config_path }}/zabbix.conf"
- owner: root
- group: root
+ dest: "{{ zabbix_web_vhost_location }}"
+ owner: "{{ zabbix_web_user }}"
+ group: "{{ zabbix_web_group }}"
mode: 0644
when:
- - zabbix_vhost
- become: true
- notify:
- - restart nginx
-
-- name: "Let's Encrypt | Check if zabbix_websrv_servername is resolvable"
- set_fact:
- zabbix_websrv_servername_ip: "{{ lookup('dig', 'qtype=A', zabbix_websrv_servername) }}"
- changed_when: zabbix_websrv_servername_ip != ansible_default_ipv4.address
- register: zabbix_letsencrypt_resolve
- when: zabbix_letsencrypt
-
-- name: "Let's Encrypt | check if certbot CLI is present"
- shell: "certbot --version"
- register: zabbix_cerbot_check
- changed_when: zabbix_cerbot_check.rc != 0
- check_mode: false
- when: zabbix_letsencrypt
-
-- name: "Let's Encrypt | flash all handlers before certbot"
- meta: flush_handlers
- when:
- - zabbix_letsencrypt
- - zabbix_letsencrypt_resolve is not changed
- - zabbix_cerbot_check.rc == 0
-
-- name: "Let's Encrypt | generate certs with certbot CLI"
- command: >
- certbot --non-interactive certonly --expand
- -a webroot --webroot-path={{ zabbix_letsencrypt_webroot_path }}
- --email {{ zabbix_letsencrypt_account_email }} --agree-tos
- --cert-name {{ zabbix_websrv_servername }}
- -d {{ zabbix_websrv_servername }}
- args:
- creates: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem"
- when:
- - zabbix_letsencrypt
- - zabbix_letsencrypt_resolve is not changed
- - zabbix_cerbot_check.rc == 0
-
-- name: "Let's Encrypt | Check for certificate created by certbot"
- stat:
- path: "/etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem"
- register: zabbix_letsencrypt_cert
- failed_when: false
- when: zabbix_letsencrypt
-
-- name: "Let's Encrypt | Reinstall Nginx vhost"
- template:
- src: nginx_vhost.conf.j2
- dest: /etc/nginx/conf.d/zabbix.conf
- owner: root
- group: root
- mode: 0644
- when:
- - zabbix_letsencrypt
- - zabbix_letsencrypt_resolve is not changed
- - zabbix_cerbot_check.rc == 0
+ - zabbix_web_create_vhost
become: true
notify:
- restart nginx
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml
deleted file mode 100644
index 6a2f329b6..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/php_Debian.yml
+++ /dev/null
@@ -1,43 +0,0 @@
----
-
-- include_tasks: apache.yml
- when:
- - zabbix_websrv == 'apache'
-
-# This obviously needs to have some improvements.. :)
-
-- name: "Debian | Determine php prefix for packages installations (legacy php5)"
- set_fact:
- _zabbix_php_package_prefix: 5
- when:
- - ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '<')
- or ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('9', '<')
-
-- name: "Debian | Determine php prefix for packages installations (Current distros)"
- set_fact:
- _zabbix_php_package_prefix: "{{ zabbix_php_version }}"
- when:
- - ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('16.04', '>=') or
- ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('9', '>=')
- - zabbix_version is version_compare('5.0', '>=')
- - not _zabbix_web_apache_php_addition
-
-- name: "Debian | Install php packages"
- apt:
- state: present
- update_cache: true
- cache_valid_time: 3600
- name:
- - php{{ _zabbix_php_package_prefix }}-{{ zabbix_server_database }}
- - php{{ _zabbix_php_package_prefix }}-bcmath
- - php{{ _zabbix_php_package_prefix }}-mbstring
- - php{{ _zabbix_php_package_prefix }}-ldap
- - php{{ _zabbix_php_package_prefix }}-xml
- - php{{ _zabbix_php_package_prefix }}-gd
- - php{{ _zabbix_php_package_prefix }}-fpm
- register: zabbix_web_php_dependency_install
