├── setup.cfg
├── ansible.cfg
├── vars
├── RedHat.yml
├── Debian.yml
└── zabbix.yml
├── molecule
└── default
│ ├── playbook.yml
│ ├── requirements.yml
│ ├── yaml-lint.yml
│ ├── INSTALL.rst
│ ├── Dockerfile.j2
│ ├── destroy.yml
│ ├── prepare.yml
│ ├── molecule.yml
│ ├── tests
│ └── test_default.py
│ └── create.yml
├── .gitignore
├── requirements.yml
├── CODE_OF_CONDUCT.md
├── PULL_REQUEST_TEMPLATE.md
├── .yamllint
├── tasks
├── apache_RedHat.yml
├── apache.yml
├── apache_Debian.yml
├── php_Debian.yml
├── Debian.yml
├── RedHat.yml
└── main.yml
├── inventory
├── .github
└── ISSUE_TEMPLATE
│ ├── feature_request.md
│ └── bug_report.md
├── meta
└── main.yml
├── LICENSE
├── templates
├── zabbix.conf.php.j2
└── apache_vhost.conf.j2
├── .travis.yml
├── defaults
└── main.yml
├── CONTRIBUTING.md
├── CHANGELOG.md
└── README.md
/setup.cfg:
--------------------------------------------------------------------------------
1 | [flake8]
2 | max-line-length = 160
3 |
--------------------------------------------------------------------------------
/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | roles_path = ../:../../
3 | hostfile = inventory
4 |
--------------------------------------------------------------------------------
/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_user: apache
3 | apache_group: apache
4 | apache_log: httpd
5 |
--------------------------------------------------------------------------------
/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | apache_user: www-data
3 | apache_group: www-data
4 | apache_log: apache2
5 |
--------------------------------------------------------------------------------
/molecule/default/playbook.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Converge
3 | hosts: all
4 | roles:
5 | - role: ansible-zabbix-web
6 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | .molecule
3 | __pycache__
4 | .cache
5 | .env
6 | .virtualenv
7 | *.pyc
8 | .vscode/
9 | meta/.galaxy_install_info
10 |
--------------------------------------------------------------------------------
/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: geerlingguy.apache
3 | - src: geerlingguy.mysql
4 | - src: geerlingguy.postgresql
5 | - src: dj-wasabi.zabbix-server
6 |
--------------------------------------------------------------------------------
/molecule/default/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - src: geerlingguy.apache
3 | - src: geerlingguy.mysql
4 | - src: geerlingguy.postgresql
5 | - src: dj-wasabi.zabbix-server
6 |
--------------------------------------------------------------------------------
/molecule/default/yaml-lint.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | extends: default
4 |
5 | rules:
6 | line-length:
7 | max: 180
8 | level: warning
9 | truthy: disable
10 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Code of Conduct
2 |
3 | The Code of Conduct from Ansible found [here](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html) applies to this Ansible role as well.
4 |
--------------------------------------------------------------------------------
/molecule/default/INSTALL.rst:
--------------------------------------------------------------------------------
1 | *******
2 | Install
3 | *******
4 |
5 | Requirements
6 | ============
7 |
8 | * Docker Engine
9 | * docker-py
10 |
11 | Install
12 | =======
13 |
14 | .. code-block:: bash
15 |
16 | $ sudo pip install docker-py
17 |
--------------------------------------------------------------------------------
/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | **Description of PR**
2 |
3 |
4 | **Type of change**
5 |
6 |
7 | Feature Pull Request
8 | Bugfix Pull Request
9 | Docs Pull Request
10 |
11 | **Fixes an issue**
12 |
13 |
--------------------------------------------------------------------------------
/.yamllint:
--------------------------------------------------------------------------------
1 | extends: default
2 |
3 | rules:
4 | braces:
5 | max-spaces-inside: 1
6 | level: error
7 | brackets:
8 | max-spaces-inside: 1
9 | level: error
10 | line-length: disable
11 | # NOTE(retr0h): Templates no longer fail this lint rule.
12 | # Uncomment if running old Molecule templates.
13 | # truthy: disable
14 |
--------------------------------------------------------------------------------
/tasks/apache_RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "RedHat | Install apache vhost"
3 | template:
4 | src: apache_vhost.conf.j2
5 | dest: /etc/httpd/conf.d/zabbix.conf
6 | owner: "{{ apache_user }}"
7 | group: "{{ apache_group }}"
8 | mode: 0644
9 | when: zabbix_vhost
10 | notify:
11 | - restart apache
12 | tags:
13 | - zabbix-server
14 |
--------------------------------------------------------------------------------
/inventory:
--------------------------------------------------------------------------------
1 | [postgresql]
2 | zabbix-web-pgsql-centos ansible_connection=docker
3 | zabbix-web-pgsql-debian ansible_connection=docker
4 | zabbix-web-pgsql-ubuntu ansible_connection=docker
5 |
6 | [mysql]
7 | zabbix-web-mysql-centos ansible_connection=docker
8 | zabbix-web-mysql-debian ansible_connection=docker
9 | zabbix-web-mysql-ubuntu ansible_connection=docker
10 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this Ansible role
4 |
5 | ---
6 |
7 | **Is your feature request related to a problem? Please describe.**
8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
9 |
10 | **Describe the solution you'd like**
11 | A clear and concise description of what you want to happen.
12 |
13 | **Additional context**
14 | Add any other context or screenshots about the feature request here.
15 |
--------------------------------------------------------------------------------
/tasks/apache.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Apache | Get Apache version"
3 | shell: |
4 | PATH=/usr/sbin:$PATH
5 | set -o pipefail
6 | apachectl -v | grep 'version' | awk -F '/' '{ print $2 }'| awk '{ print $1 }' | cut -c 1-3
7 | changed_when: False
8 | register: apachectl_version
9 | check_mode: no
10 | args:
11 | executable: /bin/bash
12 | tags:
13 | - zabbix-web
14 |
15 | - name: "Apache | Set correct apache_version"
16 | set_fact:
17 | apache_version: "{{ apachectl_version.stdout }}"
18 | tags:
19 | - zabbix-web
20 |
--------------------------------------------------------------------------------
/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | galaxy_info:
3 | author: Werner Dijkerman
4 | description: Installing and maintaining zabbix-web for RedHat/Debian/Ubuntu.
5 | company: myCompany.Dotcom
6 | license: license (GPLv3)
7 | min_ansible_version: 2.4
8 | platforms:
9 | - name: EL
10 | versions:
11 | - 6
12 | - 7
13 | - name: Ubuntu
14 | versions:
15 | - lucid
16 | - precise
17 | - trusty
18 | - name: Debian
19 | versions:
20 | - squeeze
21 | - wheezy
22 | - jessie
23 | - stretch
24 | galaxy_tags:
25 | - monitoring
26 | - zabbix
27 |
28 | dependencies:
29 | - name: geerlingguy.apache
30 | src: geerlingguy.apache
31 | tags: apache
32 | when: zabbix_websrv == 'apache'
33 |
--------------------------------------------------------------------------------
/molecule/default/Dockerfile.j2:
--------------------------------------------------------------------------------
1 | # Molecule managed
2 |
3 | FROM {{ item.image }}
4 |
5 | RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
6 | elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
7 | elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
8 | elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
9 | elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
10 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Help to improve this Ansible role.
