From 96e540b0685a034d905b9c956f4c3cedb9f239a9 Mon Sep 17 00:00:00 2001 From: Werner Dijkerman Date: Sat, 23 May 2020 16:26:08 +0200 Subject: [PATCH] Added Proxy role --- roles/zabbix-proxy/CHANGELOG.md | 105 ++++ roles/zabbix-proxy/CODE_OF_CONDUCT.md | 3 + roles/zabbix-proxy/CONTRIBUTING.md | 88 +++ roles/zabbix-proxy/LICENSE | 21 + roles/zabbix-proxy/PULL_REQUEST_TEMPLATE.md | 12 + roles/zabbix-proxy/README.md | 257 +++++++++ roles/zabbix-proxy/defaults/main.yml | 140 +++++ roles/zabbix-proxy/files/install_semodule.bsx | Bin 0 -> 1102 bytes roles/zabbix-proxy/handlers/main.yml | 10 + roles/zabbix-proxy/meta/main.yml | 27 + .../molecule/default/Dockerfile.j2 | 7 + .../zabbix-proxy/molecule/default/INSTALL.rst | 46 ++ .../zabbix-proxy/molecule/default/create.yml | 47 ++ .../zabbix-proxy/molecule/default/destroy.yml | 16 + .../molecule/default/molecule.yml | 66 +++ .../molecule/default/playbook.yml | 5 + .../zabbix-proxy/molecule/default/prepare.yml | 40 ++ .../molecule/default/requirements.yml | 3 + .../test_default.cpython-37-PYTEST.pyc | Bin 0 -> 7360 bytes .../molecule/default/tests/test_default.py | 56 ++ .../molecule/default/yaml-lint.yml | 9 + roles/zabbix-proxy/requirements.yml | 3 + roles/zabbix-proxy/tasks/Debian.yml | 135 +++++ roles/zabbix-proxy/tasks/RedHat.yml | 160 ++++++ roles/zabbix-proxy/tasks/main.yml | 134 +++++ roles/zabbix-proxy/tasks/mysql.yml | 80 +++ roles/zabbix-proxy/tasks/postgresql.yml | 52 ++ roles/zabbix-proxy/tasks/sqlite3.yml | 46 ++ .../templates/zabbix_proxy.conf.j2 | 518 ++++++++++++++++++ roles/zabbix-proxy/vars/Amazon.yml | 2 + roles/zabbix-proxy/vars/main.yml | 2 + roles/zabbix-proxy/vars/zabbix.yml | 133 +++++ 32 files changed, 2223 insertions(+) create mode 100644 roles/zabbix-proxy/CHANGELOG.md create mode 100644 roles/zabbix-proxy/CODE_OF_CONDUCT.md create mode 100644 roles/zabbix-proxy/CONTRIBUTING.md create mode 100644 roles/zabbix-proxy/LICENSE create mode 100644 roles/zabbix-proxy/PULL_REQUEST_TEMPLATE.md create mode 100644 roles/zabbix-proxy/README.md create mode 100644 roles/zabbix-proxy/defaults/main.yml create mode 100755 roles/zabbix-proxy/files/install_semodule.bsx create mode 100644 roles/zabbix-proxy/handlers/main.yml create mode 100644 roles/zabbix-proxy/meta/main.yml create mode 100644 roles/zabbix-proxy/molecule/default/Dockerfile.j2 create mode 100644 roles/zabbix-proxy/molecule/default/INSTALL.rst create mode 100644 roles/zabbix-proxy/molecule/default/create.yml create mode 100644 roles/zabbix-proxy/molecule/default/destroy.yml create mode 100644 roles/zabbix-proxy/molecule/default/molecule.yml create mode 100644 roles/zabbix-proxy/molecule/default/playbook.yml create mode 100644 roles/zabbix-proxy/molecule/default/prepare.yml create mode 100644 roles/zabbix-proxy/molecule/default/requirements.yml create mode 100644 roles/zabbix-proxy/molecule/default/tests/__pycache__/test_default.cpython-37-PYTEST.pyc create mode 100644 roles/zabbix-proxy/molecule/default/tests/test_default.py create mode 100644 roles/zabbix-proxy/molecule/default/yaml-lint.yml create mode 100644 roles/zabbix-proxy/requirements.yml create mode 100644 roles/zabbix-proxy/tasks/Debian.yml create mode 100644 roles/zabbix-proxy/tasks/RedHat.yml create mode 100644 roles/zabbix-proxy/tasks/main.yml create mode 100644 roles/zabbix-proxy/tasks/mysql.yml create mode 100644 roles/zabbix-proxy/tasks/postgresql.yml create mode 100644 roles/zabbix-proxy/tasks/sqlite3.yml create mode 100644 roles/zabbix-proxy/templates/zabbix_proxy.conf.j2 create mode 100644 roles/zabbix-proxy/vars/Amazon.yml create mode 100644 roles/zabbix-proxy/vars/main.yml create mode 100644 roles/zabbix-proxy/vars/zabbix.yml diff --git a/roles/zabbix-proxy/CHANGELOG.md b/roles/zabbix-proxy/CHANGELOG.md new file mode 100644 index 000000000..ff07038cf --- /dev/null +++ b/roles/zabbix-proxy/CHANGELOG.md @@ -0,0 +1,105 @@ +# ansible-zabbix-server Release + +Below an overview of all changes in the releases. + +Version (Release date) + +FINAL and LAST release for this role in this repository. This role will be transferred to: https://github.com/ansible-collections/community.zabbix/ + +1.7.0 (2020-05-23) + + * Added zabbix_proxy_enableremotecommands variable #57 (By pull request: AleksejsC (Thanks!)) + * Added variable for specifying version Zabbix proxy #58 (By pull request: dmitriy-kharchenko (Thanks!)) + * implement a condition on the SocketDir parameter #59 (By pull request: v (Thanks!)) + * HostnameItem can be set and Hostname is now optional #61 (By pull request: sebedh (Thanks!)) + * Add Proxy creation on through API #62 (By pull request: SimBou (Thanks!)) + * Use the correct naming as suggested in dj-wasabi/ansible-zabbix-agent #301 #63 + * fix SELinux issue : preprocessing.sock permission denied #64 (By pull request: SimBou (Thanks!)) + * ability to manage zabbix-proxy service #65 (By pull request: Vinclame (Thanks!)) + +1.6.0 (2019-12-01) + + * Added missing "become: yes" statements in tasks/main.yml Redhat.yml #53 (By pull request: elcomtik (Thanks!)) + * SocketDir missing in zabbix_proxy.conf #54 (By pull request: Vinclame (Thanks!)) + * selinux blocks preprocessing workers #55 (By pull request: Vinclame (Thanks!)) + * Update to 4.4 #56 (By pull request: macaddict89 (Thanks!)) + +1.5.0 (2019-09-27) + + * Fix and refactor SELinux support #47 (By pull request: angystardust (Thanks!)) + * Update Debian.yml #49 (By pull request: giedriusramas (Thanks!)) + * Calling yum and apt using a loop is deprecated #50 (By pull request: Aversiste (Thanks!)) + * fixing issue 48 #51 (By pull request: bbcnt (Thanks!)) + * change default version #52 (By pull request: fabtho (Thanks!)) + +1.4.0 (2019-04-15) + + * Added property zabbix_proxy_package_state #45 + * Fixed some Ansible Lint issues #46 + * bugfix: "zabbix_proxy_tlspskfile" was not created with content "zabbi… #39 (By pull request: menzelit (Thanks!)) + * Updated to Zabbix 4.2 #41 + * enable upgrade of an existing installation #42 (By pull request: zab35 (Thanks!)) + +1.3.0 (2019-01-25) + + * Added retries for packages installation #38 + * Adding zabbix_proxy_install_database_client variable #37 (By pull request: rnsc (Thanks!)) + +1.2.0 (2018-10-19) + + * Make it work with Zabbix 4.0 + +1.1.0 (2018-06-23) + + * typo in zabbix_proxy_cachesize variable #32 (By pull request: q1x (Thanks!)) + * Updated minimal Ansible version to 2.4 #28 + * Add support for Debian 9 #28 + * Fix for: Mysql database error #21 + * Various fixes #26 (By pull request: hatifnatt (Thanks!)) + * fix DBPort parameter in config template #23 (By pull request: maxim0r (Thanks!)) + * Using correct compare #22 + * set selinux policy to permissive for zabbix_t, needed for CentOS and others #18 (By pull request: andrzejwp (Thanks!)) + * Add TLS connection configuration #17 (By pull request: mgornikov (Thanks!)) + * Add support for sqlite3 DB #16 (By pull request: mgornikov (Thanks!)) + +1.0.0 (2017-09-10) + + * Changed from ini to yml style + * Replace shell tasks with modules. + * Installing default 3.4. + * Prefixed all properties that started with `proxy_` with the value `zabbix_`. + * Added upgrade part in documentation. + +0.5.0 (2017-07-17) + + * Renaming docker-py to docker #10 + * [!] fix misspelling with property ListenIP #9 (By pull request: lebe-dev (Thanks!)) + * Add Amazon Linux support #7 (By pull request: kostyrev (Thanks!)) + * Add HistoryIndexCacheSize for zabbix 3.2 #6 (By pull request: kostyrev (Thanks!)) + * Molecule test #5 + * Fix bugs with LoadModule & add sqlite3 support #2 (By pull request: splitice (Thanks!)) + * Zabbix proxy 3.0 fixes #1 (By pull request: zbal (Thanks!)) + +0.4.0 (2016-08-24) + + * ? + +0.3.0 (2016-02-08) + + * Added test-kitchen tests + * Small bug fix for installation on RedHat/Debian + +0.2.0 (2016-02-04) + + * Added travis-ci test. + +0.1.0 (2015-02-01) + + * Updated readme + * added double quotes on names + * added var zabbix_repo + * added var for database creation and load file + +0.0.1 (2014-10-31) + + * Initial Creation diff --git a/roles/zabbix-proxy/CODE_OF_CONDUCT.md b/roles/zabbix-proxy/CODE_OF_CONDUCT.md new file mode 100644 index 000000000..e28ac17f7 --- /dev/null +++ b/roles/zabbix-proxy/CODE_OF_CONDUCT.md @@ -0,0 +1,3 @@ +# Code of Conduct + +The Code of Conduct from Ansible found [here](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html) applies to this Ansible role as well. diff --git a/roles/zabbix-proxy/CONTRIBUTING.md