commit 5c1a6f2ec43531d29d733763b5b3dc89886f6116 Author: Paul Lecuq Date: Tue Jan 17 17:59:08 2017 +0100 added roles, vagrantfile, and playbook diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..df835e0 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,15 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure(2) do |config| + config.vm.box = "ubuntu/xenial64" + config.vm.hostname = "zabbix.example.com" + config.vm.network "public_network" + config.vm.provider "virtualbox" do |vb| + vb.gui = true + vb.memory = "1024" + end + config.vm.provision "ansible_local" do |ansible| + ansible.playbook = "zabbix-server.yml" + end +end diff --git a/apache/.travis.yml b/apache/.travis.yml new file mode 100644 index 0000000..3792fd2 --- /dev/null +++ b/apache/.travis.yml @@ -0,0 +1,64 @@ +--- +sudo: required + +env: + global: + # https://github.com/travis-ci/travis-ci/issues/6461#issuecomment-239577306 + DOCKER_VERSION: "1.9.1-0~trusty" + matrix: + - repository: geerlingguy/docker-centos7-ansible + version: latest + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - repository: geerlingguy/docker-centos6-ansible + version: latest + init: /sbin/init + run_opts: "" + - repository: geerlingguy/docker-ubuntu1604-ansible + version: latest + init: /lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - repository: geerlingguy/docker-ubuntu1404-ansible + version: latest + init: /sbin/init + run_opts: "" + - repository: geerlingguy/docker-ubuntu1204-ansible + version: latest + init: /sbin/init + run_opts: "" + +services: + - docker + +before_install: + # Downgrade to specific version of Docker engine. + - sudo apt-get update + - sudo apt-get remove docker-engine -yq + - sudo apt-get install docker-engine=$DOCKER_VERSION -yq --no-install-suggests --no-install-recommends --force-yes -o Dpkg::Options::="--force-confnew" + + # Pull container. + - 'sudo docker pull ${repository}:${version}' + +script: + - container_id=$(mktemp) + # Run container in detached state. + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${repository}:${version} "${init}" > "${container_id}"' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/apache/README.md b/apache/README.md new file mode 100644 index 0000000..100614d --- /dev/null +++ b/apache/README.md @@ -0,0 +1,124 @@ +# Ansible Role: Apache 2.x + +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) + +An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. + +## Requirements + +If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. + +If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + apache_enablerepo: "" + +The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + + apache_listen_ip: "*" + apache_listen_port: 80 + apache_listen_port_ssl: 443 + +The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. + + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + +If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. + + apache_remove_default_vhost: false + +On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + + apache_global_vhost_settings: | + DirectoryIndex index.php index.html + # Add other global settings on subsequent lines. + +You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. + + apache_vhosts: + # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). + +Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: + + - servername: "www.local.dev" + serveralias: "local.dev" + documentroot: "/var/www/html" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. + + apache_vhosts_ssl: [] + +No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: + + apache_vhosts_ssl: + - { + servername: "local.dev", + documentroot: "/var/www/html", + certificate_file: "/home/vagrant/example.crt", + certificate_key_file: "/home/vagrant/example.key", + certificate_chain_file: "/path/to/certificate_chain.crt" + } + +Other SSL directives can be managed with other SSL-related role variables. + + apache_ssl_protocol: "All -SSLv2 -SSLv3" + apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. + + apache_mods_enabled: + - rewrite.load + - ssl.load + apache_mods_disabled: [] + +(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + + apache_packages: + - [platform-specific] + +The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + + apache_state: started + +Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. + + apache_ignore_missing_ssl_certificate: true + +If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). + +## Dependencies + +None. + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.apache } + +*Inside `vars/main.yml`*: + + apache_listen_port: 8080 + apache_vhosts: + - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml new file mode 100644 index 0000000..4acdfce --- /dev/null +++ b/apache/defaults/main.yml @@ -0,0 +1,44 @@ +--- +apache_enablerepo: "" + +apache_listen_ip: "*" +apache_listen_port: 80 +apache_listen_port_ssl: 443 + +apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" + +# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. +# Set this to `true` to remove that default. +apache_remove_default_vhost: false + +apache_global_vhost_settings: | + DirectoryIndex index.php index.html + +apache_vhosts: + # Additional properties: 'serveradmin, serveralias, extra_parameters'. + - servername: "local.dev" + documentroot: "/var/www/html" + +apache_vhosts_ssl: [] + # Additional properties: 'serveradmin, extra_parameters'. + # - servername: "local.dev", + # documentroot: "/var/www/html", + # certificate_file: "/path/to/certificate.crt", + # certificate_key_file: "/path/to/certificate.key", + # # Optional. + # certificate_chain_file: "/path/to/certificate_chain.crt" + +apache_ignore_missing_ssl_certificate: true + +apache_ssl_protocol: "All -SSLv2 -SSLv3" +apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +# Only used on Debian/Ubuntu. +apache_mods_enabled: + - rewrite.load + - ssl.load +apache_mods_disabled: [] + +# Set initial apache state. Recommended values: `started` or `stopped` +apache_state: started diff --git a/apache/handlers/main.yml b/apache/handlers/main.yml new file mode 100644 index 0000000..25d14ec --- /dev/null +++ b/apache/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart apache + service: + name: "{{ apache_service }}" + state: restarted diff --git a/apache/meta/.galaxy_install_info b/apache/meta/.galaxy_install_info new file mode 100644 index 0000000..64d54d1 --- /dev/null +++ b/apache/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Thu Sep 8 09:18:57 2016', version: 1.7.3} diff --git a/apache/meta/main.yml b/apache/meta/main.yml new file mode 100644 index 0000000..12200db --- /dev/null +++ b/apache/meta/main.yml @@ -0,0 +1,31 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - xenial + - name: Suse + versions: + - all + - name: Solaris + versions: + - 11.3 + galaxy_tags: + - web diff --git a/apache/tasks/configure-Debian.yml b/apache/tasks/configure-Debian.yml new file mode 100644 index 0000000..94b9b23 --- /dev/null +++ b/apache/tasks/configure-Debian.yml @@ -0,0 +1,54 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Enable Apache mods. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: "{{ apache_mods_enabled }}" + notify: restart apache + +- name: Disable Apache mods. + file: + path: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: absent + with_items: "{{ apache_mods_disabled }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: "path={{ item.certificate_file }}" + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" + state: link + notify: restart apache + when: apache_create_vhosts + +- name: Remove default vhost in sites-enabled. + file: + path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" + state: absent + notify: restart apache + when: apache_remove_default_vhost diff --git a/apache/tasks/configure-RedHat.yml b/apache/tasks/configure-RedHat.yml new file mode 100644 index 0000000..0c3a01f --- /dev/null +++ b/apache/tasks/configure-RedHat.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/apache/tasks/configure-Solaris.yml b/apache/tasks/configure-Solaris.yml new file mode 100644 index 0000000..a95654b --- /dev/null +++ b/apache/tasks/configure-Solaris.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/apache/tasks/configure-Suse.yml b/apache/tasks/configure-Suse.yml new file mode 100644 index 0000000..16d89f8 --- /dev/null +++ b/apache/tasks/configure-Suse.