- until: zabbix_web_php_dependency_install is succeeded
- become: true
- tags:
- - zabbix-web
- - init
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
index df8936eb1..56e2ae05e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
@@ -1,7 +1,6 @@
---
-
- name: "SELinux | RedHat | Install related SELinux package"
- yum:
+ ansible.builtin.yum:
name:
- libsemanage-python
state: present
@@ -16,10 +15,10 @@
- selinux_allow_zabbix_can_network
- ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
tags:
- - zabbix-web
+ - install
- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8"
- yum:
+ ansible.builtin.yum:
name:
- python3-libsemanage
state: present
@@ -34,7 +33,7 @@
- selinux_allow_zabbix_can_network
- ansible_distribution_major_version|int >= 8
tags:
- - zabbix-web
+ - install
- name: "SELinux | RedHat | Enable zabbix_can_network SELinux boolean"
ansible.posix.seboolean:
@@ -46,7 +45,7 @@
- ansible_os_family == "RedHat"
- selinux_allow_zabbix_can_network
tags:
- - zabbix-web
+ - config
- name: "SELinux | Allow httpd to connect to db (SELinux)"
ansible.posix.seboolean:
@@ -57,7 +56,8 @@
when:
- ansible_selinux.status == "enabled"
- selinux_allow_zabbix_can_network
- tags: selinux
+ tags:
+ - config
- name: "SELinux | Allow httpd to connect to zabbix (SELinux)"
ansible.posix.seboolean:
@@ -68,7 +68,8 @@
when:
- ansible_selinux.status == "enabled"
- selinux_allow_zabbix_can_network
- tags: selinux
+ tags:
+ - config
- name: "SELinux | Allow httpd to connect to ldap (SELinux)"
ansible.posix.seboolean:
@@ -79,4 +80,5 @@
when:
- ansible_selinux.status == "enabled"
- zabbix_apache_can_connect_ldap | bool
- tags: selinux
+ tags:
+ - config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2
index 4149c43fa..334861d9b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/apache_vhost.conf.j2
@@ -1,5 +1,5 @@
-<VirtualHost {{ zabbix_apache_vhost_listen_ip }}:{{ zabbix_apache_vhost_port }}>
- ServerName {{ zabbix_apache_servername }}
+<VirtualHost {{ zabbix_web_vhost_listen_ip }}:{{ zabbix_web_vhost_port }}>
+ ServerName {{ zabbix_api_server_url }}
{% for alias in zabbix_url_aliases %}
ServerAlias {{ alias }}
{% endfor %}
@@ -13,7 +13,7 @@
{% endfor %}
{% endif %}
-{% if zabbix_apache_redirect and zabbix_apache_tls %}
+{% if zabbix_web_redirect|default(false) and zabbix_web_tls|default(false) %}
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
@@ -57,50 +57,27 @@
{% endfor %}
## Logging
- ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_error.log"
+ ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_error.log"
ServerSignature Off
- CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_access.log" combined
+ CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_access.log" combined
## Rewrite rules
RewriteEngine On
RewriteRule ^$ /index.php [L]
-
-{% if _zabbix_web_apache_php_addition | default(false) %}
-{% if zabbix_apache_include_custom_fragment | default(true) %}
- ## Custom fragment
- {% if zabbix_php_fpm %}
- ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1
- ProxyTimeout 1800
- {% else %}
- php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }}
- php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }}
- php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }}
- php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }}
- php_value max_input_time {{ zabbix_web_max_input_time | default('300') }}
-
- {% if zabbix_version is version('5.0', '>=') %}
- php_value max_input_vars {{ zabbix_web_max_input_vars | default('10000') }}
- {% endif %}
-
- # Set correct timezone.