4 |
5 | ---
6 |
7 | **Describe the bug**
8 |
9 |
10 | **Installation method/version**
11 |
12 |
13 | * Github / latest
14 | * Ansible Galaxy / 1.1.0
15 |
16 | **Ansible Version**
17 |
18 | ```
19 |
20 | ```
21 |
22 | **Targetted hosts**
23 | Concerns the following OS(es):
24 |
25 |
26 | * Ubuntu
27 | * Debian
28 | * CentOS
29 | * Mint
30 |
31 | **Expected behavior**
32 |
33 |
34 | **Additional context**
35 |
36 |
--------------------------------------------------------------------------------
/molecule/default/destroy.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Destroy
3 | hosts: localhost
4 | connection: local
5 | gather_facts: false
6 | no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
7 | vars:
8 | molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
9 | molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
10 | tasks:
11 | - name: Destroy molecule instance(s)
12 | docker_container:
13 | name: "{{ item.name }}"
14 | state: absent
15 | force_kill: "{{ item.force_kill | default(true) }}"
16 | register: server
17 | with_items: "{{ molecule_yml.platforms }}"
18 | async: 7200
19 | poll: 0
20 |
21 | - name: Wait for instance(s) deletion to complete
22 | async_status:
23 | jid: "{{ item.ansible_job_id }}"
24 | register: docker_jobs
25 | until: docker_jobs.finished
26 | retries: 300
27 | with_items: "{{ server.results }}"
28 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018 Werner Dijkerman
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/templates/zabbix.conf.php.j2:
--------------------------------------------------------------------------------
1 |
36 |
--------------------------------------------------------------------------------
/tasks/apache_Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Debian | Install legacy PHP integration for Apache"
3 | apt:
4 | state: present
5 | update_cache: yes
6 | cache_valid_time: 3600
7 | name:
8 | - libapache2-mod-php
9 |
10 | - name: "Debian | install apache vhost"
11 | template:
12 | src: apache_vhost.conf.j2
13 | dest: /etc/apache2/sites-available/zabbix.conf
14 | owner: "{{ apache_user }}"
15 | group: "{{ apache_group }}"
16 | mode: 0644
17 | when: zabbix_vhost
18 | notify:
19 | - restart apache
20 | tags:
21 | - zabbix-web
22 | - init
23 | - config
24 | - apache
25 |
26 | - name: "Debian | Remove provided zabbix.conf files"
27 | file:
28 | path: "{{ item }}"
29 | state: absent
30 | with_items:
31 | - /etc/apache2/conf-available/zabbix.conf
32 | - /etc/apache2/conf-enabled/zabbix.conf
33 |
34 | - name: "Debian | enable apache vhost"
35 | file:
36 | src: /etc/apache2/sites-available/zabbix.conf
37 | dest: /etc/apache2/sites-enabled/zabbix.conf
38 | owner: "{{ apache_user }}"
39 | group: "{{ apache_group }}"
40 | state: link
41 | when: zabbix_vhost
42 | notify:
43 | - restart apache
44 | tags:
45 | - zabbix-server
46 | - init
47 | - config
48 | - apache
49 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | ---
2 | sudo: required
3 | language: python
4 | python:
5 | - "2.7"
6 | services:
7 | - docker
8 |
9 | env:
10 | global:
11 | - ROLE_NAME: zabbix-web
12 | matrix:
13 | - MY_MOLECULE_CONTAINER: mysql-centos
14 | MY_MOLECULE_IMAGE: milcom/centos7-systemd
15 | MY_MOLECULE_GROUP: mysql
16 | - MY_MOLECULE_CONTAINER: mysql-debian
17 | MY_MOLECULE_IMAGE: minimum2scp/systemd-stretch
18 | MY_MOLECULE_GROUP: mysql
19 | - MY_MOLECULE_CONTAINER: mysql-ubuntu
20 | MY_MOLECULE_IMAGE: solita/ubuntu-systemd:xenial
21 | MY_MOLECULE_GROUP: mysql
22 | - MY_MOLECULE_CONTAINER: pgsql-centos
23 | MY_MOLECULE_IMAGE: milcom/centos7-systemd
24 | MY_MOLECULE_GROUP: postgresql
25 | - MY_MOLECULE_CONTAINER: pgsql-debian
26 | MY_MOLECULE_IMAGE: minimum2scp/systemd-stretch
27 | MY_MOLECULE_GROUP: postgresql
28 | - MY_MOLECULE_CONTAINER: pgsql-ubuntu
29 | MY_MOLECULE_IMAGE: solita/ubuntu-systemd:xenial
30 | MY_MOLECULE_GROUP: postgresql
31 |
32 | install:
33 | - curl -sSlo requirements.txt https://raw.githubusercontent.com/dj-wasabi/ansible-ci-base/master/requirements.txt
34 | - pip install -r requirements.txt
35 |
36 | script:
37 | - molecule --version
38 | - ansible --version
39 | - molecule test
40 |
41 | notifications:
42 | webhooks: https://galaxy.ansible.com/api/v1/notifications/
43 |
--------------------------------------------------------------------------------
/tasks/php_Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Debian | Install legacy php5 packages on old distros"
3 | apt:
4 | state: present
5 | update_cache: yes
6 | cache_valid_time: 3600
7 | name:
8 | - php5-{{ zabbix_server_database }}
9 | - php5-bcmath
10 | - php5-mbstring
11 | - php5-ldap
12 | - php5-xml
13 | - php5-gd
14 | register: zabbix_web_php_dependency_install
15 | until: zabbix_web_php_dependency_install is succeeded
16 | when: >
17 | ( ansible_distribution == 'Ubuntu' and (ansible_distribution_version is version_compare('16.04', '<')))
18 | or ( ansible_distribution == 'Debian' and (ansible_distribution_version is version_compare('9', '<')) )
19 | tags:
20 | - zabbix-web
21 | - init
22 |
23 | - name: "Debian | Install modern php packages on current distros"
24 | apt:
25 | state: present
26 | update_cache: yes
27 | cache_valid_time: 3600
28 | name:
29 | - php-{{ zabbix_server_database }}
30 | - php-bcmath
31 | - php-mbstring
32 | - php-ldap
33 | - php-xml
34 | - php-gd
35 | register: zabbix_web_php_dependency_install
36 | until: zabbix_web_php_dependency_install is succeeded
37 | when: >
38 | ( ansible_distribution == 'Ubuntu' and (ansible_distribution_version is version_compare('16.04', '>=')))
39 | or ( ansible_distribution == 'Debian' and (ansible_distribution_version is version_compare('9', '>=')) )
40 | tags:
41 | - zabbix-server
42 | - init
43 |
--------------------------------------------------------------------------------
/molecule/default/prepare.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Prepare
3 | hosts: all
4 | pre_tasks:
5 | - name: "Installing EPEL"
6 | yum:
7 | name: epel-release
8 | state: present
9 | when: ansible_distribution == 'CentOS'
10 |
11 | - name: "Installing packages"
12 | yum:
13 | name:
14 | - net-tools
15 | - which
16 | - libselinux-python
17 | - python-pip
18 | state: present
19 | register: installation_dependencies
20 | when: ansible_distribution == 'CentOS'
21 |
22 | - name: "Installing which on NON-CentOS"
23 | apt:
24 | name:
25 | - net-tools
26 | - python-pip
27 | - curl
28 | state: present
29 | when: ansible_distribution != 'CentOS'
30 |
31 | - name: "Configure SUDO."
32 | lineinfile:
33 | dest: /etc/sudoers
34 | line: "Defaults !requiretty"
35 | state: present
36 |
37 | - name: "Make sure the docs are installed."
