paulbsd/ansible-zabbix
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added roles, vagrantfile, and playbook

Browse Source
This commit is contained in:
Paul Lecuq 2017-01-17 17:59:08 +01:00
commit 5c1a6f2ec4
50 changed files with 2369 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Vagrantfile vendored Normal file
View File

@ -0,0 +1,15 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.hostname = "zabbix.example.com"
config.vm.network "public_network"
config.vm.provider "virtualbox" do |vb|
vb.gui = true
vb.memory = "1024"
end
config.vm.provision "ansible_local" do |ansible|
ansible.playbook = "zabbix-server.yml"
end
end

64
apache/.travis.yml Normal file
View File

@ -0,0 +1,64 @@
---
sudo: required
env:
global:
# https://github.com/travis-ci/travis-ci/issues/6461#issuecomment-239577306
DOCKER_VERSION: "1.9.1-0~trusty"
matrix:
- repository: geerlingguy/docker-centos7-ansible
version: latest
init: /usr/lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- repository: geerlingguy/docker-centos6-ansible
version: latest
init: /sbin/init
run_opts: ""
- repository: geerlingguy/docker-ubuntu1604-ansible
version: latest
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- repository: geerlingguy/docker-ubuntu1404-ansible
version: latest
init: /sbin/init
run_opts: ""
- repository: geerlingguy/docker-ubuntu1204-ansible
version: latest
init: /sbin/init
run_opts: ""
services:
- docker
before_install:
# Downgrade to specific version of Docker engine.
- sudo apt-get update
- sudo apt-get remove docker-engine -yq
- sudo apt-get install docker-engine=$DOCKER_VERSION -yq --no-install-suggests --no-install-recommends --force-yes -o Dpkg::Options::="--force-confnew"
# Pull container.
- 'sudo docker pull ${repository}:${version}'
script:
- container_id=$(mktemp)
# Run container in detached state.
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${repository}:${version} "${init}" > "${container_id}"'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml'
# Test role idempotence.
- >
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Clean up
- 'sudo docker stop "$(cat ${container_id})"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

124
apache/README.md Normal file
View File

@ -0,0 +1,124 @@
# Ansible Role: Apache 2.x
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache)
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
apache_enablerepo: ""
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
apache_vhosts_ssl: []
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
apache_vhosts_ssl:
- {
servername: "local.dev",
documentroot: "/var/www/html",
certificate_file: "/home/vagrant/example.crt",
certificate_key_file: "/home/vagrant/example.key",
certificate_chain_file: "/path/to/certificate_chain.crt"
}
Other SSL directives can be managed with other SSL-related role variables.
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
apache_packages:
- [platform-specific]
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
apache_state: started
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
*Inside `vars/main.yml`*:
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

44
apache/defaults/main.yml Normal file
View File

@ -0,0 +1,44 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_vhosts_ssl: []
# Additional properties: 'serveradmin, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started

5
apache/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: restarted

1
apache/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1 @@
{install_date: 'Thu Sep 8 09:18:57 2016', version: 1.7.3}

31
apache/meta/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- precise
- raring
- saucy
- trusty
- xenial
- name: Suse
versions:
- all
- name: Solaris
versions:
- 11.3
galaxy_tags:
- web

54
apache/tasks/configure-Debian.yml Normal file
View File

@ -0,0 +1,54 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/ports.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Enable Apache mods.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: link
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods.
file:
path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: "path={{ item.certificate_file }}"
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts
- name: Add vhost symlink in sites-enabled.
file:
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
state: link
notify: restart apache
when: apache_create_vhosts
- name: Remove default vhost in sites-enabled.
file:
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
state: absent
notify: restart apache
when: apache_remove_default_vhost

24
apache/tasks/configure-RedHat.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

19
apache/tasks/configure-Solaris.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

24
apache/tasks/configure-Suse.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/listen.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

58
apache/tasks/main.yml Normal file
View File

@ -0,0 +1,58 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define apache_packages.
set_fact:
apache_packages: "{{ __apache_packages | list }}"
when: apache_packages is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Suse.yml
when: ansible_os_family == 'Suse'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include: setup-Solaris.yml
when: ansible_os_family == 'Solaris'
# Figure out what version of Apache is installed.
- name: Get installed version of Apache.
shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
changed_when: false
always_run: yes
register: _apache_version
- name: Create apache_version variable.
set_fact:
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
- include_vars: apache-22.yml
when: "apache_version.split('.')[1] == '2'"
- include_vars: apache-24.yml
when: "apache_version.split('.')[1] == '4'"
# Configure Apache.
- include: configure-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: configure-Suse.yml
when: ansible_os_family == 'Suse'
- include: configure-Debian.yml
when: ansible_os_family == 'Debian'
- include: configure-Solaris.yml
when: ansible_os_family == 'Solaris'
- name: Ensure Apache has selected state and enabled on boot.
service:
name: "{{ apache_service }}"
state: "{{ apache_state }}"
enabled: yes

7
apache/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=3600
- name: Ensure Apache is installed on Debian.
apt: "name={{ item }} state=installed"
with_items: "{{ apache_packages }}"

7
apache/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Ensure Apache is installed on RHEL.
yum:
name: "{{ item }}"
state: installed
enablerepo: "{{ apache_enablerepo }}"
with_items: "{{ apache_packages }}"

6
apache/tasks/setup-Solaris.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure Apache is installed on Solaris.
pkg5:
name: "{{ item }}"
state: installed
with_items: "{{ apache_packages }}"

6
apache/tasks/setup-Suse.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure Apache is installed on Suse.
zypper:
name: "{{ item }}"
state: installed
with_items: "{{ apache_packages }}"

82
apache/templates/vhosts.conf.j2 Normal file
View File

@ -0,0 +1,82 @@
{{ apache_global_vhost_settings }}
{# Set up VirtualHosts #}
{% for vhost in apache_vhosts %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endfor %}
{# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }}
{% endif %}
SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }}
SSLProtocol {{ apache_ssl_protocol }}
SSLHonorCipherOrder On
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
SSLCertificateFile {{ vhost.certificate_file }}
SSLCertificateKeyFile {{ vhost.certificate_key_file }}
{% if vhost.certificate_chain_file is defined %}
SSLCertificateChainFile {{ vhost.certificate_chain_file }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endif %}
{% endfor %}

13
apache/tests/test.yml Normal file
View File

@ -0,0 +1,13 @@
---
- hosts: all
vars:
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
roles:
- role_under_test

14
apache/vars/Debian.yml Normal file
View File

@ -0,0 +1,14 @@
---
apache_service: apache2
apache_daemon: apache2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2
__apache_packages:
- apache2
- apache2-utils
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

20
apache/vars/RedHat.yml Normal file
View File

@ -0,0 +1,20 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- httpd
- httpd-devel
- mod_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

19
apache/vars/Solaris.yml Normal file
View File

@ -0,0 +1,19 @@
---
apache_service: apache24
apache_daemon: httpd
apache_daemon_path: /usr/apache2/2.4/bin/
apache_server_root: /etc/apache2/2.4/
apache_conf_path: /etc/apache2/2.4/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- web/server/apache-24
- web/server/apache-24/module/apache-ssl
- web/server/apache-24/module/apache-security
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