- php_value date.timezone {{ zabbix_timezone }}
- {% endif %}
-{% endif %}
-{% endif %}
</VirtualHost>
{# Set up TLS vhosts #}
-{% if zabbix_apache_tls and zabbix_apache_vhost_tls_port %}
+{% if zabbix_web_tls and zabbix_web_vhost_tls_port %}
-SSLPassPhraseDialog {{ zabbix_apache_SSLPassPhraseDialog }}
-SSLSessionCache {{ zabbix_apache_SSLSessionCache }}
-SSLSessionCacheTimeout {{ zabbix_apache_SSLSessionCacheTimeout }}
+{{ (zabbix_web_SSLPassPhraseDialog is defined and zabbix_web_SSLPassPhraseDialog is not none) | ternary('', '# ') }}SSLPassPhraseDialog {{ zabbix_web_SSLPassPhraseDialog | default('') }}
+{{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}SSLSessionCache {{ zabbix_web_SSLSessionCache | default('') }}
+{{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}SSLSessionCacheTimeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }}
+{{ (zabbix_web_SSLCryptoDevice is defined and zabbix_web_SSLCryptoDevice is not none) | ternary('', '# ') }}SSLCryptoDevice {{ zabbix_web_SSLCryptoDevice | default('') }}
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
-SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }}
-<VirtualHost _default_:{{ zabbix_apache_vhost_tls_port }}>
- ServerName {{ zabbix_apache_servername }}
+<VirtualHost {{ zabbix_web_vhost_listen_ip }}:{{ zabbix_web_vhost_tls_port }}>
+ ServerName {{ zabbix_api_server_url }}
{% for alias in zabbix_url_aliases %}
ServerAlias {{ alias }}
{% endfor %}
@@ -115,17 +92,14 @@ SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }}
{% endif %}
SSLEngine on
- SSLCipherSuite {{ apache_ssl_cipher_suite }}
- SSLProtocol {{ apache_ssl_protocol }}
- SSLHonorCipherOrder On
-{% if apache_vhosts_version == "2.4" %}
+ {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}SSLCipherSuite {{ zabbix_web_ssl_cipher_suite | default('') }}
+ {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}SSLHonorCipherOrder On
+{% if apache_version|string() == '2.4' %}
SSLCompression off
{% endif %}
- SSLCertificateFile {{ zabbix_apache_tls_crt }}
- SSLCertificateKeyFile {{ zabbix_apache_tls_key }}
-{% if zabbix_apache_tls_chain %}
- SSLCertificateChainFile {{ zabbix_apache_tls_chain }}
-{% endif %}
+ SSLCertificateFile {{ zabbix_web_tls_crt }}
+ SSLCertificateKeyFile {{ zabbix_web_tls_key }}
+ {{ (zabbix_web_tls_chain is defined and zabbix_web_tls_chain is not none) | ternary('', '# ') }}SSLCertificateChainFile {{ zabbix_web_tls_chain | default('') }}
{% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/app', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %}
@@ -165,35 +139,13 @@ SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }}
{% endfor %}
## Logging
- ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_tls_error.log"
+ ErrorLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_tls_error.log"
ServerSignature Off
- CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_apache_servername }}_tls_access.log" combined
+ CustomLog "/var/log/{{ _apache_log }}/{{ zabbix_api_server_url }}_tls_access.log" combined
## Rewrite rules
RewriteEngine On
RewriteRule ^$ /index.php [L]
-{% if _zabbix_web_apache_php_addition | default(false) %}
-{% if zabbix_apache_include_custom_fragment | default(true) %}
- ## Custom fragment
- {% if zabbix_php_fpm %}
- ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1
- ProxyTimeout 1800
- {% else %}
- php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }}
- php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }}
- php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }}
- php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }}
- php_value max_input_time {{ zabbix_web_max_input_time | default('300') }}
-
- {% if zabbix_version is version('5.0', '>=') %}
- php_value max_input_vars {{ zabbix_web_max_input_vars | default('10000') }}
- {% endif %}
-
- # Set correct timezone.
- php_value date.timezone {{ zabbix_timezone }}
- {% endif %}
-{% endif %}
-{% endif %}
</VirtualHost>
{% endif %}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
index 49671984c..7854b83ce 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
@@ -1,61 +1,78 @@
# Nginx configuration for Zabbix Web
server {
-{% if not zabbix_nginx_tls %}
- listen {{ zabbix_nginx_vhost_port }};
-{% else %}
-{% if zabbix_letsencrypt %}
- listen 80;
+ listen {{ zabbix_web_vhost_port }};
server_tokens off;
- server_name {{ zabbix_websrv_servername }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %};
- location ^~ /.well-known/acme-challenge {
- root {{ zabbix_letsencrypt_webroot_path | default('/var/www/letsencrypt') }};