38 | lineinfile:
39 | dest: /etc/yum.conf
40 | line: "tsflags=nodocs"
41 | state: absent
42 |
43 | - name: "Installing some python dependencies"
44 | pip:
45 | name: py-zabbix
46 | state: present
47 |
48 | - name: "Create group for imaginary host"
49 | add_host:
50 | name: imaginary-host
51 | groups:
52 | - mysql
53 | - postgresql
54 | changed_when: False
55 |
56 | roles:
57 | - role: geerlingguy.postgresql
58 | when: inventory_hostname in groups['postgresql']
59 | - role: geerlingguy.mysql
60 | when: inventory_hostname in groups['mysql']
61 | - role: dj-wasabi.zabbix-server
62 |
--------------------------------------------------------------------------------
/molecule/default/molecule.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependency:
3 | name: galaxy
4 | options:
5 | ignore-certs: True
6 | ignore-errors: True
7 | role-file: requirements.yml
8 |
9 | driver:
10 | name: docker
11 | lint:
12 | name: yamllint
13 | options:
14 | config-file: molecule/default/yaml-lint.yml
15 | platforms:
16 | - name: zabbix-web-${MY_MOLECULE_CONTAINER:-mysql-centos}
17 | image: ${MY_MOLECULE_IMAGE:-"milcom/centos7-systemd"}
18 | privileged: True
19 | command: /sbin/init
20 | groups:
21 | - ${MY_MOLECULE_GROUP:-mysql}
22 |
23 | provisioner:
24 | name: ansible
25 | lint:
26 | name: ansible-lint
27 | inventory:
28 | group_vars:
29 | mysql:
30 | zabbix_server_database: mysql
31 | zabbix_server_database_long: mysql
32 | zabbix_server_dbport: 3306
33 | postgresql:
34 | zabbix_server_database: pgsql
35 | zabbix_server_database_long: postgresql
36 | host_vars:
37 | zabbix-web-pgsql-debian:
38 | zabbix_url: zabbix-web-pgsql-debian
39 | zabbix_websrv_servername: zabbix-web-pgsql-debian
40 | zabbix-web-mysql-debian:
41 | zabbix_url: zabbix-web-mysql-debian
42 | zabbix_websrv_servername: zabbix-web-mysql-debian
43 | zabbix-web-pgsql-centos:
44 | zabbix_url: zabbix-web-pgsql-centos
45 | zabbix_websrv_servername: zabbix-web-pgsql-centos
46 | zabbix-web-mysql-centos:
47 | zabbix_url: zabbix-web-mysql-centos
48 | zabbix_websrv_servername: zabbix-web-mysql-centos
49 | zabbix-web-mysql-ubuntu:
50 | zabbix_url: zabbix-web-mysql-ubuntu
51 | zabbix_websrv_servername: zabbix-web-mysql-ubuntu
52 | zabbix-web-pgsql-ubuntu:
53 | zabbix_url: zabbix-web-pgsql-ubuntu
54 | zabbix_websrv_servername: zabbix-web-pgsql-ubuntu
55 |
56 | scenario:
57 | name: default
58 |
59 | verifier:
60 | name: testinfra
61 | lint:
62 | name: flake8
63 |
--------------------------------------------------------------------------------
/tasks/Debian.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: "Include Zabbix gpg ids"
4 | include_vars: zabbix.yml
5 |
6 | - name: "Set short version name"
7 | set_fact:
8 | zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
9 |
10 | - name: "Debian | Install gpg key"
11 | apt_key:
12 | id: "{{ sign_keys[zabbix_short_version][ansible_distribution_release]['sign_key'] }}"
13 | url: http://repo.zabbix.com/zabbix-official-repo.key
14 | when:
15 | - zabbix_repo == "zabbix"
16 | become: yes
17 | tags:
18 | - zabbix-web
19 | - init
20 | - config
21 |
22 | - name: "Debian | Installing repository {{ ansible_distribution }}"
23 | apt_repository:
24 | repo: "{{ item }} http://repo.zabbix.com/zabbix/{{ zabbix_version }}/{{ ansible_distribution.lower() }}/ {{ ansible_distribution_release }} main"
25 | state: present
26 | when:
27 | - zabbix_repo == "zabbix"
28 | with_items:
29 | - deb-src
30 | - deb
31 | tags:
32 | - zabbix-web
33 | - init
34 | - config
35 |
36 | - name: "Debian | Install PHP apart from zabbix-frontend-php deps"
37 | include_tasks: "php_Debian.yml"
38 | when: zabbix_php_install
39 |
40 | - name: "Debian | Install zabbix-web"
41 | apt:
42 | pkg: zabbix-frontend-php
43 | state: "{{ zabbix_web_package_state }}"
44 | update_cache: yes
45 | cache_valid_time: 0
46 | register: zabbix_web_package_install
47 | until: zabbix_web_package_install is succeeded
48 | tags:
49 | - zabbix-web
50 | - init
51 | - config
52 |
53 | - name: "Debian | Link graphfont.ttf (workaround ZBX-10467)"
54 | file:
55 | src: '/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf'
56 | path: '/usr/share/zabbix/fonts/graphfont.ttf'
57 | state: link
58 | tags:
59 | - zabbix-web
60 | - init
61 | - config
62 |
63 | - include_tasks: apache_Debian.yml
64 | vars:
65 | zabbix_apache_servername: "{{ zabbix_websrv_servername }}"
66 | when: zabbix_websrv == 'apache'
67 |
--------------------------------------------------------------------------------
/tasks/RedHat.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Tasks specific for RedHat systems
3 |
4 | - name: "RedHat | Install basic repo file"
5 | yum_repository:
6 | name: "{{ item.name }}"
7 | description: "{{ item.description }}"
8 | baseurl: "{{ item.baseurl }}"
9 | gpgcheck: "{{ item.gpgcheck }}"
10 | gpgkey: "{{ item.gpgkey }}"
11 | state: "{{ item.state | default('present') }}"
12 | with_items: "{{ zabbix_repo_yum }}"
13 | when:
14 | - zabbix_repo == "zabbix"
15 | tags:
16 | - zabbix-web
17 |
18 | - name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}"
19 | yum:
20 | pkg: zabbix-web-{{ zabbix_server_database }}
21 | state: "{{ zabbix_web_package_state }}"
22 | update_cache: yes
23 | register: zabbix_web_package_install
24 | until: zabbix_web_package_install is succeeded
25 | tags:
26 | - zabbix-web
27 |
28 | - include_tasks: apache_RedHat.yml
29 | vars:
30 | zabbix_apache_servername: "{{ zabbix_websrv_servername }}"
31 | when: zabbix_websrv == 'apache'
32 |
33 | - name: "RedHat | Install related SELinux package"
34 | yum:
35 | name:
36 | - libsemanage-python
37 | state: present
38 | register: zabbix_web_dependencies_installed
39 | until: zabbix_web_dependencies_installed is succeeded
40 | when:
41 | - selinux_allow_zabbix_can_network
42 | - ansible_distribution_major_version == "7" or ansible_distribution_major_version == "6"
43 | tags:
44 | - zabbix-web
45 |
46 | - name: "RedHat | Install related SELinux package on RHEL8"
47 | yum:
48 | name:
49 | - python3-libsemanage
50 | state: present
51 | register: zabbix_web_dependencies_installed
52 | until: zabbix_web_dependencies_installed is succeeded
53 | when:
54 | - selinux_allow_zabbix_can_network
55 | - ansible_distribution_major_version == "8"
56 | tags:
57 | - zabbix-web
58 |
59 | - name: "RedHat | Enable zabbix_can_network SELinux boolean"
60 | seboolean:
61 | name: zabbix_can_network
62 | state: yes
63 | persistent: yes