18
apache/vars/Suse.yml Normal file
View File

@ -0,0 +1,18 @@
---
apache_service: apache2
apache_daemon: httpd2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- apache2
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

12
apache/vars/apache-22.yml Normal file
View File

@ -0,0 +1,12 @@
---
apache_vhosts_version: "2.2"
apache_default_vhost_filename: 000-default
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}
- {
regexp: "^#?NameVirtualHost ",
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
}

8
apache/vars/apache-24.yml Normal file
View File

@ -0,0 +1,8 @@
---
apache_vhosts_version: "2.4"
apache_default_vhost_filename: 000-default.conf
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}

12
zabbix-server.yml Normal file
View File

@ -0,0 +1,12 @@
- hosts: all
become: yes
user: root
roles:
- apache
- zabbix-server
vars:
zabbix_url: zabbix.example.com
zabbix_version: 3.2
zabbix_timezone: Europe/Paris
database_type: pgsql
database_type_long: postgresql

8
zabbix-server/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
.kitchen/
.idea/
.bundle/
vendor/
*.retry
.molecule
.cache
__pycache__

19
zabbix-server/.travis.yml Normal file
View File

@ -0,0 +1,19 @@
---
sudo: required
language: python
services:
- docker
before_install:
- sudo apt-get -qq update
- sudo apt-get install -o Dpkg::Options::="--force-confold" --force-yes -y docker-engine
install:
- pip install molecule ansible
script:
- molecule --version
- ansible --version
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

57
zabbix-server/CHANGELOG.md Normal file
View File

@ -0,0 +1,57 @@
#ansible-zabbix-server Release
Below an overview of all changes in the releases.
Version (Release date)
0.6.0 (2016-08-24)
* Removed Test Kitchen tests, added molecule tests
* Added collation and encoding for MySQL databases #23
* Add SELinux specifics #19 (By pull request: mescanef (Thanks!))
* Fixes in the README.md file #18 (By pull request: mescanef (Thanks!))
* Fix for: zabbix_repo - inconsistent use between server and agent roles. #17
* Fix for: apache 2.2. and 2.4 #15
0.5.1 (2016-04-03)
* Fix for: zabbix_server.conf file mode #14
* Fix for: Support for v3+ Server Configuration #13
0.5.0 (2016-03-28)
* Zabbix 3.0
* MySQL database creation on other host (delegation)
0.4.0 (2016-02-05)
* fix #2: server_dbhost allows for remote database but role does not fully support setting up on remote db #11 (By pull request: lhoss (Thanks!))
* Added basic travis test
* Fixed installation on Debian / Ubuntu for installing mysqldb-python package.
0.3.0 (2015-11-24)
* Add test-kitchen #7 (By pull request: kostyrevaa (Thanks!))
* Force apt cache update after installing Zabbix's gpg key #8 (By pull request: SAL-e (Thanks!))
* tasks/mysql.yml - [add] install mysql client on RHEL base 7 #9 (By pull request: clopnis (Thanks!))
* Updated test-kitchen tests
* Added BATS tests
* Added CHANGELOG.md file
0.2.1 (2015-06-30)
* Fix unzip schema files for RedHat #5 (By pull request: kostyrevaa (Thanks!))
* Fix missed required space #6 (By pull request: kostyrevaa (Thanks!))
0.2.0 (2015-03-20)
* Various fixes #3 (By pull request: srvg (Thanks!))
* Add optional configuration for Apache virtualhost aliases #4 (By pull request: srvg (Thanks!))
0.1.0 (2015-02-01)
* Two minor changes for installation #1 (By pull request: drmikecrowe (Thanks!))
0.0.1 (2014-10-31)
* Initial creation

183
zabbix-server/README.md Normal file
View File

@ -0,0 +1,183 @@
Table of Contents
1. [Overview](#overview)
2. [Requirements for this role](#requirements)
* [List of Operating systems](#operating-systems)
* [List supported Zabbix versions](#zabbix-version)
3. [Installing this role](#installation)
4. [Overview of variables which can be used](#role-variables)
* [Main variables](#main-variables)
* [Zabbix 3 variables](#zabbix-3)
* [Database variables](#databases)
4. [Dependencies](#dependencies)
5. [Example of using this role](#example-playbook)
* [ Vars in role configuration](#vars-in-role-configuration)
* [Combination of group_vars and playbook](#combination-of-group_vars-and-playbook)
6. [Test Kitchen](#test-kitchen)
7. [Extra information](#extra-information)
8. [License](#license)
9. [Author Information](#author-information)
#Overview
Build Status:
[![Build Status](https://travis-ci.org/dj-wasabi/ansible-zabbix-server.svg?branch=master)](https://travis-ci.org/dj-wasabi/ansible-zabbix-server)
This is an role for installing and maintaining the zabbix-server.
This is one of the 'dj-wasabi' roles which configures your whole zabbix environment. See an list for the complete list:
* zabbix-server (https://galaxy.ansible.com/dj-wasabi/zabbix-server/)
* zabbix-proxy (https://galaxy.ansible.com/dj-wasabi/zabbix-proxy/)
* zabbix-javagateway (https://galaxy.ansible.com/dj-wasabi/zabbix-javagateway/)
* zabbix-agent (https://galaxy.ansible.com/dj-wasabi/zabbix-agent/)
#Requirements
##Operating systems
This role will work on the following operating systems:
* Red Hat
* Debian
* Ubuntu
So, you'll need one of those operating systems.. :-)
Please sent Pull Requests or suggestions when you want to use this role for other Operating systems.
##Zabbix Versions
See the following list of supported Operating systems with the Zabbix releases:
Zabbix 3.0:
* CentOS 5.x, 6.x, 7.x
* Amazon 5.x, 6.x, 7.x
* RedHat 5.x, 6.x, 7.x
* OracleLinux 5.x, 6.x, 7.x
* Scientific Linux 5.x, 6.x, 7.x
* Ubuntu 14.04
* Debian 7, 8
Zabbix 2.4:
* CentOS 6.x, 7.x
* Amazon 6.x, 7.x
* RedHat 6.x, 7.x
* OracleLinux 6.x, 7.x
* Scientific Linux 6.x, 7.x
* Ubuntu 12.04 14.04
* Debian 7
Zabbix 2.2:
* CentOS 5.x, 6.x
* RedHat 5.x, 6.x
* OracleLinux 5.x, 6.x
* Scientific Linux 5.x, 6.x
* Ubuntu 12.04
* Debian 7
* xenserver 6
#Installation
Installing this role is very simple: `ansible-galaxy install dj-wasabi.zabbix-server`
#Role Variables
## Main variables
There are some variables in de default/main.yml which can (Or needs to) be changed/overriden:
* `zabbix_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook"
* `zabbix_version`: This is the version of zabbix. Default it is 3.0, but can be overriden to 2.4, 2.2 or 2.0.
* `zabbix_timezone`: This is the timezone. The apache vhost needs this parameter. Default: Europe/Amsterdam
* `zabbix_repo`: Default: _zabbix_
* _epel_ install agent from EPEL repo
* _zabbix_ (default) install agent from Zabbix repo
* _other_ install agent from pre-existing or other repo
* `zabbix_vhost`: True / False. When you don't want to create an apache vhosts, you can set it to False.
* `zabbix_web`: True / False. When you down't want to install the zabbix-web component. Setting this to False, this playbook will only install the zabbix-server incl. database (if the 2 parameters below are set to True).
* `zabbix_database_creation`: True / False. When you don't want to create the database including user, you can set it to False.
* `zabbix_database_sqlload`:True / False. When you don't want to load the sql files into the database, you can set it to False.
* `server_dbencoding`: The encoding for the MySQL database. Default set to `utf8`
* `server_dbcollation`: The collation for the MySQL database. Default set to `utf8_bin`
## Zabbix 3
These variables are specific for Zabbix 3.0
* `server_tlscafile`: Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification.
* `server_tlscrlfile`: Full pathname of a file containing revoked certificates.
* `server_tlscertfile`: Full pathname of a file containing the agent certificate or certificate chain.
* `server_tlskeyfile`: Full pathname of a file containing the agent private key.
## Database
There are some zabbix-server specific variables which will be used for the zabbix-server configuration file, these can be found in the defaults/main.yml file. There are 2 which needs some explanation:
```bash
#database_type: mysql
#database_type_long: mysql
database_type: pgsql
database_type_long: postgresql
```
There are 2 database_types which will be supported: mysql and postgresql. You'll need to comment or uncomment the database you would like to use. In example from above, the postgresql database is used. If you want to use mysql, uncomment the 2 lines from mysql and comment the 2 lines for postgresql.
# Dependencies
This role has 1 "hardcoded" dependency: geerlingguy.apache. This is an role which support the 3 main operating systems (Red Hat/Debian/Ubuntu). I can't find an mysql or postgresql role which also supports these 3 operating systems.
```text
You'll need to find the correct database role by yourself. I only want to use roles which supports the 3 main operating systems as well and for now I can't find one. If there is an role which supports these 3 operating systems, please let me know and I'll use it as dependency.
```
# Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: zabbix-server
become: yes
roles:
- { role: geerlingguy.apache }
- { role: dj-wasabi.zabbix-server, zabbix_url: zabbix.dj-wasabi.nl, database_type: mysql, database_type_long: mysql }
# Test Kitchen
This roles is configured to be tested with Test Kitchen. You can find on this page some more information regarding Test Kitchen: http://werner-dijkerman.nl/2015/08/20/using-test-kitchen-with-docker-and-serverspec-to-test-ansible-roles/
# Contributors
The following have contributed to this Ansible role (List of Fame):
* drmikecrowe
* srvg
* kostyrevaa
* clopnis
* SAL-e
* lhoss
* mescanef
# License
GPLv3
# Author Information
This is my first attempt to create an ansible role, so please send suggestion or pull requests to make this role better.
Github: https://github.com/dj-wasabi/ansible-zabbix-server
mail: ikben [ at ] werner-dijkerman . nl

