summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/zabbix/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/community/zabbix/roles')
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/README.md5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml6
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml1
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml32
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml16
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md4
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml4
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml35
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml16
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/README.md5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml35
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml11
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml3
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/README.md4
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml6
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml156
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml92
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-mysql.yml155
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-pgsql.yml (renamed from ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml)136
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml32
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml213
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml2
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml17
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml24
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/README.md13
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml12
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml35
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml5
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml11
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml22
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j210
-rw-r--r--ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml3
36 files changed, 385 insertions, 748 deletions
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
index aa73fab3a..fe4a601b3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/README.md
@@ -102,6 +102,7 @@ See the following list of supported Operating systems with the Zabbix releases:
| Debian 11 bullseye | V | V | V |
| Debian 10 buster | V | V | V |
+You can bypass this matrix by setting `enable_version_check: false`
# Getting started
@@ -136,6 +137,8 @@ The following is an overview of all available configuration default for this rol
* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
### SElinux
@@ -337,7 +340,7 @@ Keep in mind that using the Zabbix Agent in a Container requires changes to the
## IPMI variables
-* `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default.
+* `zabbix_agent_ipmi_authtype`: IPMI authentication algorithm. Possible values are -1 (default), 0 (none), 1 (MD2), 2 (MD5), 4 (straight), 5 (OEM), 6 (RMCP+), with -1 being the API default.
* `zabbix_agent_ipmi_password`: IPMI password.
* `zabbix_agent_ipmi_privilege`: IPMI privilege level. Possible values are 1 (callback), 2 (user), 3 (operator), 4 (admin), 5 (OEM), with 2 being the API default.
* `zabbix_agent_ipmi_username`: IPMI username.
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
index dbd5db5db..12424a6da 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/defaults/main.yml
@@ -26,6 +26,9 @@ zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}"
# Selinux related vars
selinux_allow_zabbix_run_sudo: false
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
+
zabbix_agent_install_agent_only: false
zabbix_agent_packages:
- "{{ zabbix_agent_package }}"
@@ -66,6 +69,7 @@ zabbix_repo_yum:
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}"
zabbix_repo_deb_component: main
# Zabbix API stuff
@@ -165,7 +169,7 @@ zabbix_agent_tls_config:
cert: "4"
# IPMI settings
-zabbix_agent_ipmi_authtype: 2
+zabbix_agent_ipmi_authtype: -1
zabbix_agent_ipmi_password:
zabbix_agent_ipmi_privilege: 2
zabbix_agent_ipmi_username:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
index 582006d4e..e95cc9ad7 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/molecule/with-server/prepare.yml
@@ -75,6 +75,7 @@
hosts: docker
tasks:
- name: "Download Docker CE repo file"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: https://download.docker.com/linux/centos/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
index 6ded0ba03..92d56b179 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/Debian.yml
@@ -8,33 +8,6 @@
tags:
- always
-- name: "Debian | Installing lsb-release"
- ansible.builtin.apt:
- pkg: lsb-release
- update_cache: true
- cache_valid_time: 3600
- force: true
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- tags:
- - install
-
-- name: "Debian | Update ansible_lsb fact"
- ansible.builtin.setup:
- gather_subset:
- - lsb
-
-- name: "Debian | Repo URL"
- ansible.builtin.set_fact:
- zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
- when:
- - zabbix_repo_deb_url is undefined
- tags:
- - always
-
- name: "Debian | Installing gnupg"
ansible.builtin.apt:
pkg: gnupg
@@ -65,8 +38,9 @@
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
- url: http://repo.zabbix.com/zabbix-official-repo.key
+ url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
@@ -84,7 +58,7 @@
group: root
mode: 0644
content: |
- Types: deb deb-src
+ Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
index f5f87d18f..c5fd06480 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/main.yml
@@ -12,16 +12,12 @@
tags:
- always
-- name: Set More Variables
- ansible.builtin.set_fact:
- zabbix_valid_version: "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}"
- tags:
- - always
-
-- name: Stopping Install of Invalid Version
- ansible.builtin.fail:
- msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
- when: not zabbix_valid_version
+- name: Check that version is supported
+ when: enable_version_check | default(true) | bool
+ ansible.builtin.assert:
+ that:
+ - "{{ zabbix_agent_version|float in zabbix_valid_agent_versions[ansible_distribution_major_version] }}"
+ fail_msg: Zabbix version {{ zabbix_agent_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
tags:
- always
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
index a80be1736..d61e3899f 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/tasks/userparameter.yml
@@ -7,6 +7,7 @@
notify:
- restart win zabbix agent
with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is not defined
- name: "Windows | Installing user-defined scripts"
ansible.windows.win_copy:
@@ -33,6 +34,7 @@
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is not defined
- name: "Installing user-defined scripts"
ansible.builtin.copy:
@@ -66,6 +68,7 @@
- restart mac zabbix agent
become: true
with_items: "{{ zabbix_agent_userparameters }}"
+ when: item.scripts_dir is not defined
- name: "Installing user-defined scripts"
ansible.builtin.copy:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
index 4a65dfbeb..4a88411f1 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_agent/vars/Debian.yml
@@ -44,5 +44,4 @@ zabbix_valid_agent_versions:
- 6.0
debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
-_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
index 1761c7f8b..47092a6a0 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/README.md
@@ -46,6 +46,8 @@ See the following list of supported Operating systems with the Zabbix releases.
| Debian 11 bullseye | V | V | V |
| Debian 10 buster | V | V | V |
+You can bypass this matrix by setting `enable_version_check: false`
+
# Role Variables
## Main variables
@@ -62,6 +64,8 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v
* `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
### Java Gatewaty
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
index 4356f61a4..d7f659648 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/defaults/main.yml
@@ -25,9 +25,13 @@ zabbix_repo_yum:
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
+zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}"
zabbix_repo_deb_component: main
zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid
zabbix_javagateway_listenip: 0.0.0.0
zabbix_javagateway_listenport: 10052
zabbix_javagateway_startpollers: 5
+
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
index 4c4cff06d..ad762aa3b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/Debian.yml
@@ -5,33 +5,6 @@
tags:
- always
-- name: "Debian | Installing lsb-release"
- ansible.builtin.apt:
- pkg: lsb-release
- update_cache: true
- cache_valid_time: 3600
- force: true
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- tags:
- - install
-
-- name: "Debian | Update ansible_lsb fact"
- ansible.builtin.setup:
- gather_subset:
- - lsb
-
-- name: "Debian | Repo URL"
- ansible.builtin.set_fact:
- zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
- when:
- - zabbix_repo_deb_url is undefined
- tags:
- - always
-
# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default.