- # disables IP restrictions and HTTP auth
- allow all;
- default_type text/plain;
- try_files $uri =404;
+ server_name {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %};
+
+ {% if zabbix_web_redirect|default(false) and zabbix_web_tls|default(false) %}
+ return 301 https://{{ zabbix_api_server_url }}$request_uri;
+ {% else %}
+ root /usr/share/zabbix;
+
+ index index.php;
+
+ location = /favicon.ico {
+ log_not_found off;
}
- location / { return 301 https://$host:{{ zabbix_nginx_vhost_tls_port }}$request_uri; }
-}
-server {
-{% endif %}
- listen {{ zabbix_nginx_vhost_tls_port }} ssl;
-{% if zabbix_letsencrypt and zabbix_letsencrypt_cert.stat.exists %}
- ssl_certificate /etc/letsencrypt/live/{{ zabbix_websrv_servername }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ zabbix_websrv_servername }}/privkey.pem;
-{% else %}
- ssl_certificate {{ zabbix_nginx_tls_crt }};
- ssl_certificate_key {{ zabbix_nginx_tls_key }};
-{% endif %}
- ssl_session_timeout {{ zabbix_nginx_tls_session_timeout }};
- ssl_session_cache {{ zabbix_nginx_tls_session_cache }};
- ssl_session_tickets {{ zabbix_nginx_tls_session_tickets }};
- ssl_dhparam {{ zabbix_nginx_tls_dhparam }};
+ location / {
+ try_files $uri $uri/ =404;
+ }
- ssl_protocols {{ zabbix_nginx_tls_protocols }};
- ssl_ciphers {{ zabbix_nginx_tls_ciphers }};
- ssl_prefer_server_ciphers off;
+ location /assets {
+ access_log off;
+ expires 10d;
+ }
-{% endif %}
- server_tokens off;
- server_name {{ zabbix_websrv_servername }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %};
+ location ~ /\.ht {
+ deny all;
+ }
-{% if zabbix_web_allowlist_ips is defined and zabbix_web_allowlist_ips %}
- # Allow list IPs via zabbix_web_allowlist_ips
- satisfy any;
-{% for ip in zabbix_web_allowlist_ips | ansible.netcommon.ipaddr %}
- allow {{ ip }};
-{% endfor %}
- deny all;
+ location ~ /(api\/|conf[^\.]|include|locale) {
+ deny all;
+ return 404;
+ }
-{% endif %}
-{% if zabbix_web_htpasswd is defined and zabbix_web_htpasswd %}
- # HTTP authentication via zabbix_web_htpasswd
- auth_basic "Restricted";
- auth_basic_user_file {{ zabbix_web_htpasswd_file }};
+ location ~ [^/]\.php(/|$) {
+ fastcgi_pass unix:{{ zabbix_php_fpm_listen }};
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_index index.php;
-{% endif %}
+ fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
+ fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
+ fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
+
+ include fastcgi_params;
+ fastcgi_param QUERY_STRING $query_string;
+ fastcgi_param REQUEST_METHOD $request_method;
+ fastcgi_param CONTENT_TYPE $content_type;
+ fastcgi_param CONTENT_LENGTH $content_length;
+
+ fastcgi_intercept_errors on;
+ fastcgi_ignore_client_abort off;
+ fastcgi_connect_timeout 60;
+ fastcgi_send_timeout 180;
+ fastcgi_read_timeout 180;
+ fastcgi_buffer_size 128k;
+ fastcgi_buffers 4 256k;
+ fastcgi_busy_buffers_size 256k;
+ fastcgi_temp_file_write_size 256k;
+ }
+ {% endif %}
+}
+
+{% if zabbix_web_tls|default(false) %}
+server {
+ listen {{ zabbix_web_vhost_tls_port }} ssl;
+ server_tokens off;
+ server_name {{ zabbix_api_server_url }} {% for alias in zabbix_url_aliases -%}{{ alias -}} {% endfor %};
+
+ ssl_certificate {{ zabbix_web_tls_crt }};
+ ssl_certificate_key {{ zabbix_web_tls_key }};
+ {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}ssl_ciphers {{ zabbix_web_ssl_cipher_suite | default('') }}
+ {{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}ssl_session_cache {{ zabbix_web_SSLSessionCache | default('') }}
+ {{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}ssl_session_timeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }}
root /usr/share/zabbix;
index index.php;
@@ -108,3 +125,4 @@ server {
fastcgi_temp_file_write_size 256k;
}
}
+{% endif %}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2
index bf2faef7a..e6b02cc9e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/php-fpm.conf.j2
@@ -1,20 +1,14 @@
[zabbix]
-user = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }}
-group = {{ zabbix_php_fpm_conf_group if zabbix_php_fpm_conf_group is defined else zabbix_web_conf_web_group }}
+user = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }}
+group = {{ zabbix_php_fpm_conf_group if zabbix_php_fpm_conf_group is defined else zabbix_web_group }}
listen = {{ zabbix_php_fpm_listen }}
{% if zabbix_php_fpm_conf_listen and ansible_os_family != 'Debian' %}
-listen.acl_users = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }}
-{% endif %}
-{% if zabbix_php_fpm_conf_enable_user is defined %}