3
zabbix-server/ansible.cfg Normal file
View File

@ -0,0 +1,3 @@
[defaults]
roles_path = ../:../../
hostfile = tests/inventory

98
zabbix-server/defaults/main.yml Normal file
View File

@ -0,0 +1,98 @@
---
# defaults file;
# zabbix role specific
zabbix_url: zabbix.example.com
zabbix_url_aliases: []
zabbix_version: 3.2
zabbix_timezone: Europe/Amsterdam
zabbix_repo: zabbix
zabbix_vhost: True
zabbix_web: true
zabbix_database_creation: True
zabbix_database_sqlload: True
# Database
database_type: pgsql
database_type_long: postgresql
# zabbix-server specific vars
server_listenport: 10051
server_sourceip:
server_logfile: /var/log/zabbix/zabbix_server.log
server_logfilesize: 10
server_debuglevel: 3
server_pidfile: /var/run/zabbix/zabbix_server.pid
server_dbhost: localhost
server_dbname: zabbix-server
server_dbencoding: utf8
server_dbcollation: utf8_bin
server_dbschema:
server_dbuser: zabbix-server
server_dbpassword: zabbix-server
server_dbsocket:
server_dbport:
server_startpollers: 5
server_startipmipollers: 0
server_startpollersunreachable: 1
server_starttrappers: 5
server_startpingers: 1
server_startdiscoverers: 1
server_starthttppollers: 1
server_starttimers: 1
server_javagateway:
server_javagatewayport: 10052
server_startjavapollers: 5
server_startvmwarecollectors: 0
server_vmwarefrequency: 60
server_vmwarecachesize: 8M
server_snmptrapperfile: /tmp/zabbix_traps.tmp
server_startsnmptrapper: 0
server_listenip:
server_housekeepingfrequency: 1
server_maxhousekeeperdelete: 500
server_senderfrequency: 30
server_cachesize: 8M
server_cacheupdatefrequency: 60
server_startdbsyncers: 4
server_historycachesize: 8M
server_historyindexcachesize: 4M
server_trendcachesize: 4M
server_historytextcachesize: 16M
server_valuecachesize: 8M
server_nodenoevents: 0
server_nodenohistory: 0
server_timeout: 3
server_trappertimeout: 300
server_unreachableperiod: 45
server_unavailabledelay: 60
server_unreachabledelay: 15
server_alertscriptspath: ${datadir}/zabbix/alertscripts
server_externalscripts: /usr/lib/zabbix/externalscripts
server_fpinglocation: /usr/sbin/fping
server_fping6location: /usr/sbin/fping6
server_sshkeylocation:
server_logslowqueries: 0
server_tmpdir: /tmp
server_startproxypollers: 1
server_proxyconfigfrequency: 3600
server_proxydatafrequency: 1
server_allowroot: 0
server_user: zabbix
server_include: /etc/zabbix/zabbix_server.conf.d
server_sslcertlocation: ${datadir}/zabbix/ssl/certs
server_sslkeylocation: ${datadir}/zabbix/ssl/keys
server_sslcalocation:
server_loadmodulepath: ${libdir}/modules
server_loadmodule:
server_tlscafile:
server_tlscrlfile:
server_tlscertfile:
server_tlskeyfile:
server_startescalators: 1
server_vmwareperffrequency: 60
server_vmwaretimeout: 10
# SELinux specific
selinux_allow_zabbix_can_network: False
selinux_allow_zabbix_can_http: False

6
zabbix-server/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# handlers file for wdijkerman.zabbix
- name: zabbix-server restarted
service: name=zabbix-server state=restarted enabled=yes
tags: zabbix-server

1
zabbix-server/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1 @@
{install_date: 'Thu Sep 8 09:18:48 2016', version: 0.6.0}

27
zabbix-server/meta/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
galaxy_info:
author: Werner Dijkerman
description: Installing and maintaining zabbix-server for RedHat/Debian/Ubuntu.
company: myCompany.Dotcom
license: license (GPLv3)
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- lucid
- precise
- trusty
- xenial
- name: Debian
versions:
- squeeze
- wheezy
- jessie
categories:
- monitoring
dependencies:
- { role: apache }