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/listen.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: "{{ apache_ports_configuration_items }}" + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: "{{ apache_vhosts_ssl }}" + +- name: Add apache vhosts configuration. + template: + src: "vhosts.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml new file mode 100644 index 0000000..0715fc2 --- /dev/null +++ b/apache/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# Include variables and define needed variables. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define apache_packages. + set_fact: + apache_packages: "{{ __apache_packages | list }}" + when: apache_packages is not defined + +# Setup/install tasks. +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Suse.yml + when: ansible_os_family == 'Suse' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include: setup-Solaris.yml + when: ansible_os_family == 'Solaris' + +# Figure out what version of Apache is installed. +- name: Get installed version of Apache. + shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" + changed_when: false + always_run: yes + register: _apache_version + +- name: Create apache_version variable. + set_fact: + apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" + +- include_vars: apache-22.yml + when: "apache_version.split('.')[1] == '2'" + +- include_vars: apache-24.yml + when: "apache_version.split('.')[1] == '4'" + +# Configure Apache. +- include: configure-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: configure-Suse.yml + when: ansible_os_family == 'Suse' + +- include: configure-Debian.yml + when: ansible_os_family == 'Debian' + +- include: configure-Solaris.yml + when: ansible_os_family == 'Solaris' + +- name: Ensure Apache has selected state and enabled on boot. + service: + name: "{{ apache_service }}" + state: "{{ apache_state }}" + enabled: yes diff --git a/apache/tasks/setup-Debian.yml b/apache/tasks/setup-Debian.yml new file mode 100644 index 0000000..43b9a77 --- /dev/null +++ b/apache/tasks/setup-Debian.yml @@ -0,0 +1,7 @@ +--- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=3600 + +- name: Ensure Apache is installed on Debian. + apt: "name={{ item }} state=installed" + with_items: "{{ apache_packages }}" diff --git a/apache/tasks/setup-RedHat.yml b/apache/tasks/setup-RedHat.yml new file mode 100644 index 0000000..f4a838f --- /dev/null +++ b/apache/tasks/setup-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure Apache is installed on RHEL. + yum: + name: "{{ item }}" + state: installed + enablerepo: "{{ apache_enablerepo }}" + with_items: "{{ apache_packages }}" diff --git a/apache/tasks/setup-Solaris.yml b/apache/tasks/setup-Solaris.yml new file mode 100644 index 0000000..989e32e --- /dev/null +++ b/apache/tasks/setup-Solaris.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Solaris. + pkg5: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/apache/tasks/setup-Suse.yml b/apache/tasks/setup-Suse.yml new file mode 100644 index 0000000..80c65ca --- /dev/null +++ b/apache/tasks/setup-Suse.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed on Suse. + zypper: + name: "{{ item }}" + state: installed + with_items: "{{ apache_packages }}" diff --git a/apache/templates/vhosts.conf.j2 b/apache/templates/vhosts.conf.j2 new file mode 100644 index 0000000..766554f --- /dev/null +++ b/apache/templates/vhosts.conf.j2 @@ -0,0 +1,82 @@ +{{ apache_global_vhost_settings }} + +{# Set up VirtualHosts #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts #} +{% for vhost in apache_vhosts_ssl %} +{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} + + ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} +{% if vhost.documentroot is defined %} + DocumentRoot {{ vhost.documentroot }} +{% endif %} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On +{% if apache_vhosts_version == "2.4" %} + SSLCompression off +{% endif %} + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} +{% if vhost.documentroot is defined %} + + AllowOverride All + Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} + Require all granted +{% endif %} + +{% endif %} +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endif %} +{% endfor %} diff --git a/apache/tests/test.yml b/apache/tests/test.yml new file mode 100644 index 0000000..f5c5ca6 --- /dev/null +++ b/apache/tests/test.yml @@ -0,0 +1,13 @@ +--- +- hosts: all + + vars: + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" + + roles: + - role_under_test diff --git a/apache/vars/Debian.yml b/apache/vars/Debian.yml new file mode 100644 index 0000000..7ff09c5 --- /dev/null +++ b/apache/vars/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_service: apache2 +apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2 + +__apache_packages: + - apache2 + - apache2-utils + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" diff --git a/apache/vars/RedHat.yml b/apache/vars/RedHat.yml new file mode 100644 index 0000000..d79fa5a --- /dev/null +++ b/apache/vars/RedHat.yml @@ -0,0 +1,20 @@ +--- +apache_service: httpd +apache_daemon: httpd +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/apache/vars/Solaris.yml b/apache/vars/Solaris.yml new file mode 100644 index 0000000..576291e --- /dev/null +++ b/apache/vars/Solaris.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache24 +apache_daemon: httpd +apache_daemon_path: /usr/apache2/2.4/bin/ +apache_server_root: /etc/apache2/2.4/ +apache_conf_path: /etc/apache2/2.4/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - web/server/apache-24 + - web/server/apache-24/module/apache-ssl + - web/server/apache-24/module/apache-security + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/apache/vars/Suse.yml b/apache/vars/Suse.yml new file mode 100644 index 0000000..27703f3 --- /dev/null +++ b/apache/vars/Suse.yml @@ -0,0 +1,18 @@ +--- +apache_service: apache2 +apache_daemon: httpd2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/apache/vars/apache-22.yml b/apache/vars/apache-22.yml new file mode 100644 index 0000000..c932f93 --- /dev/null +++ b/apache/vars/apache-22.yml @@ -0,0 +1,12 @@ +--- +apache_vhosts_version: "2.2" +apache_default_vhost_filename: 000-default +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^#?NameVirtualHost ", + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" + } diff --git a/apache/vars/apache-24.yml b/apache/vars/apache-24.yml new file mode 100644 index 0000000..449a444 --- /dev/null +++ b/apache/vars/apache-24.yml @@ -0,0 +1,8 @@ +--- +apache_vhosts_version: "2.4" +apache_default_vhost_filename: 000-default.conf +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } diff --git a/zabbix-server.yml b/zabbix-server.yml new file mode 100644 index 0000000..deb2a0b --- /dev/null +++ b/zabbix-server.yml @@ -0,0 +1,12 @@ +- hosts: all + become: yes + user: root + roles: + - apache + - zabbix-server + vars: + zabbix_url: zabbix.example.com + zabbix_version: 3.2 + zabbix_timezone: Europe/Paris + database_type: pgsql + database_type_long: postgresql diff --git a/zabbix-server/.gitignore b/zabbix-server/.gitignore new file mode 100644 index 0000000..fff376e --- /dev/null +++ b/zabbix-server/.gitignore @@ -0,0 +1,8 @@ +.kitchen/ +.idea/ +.bundle/ +vendor/ +*.retry +.molecule +.cache +__pycache__ diff --git a/zabbix-server/.travis.yml b/zabbix-server/.travis.yml new file mode 100644 index 0000000..3ccf82e --- /dev/null +++ b/zabbix-server/.travis.yml @@ -0,0 +1,19 @@ +--- +sudo: required +language: python +services: + - docker + +before_install: +- sudo apt-get -qq update +- sudo apt-get install -o Dpkg::Options::="--force-confold" --force-yes -y docker-engine + +install: +- pip install molecule ansible + +script: +- molecule --version +- ansible --version +- molecule test +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/zabbix-server/CHANGELOG.md b/zabbix-server/CHANGELOG.md new file mode 100644 index 0000000..80bcb7b --- /dev/null +++ b/zabbix-server/CHANGELOG.md @@ -0,0 +1,57 @@ +#ansible-zabbix-server Release + +Below an overview of all changes in the releases. + +Version (Release date) + +0.6.0 (2016-08-24) + + * Removed Test Kitchen tests, added molecule tests + * Added collation and encoding for MySQL databases #23 + * Add SELinux specifics #19 (By pull request: mescanef (Thanks!)) + * Fixes in the README.md file #18 (By pull request: mescanef (Thanks!)) + * Fix