From 5643b8ec1a288d2bb8ba2958c781ad8d089c99ba Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Mon, 5 Feb 2024 17:48:32 +0100 Subject: [PATCH 01/24] zabbix server role init --- roles/zabbix_server/README.md | 30 + roles/zabbix_server/defaults/main.yml | 16 + roles/zabbix_server/handlers/main.yml | 6 + roles/zabbix_server/tasks/main.yml | 70 +++ .../templates/nginx_zabbix_server_http.j2 | 67 +++ .../zabbix_server/templates/php_fpm_zabbix.j2 | 24 + roles/zabbix_server/templates/zabbix.conf.j2 | 568 ++++++++++++++++++ .../templates/zabbix.conf.php.j2 | 59 ++ roles/zabbix_server/vars/main.yml | 2 + 9 files changed, 842 insertions(+) create mode 100644 roles/zabbix_server/README.md create mode 100644 roles/zabbix_server/defaults/main.yml create mode 100644 roles/zabbix_server/handlers/main.yml create mode 100644 roles/zabbix_server/tasks/main.yml create mode 100644 roles/zabbix_server/templates/nginx_zabbix_server_http.j2 create mode 100644 roles/zabbix_server/templates/php_fpm_zabbix.j2 create mode 100644 roles/zabbix_server/templates/zabbix.conf.j2 create mode 100644 roles/zabbix_server/templates/zabbix.conf.php.j2 create mode 100644 roles/zabbix_server/vars/main.yml diff --git a/roles/zabbix_server/README.md b/roles/zabbix_server/README.md new file mode 100644 index 00000000..7acc1eb7 --- /dev/null +++ b/roles/zabbix_server/README.md @@ -0,0 +1,30 @@ +Role Name +========= + +Ansible role for Zabbix Server + +Requirements +------------ + +Pass Base_server and base_platform role to configure server + +Role Variables +-------------- + +app_program: "Zabbix Server" + +zabbix_default_admin: "admin" +zabbix_default_password: "admin" + +app_instance_root: "{{ www_root }}/{{ app_instance_id }}" +app_data: "{{ www_root }}/{{ app_instance_id }}.data" + +database_type: "postgres" + +behind_reverse_proxy: "false" + +app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_{{ app_version }}-1%2B{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" + +zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php", "zabbix-sql-scripts"] + + diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml new file mode 100644 index 00000000..3075fbb4 --- /dev/null +++ b/roles/zabbix_server/defaults/main.yml @@ -0,0 +1,16 @@ +--- +app_program: "Zabbix Server" + +zabbix_default_admin: "admin" +zabbix_default_password: "admin" + +app_instance_root: "{{ www_root }}/{{ app_instance_id }}" +app_data: "{{ www_root }}/{{ app_instance_id }}.data" + +database_type: "postgres" + +behind_reverse_proxy: "false" + +app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_{{ app_version }}-1%2B{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" + +zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php", "zabbix-sql-scripts"] diff --git a/roles/zabbix_server/handlers/main.yml b/roles/zabbix_server/handlers/main.yml new file mode 100644 index 00000000..93db696b --- /dev/null +++ b/roles/zabbix_server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload nginx zabbix_server + service: name=nginx state=reloaded + +- name: reload php-fpm zabbix_server + service: name=php{{ php_version }}-fpm state=reloaded diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml new file mode 100644 index 00000000..c5c2c3c4 --- /dev/null +++ b/roles/zabbix_server/tasks/main.yml @@ -0,0 +1,70 @@ +--- +- name: Register Nextcloud in inventory + import_role: + name: _app_log_inventory + vars: + log_type: "install" + +- name: Create LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + when: behind_reverse_proxy == false + +- name: Create Database for Zabbix Server + import_role: + name: _create_database + +- name: Download Zabbix Debian release deb file + get_url: + url: "{{ app_repo }}" + dest: "/tmp/zabbix-release.deb" + when: ansible_distribution == "Debian" + +- name: Apt install Zabbix release in Ubuntu/Debian + apt: deb="/tmp/zabbix-release.deb" + when: ansible_os_family == "Debian" + register: result_zabbix_release + +- name: Apt update + apt: update_cache=yes + when: ansible_os_family == "Debian" and result_zabbix_release is changed + +- name: "Zabbix Server base packages" + apt: + name: "{{ zabbix_package }}" + state: latest + update_cache: true + loop: "{{ zabbix_packages }}" + loop_control: + loop_var: zabbix_package + +- name: Init Zabbix Server Postgres Database + expect: + command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{database_user}} -h 127.0.0.1 {{database_name}}" + responses: + (?i)Password: '{{database_password}}' + when: database_type == "postgres" + +- name: Import Backup Role + import_role: + name: _app_backup + +- name: "template {{ rev_proxy }}_zabbix_server_http.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_zabbix_server_http.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + when: behind_reverse_proxy == true + +- name: "enable site for {{ app_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + +- name: "template php_fpm_zabbix.j2 for {{ app_user }} {{ php_version }}" + template: + src: "php_fpm_zabbix.j2" + dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + notify: reload php-fpm {{ app_instance_id }} diff --git a/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 new file mode 100644 index 00000000..3349f1e0 --- /dev/null +++ b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 @@ -0,0 +1,67 @@ +upstream php-handler{{ app_instance_id }} { + server unix:/var/run/php/php{{ php_version }}-fpm.sock; +} + +server { + # Both IpV6 and IpV4 + listen 80; + listen [::]:80; + + server_name {{ app_domain | mandatory }}; + + # Path to the root of your installation + root /usr/share/zabbix; + + access_log {{ www_log | mandatory }}/{{ app_instance_id }}/access.log combined if=$log_ua; + error_log {{ www_log | mandatory }}/{{ app_instance_id }}/error.log; + + index index.php; + + location = /favicon.ico { + log_not_found off; + } + + location / { + try_files $uri $uri/ =404; + } + + location /assets { + access_log off; + expires 10d; + } + + location ~ /\.ht { + deny all; + } + + location ~ /(api\/|conf[^\.]