b/roles/zabbix-proxy/CONTRIBUTING.md new file mode 100644 index 000000000..4b8af3768 --- /dev/null +++ b/roles/zabbix-proxy/CONTRIBUTING.md @@ -0,0 +1,88 @@ +# Contributing to this role + +**Table of content** + +- [Contributing to this role](#contributing-to-this-role) + * [Contributing](#contributing) + * [(local) Development](#-local--development) + + [Requirements](#requirements) + + [Execution](#execution) +- [Other](#other) + * [Virtualenv](#virtualenv) + * [Links](#links) + +Thank you very much for making time to improve this Ansible role. + +## Contributing + +Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). + +1. Fork the repo + +2. Create a branch and apply your changes to this branch. + + a. Make sure you have updated the documentation when adding new variables; + + b. Don't forget to add/update tests so we can test the functionality during each Pull Request; + + c. Make sure the tests will succeed. + +3. Push the branch to your fork and submit a pull request. + +**Note** + +Pull Requests that fails during the tests will not be merged. + +## Coding Guidelines + +Style guides are important because they ensure consistency in the content, look, and feel of a book or a website. + +* [Ansible Style Guide](http://docs.ansible.com/ansible/latest/dev_guide/style_guide/) +* It's "Ansible" when referring to the product and ``ansible`` when referring to the command line tool, package, etc +* Playbooks should be written in multi-line YAML with ``key: value``. The form ``key=value`` is only for ``ansible`` ad-hoc, not for ``ansible-playbook``. +* Tasks should always have a ``name:`` + +## (local) Development + +This role make use of Molecule to test the execution of the role and verificate it. In the root of the repository, a file named `requirements.txt` exists and contains the versions used by the tests. + +### Requirements + +You can install them with the following command: + +``` +pip install -r requirements.txt +``` + +Once the dependencies are installed, please install Docker as Molecule is configured in this repository to create Docker containers. See [this](https://docs.docker.com/install/) link to install Docker on your system. + +### Execution + +Once everything is installed, you can validate your changes by executing: +``` +molecule test +``` + +It should run without any issues. + +# Other + +## Virtualenv + +Suggestion is to create a virtualenv so you won't have issues with other projects. + +Some web pages describing for virtual env: + +* http://thepythonguru.com/python-virtualenv-guide/ +* https://realpython.com/python-virtual-environments-a-primer/ +* https://www.dabapps.com/blog/introduction-to-pip-and-virtualenv-python/ + +## Links + +[Molecule](https://molecule.readthedocs.io/) + +[Ansible](https://www.ansible.com/) + +[Molecule V2 with your own role](https://werner-dijkerman.nl/2017/09/05/using-molecule-v2-to-test-ansible-roles/) + +**End note**: Have fun making changes. If a feature helps you, then others find it helpful too and I will happily have it merged. diff --git a/roles/zabbix-proxy/LICENSE b/roles/zabbix-proxy/LICENSE new file mode 100644 index 000000000..6922fb326 --- /dev/null +++ b/roles/zabbix-proxy/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Werner Dijkerman + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/zabbix-proxy/PULL_REQUEST_TEMPLATE.md b/roles/zabbix-proxy/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000..70c5edefc --- /dev/null +++ b/roles/zabbix-proxy/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +**Description of PR** + + +**Type of change** + + +Feature Pull Request +Bugfix Pull Request +Docs Pull Request + +**Fixes an issue** + diff --git a/roles/zabbix-proxy/README.md b/roles/zabbix-proxy/README.md new file mode 100644 index 000000000..5b9561573 --- /dev/null +++ b/roles/zabbix-proxy/README.md @@ -0,0 +1,257 @@ +Table of Content + +- [Overview](#overview) +- [Upgrades](#upgrades) + * [1.0.0](#100) + * [Operating systems](#operating-systems) + * [Zabbix Versions](#zabbix-versions) + + [Zabbix 4.2](#zabbix-42) + + [Zabbix 4.0](#zabbix-40) + + [Zabbix 3.4](#zabbix-34) + + [Zabbix 3.2](#zabbix-32) + + [Zabbix 3.0](#zabbix-30) + + [Zabbix 2.4](#zabbix-24) + + [Zabbix 2.2](#zabbix-22) +- [Role Variables](#role-variables) +- [Dependencies](#dependencies) +- [Example Playbook](#example-playbook) +- [License](#license) +- [Author Information](#author-information) + + +[![Build Status](https://travis-ci.org/dj-wasabi/ansible-zabbix-proxy.svg?branch=master)](https://travis-ci.org/dj-wasabi/ansible-zabbix-proxy) + +# Overview + +This role is migrated to: https://github.com/ansible-collections/community.zabbix/ +In this repository, a read only version is/will be available for those who can not make use of collections (yet). Changes/updates will only be applied to the collection and not in this repository. + +# Upgrades + +## 1.0.0 + +With this 1.0.0 release, the following is changed: + +* All properties starts with `zabbix_` now. Example, property named `proxy_dbhost` is now `zabbix_proxy_dbhost`. + +## Operating systems + +This role will work on the following operating systems: + + * Red Hat + * Debian + * Ubuntu + +So, you'll need one of those operating systems.. :-) +Please sent Pull Requests or suggestions when you want to use this role for other Operating systems. + +## Zabbix Versions + +See the following list of supported Operating systems with the Zabbix releases. + +### Zabbix 4.4 + + * CentOS 7.x, 8.x + * Amazon 7.x + * RedHat 7.x, 8.x + * OracleLinux 7.x, 8.x + * Scientific Linux 7.x, 8.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9 + +### Zabbix 4.2 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9 + +### Zabbix 4.0 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04, 18.04 + * Debian 8, 9 + +### Zabbix 3.4 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04 + * Debian 7, 8, 9 + +### Zabbix 3.2 + + * CentOS 7.x + * Amazon 7.x + * RedHat 7.x + * OracleLinux 7.x + * Scientific Linux 7.x + * Ubuntu 14.04, 16.04 + * Debian 7, 8 + +### Zabbix 3.0 + + * CentOS 5.x, 6.x, 7.x + * Amazon 5.x, 6.x, 7.x + * RedHat 5.x, 6.x, 7.x + * OracleLinux 5.x, 6.x, 7.x + * Scientific Linux 5.x, 6.x, 7.x + * Ubuntu 14.04 + * Debian 7, 8 + +### Zabbix 2.4 + + * CentOS 6.x, 7.x + * Amazon 6.x, 7.x + * RedHat 6.x, 7.x + * OracleLinux 6.x, 7.x + * Scientific Linux 6.x, 7.x + * Ubuntu 12.04 14.04 + * Debian 7 + +### Zabbix 2.2 + + * CentOS 5.x, 6.x + * RedHat 5.x, 6.x + * OracleLinux 5.x, 6.x + * Scientific Linux 5.x, 6.x + * Ubuntu 12.04 + * Debian 7 + +# Role Variables + +## Main variables + +There are some variables in de default/main.yml which can (Or needs to) be changed/overriden: + +* `zabbix_server_host`: The ip or dns name for the zabbix-server machine. + +* `zabbix_server_port`: The port on which the zabbix-server is running. Default: 10051 + +* `zabbix_version`: This is the version of zabbix. Default it is 4.2, but can be overriden to 4.0/3.4/3.2/3.0/2.4/2.2. + +* `zabbix_proxy_{rhel,debian,ubuntu}_version`: This is the version of zabbix proxy. For example 4.4.4/4.2.5/4.2.8 + +* `zabbix_repo`: True / False. When you already have an repository with the zabbix components, you can set it to False. + +* `*zabbix_proxy_package_state`: Default: _present_. Can be overridden to "latest" to update packages when needed. + +* `zabbix_proxy_install_database_client`: True / False. False does not install database client. Default: True. + +* `zabbix_agent_become_on_localhost`: Set to `False` if you don't need to elevate privileges on localhost to install packages locally with pip. Default: True + +* `zabbix_proxy_manage_service`: True / False. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service. + +* `zabbix_install_pip_packages`: Set to `False` if you don't want to install the required pip packages. Useful when you control your environment completely. Default: True + +There are some zabbix-proxy specific variables which will be used for the zabbix-proxy configuration file, these can be found in the default/main.yml file. There are 2 which needs some explanation: + +```bash + #zabbix_proxy_database: mysql + #zabbix_proxy_database_long: mysql + #zabbix_proxy_database: sqlite3 + #zabbix_proxy_database_long: sqlite3 + zabbix_proxy_database: pgsql + zabbix_proxy_database_long: postgresql +``` + +There are 3 database_types which will be supported: mysql/postgresql and sqlite. You'll need to comment or uncomment the database you would like to use. In example from above, the postgresql database is used. If you want to use mysql, uncomment the 2 lines from mysql and comment the 2 lines for postgresql. + +If you use mysql, then you should define mysql username, password and host to prepare zabbix database, otherwise they will be considered as their default value (and therefor, connecting to database will be considered as connecting to localhost with no password). the keys are belows: + zabbix_proxy_mysql_login_host + zabbix_proxy_mysql_login_user + zabbix_proxy_mysql_login_password + +## TLS Specific configuration + +These variables are specific for Zabbix 3.0 and higher: + +* `*zabbix_proxy_tlsconnect`: How the proxy should connect to server or proxy. Used for active checks. + + Possible values: + + * no_encryption + * PSK + * certificate + +* `*zabbix_proxy_tlsaccept`: What incoming connections to accept. + + Possible values: + + * no_encryption + * PSK + * certificate + +* `*zabbix_proxy_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. + +* `*zabbix_proxy_tlscrlfile`: Full pathname of a file containing revoked certificates. + +* `*zabbix_proxy_tlsservercertissuer`: Allowed server certificate issuer. + +* `*zabbix_proxy_tlsservercertsubject`: Allowed server certificate subject. + +* `*zabbix_proxy_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. + +* `*zabbix_proxy_tlskeyfile`: Full pathname of a file containing the agent private key. + +* `*zabbix_proxy_tlspskidentity`: Unique, case sensitive string used to identify the pre-shared key. + +## Zabbix API variables + +These variables need to be overridden when you want to make use of the zabbix-api for automatically creating and or updating hosts. + +Host encryption configuration will be set to match agent configuration. + +When `zabbix_api_create_proxy` is set to `True`, it will install on the host executing the Ansible playbook the `zabbix-api` python module. + +* `zabbix_url`: The url on which the Zabbix webpage is available. Example: http://zabbix.example.com + +* `zabbix_api_http_user`: The http user to access zabbix url with Basic Auth +* `zabbix_api_http_password`: The http password to access zabbix url with Basic Auth + +* `zabbix_api_create_proxy`: When you want to enable the Zabbix API to create/delete the proxy. This has to be set to `True` if you want to make use of `zabbix_create_proxy`. Default: `False` + +* `zabbix_api_user`: Username of user which has API access. + +* `zabbix_api_pass`: Password for the user which has API access. + +* `zabbix_create_proxy`: present (Default) if the proxy needs to be created or absent if you want to delete it. This only works when `zabbix_api_create_proxy` is set to `True`. + +* `zabbix_proxy_status`: active (Default) if the proxy needs to be active or passive. + +# Dependencies + +```text +You'll need to find the correct database role by yourself. I only want to use roles which supports the 3 main operating systems as well and for now I can't find one. If there is an role which supports these 3 operating systems, please let me know and I'll use it as dependency. +``` + +# Example Playbook + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: zabbix-proxy + sudo: yes + roles: + - { role: dj-wasabi.zabbix-proxy, zabbix_server_host: 192.168.1.1, database_type: pgsql, database_type_long: postgresql } + +# License + +GPLv3 + +# Author Information + +This is my first attempt to create an ansible role, so please send suggestion or pull requests to make this role better. + +Github: https://github.com/dj-wasabi/ansible-zabbix-proxy + +mail: ikben [ at ] werner-dijkerman . nl diff --git a/roles/zabbix-proxy/defaults/main.yml b/roles/zabbix-proxy/defaults/main.yml new file mode 100644 index 000000000..d3245c44b --- /dev/null +++ b/roles/zabbix-proxy/defaults/main.yml @@ -0,0 +1,140 @@ +--- +# defaults file for zabbix-proxy + +zabbix_version: 4.4 + +# These variables are optional. They specify the version of Zabbix proxy package. + +# zabbix_proxy_rhel_version: 4.4.4 +# zabbix_proxy_debian_version: 1:4.4.4-1+stretch +# zabbix_proxy_ubuntu_version: 1:4.4.4-1+xenial + +zabbix_repo: zabbix +zabbix_proxy_package_state: present +zabbix_proxy_install_database_client: True +zabbix_install_pip_packages: true + +zabbix_repo_yum: + - name: zabbix + description: Zabbix Official Repository - $basearch + baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/ + gpgcheck: 0 + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-non-supported + description: Zabbix Official Repository non-supported - $basearch + baseurl: http://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/ + gpgcheck: 0 + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + +zabbix_server_host: 192.168.1.1 +zabbix_server_port: 10051 +zabbix_database_creation: True +zabbix_database_sqlload: True + +# Some role specific vars +zabbix_proxy_database: mysql +zabbix_proxy_database_long: mysql +# zabbix_proxy_database: pgsql +# zabbix_proxy_database_long: postgresql +# zabbix_proxy_database: sqlite3 +# zabbix_proxy_database_long: sqlite3 + +# zabbix-proxy specifc vars +zabbix_proxy_mode: 0 +zabbix_proxy_hostname: "{{ inventory_hostname }}" +zabbix_proxy_listenport: 10051 +zabbix_proxy_sourceip: +zabbix_proxy_logfile: /var/log/zabbix/zabbix_proxy.log +zabbix_proxy_logfilesize: 10 +zabbix_proxy_enableremotecommands: 0 +zabbix_proxy_debuglevel: 3 +zabbix_proxy_pidfile: /var/run/zabbix/zabbix_proxy.pid +zabbix_proxy_socketdir: /var/run/zabbix +zabbix_proxy_dbencoding: utf8 +zabbix_proxy_dbcollation: utf8_bin +zabbix_proxy_dbhost: localhost +zabbix_proxy_dbname: zabbix_proxy +zabbix_proxy_dbschema: +zabbix_proxy_dbuser: zabbix_proxy +zabbix_proxy_dbpassword: zabbix_proxy +zabbix_proxy_dbsocket: +zabbix_proxy_dbport: 5432 +zabbix_proxy_localbuffer: 0 +zabbix_proxy_offlinebuffer: 1 +zabbix_proxy_heartbeatfrequency: 60 +zabbix_proxy_configfrequency: 3600 +zabbix_proxy_datasenderfrequency: 1 +zabbix_proxy_startpollers: 5 +zabbix_proxy_startipmipollers: 0 +zabbix_proxy_startpollersunreachable: 1 +zabbix_proxy_starttrappers: 5 +zabbix_proxy_startpingers: 1 +zabbix_proxy_startdiscoverers: 1 +zabbix_proxy_starthttppollers: 1 +zabbix_proxy_javagateway: +zabbix_proxy_javagatewayport: 10052 +zabbix_proxy_startjavapollers: 5 +zabbix_proxy_startvmwarecollector: 0 +zabbix_proxy_vmwarefrequency: 60 +zabbix_proxy_vmwarecachesize: 8 +zabbix_proxy_snmptrapperfile: /tmp/zabbix_traps.tmp +zabbix_proxy_snmptrapper: 0 +zabbix_proxy_listenip: +zabbix_proxy_housekeepingfrequency: 1 +zabbix_proxy_cachesize: 8 +zabbix_proxy_startdbsyncers: 4 +zabbix_proxy_historycachesize: 8 +zabbix_proxy_historyindexcachesize: 4 +zabbix_proxy_historytextcachesize: 16 +zabbix_proxy_timeout: 3 +zabbix_proxy_trappertimeout: 300 +zabbix_proxy_unreachableperiod: 45 +zabbix_proxy_unavaliabledelay: 60 +zabbix_proxy_unreachabedelay: 15 +zabbix_proxy_externalscripts: /usr/lib/zabbix/externalscripts +zabbix_proxy_fpinglocation: /usr/sbin/fping +zabbix_proxy_fping6location: /usr/sbin/fping6 +zabbix_proxy_sshkeylocation: +zabbix_proxy_loglowqueries: 0 +zabbix_proxy_tmpdir: /tmp +zabbix_proxy_allowroot: 0 +zabbix_proxy_include: /etc/zabbix/zabbix_proxy.conf.d +zabbix_proxy_libdir: /usr/lib/zabbix +zabbix_proxy_loadmodulepath: "{{ zabbix_proxy_libdir }}/modules" +zabbix_proxy_manage_service: True + +# TLS settings +zabbix_proxy_tlsconnect: +zabbix_proxy_tlsaccept: +zabbix_proxy_tlscafile: +zabbix_proxy_tlscrlfile: +zabbix_proxy_tlsservercertissuer: +zabbix_proxy_tlsservercertsubject: +zabbix_proxy_tlscertfile: +zabbix_proxy_tlskeyfile: +zabbix_proxy_tlspskidentity: + +zabbix_proxy_tls_config: + no_encryption: 'no_encryption' + PSK: 'PSK' + certificate: 'certificate' + +# Zabbix API stuff +zabbix_url: "http://zabbix.dj-wasabi.local" +# zabbix_api_http_user: admin +# zabbix_api_http_password: admin +zabbix_api_user: Admin +zabbix_api_pass: zabbix +zabbix_api_create_proxy: False +zabbix_create_proxy: present # or absent +zabbix_proxy_status: active # or passive +zabbix_proxy: null +zabbix_useuip: 1 +zabbix_proxy_become_on_localhost: True +zabbix_proxy_interface: + useip: "{{ zabbix_useuip }}" + ip: "{{ zabbix_proxy_ip }}" + dns: "{{ ansible_fqdn }}" + port: "{{ zabbix_proxy_listenport }}" diff --git a/roles/zabbix-proxy/files/install_semodule.bsx b/roles/zabbix-proxy/files/install_semodule.bsx new file mode 100755 index 0000000000000000000000000000000000000000..d37320c9f92d80ae3227f8c23a754d960ed92fca GIT binary patch literal 1102 zcmZuuZAep57+yprr>vkd%EEVR)hy=JKrQ>AZ0Jx^rfDU5x!!x+PHuPCd++A_SVU1s z;h&Ns@}rz3X&Pim87ZYG1O_3}h%C||#mW-<&T1cOwLE{$;eDRxJ*ShT!fA48 z(TEUcj22KRrtUZ+X7Yg-uz(A!L?jXxry&JGBoDGc4r)7StfJs;!gvH`3u`rDP+R;! z5&IB|rCZ;Kn4Y42@F^2$rmXe7m63zfqS`os+!W1(ofIdN+6b;*ex0nc1 z#8?Dum551H^F@-;!uc~}+)S@mA023p^;iCpcwcrRK?KSp{t;>Il0Y*O&;ny5HvCsS z*v?x73DT2O_v-XJlqz$+gv~st*-(Ub>*Er18CrLhF3g9GnjDInDp7m1Nhz5WrPM$P zFAz?GeR|jo5wU;uBJ0r2td>N4&bmE*Nzj7MBOTR9=?