for: zabbix_repo - inconsistent use between server and agent roles. #17 + * Fix for: apache 2.2. and 2.4 #15 + +0.5.1 (2016-04-03) + + * Fix for: zabbix_server.conf file mode #14 + * Fix for: Support for v3+ Server Configuration #13 + +0.5.0 (2016-03-28) + + * Zabbix 3.0 + * MySQL database creation on other host (delegation) + +0.4.0 (2016-02-05) + + * fix #2: server_dbhost allows for remote database but role does not fully support setting up on remote db #11 (By pull request: lhoss (Thanks!)) + * Added basic travis test + * Fixed installation on Debian / Ubuntu for installing mysqldb-python package. + +0.3.0 (2015-11-24) + + * Add test-kitchen #7 (By pull request: kostyrevaa (Thanks!)) + * Force apt cache update after installing Zabbix's gpg key #8 (By pull request: SAL-e (Thanks!)) + * tasks/mysql.yml - [add] install mysql client on RHEL base 7 #9 (By pull request: clopnis (Thanks!)) + * Updated test-kitchen tests + * Added BATS tests + * Added CHANGELOG.md file + +0.2.1 (2015-06-30) + + * Fix unzip schema files for RedHat #5 (By pull request: kostyrevaa (Thanks!)) + * Fix missed required space #6 (By pull request: kostyrevaa (Thanks!)) + +0.2.0 (2015-03-20) + + * Various fixes #3 (By pull request: srvg (Thanks!)) + * Add optional configuration for Apache virtualhost aliases #4 (By pull request: srvg (Thanks!)) + +0.1.0 (2015-02-01) + + * Two minor changes for installation #1 (By pull request: drmikecrowe (Thanks!)) + +0.0.1 (2014-10-31) + + * Initial creation \ No newline at end of file diff --git a/zabbix-server/README.md b/zabbix-server/README.md new file mode 100644 index 0000000..bffd054 --- /dev/null +++ b/zabbix-server/README.md @@ -0,0 +1,183 @@ +Table of Contents + +1. [Overview](#overview) +2. [Requirements for this role](#requirements) + * [List of Operating systems](#operating-systems) + * [List supported Zabbix versions](#zabbix-version) +3. [Installing this role](#installation) +4. [Overview of variables which can be used](#role-variables) + * [Main variables](#main-variables) + * [Zabbix 3 variables](#zabbix-3) + * [Database variables](#databases) +4. [Dependencies](#dependencies) +5. [Example of using this role](#example-playbook) + * [ Vars in role configuration](#vars-in-role-configuration) + * [Combination of group_vars and playbook](#combination-of-group_vars-and-playbook) +6. [Test Kitchen](#test-kitchen) +7. [Extra information](#extra-information) +8. [License](#license) +9. [Author Information](#author-information) + +#Overview + +Build Status: + +[![Build Status](https://travis-ci.org/dj-wasabi/ansible-zabbix-server.svg?branch=master)](https://travis-ci.org/dj-wasabi/ansible-zabbix-server) + +This is an role for installing and maintaining the zabbix-server. + +This is one of the 'dj-wasabi' roles which configures your whole zabbix environment. See an list for the complete list: + + * zabbix-server (https://galaxy.ansible.com/dj-wasabi/zabbix-server/) + * zabbix-proxy (https://galaxy.ansible.com/dj-wasabi/zabbix-proxy/) + * zabbix-javagateway (https://galaxy.ansible.com/dj-wasabi/zabbix-javagateway/) + * zabbix-agent (https://galaxy.ansible.com/dj-wasabi/zabbix-agent/) + +#Requirements +##Operating systems + +This role will work on the following operating systems: + + * Red Hat + * Debian + * Ubuntu + +So, you'll need one of those operating systems.. :-) +Please sent Pull Requests or suggestions when you want to use this role for other Operating systems. + +##Zabbix Versions + +See the following list of supported Operating systems with the Zabbix releases: + +Zabbix 3.0: + + * CentOS 5.x, 6.x, 7.x + * Amazon 5.x, 6.x, 7.x + * RedHat 5.x, 6.x, 7.x + * OracleLinux 5.x, 6.x, 7.x + * Scientific Linux 5.x, 6.x, 7.x + * Ubuntu 14.04 + * Debian 7, 8 + +Zabbix 2.4: + + * CentOS 6.x, 7.x + * Amazon 6.x, 7.x + * RedHat 6.x, 7.x + * OracleLinux 6.x, 7.x + * Scientific Linux 6.x, 7.x + * Ubuntu 12.04 14.04 + * Debian 7 + +Zabbix 2.2: + + * CentOS 5.x, 6.x + * RedHat 5.x, 6.x + * OracleLinux 5.x, 6.x + * Scientific Linux 5.x, 6.x + * Ubuntu 12.04 + * Debian 7 + * xenserver 6 + +#Installation + +Installing this role is very simple: `ansible-galaxy install dj-wasabi.zabbix-server` + +#Role Variables + +## Main variables +There are some variables in de default/main.yml which can (Or needs to) be changed/overriden: + +* `zabbix_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook" + +* `zabbix_version`: This is the version of zabbix. Default it is 3.0, but can be overriden to 2.4, 2.2 or 2.0. + +* `zabbix_timezone`: This is the timezone. The apache vhost needs this parameter. Default: Europe/Amsterdam + +* `zabbix_repo`: Default: _zabbix_ + * _epel_ install agent from EPEL repo + * _zabbix_ (default) install agent from Zabbix repo + * _other_ install agent from pre-existing or other repo + +* `zabbix_vhost`: True / False. When you don't want to create an apache vhosts, you can set it to False. + +* `zabbix_web`: True / False. When you down't want to install the zabbix-web component. Setting this to False, this playbook will only install the zabbix-server incl. database (if the 2 parameters below are set to True). + +* `zabbix_database_creation`: True / False. When you don't want to create the database including user, you can set it to False. + +* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False. + +* `server_dbencoding`: The encoding for the MySQL database. Default set to `utf8` + +* `server_dbcollation`: The collation for the MySQL database. Default set to `utf8_bin` + +## Zabbix 3 + +These variables are specific for Zabbix 3.0 + +* `server_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. + +* `server_tlscrlfile`: Full pathname of a file containing revoked certificates. + +* `server_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain. + +* `server_tlskeyfile`: Full pathname of a file containing the agent private key. + +## Database + +There are some zabbix-server specific variables which will be used for the zabbix-server configuration file, these can be found in the defaults/main.yml file. There are 2 which needs some explanation: +```bash + #database_type: mysql + #database_type_long: mysql + database_type: pgsql + database_type_long: postgresql +``` + +There are 2 database_types which will be supported: mysql and postgresql. You'll need to comment or uncomment the database you would like to use. In example from above, the postgresql database is used. If you want to use mysql, uncomment the 2 lines from mysql and comment the 2 lines for postgresql. + +# Dependencies + +This role has 1 "hardcoded" dependency: geerlingguy.apache. This is an role which support the 3 main operating systems (Red Hat/Debian/Ubuntu). I can't find an mysql or postgresql role which also supports these 3 operating systems. + +```text +You'll need to find the correct database role by yourself. I only want to use roles which supports the 3 main operating systems as well and for now I can't find one. If there is an role which supports these 3 operating systems, please let me know and I'll use it as dependency. +``` + +# Example Playbook + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: zabbix-server + become: yes + roles: + - { role: geerlingguy.apache } + - { role: dj-wasabi.zabbix-server, zabbix_url: zabbix.dj-wasabi.nl, database_type: mysql, database_type_long: mysql } + + +# Test Kitchen + +This roles is configured to be tested with Test Kitchen. You can find on this page some more information regarding Test Kitchen: http://werner-dijkerman.nl/2015/08/20/using-test-kitchen-with-docker-and-serverspec-to-test-ansible-roles/ + +# Contributors + +The following have contributed to this Ansible role (List of Fame): + + * drmikecrowe + * srvg + * kostyrevaa + * clopnis + * SAL-e + * lhoss + * mescanef + +# License + +GPLv3 + +# Author Information + +This is my first attempt to create an ansible role, so please send suggestion or pull requests to make this role better. + +Github: https://github.com/dj-wasabi/ansible-zabbix-server + +mail: ikben [ at ] werner-dijkerman . nl diff --git a/zabbix-server/ansible.cfg b/zabbix-server/ansible.cfg new file mode 100644 index 0000000..db60a10 --- /dev/null +++ b/zabbix-server/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +roles_path = ../:../../ +hostfile = tests/inventory diff --git a/zabbix-server/defaults/main.yml b/zabbix-server/defaults/main.yml