|include|locale|vendor) { + deny all; + return 404; + } + + location ~ [^/]\.php(/|$) { + fastcgi_pass php-handler{{ app_instance_id }}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + + fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; + fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } +} diff --git a/roles/zabbix_server/templates/php_fpm_zabbix.j2 b/roles/zabbix_server/templates/php_fpm_zabbix.j2 new file mode 100644 index 00000000..fd96aa1f --- /dev/null +++ b/roles/zabbix_server/templates/php_fpm_zabbix.j2 @@ -0,0 +1,24 @@ +[zabbix] +user = www-data +group = www-data + +listen = /var/run/php/zabbix.sock +listen.owner = www-data +listen.allowed_clients = 127.0.0.1 + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 35 +pm.max_requests = 200 + +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php/sessions/ + +php_value[max_execution_time] = 300 +php_value[memory_limit] = 128M +php_value[post_max_size] = 16M +php_value[upload_max_filesize] = 2M +php_value[max_input_time] = 300 +php_value[max_input_vars] = 10000 diff --git a/roles/zabbix_server/templates/zabbix.conf.j2 b/roles/zabbix_server/templates/zabbix.conf.j2 new file mode 100644 index 00000000..aaca81cc --- /dev/null +++ b/roles/zabbix_server/templates/zabbix.conf.j2 @@ -0,0 +1,568 @@ +# This is a configuration file for Zabbix Server process +# To get more information about Zabbix, +# visit http://www.zabbix.com + +############ GENERAL PARAMETERS ################# + +### Option: NodeID +# Unique NodeID in distributed setup. +# 0 - standalone server +# +# Mandatory: no +# Range: 0-999 +# Default: +# NodeID=0 + +### Option: ListenPort +# Listen port for trapper. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10051 +ListenPort={{ zabbix_server_port }} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +### Option: LogFile +# Name of log file. +# If not set, syslog is used. +# +# Mandatory: no +# Default: +# LogFile= +LogFile=/var/log/zabbix/zabbix_server.log + +### Option: LogFileSize +# Maximum size of log file in MB. +# 0 - disable automatic log rotation. +# +# Mandatory: no +# Range: 0-1024 +# Default: +# LogFileSize=1 + +### Option: DebugLevel +# Specifies debug level +# 0 - no debug +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# +# Mandatory: no +# Range: 0-4 +# Default: +# DebugLevel=3 +# DebugLevel=3 + +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_server.pid +PidFile=/var/run/zabbix/zabbix_server.pid + +### Option: DBHost +# Database host name. +# If set to localhost, socket is used for MySQL. +# +# Mandatory: no +# Default: +# DBHost=localhost +DBHost=localhost + +### Option: DBName +# Database name. +# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# +# Mandatory: yes +# Default: +# DBName= +DBName={{ database_name }} + +### Option: DBSchema +# Schema name. Used for IBM DB2. +# +# Mandatory: no +# Default: +# DBSchema= + +### Option: DBUser +# Database user. Ignored for SQLite. +# +# Mandatory: no +# Default: +# DBUser= +DBUser={{ database_user }} + +### Option: DBPassword +# Database password. Ignored for SQLite. +# Comment this line if no password is used. +# +# Mandatory: no +# Default: +# DBPassword= +DBPassword={{ database_password }} + +### Option: DBSocket +# Path to MySQL socket. +# +# Mandatory: no +# Default: +# DBSocket=/tmp/mysql.sock + +### Option: DBPort +# Database port when not using local socket. Ignored for SQLite. +# +# Mandatory: no +# Range: 1024-65535 +# Default (for MySQL): +DBPort=5432 + +############ ADVANCED PARAMETERS ################ + +### Option: StartPollers +# Number of pre-forked instances of pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollers=5 + +### Option: StartIPMIPollers +# Number of pre-forked instances of IPMI pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartIPMIPollers=0 + +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI). +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollersUnreachable=1 + +### Option: StartTrappers +# Number of pre-forked instances of trappers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartTrappers=5 + +### Option: StartPingers +# Number of pre-forked instances of ICMP pingers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPingers=1 + +### Option: StartDiscoverers +# Number of pre-forked instances of discoverers. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartDiscoverers=1 + +### Option: StartHTTPPollers +# Number of pre-forked instances of HTTP pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPPollers=1 + +### Option: StartTimers +# Number of pre-forked instances of timers. +# Timers process time-based trigger functions and maintenance periods. +# Only the first timer process handles the maintenance periods. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# StartTimers=1 + +{% if zabbix_java_gateway_state == "present" %} +### Option: JavaGateway +# IP address (or hostname) of Zabbix Java gateway. +# Only required if Java pollers are started. +# +# Mandatory: no +# Default: +# JavaGateway= +JavaGateway={{zabbix_java_gateway_config_listen_ip}} + +### Option: JavaGatewayPort +# Port that Zabbix Java gateway listens on. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# JavaGatewayPort=10052 +JavaGatewayPort={{zabbix_java_gateway_config_listen_port}} + +### Option: StartJavaPollers +# Number of pre-forked instances of Java pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartJavaPollers=0 +StartJavaPollers={{zabbix_java_gateway_config_java_pollers}} +{% endif %} + +### Option: StartVMwareCollectors +# Number of pre-forked vmware collector instances. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartVMwareCollectors=0 + +### Option: VMwareFrequency +# How often Zabbix will connect to VMware service to obtain a new data. +# +# Mandatory: no +# Range: 10-86400 +# Default: +# VMwareFrequency=60 + +### Option: VMwareCacheSize +# Size of VMware cache, in bytes. +# Shared memory size for storing VMware data. +# Only used if VMware collectors are started. +# +# Mandatory: no +# Range: 256K-2G +# Default: +# VMwareCacheSize=8M + +### Option: SNMPTrapperFile +# Temporary file used for passing data from SNMP trap daemon to the server. +# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. +# +# Mandatory: no +# Default: +# SNMPTrapperFile=/tmp/zabbix_traps.tmp + +### Option: StartSNMPTrapper +# If 1, SNMP trapper process is started. +# +# Mandatory: no +# Range: 0-1 +# Default: +# StartSNMPTrapper=0 + + +### Option: ListenIP +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 +ListenIP=0.0.0.0 + +### Option: HousekeepingFrequency +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing unnecessary information from history, alert, and alarms tables. +# +# Mandatory: no +# Range: 1-24 +# Default: +# HousekeepingFrequency=1 + +### Option: MaxHousekeeperDelete +# The table "housekeeper" contains "tasks" for housekeeping procedure in the format: +# [housekeeperid], [tablename], [field], [value]. +# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) +# will be deleted per one task in one housekeeping cycle. +# SQLite3 does not use this parameter, deletes all corresponding rows without a limit. +# If set to 0 then no limit is used at all. In this case you must know what you are doing! +# +# Mandatory: no +# Range: 0-1000000 +# Default: +# MaxHousekeeperDelete=500 + +### Option: DisableHousekeeping +# If set to 1, disables housekeeping. +# +# Mandatory: no +# Range: 0-1 +# Default: +# DisableHousekeeping=0 + +### Option: SenderFrequency +# How often Zabbix will try to send unsent alerts (in seconds). +# +# Mandatory: no +# Range: 5-3600 +# Default: +# SenderFrequency=30 + +### Option: CacheSize +# Size of configuration cache, in bytes. +# Shared memory size for storing hosts and items data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# CacheSize=8M + +### Option: CacheUpdateFrequency +# How often Zabbix will perform update of configuration cache, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# CacheUpdateFrequency=60 + +### Option: StartDBSyncers +# Number of pre-forked instances of DB Syncers +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartDBSyncers=4 + +### Option: HistoryCacheSize +# Size of history cache, in bytes. +# Shared memory size for storing history data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# HistoryCacheSize=8M + +### Option: TrendCacheSize +# Size of trend cache, in bytes. +# Shared memory size for storing trends data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# TrendCacheSize=4M + +### Option: HistoryTextCacheSize +# Size of text history cache, in bytes. +# Shared memory size for storing character, text or log history data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# HistoryTextCacheSize=16M + +### Option: ValueCacheSize +# Size of history value cache, in bytes. +# Shared memory size for caching item history data requests +# Setting to 0 disables value cache. +# +# Mandatory: no +# Range: 0,128K-64G +# Default: +# ValueCacheSize=8M + +### Option: NodeNoEvents +# If set to '1' local events won't be sent to master node. +# This won't impact ability of this node to propagate events from its child nodes. +# +# Mandatory: no +# Range: 0-1 +# Default: +# NodeNoEvents=0 + +### Option: NodeNoHistory +# If set to '1' local history won't be sent to master node. +# This won't impact ability of this node to propagate history from its child nodes. +# +# Mandatory: no +# Range: 0-1 +# Default: +# NodeNoHistory=0 + +### Option: Timeout +# Specifies how long we wait for agent, SNMP device or external check (in seconds). +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +### Option: TrapperTimeout +# Specifies how many seconds trapper may spend processing new data. +# +# Mandatory: no +# Range: 1-300 +# Default: +# TrapperTimeout=300 + +### Option: UnreachablePeriod +# After how many seconds of unreachability treat a host as unavailable. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachablePeriod=45 + +### Option: UnavailableDelay +# How often host is checked for availability during the unavailability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnavailableDelay=60 + +### Option: UnreachableDelay +# How often host is checked for availability during the unreachability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachableDelay=15 + +### Option: AlertScriptsPath +# Location of custom alert scripts +# +# Mandatory: no +# Default: +# AlertScriptsPath=/home/zabbix/bin/ +AlertScriptsPath=/etc/zabbix/alert.d/ + +### Option: ExternalScripts +# Location of external scripts +# +# Mandatory: no +# Default: +# ExternalScripts=/etc/zabbix/externalscripts + +### Option: FpingLocation +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. +# +# Mandatory: no +# Default: +# FpingLocation=/usr/sbin/fping +FpingLocation=/usr/bin/fping + +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. +# +# Mandatory: no +# Default: +# Fping6Location=/usr/sbin/fping6 +Fping6Location=/usr/bin/fping6 + +### Option: SSHKeyLocation +# Location of public keys for SSH checks +# +# Mandatory: no +# Default: +# SSHKeyLocation= + +### Option: LogSlowQueries +# How long a database query may take before being logged (in milliseconds). +# 0 - don't log slow queries. +# +# Mandatory: no +# Range: 1-3600000 +# Default: +# LogSlowQueries=0 + +### Option: TmpDir +# Temporary directory. +# +# Mandatory: no +# Default: +# TmpDir=/tmp + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# +# Mandatory: no +# Default: +# Include= + +# Include=/etc/zabbix/zabbix_server.general.conf +# Include=/etc/zabbix/zabbix_server/ + +### Option: StartProxyPollers +# Number of pre-forked instances of pollers for passive proxies. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartProxyPollers=1 + +### Option: ProxyConfigFrequency +# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600*24*7 +# Default: +# ProxyConfigFrequency=3600 + +### Option: ProxyDataFrequency +# How often Zabbix Server requests history data from a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ProxyDataFrequency=1 + +### Option: AllowRoot +# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server +# will try to switch to user 'zabbix' instead. Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowRoot=0 + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +# Include=/usr/local/etc/zabbix_server.general.conf +# Include=/usr/local/etc/zabbix_server.conf.d/ + +####### LOADABLE MODULES ####### + +### Option: LoadModulePath +# Full path to location of server modules. +# Default depends on compilation options. +# +# Mandatory: no +# Default: +# LoadModulePath=${libdir}/modules + +### Option: LoadModule +# Module to load at server startup. Modules are used to extend functionality of the server. +# Format: LoadModule= +# The modules must be located in directory specified by LoadModulePath. +# It is allowed to include multiple LoadModule parameters. +# +# Mandatory: no +# Default: +# LoadModule= diff --git a/roles/zabbix_server/templates/zabbix.conf.php.j2 b/roles/zabbix_server/templates/zabbix.conf.php.j2 new file mode 100644 index 00000000..0ebe0d1d --- /dev/null +++ b/roles/zabbix_server/templates/zabbix.conf.php.j2 @@ -0,0 +1,59 @@ + 'http://localhost:9200', +// 'text' => 'http://localhost:9200' +//]; +// Value types stored in Elasticsearch. +//$HISTORY['types'] = ['uint', 'text']; + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +//$SSO['SP_KEY'] = 'conf/certs/sp.key'; +//$SSO['SP_CERT'] = 'conf/certs/sp.crt'; +//$SSO['IDP_CERT'] = 'conf/certs/idp.crt'; +//$SSO['SETTINGS'] = []; diff --git a/roles/zabbix_server/vars/main.yml b/roles/zabbix_server/vars/main.yml new file mode 100644 index 00000000..3f674d7c --- /dev/null +++ b/roles/zabbix_server/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for zabbix_server -- GitLab From fbcb77448af2bafe1a6dac136c98a6eb76022ea4 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Mon, 5 Feb 2024 18:02:02 +0100 Subject: [PATCH 02/24] add install and uninstall process --- roles/zabbix_server/tasks/main.yml | 72 +++--------------------------- 1 file changed, 6 insertions(+), 66 deletions(-) diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml index c5c2c3c4..1af1a316 100644 --- a/roles/zabbix_server/tasks/main.yml +++ b/roles/zabbix_server/tasks/main.yml @@ -1,70 +1,10 @@ --- -- name: Register Nextcloud in inventory - import_role: - name: _app_log_inventory - vars: - log_type: "install" +- import_tasks: install.yml + when: app_run in ['install', 'reinstall'] -- name: Create LetsEncrypt certificate - import_role: - name: _letsencrypt_certificate - when: behind_reverse_proxy == false +- import_tasks: uninstall.yml + when: app_run == 'uninstall' -- name: Create Database for Zabbix Server - import_role: - name: _create_database +- import_role: + name: instance_prod -- name: Download Zabbix Debian release deb file - get_url: - url: "{{ app_repo }}" - dest: "/tmp/zabbix-release.deb" - when: ansible_distribution == "Debian" - -- name: Apt install Zabbix release in Ubuntu/Debian - apt: deb="/tmp/zabbix-release.deb" - when: ansible_os_family == "Debian" - register: result_zabbix_release - -- name: Apt update - apt: update_cache=yes - when: ansible_os_family == "Debian" and result_zabbix_release is changed - -- name: "Zabbix Server base packages" - apt: - name: "{{ zabbix_package }}" - state: latest - update_cache: true - loop: "{{ zabbix_packages }}" - loop_control: - loop_var: zabbix_package - -- name: Init Zabbix Server Postgres Database - expect: - command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{database_user}} -h 127.0.0.1 {{database_name}}" - responses: - (?i)Password: '{{database_password}}' - when: database_type == "postgres" - -- name: Import Backup Role - import_role: - name: _app_backup - -- name: "template {{ rev_proxy }}_zabbix_server_http.j2 {{ app_instance_id }}" - template: - src: "{{ rev_proxy }}_zabbix_server_http.j2" - dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" - notify: reload {{ rev_proxy }} zabbix_server - when: behind_reverse_proxy == true - -- name: "enable site for {{ app_domain }}" - file: - state: link - path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" - src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" - notify: reload {{ rev_proxy }} zabbix_server - -- name: "template php_fpm_zabbix.j2 for {{ app_user }} {{ php_version }}" - template: - src: "php_fpm_zabbix.j2" - dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" - notify: reload php-fpm {{ app_instance_id }} -- GitLab From d4c2257e710325d654a698ce7a28fe1da8e37a96 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Mon, 5 Feb 2024 18:02:47 +0100 Subject: [PATCH 03/24] add install/uninstall --- roles/zabbix_server/tasks/install.yml | 70 +++++++++++++++++++++++++ roles/zabbix_server/tasks/uninstall.yml | 50 ++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 roles/zabbix_server/tasks/install.yml create mode 100644 roles/zabbix_server/tasks/uninstall.yml diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml new file mode 100644 index 00000000..c5c2c3c4 --- /dev/null +++ b/roles/zabbix_server/tasks/install.yml @@ -0,0 +1,70 @@ +--- +- name: Register Nextcloud in inventory + import_role: + name: _app_log_inventory + vars: + log_type: "install" + +- name: Create LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + when: behind_reverse_proxy == false + +- name: Create Database