|I4oR8BvXk`kE&ft45T|K08xqO+cu?4z7kwFPBpd< zRkU!JJ*X%BkyWFqoz)f0$c2Vy!=<|5`p%xqJ1##Q-Qx(zzVea%RA;Jg8Gqi&EHtcm zqI1PMGrw)Rd*(zXaZa9#yrvJfjY-|h3YHEQ6~DVRr){|U= 0 + + - name: Create molecule instance(s) + docker_container: + name: "{{ item.name }}" + hostname: "{{ item.name }}" + image: "molecule_local/{{ item.image }}" + state: started + recreate: False + log_driver: none + command: "{{ item.command | default('sleep infinity') }}" + privileged: "{{ item.privileged | default(omit) }}" + volumes: "{{ item.volumes | default(omit) }}" + capabilities: "{{ item.capabilities | default(omit) }}" + with_items: "{{ molecule_yml.platforms }}" diff --git a/roles/zabbix-proxy/molecule/default/destroy.yml b/roles/zabbix-proxy/molecule/default/destroy.yml new file mode 100644 index 000000000..63b5edf9d --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/destroy.yml @@ -0,0 +1,16 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: False + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(True) }}" + with_items: "{{ molecule_yml.platforms }}" diff --git a/roles/zabbix-proxy/molecule/default/molecule.yml b/roles/zabbix-proxy/molecule/default/molecule.yml new file mode 100644 index 000000000..d47059ea9 --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/molecule.yml @@ -0,0 +1,66 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/yaml-lint.yml + +platforms: + - name: zabbix-proxy-mysql-centos + image: milcom/centos7-systemd + privileged: True + groups: + - mysql + - name: zabbix-proxy-pgsql-centos + image: milcom/centos7-systemd + privileged: True + groups: + - postgresql + - name: zabbix-proxy-mysql-debian + image: minimum2scp/systemd-stretch + privileged: True + command: /sbin/init + groups: + - mysql + - name: zabbix-proxy-pgsql-debian + image: minimum2scp/systemd-stretch + privileged: True + command: /sbin/init + groups: + - postgresql + - name: zabbix-proxy-mysql-ubuntu + image: solita/ubuntu-systemd:latest + privileged: True + command: /sbin/init + groups: + - mysql + - name: zabbix-proxy-pgsql-ubuntu + image: solita/ubuntu-systemd:latest + privileged: True + command: /sbin/init + groups: + - postgresql + +provisioner: + name: ansible + lint: + name: ansible-lint + inventory: + group_vars: + mysql: + zabbix_proxy_database: mysql + zabbix_proxy_database_long: mysql + zabbix_proxy_dbport: 3306 + postgresql: + zabbix_proxy_database: pgsql + zabbix_proxy_database_long: postgresql + +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/roles/zabbix-proxy/molecule/default/playbook.yml b/roles/zabbix-proxy/molecule/default/playbook.yml new file mode 100644 index 000000000..fb8cefc21 --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + roles: + - role: ansible-zabbix-proxy + become: yes diff --git a/roles/zabbix-proxy/molecule/default/prepare.yml b/roles/zabbix-proxy/molecule/default/prepare.yml new file mode 100644 index 000000000..b46b9080a --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/prepare.yml @@ -0,0 +1,40 @@ +--- +- name: Prepare + hosts: all + pre_tasks: + - name: "Installing packages" + yum: + name: "{{ item }}" + state: present + with_items: + - net-tools + - which + - libselinux-python + register: installation_dependencies + when: ansible_distribution == 'CentOS' + + - name: "Installing which on NON-CentOS" + apt: + name: "{{ item }}" + state: present + with_items: + - net-tools + when: ansible_distribution != 'CentOS' + + - name: "Configure SUDO." + lineinfile: + dest: /etc/sudoers + line: "Defaults !requiretty" + state: present + + - name: "Make sure the docs are installed." + lineinfile: + dest: /etc/yum.conf + line: "tsflags=nodocs" + state: absent + + roles: + - role: geerlingguy.postgresql + when: inventory_hostname in groups['postgresql'] + - role: geerlingguy.mysql + when: inventory_hostname in groups['mysql'] diff --git a/roles/zabbix-proxy/molecule/default/requirements.yml b/roles/zabbix-proxy/molecule/default/requirements.yml new file mode 100644 index 000000000..37db26ffa --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.mysql +- src: geerlingguy.postgresql diff --git a/roles/zabbix-proxy/molecule/default/tests/__pycache__/test_default.cpython-37-PYTEST.pyc b/roles/zabbix-proxy/molecule/default/tests/__pycache__/test_default.cpython-37-PYTEST.pyc new file mode 100644 index 0000000000000000000000000000000000000000..13c917db7537f9c6ce60aeb95eb1f1e41c62bb5a GIT binary patch literal 7360 zcmdT}OKc=Z8Sd9~_w+nGw)dH*i4v57?0Db1Sz?rIc9(2qoK-dnWE5r8o@#q%-1DHS zXEz>tBt)VpLLjYjh)}c#TS5pVPKXoY%n2cc5QjcR;^YHY4mt7t)jjRDJ-eB}B9XDW zx?ELV{ry${yX8N{TpJ4{eeW27Up4Fb+nqwxjn7yuT zYb?*450v-S`aCPJB1RlyC054$Fq>f&+>bEzrc#~V0Ul+ge)PMqEnj{4&E>0&>nm?v zU3ufR*WYejyS{ui(p}$gYBUHxNTry#UdAOpMG-=h_tlXWs%?d78y5d0)Y|Gu4|S$& z*nFAk%NdMX~Z&=Rumso~p;Z{jhrc!#yx8y@et-Np4*u;_M0Yt{G0_Y+xc zi=CeDH3#Tr-kLk`gGB-+WZ6iXYW>ZfG6B~kyXgkrdXH~L_FBvLx^BmdOuyCjy1ij7 zf%D9>{ms)=;ruYEEG#Wh?POKdTB5-RU6R=uMP`hnszo|_sW@FNMMc&U0dK7if>y6v zcXpqM4mbL8)oQd>n4%GE_C3K3AdBpzO>k28sQ6-kv#~m8`B*{$fW4;ci^xGMN!M_B zbgUt6^#(p`aIeoB>wa(5^&3*0d_%Zv9yLehm*Q>cb+2;X&;B~HdG0Y(x1;P<8%P9#oh9{fjsm}ab;g4eI=l{FCi=LK3$Ez(B za=Zx*x62yXL?{O%yy6H7MYT0YH5FSa;_r}RC})+j!XHOZl#`DS=dv1fqQ5SF;O}ee zY@)46TSGrm9vhc5-tWVtLv>5pRz^l>Y^h9Ta2iQnAJ;=|L%XZ-H$o-UVCK0n*Vaa6 z2=@fz_R015ddC=9Fm9N$pX-<-8-{F$7PF*r!?c+rjoTEzB}WukTedXrkAghRI0xhY z7_|b`VBAGnhbgm?H12#rEu}D@8n+qh?J_HGn0HnFA@Ix)o_1yAu$fUIbix8~7Q-ST z#E8mN7%K_J;$2k)Y<3qV{y#m&iP>J5gjBXU+p4@5l6w&n%-zeuJ(Us(N@EEOxGY=_ zuEMC;{j-#3K3V6iJclO8^VwAL98TrY#FahrXhKWn(RjSt`&RzHlSjJVBP&DeMAPdA zJrOCWGHwtFR9+QsEtHMR^~Mq$Ics-#Ce|`H=&X=-N(h>MgW3abVfBG z;(@r+3T`>0XDI@luZpTOs^)ePk<&j*#d#_&MrOQqL!EGajUdm~i|by{xYZMZ^v)I> zv+p*&dJ&N!m70@>i5=_=)hGz?3Kg?d%uz8<#UUyVQ$endmrz7j0y%Pa5m(ERb;E6L zxa(e2c>^({)m`K6Wwdx*#-E^PkI}OR0po;}AE$ymUi|h)s5|5T&t(5OSI_iZhW44u(4q5WU zgl*j;=N#m=OzDtU$u);ymfS}zPc=AXN7hxiHEII`lXqfYg?ol%Uo@hy%f8^&R9srZ z!ip=y`Jmaqw77V(CjTy-I(hQksjr4Fcm}I|&=;&^j1{=v$8gJ(E^+jo8>G=Q9#;O)SOH)eoSftuXDpEtqD*uK3%3qMm zFCoc8eWzh7gRbfj5G!%3AIq)ki0{3iWPZaAQh&= z5FHpug-vh@Gt3=0Fc{+Zq`u4vjWsAF&9$a&8@usagy_$QP+$HbY7W&T%b+?bGu=s< zOZRjrv&G76CbU{A>NbuQIUFnOOx)I>*ak4G?b0OlUWe}yFLrcSckuroGMN8(U(80LN8qUJm~@IxqB~%P z@sX4qqSPJiBN(g3jvv6Q^H-rFE&_ZD5l$a9vJ2xz6qT2;LgT@Ox-y{&~@Wcb& zw$6Kl{+`#hegO)z^IZJsgMfB=%-i$iu(B-U< z(~V{uNO$-$v(fBz`Y!h}TzCQvj&gDdBZHO$DV_v%wGbKCkmTXdV^SHvvlR9$m%)5u z96z58>KEgHe~u=hOh<;>KC*|~QmU-MdVy4rXE9Rz6a~@|AgdJdcM}pTptEI#NbFv6 z`}%|1wf*B?nK;Y+TluTNlX48QJe)rp90qpu&`h%mpzO#(6qPL{eI`2yb6RjzSAf@Ei-75z3wX zbt*h1W=pDWfdyQ_n~}f`Eij!KnoTmDl)htxIYx;HUYUebwoz`SBH50O%)ne|OSY3w zu%~&JBw|@WuC|FM9FPHT`T0~*%%@Ulf>vlO1@VM~Qv4|+#or&Q6fsZOw-d;2y*rf@ zM>10UB_qYr2~ud{<5UWb-+Opc$mn)#W%%R+qg#!AH9{LXqXVIB%2W$$ajzL51&&lp zk_bg2qUjHq*Fax2lW>v2euoYw$U0q=w=Wkrvq6$y!UX$+B>xr~cP_+Jf5{;EPYRM# zpgIsFs}*@NOc!EeB$^`o@)BV4%T!Q?fnOmh9Da@J%T!FrsPOMlhm1V0Q0+Pu`=ZLx zY*fkY%o&Uo@1Tf7%5FHJ{I;<#$e79(1e5y&A5LkR>e0v^e|?alH#$E4b`kRkB*<#q zyTe<77vBvmJ$D@4OALZnLdU@}N zdg-P3E70rs{(=WAuY0@2d)+8MPOph*CY?m)+eDo6H##oghzg()_}GIlGeb{iiR5`( x21F@xW)tLg$lR6v0(1x8mcC6HB|#Z6TbWaAd|<$zI;Y!