new file mode 100644 index 0000000..7730106 --- /dev/null +++ b/zabbix-server/defaults/main.yml @@ -0,0 +1,98 @@ +--- +# defaults file; +# zabbix role specific + +zabbix_url: zabbix.example.com +zabbix_url_aliases: [] +zabbix_version: 3.2 +zabbix_timezone: Europe/Amsterdam +zabbix_repo: zabbix +zabbix_vhost: True +zabbix_web: true +zabbix_database_creation: True +zabbix_database_sqlload: True + +# Database +database_type: pgsql +database_type_long: postgresql + +# zabbix-server specific vars +server_listenport: 10051 +server_sourceip: +server_logfile: /var/log/zabbix/zabbix_server.log +server_logfilesize: 10 +server_debuglevel: 3 +server_pidfile: /var/run/zabbix/zabbix_server.pid +server_dbhost: localhost +server_dbname: zabbix-server +server_dbencoding: utf8 +server_dbcollation: utf8_bin +server_dbschema: +server_dbuser: zabbix-server +server_dbpassword: zabbix-server +server_dbsocket: +server_dbport: +server_startpollers: 5 +server_startipmipollers: 0 +server_startpollersunreachable: 1 +server_starttrappers: 5 +server_startpingers: 1 +server_startdiscoverers: 1 +server_starthttppollers: 1 +server_starttimers: 1 +server_javagateway: +server_javagatewayport: 10052 +server_startjavapollers: 5 +server_startvmwarecollectors: 0 +server_vmwarefrequency: 60 +server_vmwarecachesize: 8M +server_snmptrapperfile: /tmp/zabbix_traps.tmp +server_startsnmptrapper: 0 +server_listenip: +server_housekeepingfrequency: 1 +server_maxhousekeeperdelete: 500 +server_senderfrequency: 30 +server_cachesize: 8M +server_cacheupdatefrequency: 60 +server_startdbsyncers: 4 +server_historycachesize: 8M +server_historyindexcachesize: 4M +server_trendcachesize: 4M +server_historytextcachesize: 16M +server_valuecachesize: 8M +server_nodenoevents: 0 +server_nodenohistory: 0 +server_timeout: 3 +server_trappertimeout: 300 +server_unreachableperiod: 45 +server_unavailabledelay: 60 +server_unreachabledelay: 15 +server_alertscriptspath: ${datadir}/zabbix/alertscripts +server_externalscripts: /usr/lib/zabbix/externalscripts +server_fpinglocation: /usr/sbin/fping +server_fping6location: /usr/sbin/fping6 +server_sshkeylocation: +server_logslowqueries: 0 +server_tmpdir: /tmp +server_startproxypollers: 1 +server_proxyconfigfrequency: 3600 +server_proxydatafrequency: 1 +server_allowroot: 0 +server_user: zabbix +server_include: /etc/zabbix/zabbix_server.conf.d +server_sslcertlocation: ${datadir}/zabbix/ssl/certs +server_sslkeylocation: ${datadir}/zabbix/ssl/keys +server_sslcalocation: +server_loadmodulepath: ${libdir}/modules +server_loadmodule: +server_tlscafile: +server_tlscrlfile: +server_tlscertfile: +server_tlskeyfile: +server_startescalators: 1 +server_vmwareperffrequency: 60 +server_vmwaretimeout: 10 + +# SELinux specific +selinux_allow_zabbix_can_network: False +selinux_allow_zabbix_can_http: False diff --git a/zabbix-server/handlers/main.yml b/zabbix-server/handlers/main.yml new file mode 100644 index 0000000..018e72e --- /dev/null +++ b/zabbix-server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# handlers file for wdijkerman.zabbix + +- name: zabbix-server restarted + service: name=zabbix-server state=restarted enabled=yes + tags: zabbix-server diff --git a/zabbix-server/meta/.galaxy_install_info b/zabbix-server/meta/.galaxy_install_info new file mode 100644 index 0000000..cdddef4 --- /dev/null +++ b/zabbix-server/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Thu Sep 8 09:18:48 2016', version: 0.6.0} diff --git a/zabbix-server/meta/main.yml b/zabbix-server/meta/main.yml new file mode 100644 index 0000000..121ddd0 --- /dev/null +++ b/zabbix-server/meta/main.yml @@ -0,0 +1,27 @@ +--- +galaxy_info: + author: Werner Dijkerman + description: Installing and maintaining zabbix-server for RedHat/Debian/Ubuntu. + company: myCompany.Dotcom + license: license (GPLv3) + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - lucid + - precise + - trusty + - xenial + - name: Debian + versions: + - squeeze + - wheezy + - jessie + categories: + - monitoring +dependencies: +- { role: apache } diff --git a/zabbix-server/molecule.yml b/zabbix-server/molecule.yml new file mode 100644 index 0000000..3059952 --- /dev/null +++ b/zabbix-server/molecule.yml @@ -0,0 +1,41 @@ +--- +molecule: + test: + sequence: + - destroy + - create + - converge + - verify + - destroy + +ansible: + playbook: playbook.yml + requirements_file: requirements.yml + config_file: ansible.cfg + group_vars: + mysql: + - database_type: mysql + database_type_long: mysql + postgresql: + - database_type: pgsql + database_type_long: postgresql + postgresql_pg_hba_conf: + - "host all all 127.0.0.1/32 trust" + - "host all all ::1/128 trust" + postgresql_pg_hba_local_ipv4: false + postgresql_pg_hba_local_ipv6: false + +docker: + containers: + - name: zabbix-server-mysql-centos + ansible_groups: + - mysql + image: milcom/centos7-systemd + image_version: latest + privileged: True + - name: zabbix-server-pgsql-centos + ansible_groups: + - postgresql + image: milcom/centos7-systemd + image_version: latest + privileged: True \ No newline at end of file diff --git a/zabbix-server/playbook.yml b/zabbix-server/playbook.yml new file mode 100644 index 0000000..fe3b6bc --- /dev/null +++ b/zabbix-server/playbook.yml @@ -0,0 +1,30 @@ +--- +- hosts: all + pre_tasks: + - name: "Installing which" + action: yum + name={{ item }} + state=installed + with_items: + - net-tools + - which + - libselinux-python + - name: "Add zabbix.example.com to hosts file." + action: shell echo '127.0.0.1 zabbix.example.com' >> /etc/hosts + - name: "Make sure we can sudo in the deployment" + lineinfile: dest=/etc/sudoers line="Defaults !requiretty" state=present + - name: "Make sure the docs are installed to" + lineinfile: dest=/etc/yum.conf line="tsflags=nodocs" state=absent + - name: "echo hosts" + action: shell cat /etc/hosts + register: my_hosts + - name: "Debug" + action: debug + var=my_hosts + + roles: + - role: galaxyprojectdotorg.postgresql + when: inventory_hostname in groups['postgresql'] + - role: geerlingguy.mysql + when: inventory_hostname in groups['mysql'] + - role: ansible-zabbix-server diff --git a/zabbix-server/requirements.yml b/zabbix-server/requirements.yml new file mode 100644 index 0000000..c76bde5 --- /dev/null +++ b/zabbix-server/requirements.yml @@ -0,0 +1,4 @@ +--- +- src: geerlingguy.apache +- src: geerlingguy.mysql +- src: galaxyprojectdotorg.postgresql diff --git a/zabbix-server/tasks/Debian.yml b/zabbix-server/tasks/Debian.yml new file mode 100644 index 0000000..3426e31 --- /dev/null +++ b/zabbix-server/tasks/Debian.yml @@ -0,0 +1,172 @@ +--- + +- name: "Debian | Set some facts" + set_fact: + apache_log: apache2 + datafiles_path: /usr/share/zabbix-server-{{ database_type }} + when: zabbix_version < 3.0 + tags: + - zabbix-server + - init + - config + +- name: "Debian | Set some facts for Zabbix 3.0" + set_fact: + apache_log: apache2 + datafiles_path: /usr/share/doc/zabbix-server-{{ database_type }} + when: zabbix_version >= 3.0 + tags: + - zabbix-server + - init + - config + +- name: "Debian | Installing repository Debian" + apt_repository: repo="deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ ansible_distribution_release }} main" + state=present + when: ansible_distribution == "Debian" and zabbix_repo == "zabbix" + tags: + - zabbix-server + - init + - config + +- name: "Debian | Installing repository Debian" + apt_repository: repo="deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ ansible_distribution_release }} main" + state=present + when: ansible_distribution == "Debian" and zabbix_repo == "zabbix" + tags: + - zabbix-server + - init + - config + +- name: "Debian | Installing repository Ubuntu" + apt_repository: repo="deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ ansible_distribution_release }} main" + state=present + when: ansible_distribution == "Ubuntu" and zabbix_repo == "zabbix" + tags: + - zabbix-server + - init + - config + +- name: "Debian | Installing repository Ubuntu" + apt_repository: repo="deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ ansible_distribution_release }} main" + state=present + when: ansible_distribution == "Ubuntu" and zabbix_repo == "zabbix" + tags: + - zabbix-server + - init + - config + +- name: "Debian | Install gpg key" + apt_key: id=79EA5ED4 + url=http://repo.zabbix.com/zabbix-official-repo.key + when: zabbix_repo == "zabbix" + tags: + - zabbix-server + - init + - config + +- name: "Debian | Installing zabbix-server-{{ database_type }}" + apt: pkg=zabbix-server-{{ database_type }} + state=present + update_cache=yes + tags: + - zabbix-server + - init + +- name: "Debian | Installing zabbix-clients" + apt: pkg={{ item }} + state=present + update_cache=yes + with_items: + - zabbix-agent + - zabbix-get + tags: + - zabbix-server + - init + +- name: "Debian | Install php7.0-{{ database_type }}" + apt: pkg=php7.0-{{ database_type }} + state=present + update_cache=yes + cache_valid_time=3600 + tags: + - zabbix-server + - init + +- name: "Debian | Install php requisites" + apt: pkg={{ item }} + state=present + update_cache=yes + cache_valid_time=3600 + with_items: + - php-bcmath + - php-mbstring + - php-xml + tags: + - zabbix-server + - init + +- name: "Debian | Install zabbix-web" + apt: pkg=zabbix-frontend-php + state=present + update_cache=yes + cache_valid_time=3600 + when: zabbix_web + tags: + - zabbix-server + - init + - config + +- name: "Debian | install apache vhost" + template: src=apache_vhost.conf.j2 + dest=/etc/zabbix/apache.conf + owner=root + group=root + mode=0644 + when: zabbix_vhost and zabbix_web + notify: restart apache + tags: + - zabbix-server + - init + - config + - apache + +- name: "Debian | Install Ansible module dependencies" + apt: name=python-psycopg2 + state=present + when: zabbix_database_creation + tags: + - zabbix-server + - init + +#- name: "Debian | Install Mysql Client package" +# apt: name={{ item }} +# state=present +# with_items: +# - mysql-client +# - MySQL-python +# when: database_type == 'mysql' and ansible_distribution == "Debian" +# tags: +# - zabbix-server +# - init +# - database + +- name: "Debian | Install Mysql Client package" + apt: name={{ item }} + state=present + with_items: + - mysql-client + - python-mysqldb + when: database_type == 'mysql' + tags: + - zabbix-server + - init + - database + +- name: "Debian | Install PostgreSQL Client package" + apt: name=postgresql state=present + when: database_type == 'pgsql' + tags: + - zabbix-server + - init + - database diff --git a/zabbix-server/tasks/RedHat.yml b/zabbix-server/tasks/RedHat.yml new file mode 100644 index 0000000..033feaf --- /dev/null +++ b/zabbix-server/tasks/RedHat.yml @@ -0,0 +1,143 @@ +--- +# Tasks specific for RedHat systems + +- name: "RedHat | Set short version name" + set_fact: + zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}" + tags: + - zabbix-server + +- name: "RedHat | Use Zabbix package name" + set_fact: + zabbix_server_package: "zabbix-server-{{ database_type }}" + when: zabbix_repo == "zabbix" + tags: + - zabbix-server + +- name: "RedHat | Use EPEL package name" + set_fact: + zabbix_server_package: "zabbix{{ zabbix_short_version }}-server-{{ database_type }}" + when: zabbix_repo == "epel" + tags: + - zabbix-server + +- name: "RedHat | Set some facts EPEL" + set_fact: + apache_log: httpd + datafiles_path: "/usr/share/zabbix-{{ database_type_long }}" + when: zabbix_repo == "epel" + tags: + - zabbix-server + +- name: "RedHat | Set some facts Zabbix" + set_fact: + apache_log: httpd + datafiles_path: "/usr/share/doc/zabbix-server-{{ database_type }}-{{ zabbix_version }}*/create" + when: zabbix_version != 3.0 + tags: + - zabbix-server + +- name: "RedHat | Set facts for Zabbix 3.0" + set_fact: + apache_log: httpd + datafiles_path: "/usr/share/doc/zabbix-server-{{ database_type }}-{{ zabbix_version }}*" + when: zabbix_version == 3.0 + tags: + - zabbix-server + +- name: "RedHat | Install basic repo file" + template: src=rhel.repo.j2 + dest=/etc/yum.repos.d/zabbix.repo + owner=root + group=root + mode=0644 + when: zabbix_repo == "zabbix" + tags: + - zabbix-server + +- name: "RedHat | Installing zabbix-server-{{ database_type }}" + yum: pkg={{ zabbix_server_package }} + state=present + tags: + - zabbix-server + +- name: "RedHat | Install zabbix-web-{{ database_type }}" + yum: pkg=zabbix-web-{{ database_type }} + state=present + when: zabbix_web + tags: + - zabbix-server + +- name: "RedHat | Install apache vhost" + template: src=apache_vhost.conf.j2 + dest=/etc/httpd/conf.d/zabbix.conf + owner=root + group=root + mode=0644 + when: zabbix_vhost and zabbix_web + notify: restart apache + tags: + - zabbix-server + +- name: "RedHat | Install Ansible module dependencies" + yum: name=python-psycopg2 + state=present + when: zabbix_database_creation + tags: + - zabbix-server + +- name: "RedHat | Install Mysql Client package RHEL7" + yum: name={{ item }} + state=present + with_items: + - mariadb + - MySQL-python + when: database_type == 'mysql' and ansible_distribution_major_version == "7" + tags: + - zabbix-server + +- name: "RedHat | Install Mysql Client package RHEL5 - 6" + yum: name={{ item }} + state=present + with_items: + - mysql + - MySQL-python + when: database_type == 'mysql' and ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5" + tags: + - zabbix-server + +- name: "RedHat | Install PostgreSQL client package" + yum: name=postgresql + state=latest + when: database_type == 'pgsql' + tags: + - zabbix-server + +- name: "RedHat | Install related SELinux package" + yum: name={{ item }} + state=present + with_items: + - libsemanage-python + when: zabbix_web or selinux_allow_zabbix_can_network + tags: + - zabbix-server + +- name: "RedHat | Enable httpd_can_connect_zabbix SELinux boolean" + seboolean: name={{ item }} + state=yes + persistent=yes + with_items: + - httpd_can_connect_zabbix + when: zabbix_web and selinux_allow_zabbix_can_http + tags: + - zabbix-server + +- name: "RedHat | Enable zabbix_can_network SELinux boolean" + seboolean: name={{ item }} + state=yes + persistent=yes + with_items: + - zabbix_can_network + when: selinux_allow_zabbix_can_network + tags: + - zabbix-server diff --git a/zabbix-server/tasks/main.yml b/zabbix-server/tasks/main.yml new file mode 100644 index 0000000..769c736 --- /dev/null +++ b/zabbix-server/tasks/main.yml @@ -0,0 +1,68 @@ +--- +# tasks file for wdijkerman.zabbix + +- name: "Get Apache version" + action: shell apachectl -v | grep 'version' | awk -F '/' '{ print $2 }'| awk '{ print $1 }' | cut -c 1-3 + register: apachectl_version + +- name: "Set correct apache_version" + set_fact: + apache_version: "{{ apachectl_version.stdout }}" + +- name: "Install the correct repository" + include: "RedHat.yml" + when: ansible_os_family == "RedHat" + tags: + - always + +- name: "Install the correct repository" + include: "Debian.yml" + when: ansible_os_family == "Debian" + tags: + - always + +- name: "Installing the postgresql database" + include: "postgresql.yml" + when: database_type_long == "postgresql" + tags: + - always + +- name: "Installing the mysql database" + include: "mysql.yml" + when: database_type_long == "mysql" + tags: + - always + +- name: "Configure zabbix-server" + template: src=zabbix_server.conf.j2 + dest=/etc/zabbix/zabbix_server.conf + owner=zabbix + group=zabbix + mode=0644 + notify: zabbix-server restarted + tags: + - zabbix-server + - init + - config + +- name: "Create include dir zabbix-server" + file: path={{ server_include }} + owner=zabbix + group=zabbix + state=directory + mode=0644 + tags: + - zabbix-server + - init + - config + +- name: "Configure zabbix-web" + template: src=zabbix.conf.php.j2 + dest=/etc/zabbix/web/zabbix.conf.php + owner=zabbix + group=zabbix + mode=0644 + tags: + - zabbix-server + - init + - config diff --git a/zabbix-server/tasks/mysql.yml b/zabbix-server/tasks/mysql.yml new file mode 100644 index 0000000..a15d339 --- /dev/null +++ b/zabbix-server/tasks/mysql.yml @@ -0,0 +1,63 @@ +--- +# task file for mysql +- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" + set_fact: + delegated_dbhost: "{{server_dbhost if (server_dbhost != 'localhost') else inventory_hostname}}" + +- name: "MySQL | Create database" + mysql_db: name={{ server_dbname }} + state=present + encoding={{ server_dbencoding }} + collation={{ server_dbcollation }} + when: zabbix_database_creation + delegate_to: "{{ delegated_dbhost }}" + tags: + - zabbix-server + - database + +- name: "MySQL | Create database user" + mysql_user: name={{ server_dbuser }} + password={{ server_dbpassword }} + priv={{ server_dbname }}.