# It SHOULD be created with permissions 0755 if it is needed and does not already exist.
# See: https://wiki.debian.org/DebianRepository/UseThirdParty
@@ -46,11 +19,15 @@
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
- url: http://repo.zabbix.com/zabbix-official-repo.key
+ url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
tags:
- install
@@ -62,7 +39,7 @@
group: root
mode: 0644
content: |
- Types: deb deb-src
+ Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
index 6b56d43d3..aeeecbc8f 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/tasks/main.yml
@@ -13,16 +13,12 @@
tags:
- always
-- name: Set More Variables
- ansible.builtin.set_fact:
- zabbix_valid_version: "{{ zabbix_javagateway_version|float in zabbix_valid_javagateway_versions[ansible_distribution_major_version] }}"
- tags:
- - always
-
-- name: Stopping Install of Invalid Version
- ansible.builtin.fail:
- msg: Zabbix version {{ zabbix_javagateway_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
- when: not zabbix_valid_version
+- name: Check that version is supported
+ when: enable_version_check | default(true) | bool
+ ansible.builtin.assert:
+ that:
+ - "{{ zabbix_javagateway_version|float in zabbix_valid_javagateway_versions[ansible_distribution_major_version] }}"
+ fail_msg: Zabbix version {{ zabbix_javagateway_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
tags:
- always
diff --git a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
index 2253f5b7b..7c36d2d3a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_javagateway/vars/Debian.yml
@@ -26,5 +26,4 @@ zabbix_valid_javagateway_versions:
- 6.0
debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
-_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
index baec42155..ee558c8b7 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/README.md
@@ -89,6 +89,8 @@ See the following list of supported Operating systems with the Zabbix releases.
| Debian 11 bullseye | V | V | V |
| Debian 10 buster | V | V | V |
+You can bypass this matrix by setting `enable_version_check: false`
+
# Role Variables
## Main variables
@@ -133,6 +135,9 @@ The following is an overview of all available configuration default for this rol
* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
+
### SElinux
* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
index f46c9c64e..b2b74ebec 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/defaults/main.yml
@@ -41,6 +41,7 @@ zabbix_proxy_version_minor: "*"
# Yum/APT Variables
zabbix_repo_yum_schema: https
zabbix_repo_yum_gpgcheck: 0
+zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}"
zabbix_repo_deb_component: main
zabbix_proxy_disable_repo:
- epel
@@ -61,6 +62,8 @@ zabbix_repo_yum:
state: present
zabbix_proxy_apt_priority:
zabbix_proxy_package_state: present
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
# Proxy Configuration Variables (Only ones with role provided defaults)
zabbix_proxy_allowroot: 0
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
index 8e27e7d27..bef68b27a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/Debian.yml
@@ -7,33 +7,6 @@
tags:
- always
-- name: "Debian | Installing lsb-release"
- ansible.builtin.apt:
- pkg: lsb-release
- update_cache: true
- cache_valid_time: 3600
- force: true
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- tags:
- - install
-
-- name: "Debian | Update ansible_lsb fact"
- ansible.builtin.setup:
- gather_subset:
- - lsb
-
-- name: "Debian | Repo URL"
- ansible.builtin.set_fact:
- zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
- when:
- - zabbix_repo_deb_url is undefined
- tags:
- - always
-
- name: "Debian | Set some facts for Zabbix"
ansible.builtin.set_fact:
datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}
@@ -71,11 +44,15 @@
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
- url: http://repo.zabbix.com/zabbix-official-repo.key
+ url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: are_zabbix_proxy_dependency_packages_installed
until: are_zabbix_proxy_dependency_packages_installed is succeeded
become: true
@@ -89,7 +66,7 @@
group: root
mode: 0644
content: |
- Types: deb deb-src
+ Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
index f564635b1..1e8831c35 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/tasks/main.yml
@@ -15,17 +15,18 @@
- name: Set More Variables
ansible.builtin.set_fact:
zabbix_proxy_db_long: "{{ 'postgresql' if zabbix_proxy_database == 'pgsql' else zabbix_proxy_database }}"
- zabbix_valid_version: "{{ zabbix_proxy_version|float in zabbix_valid_proxy_versions[ansible_distribution_major_version] }}"
zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}"
zabbix_proxy_fpinglocation: "{{ zabbix_proxy_fpinglocation if zabbix_proxy_fpinglocation is defined else _zabbix_proxy_fpinglocation}}"
zabbix_proxy_fping6location: "{{ zabbix_proxy_fping6location if zabbix_proxy_fping6location is defined else _zabbix_proxy_fping6location}}"
tags:
- always
-- name: Stopping Install of Invalid Version
- ansible.builtin.fail:
- msg: Zabbix version {{ zabbix_proxy_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
- when: not zabbix_valid_version
+- name: Check that version is supported
+ when: enable_version_check | default(true) | bool
+ ansible.builtin.assert:
+ that:
+ - "{{ zabbix_proxy_version|float in zabbix_valid_proxy_versions[ ansible_facts['distribution_major_version'] ] }}"
+ fail_msg: Zabbix version {{ zabbix_proxy_version }} is not supported on {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_major_version'] }}
tags:
- always
diff --git a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
index cd9527eb2..1362e557e 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_proxy/vars/Debian.yml
@@ -51,7 +51,6 @@ mysql_plugin:
"10": mysql_native_password
debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
-_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_proxy_fping6location: /usr/bin/fping6
_zabbix_proxy_fpinglocation: /usr/bin/fping
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/README.md b/ansible_collections/community/zabbix/roles/zabbix_server/README.md
index f154f4951..9557281c3 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/README.md
@@ -86,6 +86,8 @@ See the following list of supported Operating systems with the Zabbix releases:
| Debian 11 bullseye | V | V | V |
| Debian 10 buster | | | V |
+You can bypass this matrix by setting `enable_version_check: false`
+
# Installation
Installing this role is very simple: `ansible-galaxy install community.zabbix.zabbix_server`
@@ -109,6 +111,8 @@ The following is an overview of all available configuration default for this rol
* `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
### SElinux
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
index 6aec202dd..933e0339a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/defaults/main.yml
@@ -40,9 +40,8 @@ zabbix_server_version_minor: "*"
zabbix_server_package_state: present
zabbix_repo_yum_gpgcheck: 0
zabbix_repo_yum_schema: https
+zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}"
zabbix_repo_deb_component: main
-zabbix_server_disable_repo:
- - epel
zabbix_repo_yum:
- name: zabbix
description: Zabbix Official Repository - $basearch
@@ -59,8 +58,9 @@ zabbix_repo_yum:
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
state: present
zabbix_server_apt_priority:
-zabbix_server_install_recommends: true
zabbix_server_conf_mode: 0640
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
# Server Configuration Variables (Only ones with role provided defaults)
zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