~t!ipz);8?IzX1z`Y61WN literal 0 HcmV?d00001 diff --git a/roles/zabbix-proxy/molecule/default/tests/test_default.py b/roles/zabbix-proxy/molecule/default/tests/test_default.py new file mode 100644 index 000000000..c2b9b2753 --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/tests/test_default.py @@ -0,0 +1,56 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_zabbixproxy_running_and_enabled(Service, SystemInfo): + zabbix = Service("zabbix-proxy") + # assert zabbix.is_enabled + if SystemInfo.distribution not in ['ubuntu']: + assert zabbix.is_running + + +@pytest.mark.parametrize("proxy", [ + ("zabbix-proxy-pgsql"), + ("zabbix-proxy-mysql"), +]) +def test_zabbix_package(Package, TestinfraBackend, proxy, SystemInfo): + host = TestinfraBackend.get_hostname() + host = host.replace("-centos", "") + host = host.replace("-debian", "") + + if host == proxy: + zabbix_proxy = Package(proxy) + assert zabbix_proxy.is_installed + + if SystemInfo.distribution in ['debian', 'ubuntu']: + assert zabbix_proxy.version.startswith("1:4.4") + elif SystemInfo.distribution == 'centos': + assert zabbix_proxy.version.startswith("4.4") + + +def test_socket(Socket): + assert Socket("tcp://0.0.0.0:10051").is_listening + + +def test_zabbix_proxy_dot_conf(File): + zabbix_proxy_conf = File("/etc/zabbix/zabbix_proxy.conf") + assert zabbix_proxy_conf.user == "zabbix" + assert zabbix_proxy_conf.group == "zabbix" + assert zabbix_proxy_conf.mode == 0o644 + + assert zabbix_proxy_conf.contains("ListenPort=10051") + assert zabbix_proxy_conf.contains("DBHost=localhost") + assert zabbix_proxy_conf.contains("DebugLevel=3") + + +def test_zabbix_include_dir(File): + zabbix_include_dir = File("/etc/zabbix/zabbix_proxy.conf.d") + assert zabbix_include_dir.is_directory + assert zabbix_include_dir.user == "zabbix" + assert zabbix_include_dir.group == "zabbix" + assert zabbix_include_dir.mode == 0o755 diff --git a/roles/zabbix-proxy/molecule/default/yaml-lint.yml b/roles/zabbix-proxy/molecule/default/yaml-lint.yml new file mode 100644 index 000000000..13fcdc770 --- /dev/null +++ b/roles/zabbix-proxy/molecule/default/yaml-lint.yml @@ -0,0 +1,9 @@ +--- + +extends: default + +rules: + line-length: + max: 250 + level: warning + truthy: disable diff --git a/roles/zabbix-proxy/requirements.yml b/roles/zabbix-proxy/requirements.yml new file mode 100644 index 000000000..37db26ffa --- /dev/null +++ b/roles/zabbix-proxy/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.mysql +- src: geerlingguy.postgresql diff --git a/roles/zabbix-proxy/tasks/Debian.yml b/roles/zabbix-proxy/tasks/Debian.yml new file mode 100644 index 000000000..cda70ad4c --- /dev/null +++ b/roles/zabbix-proxy/tasks/Debian.yml @@ -0,0 +1,135 @@ +--- + +- name: "Include Zabbix gpg ids" + include_vars: zabbix.yml + +- name: "Set short version name" + set_fact: + zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" + +- name: "Debian | Set some facts" + set_fact: + apache_log: apache2 + datafiles_path: "/usr/share/zabbix-proxy-{{ zabbix_proxy_database }}" + when: + - zabbix_version is version_compare('3.0', '<') + tags: + - zabbix-proxy + - init + - config + +- name: "Debian | Set some facts for Zabbix 3.0" + set_fact: + apache_log: apache2 + datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}" + when: + - zabbix_version is version_compare('3.0', '>=') + tags: + - zabbix-proxy + - init + - config + +- name: "Debian | Install gpg key" + apt_key: + id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}" + url: http://repo.zabbix.com/zabbix-official-repo.key + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_repo == "zabbix" + become: yes + tags: + - zabbix-proxy + - init + +- name: "Debian | Installing repository {{ ansible_distribution }}" + apt_repository: + repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/ {{ ansible_distribution_release }} main" + state: present + when: zabbix_repo == "zabbix" + with_items: + - deb-src + - deb + tags: + - zabbix-proxy + - init + +- name: "Debian | Select Zabbix proxy version" + set_fact: + zabbix_proxy_deb_version: "{{ zabbix_proxy_debian_version }}" + cacheable: yes + when: + - ansible_distribution == "Debian" + - zabbix_proxy_debian_version is defined + +- name: "Ubuntu | Select Zabbix proxy version" + set_fact: + zabbix_proxy_deb_version: "{{ zabbix_proxy_ubuntu_version }}" + cacheable: yes + when: + - ansible_distribution == "Ubuntu" + - zabbix_proxy_ubuntu_version is defined + +- name: "Debian | Define package with version" + set_fact: + deb_pkg: "zabbix-proxy-{{ zabbix_proxy_database }}={{ zabbix_proxy_deb_version }}" + cacheable: yes + when: + zabbix_proxy_deb_version is defined + +- name: "Debian | Define package without version" + set_fact: + deb_pkg: "zabbix-proxy-{{ zabbix_proxy_database }}" + cacheable: yes + when: + zabbix_proxy_deb_version is not defined + +- name: "Debian | Installing zabbix-proxy-{{ zabbix_proxy_database }}" + apt: + pkg: "{{ deb_pkg }}" + update_cache: yes + cache_valid_time: 3600 + force: yes + state: "{{ zabbix_proxy_package_state }}" + register: is_zabbix_proxy_package_installed + until: is_zabbix_proxy_package_installed is succeeded + +- name: "Debian | Install Ansible PostgreSQL module dependencies" + apt: + name: python-psycopg2 + state: present + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'pgsql' + +- name: "Debian | Install Mysql Client package" + apt: + name: ['mysql-client', 'python-mysqldb'] + state: present + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'mysql' + - zabbix_proxy_install_database_client + tags: + - zabbix-proxy + - init + - database + +- name: "Debian | Install PostgreSQL Client package" + apt: + name: postgresql-client + state: present + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'pgsql' + - zabbix_proxy_install_database_client + tags: + - zabbix-proxy + - init + - database diff --git a/roles/zabbix-proxy/tasks/RedHat.yml b/roles/zabbix-proxy/tasks/RedHat.yml new file mode 100644 index 000000000..54c6a7da5 --- /dev/null +++ b/roles/zabbix-proxy/tasks/RedHat.yml @@ -0,0 +1,160 @@ +--- +# Tasks specific for RedHat systems + +- name: "RedHat | Set some facts Zabbix < 3.0" + set_fact: + apache_log: httpd + datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*/create" + when: + - zabbix_version is version_compare('3.0', '<') + tags: + - zabbix-proxy + +- name: "RedHat | Set facts for Zabbix >= 3.0" + set_fact: + apache_log: httpd + datafiles_path: "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_version }}*" + when: + - zabbix_version is version_compare('3.0', '>=') + tags: + - zabbix-proxy + +- name: "Make sure old file is absent" + file: + path: /etc/yum.repos.d/zabbix-supported.repo + state: absent + become: yes + +- name: "RedHat | Install basic repo file" + yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: "{{ item.gpgcheck }}" + gpgkey: "{{ item.gpgkey }}" + state: "{{ item.state | default('present') }}" + become: yes + with_items: "{{ zabbix_repo_yum }}" + tags: + - zabbix-agent + +- name: "RedHat | Define package with version" + set_fact: + rhel_pkg: "zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_proxy_rhel_version }}" + cacheable: yes + when: + zabbix_proxy_rhel_version is defined + +- name: "RedHat | Define package without version" + set_fact: + rhel_pkg: "zabbix-proxy-{{ zabbix_proxy_database }}" + cacheable: yes + when: + zabbix_proxy_rhel_version is not defined + +- name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}" + yum: + pkg: "{{ rhel_pkg }}" + state: "{{ zabbix_proxy_package_state }}" + become: yes + register: is_zabbix_proxy_package_installed + until: is_zabbix_proxy_package_installed is succeeded + +- name: "RedHat | Install Ansible PostgreSQL module dependencies" + yum: + name: python-psycopg2 + state: present + become: yes + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'pgsql' + tags: + - zabbix-proxy + - init + +- name: "RedHat | Install Mysql Client package RHEL7" + yum: + name: ['mariadb', 'MySQL-python'] + state: installed + become: yes + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'mysql' + - ansible_distribution_major_version == '7' + tags: + - zabbix-proxy + - init + +- name: "RedHat | Install Mysql Client package RHEL5 - 6" + yum: + name: ['mysql', 'MySQL-python'] + state: present + become: yes + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'mysql' + - ansible_distribution_major_version != '7' + - zabbix_proxy_install_database_client + tags: + - zabbix-proxy + - init + - database + +- name: "RedHat | Install PostgreSQL client package" + yum: + name: postgresql + state: present + become: yes + register: are_zabbix_proxy_dependency_packages_installed + until: are_zabbix_proxy_dependency_packages_installed is succeeded + when: + - zabbix_database_creation or zabbix_database_sqlload + - zabbix_proxy_database == 'pgsql' + - zabbix_proxy_install_database_client + tags: + - zabbix-proxy + - init + - database + +- name: "RedHat | Install related SELinux package to fix issues" + yum: + name: + - policycoreutils-python + state: present + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + when: + - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6" + - zabbix_selinux | bool + tags: + - zabbix-proxy + +- name: "RedHat | Install related SELinux package to fix issues on RHEL8" + yum: + name: + - policycoreutils + - checkpolicy + state: present + register: zabbix_server_dependencies_installed + until: zabbix_server_dependencies_installed is succeeded + when: + - ansible_distribution_major_version == "8" + - zabbix_selinux | bool + tags: + - zabbix-proxy + +- name: "RedHat | Add SEmodule to fix SELinux issue: zabbix_server_alerter.sock" + script: + cmd: files/install_semodule.bsx + args: + creates: /etc/selinux/targeted/active/modules/400/zabbix_server_add/cil + when: + - zabbix_selinux | bool + tags: + - zabbix-proxy diff --git a/roles/zabbix-proxy/tasks/main.yml b/roles/zabbix-proxy/tasks/main.yml new file mode 100644 index 000000000..19b73b78a --- /dev/null +++ b/roles/zabbix-proxy/tasks/main.yml @@ -0,0 +1,134 @@ +--- +# tasks file for dj-wasabi.zabbix-proxy + +- name: "Set OS dependent variables" + include_vars: "{{ item }}" + with_first_found: + - "../vars/{{ ansible_distribution }}.yml" + - "../vars/main.yml" + +- name: "Install the correct repository" + include: "RedHat.yml" + when: + - ansible_os_family == "RedHat" + +- name: "Install the correct repository" + include: "Debian.yml" + when: + - ansible_os_family == "Debian" + +- name: "Installing the database" + include: "{{ zabbix_proxy_database_long }}.yml" + +- name: "Create include dir zabbix-proxy" + file: + path: "{{ zabbix_proxy_include }}" + owner: zabbix + group: zabbix + mode: 0755 + state: directory + become: yes + +- name: "Create module dir zabbix-proxy" + file: + path: "{{ zabbix_proxy_loadmodulepath }}" + owner: zabbix + group: zabbix + state: directory + become: yes + +- name: "Create directory for PSK file if not exist." + file: + path: "{{ zabbix_proxy_tlspskfile | dirname }}" + mode: 0755 + state: directory + become: yes + when: + - zabbix_proxy_tlspskfile is defined + +- name: "Place TLS PSK File" + copy: + dest: "{{ zabbix_proxy_tlspskfile }}" + content: "{{ zabbix_proxy_tlspsk_secret }}" + owner: zabbix + group: zabbix + mode: 0400 + become: yes + when: + - zabbix_proxy_tlspskfile is defined + - zabbix_proxy_tlspsk_secret is defined + notify: + - restart zabbix-proxy + +- name: "Allow zabbix-proxy to open connections (SELinux)" + seboolean: + name: zabbix_can_network + persistent: yes + state: yes + become: yes + when: ansible_selinux.status == "enabled" + tags: selinux + +- name: "Allow zabbix-proxy to connect to zabbix_proxy_preprocessing.sock (SELinux)" + seboolean: + name: daemons_enable_cluster_mode + persistent: yes + state: yes + become: yes + when: ansible_selinux.status == "enabled" + tags: selinux + +- name: "Configure zabbix-proxy" + template: + src: zabbix_proxy.conf.j2 + dest: /etc/zabbix/zabbix_proxy.conf + owner: zabbix + group: zabbix + mode: 0644 + notify: restart zabbix-proxy + +- name: "Installing the Zabbix-api package on localhost" + pip: + name: zabbix-api + state: present + register: zabbix_api_package_installed + until: zabbix_api_package_installed is succeeded + delegate_to: localhost + become: "{{ zabbix_proxy_become_on_localhost }}" + when: + - zabbix_install_pip_packages | bool + - zabbix_api_create_proxy | bool + tags: + - api + +- name: "Create proxy" + zabbix_proxy: + server_url: "{{ zabbix_url }}" + http_login_user: "{{ zabbix_api_http_user | default(omit) }}" + http_login_password: "{{ zabbix_api_http_password | default(omit) }}" + login_user: "{{ zabbix_api_user }}" + login_password: "{{ zabbix_api_pass }}" + state: "{{ zabbix_create_proxy }}" + status: "{{ zabbix_proxy_status }}" + proxy_name: "{{ zabbix_proxy_name }}" + description: "{{ zabbix_proxy_description | default(omit) }}" + tls_psk: "{{ zabbix_proxy_tlspsk_secret | default(omit) }}" + tls_psk_identity: "{{ zabbix_proxy_tlspskidentity | default(omit) }}" + tls_subject: "{{ zabbix_proxy_tlsservercertsubject | default(omit) }}" + tls_accept: "{{ zabbix_proxy_tls_config[zabbix_proxy_tlsaccept if zabbix_proxy_tlsaccept else 'no_encryption'] }}" + tls_connect: "{{ zabbix_proxy_tls_config[zabbix_proxy_tlsconnect if zabbix_proxy_tlsconnect else 'no_encryption'] }}" + validate_certs: "{{ zabbix_validate_certs | default(omit) }}" + when: + - zabbix_api_create_proxy | bool + delegate_to: localhost + become: no + tags: + - api + +- name: "zabbix-proxy started" + service: + name: zabbix-proxy + state: started + enabled: yes + become: yes + when: zabbix_proxy_manage_service | bool diff --git a/roles/zabbix-proxy/tasks/mysql.yml b/roles/zabbix-proxy/tasks/mysql.yml new file mode 100644 index 000000000..1982099b9 --- /dev/null +++ b/roles/zabbix-proxy/tasks/mysql.yml @@ -0,0 +1,80 @@ +--- +# task file for mysql +- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + set_fact: + delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" + +- name: "MySQL | Create database" + mysql_db: + name: "{{ zabbix_proxy_dbname }}" + encoding: "{{ zabbix_proxy_dbencoding }}" + collation: "{{ zabbix_proxy_dbcollation }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + state: present + when: zabbix_database_creation + register: zabbix_database_created + delegate_to: "{{ delegated_dbhost }}" + tags: + - zabbix-proxy + - database + - skip_ansible_lint + +- name: "MySQL | Create database user" + mysql_user: + name: "{{ zabbix_proxy_dbuser }}" + password: "{{ zabbix_proxy_dbpassword }}" + priv: "{{ zabbix_proxy_dbname }}.*:ALL" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + state: present + when: zabbix_database_creation + delegate_to: "{{ delegated_dbhost }}" + tags: + - zabbix-proxy + - database + +- name: "Get the file for schema.sql" + shell: ls -1 {{ datafiles_path }}/schema.sq* + changed_when: False + when: + - zabbix_database_sqlload + register: ls_output_create + tags: + - zabbix-proxy + - database + +- name: "Check if we have done files" + stat: + path: /etc/zabbix/schema.done + register: done_file + when: + - zabbix_database_sqlload + +- name: "MySQL | Create database and import file" + mysql_db: + name: "{{ zabbix_proxy_dbname }}" + encoding: "{{ zabbix_proxy_dbencoding }}" + collation: "{{ zabbix_proxy_dbcollation }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + state: import + target: "{{ ls_output_create.stdout }}" + when: + - zabbix_database_sqlload + - not done_file.stat.exists + delegate_to: "{{ delegated_dbhost }}" + tags: + - zabbix-proxy + - database + +- name: "Create done file" + file: + path: /etc/zabbix/schema.done + state: touch + when: + - zabbix_database_sqlload + - not done_file.stat.exists diff --git a/roles/zabbix-proxy/tasks/postgresql.yml b/roles/zabbix-proxy/tasks/postgresql.yml new file mode 100644 index 000000000..2f7efba44 --- /dev/null +++ b/roles/zabbix-proxy/tasks/postgresql.yml @@ -0,0 +1,52 @@ +--- +# task file for postgresql + +- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + set_fact: + delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" + +- name: "PostgreSQL | Create database" + postgresql_db: + name: "{{ zabbix_proxy_dbname }}" + port: "{{ zabbix_proxy_dbport }}" + state: present + become: yes + become_user: postgres + delegate_to: "{{ delegated_dbhost }}" + when: + - zabbix_database_creation + tags: + - zabbix-proxy + - database + +- name: "PostgreSQL | Create database user" + postgresql_user: + db: "{{ zabbix_proxy_dbname }}" + name: "{{ zabbix_proxy_dbuser }}" + password: "{{ zabbix_proxy_dbpassword }}" + port: "{{ zabbix_proxy_dbport }}" + priv: ALL + state: present + become: yes + become_user: postgres + delegate_to: "{{ delegated_dbhost }}" + when: + - zabbix_database_creation + tags: + - zabbix-proxy + - database + +- name: "PostgreSQL | Importing schema file" + shell: | + cd {{ datafiles_path }} + if [ -f schema.sql.gz ] + then gunzip schema.sql.gz + fi + psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' \ + -d '{{ zabbix_proxy_dbname }}' -f schema.sql && touch /etc/zabbix/schema.done + args: + creates: /etc/zabbix/schema.done + environment: + PGPASSWORD: '{{ zabbix_proxy_dbpassword }}' + when: + - zabbix_database_creation diff --git a/roles/zabbix-proxy/tasks/sqlite3.yml b/roles/zabbix-proxy/tasks/sqlite3.yml new file mode 100644 index 000000000..08a64050e --- /dev/null +++ b/roles/zabbix-proxy/tasks/sqlite3.yml @@ -0,0 +1,46 @@ +--- +# task file for sqlite3 + +- name: "Sqlite3 | Default Database Path" + set_fact: + zabbix_proxy_dbname: /var/lib/zabbix/zabbix_proxy.db + when: + - zabbix_proxy_dbname == "zabbix_proxy" + +- name: "Sqlite3 | Create database" + file: + name: "{{ zabbix_proxy_dbname | dirname }}" + owner: zabbix + group: zabbix + seuser: system_u + serole: object_r + setype: zabbix_var_lib_t + state: directory + when: + - zabbix_database_creation + +- name: "Sqlite3 | Importing schema file" + become: yes + become_user: zabbix + shell: | + set -o pipefail + zcat {{ datafiles_path }}/schema.sql.gz | sqlite3 {{ zabbix_proxy_dbname }} + args: + creates: "{{ zabbix_proxy_dbname }}" + executable: /bin/bash + environment: + PGPASSWORD: '{{ zabbix_proxy_dbpassword }}' + when: + - zabbix_database_creation + +- name: "Fix zabbix db file permission (SELinux)" + file: + path: "{{ zabbix_proxy_dbname }}" + state: file + seuser: system_u + serole: object_r + setype: zabbix_var_lib_t + when: + - ansible_selinux.status == "enabled" + - zabbix_database_creation + tags: selinux diff --git a/roles/zabbix-proxy/templates/zabbix_proxy.conf.j2 b/roles/zabbix-proxy/templates/zabbix_proxy.conf.j2 new file mode 100644 index 000000000..a750848c8 --- /dev/null +++ b/roles/zabbix-proxy/templates/zabbix_proxy.conf.j2 @@ -0,0 +1,518 @@ +# This is a configuration file for Zabbix Proxy process +# To get more information about Zabbix, +# visit http://www.zabbix.com + +############ GENERAL PARAMETERS ################# + +### Option: ProxyMode +# Proxy operating mode +# 0 - proxy in the active mode +# 1 - proxy in the passive mode +# +ProxyMode={{ zabbix_proxy_mode }} + +### Option: Server +# IP address (or hostname) of Zabbix server. +# Active proxy will get configuration data from the server. +# For a proxy in the passive mode this parameter will be ignored. +# +Server={{ zabbix_server_host }} + +### Option: ServerPort +# Port of Zabbix trapper on Zabbix server. +# For a proxy in the passive mode this parameter will be ignored. +# +ServerPort={{ zabbix_server_port }} + +### Option: Hostname +# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! +# Value is acquired from HostnameItem if undefined. +# +{% if zabbix_proxy_hostname is defined and zabbix_proxy_hostname %} +Hostname={{ zabbix_proxy_hostname }} +{% endif %} + +### Option: HostnameItem +# Item used for generating Hostname if it is undefined. +# Ignored if Hostname is defined. +# +# Mandatory: no +# Default: +# HostnameItem=system.hostname +{% if zabbix_proxy_hostnameitem is defined and zabbix_proxy_hostnameitem %} +HostnameItem={{ zabbix_proxy_hostnameitem }} +{% endif %} + +### Option: ListenPort +# Listen port for trapper. +# +ListenPort={{ zabbix_proxy_listenport }} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +{% if zabbix_proxy_sourceip is defined and zabbix_proxy_sourceip %} +SourceIP={{ zabbix_proxy_sourceip }} +{% endif %} + +### Option: LogFile +# Name of log file. +# If not set, syslog is used. +# +LogFile={{ zabbix_proxy_logfile }} + +### Option: LogFileSize +# Maximum size of log file in MB. +# 0 - disable automatic log rotation. +# +LogFileSize={{ zabbix_proxy_logfilesize }} + +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +EnableRemoteCommands={{ zabbix_proxy_enableremotecommands }} + +### Option: DebugLevel +# Specifies debug level +# 0 - no debug +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# +DebugLevel={{ zabbix_proxy_debuglevel }} + +### Option: PidFile +# Name of PID file. +# +PidFile={{ zabbix_proxy_pidfile }} +{% if zabbix_version is version('3.2', '>') %} +### Option: SocketDir +# Location of the socketfile +# +SocketDir={{ zabbix_proxy_socketdir }} +{% endif %} +### Option: DBHost +# Database host name. +# If set to localhost, socket is used for MySQL. +# If set to empty string, socket is used for PostgreSQL. +# +DBHost={{ zabbix_proxy_dbhost }} + +### Option: DBName +# Database name. +# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# Warning: do not attempt to use the same database Zabbix server is using. +# +DBName={{ zabbix_proxy_dbname }} + +### Option: DBSchema +# Schema name. Used for IBM DB2. +# +{% if zabbix_proxy_dbschema is defined and zabbix_proxy_dbschema %} +DBSchema={{ zabbix_proxy_dbschema }} +{% endif %} + +### Option: DBUser +# Database user. Ignored for SQLite. +# +DBUser={{ zabbix_proxy_dbuser }} + +### Option: DBPassword +# Database password. Ignored for SQLite. +# Comment this line if no password is used. +# +DBPassword={{ zabbix_proxy_dbpassword }} + +### Option: DBSocket +# Path to MySQL socket. +# + +# Option: DBPort +# Database port when not using local socket. Ignored for SQLite. +# +DBPort={{ zabbix_proxy_dbport }} + +######### PROXY SPECIFIC PARAMETERS ############# + +### Option: ProxyLocalBuffer +# Proxy will keep data locally for N hours, even if the data have already been synced with the server. +# This parameter may be used if local data will be used by third party applications. +# +ProxyLocalBuffer={{ zabbix_proxy_localbuffer }} + +### Option: ProxyOfflineBuffer +# Proxy will keep data for N hours in case if no connectivity with Zabbix Server. +# Older data will be lost. +# +ProxyOfflineBuffer={{ zabbix_proxy_offlinebuffer }} + +### Option: HeartbeatFrequency +# Frequency of heartbeat messages in seconds. +# Used for monitoring availability of Proxy on server side. +# 0 - heartbeat messages disabled. +# For a proxy in the passive mode this parameter will be ignored. +# +HeartbeatFrequency={{ zabbix_proxy_heartbeatfrequency }} + +### Option: ConfigFrequency +# How often proxy retrieves configuration data from Zabbix Server in seconds. +# For a proxy in the passive mode this parameter will be ignored. +# +ConfigFrequency={{ zabbix_proxy_configfrequency }} + +### Option: DataSenderFrequency +# Proxy will send collected data to the Server every N seconds. +# For a proxy in the passive mode this parameter will be ignored. +# +DataSenderFrequency={{ zabbix_proxy_datasenderfrequency }} + +############ ADVANCED PARAMETERS ################ + +### Option: StartPollers +# Number of pre-forked instances of pollers. +# +StartPollers={{ zabbix_proxy_startpollers }} + +### Option: StartIPMIPollers +# Number of pre-forked instances of IPMI pollers. +# +StartIPMIPollers={{ zabbix_proxy_startipmipollers }} + +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI). +# +StartPollersUnreachable={{ zabbix_proxy_startpollersunreachable }} + +### Option: StartTrappers +# Number of pre-forked instances of trappers. +# Trappers accept incoming connections from Zabbix sender and active agents. +# +StartTrappers={{ zabbix_proxy_starttrappers }} + +### Option: StartPingers +# Number of pre-forked instances of ICMP pingers. +# +StartPingers={{ zabbix_proxy_startpingers }} + +### Option: StartDiscoverers +# Number of pre-forked instances of discoverers. +# +StartDiscoverers={{ zabbix_proxy_startdiscoverers }} + +### Option: StartHTTPPollers +# Number of pre-forked instances of HTTP pollers. +# +StartHTTPPollers={{ zabbix_proxy_starthttppollers }} + +### Option: JavaGateway +# IP address (or hostname) of Zabbix Java gateway. +# Only required if Java pollers are started. +# +{% if zabbix_proxy_javagateway is defined and zabbix_proxy_javagateway %} +JavaGateway={{ zabbix_proxy_javagateway }} + +### Option: JavaGatewayPort +# Port that Zabbix Java gateway listens on. +# +JavaGatewayPort={{ zabbix_proxy_javagatewayport }} + +### Option: StartJavaPollers +# Number of pre-forked instances of Java pollers. +# +StartJavaPollers={{ zabbix_proxy_startjavapollers }} +{% endif %} + +{% if zabbix_version is version_compare('2.4', '>=') %} +### Option: StartVMwareCollectors +# Number of pre-forked vmware collector instances. +# +StartVMwareCollectors={{ zabbix_proxy_startvmwarecollector }} + +### Option: VMwareFrequency +# How often Zabbix will connect to VMware service to obtain a new data. +# +VMwareFrequency={{ zabbix_proxy_vmwarefrequency }} + +### Option: VMwareCacheSize +# Size of VMware cache, in bytes. +# Shared memory size for storing VMware data. +# Only used if VMware collectors are started. +# +VMwareCacheSize={{ zabbix_proxy_vmwarecachesize -}}M +{% endif %} + +### Option: SNMPTrapperFile +# Temporary file used for passing data from SNMP trap daemon to the proxy. +# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. +# +SNMPTrapperFile={{ zabbix_proxy_snmptrapperfile }} + +### Option: StartSNMPTrapper +# If 1, SNMP trapper process is started. +# +StartSNMPTrapper={{ zabbix_proxy_snmptrapper }} + +### Option: ListenIP +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. +# +{% if zabbix_proxy_listenip is defined and zabbix_proxy_listenip %} +ListenIP={{ zabbix_proxy_listenip }} +{% endif %} + +### Option: HousekeepingFrequency +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing unnecessary information