*:ALL + state=present + when: zabbix_database_creation + delegate_to: "{{ delegated_dbhost }}" + tags: + - zabbix-server + - database + +- name: "MySQL | Importing schema file" + shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < create.sql && touch /etc/zabbix/schema.done" + args: + creates: /etc/zabbix/schema.done + when: zabbix_version == 3.0 and zabbix_database_sqlload + tags: + - zabbix-server + - database + +- name: "MySQL | Importing schema file" + shell: "cd {{ datafiles_path }} && if [ -f schema.sql.gz ]; then gunzip schema.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < schema.sql && touch /etc/zabbix/schema.done" + args: + creates: /etc/zabbix/schema.done + when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database + +- name: "MySQL | Importing images file" + shell: "cd {{ datafiles_path }} && if [ -f images.sql.gz ]; then gunzip images.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < images.sql && touch /etc/zabbix/images.done" + args: + creates: /etc/zabbix/images.done + when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database + +- name: "MySQL | Importing data file" + shell: "cd {{ datafiles_path }} && if [ -f data.sql.gz ]; then gunzip data.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < data.sql && touch /etc/zabbix/data.done" + args: + creates: /etc/zabbix/data.done + when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database diff --git a/zabbix-server/tasks/postgresql.yml b/zabbix-server/tasks/postgresql.yml new file mode 100644 index 0000000..0160e5f --- /dev/null +++ b/zabbix-server/tasks/postgresql.yml @@ -0,0 +1,75 @@ +--- +# task file for postgresql + +- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" + set_fact: + delegated_dbhost: "{{ server_dbhost if (server_dbhost != 'localhost') else inventory_hostname }}" + +- name: "PostgreSQL | Create database" + postgresql_db: name={{ server_dbname }} + state=present + become: yes + become_user: postgres + delegate_to: "{{ delegated_dbhost }}" + when: zabbix_database_creation + tags: + - zabbix-server + - database + +- name: "PostgreSQL | Create database user" + postgresql_user: db={{ server_dbname }} + name={{ server_dbuser }} + password={{ server_dbpassword }} + priv=ALL + state=present + become: yes + become_user: postgres + delegate_to: "{{ delegated_dbhost }}" + when: zabbix_database_creation + tags: + - zabbix-server + - database + +- name: "PostgreSQL | Create schema" + shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f create.sql && touch /etc/zabbix/schema.done" + args: + creates: /etc/zabbix/schema.done + environment: + PGPASSWORD: '{{ server_dbpassword }}' + when: zabbix_version == 3.0 and zabbix_database_sqlload + tags: + - zabbix-server + - database + +- name: "PostgreSQL | Importing schema file" + shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f create.sql && touch /etc/zabbix/schema.done" + args: + creates: /etc/zabbix/schema.done + environment: + PGPASSWORD: '{{ server_dbpassword }}' + when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database + +- name: "PostgreSQL | Importing images file" + shell: "cd {{ datafiles_path }} && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f images.sql && touch /etc/zabbix/images.done" + args: + creates: /etc/zabbix/images.done + environment: + PGPASSWORD: '{{ server_dbpassword }}' + when: (zabbix_version < 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database + +- name: "PostgreSQL | Importing data file" + shell: "cd {{ datafiles_path }} && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f data.sql && touch /etc/zabbix/data.done" + args: + creates: /etc/zabbix/data.done + environment: + PGPASSWORD: '{{ server_dbpassword }}' + when: (zabbix_database_sqlload and zabbix_version < 3.0) or (zabbix_repo == "epel" and zabbix_database_sqlload) + tags: + - zabbix-server + - database diff --git a/zabbix-server/templates/apache_vhost.conf.j2 b/zabbix-server/templates/apache_vhost.conf.j2 new file mode 100644 index 0000000..b996e33 --- /dev/null +++ b/zabbix-server/templates/apache_vhost.conf.j2 @@ -0,0 +1,54 @@ + + ServerName {{ zabbix_url }} + ServerAlias {{ apachectl_version.stdout }} + {% for alias in zabbix_url_aliases %} + ServerAlias {{ alias }} + {% endfor %} + + ## Vhost docroot + DocumentRoot "/usr/share/zabbix" + +{% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/api', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %} + + + {% if apache_version|string() == '2.4' %} + Options FollowSymLinks + AllowOverride None + Require all granted + {% else %} + AllowOverride None + Order Allow,Deny + Allow from all + {% endif %} + + +{% for my_path in directory_paths %} + + {% if apache_version|string() == '2.4' %} + Require all granted + {% else %} + AllowOverride None + Order Deny,Allow + Deny from all + {% endif %} + + +{% endfor %} + ## Logging + ErrorLog "/var/log/{{ apache_log }}/{{ zabbix_url }}_error.log" + ServerSignature Off + CustomLog "/var/log/{{ apache_log }}/{{ zabbix_url }}_access.log" combined + + ## Rewrite rules + RewriteEngine On + RewriteRule ^$ /index.php [L] + + ## Custom fragment + php_value max_execution_time 300 + php_value memory_limit 128M + php_value post_max_size 16M + php_value upload_max_filesize 2M + php_value max_input_time 300 + # Set correct timezone. + php_value date.timezone {{ zabbix_timezone }} + diff --git a/zabbix-server/templates/rhel.repo.j2 b/zabbix-server/templates/rhel.repo.j2 new file mode 100644 index 0000000..e6a413b --- /dev/null +++ b/zabbix-server/templates/rhel.repo.j2 @@ -0,0 +1,13 @@ +[zabbix] +name=Zabbix Official Repository - $basearch +baseurl=http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/ +enabled=1 +gpgcheck=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + +[zabbix-non-supported] +name=Zabbix Official Repository non-supported - $basearch +baseurl=http://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/ +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX +gpgcheck=0 diff --git a/zabbix-server/templates/zabbix.conf.php.j2 b/zabbix-server/templates/zabbix.conf.php.j2 new file mode 100644 index 0000000..a833396 --- /dev/null +++ b/zabbix-server/templates/zabbix.conf.php.j2 @@ -0,0 +1,20 @@ + diff --git a/zabbix-server/templates/zabbix_server.conf.j2 b/zabbix-server/templates/zabbix_server.conf.j2 new file mode 100644 index 0000000..879532d --- /dev/null +++ b/zabbix-server/templates/zabbix_server.conf.j2 @@ -0,0 +1,495 @@ +# this is a configuration file for zabbix server process +# to get more information about zabbix, +# visit http://www.zabbix.com + +############ general parameters ################# +### option: listenport +# listen port for trapper. +# +ListenPort={{ server_listenport }} + +### option: sourceip +# source ip address for outgoing connections. +# +{% if server_sourceip is defined and server_sourceip %} +SourceIP={{ server_sourceip }} +{% endif %} + +### option: logfile +# name of log file. +# if not set, syslog is used. +# +LogFile={{ server_logfile }} + +### option: logfilesize +# maximum size of log file in mb. +# 0 - disable automatic log rotation. +# +LogFileSize={{ server_logfilesize }} + +### option: debuglevel +# specifies debug level +# 0 - no debug +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# +DebugLevel={{ server_debuglevel }} + +### option: pidfile +# name of pid file. +# +PidFile={{ server_pidfile }} + +### option: dbhost +# database host name. +# if set to localhost, socket is used for mysql. +# if set to empty string, socket is used for postgresql. +# +DBHost={{ server_dbhost }} + +### option: dbname +# database name. +# for sqlite3 path to database file must be provided. dbuser and dbpassword are ignored. +# +DBName={{ server_dbname }} + +### option: dbschema +# schema name. used for ibm db2. +# +{% if server_dbschema is defined and server_dbschema %} +DBSchema={{ server_dbschema }} +{% endif %} + +### option: dbuser +# database user. ignored for sqlite. +# +DBUser={{ server_dbuser }} + +### option: dbpassword +# database password. ignored for sqlite. +# comment this line if no password is used. +# +DBPassword={{ server_dbpassword }} + +### option: dbsocket +# path to mysql socket. +# +{% if server_dbsocket is defined and server_dbsocket %} +DBSocket={{ server_dbsocket }} +{% endif %} + +### option: dbport +# database port when not using local socket. ignored for sqlite. +# +{% if server_dbport is defined and server_dbport %} +DBPort={{ server_dbport }} +{% endif %} + +############ advanced parameters ################ + +### option: startpollers +# number of pre-forked instances of pollers. +# +StartPollers={{ server_startpollers }} + +### option: startipmipollers +# number of pre-forked instances of ipmi pollers. +# +StartIPMIPollers={{ server_startipmipollers }} + +### option: startpollersunreachable +# number of pre-forked instances of pollers for unreachable hosts (including ipmi). +# +StartPollersUnreachable={{ server_startpollersunreachable }} + +### option: starttrappers +# number of pre-forked instances of trappers. +# trappers accept incoming connections from zabbix sender, active agents, active proxies and child nodes. +# at least one trapper process must be running to display server availability in the frontend. +# +StartTrappers={{ server_starttrappers }} + +### option: startpingers +# number of pre-forked instances of icmp pingers. +# +StartPingers={{ server_startpingers }} + +### option: startdiscoverers +# number of pre-forked instances of discoverers. +# +StartDiscoverers={{ server_startdiscoverers }} + +### option: starthttppollers +# number of pre-forked instances of http pollers. +# +StartHTTPPollers={{ server_starthttppollers }} + +{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %} +### option: starttimers +# number of pre-forked instances of timers. +# timers process time-based trigger functions and maintenance periods. +# only the first timer process handles the maintenance periods. +# +StartTimers={{ server_starttimers }} +{% endif %} + +{% if zabbix_version == '3.0' %} +### Option: StartEscalators +# Number of pre-forked instances of escalators. +# +StartEscalators={{ server_startescalators }} +{% endif %} + +### option: javagateway +# ip address (or hostname) of zabbix java gateway. +# only required if java pollers are started. +# +{% if server_javagateway is defined and server_javagateway %} +JavaGateway={{ server_javagateway }} + +### option: javagatewayport +# port that zabbix java gateway listens on. +# +JavaGatewayPort={{ server_javagatewayport }} + +### option: startjavapollers +# number of pre-forked instances of java pollers. +# +StartJavaPollers={{ server_startjavapollers }} +{% endif %} + +{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %} +### option: startvmwarecollectors +# number of pre-forked vmware collector instances. +# +StartVMwareCollectors={{ server_startvmwarecollectors }} + +### option: vmwarefrequency +# how often zabbix will connect to vmware service to obtain a new data. +# +VMwareFrequency={{ server_vmwarefrequency }} + +{% if zabbix_version == '3.0' %} +### Option: VMwarePerfFrequency +# How often Zabbix will connect to VMware service to obtain performance data. +# +# Mandatory: no +VMwarePerfFrequency={{ server_vmwareperffrequency }} +{% endif %} + +### option: vmwarecachesize +# size of vmware cache, in bytes. +# shared memory size for storing vmware data. +# only used if vmware collectors are started. +# +VMwareCacheSize={{ server_vmwarecachesize }} +{% endif %} + +{% if zabbix_version == '3.0' %} +### Option: VMwareTimeout +# Specifies how many seconds vmware collector waits for response from VMware service. +# +VMwareTimeout={{ server_vmwaretimeout }} +{% endif %} + +### option: snmptrapperfile +# temporary file used for passing data from snmp trap daemon to the server. +# must be the same as in zabbix_trap_receiver.pl or snmptt configuration file. +# +SNMPTrapperFile={{ server_snmptrapperfile }} + +### option: startsnmptrapper +# if 1, snmp trapper process is started. +# +StartSNMPTrapper={{ server_startsnmptrapper }} + +### option: listenip +# list of comma delimited ip addresses that the trapper should listen on. +# trapper will listen on all network interfaces if this parameter is missing. +# +{% if server_listenip is defined and server_listenip %} +ListenIp={{ server_listenip }} +{% endif %} + +### option: housekeepingfrequency +# how often zabbix will perform housekeeping procedure (in hours). +# housekeeping is removing unnecessary information from history, alert, and alarms tables. +# +HousekeepingFrequency={{ server_housekeepingfrequency }} + +### option: maxhousekeeperdelete +# the table "housekeeper" contains "tasks" for housekeeping procedure in the format: +# [housekeeperid], [tablename], [field], [value]. +# no more than 'maxhousekeeperdelete' rows (corresponding to [tablename], [field], [value]) +# will be deleted per one task in one housekeeping cycle. +# sqlite3 does not use this parameter, deletes all corresponding rows without a limit. +# if set to 0 then no limit is used at all. in this case you must know what you are doing! +# +MaxHousekeeperDelete={{ server_maxhousekeeperdelete }} + +### option: senderfrequency +# how often zabbix will try to send unsent alerts (in seconds). +# +SenderFrequency={{ server_senderfrequency }} + +### option: cachesize +# size of configuration cache, in bytes. +# shared memory size for storing host, item and trigger data. +# +CacheSize={{ server_cachesize }} + +### option: cacheupdatefrequency +# how often zabbix will perform update of configuration cache, in seconds. +# +CacheUpdateFrequency={{ server_cacheupdatefrequency }} + +### option: startdbsyncers +# number of pre-forked instances of db syncers +# +StartDBSyncers={{ server_startdbsyncers }} + +### option: historycachesize +# size of history cache, in bytes. +# shared memory size for storing history data. +# +HistoryCacheSize={{ server_historycachesize }} + +{% if zabbix_version == '3.0' %} +### Option: HistoryIndexCacheSize +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. +# +HistoryIndexCacheSize={{ server_historyindexcachesize }} +{% endif %} + +### option: trendcachesize +# size of trend cache, in bytes. +# shared memory size for storing trends data. +# +TrendCacheSize={{ server_trendcachesize }} + +{% if zabbix_version < 3.0 %} +### option: historytextcachesize +# size of text history cache, in bytes. +# shared memory size for storing character, text or log history data. +# +HistoryTextCacheSize={{ server_historytextcachesize }} +{% endif %} + +{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %} +### option: valuecachesize +# size of history value cache, in bytes. +# shared memory size for caching item history data requests +# setting to 0 disables value cache. +# +ValueCacheSize={{ server_valuecachesize }} +{% endif %} + +{% if zabbix_version == '2.4' %} +### option: nodenoevents +# if set to '1' local events won't be sent to master node. +# this won't impact ability of this node to propagate events from its child nodes. +# +NodeNoEvents={{ server_nodenoevents }} + +### option: nodenohistory +# if set to '1' local history won't be sent to master node. +# this won't impact ability of this node to propagate history from its child nodes. +# +NodeNoHistory={{ server_nodenohistory }} +{% endif %} + +### option: timeout +# specifies how long we wait for agent, snmp device or external check (in seconds). +# +Timeout={{ server_timeout }} + +### option: trappertimeout +# specifies how many seconds trapper may spend processing new data. +# +TrapperTimeout={{ server_trappertimeout }} + +### option: unreachableperiod +# after how many seconds of unreachability treat a host as unavailable. +# +UnreachablePeriod={{ server_unreachableperiod }} + +### option: unavailabledelay +# how often host is checked for availability during the unavailability period, in seconds. +# +UnavailableDelay={{ server_unavailabledelay }} + +### option: unreachabledelay +# how often host is checked for availability during the unreachability period, in seconds. +# +UnreachableDelay={{ server_unreachabledelay }} + +### option: alertscriptspath +# full path to location of custom alert scripts. +# default depends on compilation options. +# +AlertScriptsPath={{ server_alertscriptspath }} + +### option: externalscripts +# full path to location of external scripts. +# default depends on compilation options. +# +ExternalScripts={{ server_externalscripts }} + +### option: fpinglocation +# location of fping. +# make sure that fping binary has root ownership and suid flag set. +# +FpingLocation={{ server_fpinglocation }} + +### option: fping6location +# location of fping6. +# make sure that fping6 binary has root ownership and suid flag set. +# make empty if your fping utility is capable to process ipv6 addresses. +# +Fping6Location={{ server_fping6location }} + +### option: sshkeylocation +# location of public and private keys for ssh checks and actions. +# +{% if server_sshkeylocation is defined and server_sshkeylocation %} +SSHKeyLocation={{ server_sshkeylocation }} +{% endif %} + +### option: logslowqueries +# how long a database query may take before being logged (in milliseconds). +# only works if debuglevel set to 3 or 4. +# 0 - don't log slow queries. +# +LogSlowQueries={{ server_logslowqueries }} + +### option: tmpdir +# temporary directory. +# +TmpDir={{ server_tmpdir }} + +### option: startproxypollers +# number of pre-forked instances of pollers for passive proxies. +# +StartProxyPollers={{ server_startproxypollers }} + +### option: proxyconfigfrequency +# how often zabbix server sends configuration data to a zabbix proxy in seconds. +# this parameter is used only for proxies in the passive mode. +# +ProxyConfigFrequency={{ server_proxyconfigfrequency }} + +### option: proxydatafrequency +# how often zabbix server requests history data from a zabbix proxy in seconds. +# this parameter is used only for proxies in the passive mode. +# +ProxyDataFrequency={{ server_proxydatafrequency }} + +{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0'%} +### option: allowroot +# allow the server to run as 'root'. if disabled and the server is started by 'root', the server +# will try to switch to user 'zabbix' instead. has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +AllowRoot={{ server_allowroot }} +{% endif %} + +{% if zabbix_version == '3.0' %} +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +User={{ server_user }} +{% endif %} + +### option: include +# you may include individual files or all files in a directory in the configuration file. +# installing zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +Include={{ server_include }} + +{% if zabbix_version == '3.0' %} +### Option: SSLCertLocation +# Location of SSL client certificates. +# This parameter is used only in web monitoring. +# +SSLCertLocation={{ server_sslcertlocation }} + +### Option: SSLKeyLocation +# Location of private keys for SSL client certificates. +# This parameter is used only in web monitoring. +# +SSLKeyLocation={{ server_sslkeylocation }} + +### Option: SSLCALocation +# Override the location of certificate authority (CA) files for SSL server certificate verification. +# If not set, system-wide directory will be used. +# This parameter is used only in web monitoring and SMTP authentication. +# +{% if server_sslcalocation is defined and server_sslcalocation is not none %} +SSLCALocation={{ server_sslcalocation }} +{% endif %} +{% endif %} + +####### loadable modules ####### +{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %} +### option: loadmodulepath +# full path to location of server modules. +# default depends on compilation options. +# +LoadModulePath={{ server_loadmodulepath }} +{% endif %} + +### option: loadmodule +# module to load at server startup. modules are used to extend functionality of the server. +# format: loadmodule= +# the modules must be located in directory specified by loadmodulepath. +# it is allowed to include multiple loadmodule parameters. +# +{% if server_loadmodule is defined and server_loadmodule %} +LoadModule = {{ loadmodule }} +{% endif %} + +{% if zabbix_version == '3.0' %} +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +{% if server_tlscafile is defined and server_tlscafile is not none %} +TLSCAFile={{ server_tlscafile }} +{% endif %} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +{% if server_tlscrlfile is defined and server_tlscrlfile is not none %} +TLSCRLFile={{ server_tlscrlfile }} +{% endif %} + +### Option: TLSCertFile +# Full pathname of a file containing the server certificate or certificate chain. +# +# Mandatory: no +# Default: +{% if server_tlscertfile is defined and server_tlscertfile is not none %} +TLSCertFile={{ server_tlscertfile }} +{% endif %} + +### Option: TLSKeyFile +# Full pathname of a file containing the server private key. +# +# Mandatory: no +# Default: +{% if server_tlskeyfile is defined and server_tlskeyfile is not none %} +TLSKeyFile={{ server_tlskeyfile }} +{% endif %} +{% endif %} diff --git a/zabbix-server/tests/inventory b/zabbix-server/tests/inventory new file mode 100644 index 0000000..e35fafa --- /dev/null +++ b/zabbix-server/tests/inventory @@ -0,0 +1,6 @@ +localhost +[mysql] +zabbix-server-mysql-centos + +[postgresql] +zabbix-server-pgsql-centos diff --git a/zabbix-server/tests/test.yml b/zabbix-server/tests/test.yml new file mode 100644 index 0000000..0f40aec --- /dev/null +++ b/zabbix-server/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-zabbix-agent \ No newline at end of file diff --git a/zabbix-server/tests/test_default.py b/zabbix-server/tests/test_default.py new file mode 100644 index 0000000..0e4c12e --- /dev/null +++ b/zabbix-server/tests/test_default.py @@ -0,0 +1,89 @@ +from testinfra.utils.ansible_runner import AnsibleRunner +import pytest +import requests + +testinfra_hosts = AnsibleRunner('.molecule/ansible_inventory').get_hosts('all') + + +def test_zabbiserver_running_and_enabled(Service): + zabbix = Service("zabbix-server") + assert zabbix.is_enabled + assert zabbix.is_running + + +@pytest.mark.parametrize("server, web", [ + ("zabbix-server-pgsql", "zabbix-web-pgsql"), + ("zabbix-server-mysql", "zabbix-web-mysql"), +]) +def test_zabbix_package(Package, TestinfraBackend, server, web, SystemInfo): + host = TestinfraBackend.get_hostname() + host = host.replace("-centos", "") + host = host.replace("-debian", "") + + if host == server: + zabbix_server = Package(server) + zabbix_web = Package(web) + assert zabbix_server.is_installed + assert zabbix_web.is_installed + + if SystemInfo.distribution == 'debian': + assert zabbix_server.version.startswith("1:3.0") + assert zabbix_web.version.startswith("1:3.0") + elif SystemInfo.distribution == 'centos': + assert zabbix_server.version.startswith("3.0") + assert zabbix_web.version.startswith("3.0") + + +def test_socket(Socket): + assert Socket("tcp://0.0.0.0:10051").is_listening + + +def test_zabbix_server_dot_conf(File): + zabbix_server_conf = File("/etc/zabbix/zabbix_server.conf") + assert zabbix_server_conf.user == "zabbix" + assert zabbix_server_conf.group == "zabbix" + assert zabbix_server_conf.mode == 0o644 + + assert zabbix_server_conf.contains("ListenPort=10051") + assert zabbix_server_conf.contains("DBHost=localhost") + assert zabbix_server_conf.contains("DebugLevel=3") + + +def test_zabbix_include_dir(File): + zabbix_include_dir = File("/etc/zabbix/zabbix_server.conf.d") + assert zabbix_include_dir.is_directory + assert zabbix_include_dir.user == "zabbix" + assert zabbix_include_dir.group == "zabbix" + # assert zabbix_include_dir.mode == 0o644 + + +def test_zabbix_web(File): + zabbix_web = File("/etc/zabbix/web/zabbix.conf.php") + assert zabbix_web.user == "zabbix" + assert zabbix_web.group == "zabbix" + assert zabbix_web.mode == 0o644 + + +# def test_http_status(): +# zabbix = requests.get('http://zabbix.example.com') +# zabbix_status_code = zabbix.status_code +# assert zabbix_status_code == 200 +# +# +# def test_http_api_login(): +# data_login = '{"params": {"password":"zabbix", "user":"Admin"}, "jsonrpc":"2.0", "method":"user.login", "id":0}' +# headers = {'Content-Type': 'application/json-rpc'} +# zabbix = requests.post('http://zabbix.example.com/api_jsonrpc.php', data=data_login, headers=headers, timeout=30) +# zabbix_api_status = zabbix.status_code +# zabbix_api_json = zabbix.json() +# assert zabbix_api_status == 200 +# assert zabbix_api_json['id'] == 0 +# +# zabbix_api_token = zabbix_api_json['result'] +# data_search = '''{"jsonrpc": "2.0","method": "host.get","params": +# {"output": "extend","filter": {"host": ["Zabbix server"]}},"auth":"''' + zabbix_api_token + '''","id": 1}''' +# zabbix = requests.post('http://zabbix.example.com/api_jsonrpc.php', data=data_search, headers=headers, timeout=30) +# zabbix_api_search_status = zabbix.status_code +# zabbix_api_search_json = zabbix.json() +# assert zabbix_api_search_status == 200 +# assert zabbix_api_search_json['result'][0]['host'] == 'Zabbix server' diff --git a/zabbix-server/vars/main.yml b/zabbix-server/vars/main.yml new file mode 100644 index 0000000..5be481a --- /dev/null +++ b/zabbix-server/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for dj-wasabi.zabbix