41
zabbix-server/molecule.yml Normal file
View File

@ -0,0 +1,41 @@
---
molecule:
test:
sequence:
- destroy
- create
- converge
- verify
- destroy
ansible:
playbook: playbook.yml
requirements_file: requirements.yml
config_file: ansible.cfg
group_vars:
mysql:
- database_type: mysql
database_type_long: mysql
postgresql:
- database_type: pgsql
database_type_long: postgresql
postgresql_pg_hba_conf:
- "host all all 127.0.0.1/32 trust"
- "host all all ::1/128 trust"
postgresql_pg_hba_local_ipv4: false
postgresql_pg_hba_local_ipv6: false
docker:
containers:
- name: zabbix-server-mysql-centos
ansible_groups:
- mysql
image: milcom/centos7-systemd
image_version: latest
privileged: True
- name: zabbix-server-pgsql-centos
ansible_groups:
- postgresql
image: milcom/centos7-systemd
image_version: latest
privileged: True

30
zabbix-server/playbook.yml Normal file
View File

@ -0,0 +1,30 @@
---
- hosts: all
pre_tasks:
- name: "Installing which"
action: yum
name={{ item }}
state=installed
with_items:
- net-tools
- which
- libselinux-python
- name: "Add zabbix.example.com to hosts file."
action: shell echo '127.0.0.1 zabbix.example.com' >> /etc/hosts
- name: "Make sure we can sudo in the deployment"
lineinfile: dest=/etc/sudoers line="Defaults !requiretty" state=present
- name: "Make sure the docs are installed to"
lineinfile: dest=/etc/yum.conf line="tsflags=nodocs" state=absent
- name: "echo hosts"
action: shell cat /etc/hosts
register: my_hosts
- name: "Debug"
action: debug
var=my_hosts
roles:
- role: galaxyprojectdotorg.postgresql
when: inventory_hostname in groups['postgresql']
- role: geerlingguy.mysql
when: inventory_hostname in groups['mysql']
- role: ansible-zabbix-server

4
zabbix-server/requirements.yml Normal file
View File

@ -0,0 +1,4 @@
---
- src: geerlingguy.apache
- src: geerlingguy.mysql
- src: galaxyprojectdotorg.postgresql

172
zabbix-server/tasks/Debian.yml Normal file
View File

@ -0,0 +1,172 @@
---
- name: "Debian | Set some facts"
set_fact:
apache_log: apache2
datafiles_path: /usr/share/zabbix-server-{{ database_type }}
when: zabbix_version < 3.0
tags:
- zabbix-server
- init
- config
- name: "Debian | Set some facts for Zabbix 3.0"
set_fact:
apache_log: apache2
datafiles_path: /usr/share/doc/zabbix-server-{{ database_type }}
when: zabbix_version >= 3.0
tags:
- zabbix-server
- init
- config
- name: "Debian | Installing repository Debian"
apt_repository: repo="deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ ansible_distribution_release }} main"
state=present
when: ansible_distribution == "Debian" and zabbix_repo == "zabbix"
tags:
- zabbix-server
- init
- config
- name: "Debian | Installing repository Debian"
apt_repository: repo="deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/ {{ ansible_distribution_release }} main"
state=present
when: ansible_distribution == "Debian" and zabbix_repo == "zabbix"
tags:
- zabbix-server
- init
- config
- name: "Debian | Installing repository Ubuntu"
apt_repository: repo="deb http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ ansible_distribution_release }} main"
state=present
when: ansible_distribution == "Ubuntu" and zabbix_repo == "zabbix"
tags:
- zabbix-server
- init
- config
- name: "Debian | Installing repository Ubuntu"
apt_repository: repo="deb-src http://repo.zabbix.com/zabbix/{{ zabbix_version }}/ubuntu/ {{ ansible_distribution_release }} main"
state=present
when: ansible_distribution == "Ubuntu" and zabbix_repo == "zabbix"
tags:
- zabbix-server
- init
- config
- name: "Debian | Install gpg key"
apt_key: id=79EA5ED4
url=http://repo.zabbix.com/zabbix-official-repo.key
when: zabbix_repo == "zabbix"
tags:
- zabbix-server
- init
- config
- name: "Debian | Installing zabbix-server-{{ database_type }}"
apt: pkg=zabbix-server-{{ database_type }}
state=present
update_cache=yes
tags:
- zabbix-server
- init
- name: "Debian | Installing zabbix-clients"
apt: pkg={{ item }}
state=present
update_cache=yes
with_items:
- zabbix-agent
- zabbix-get
tags:
- zabbix-server
- init
- name: "Debian | Install php7.0-{{ database_type }}"
apt: pkg=php7.0-{{ database_type }}
state=present
update_cache=yes
cache_valid_time=3600
tags:
- zabbix-server
- init
- name: "Debian | Install php requisites"
apt: pkg={{ item }}
state=present
update_cache=yes
cache_valid_time=3600
with_items:
- php-bcmath
- php-mbstring
- php-xml
tags:
- zabbix-server
- init
- name: "Debian | Install zabbix-web"
apt: pkg=zabbix-frontend-php
state=present
update_cache=yes
cache_valid_time=3600
when: zabbix_web
tags:
- zabbix-server
- init
- config
- name: "Debian | install apache vhost"
template: src=apache_vhost.conf.j2
dest=/etc/zabbix/apache.conf
owner=root
group=root
mode=0644
when: zabbix_vhost and zabbix_web
notify: restart apache
tags:
- zabbix-server
- init
- config
- apache
- name: "Debian | Install Ansible module dependencies"
apt: name=python-psycopg2
state=present
when: zabbix_database_creation
tags:
- zabbix-server
- init
#- name: "Debian | Install Mysql Client package"
# apt: name={{ item }}
# state=present
# with_items:
# - mysql-client
# - MySQL-python
# when: database_type == 'mysql' and ansible_distribution == "Debian"
# tags:
# - zabbix-server
# - init
# - database
- name: "Debian | Install Mysql Client package"
apt: name={{ item }}
state=present
with_items:
- mysql-client
- python-mysqldb
when: database_type == 'mysql'
tags:
- zabbix-server
- init
- database
- name: "Debian | Install PostgreSQL Client package"
apt: name=postgresql state=present
when: database_type == 'pgsql'
tags:
- zabbix-server
- init
- database