-listen.owner = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_conf_web_user }}
-{% endif %}
-{% if zabbix_php_fpm_conf_enable_group %}
-listen.group = {{ _nginx_group if zabbix_websrv=='nginx' else _apache_group }}
-{% endif %}
-{% if zabbix_php_fpm_conf_enable_mode %}
-listen.mode = {{ zabbix_php_fpm_conf_mode }}
+listen.acl_users = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }}
{% endif %}
+listen.owner = {{ zabbix_php_fpm_conf_user if zabbix_php_fpm_conf_user is defined else zabbix_web_user }}
+listen.group = {{ _nginx_group if zabbix_web_http_server=='nginx' else _apache_group }}
+listen.mode = 0644
listen.allowed_clients = 127.0.0.1
pm = dynamic
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2
index 880ed36f0..79ff73b15 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/zabbix.conf.php.j2
@@ -6,7 +6,7 @@ global $DB, $HISTORY;
global $DB;
{% endif %}
-$DB['TYPE'] = '{{ zabbix_server_database_long | upper() }}';
+$DB['TYPE'] = '{{ zabbix_db_type_long | upper() }}';
$DB['SERVER'] = '{{ zabbix_server_dbhost }}';
$DB['PORT'] = '{{ zabbix_server_dbport }}';
$DB['DATABASE'] = '{{ zabbix_server_dbname }}';
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml
deleted file mode 100644
index 8ed439680..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-10.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.2
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml
deleted file mode 100644
index 9d28ef9e3..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-11.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.4
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml
deleted file mode 100644
index b4537abdf..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-8.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.3
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml
deleted file mode 100644
index 9d28ef9e3..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian-9.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.4
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
index 9840e6505..7b60c70bd 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
@@ -3,16 +3,20 @@ _apache_user: www-data
_apache_group: www-data
_apache_log: apache2
_apache_service: apache2
+_apache_vhost_location: /etc/apache2/sites-available/zabbix.conf
-_php_fpm_dir: /etc/php/{{ _zabbix_php_version }}/fpm/pool.d
+_php_fpm_dir: /etc/php/{{ zabbix_web_php_installed_version }}/fpm/pool.d
_php_fpm_session: /tmp
-_php_fpm_listen: /run/php/zabbix.sock
+_zabbix_php_fpm_listen: /run/php/zabbix.sock
_zabbix_php_fpm_mode: "0666"
_zabbix_php_fpm_allowed_clients: 127.0.0.1
+_apache_php_dependencies: libapache2-mod-php{{ zabbix_web_php_installed_version }}
+_nginx_php_dependencies: []
+
_nginx_user: www-data
_nginx_group: www-data
-_nginx_config_path: /etc/nginx/conf.d
+_nginx_vhost_location: /etc/nginx/conf.d/zabbix.conf
_nginx_log_path: /var/log/nginx
_nginx_service: nginx
_nginx_tls_crt: /etc/ssl/certs/ssl-cert-snakeoil.pem
@@ -21,27 +25,27 @@ _nginx_tls_dhparam: /etc/ssl/private/dhparams.pem
zabbix_valid_web_versions:
# Debian
+ "12":
+ - 6.4
+ - 6.0
"11":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"10":
- 6.0
- - 5.0
- - 4.0
- "9":
- - 4.0
# Ubuntu
"22":
- 6.4
+ - 6.2
- 6.0
"20":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
"18":
- 6.0
- - 5.0
- - 4.0
+
+debian_keyring_path: /etc/apt/keyrings/
+zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
+_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml
deleted file mode 100644
index 5109c4793..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-7.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-_php_fpm_dir: /etc/opt/rh/rh-php72/php-fpm.d/
-_php_fpm_session: /var/lib/php/session
-_php_fpm_listen: "/run/php-fpm/zabbix.sock"
-
-_zabbix_php_version: 7.2
-_zabbix_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/
-_zabbix_php_fpm_listen: /var/opt/rh/rh-php72/run/php-fpm/zabbix.sock
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml
deleted file mode 100644
index 72022a460..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-8.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-_php_fpm_dir: /etc/php-fpm.d
-_php_fpm_session: /var/lib/php/session
-_php_fpm_listen: "/run/php-fpm/zabbix.sock"
-
-_zabbix_php_version: 7.4
-_zabbix_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/
-_zabbix_php_fpm_listen: /var/opt/rh/rh-php72/run/php-fpm/zabbix.sock
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml
deleted file mode 100644
index bfcca82d3..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat-9.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-_php_fpm_dir: /etc/php-fpm.d