index ccfe6f121..c7b106614 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/Debian.yml
@@ -3,40 +3,6 @@
ansible.builtin.set_fact:
zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}"
zabbix_underscore_version: "{{ zabbix_server_version | regex_replace('\\.', '_') }}"
- zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}"
- tags:
- - always
-
-- name: "Debian | Installing lsb-release"
- ansible.builtin.apt:
- pkg: lsb-release
- update_cache: true
- cache_valid_time: 3600
- force: true
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- tags:
- - install
-
-- name: "Debian | Update ansible_lsb fact"
- ansible.builtin.setup:
- gather_subset:
- - lsb
-
-- name: "Debian | Repo URL"
- ansible.builtin.set_fact:
- zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
- when:
- - zabbix_repo_deb_url is undefined
- tags:
- - always
-
-- name: "Debian | Set some facts for Zabbix"
- ansible.builtin.set_fact:
- datafiles_path: /usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}
tags:
- always
@@ -70,11 +36,15 @@
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
- url: http://repo.zabbix.com/zabbix-official-repo.key
+ url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_server_repo_files_installed
until: zabbix_server_repo_files_installed is succeeded
become: true
@@ -88,7 +58,7 @@
group: root
mode: 0644
content: |
- Types: deb deb-src
+ Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
@@ -124,117 +94,3 @@
become: true
tags:
- install
-
-# On certain 18.04 images, such as docker or lxc, dpkg is configured not to
-# install files into paths /usr/share/doc/*
-# Since this is where Zabbix installs its database schemas, we need to allow
-# files to be installed to /usr/share/doc/zabbix*
-- name: "Debian | Check for the dpkg exclude line"
- ansible.builtin.command: grep -F 'path-exclude=/usr/share/doc/*' /etc/dpkg/dpkg.cfg.d/excludes
- register: dpkg_exclude_line
- failed_when: false
- changed_when: false
- check_mode: false
- become: true
- tags:
- - install
-
-- name: "Debian | Allow Zabbix dpkg installs to /usr/share/doc/zabbix*"
- ansible.builtin.lineinfile:
- path: /etc/dpkg/dpkg.cfg.d/excludes
- line: "path-include=/usr/share/doc/zabbix*"
- become: true
- when:
- - dpkg_exclude_line.rc == 0
- tags:
- - install
-
-- name: "Debian | Installing zabbix-server-{{ zabbix_server_database }}"
- ansible.builtin.apt:
- pkg: zabbix-server-{{ zabbix_server_database }}
- state: "{{ zabbix_server_package_state }}"
- update_cache: true
- cache_valid_time: 0
- install_recommends: "{{ zabbix_server_install_recommends }}"
- default_release: "{{ ansible_distribution_release }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_package_installed
- until: zabbix_server_package_installed is succeeded
- become: true
- tags:
- - install
-
-- name: "Debian | Installing zabbix-sql-scripts"
- ansible.builtin.apt:
- pkg: zabbix-sql-scripts
- state: "{{ zabbix_server_package_state }}"
- update_cache: true
- cache_valid_time: 0
- install_recommends: "{{ zabbix_server_install_recommends }}"
- default_release: "{{ ansible_distribution_release }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_package_sql_installed
- until: zabbix_server_package_sql_installed is succeeded
- when:
- - zabbix_server_version is version('5.4', '>=')
- become: true
- tags:
- - install
-
-- name: "Debian | Install Database Client Package"
- block:
- - name: "Debian | Install Mysql Client package"
- ansible.builtin.apt:
- name:
- - default-mysql-client
- - "{{ zabbix_python_prefix }}-mysqldb"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - ansible_distribution_release != "buster"
-
- - name: "Debian 10 | Install Mysql Client package"
- ansible.builtin.apt:
- name:
- - mariadb-client
- - "{{ zabbix_python_prefix }}-mysqldb"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
- - ansible_distribution_release == "buster"
-
- - name: "Debian | Install PostgreSQL Client package"
- ansible.builtin.apt:
- name:
- - postgresql-client
- - "{{ zabbix_python_prefix }}-psycopg2"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'pgsql'
- when: zabbix_server_install_database_client
- tags:
- - install
- - database
- - dependencies
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
index fefd7e86c..77fb7cd8a 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/RedHat.yml
@@ -7,18 +7,6 @@
tags:
- always
-- name: "RedHat | Use Zabbix package name"
- ansible.builtin.set_fact:
- zabbix_server_package: "zabbix-server-{{ zabbix_server_database }}"
- tags:
- - always
-
-- name: "RedHat | Set facts for Zabbix"
- ansible.builtin.set_fact:
- datafiles_path: "/usr/share/zabbix-sql-scripts/{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
- tags:
- - always
-
- name: "RedHat | Make sure old file is absent"
ansible.builtin.file:
path: /etc/yum.repos.d/zabbix-supported.repo
@@ -46,86 +34,6 @@
tags:
- install
-- name: "RedHat | Installing zabbix-server-{{ zabbix_server_database }}"
- ansible.builtin.package:
- pkg: "{{ zabbix_server_package }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
- state: "{{ zabbix_server_package_state }}"
- disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_package_installed
- until: zabbix_server_package_installed is succeeded
- become: true
- tags:
- - install
-
-- name: "RedHat | Installing zabbix-sql-scripts"
- ansible.builtin.package:
- pkg: "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
- state: "{{ zabbix_server_package_state }}"
- disablerepo: "{{ zabbix_server_disable_repo | default(omit) }}"
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_sql_package_installed
- until: zabbix_server_sql_package_installed is succeeded
- when:
- - zabbix_server_version is version('6.0', '>=')
- become: true
- tags:
- - install
-
-- name: "RedHat | Install Ansible module dependencies"
- ansible.builtin.yum:
- name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database_creation
- - zabbix_server_database == 'pgsql'
- tags:
- - install
- - dependencies
-
-- name: RedHat | Install Database Client Package
- block:
- - name: "RedHat | Install Mysql Client packages"
- ansible.builtin.yum:
- name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}"
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'mysql'
-
- - name: "RedHat | Install PostgreSQL client package"
- ansible.builtin.yum:
- name: postgresql
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- register: zabbix_server_dependencies_installed
- until: zabbix_server_dependencies_installed is succeeded
- become: true
- when:
- - zabbix_server_database == 'pgsql'
- when: zabbix_server_install_database_client
- tags:
- - install
- - dependencies
- - database
-
- name: "RedHat | Configure SELinux when enabled"
ansible.builtin.include_tasks: selinux.yml
when:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-mysql.yml
new file mode 100644
index 000000000..c3fd67c6d
--- /dev/null
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-mysql.yml
@@ -0,0 +1,155 @@
+---
+# task file for mysql
+- name: "Install MySQL dependencies"
+ ansible.builtin.package:
+ name: "{{ _zabbix_server_mysql_dependencies | select | list }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: _zabbix_server_dependencies_installed
+ until: _zabbix_server_dependencies_installed is succeeded
+ become: true
+ tags:
+ - install
+ - database
+ - dependencies
+
+# NOTE: Upgrading system-packages with pip is generally a bad idea, but
+# ubuntu-18.04 comes with pymysql==0.8.0, which seems to have a problem with
+# versions 8 and above of mysql.