143
zabbix-server/tasks/RedHat.yml Normal file
View File

@ -0,0 +1,143 @@
---
# Tasks specific for RedHat systems
- name: "RedHat | Set short version name"
set_fact:
zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
tags:
- zabbix-server
- name: "RedHat | Use Zabbix package name"
set_fact:
zabbix_server_package: "zabbix-server-{{ database_type }}"
when: zabbix_repo == "zabbix"
tags:
- zabbix-server
- name: "RedHat | Use EPEL package name"
set_fact:
zabbix_server_package: "zabbix{{ zabbix_short_version }}-server-{{ database_type }}"
when: zabbix_repo == "epel"
tags:
- zabbix-server
- name: "RedHat | Set some facts EPEL"
set_fact:
apache_log: httpd
datafiles_path: "/usr/share/zabbix-{{ database_type_long }}"
when: zabbix_repo == "epel"
tags:
- zabbix-server
- name: "RedHat | Set some facts Zabbix"
set_fact:
apache_log: httpd
datafiles_path: "/usr/share/doc/zabbix-server-{{ database_type }}-{{ zabbix_version }}*/create"
when: zabbix_version != 3.0
tags:
- zabbix-server
- name: "RedHat | Set facts for Zabbix 3.0"
set_fact:
apache_log: httpd
datafiles_path: "/usr/share/doc/zabbix-server-{{ database_type }}-{{ zabbix_version }}*"
when: zabbix_version == 3.0
tags:
- zabbix-server
- name: "RedHat | Install basic repo file"
template: src=rhel.repo.j2
dest=/etc/yum.repos.d/zabbix.repo
owner=root
group=root
mode=0644
when: zabbix_repo == "zabbix"
tags:
- zabbix-server
- name: "RedHat | Installing zabbix-server-{{ database_type }}"
yum: pkg={{ zabbix_server_package }}
state=present
tags:
- zabbix-server
- name: "RedHat | Install zabbix-web-{{ database_type }}"
yum: pkg=zabbix-web-{{ database_type }}
state=present
when: zabbix_web
tags:
- zabbix-server
- name: "RedHat | Install apache vhost"
template: src=apache_vhost.conf.j2
dest=/etc/httpd/conf.d/zabbix.conf
owner=root
group=root
mode=0644
when: zabbix_vhost and zabbix_web
notify: restart apache
tags:
- zabbix-server
- name: "RedHat | Install Ansible module dependencies"
yum: name=python-psycopg2
state=present
when: zabbix_database_creation
tags:
- zabbix-server
- name: "RedHat | Install Mysql Client package RHEL7"
yum: name={{ item }}
state=present
with_items:
- mariadb
- MySQL-python
when: database_type == 'mysql' and ansible_distribution_major_version == "7"
tags:
- zabbix-server
- name: "RedHat | Install Mysql Client package RHEL5 - 6"
yum: name={{ item }}
state=present
with_items:
- mysql
- MySQL-python
when: database_type == 'mysql' and ansible_distribution_major_version == "6" or ansible_distribution_major_version == "5"
tags:
- zabbix-server
- name: "RedHat | Install PostgreSQL client package"
yum: name=postgresql
state=latest
when: database_type == 'pgsql'
tags:
- zabbix-server
- name: "RedHat | Install related SELinux package"
yum: name={{ item }}
state=present
with_items:
- libsemanage-python
when: zabbix_web or selinux_allow_zabbix_can_network
tags:
- zabbix-server
- name: "RedHat | Enable httpd_can_connect_zabbix SELinux boolean"
seboolean: name={{ item }}
state=yes
persistent=yes
with_items:
- httpd_can_connect_zabbix
when: zabbix_web and selinux_allow_zabbix_can_http
tags:
- zabbix-server
- name: "RedHat | Enable zabbix_can_network SELinux boolean"
seboolean: name={{ item }}
state=yes
persistent=yes
with_items:
- zabbix_can_network
when: selinux_allow_zabbix_can_network
tags:
- zabbix-server

68
zabbix-server/tasks/main.yml Normal file
View File

@ -0,0 +1,68 @@
---
# tasks file for wdijkerman.zabbix
- name: "Get Apache version"
action: shell apachectl -v | grep 'version' | awk -F '/' '{ print $2 }'| awk '{ print $1 }' | cut -c 1-3
register: apachectl_version
- name: "Set correct apache_version"
set_fact:
apache_version: "{{ apachectl_version.stdout }}"
- name: "Install the correct repository"
include: "RedHat.yml"
when: ansible_os_family == "RedHat"
tags:
- always
- name: "Install the correct repository"
include: "Debian.yml"
when: ansible_os_family == "Debian"
tags:
- always
- name: "Installing the postgresql database"
include: "postgresql.yml"
when: database_type_long == "postgresql"
tags:
- always
- name: "Installing the mysql database"
include: "mysql.yml"
when: database_type_long == "mysql"
tags:
- always
- name: "Configure zabbix-server"
template: src=zabbix_server.conf.j2
dest=/etc/zabbix/zabbix_server.conf
owner=zabbix
group=zabbix
mode=0644
notify: zabbix-server restarted
tags:
- zabbix-server
- init
- config
- name: "Create include dir zabbix-server"
file: path={{ server_include }}
owner=zabbix
group=zabbix
state=directory
mode=0644
tags:
- zabbix-server
- init
- config
- name: "Configure zabbix-web"
template: src=zabbix.conf.php.j2
dest=/etc/zabbix/web/zabbix.conf.php
owner=zabbix
group=zabbix
mode=0644
tags:
- zabbix-server
- init
- config

63
zabbix-server/tasks/mysql.yml Normal file
View File

@ -0,0 +1,63 @@
---
# task file for mysql
- name: "Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)"
set_fact:
delegated_dbhost: "{{server_dbhost if (server_dbhost != 'localhost') else inventory_hostname}}"
- name: "MySQL | Create database"
mysql_db: name={{ server_dbname }}
state=present
encoding={{ server_dbencoding }}
collation={{ server_dbcollation }}
when: zabbix_database_creation
delegate_to: "{{ delegated_dbhost }}"
tags:
- zabbix-server
- database
- name: "MySQL | Create database user"
mysql_user: name={{ server_dbuser }}
password={{ server_dbpassword }}
priv={{ server_dbname }}.*:ALL
state=present
when: zabbix_database_creation
delegate_to: "{{ delegated_dbhost }}"
tags:
- zabbix-server
- database
- name: "MySQL | Importing schema file"
shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < create.sql && touch /etc/zabbix/schema.done"
args:
creates: /etc/zabbix/schema.done
when: zabbix_version == 3.0 and zabbix_database_sqlload
tags:
- zabbix-server
- database
- name: "MySQL | Importing schema file"
shell: "cd {{ datafiles_path }} && if [ -f schema.sql.gz ]; then gunzip schema.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < schema.sql && touch /etc/zabbix/schema.done"
args:
creates: /etc/zabbix/schema.done
when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database
- name: "MySQL | Importing images file"
shell: "cd {{ datafiles_path }} && if [ -f images.sql.gz ]; then gunzip images.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < images.sql && touch /etc/zabbix/images.done"
args:
creates: /etc/zabbix/images.done
when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database
- name: "MySQL | Importing data file"
shell: "cd {{ datafiles_path }} && if [ -f data.sql.gz ]; then gunzip data.sql.gz ; fi && mysql -h '{{ server_dbhost }}' -u '{{ server_dbuser }}' -p'{{ server_dbpassword }}' -D '{{ server_dbname }}' < data.sql && touch /etc/zabbix/data.done"
args:
creates: /etc/zabbix/data.done
when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database