for Zabbix Server + import_role: + name: _create_database + +- name: Download Zabbix Debian release deb file + get_url: + url: "{{ app_repo }}" + dest: "/tmp/zabbix-release.deb" + when: ansible_distribution == "Debian" + +- name: Apt install Zabbix release in Ubuntu/Debian + apt: deb="/tmp/zabbix-release.deb" + when: ansible_os_family == "Debian" + register: result_zabbix_release + +- name: Apt update + apt: update_cache=yes + when: ansible_os_family == "Debian" and result_zabbix_release is changed + +- name: "Zabbix Server base packages" + apt: + name: "{{ zabbix_package }}" + state: latest + update_cache: true + loop: "{{ zabbix_packages }}" + loop_control: + loop_var: zabbix_package + +- name: Init Zabbix Server Postgres Database + expect: + command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{database_user}} -h 127.0.0.1 {{database_name}}" + responses: + (?i)Password: '{{database_password}}' + when: database_type == "postgres" + +- name: Import Backup Role + import_role: + name: _app_backup + +- name: "template {{ rev_proxy }}_zabbix_server_http.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_zabbix_server_http.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + when: behind_reverse_proxy == true + +- name: "enable site for {{ app_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + +- name: "template php_fpm_zabbix.j2 for {{ app_user }} {{ php_version }}" + template: + src: "php_fpm_zabbix.j2" + dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + notify: reload php-fpm {{ app_instance_id }} diff --git a/roles/zabbix_server/tasks/uninstall.yml b/roles/zabbix_server/tasks/uninstall.yml new file mode 100644 index 00000000..3538bd91 --- /dev/null +++ b/roles/zabbix_server/tasks/uninstall.yml @@ -0,0 +1,50 @@ +--- +- name: Register Nextcloud in inventory + import_role: + name: _app_log_inventory + vars: + log_type: "uninstall" + +- name: Create LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + when: behind_reverse_proxy == false + +- name: Create Database for Zabbix Server + import_role: + name: _create_database + +- name: Apt update + apt: update_cache=yes + when: ansible_os_family == "Debian" and result_zabbix_release is changed + +- name: Import Backup Role + import_role: + name: _app_backup + +- name: "remove {{ rev_proxy }} configuration for {{ app_instance_id }}" + file: + state: absent + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + +- name: "disable site for {{ app_domain }}" + file: + state: absent + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" + notify: reload {{ rev_proxy }} zabbix_server + +- name: "remove php_fpm configuration for {{ app_instance_id }}" + file: + state: absent + dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" + notify: reload php-fpm {{ app_instance_id }} + +- name: "Remove Zabbix Server base packages" + apt: + name: "{{ zabbix_package }}" + state: absent + update_cache: true + loop: "{{ zabbix_packages }}" + loop_control: + loop_var: zabbix_package -- GitLab From 1ef2df10c6a6ed3122f29995a46ffe4037ad5a72 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 12:04:45 +0100 Subject: [PATCH 04/24] fix zabbix server config --- roles/zabbix_server/defaults/main.yml | 5 +++++ roles/zabbix_server/handlers/main.yml | 5 +++++ roles/zabbix_server/tasks/install.yml | 12 ++++++++++++ roles/zabbix_server/tasks/uninstall.yml | 6 ++++++ roles/zabbix_server/templates/zabbix.conf.php.j2 | 14 +++++++------- 5 files changed, 35 insertions(+), 7 deletions(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index 3075fbb4..e8b8b807 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -8,6 +8,11 @@ app_instance_root: "{{ www_root }}/{{ app_instance_id }}" app_data: "{{ www_root }}/{{ app_instance_id }}.data" database_type: "postgres" +database_host: "localhost" +database_port: "5432" +database_schema: "public" + +timezone: "Europe/Paris" behind_reverse_proxy: "false" diff --git a/roles/zabbix_server/handlers/main.yml b/roles/zabbix_server/handlers/main.yml index 93db696b..df2c47e4 100644 --- a/roles/zabbix_server/handlers/main.yml +++ b/roles/zabbix_server/handlers/main.yml @@ -4,3 +4,8 @@ - name: reload php-fpm zabbix_server service: name=php{{ php_version }}-fpm state=reloaded + +- name: restart zabbix-server + service: + name: zabbix-server + state: restarted diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index c5c2c3c4..3f315dff 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -68,3 +68,15 @@ src: "php_fpm_zabbix.j2" dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" notify: reload php-fpm {{ app_instance_id }} + +- name: configure zabbix php frontend + template: + src: "zabbix.conf.php.j2" + dest: "/usr/share/zabbix/conf/zabbix.conf.php" + notify: restart zabbix-server + +- name: "template zabbix_server configuration" + template: + src: "zabbix.conf.j2" + dest: "/etc/zabbix/zabbix_server.conf" + notify: restart zabbix-server diff --git a/roles/zabbix_server/tasks/uninstall.yml b/roles/zabbix_server/tasks/uninstall.yml index 3538bd91..deb0dbb3 100644 --- a/roles/zabbix_server/tasks/uninstall.yml +++ b/roles/zabbix_server/tasks/uninstall.yml @@ -40,6 +40,12 @@ dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" notify: reload php-fpm {{ app_instance_id }} +- name: "remove zabbix_server configuration" + file: + state: absent + dest: "/etc/zabbix/zabbix_server.conf" + notify: restart zabbix-server + - name: "Remove Zabbix Server base packages" apt: name: "{{ zabbix_package }}" diff --git a/roles/zabbix_server/templates/zabbix.conf.php.j2 b/roles/zabbix_server/templates/zabbix.conf.php.j2 index 0ebe0d1d..0ebbede6 100644 --- a/roles/zabbix_server/templates/zabbix.conf.php.j2 +++ b/roles/zabbix_server/templates/zabbix.conf.php.j2 @@ -1,15 +1,15 @@ Date: Tue, 6 Feb 2024 12:27:24 +0100 Subject: [PATCH 05/24] fix Debian/Ubuntu distribution --- roles/zabbix_server/tasks/install.