+- name: Upgrade pymysql
+ when:
+ - ansible_facts['distribution'] == 'Ubuntu'
+ - ansible_facts['distribution_release'] == 'bionic'
+ ansible.builtin.pip:
+ name: "pymysql>=0.10.0,<0.11.0"
+ state: latest
+
+- name: "MySQL Database prep"
+ when: zabbix_server_database_creation
+ delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}"
+ vars:
+ delegated_dbhost: "{{ (zabbix_server_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_server_dbhost) }}"
+ tags:
+ - database
+ block:
+ - name: "MySQL | Create database"
+ community.mysql.mysql_db:
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+ name: "{{ zabbix_server_dbname }}"
+ encoding: "{{ zabbix_server_dbencoding }}"
+ collation: "{{ zabbix_server_dbcollation }}"
+ state: present
+ register: zabbix_database_created
+
+ - name: "MySQL | Create database user"
+ community.mysql.mysql_user:
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+ name: "{{ zabbix_server_dbuser }}"
+ password: "{{ zabbix_server_dbpassword }}"
+ host: "{{ zabbix_server_privileged_host }}"
+ plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}"
+ priv: "{{ zabbix_server_dbname }}.*:ALL"
+ state: present
+
+- name: "MySQL verify or create schema"
+ when: zabbix_server_database_sqlload | bool
+ vars:
+ delegated_dbhost: "{{ (zabbix_server_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_server_dbhost) }}"
+ tags:
+ - database
+ block:
+ # If this check fails, then there's no dbversion table in the database,
+ # hence it has not been populated, and we'll create it, below.
+ # Otherwise, the module will succees and we could
+ # access the database version, for example 5000000 for Zabbix 5.0.
+ - name: "MySQL | Get current database version"
+ community.mysql.mysql_query:
+ login_user: "{{ zabbix_server_dbuser }}"
+ login_password: "{{ zabbix_server_dbpassword }}"
+ login_host: "{{ zabbix_server_dbhost }}"
+ login_port: "{{ zabbix_server_dbport }}"
+ login_db: "{{ zabbix_server_dbname }}"
+ query: 'SELECT mandatory FROM dbversion'
+ rescue:
+ - name: "MySQL | Get and set schema import overrides"
+ delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}"
+ block:
+ - name: "MySQL | Get current value for variables"
+ community.mysql.mysql_variables:
+ variable: "{{ name }}"
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+ loop:
+ - innodb_default_row_format
+ - log_bin_trust_function_creators
+ loop_control:
+ loop_var: name
+ register: _mysql_variable_defaults
+
+ - name: "MySQL | Set variable overrides for schema import"
+ community.mysql.mysql_variables:
+ variable: "{{ item.name }}"
+ value: "{{ _mysql_schema_import_overrides[item.name] }}"
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+ when: item.msg != _mysql_schema_import_overrides[item.name]
+ loop: "{{ _mysql_variable_defaults.results }}"
+ loop_control:
+ label: "{{ item.name }}: {{ _mysql_schema_import_overrides[item.name] }}"
+ vars:
+ _mysql_schema_import_overrides:
+ innodb_default_row_format: "dynamic"
+ log_bin_trust_function_creators: "ON"
+
+ - name: "MySQL | Disable InnoDB Strict Mode"
+ when: ansible_facts['distribution_release'] == "buster"
+ community.mysql.mysql_variables:
+ variable: innodb_strict_mode
+ value: 0
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+
+ - name: "MySQL | Import schema"
+ community.mysql.mysql_db:
+ login_user: "{{ zabbix_server_dbuser }}"
+ login_password: "{{ zabbix_server_dbpassword }}"
+ login_host: "{{ zabbix_server_dbhost }}"
+ login_port: "{{ zabbix_server_dbport }}"
+ name: "{{ zabbix_server_dbname }}"
+ encoding: "{{ zabbix_server_dbencoding }}"
+ collation: "{{ zabbix_server_dbcollation }}"
+ state: import
+ target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
+
+ always:
+ - name: "MySQL | Revert variable overrides for schema import"
+ delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}"
+ community.mysql.mysql_variables:
+ variable: "{{ item.name }}"
+ value: "{{ item.msg }}"
+ login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
+ login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
+ login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
+ login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
+ loop: "{{ _mysql_variable_defaults.results | default([]) }}"
+ loop_control:
+ label: "{{ item.name }}: {{ item.msg }}"
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-pgsql.yml
index 5177a55be..65bd0beec 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/postgresql.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/initialize-pgsql.yml
@@ -1,126 +1,92 @@
---
# task file for postgresql
-
-- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- ansible.builtin.set_fact:
- delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}"
- when:
- - zabbix_server_dbhost_run_install
- tags:
- - database
-
-- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
- ansible.builtin.set_fact:
- delegated_dbhost: "{{ inventory_hostname }}"
- when:
- - not zabbix_server_dbhost_run_install
+- name: "Install PostgreSQL dependencies"
+ ansible.builtin.package:
+ name: "{{ _zabbix_server_pgsql_dependencies | select | list }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: _zabbix_server_dependencies_installed
+ until: _zabbix_server_dependencies_installed is succeeded
+ become: true
tags:
+ - install
- database
+ - dependencies
-- name: "PostgreSQL | Delegated"
- block:
- - name: "PostgreSQL | Delegated | Create database"
- community.postgresql.postgresql_db:
- name: "{{ zabbix_server_dbname }}"
- port: "{{ zabbix_server_dbport }}"
- state: present
-
- - name: "PostgreSQL | Delegated | Create database user"
- community.postgresql.postgresql_user:
- db: "{{ zabbix_server_dbname }}"
- name: "{{ zabbix_server_dbuser }}"
- password: "{{ ('md5' + (zabbix_server_dbpassword + zabbix_server_dbuser)|hash('md5')) if zabbix_server_dbpassword_hash_method == 'md5' else zabbix_server_dbpassword }}"
- port: "{{ zabbix_server_dbport }}"
- priv: ALL
- state: present
- encrypted: true