75
zabbix-server/tasks/postgresql.yml Normal file
View File

@ -0,0 +1,75 @@
---
# task file for postgresql
- name: "Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)"
set_fact:
delegated_dbhost: "{{ server_dbhost if (server_dbhost != 'localhost') else inventory_hostname }}"
- name: "PostgreSQL | Create database"
postgresql_db: name={{ server_dbname }}
state=present
become: yes
become_user: postgres
delegate_to: "{{ delegated_dbhost }}"
when: zabbix_database_creation
tags:
- zabbix-server
- database
- name: "PostgreSQL | Create database user"
postgresql_user: db={{ server_dbname }}
name={{ server_dbuser }}
password={{ server_dbpassword }}
priv=ALL
state=present
become: yes
become_user: postgres
delegate_to: "{{ delegated_dbhost }}"
when: zabbix_database_creation
tags:
- zabbix-server
- database
- name: "PostgreSQL | Create schema"
shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f create.sql && touch /etc/zabbix/schema.done"
args:
creates: /etc/zabbix/schema.done
environment:
PGPASSWORD: '{{ server_dbpassword }}'
when: zabbix_version == 3.0 and zabbix_database_sqlload
tags:
- zabbix-server
- database
- name: "PostgreSQL | Importing schema file"
shell: "cd {{ datafiles_path }} && if [ -f create.sql.gz ]; then gunzip create.sql.gz ; fi && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f create.sql && touch /etc/zabbix/schema.done"
args:
creates: /etc/zabbix/schema.done
environment:
PGPASSWORD: '{{ server_dbpassword }}'
when: (zabbix_version != 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database
- name: "PostgreSQL | Importing images file"
shell: "cd {{ datafiles_path }} && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f images.sql && touch /etc/zabbix/images.done"
args:
creates: /etc/zabbix/images.done
environment:
PGPASSWORD: '{{ server_dbpassword }}'
when: (zabbix_version < 3.0 and zabbix_database_sqlload) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database
- name: "PostgreSQL | Importing data file"
shell: "cd {{ datafiles_path }} && psql -h '{{ server_dbhost }}' -U '{{ server_dbuser }}' -d '{{ server_dbname }}' -f data.sql && touch /etc/zabbix/data.done"
args:
creates: /etc/zabbix/data.done
environment:
PGPASSWORD: '{{ server_dbpassword }}'
when: (zabbix_database_sqlload and zabbix_version < 3.0) or (zabbix_repo == "epel" and zabbix_database_sqlload)
tags:
- zabbix-server
- database

54
zabbix-server/templates/apache_vhost.conf.j2 Normal file
View File

@ -0,0 +1,54 @@
<VirtualHost *:80>
ServerName {{ zabbix_url }}
ServerAlias {{ apachectl_version.stdout }}
{% for alias in zabbix_url_aliases %}
ServerAlias {{ alias }}
{% endfor %}
## Vhost docroot
DocumentRoot "/usr/share/zabbix"
{% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/api', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %}
<Directory "/usr/share/zabbix">
{% if apache_version|string() == '2.4' %}
Options FollowSymLinks
AllowOverride None
Require all granted
{% else %}
AllowOverride None
Order Allow,Deny
Allow from all
{% endif %}
</Directory>
{% for my_path in directory_paths %}
<Directory "{{ my_path }}">
{% if apache_version|string() == '2.4' %}
Require all granted
{% else %}
AllowOverride None
Order Deny,Allow
Deny from all
{% endif %}
</Directory>
{% endfor %}
## Logging
ErrorLog "/var/log/{{ apache_log }}/{{ zabbix_url }}_error.log"
ServerSignature Off
CustomLog "/var/log/{{ apache_log }}/{{ zabbix_url }}_access.log" combined
## Rewrite rules
RewriteEngine On
RewriteRule ^$ /index.php [L]
## Custom fragment
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
# Set correct timezone.
php_value date.timezone {{ zabbix_timezone }}
</VirtualHost>

13
zabbix-server/templates/rhel.repo.j2 Normal file
View File

@ -0,0 +1,13 @@
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=0

20
zabbix-server/templates/zabbix.conf.php.j2 Normal file
View File

@ -0,0 +1,20 @@
<?php
// Zabbix GUI configuration file
global $DB;
$DB['TYPE'] = '{{ database_type_long|upper() }}';
$DB['SERVER'] = '{{ server_dbhost }}';
$DB['PORT'] = '0';
$DB['DATABASE'] = '{{ server_dbname }}';
$DB['USER'] = '{{ server_dbuser }}';
$DB['PASSWORD'] = '{{ server_dbpassword }}';
// SCHEMA is relevant only for IBM_DB2 database
$DB['SCHEMA'] = '';
$ZBX_SERVER = '{{ ansible_nodename }}';
$ZBX_SERVER_PORT = '{{ server_listenport }}';
$ZBX_SERVER_NAME = '{{ ansible_nodename }}';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
?>