64 | when:
65 | - selinux_allow_zabbix_can_network
66 | tags:
67 | - zabbix-web
68 |
--------------------------------------------------------------------------------
/molecule/default/tests/test_default.py:
--------------------------------------------------------------------------------
1 | import os
2 | import pytest
3 |
4 | import testinfra.utils.ansible_runner
5 |
6 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
7 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
8 |
9 |
10 | @pytest.mark.parametrize("server, redhat, debian", [
11 | ("zabbix-server-pgsql", "zabbix-web-pgsql", "zabbix-frontend-php"),
12 | ("zabbix-server-mysql", "zabbix-web-mysql", "zabbix-frontend-php"),
13 | ])
14 | def test_zabbix_package(host, server, redhat, debian):
15 | host = host.backend.get_hostname()
16 | host = host.replace("-centos", "")
17 | host = host.replace("-debian", "")
18 | host = host.replace("-ubuntu", "")
19 |
20 | if host == server:
21 | if host.system_info.distribution in ['debian', 'ubuntu']:
22 | zabbix_web = host.package(debian)
23 | assert zabbix_web.version.startswith("1:4.4")
24 | elif host.system_info.distribution == 'centos':
25 | zabbix_web = host.package(redhat)
26 | assert zabbix_web.version.startswith("4.4")
27 | assert zabbix_web.is_installed
28 |
29 |
30 | def test_zabbix_web(host):
31 | zabbix_web = host.file("/etc/zabbix/web/zabbix.conf.php")
32 |
33 | if host.system_info.distribution in ['debian', 'ubuntu']:
34 | assert zabbix_web.user == "www-data"
35 | assert zabbix_web.group == "www-data"
36 | elif host.system_info.distribution == 'centos':
37 | assert zabbix_web.user == "apache"
38 | assert zabbix_web.group == "apache"
39 | assert zabbix_web.mode == 0o640
40 |
41 |
42 | def test_zabbix_api(host):
43 | my_host = host.ansible.get_variables()
44 | zabbix_url = str(my_host['zabbix_url'])
45 | hostname = 'http://' + zabbix_url + '/api_jsonrpc.php'
46 | post_data = '{"jsonrpc": "2.0", "method": "user.login", "params": { "user": "Admin", "password": "zabbix" }, "id": 1, "auth": null}'
47 | headers = 'Content-Type: application/json-rpc'
48 | command = "curl -XPOST -H '" + str(headers) + "' -d '" + str(post_data) + "' '" + hostname + "'"
49 |
50 | cmd = host.run(command)
51 | assert '"jsonrpc":"2.0","result":"' in cmd.stdout
52 |
--------------------------------------------------------------------------------
/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # tasks file for wdijkerman.zabbix-web
3 |
4 | - name: "Include OS-specific variables"
5 | include_vars: "{{ ansible_os_family }}.yml"
6 | tags:
7 | - always
8 |
9 | - name: "Set short version name"
10 | set_fact:
11 | zabbix_short_version: "{{ zabbix_version | regex_replace('\\.', '') }}"
12 | tags:
13 | - always
14 |
15 | - include_tasks: apache.yml
16 | when: zabbix_websrv == 'apache'
17 |
18 | - name: "Install the correct repository"
19 | include: "RedHat.yml"
20 | when: ansible_os_family == "RedHat"
21 | tags:
22 | - zabbix-web
23 |
24 | - name: "Install the correct repository"
25 | include: "Debian.yml"
26 | when: ansible_os_family == "Debian"
27 | tags:
28 | - zabbix-web
29 |
30 | - name: "Create zabbix-web directory"
31 | file:
32 | path: /etc/zabbix/web
33 | owner: "{{ apache_user }}"
34 | group: "{{ apache_group }}"
35 | state: directory
36 | mode: 0755
37 | tags:
38 | - zabbix-web
39 | - init
40 | - config
41 |
42 | - name: "Configure zabbix-web"
43 | template:
44 | src: zabbix.conf.php.j2
45 | dest: /etc/zabbix/web/zabbix.conf.php
46 | owner: "{{ apache_user }}"
47 | group: "{{ apache_group }}"
48 | mode: 0640
49 | notify:
50 | - restart apache
51 | tags:
52 | - zabbix-web
53 | - init
54 | - config
55 |
56 | - name: "Allow httpd to connect to db (SELinux)"
57 | seboolean:
58 | name: httpd_can_network_connect_db
59 | persistent: yes
60 | state: yes
61 | when:
62 | - ansible_selinux.status == "enabled"
63 | - selinux_allow_zabbix_can_network
64 | tags: selinux
65 |
66 | - name: "Allow httpd to connect to zabbix (SELinux)"
67 | seboolean:
68 | name: httpd_can_connect_zabbix
69 | persistent: yes
70 | state: yes
71 | when:
72 | - ansible_selinux.status == "enabled"
73 | - selinux_allow_zabbix_can_network
74 | tags: selinux
75 |
76 | - name: "Allow httpd to connect to ldap (SELinux)"
77 | seboolean:
78 | name: httpd_can_connect_ldap
79 | persistent: yes
80 | state: yes
81 | when:
82 | - ansible_selinux.status == "enabled"
83 | - zabbix_apache_can_connect_ldap|bool
84 | tags: selinux
85 |
--------------------------------------------------------------------------------
/molecule/default/create.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create
3 | hosts: localhost
4 | connection: local
5 | gather_facts: false
6 | no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
7 | vars:
8 | molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
9 | molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
10 | molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
11 | molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
12 | tasks:
13 | - name: Create Dockerfiles from image names
14 | template:
15 | src: "{{ molecule_scenario_directory }}/Dockerfile.j2"
16 | dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
17 | with_items: "{{ molecule_yml.platforms }}"
18 | register: platforms
19 |
20 | - name: Discover local Docker images
21 | docker_image_facts:
22 | name: "molecule_local/{{ item.item.name }}"
23 | with_items: "{{ platforms.results }}"
24 | register: docker_images
25 |
26 | - name: Build an Ansible compatible image
27 | docker_image:
28 | path: "{{ molecule_ephemeral_directory }}"
29 | name: "molecule_local/{{ item.item.image }}"
30 | dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
31 | force: "{{ item.item.force | default(true) }}"
32 | with_items: "{{ platforms.results }}"
33 | when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
34 |
35 | - name: Create molecule instance(s)
36 | docker_container:
37 | name: "{{ item.name }}"
38 | hostname: "{{ item.name }}"
39 | image: "molecule_local/{{ item.image }}"
40 | state: started
41 | recreate: false
42 | log_driver: none
43 | command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}"
44 | privileged: "{{ item.privileged | default(omit) }}"
45 | volumes: "{{ item.volumes | default(omit) }}"
46 | capabilities: "{{ item.capabilities | default(omit) }}"
47 | register: server
48 | with_items: "{{ molecule_yml.platforms }}"