-
- - name: "PostgreSQL | Delegated | Create timescaledb extension"
- community.postgresql.postgresql_ext:
- db: "{{ zabbix_server_dbname }}"
- name: timescaledb
- when: zabbix_server_database_timescaledb
- become: true
+- name: "PostgreSQL Database prep"
+ when: zabbix_server_database_creation
+ become: "{{ zabbix_server_dbhost_run_install }}"
become_user: postgres
- delegate_to: "{{ delegated_dbhost }}"
- when:
- - zabbix_server_database_creation
- - zabbix_server_pgsql_login_host is not defined
+ delegate_to: "{{ zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname) }}"
+ vars:
+ delegated_dbhost: "{{ (zabbix_server_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_server_dbhost) }}"
tags:
- database
-
-- name: "PostgreSQL | Remote"
block:
- - name: "PostgreSQL | Remote | Create database"
+ - name: "PostgreSQL | Create database"
community.postgresql.postgresql_db:
- login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
login_user: "{{ zabbix_server_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_pgsql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
+ port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbname }}"
- port: "{{ zabbix_server_dbport }}"
state: present
- - name: "PostgreSQL | Remote | Create database user"
+ - name: "PostgreSQL | Create database user"
community.postgresql.postgresql_user:
- login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
login_user: "{{ zabbix_server_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_pgsql_login_password | default(omit) }}"
- db: "{{ zabbix_server_dbname }}"
+ login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
+ port: "{{ zabbix_server_dbport }}"
+ login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbuser }}"
password: "{{ ('md5' + (zabbix_server_dbpassword + zabbix_server_dbuser)|hash('md5')) if zabbix_server_dbpassword_hash_method == 'md5' else zabbix_server_dbpassword }}"
- port: "{{ zabbix_server_dbport }}"
+ db: "{{ zabbix_server_dbname }}"
priv: ALL
state: present
encrypted: true
- - name: "PostgreSQL | Remote | Create timescaledb extension"
+ - name: "PostgreSQL | Create timescaledb extension"
+ when: zabbix_server_database_timescaledb
community.postgresql.postgresql_ext:
- login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
login_user: "{{ zabbix_server_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_pgsql_login_password | default(omit) }}"
+ login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
+ port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
db: "{{ zabbix_server_dbname }}"
name: timescaledb
- when: zabbix_server_database_timescaledb
- when:
- - zabbix_server_database_creation
- - zabbix_server_pgsql_login_host is defined
- tags:
- - database
-- name: "PostgreSQL | Create schema"
- ansible.builtin.shell: |
- set -euxo pipefail
- FILE={{ 'create.sql' if zabbix_server_version is version('6.0', '<') else 'server.sql' }}
- cd {{ datafiles_path }}
- if [ -f ${FILE}.gz ]
- then zcat ${FILE}.gz > /tmp/create.sql
- else
- cp ${FILE} /tmp/create.sql
- fi
- cat /tmp/create.sql | psql -h '{{ zabbix_server_dbhost }}' \
- -U '{{ zabbix_server_dbuser }}' \
- -d '{{ zabbix_server_dbname }}' \
- -p '{{ zabbix_server_dbport }}'
- touch /etc/zabbix/schema.done
- rm -f /tmp/create.sql
- args:
- creates: /etc/zabbix/schema.done
- executable: /bin/bash
- warn: "{{ produce_warn | default(omit) }}"
- environment:
- PGPASSWORD: "{{ zabbix_server_dbpassword }}"
- become: true
- when:
- - zabbix_server_database_sqlload
+- name: "PostgreSQL verify or create schema"
+ when: zabbix_server_database_sqlload
tags:
- database
+ block:
+ - name: "PostgreSQL | Get current database version"
+ community.postgresql.postgresql_query:
+ login_user: "{{ zabbix_server_dbuser }}"
+ login_password: "{{ zabbix_server_dbpassword }}"
+ login_host: "{{ zabbix_server_dbhost }}"
+ port: "{{ zabbix_server_dbport }}"
+ db: "{{ zabbix_server_dbname }}"
+ query: 'SELECT mandatory FROM dbversion'
+ rescue:
+ - name: "PostgreSQL | Import schema"
+ community.postgresql.postgresql_db:
+ login_user: "{{ zabbix_server_dbuser }}"
+ login_password: "{{ zabbix_server_dbpassword }}"
+ login_host: "{{ zabbix_server_dbhost }}"
+ port: "{{ zabbix_server_dbport }}"
+ db: "{{ zabbix_server_dbname }}"
+ state: restore
+ target: /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz
- name: "PostgreSQL | Create TimescaleDB hypertables"
ansible.builtin.shell: |
set -euxo pipefail
- cd {{ datafiles_path }} &&
+ cd /usr/share/zabbix-sql-scripts/postgresql &&
if [ -f timescaledb.sql.gz ]; then zcat timescaledb.sql.gz > /etc/timescaledb.sql ; else cp -p timescaledb.sql /etc/timescaledb.sql ; fi
cat /etc/timescaledb.sql | psql -h '{{ zabbix_server_dbhost }}' \
-U '{{ zabbix_server_dbuser }}' \
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
index 62674a7ff..356403e0b 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/main.yml
@@ -13,25 +13,41 @@
- name: Set More Variables
ansible.builtin.set_fact:
- zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
- zabbix_valid_version: "{{ zabbix_server_version|float in zabbix_valid_server_versions[ansible_distribution_major_version] }}"
zabbix_server_fpinglocation: "{{ zabbix_server_fpinglocation if zabbix_server_fpinglocation is defined else _zabbix_server_fpinglocation}}"
zabbix_server_fping6location: "{{ zabbix_server_fping6location if zabbix_server_fping6location is defined else _zabbix_server_fping6location}}"
tags:
- always
-- name: Stopping Install of Invalid Version
- ansible.builtin.fail:
- msg: Zabbix version {{ zabbix_server_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
- when: not zabbix_valid_version
+- name: Check that version is supported
+ when: enable_version_check | default(true) | bool
+ ansible.builtin.assert:
+ that:
+ - "{{ zabbix_server_version|float in zabbix_valid_server_versions[ ansible_facts['distribution_major_version'] ] }}"
+ fail_msg: Zabbix version {{ zabbix_server_version }} is not supported on {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_major_version'] }}