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 3f315dff..0caa1d52 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -14,16 +14,13 @@ import_role: name: _create_database -- name: Download Zabbix Debian release deb file +- name: Download Zabbix Debian/Ubuntu release deb file get_url: url: "{{ app_repo }}" dest: "/tmp/zabbix-release.deb" - when: ansible_distribution == "Debian" - name: Apt install Zabbix release in Ubuntu/Debian apt: deb="/tmp/zabbix-release.deb" - when: ansible_os_family == "Debian" - register: result_zabbix_release - name: Apt update apt: update_cache=yes -- GitLab From c8e71801fdd7873b447fd50d769a7846033d7cb7 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 12:30:19 +0100 Subject: [PATCH 06/24] fix zabbix repo --- roles/zabbix_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index e8b8b807..71233c61 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -16,6 +16,6 @@ timezone: "Europe/Paris" behind_reverse_proxy: "false" -app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_{{ app_version }}-1%2B{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" +app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php", "zabbix-sql-scripts"] -- GitLab From 413a46b8fc8da0da7a957a53b2fcb044060c0f14 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 12:35:14 +0100 Subject: [PATCH 07/24] fix version distribution --- roles/zabbix_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index 71233c61..5a5aea22 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -16,6 +16,6 @@ timezone: "Europe/Paris" behind_reverse_proxy: "false" -app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" +app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb" zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php", "zabbix-sql-scripts"] -- GitLab From b550ff4e7712d130abba4d4edaaf9bec5887a36c Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 12:38:21 +0100 Subject: [PATCH 08/24] fix apt update --- roles/zabbix_server/tasks/install.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 0caa1d52..580f5a18 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -22,9 +22,9 @@ - name: Apt install Zabbix release in Ubuntu/Debian apt: deb="/tmp/zabbix-release.deb" -- name: Apt update - apt: update_cache=yes - when: ansible_os_family == "Debian" and result_zabbix_release is changed +- name: "Apt update" + apt: + update_cache: "True" - name: "Zabbix Server base packages" apt: -- GitLab From 1df86de387106f003bee017039fa04858d783e30 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 12:41:11 +0100 Subject: [PATCH 09/24] fix name package zabbix web --- roles/zabbix_server/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index 5a5aea22..cd1711f5 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -18,4 +18,4 @@ behind_reverse_proxy: "false" app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb" -zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php", "zabbix-sql-scripts"] +zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-service", "zabbix-frontend-php", "zabbix-sql-scripts"] -- GitLab From 4014c6fd84965c1fd40a16eb6147ed6404427af4 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:01:59 +0100 Subject: [PATCH 10/24] fix install --- roles/zabbix_server/tasks/install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 580f5a18..f43b7a29 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -51,7 +51,6 @@ src: "{{ rev_proxy }}_zabbix_server_http.j2" dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" notify: reload {{ rev_proxy }} zabbix_server - when: behind_reverse_proxy == true - name: "enable site for {{ app_domain }}" file: -- GitLab From 2516dfaba9c868b9842669a1e3d1712273aa6de4 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:06:04 +0100 Subject: [PATCH 11/24] fix handler php --- roles/zabbix_server/handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/handlers/main.yml b/roles/zabbix_server/handlers/main.yml index df2c47e4..fc1fa689 100644 --- a/roles/zabbix_server/handlers/main.yml +++ b/roles/zabbix_server/handlers/main.yml @@ -2,7 +2,7 @@ - name: reload nginx zabbix_server service: name=nginx state=reloaded -- name: reload php-fpm zabbix_server +- name: reload php-fpm {{ app_instance_id }} service: name=php{{ php_version }}-fpm state=reloaded - name: restart zabbix-server -- GitLab From d51fe44135307444e7216b90699557151178928a Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:08:22 +0100 Subject: [PATCH 12/24] fix zabbix server port to default port --- roles/zabbix_server/templates/zabbix.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/templates/zabbix.conf.j2 b/roles/zabbix_server/templates/zabbix.conf.j2 index aaca81cc..6740c718 100644 --- a/roles/zabbix_server/templates/zabbix.conf.j2 +++ b/roles/zabbix_server/templates/zabbix.conf.j2 @@ -20,7 +20,7 @@ # Range: 1024-32767 # Default: # ListenPort=10051 -ListenPort={{ zabbix_server_port }} +ListenPort=10051 ### Option: SourceIP # Source IP address for outgoing connections. -- GitLab From 2410be36fc7f71d47202655cdb0689ada976efaa Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:11:36 +0100 Subject: [PATCH 13/24] add java gateway vars --- roles/zabbix_server/defaults/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index cd1711f5..0d3aa781 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -19,3 +19,13 @@ behind_reverse_proxy: "false" app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb" zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-service", "zabbix-frontend-php", "zabbix-sql-scripts"] + +## Option for Java Gateway +zabbix_java_gateway_state: absent +zabbix_java_gateway_service_state: started +zabbix_java_gateway_service_enabled: yes +zabbix_java_gateway_config_listen_ip: localhost +zabbix_java_gateway_config_listen_port: 10052 +zabbix_java_gateway_config_pid_file: "/var/run/zabbix/zabbix_java_gateway.pid" +zabbix_java_gateway_config_start_pollers: 