from history, alert, and alarms tables. +# +HousekeepingFrequency={{ zabbix_proxy_housekeepingfrequency }} + +### Option: CacheSize +# Size of configuration cache, in bytes. +# Shared memory size, for storing hosts and items data. +# +CacheSize={{ zabbix_proxy_cachesize -}}M + +### Option: StartDBSyncers +# Number of pre-forked instances of DB Syncers +# +StartDBSyncers={{ zabbix_proxy_startdbsyncers }} + +### Option: HistoryCacheSize +# Size of history cache, in bytes. +# Shared memory size for storing history data. +# +HistoryCacheSize={{ zabbix_proxy_historycachesize -}}M + +{% if zabbix_version is version_compare('3.2', '>=') %} +### Option: HistoryIndexCacheSize +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. +# +# Mandatory: no +# Range: 128K-2G +# Default: +HistoryIndexCacheSize={{ zabbix_proxy_historyindexcachesize -}}M +{% endif %} + +{% if zabbix_version is version_compare('2.4', '<') %} +### Option: HistoryTextCacheSize +# Size of text history cache, in bytes. +# Shared memory size for storing character, text or log history data. +# +HistoryTextCacheSize={{ zabbix_proxy_historytextcachesize -}}M +{% endif %} + +### Option: Timeout +# Specifies how long we wait for agent, SNMP device or external check (in seconds). +# +Timeout={{ zabbix_proxy_timeout }} + +### Option: TrapperTimeout +# Specifies how many seconds trapper may spend processing new data. +# +TrapperTimeout={{ zabbix_proxy_trappertimeout }} + +### Option: UnreachablePeriod +# After how many seconds of unreachability treat a host as unavailable. +# +UnreachablePeriod={{ zabbix_proxy_unreachableperiod }} + +### Option: UnavailableDelay +# How often host is checked for availability during the unavailability period, in seconds. +# +UnavailableDelay={{ zabbix_proxy_unavaliabledelay }} + +### Option: UnreachableDelay +# How often host is checked for availability during the unreachability period, in seconds. +# +UnreachableDelay={{ zabbix_proxy_unreachabedelay }} + +### Option: ExternalScripts +# Full path to location of external scripts. +# Default depends on compilation options. +# +ExternalScripts={{ zabbix_proxy_externalscripts }} + +### Option: FpingLocation +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. +# +FpingLocation={{ zabbix_proxy_fpinglocation }} + +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. +# +Fping6Location={{ zabbix_proxy_fping6location }} + +### Option: SSHKeyLocation +# Location of public and private keys for SSH checks and actions. +# +{% if zabbix_proxy_sshkeylocation is defined and zabbix_proxy_sshkeylocation %} +SSHKeyLocation={{ zabbix_proxy_sshkeylocation }} +{% endif %} + +### Option: LogSlowQueries +# How long a database query may take before being logged (in milliseconds). +# Only works if DebugLevel set to 3 or 4. +# 0 - don't log slow queries. +# +LogSlowQueries={{ zabbix_proxy_loglowqueries }} + +### Option: TmpDir +# Temporary directory. +# +TmpDir={{ zabbix_proxy_tmpdir }} + +{% if zabbix_version is version_compare('2.4', '<') %} +### Option: AllowRoot +# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy +# will try to switch to user 'zabbix' instead. Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +AllowRoot={{ zabbix_proxy_allowroot }} +{% endif %} + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +Include={{ zabbix_proxy_include }} + +####### LOADABLE MODULES ####### + +{% if zabbix_version is version_compare('3.0', '<') %} +### Option: LoadModulePath +# Full path to location of proxy modules. +# Default depends on compilation options. +# +LoadModulePath={{ zabbix_proxy_loadmodulepath }} +{% endif %} + +### Option: LoadModule +# Module to load at proxy startup. Modules are used to extend functionality of the proxy. +# Format: LoadModule= +# The modules must be located in directory specified by LoadModulePath. +# It is allowed to include multiple LoadModule parameters. +# +{% if zabbix_proxy_loadmodule is defined and zabbix_proxy_loadmodule %} +LoadModule={{ zabbix_proxy_loadmodule }} +{% endif %} + +{% if zabbix_version is version_compare('3.0', '>=') %} +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the agent should connect to server or proxy. Used for active checks. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted +{% if zabbix_proxy_tlsconnect is defined and zabbix_proxy_tlsconnect %} +TLSConnect={{ zabbix_proxy_tlsconnect }} +{% endif %} + +### Option: TLSAccept +# What incoming connections to accept. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted +{% if zabbix_proxy_tlsaccept is defined and zabbix_proxy_tlsaccept %} +TLSAccept={{ zabbix_proxy_tlsaccept }} +{% endif %} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= +{% if zabbix_proxy_tlscafile is defined and zabbix_proxy_tlscafile %} +TLSCAFile={{ zabbix_proxy_tlscafile }} +{% endif %} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= +{% if zabbix_proxy_tlscrlfile is defined and zabbix_proxy_tlscrlfile %} +TLSCRLFile={{ zabbix_proxy_tlscrlfile }} +{% endif %} + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= +{% if zabbix_proxy_tlsservercertissuer is defined and zabbix_proxy_tlsservercertissuer %} +TLSServerCertIssuer={{ zabbix_proxy_tlsservercertissuer }} +{% endif %} + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= +{% if zabbix_proxy_tlsservercertsubject is defined and zabbix_proxy_tlsservercertsubject %} +TLSServerCertSubject={{ zabbix_proxy_tlsservercertsubject }} +{% endif %} + +### Option: TLSCertFile +# Full pathname of a file containing the agent certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= +{% if zabbix_proxy_tlscertfile is defined and zabbix_proxy_tlscertfile %} +TLSCertFile={{ zabbix_proxy_tlscertfile }} +{% endif %} + +### Option: TLSKeyFile +# Full pathname of a file containing the agent private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= +{% if zabbix_proxy_tlskeyfile is defined and zabbix_proxy_tlskeyfile %} +TLSKeyFile={{ zabbix_proxy_tlskeyfile }} +{% endif %} + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= +{% if zabbix_proxy_tlspskidentity is defined and zabbix_proxy_tlspskidentity %} +TLSPSKIdentity={{ zabbix_proxy_tlspskidentity }} +{% endif %} + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= +{% if zabbix_proxy_tlspskfile is defined and zabbix_proxy_tlspskfile %} +TLSPSKFile={{ zabbix_proxy_tlspskfile }} +{% endif %} +{% endif %} diff --git a/roles/zabbix-proxy/vars/Amazon.yml b/roles/zabbix-proxy/vars/Amazon.yml new file mode 100644 index 000000000..605be3896 --- /dev/null +++ b/roles/zabbix-proxy/vars/Amazon.yml @@ -0,0 +1,2 @@ +--- +ansible_distribution_major_version: "6" diff --git a/roles/zabbix-proxy/vars/main.yml b/roles/zabbix-proxy/vars/main.yml new file mode 100644 index 000000000..75627d3bc --- /dev/null +++ b/roles/zabbix-proxy/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for zabbix-proxy diff --git a/roles/zabbix-proxy/vars/zabbix.yml b/roles/zabbix-proxy/vars/zabbix.yml new file mode 100644 index 000000000..c437f2774 --- /dev/null +++ b/roles/zabbix-proxy/vars/zabbix.yml @@ -0,0 +1,133 @@ +--- + +sign_keys: + "44": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + buster: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: A14FE591 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "42": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "40": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "34": + bionic: + sign_key: A14FE591 + sonya: + sign_key: A14FE591 + serena: + sign_key: A14FE591 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "32": + sonya: + sign_key: 79EA5ED4 + serena: + sign_key: 79EA5ED4 + stretch: + sign_key: A14FE591 + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "30": + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + stretch: + sign_key: A14FE591 + trusty: + sign_key: 79EA5ED4 + xenial: + sign_key: E709712C + "24": + wheezy: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + precise: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + "22": + squeeze: + sign_key: 79EA5ED4 + jessie: + sign_key: 79EA5ED4 + precise: + sign_key: 79EA5ED4 + trusty: + sign_key: 79EA5ED4 + lucid: + sign_key: 79EA5ED4 + +suse: + "openSUSE Leap": + "42": + name: server:monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/ + "openSUSE": + "12": + name: server_monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }} + "SLES": + "11": + name: server_monitoring + url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/