tags:
- always
- name: Install the correct repository
ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
-- name: Installing the {{ zabbix_db_type_long }} database
- ansible.builtin.include_tasks: "{{ zabbix_db_type_long }}.yml"
+- name: Install zabbix-server packages
+ ansible.builtin.package:
+ name: "{{ _zabbix_server_packages }}"
+ state: "{{ zabbix_server_package_state }}"
+ update_cache: true
+ disablerepo: "{{ zabbix_server_disable_repo | default(_zabbix_server_disable_repo | default(omit)) }}"
+ install_recommends: "{{ zabbix_server_install_recommends | default(_zabbix_server_install_recommends | default(omit)) }}"
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
+ register: _zabbix_server_package_installed
+ until: _zabbix_server_package_installed is succeeded
+ become: true
+ tags:
+ - install
+
+- name: "Initialize the database"
+ ansible.builtin.include_tasks: "initialize-{{ zabbix_server_database }}.yml"
- name: "Configure zabbix-server"
ansible.builtin.template:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml
deleted file mode 100644
index aad009816..000000000
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/mysql.yml
+++ /dev/null
@@ -1,213 +0,0 @@
----
-# task file for mysql
-
-- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- ansible.builtin.set_fact:
- delegated_dbhost: "{{ zabbix_server_dbhost if (zabbix_server_dbhost != 'localhost') else inventory_hostname }}"
- when:
- - zabbix_server_dbhost_run_install
- tags:
- - database
-
-- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
- ansible.builtin.set_fact:
- delegated_dbhost: "{{ inventory_hostname }}"
- when:
- - not zabbix_server_dbhost_run_install
- tags:
- - database
-
-- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer"
- ansible.builtin.set_fact:
- delegated_dbhost: "{{ zabbix_server_real_dbhost }}"
- when: zabbix_server_real_dbhost | default(false)
- tags:
- - database
-
-- name: "MySQL | Create database"
- community.mysql.mysql_db:
- name: "{{ zabbix_server_dbname }}"
- encoding: "{{ zabbix_server_dbencoding }}"
- collation: "{{ zabbix_server_dbcollation }}"
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- state: present
- when: zabbix_server_database_creation
- register: zabbix_database_created
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
- - skip_ansible_lint
-
-- name: "MySQL | Create database user"
- community.mysql.mysql_user:
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- name: "{{ zabbix_server_dbuser }}"
- password: "{{ zabbix_server_dbpassword }}"
- plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}"
- priv: "{{ zabbix_server_dbname }}.*:ALL"
- host: "{{ zabbix_server_privileged_host }}"
- state: present
- when: zabbix_server_database_creation
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
-
-- name: "MySQL | Get the file for create.sql"
- ansible.builtin.shell: ls -1 {{ datafiles_path }}/{{ 'create' if zabbix_server_version is version('6.0', '<') else 'server' }}.sq*
- changed_when: false
- become: true
- when:
- - zabbix_server_database_sqlload | bool
- register: ls_output_create
- tags:
- - database
-
-- name: MySQL | Get current database version
- ansible.builtin.shell: |
- mysql -h {{ zabbix_server_dbhost }} -u{{ zabbix_server_dbuser }} \
- -p'{{ zabbix_server_dbpassword }}' -D '{{ zabbix_server_dbname }}' \
- -e 'SELECT mandatory FROM dbversion;'
- register: mysql_db_version
- become: true
- changed_when: false
- ignore_errors: true
- tags:
- - database
-
-# If the above check failed, then there was no dbversion table in the database.
-# We'll create it, below. Otherwise, we can access the database version in
-# `mysql_db_version["stdout_lines"][1]`, for example 5000000 for Zabbix 5.0.
-- name: MySQL | Check if database needs to be populated
- ansible.builtin.set_fact:
- mysql_schema_empty: "{{ mysql_db_version is failed }}"
-
-- name: "MySQL | Get current value for innodb_default_row_format"
- community.mysql.mysql_variables:
- variable: innodb_default_row_format
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- delegate_to: "{{ delegated_dbhost }}"
- register: mysql_innodb_default_row_format
- tags:
- - database
-
-- name: "MySQL | Set innodb_default_row_format to dynamic"
- community.mysql.mysql_variables:
- variable: innodb_default_row_format
- value: dynamic
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- when:
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- - mysql_innodb_default_row_format.msg != 'dynamic'
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
-
-- name: "MySQL | Disable InnoDB Strict Mode"
- community.mysql.mysql_variables:
- variable: innodb_strict_mode
- value: 0
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- when:
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- - ansible_distribution_release == "buster"
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
-
-- name: "MySQL | Fetch sql create file"
- fetch:
- src: "{{ ls_output_create.stdout }}"
- dest: /tmp/{{ role_name }}/
- flat: true
- become: true
- when:
- - delegated_dbhost != inventory_hostname
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- tags:
- - database
-
-- name: "MySQL | Copy sql create file"
- ansible.builtin.copy:
- src: /tmp/{{ role_name }}/
- dest: "{{ ls_output_create.stdout | dirname }}"
- mode: "0640"
- delegate_to: "{{ delegated_dbhost }}"
- become: true
- when:
- - delegated_dbhost != inventory_hostname
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- tags:
- - database
-
-- name: "MySQL | Create database and import file"
- community.mysql.mysql_db:
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_dbuser if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_user }}"
- login_password: "{{ zabbix_server_dbpassword if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else zabbix_server_mysql_login_password }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- name: "{{ zabbix_server_dbname }}"