495
zabbix-server/templates/zabbix_server.conf.j2 Normal file
View File

@ -0,0 +1,495 @@
# this is a configuration file for zabbix server process
# to get more information about zabbix,
# visit http://www.zabbix.com
############ general parameters #################
### option: listenport
# listen port for trapper.
#
ListenPort={{ server_listenport }}
### option: sourceip
# source ip address for outgoing connections.
#
{% if server_sourceip is defined and server_sourceip %}
SourceIP={{ server_sourceip }}
{% endif %}
### option: logfile
# name of log file.
# if not set, syslog is used.
#
LogFile={{ server_logfile }}
### option: logfilesize
# maximum size of log file in mb.
# 0 - disable automatic log rotation.
#
LogFileSize={{ server_logfilesize }}
### option: debuglevel
# specifies debug level
# 0 - no debug
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
DebugLevel={{ server_debuglevel }}
### option: pidfile
# name of pid file.
#
PidFile={{ server_pidfile }}
### option: dbhost
# database host name.
# if set to localhost, socket is used for mysql.
# if set to empty string, socket is used for postgresql.
#
DBHost={{ server_dbhost }}
### option: dbname
# database name.
# for sqlite3 path to database file must be provided. dbuser and dbpassword are ignored.
#
DBName={{ server_dbname }}
### option: dbschema
# schema name. used for ibm db2.
#
{% if server_dbschema is defined and server_dbschema %}
DBSchema={{ server_dbschema }}
{% endif %}
### option: dbuser
# database user. ignored for sqlite.
#
DBUser={{ server_dbuser }}
### option: dbpassword
# database password. ignored for sqlite.
# comment this line if no password is used.
#
DBPassword={{ server_dbpassword }}
### option: dbsocket
# path to mysql socket.
#
{% if server_dbsocket is defined and server_dbsocket %}
DBSocket={{ server_dbsocket }}
{% endif %}
### option: dbport
# database port when not using local socket. ignored for sqlite.
#
{% if server_dbport is defined and server_dbport %}
DBPort={{ server_dbport }}
{% endif %}
############ advanced parameters ################
### option: startpollers
# number of pre-forked instances of pollers.
#
StartPollers={{ server_startpollers }}
### option: startipmipollers
# number of pre-forked instances of ipmi pollers.
#
StartIPMIPollers={{ server_startipmipollers }}
### option: startpollersunreachable
# number of pre-forked instances of pollers for unreachable hosts (including ipmi).
#
StartPollersUnreachable={{ server_startpollersunreachable }}
### option: starttrappers
# number of pre-forked instances of trappers.
# trappers accept incoming connections from zabbix sender, active agents, active proxies and child nodes.
# at least one trapper process must be running to display server availability in the frontend.
#
StartTrappers={{ server_starttrappers }}
### option: startpingers
# number of pre-forked instances of icmp pingers.
#
StartPingers={{ server_startpingers }}
### option: startdiscoverers
# number of pre-forked instances of discoverers.
#
StartDiscoverers={{ server_startdiscoverers }}
### option: starthttppollers
# number of pre-forked instances of http pollers.
#
StartHTTPPollers={{ server_starthttppollers }}
{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %}
### option: starttimers
# number of pre-forked instances of timers.
# timers process time-based trigger functions and maintenance periods.
# only the first timer process handles the maintenance periods.
#
StartTimers={{ server_starttimers }}
{% endif %}
{% if zabbix_version == '3.0' %}
### Option: StartEscalators
# Number of pre-forked instances of escalators.
#
StartEscalators={{ server_startescalators }}
{% endif %}
### option: javagateway
# ip address (or hostname) of zabbix java gateway.
# only required if java pollers are started.
#
{% if server_javagateway is defined and server_javagateway %}
JavaGateway={{ server_javagateway }}
### option: javagatewayport
# port that zabbix java gateway listens on.
#
JavaGatewayPort={{ server_javagatewayport }}
### option: startjavapollers
# number of pre-forked instances of java pollers.
#
StartJavaPollers={{ server_startjavapollers }}
{% endif %}
{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %}
### option: startvmwarecollectors
# number of pre-forked vmware collector instances.
#
StartVMwareCollectors={{ server_startvmwarecollectors }}
### option: vmwarefrequency
# how often zabbix will connect to vmware service to obtain a new data.
#
VMwareFrequency={{ server_vmwarefrequency }}
{% if zabbix_version == '3.0' %}
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
VMwarePerfFrequency={{ server_vmwareperffrequency }}
{% endif %}
### option: vmwarecachesize
# size of vmware cache, in bytes.
# shared memory size for storing vmware data.
# only used if vmware collectors are started.
#
VMwareCacheSize={{ server_vmwarecachesize }}
{% endif %}
{% if zabbix_version == '3.0' %}
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
VMwareTimeout={{ server_vmwaretimeout }}
{% endif %}
### option: snmptrapperfile
# temporary file used for passing data from snmp trap daemon to the server.
# must be the same as in zabbix_trap_receiver.pl or snmptt configuration file.
#
SNMPTrapperFile={{ server_snmptrapperfile }}
### option: startsnmptrapper
# if 1, snmp trapper process is started.
#
StartSNMPTrapper={{ server_startsnmptrapper }}
### option: listenip
# list of comma delimited ip addresses that the trapper should listen on.
# trapper will listen on all network interfaces if this parameter is missing.
#
{% if server_listenip is defined and server_listenip %}
ListenIp={{ server_listenip }}
{% endif %}
### option: housekeepingfrequency
# how often zabbix will perform housekeeping procedure (in hours).
# housekeeping is removing unnecessary information from history, alert, and alarms tables.
#
HousekeepingFrequency={{ server_housekeepingfrequency }}
### option: maxhousekeeperdelete
# the table "housekeeper" contains "tasks" for housekeeping procedure in the format:
# [housekeeperid], [tablename], [field], [value].
# no more than 'maxhousekeeperdelete' rows (corresponding to [tablename], [field], [value])
# will be deleted per one task in one housekeeping cycle.
# sqlite3 does not use this parameter, deletes all corresponding rows without a limit.
# if set to 0 then no limit is used at all. in this case you must know what you are doing!
#
MaxHousekeeperDelete={{ server_maxhousekeeperdelete }}
### option: senderfrequency
# how often zabbix will try to send unsent alerts (in seconds).
#
SenderFrequency={{ server_senderfrequency }}
### option: cachesize
# size of configuration cache, in bytes.
# shared memory size for storing host, item and trigger data.
#
CacheSize={{ server_cachesize }}
### option: cacheupdatefrequency
# how often zabbix will perform update of configuration cache, in seconds.
#
CacheUpdateFrequency={{ server_cacheupdatefrequency }}
### option: startdbsyncers
# number of pre-forked instances of db syncers
#
StartDBSyncers={{ server_startdbsyncers }}
### option: historycachesize
# size of history cache, in bytes.
# shared memory size for storing history data.
#
HistoryCacheSize={{ server_historycachesize }}
{% if zabbix_version == '3.0' %}
### Option: HistoryIndexCacheSize
# Size of history index cache, in bytes.
# Shared memory size for indexing history cache.
#
HistoryIndexCacheSize={{ server_historyindexcachesize }}
{% endif %}
### option: trendcachesize
# size of trend cache, in bytes.
# shared memory size for storing trends data.
#
TrendCacheSize={{ server_trendcachesize }}
{% if zabbix_version < 3.0 %}
### option: historytextcachesize
# size of text history cache, in bytes.
# shared memory size for storing character, text or log history data.
#
HistoryTextCacheSize={{ server_historytextcachesize }}
{% endif %}
{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %}
### option: valuecachesize
# size of history value cache, in bytes.
# shared memory size for caching item history data requests
# setting to 0 disables value cache.
#
ValueCacheSize={{ server_valuecachesize }}
{% endif %}
{% if zabbix_version == '2.4' %}
### option: nodenoevents
# if set to '1' local events won't be sent to master node.
# this won't impact ability of this node to propagate events from its child nodes.
#
NodeNoEvents={{ server_nodenoevents }}
### option: nodenohistory
# if set to '1' local history won't be sent to master node.
# this won't impact ability of this node to propagate history from its child nodes.
#
NodeNoHistory={{ server_nodenohistory }}
{% endif %}
### option: timeout
# specifies how long we wait for agent, snmp device or external check (in seconds).
#
Timeout={{ server_timeout }}
### option: trappertimeout
# specifies how many seconds trapper may spend processing new data.
#
TrapperTimeout={{ server_trappertimeout }}
### option: unreachableperiod
# after how many seconds of unreachability treat a host as unavailable.
#
UnreachablePeriod={{ server_unreachableperiod }}
### option: unavailabledelay
# how often host is checked for availability during the unavailability period, in seconds.
#
UnavailableDelay={{ server_unavailabledelay }}
### option: unreachabledelay
# how often host is checked for availability during the unreachability period, in seconds.
#
UnreachableDelay={{ server_unreachabledelay }}
### option: alertscriptspath
# full path to location of custom alert scripts.
# default depends on compilation options.
#
AlertScriptsPath={{ server_alertscriptspath }}
### option: externalscripts
# full path to location of external scripts.
# default depends on compilation options.
#
ExternalScripts={{ server_externalscripts }}
### option: fpinglocation
# location of fping.
# make sure that fping binary has root ownership and suid flag set.
#
FpingLocation={{ server_fpinglocation }}
### option: fping6location
# location of fping6.
# make sure that fping6 binary has root ownership and suid flag set.
# make empty if your fping utility is capable to process ipv6 addresses.
#
Fping6Location={{ server_fping6location }}
### option: sshkeylocation
# location of public and private keys for ssh checks and actions.
#
{% if server_sshkeylocation is defined and server_sshkeylocation %}
SSHKeyLocation={{ server_sshkeylocation }}
{% endif %}
### option: logslowqueries
# how long a database query may take before being logged (in milliseconds).
# only works if debuglevel set to 3 or 4.
# 0 - don't log slow queries.
#
LogSlowQueries={{ server_logslowqueries }}
### option: tmpdir
# temporary directory.
#
TmpDir={{ server_tmpdir }}
### option: startproxypollers
# number of pre-forked instances of pollers for passive proxies.
#
StartProxyPollers={{ server_startproxypollers }}
### option: proxyconfigfrequency
# how often zabbix server sends configuration data to a zabbix proxy in seconds.
# this parameter is used only for proxies in the passive mode.
#
ProxyConfigFrequency={{ server_proxyconfigfrequency }}
### option: proxydatafrequency
# how often zabbix server requests history data from a zabbix proxy in seconds.
# this parameter is used only for proxies in the passive mode.
#
ProxyDataFrequency={{ server_proxydatafrequency }}
{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0'%}
### option: allowroot
# allow the server to run as 'root'. if disabled and the server is started by 'root', the server
# will try to switch to user 'zabbix' instead. has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
AllowRoot={{ server_allowroot }}
{% endif %}
{% if zabbix_version == '3.0' %}
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
User={{ server_user }}
{% endif %}
### option: include
# you may include individual files or all files in a directory in the configuration file.
# installing zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
Include={{ server_include }}
{% if zabbix_version == '3.0' %}
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
#
SSLCertLocation={{ server_sslcertlocation }}
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
#
SSLKeyLocation={{ server_sslkeylocation }}
### Option: SSLCALocation
# Override the location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring and SMTP authentication.
#
{% if server_sslcalocation is defined and server_sslcalocation is not none %}
SSLCALocation={{ server_sslcalocation }}
{% endif %}
{% endif %}
####### loadable modules #######
{% if zabbix_version == '2.2' or zabbix_version == '2.4' or zabbix_version == '3.0' %}
### option: loadmodulepath
# full path to location of server modules.
# default depends on compilation options.
#
LoadModulePath={{ server_loadmodulepath }}
{% endif %}
### option: loadmodule
# module to load at server startup. modules are used to extend functionality of the server.
# format: loadmodule=<module.so>
# the modules must be located in directory specified by loadmodulepath.
# it is allowed to include multiple loadmodule parameters.
#
{% if server_loadmodule is defined and server_loadmodule %}
LoadModule = {{ loadmodule }}
{% endif %}
{% if zabbix_version == '3.0' %}
####### TLS-RELATED PARAMETERS #######
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
{% if server_tlscafile is defined and server_tlscafile is not none %}
TLSCAFile={{ server_tlscafile }}
{% endif %}
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
{% if server_tlscrlfile is defined and server_tlscrlfile is not none %}
TLSCRLFile={{ server_tlscrlfile }}
{% endif %}
### Option: TLSCertFile
# Full pathname of a file containing the server certificate or certificate chain.
#
# Mandatory: no
# Default:
{% if server_tlscertfile is defined and server_tlscertfile is not none %}
TLSCertFile={{ server_tlscertfile }}
{% endif %}
### Option: TLSKeyFile
# Full pathname of a file containing the server private key.
#
# Mandatory: no
# Default:
{% if server_tlskeyfile is defined and server_tlskeyfile is not none %}
TLSKeyFile={{ server_tlskeyfile }}
{% endif %}
{% endif %}