5 +zabbix_java_gateway_config_java_pollers: "{{zabbix_java_gateway_config_start_pollers}}" -- GitLab From 68f8f33cb3571d8ad8e98e3485a8f57c7c49cb7e Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:16:56 +0100 Subject: [PATCH 14/24] add listen https nginx vhost --- .../templates/nginx_zabbix_server_http.j2 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 index 3349f1e0..8ce928cb 100644 --- a/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 +++ b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 @@ -3,12 +3,24 @@ upstream php-handler{{ app_instance_id }} { } server { - # Both IpV6 and IpV4 listen 80; listen [::]:80; + server_name {{ app_domain | mandatory }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + # Both IpV6 and IpV4 + # + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name {{ app_domain | mandatory }}; + ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + # Path to the root of your installation root /usr/share/zabbix; -- GitLab From cc1b12473dd18fd5d54938f01aee1604ec89304a Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:25:48 +0100 Subject: [PATCH 15/24] add logrotate for nginx --- roles/zabbix_server/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index f43b7a29..21d6d496 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -59,6 +59,9 @@ src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" notify: reload {{ rev_proxy }} zabbix_server +- import_role: + name: _app_logrotate + - name: "template php_fpm_zabbix.j2 for {{ app_user }} {{ php_version }}" template: src: "php_fpm_zabbix.j2" -- GitLab From 9e3e754eebc336d8335a515aa8222ee39722d53b Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 14:37:09 +0100 Subject: [PATCH 16/24] fix database type for Zabbix server --- roles/zabbix_server/defaults/main.yml | 1 + roles/zabbix_server/templates/zabbix.conf.php.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index 0d3aa781..ace47c2a 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -8,6 +8,7 @@ app_instance_root: "{{ www_root }}/{{ app_instance_id }}" app_data: "{{ www_root }}/{{ app_instance_id }}.data" database_type: "postgres" +database_type_zabbix: "POSTGRESQL" database_host: "localhost" database_port: "5432" database_schema: "public" diff --git a/roles/zabbix_server/templates/zabbix.conf.php.j2 b/roles/zabbix_server/templates/zabbix.conf.php.j2 index 0ebbede6..1d904357 100644 --- a/roles/zabbix_server/templates/zabbix.conf.php.j2 +++ b/roles/zabbix_server/templates/zabbix.conf.php.j2 @@ -1,7 +1,7 @@ Date: Tue, 6 Feb 2024 14:48:49 +0100 Subject: [PATCH 17/24] change init database --- roles/zabbix_server/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 21d6d496..d2cdf64f 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -37,9 +37,9 @@ - name: Init Zabbix Server Postgres Database expect: - command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{database_user}} -h 127.0.0.1 {{database_name}}" + command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{ database_user }} -h 127.0.0.1 {{ database_name }}" responses: - (?i)Password: '{{database_password}}' + (?i)Password: '{{ database_password }}' when: database_type == "postgres" - name: Import Backup Role -- GitLab From c794742fadaf53f51b131e0bab94f4d1efef802d Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 15:31:50 +0100 Subject: [PATCH 18/24] fix init zabbix server database --- roles/zabbix_server/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index d2cdf64f..2b0b1772 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -37,7 +37,7 @@ - name: Init Zabbix Server Postgres Database expect: - command: /bin/bash -c "zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | psql -U {{ database_user }} -h 127.0.0.1 {{ database_name }}" + command: /bin/bash -c "zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | psql -U {{ database_user }} -h 127.0.0.1 {{ database_name }}" responses: (?i)Password: '{{ database_password }}' when: database_type == "postgres" -- GitLab From 2b6b5e618e54d0bc9a33b0f87bbadabbb7cd25ea Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 15:39:16 +0100 Subject: [PATCH 19/24] fix restart zabbix-server service --- roles/zabbix_server/handlers/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/zabbix_server/handlers/main.yml b/roles/zabbix_server/handlers/main.yml index fc1fa689..ab8da1c2 100644 --- a/roles/zabbix_server/handlers/main.yml +++ b/roles/zabbix_server/handlers/main.yml @@ -6,6 +6,4 @@ service: name=php{{ php_version }}-fpm state=reloaded - name: restart zabbix-server - service: - name: zabbix-server - state: restarted + service: name=zabbix-server state=restarted -- GitLab From 164f106e9a82d776a3d06245a72a92effcf6f00f Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 15:50:22 +0100 Subject: [PATCH 20/24] add check zabbix server service start and enable --- roles/zabbix_server/tasks/install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 2b0b1772..26cdbc3d 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -79,3 +79,6 @@ src: "zabbix.conf.j2" dest: "/etc/zabbix/zabbix_server.conf" notify: restart zabbix-server + +- name: ensure zabbix server is started + service: name=zabbix-server state=started enabled=yes -- GitLab From a00e03ae76964f7dd77c76c1a395b788cf162da1 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 15:55:31 +0100 Subject: [PATCH 21/24] fix service zabbix server --- roles/zabbix_server/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 26cdbc3d..43136ba9 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -80,5 +80,5 @@ dest: "/etc/zabbix/zabbix_server.conf" notify: restart zabbix-server -- name: ensure zabbix server is started +- name: "ensure zabbix server is started" service: name=zabbix-server state=started enabled=yes -- GitLab From 759f794ef4e95288eea3ed91388532d31a2ed6b3 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 6 Feb 2024 16:07:46 +0100 Subject: [PATCH 22/24] change php-fpm socket --- roles/zabbix_server/templates/nginx_zabbix_server_http.j2 | 2 +- roles/zabbix_server/templates/php_fpm_zabbix.