- encoding: "{{ zabbix_server_dbencoding }}"
- collation: "{{ zabbix_server_dbcollation }}"
- state: import
- target: "{{ ls_output_create.stdout }}"
- use_shell: "{{ true if zabbix_server_version is version('5.0', '==') else false }}"
- when:
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
-
-- name: "MySQL | Revert innodb_default_row_format to previous value"
- community.mysql.mysql_variables:
- variable: innodb_default_row_format
- value: "{{ mysql_innodb_default_row_format.msg }}"
- login_host: "{{ zabbix_server_mysql_login_host | default(omit) }}"
- login_user: "{{ zabbix_server_mysql_login_user | default(omit) }}"
- login_password: "{{ zabbix_server_mysql_login_password | default(omit) }}"
- login_port: "{{ zabbix_server_mysql_login_port | default(omit) }}"
- login_unix_socket: "{{ zabbix_server_mysql_login_unix_socket | default(omit) }}"
- when:
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- - mysql_innodb_default_row_format.msg != 'dynamic'
- delegate_to: "{{ delegated_dbhost }}"
- tags:
- - database
-
-- name: "MySQL | Check if we have sql_done files"
- ansible.builtin.file:
- path: /etc/zabbix/create.done
- state: touch
- mode: "0644"
- become: true
- when:
- - zabbix_server_database_sqlload | bool
- - mysql_schema_empty
- tags:
- - database
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
index fe203aed1..cd13dbbfd 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/tasks/selinux.yml
@@ -126,6 +126,6 @@
cmd: files/install_semodule.bsx
args:
creates: /etc/selinux/targeted/active/modules/400/zabbix_server_add/cil
- become: true
+ become: true
tags:
- config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
index 4074869e6..75f3751c2 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/Debian.yml
@@ -29,7 +29,20 @@ zabbix_valid_server_versions:
- 6.0
debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
-_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
+
+_zabbix_server_pgsql_dependencies:
+ - "{{ zabbix_server_install_database_client | ternary('postgresql-client', '') }}"
+ - python3-psycopg2
+
+_zabbix_server_mysql_dependencies:
+ - "{{ zabbix_server_install_database_client | ternary('default-mysql-client', '') }}"
+ - python3-pymysql
+
_zabbix_server_fping6location: /usr/bin/fping6
_zabbix_server_fpinglocation: /usr/bin/fping
+
+_zabbix_server_packages:
+ - "zabbix-server-{{ zabbix_server_database }}"
+ - "zabbix-sql-scripts"
+_zabbix_server_install_recommends: true
diff --git a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
index c2e0f14f3..fb20631f8 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_server/vars/RedHat.yml
@@ -18,19 +18,19 @@ zabbix_valid_server_versions:
- 6.2
- 6.0
-pgsql_depenencies:
- "9":
- - python3-psycopg2
- "8":
- - python3-psycopg2
+_zabbix_server_pgsql_dependencies:
+ - "{{ zabbix_server_install_database_client | ternary('postgresql', '') }}"
+ - python3-psycopg2
-mysql_client_pkgs:
- "9":
- - mysql
- - python3-PyMySQL
- "8":
- - mysql
- - python3-PyMySQL
+_zabbix_server_mysql_dependencies:
+ - "{{ zabbix_server_install_database_client | ternary('mysql', '') }}"
+ - python3-PyMySQL
_zabbix_server_fping6location: /usr/sbin/fping6
_zabbix_server_fpinglocation: /usr/sbin/fping
+
+_zabbix_server_packages:
+ - "zabbix-server-{{ zabbix_server_database }}-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
+ - "zabbix-sql-scripts-{{ zabbix_server_version }}.{{ zabbix_server_version_minor }}"
+_zabbix_server_disable_repo:
+ - epel
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/README.md b/ansible_collections/community/zabbix/roles/zabbix_web/README.md
index 5904f8288..aac6f9dc2 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/README.md
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/README.md
@@ -16,6 +16,7 @@
- [Apache configuration](#apache-configuration)
- [Nginx configuration](#nginx-configuration)
- [PHP-FPM](#php-fpm)
+ - [SElinux](#selinux)
- [Zabbix Server](#zabbix-server)
* [proxy](#proxy)
- [Example Playbook](#example-playbook)
@@ -65,6 +66,8 @@ See the following list of supported Operating Systems with the Zabbix releases.
| Debian 11 bullseye | V | V | V |
| Debian 10 buster | | | V |
+You can bypass this matrix by setting `enable_version_check: false`
+
# Installation
Installing this role is very simple: `ansible-galaxy install community.zabbix.zabbix_web`
@@ -94,6 +97,8 @@ The following is an overview of all available configuration defaults for this ro
* `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
+* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
+* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.
### Zabbix Web specific
@@ -116,7 +121,6 @@ The following is an overview of all available configuration defaults for this ro
* `zabbix_web_vhost_port`: The port on which Zabbix HTTP vhost is running.
* `zabbix_web_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running.
* `zabbix_web_vhost_listen_ip`: On which interface the Apache Virtual Host is available.
-* `zabbix_apache_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP.
* `zabbix_web_max_execution_time`: PHP max execution time
* `zabbix_web_memory_limit`: PHP memory limit
* `zabbix_web_post_max_size`: PHP maximum post size
@@ -151,6 +155,13 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config
* `zabbix_php_fpm_conf_group`: The group of the owner of the socket file (When `zabbix_php_fpm_listen` contains a patch to a socket file).
+### SElinux
+
+* `zabbix_web_selinux`: Default: `False`. Enables an SELinux policy so that the web will run.
+* `selinux_allow_httpd_can_connect_zabbix`: Default: `false`. Set SELinux boolean to allow httpd to connect to zabbix.
+* `selinux_allow_httpd_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP.
+* `selinux_allow_httpd_can_network_connect_db`: Default: `false` Set SELinux boolean to allow httpd to connect databases over the network.
+
### Zabbix Server
* `zabbix_server_name`: The name of the Zabbix Server.