49 | async: 7200
50 | poll: 0
51 |
52 | - name: Wait for instance(s) creation to complete
53 | async_status:
54 | jid: "{{ item.ansible_job_id }}"
55 | register: docker_jobs
56 | until: docker_jobs.finished
57 | retries: 300
58 | with_items: "{{ server.results }}"
59 |
--------------------------------------------------------------------------------
/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for zabbix-web
3 |
4 | zabbix_web_version: 4.4
5 | zabbix_version: "{{ zabbix_web_version }}"
6 | zabbix_repo: zabbix
7 | zabbix_web_package_state: present
8 | zabbix_selinux: False
9 |
10 | zabbix_url: zabbix.example.com
11 | zabbix_websrv: apache
12 | zabbix_websrv_servername: "{{ zabbix_url | regex_findall('(?:https?\\://)?([\\w\\-\\.]+)') | first }}"
13 | zabbix_url_aliases: []
14 | zabbix_apache_vhost_port: 80
15 | zabbix_apache_vhost_tls_port: 443
16 | zabbix_timezone: Europe/Amsterdam
17 | zabbix_vhost: True
18 | zabbix_php_fpm: False
19 | zabbix_apache_vhost_listen_ip: "*"
20 | zabbix_apache_tls: False
21 | zabbix_apache_redirect: False
22 | zabbix_apache_tls_crt: /etc/pki/server.crt
23 | zabbix_apache_tls_key: /etc/pki/server.key
24 | zabbix_apache_tls_chain:
25 | zabbix_apache_can_connect_ldap: False
26 |
27 | zabbix_repo_yum:
28 | - name: zabbix
29 | description: Zabbix Official Repository - $basearch
30 | baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/
31 | gpgcheck: 0
32 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
33 | state: present
34 | - name: zabbix-supported
35 | description: Zabbix Official Repository non-supported - $basearch
36 | baseurl: http://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/
37 | gpgcheck: 0
38 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
39 | state: present
40 |
41 | zabbix_php_install: true
42 | zabbix_web_max_execution_time: 300
43 | zabbix_web_memory_limit: 128M
44 | zabbix_web_post_max_size: 16M
45 | zabbix_web_upload_max_filesize: 2M
46 | zabbix_web_max_input_time: 300
47 | zabbix_apache_include_custom_fragment: true
48 |
49 | zabbix_apache_SSLPassPhraseDialog: exec:/usr/libexec/httpd-ssl-pass-dialog
50 | zabbix_apache_SSLSessionCache: shmcb:/run/httpd/sslcache(512000)
51 | zabbix_apache_SSLSessionCacheTimeout: 300
52 | zabbix_apache_SSLCryptoDevice: builtin
53 |
54 | # Database
55 | zabbix_server_database: pgsql
56 | zabbix_server_database_long: postgresql
57 | zabbix_server_name: "{{ inventory_hostname }}"
58 | zabbix_server_hostname: "{{ inventory_hostname }}"
59 | zabbix_server_listenport: 10051
60 | zabbix_server_dbhost: localhost
61 | zabbix_server_dbname: zabbix-server
62 | zabbix_server_dbuser: zabbix-server
63 | zabbix_server_dbpassword: zabbix-server
64 | zabbix_server_dbport: 5432
65 | zabbix_server_dbschema:
66 |
67 | # Elasticsearch
68 | # zabbix_server_history_url:
69 | # - "'uint' => 'http://localhost:9200'"
70 | # - "'text' => 'http://localhost:9200'"
71 | # - "'log' => 'http://localhost:9200'"
72 | # - "'dbl' => 'http://localhost:9200'"
73 | # - "'str' => 'http://localhost:9200'"
74 | zabbix_server_history_types:
75 | - 'str'
76 | - 'text'
77 | - 'log'
78 | - 'uint'
79 | - 'dbl'
80 |
81 | selinux_allow_zabbix_can_network: False
82 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing to this role
2 |
3 | **Table of content**
4 |
5 | - [Contributing to this role](#contributing-to-this-role)
6 | * [Contributing](#contributing)
7 | * [(local) Development](#-local--development)
8 | + [Requirements](#requirements)
9 | + [Execution](#execution)
10 | - [Other](#other)
11 | * [Virtualenv](#virtualenv)
12 | * [Links](#links)
13 |
14 | Thank you very much for making time to improve this Ansible role.
15 |
16 | ## Contributing
17 |
18 | Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
19 |
20 | 1. Fork the repo
21 |
22 | 2. Create a branch and apply your changes to this branch.
23 |
24 | a. Make sure you have updated the documentation when adding new variables;
25 |
26 | b. Don't forget to add/update tests so we can test the functionality during each Pull Request;
27 |
28 | c. Make sure the tests will succeed.
29 |
30 | 3. Push the branch to your fork and submit a pull request.
31 |
32 | **Note**
33 |
34 | Pull Requests that fails during the tests will not be merged.
35 |
36 | ## Coding Guidelines
37 |
38 | Style guides are important because they ensure consistency in the content, look, and feel of a book or a website.
39 |
40 | * [Ansible Style Guide](http://docs.ansible.com/ansible/latest/dev_guide/style_guide/)
41 | * It's "Ansible" when referring to the product and ``ansible`` when referring to the command line tool, package, etc
42 | * Playbooks should be written in multi-line YAML with ``key: value``. The form ``key=value`` is only for ``ansible`` ad-hoc, not for ``ansible-playbook``.
43 | * Tasks should always have a ``name:``
44 |
45 | ## (local) Development
46 |
47 | This role make use of Molecule to test the execution of the role and verificate it. In the root of the repository, a file named `requirements.txt` exists and contains the versions used by the tests.
48 |
49 | ### Requirements
50 |
51 | You can install them with the following command:
52 |
53 | ```
54 | pip install -r requirements.txt
55 | ```
56 |
57 | Once the dependencies are installed, please install Docker as Molecule is configured in this repository to create Docker containers. See [this](https://docs.docker.com/install/) link to install Docker on your system.
58 |
59 | ### Execution
60 |
61 | Once everything is installed, you can validate your changes by executing:
62 | ```
63 | molecule test
64 | ```
65 |
66 | It should run without any issues.
67 |
68 | # Other
69 |
70 | ## Virtualenv
71 |
72 | Suggestion is to create a virtualenv so you won't have issues with other projects.
73 |
74 | Some web pages describing for virtual env:
75 |
76 | * http://thepythonguru.com/python-virtualenv-guide/
77 | * https://realpython.com/python-virtual-environments-a-primer/
78 | * https://www.dabapps.com/blog/introduction-to-pip-and-virtualenv-python/
79 |
80 | ## Links
81 |
82 | [Molecule](https://molecule.readthedocs.io/)
83 |
84 | [Ansible](https://www.ansible.com/)
85 |
86 | [Molecule V2 with your own role](https://werner-dijkerman.nl/2017/09/05/using-molecule-v2-to-test-ansible-roles/)
87 |
88 | **End note**: Have fun making changes. If a feature helps you, then others find it helpful too and I will happily have it merged.