6
zabbix-server/tests/inventory Normal file
View File

@ -0,0 +1,6 @@
localhost
[mysql]
zabbix-server-mysql-centos
[postgresql]
zabbix-server-pgsql-centos

5
zabbix-server/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ansible-zabbix-agent

89
zabbix-server/tests/test_default.py Normal file
View File

@ -0,0 +1,89 @@
from testinfra.utils.ansible_runner import AnsibleRunner
import pytest
import requests
testinfra_hosts = AnsibleRunner('.molecule/ansible_inventory').get_hosts('all')
def test_zabbiserver_running_and_enabled(Service):
zabbix = Service("zabbix-server")
assert zabbix.is_enabled
assert zabbix.is_running
@pytest.mark.parametrize("server, web", [
("zabbix-server-pgsql", "zabbix-web-pgsql"),
("zabbix-server-mysql", "zabbix-web-mysql"),
])
def test_zabbix_package(Package, TestinfraBackend, server, web, SystemInfo):
host = TestinfraBackend.get_hostname()
host = host.replace("-centos", "")
host = host.replace("-debian", "")
if host == server:
zabbix_server = Package(server)
zabbix_web = Package(web)
assert zabbix_server.is_installed
assert zabbix_web.is_installed
if SystemInfo.distribution == 'debian':
assert zabbix_server.version.startswith("1:3.0")
assert zabbix_web.version.startswith("1:3.0")
elif SystemInfo.distribution == 'centos':
assert zabbix_server.version.startswith("3.0")
assert zabbix_web.version.startswith("3.0")
def test_socket(Socket):
assert Socket("tcp://0.0.0.0:10051").is_listening
def test_zabbix_server_dot_conf(File):
zabbix_server_conf = File("/etc/zabbix/zabbix_server.conf")
assert zabbix_server_conf.user == "zabbix"
assert zabbix_server_conf.group == "zabbix"
assert zabbix_server_conf.mode == 0o644
assert zabbix_server_conf.contains("ListenPort=10051")
assert zabbix_server_conf.contains("DBHost=localhost")
assert zabbix_server_conf.contains("DebugLevel=3")
def test_zabbix_include_dir(File):
zabbix_include_dir = File("/etc/zabbix/zabbix_server.conf.d")
assert zabbix_include_dir.is_directory
assert zabbix_include_dir.user == "zabbix"
assert zabbix_include_dir.group == "zabbix"
# assert zabbix_include_dir.mode == 0o644
def test_zabbix_web(File):
zabbix_web = File("/etc/zabbix/web/zabbix.conf.php")
assert zabbix_web.user == "zabbix"
assert zabbix_web.group == "zabbix"
assert zabbix_web.mode == 0o644
# def test_http_status():
# zabbix = requests.get('http://zabbix.example.com')
# zabbix_status_code = zabbix.status_code
# assert zabbix_status_code == 200
#
#
# def test_http_api_login():
# data_login = '{"params": {"password":"zabbix", "user":"Admin"}, "jsonrpc":"2.0", "method":"user.login", "id":0}'
# headers = {'Content-Type': 'application/json-rpc'}
# zabbix = requests.post('http://zabbix.example.com/api_jsonrpc.php', data=data_login, headers=headers, timeout=30)
# zabbix_api_status = zabbix.status_code
# zabbix_api_json = zabbix.json()
# assert zabbix_api_status == 200
# assert zabbix_api_json['id'] == 0
#
# zabbix_api_token = zabbix_api_json['result']
# data_search = '''{"jsonrpc": "2.0","method": "host.get","params":
# {"output": "extend","filter": {"host": ["Zabbix server"]}},"auth":"''' + zabbix_api_token + '''","id": 1}'''
# zabbix = requests.post('http://zabbix.example.com/api_jsonrpc.php', data=data_search, headers=headers, timeout=30)
# zabbix_api_search_status = zabbix.status_code
# zabbix_api_search_json = zabbix.json()
# assert zabbix_api_search_status == 200
# assert zabbix_api_search_json['result'][0]['host'] == 'Zabbix server'

2
zabbix-server/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for dj-wasabi.zabbix