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
index f37bb07da..53744bab9 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/defaults/main.yml
@@ -53,6 +53,7 @@ zabbix_web_apt_priority:
zabbix_web_version_minor: "*"
zabbix_repo_yum_gpgcheck: 0
zabbix_repo_yum_schema: https
+zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}"
zabbix_repo_deb_component: main
zabbix_web_disable_repo:
- epel
@@ -86,9 +87,14 @@ zabbix_server_history_types:
- "uint"
- "dbl"
-zabbix_selinux: false
-# selinux_allow_zabbix_can_network: false
-# zabbix_apache_can_connect_ldap: false
+# SELinux specific
+zabbix_web_selinux: false
+selinux_allow_httpd_can_connect_ldap: false
+selinux_allow_httpd_can_network_connect_db: false
+selinux_allow_httpd_can_connect_zabbix: false
+
+zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
+zabbix_repo_deb_include_deb_src: true
# SAML certificates
# zabbix_saml_idp_crt:
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
index ae1c7de26..d3c12fdac 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/Debian.yml
@@ -13,33 +13,6 @@
tags:
- always
-- name: "Debian | Update ansible_lsb fact"
- ansible.builtin.setup:
- gather_subset:
- - lsb
-
-- name: "Debian | Installing lsb-release"
- ansible.builtin.apt:
- pkg: lsb-release
- update_cache: true
- cache_valid_time: 3600
- force: true
- state: present
- environment:
- http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
- https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
- become: true
- tags:
- - install
-
-- name: "Debian | Repo URL"
- ansible.builtin.set_fact:
- zabbix_repo_deb_url: "{{ _zabbix_repo_deb_url }}/{{ ansible_lsb.id.lower() }}{{ '-arm64' if ansible_machine == 'aarch64' and ansible_lsb.id == 'debian' else ''}}"
- when:
- - zabbix_repo_deb_url is undefined
- tags:
- - always
-
- name: "Debian | Install PHP Dependencies"
ansible.builtin.apt:
pkg: "{{ zabbix_web_php_dependencies }}"
@@ -88,11 +61,15 @@
(ansible_distribution == "Debian" and ansible_distribution_major_version < "12")
- name: "Debian | Download gpg key"
+ when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
- url: http://repo.zabbix.com/zabbix-official-repo.key
+ url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
+ environment:
+ http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
+ https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
tags:
- install
@@ -104,7 +81,7 @@
group: root
mode: 0644
content: |
- Types: deb deb-src
+ Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
index 30871017e..8dfb2e113 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/RedHat.yml
@@ -57,3 +57,8 @@
- ansible_distribution_major_version == '9'
tags:
- install
+
+- name: "Configure SELinux when enabled"
+ ansible.builtin.include_tasks: selinux.yml
+ when:
+ - zabbix_web_selinux | bool
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
index b82d8486b..54a313a1c 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/main.yml
@@ -13,15 +13,16 @@
- name: Set More Variables
ansible.builtin.set_fact:
- zabbix_valid_version: "{{ zabbix_web_version|float in zabbix_valid_web_versions[ansible_distribution_major_version] }}"
zabbix_db_type_long: "{{ 'postgresql' if zabbix_server_database == 'pgsql' else 'mysql' }}"
tags:
- always
-- name: Stopping Install of Invalid Version
- ansible.builtin.fail:
- msg: Zabbix version {{ zabbix_web_version }} is not supported on {{ ansible_distribution }} {{ ansible_distribution_major_version }}
- when: not zabbix_valid_version
+- name: Check that version is supported
+ when: enable_version_check | default(true) | bool
+ ansible.builtin.assert:
+ that:
+ - "{{ zabbix_web_version|float in zabbix_valid_web_versions[ ansible_facts['distribution_major_version'] ] }}"
+ fail_msg: Zabbix version {{ zabbix_web_version }} is not supported on {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_major_version'] }}
tags:
- always
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
index 56e2ae05e..df5d388db 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/tasks/selinux.yml
@@ -12,7 +12,7 @@
become: true
when:
- ansible_os_family == "RedHat"
- - selinux_allow_zabbix_can_network
+ - ansible_selinux.status == "enabled"
- ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
tags:
- install
@@ -30,23 +30,11 @@
become: true
when:
- ansible_os_family == "RedHat"
- - selinux_allow_zabbix_can_network
+ - ansible_selinux.status == "enabled"
- ansible_distribution_major_version|int >= 8
tags:
- install
-- name: "SELinux | RedHat | Enable zabbix_can_network SELinux boolean"
- ansible.posix.seboolean:
- name: zabbix_can_network
- state: true
- persistent: true
- become: true
- when:
- - ansible_os_family == "RedHat"
- - selinux_allow_zabbix_can_network
- tags:
- - config
-
- name: "SELinux | Allow httpd to connect to db (SELinux)"
ansible.posix.seboolean:
name: httpd_can_network_connect_db
@@ -55,7 +43,7 @@
become: true
when:
- ansible_selinux.status == "enabled"
- - selinux_allow_zabbix_can_network
+ - selinux_allow_httpd_can_network_connect_db | bool
tags:
- config
@@ -67,7 +55,7 @@
become: true
when:
- ansible_selinux.status == "enabled"
- - selinux_allow_zabbix_can_network
+ - selinux_allow_httpd_can_connect_zabbix | bool
tags:
- config
@@ -79,6 +67,6 @@
become: true
when:
- ansible_selinux.status == "enabled"
- - zabbix_apache_can_connect_ldap | bool
+ - selinux_allow_httpd_can_connect_ldap | bool
tags:
- config
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2 b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
index 7854b83ce..c04a0712c 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/templates/nginx_vhost.conf.j2
@@ -20,7 +20,7 @@ server {
try_files $uri $uri/ =404;
}
- location /assets {
+ location /assets/ {
access_log off;
expires 10d;
}
@@ -70,9 +70,9 @@ server {
ssl_certificate {{ zabbix_web_tls_crt }};
ssl_certificate_key {{ zabbix_web_tls_key }};
- {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}ssl_ciphers {{ zabbix_web_ssl_cipher_suite | default('') }}
- {{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}ssl_session_cache {{ zabbix_web_SSLSessionCache | default('') }}
- {{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}ssl_session_timeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }}
+ {{ (zabbix_web_ssl_cipher_suite is defined and zabbix_web_ssl_cipher_suite is not none) | ternary('', '# ') }}ssl_ciphers {{ zabbix_web_ssl_cipher_suite | default('') }};
+ {{ (zabbix_web_SSLSessionCache is defined and zabbix_web_SSLSessionCache is not none) | ternary('', '# ') }}ssl_session_cache {{ zabbix_web_SSLSessionCache | default('') }};
+ {{ (zabbix_web_SSLSessionCacheTimeout is defined and zabbix_web_SSLSessionCacheTimeout is not none) | ternary('', '# ') }}ssl_session_timeout {{ zabbix_web_SSLSessionCacheTimeout | default('') }};
root /usr/share/zabbix;
index index.php;
@@ -85,7 +85,7 @@ server {
try_files $uri $uri/ =404;
}
- location /assets {
+ location /assets/ {
access_log off;
expires 10d;
}
diff --git a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
index 7b60c70bd..f49b27155 100644
--- a/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
+++ b/ansible_collections/community/zabbix/roles/zabbix_web/vars/Debian.yml
@@ -47,5 +47,4 @@ zabbix_valid_web_versions:
- 6.0
debian_keyring_path: /etc/apt/keyrings/
-zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
-_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}"
+zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"