89 |
--------------------------------------------------------------------------------
/vars/zabbix.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | sign_keys:
4 | "44":
5 | buster:
6 | sign_key: A14FE591
7 | cosmic:
8 | sign_key: A14FE591
9 | bionic:
10 | sign_key: A14FE591
11 | sonya:
12 | sign_key: A14FE591
13 | serena:
14 | sign_key: A14FE591
15 | stretch:
16 | sign_key: A14FE591
17 | wheezy:
18 | sign_key: 79EA5ED4
19 | jessie:
20 | sign_key: 79EA5ED4
21 | trusty:
22 | sign_key: 79EA5ED4
23 | xenial:
24 | sign_key: E709712C
25 | "42":
26 | buster:
27 | sign_key: A14FE591
28 | cosmic:
29 | sign_key: A14FE591
30 | bionic:
31 | sign_key: A14FE591
32 | sonya:
33 | sign_key: A14FE591
34 | serena:
35 | sign_key: A14FE591
36 | stretch:
37 | sign_key: A14FE591
38 | wheezy:
39 | sign_key: 79EA5ED4
40 | jessie:
41 | sign_key: 79EA5ED4
42 | trusty:
43 | sign_key: 79EA5ED4
44 | xenial:
45 | sign_key: E709712C
46 | "40":
47 | buster:
48 | sign_key: A14FE591
49 | bionic:
50 | sign_key: A14FE591
51 | sonya:
52 | sign_key: A14FE591
53 | serena:
54 | sign_key: A14FE591
55 | stretch:
56 | sign_key: A14FE591
57 | wheezy:
58 | sign_key: 79EA5ED4
59 | jessie:
60 | sign_key: 79EA5ED4
61 | trusty:
62 | sign_key: 79EA5ED4
63 | xenial:
64 | sign_key: E709712C
65 | "34":
66 | buster:
67 | sign_key: A14FE591
68 | bionic:
69 | sign_key: A14FE591
70 | sonya:
71 | sign_key: A14FE591
72 | serena:
73 | sign_key: A14FE591
74 | stretch:
75 | sign_key: A14FE591
76 | wheezy:
77 | sign_key: 79EA5ED4
78 | jessie:
79 | sign_key: 79EA5ED4
80 | trusty:
81 | sign_key: 79EA5ED4
82 | xenial:
83 | sign_key: E709712C
84 | "32":
85 | sonya:
86 | sign_key: 79EA5ED4
87 | serena:
88 | sign_key: 79EA5ED4
89 | stretch:
90 | sign_key: A14FE591
91 | wheezy:
92 | sign_key: 79EA5ED4
93 | jessie:
94 | sign_key: 79EA5ED4
95 | trusty:
96 | sign_key: 79EA5ED4
97 | xenial:
98 | sign_key: E709712C
99 | "30":
100 | wheezy:
101 | sign_key: 79EA5ED4
102 | jessie:
103 | sign_key: 79EA5ED4
104 | stretch:
105 | sign_key: A14FE591
106 | trusty:
107 | sign_key: 79EA5ED4
108 | xenial:
109 | sign_key: E709712C
110 | "24":
111 | wheezy:
112 | sign_key: 79EA5ED4
113 | jessie:
114 | sign_key: 79EA5ED4
115 | precise:
116 | sign_key: 79EA5ED4
117 | trusty:
118 | sign_key: 79EA5ED4
119 | "22":
120 | squeeze:
121 | sign_key: 79EA5ED4
122 | jessie:
123 | sign_key: 79EA5ED4
124 | precise:
125 | sign_key: 79EA5ED4
126 | trusty:
127 | sign_key: 79EA5ED4
128 | lucid:
129 | sign_key: 79EA5ED4
130 |
131 | suse:
132 | "openSUSE Leap":
133 | "42":
134 | name: server:monitoring
135 | url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_Leap_{{ ansible_distribution_version }}/
136 | "openSUSE":
137 | "12":
138 | name: server_monitoring
139 | url: http://download.opensuse.org/repositories/server:/monitoring/openSUSE_{{ ansible_distribution_version }}
140 | "SLES":
141 | "11":
142 | name: server_monitoring
143 | url: http://download.opensuse.org/repositories/server:/monitoring/SLE_11_SP3/
144 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # ansible-zabbix-web Release
2 |
3 | Below an overview of all changes in the releases.
4 |
5 | Version (Release date)
6 |
7 | FINAL and LAST release for this role in this repository. This role will be transferred to: https://github.com/ansible-collections/community.zabbix/
8 |
9 | 1.6.0 (2020-05-23)
10 |
11 | * Added installation of selinux package #74
12 | * 4.4 supports Debian buster #75 (By pull request: lingfish (Thanks!))
13 | * Avoid conflicts with zabbix_version var #77 (By pull request: santiagomr (Thanks!))
14 | * adding zabbix_apache_skip_custom_fragment to prevent php_values in conf #79 (By pull request: tobiasehlert (Thanks!))
15 | * Correcting custom fragment PR 79 #80 (By pull request: tobiasehlert (Thanks!))
16 | * Adding zabbix_apache_include_custom_fragment to TLS section #81 (By pull request: tobiasehlert (Thanks!))
17 | * selinux blocking httpd connection to zabbix #82 (By pull request: SimBou (Thanks!))
18 | * php-fpm, zabbix db schema and apachectl path #85 (By pull request: v (Thanks!))
19 |
20 | 1.5.0 (2019-12-01)
21 |
22 | * Added vhost interface variable #55 (By pull request: okgolove (Thanks!))
23 | * Minor changes for molecule #56
24 | * Make Apache optional but keep as default; Closes dj-wasabi/ansible-zabbix-web#58 #59 (By pull request: kr4ut (Thanks!))
25 | * Refactor PHP pkg install for Debian/Ubuntu; Closes dj-wasabi/ansible-zabbix-web#57 #60 (By pull request: kr4ut (Thanks!))
26 | * Add update_cache: yes to tasks/RedHat.yml #64 (By pull request: patsevanton (Thanks!))
27 | * readme update that default is 4.2 #67 (By pull request: fabtho (Thanks!))
28 | * Update main.yml #68 (By pull request: Vinclame (Thanks!))
29 | * SELinux boolean added for httpd -> ldap connections #69 (By pull request: Vinclame (Thanks!))
30 | * Zabbix 44 #71
31 | * Using travis envs #72
32 |
33 | 1.4.0 (2019-04-14)
34 |
35 | * Fixing the rights for config file #39
36 | * Fixing the require line #40
37 | * Removed the _type string in various places #42
38 | * adds support for elasticsearch history storage #43 (By pull request: MartinHell (Thanks!))
39 | * Always include OS variables #44 (By pull request: jrgoldfinemiddleton (Thanks!))
40 | * skip repo file when zabbix_repo="other" #45 (By pull request: wschaft (Thanks!))
41 | * Removal of links to files provided by Zabbix #47
42 | * Fix apt module deprecation notice #49 (By pull request: logan2211 (Thanks!))
43 | * fix apache servername regex to support hyphen character #51 (By pull request: wschaft (Thanks!))
44 | * get the apache version also in check mode #52 (By pull request: wschaft (Thanks!))
45 | * Updating to Zabbix 4.2 #53
46 |
47 | 1.3.0 (2018-10-20)
48 |
49 | * Add zabbix 40 #33
50 | * Modify use of zabbix server packages #35 (By pull request: average-joe (Thanks!))
51 | * Fix for: update readme to include correct examples #32
52 |
53 | 1.2.0 (2018-09-11)
54 |
55 | * Updated supported versions #27
56 | * Readme lang typos grammar #28 (By pull request: dnmvisser (Thanks!))
57 | * Reflect license change to MIT in README #29 (By pull request: stephankn (Thanks!))
58 | * Fix for #24 #30
59 | * Fix for: SSLPassPhraseDialog setting problems - /usr/libexec/httpd-ss… #31
60 |
61 | 1.1.0 (2018-06-23)
62 |
63 | * added support for HTTPS #25 (By pull request: q1x (Thanks!))
64 | * Make debian 9 work #22
65 | * Updated minimal Ansible version to 2.4 #21
66 | * Changed version_compare operator to avoid deprecation warnings #19 (By pull request: nidr0x (Thanks!))