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 index 8ce928cb..c408483b 100644 --- a/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 +++ b/roles/zabbix_server/templates/nginx_zabbix_server_http.j2 @@ -1,5 +1,5 @@ upstream php-handler{{ app_instance_id }} { - server unix:/var/run/php/php{{ php_version }}-fpm.sock; + server unix:/var/run/php/{{ app_instance_id }}-php{{ php_version }}-fpm.sock; } server { diff --git a/roles/zabbix_server/templates/php_fpm_zabbix.j2 b/roles/zabbix_server/templates/php_fpm_zabbix.j2 index fd96aa1f..fde27969 100644 --- a/roles/zabbix_server/templates/php_fpm_zabbix.j2 +++ b/roles/zabbix_server/templates/php_fpm_zabbix.j2 @@ -2,7 +2,7 @@ user = www-data group = www-data -listen = /var/run/php/zabbix.sock +listen = /var/run/php/{{ app_instance_id }}-php{{ php_version }}-fpm.sock listen.owner = www-data listen.allowed_clients = 127.0.0.1 -- GitLab From 4485084a35fd7eef88969596d7d42bbbdcb11268 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Wed, 14 Feb 2024 12:05:57 +0100 Subject: [PATCH 23/24] change defaults to vars + specify repo type --- roles/zabbix_server/defaults/main.yml | 32 +------------------------- roles/zabbix_server/tasks/install.yml | 11 +++++++-- roles/zabbix_server/vars/main.yml | 33 ++++++++++++++++++++++++++- 3 files changed, 42 insertions(+), 34 deletions(-) diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index ace47c2a..17d0a0b6 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -1,32 +1,2 @@ --- -app_program: "Zabbix Server" - -zabbix_default_admin: "admin" -zabbix_default_password: "admin" - -app_instance_root: "{{ www_root }}/{{ app_instance_id }}" -app_data: "{{ www_root }}/{{ app_instance_id }}.data" - -database_type: "postgres" -database_type_zabbix: "POSTGRESQL" -database_host: "localhost" -database_port: "5432" -database_schema: "public" - -timezone: "Europe/Paris" - -behind_reverse_proxy: "false" - -app_repo: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb" - -zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-service", "zabbix-frontend-php", "zabbix-sql-scripts"] - -## Option for Java Gateway -zabbix_java_gateway_state: absent -zabbix_java_gateway_service_state: started -zabbix_java_gateway_service_enabled: yes -zabbix_java_gateway_config_listen_ip: localhost -zabbix_java_gateway_config_listen_port: 10052 -zabbix_java_gateway_config_pid_file: "/var/run/zabbix/zabbix_java_gateway.pid" -zabbix_java_gateway_config_start_pollers: 5 -zabbix_java_gateway_config_java_pollers: "{{zabbix_java_gateway_config_start_pollers}}" +# Default vars diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 43136ba9..69d18ada 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -14,10 +14,17 @@ import_role: name: _create_database -- name: Download Zabbix Debian/Ubuntu release deb file +- name: Download Zabbix Debian release deb file get_url: - url: "{{ app_repo }}" + url: "{{ app_repo_debian }}" dest: "/tmp/zabbix-release.deb" + when: ansible_distribution == "Debian" + +- name: Download Zabbix Ubuntu release deb file + get_url: + url: "{{ app_repo_ubuntu }}" + dest: "/tmp/zabbix-release.deb" + when: ansible_distribution == "Ubuntu" - name: Apt install Zabbix release in Ubuntu/Debian apt: deb="/tmp/zabbix-release.deb" diff --git a/roles/zabbix_server/vars/main.yml b/roles/zabbix_server/vars/main.yml index 3f674d7c..88cc9604 100644 --- a/roles/zabbix_server/vars/main.yml +++ b/roles/zabbix_server/vars/main.yml @@ -1,2 +1,33 @@ --- -# vars file for zabbix_server +app_program: "Zabbix Server" + +zabbix_default_admin: "admin" +zabbix_default_password: "admin" + +app_instance_root: "{{ www_root }}/{{ app_instance_id }}" +app_data: "{{ www_root }}/{{ app_instance_id }}.data" + +database_type: "postgres" +database_type_zabbix: "POSTGRESQL" +database_host: "localhost" +database_port: "5432" +database_schema: "public" + +timezone: "Europe/Paris" + +behind_reverse_proxy: "false" + +app_repo_debian: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_major_version }}_all.deb" +app_repo_ubuntu: "https://repo.zabbix.com/zabbix/{{ app_version }}/{{ ansible_distribution|lower }}/pool/main/z/zabbix-release/zabbix-release_latest+{{ ansible_distribution|lower }}{{ ansible_distribution_version }}_all.deb" + +zabbix_packages: ["zabbix-server-pgsql", "zabbix-web-service", "zabbix-frontend-php", "zabbix-sql-scripts"] + +## Option for Java Gateway +zabbix_java_gateway_state: absent +zabbix_java_gateway_service_state: started +zabbix_java_gateway_service_enabled: yes +zabbix_java_gateway_config_listen_ip: localhost +zabbix_java_gateway_config_listen_port: 10052 +zabbix_java_gateway_config_pid_file: "/var/run/zabbix/zabbix_java_gateway.pid" +zabbix_java_gateway_config_start_pollers: 5 +zabbix_java_gateway_config_java_pollers: "{{zabbix_java_gateway_config_start_pollers}}" -- GitLab From afb20531491cf7e3a9e0d6c16534ea2fcea99094 Mon Sep 17 00:00:00 2001 From: Sylvain Arrachart Date: Tue, 12 Mar 2024 15:12:20 +0100 Subject: [PATCH 24/24] add ufw rules --- roles/zabbix_server/tasks/install.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/zabbix_server/tasks/install.yml b/roles/zabbix_server/tasks/install.yml index 69d18ada..0d532eca 100644 --- a/roles/zabbix_server/tasks/install.yml +++ b/roles/zabbix_server/tasks/install.yml @@ -75,6 +75,17 @@ dest: "/etc/php/{{ php_version }}/fpm/pool.d/php-fpm-{{ app_user }}.conf" notify: reload php-fpm {{ app_instance_id }} +- name: "ufw: Allow port 443" + ufw: + rule: allow + port: "10051" + proto: tcp + src: '{{ item }}' + loop: + - 10.0.0.0/24 + - 172.16.16.0/24 + - 192.168.100.0/24 + - name: configure zabbix php frontend template: src: "zabbix.conf.php.j2" -- GitLab