-_php_fpm_session: /var/lib/php/session
-_php_fpm_listen: "/run/php-fpm/zabbix.sock"
-
-_zabbix_php_version: 8.0
-_zabbix_php_fpm_session: /var/lib/php/session
-_zabbix_php_fpm_listen: /run/php-fpm/zabbix.sock
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml
index 89a950683..785c18c99 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/vars/RedHat.yml
@@ -3,29 +3,41 @@ _apache_user: apache
_apache_group: apache
_apache_log: httpd
_apache_service: httpd
+_apache_vhost_location: /etc/httpd/conf.d/zabbix.conf
_php_fpm_dir: /etc/php-fpm.d
-_php_fpm_session: /var/opt/rh/rh-php72/lib/php/session/
-_php_fpm_listen: /run/php-fpm/zabbix.sock
+_php_fpm_session: /var/lib/php/session
+_zabbix_php_fpm_listen: /run/php-fpm/zabbix.sock
_nginx_user: nginx
_nginx_group: nginx
-_nginx_config_path: /etc/nginx/conf.d
+_nginx_vhost_location: /etc/nginx/conf.d/zabbix.conf
_nginx_log_path: /var/log/nginx
_nginx_service: nginx
-_nginx_tls_crt: /etc/pki/server.crt
-_nginx_tls_key: /etc/pki/server.key
-_nginx_tls_dhparam: /etc/pki/dhparam-server.pem
+
+__epel_repo:
+ - epel
zabbix_valid_web_versions:
"9":
- 6.4
+ - 6.2
- 6.0
"8":
- 6.4
+ - 6.2
- 6.0
- - 5.0
- - 4.0
- "7":
- - 5.0
- - 4.0
+
+zabbix_web_php_dependencies:
+ - "php-gd"
+ - "php-bcmath"
+ - "php-xml"
+ - "php-mbstring"
+ - "php-ldap"
+ - "php-{{ 'pgsql' if zabbix_server_database == 'pgsql' else 'mysqlnd' }}"
+
+zabbix_selinux_dependencies:
+ "9":
+ - python3-libsemanage
+ "8":
+ - python3-libsemanage
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml
deleted file mode 100644
index 8ed439680..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-18.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.2
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml
deleted file mode 100644
index 9d28ef9e3..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-20.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 7.4
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml
deleted file mode 100644
index 39525f373..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Ubuntu-22.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-_zabbix_php_version: 8.1
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml
deleted file mode 100644
index 6de493b2e..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/zabbix.yml
+++ /dev/null
@@ -1,258 +0,0 @@
----
-sign_keys:
- "64":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "62":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "60":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- jammy:
- sign_key: E709712C
- "54":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "52":
- # bullseye: not available upstream
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "50":
- bullseye:
- sign_key: E709712C
- buster:
- sign_key: E709712C
- jessie:
- sign_key: E709712C
- stretch:
- sign_key: E709712C
- focal:
- sign_key: E709712C
- bionic:
- sign_key: E709712C
- xenial:
- sign_key: E709712C
- trusty:
- sign_key: E709712C
- tricia:
- sign_key: E709712C
- "44":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "42":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- eoan:
- sign_key: A14FE591
- cosmic:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "40":
- bullseye:
- sign_key: A14FE591
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- focal:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "34":
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: A14FE591
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: A14FE591
- serena:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "32":
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- sonya:
- sign_key: 79EA5ED4
- serena:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "30":
- buster:
- sign_key: A14FE591
- jessie:
- sign_key: 79EA5ED4
- stretch:
- sign_key: A14FE591
- wheezy:
- sign_key: 79EA5ED4
- bionic:
- sign_key: A14FE591
- trusty:
- sign_key: 79EA5ED4
- xenial:
- sign_key: E709712C
- "24":
- jessie:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- "22":
- squeeze:
- sign_key: 79EA5ED4
- wheezy:
- sign_key: 79EA5ED4
- precise:
- sign_key: 79EA5ED4
- trusty:
- sign_key: 79EA5ED4
- lucid:
- sign_key: 79EA5ED4
-
-suse:
- "openSUSE Leap":
- "42":
- name: server:monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
- "openSUSE":
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
- "SLES":
- "11":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
- "12":
- name: server_monitoring
- url: http://download.opensuse.org/repositories/server:/monitoring/SLE_12_SP3/