67 | * Most of the time php behaves better with leading semicolon. #17 (By pull request: toke (Thanks!))
68 | * add php7.0-gd #16 (By pull request: scil (Thanks!))
69 | * Fixed missing attribute iteritems #15 (By pull request: toke (Thanks!))
70 | * Allow usage of php environment variables #13 (By pull request: toke (Thanks!))
71 | * Make use of Molecule V2
72 | * Add support for debian stretch #7 (By pull request: dulin (Thanks!))
73 | * Fix Zabbix graph legend bug for Debian packages (see ZBX-10467) #6 (By pull request: mgornikov (Thanks!))
74 | * Split zabbix_url and Apache vhost ServerName #5 (By pull request: eshikhov (Thanks!))
75 |
76 | 1.0.0 (2017-08-30)
77 |
78 | * Removed tags 'always' on few tasks.
79 | * Fix for: Installing Zabbix-Web-MySQL Failed #1
80 |
81 | 0.1.0 (2017-06-16)
82 |
83 | * Initial working version.
84 |
--------------------------------------------------------------------------------
/templates/apache_vhost.conf.j2:
--------------------------------------------------------------------------------
1 |
2 | ServerName {{ zabbix_apache_servername }}
3 | {% for alias in zabbix_url_aliases %}
4 | ServerAlias {{ alias }}
5 | {% endfor %}
6 |
7 | ## Vhost docroot
8 | DocumentRoot "/usr/share/zabbix"
9 |
10 | {% if zabbix_apache_redirect and zabbix_apache_tls %}
11 | RewriteEngine On
12 | RewriteCond %{HTTPS} !=on
13 | RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
14 | {% endif %}
15 |
16 | {% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/app', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %}
17 |
18 |
19 | {% if apache_version|string() == '2.4' %}
20 | Options FollowSymLinks
21 | AllowOverride None
22 | Require all granted
23 | {% else %}
24 | AllowOverride None
25 | Order Allow,Deny
26 | Allow from all
27 | {% endif %}
28 |
29 |
30 | {% for my_path in directory_paths %}
31 |
32 | {% if apache_version|string() == '2.4' %}
33 | Require all denied
34 | {% else %}
35 | AllowOverride None
36 | Order Deny,Allow
37 | Deny from all
38 | {% endif %}
39 |
40 |
41 | {% endfor %}
42 | ## Logging
43 | ErrorLog "/var/log/{{ apache_log }}/{{ zabbix_apache_servername }}_error.log"
44 | ServerSignature Off
45 | CustomLog "/var/log/{{ apache_log }}/{{ zabbix_apache_servername }}_access.log" combined
46 |
47 | ## Rewrite rules
48 | RewriteEngine On
49 | RewriteRule ^$ /index.php [L]
50 |
51 | {% if zabbix_apache_include_custom_fragment | default(true) %}
52 | ## Custom fragment
53 | {% if zabbix_php_fpm %}
54 | ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1
55 | ProxyTimeout 1800
56 | {% else %}
57 | php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }}
58 | php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }}
59 | php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }}
60 | php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }}
61 | php_value max_input_time {{ zabbix_web_max_input_time | default('300') }}
62 | # Set correct timezone.
63 | php_value date.timezone {{ zabbix_timezone }}
64 | {% endif %}
65 |
66 |
67 | {# Set up TLS vhosts #}
68 | {% if zabbix_apache_tls and zabbix_apache_vhost_tls_port %}
69 |
70 | SSLPassPhraseDialog {{ zabbix_apache_SSLPassPhraseDialog }}
71 | SSLSessionCache {{ zabbix_apache_SSLSessionCache }}
72 | SSLSessionCacheTimeout {{ zabbix_apache_SSLSessionCacheTimeout }}
73 | SSLRandomSeed startup file:/dev/urandom 256
74 | SSLRandomSeed connect builtin
75 | SSLCryptoDevice {{ zabbix_apache_SSLCryptoDevice }}
76 |
77 |
78 | ServerName {{ zabbix_apache_servername }}
79 | {% for alias in zabbix_url_aliases %}
80 | ServerAlias {{ alias }}
81 | {% endfor %}
82 |
83 | ## Vhost docroot
84 | DocumentRoot "/usr/share/zabbix"
85 |
86 | SSLEngine on
87 | SSLCipherSuite {{ apache_ssl_cipher_suite }}
88 | SSLProtocol {{ apache_ssl_protocol }}
89 | SSLHonorCipherOrder On
90 | {% if apache_vhosts_version == "2.4" %}
91 | SSLCompression off
92 | {% endif %}
93 | SSLCertificateFile {{ zabbix_apache_tls_crt }}
94 | SSLCertificateKeyFile {{ zabbix_apache_tls_key }}
95 | {% if zabbix_apache_tls_chain %}
96 | SSLCertificateChainFile {{ zabbix_apache_tls_chain }}
97 | {% endif %}
98 |
99 | {% set directory_paths = ['/usr/share/zabbix/conf', '/usr/share/zabbix/app', '/usr/share/zabbix/include', '/usr/share/zabbix/include/classes'] %}
100 |
101 |
102 | {% if apache_version|string() == '2.4' %}
103 | Options FollowSymLinks
104 | AllowOverride None
105 | Require all granted
106 | {% else %}
107 | AllowOverride None
108 | Order Allow,Deny
109 | Allow from all
110 | {% endif %}
111 |
112 |
113 | {% for my_path in directory_paths %}
114 |
115 | {% if apache_version|string() == '2.4' %}
116 | Require all granted
117 | {% else %}
118 | AllowOverride None
119 | Order Deny,Allow
120 | Deny from all
121 | {% endif %}
122 |
123 |
124 | {% endfor %}
125 | ## Logging
126 | ErrorLog "/var/log/{{ apache_log }}/{{ zabbix_apache_servername }}_tls_error.log"
127 | ServerSignature Off
128 | CustomLog "/var/log/{{ apache_log }}/{{ zabbix_apache_servername }}_tls_access.log" combined
129 |
130 | ## Rewrite rules
131 | RewriteEngine On
132 | RewriteRule ^$ /index.php [L]
133 |
134 | {% if zabbix_apache_include_custom_fragment | default(true) %}
135 | ## Custom fragment
136 | {% if zabbix_php_fpm %}
137 | ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/zabbix/$1
138 | ProxyTimeout 1800
139 | {% else %}
140 | php_value max_execution_time {{ zabbix_web_max_execution_time | default('300') }}
141 | php_value memory_limit {{ zabbix_web_memory_limit | default('128M') }}
142 | php_value post_max_size {{ zabbix_web_post_max_size | default('16M') }}
143 | php_value upload_max_filesize {{ zabbix_web_upload_max_filesize | default('2M') }}
144 | php_value max_input_time {{ zabbix_web_max_input_time | default('300') }}
145 | # Set correct timezone.
146 | php_value date.timezone {{ zabbix_timezone }}
147 | {% endif %}
148 |
149 | {% endif %}
150 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Table of Contents
2 |
3 | - [Overview](#overview)
4 | - [Requirements](#requirements)
5 | * [Operating Systems](#operating-systems)
6 | * [Zabbix Versions](#zabbix-versions)
7 | + [Zabbix 4.4](#zabbix-44)
8 | + [Zabbix 4.2](#zabbix-42)
9 | + [Zabbix 4.0](#zabbix-40)
10 | + [Zabbix 3.4](#zabbix-34)
11 | + [Zabbix 3.2](#zabbix-32)
12 | + [Zabbix 3.0](#zabbix-30)
13 | + [Zabbix 2.4](#zabbix-24)
14 | + [Zabbix 2.2](#zabbix-22)
15 | - [Installation](#installation)
16 | - [Role Variables](#role-variables)
17 | * [Main variables](#main-variables)
18 | + [Overall Zabbix](#overall-zabbix)
19 | + [Zabbix Web specific](#zabbix-web-specific)
20 | + [Zabbix Server](#zabbix-server)
21 | * [Examples of configuration](#examples-of-configuration)
22 | + [zabbix_repo_yum](#zabbix-repo-yum)
23 | - [Dependencies](#dependencies)
24 | - [Example Playbook](#example-playbook)
25 | * [Single instance](#single-instance)
26 | * [Multi host setup](#multi-host-setup)
27 | * [Adding Environment Variables for zabbix_web](#adding-environment-variables-for-zabbix-web)
28 | - [Molecule](#molecule)
29 | - [License](#license)
30 | - [Author Information](#author-information)
31 |
32 | # Overview
33 |
34 | This role is migrated to: https://github.com/ansible-collections/community.zabbix/
35 | In this repository, a read only version is/will be available for those who can not make use of collections (yet). Changes/updates will only be applied to the collection and not in this repository.
36 |
37 | # Requirements
38 | ## Operating Systems
39 |
40 | This role will work on the following operating systems:
41 |
42 | * RedHat
43 | * Debian
44 | * Ubuntu
45 |
46 | So, you'll need one of those operating systems.. :-)
47 | Please sent Pull Requests or suggestions when you want to use this role for other Operating Systems.
48 |
49 | ## Zabbix Versions
50 |
51 | See the following list of supported Operating Systems with the Zabbix releases.
52 |
53 | ### Zabbix 4.4
54 | * CentOS 7.x, 8.x
55 | * Amazon 7.x
56 | * RedHat 7.x, 8.x
57 | * OracleLinux 7.x, 8.x
58 | * Scientific Linux 7.x, 8.x
59 | * Ubuntu 14.04, 16.04, 18.04
60 | * Debian 8, 9
61 |
62 | ### Zabbix 4.2
63 | * CentOS 7.x
64 | * Amazon 7.x
65 | * RedHat 7.x
66 | * OracleLinux 7.x
67 | * Scientific Linux 7.x
68 | * Ubuntu 14.04, 16.04, 18.04
69 | * Debian 8, 9
70 |
71 | ### Zabbix 4.0
72 |
73 | * CentOS 7.x
74 | * Amazon 7.x
75 | * RedHat 7.x
76 | * OracleLinux 7.x
77 | * Scientific Linux 7.x
78 | * Ubuntu 14.04, 16.04, 18.04
79 | * Debian 8, 9
80 |
81 | ### Zabbix 3.4
82 |
83 | * CentOS 7.x
84 | * Amazon 7.x
85 | * RedHat 7.x
86 | * OracleLinux 7.x
87 | * Scientific Linux 7.x
88 | * Ubuntu 14.04, 16.04
89 | * Debian 7, 8, 9
90 |
91 | ### Zabbix 3.2
92 |
93 | * CentOS 7.x
94 | * Amazon 7.x
95 | * RedHat 7.x
96 | * OracleLinux 7.x
97 | * Scientific Linux 7.x
98 | * Ubuntu 14.04, 16.04
99 | * Debian 7, 8
100 |
101 | ### Zabbix 3.0
102 |
103 | * CentOS 5.x, 6.x, 7.x
104 | * Amazon 5.x, 6.x, 7.x
105 | * RedHat 5.x, 6.x, 7.x
106 | * OracleLinux 5.x, 6.x, 7.x
107 | * Scientific Linux 5.x, 6.x, 7.x
108 | * Ubuntu 14.04
109 | * Debian 7, 8
110 |
111 | ### Zabbix 2.4
112 |
113 | * CentOS 6.x, 7.x
114 | * Amazon 6.x, 7.x
115 | * RedHat 6.x, 7.x
116 | * OracleLinux 6.x, 7.x
117 | * Scientific Linux 6.x, 7.x
118 | * Ubuntu 12.04 14.04
119 | * Debian 7
120 |
121 | ### Zabbix 2.2
122 |
123 | * CentOS 5.x, 6.x
124 | * RedHat 5.x, 6.x
125 | * OracleLinux 5.x, 6.x
126 | * Scientific Linux 5.x, 6.x
127 | * Ubuntu 12.04
128 | * Debian 7
129 | * xenserver 6
130 |
131 | # Installation
132 |
133 | Installing this role is very simple: `ansible-galaxy install dj-wasabi.zabbix-web`
134 |
135 | When the Zabbix Web needs to be running on the same host as the Zabbix Server, please also install the Zabbix Server by executing the following command: `ansible-galaxy install dj-wasabi.zabbix-server`
136 |
137 | Default username/password for the Zabbix Web interface is the default.
138 |
139 | Username: Admin
140 | Password: zabbix
141 |
142 | # Role Variables
143 |
144 | ## Main variables
145 |
146 | The following is an overview of all available configuration defaults for this role.
147 |
148 | ### Overall Zabbix
149 |
150 | * `zabbix_web_version`: This is the version of zabbix. Default: 4.4, Can be overridden to 4.0, 3.4, 3.2, 3.0, 2.4, or 2.2. Previously the variable `zabbix_version` was used directly but it could cause [some inconvenience](https://github.com/dj-wasabi/ansible-zabbix-agent/pull/303). That variable is maintained by retrocompativility.
151 | * `zabbix_repo_yum`: A list with Yum repository configuration.
152 | * `zabbix_web_package_state`: Default: _present_. Can be overridden to "latest" to update packages when needed.
153 |
154 | ### Zabbix Web specific
155 |
156 | * `zabbix_url`: This is the url on which the zabbix web interface is available. Default is zabbix.example.com, you should override it. For example, see "Example Playbook"
157 | * `zabbix_url_aliases`: A list with Aliases for the Apache Virtual Host configuration.
158 | * `zabbix_timezone`: This is the timezone. The Apache Virtual Host needs this parameter. Default: Europe/Amsterdam
159 | * `zabbix_vhost`: True / False. When you don't want to create an Apache Virtual Host configuration, you can set it to False.
160 | * `zabbix_apache_vhost_port`: The port on which Zabbix HTTP vhost is running.
161 | * `zabbix_apache_vhost_tls_port`: The port on which Zabbix HTTPS vhost is running.
162 | * `zabbix_apache_vhost_port`: On which port the Apache Virtual Host is available.
163 | * `zabbix_apache_vhost_listen_ip`: On which interface the Apache Virtual Host is available.
164 | * `zabbix_apache_can_connect_ldap`: True / False. Set SELinux boolean to allow httpd to connect to LDAP. Default is False.
165 | * `zabbix_php_install`: True / False. Switch for extra install of packages for PHP, currently on for Debian/Ubuntu. Default is true.
166 | * `zabbix_web_max_execution_time`:
167 | * `zabbix_web_memory_limit`:
168 | * `zabbix_web_post_max_size`:
169 | * `zabbix_web_upload_max_filesize`:
170 | * `zabbix_web_max_input_time`:
171 | * `zabbix_apache_include_custom_fragment`: True / False. Includes php_value vars max_execution_time, memory_limit, post_max_size, upload_max_filesize, max_input_time and date.timezone in vhost file.. place those in php-fpm configuration. Default is true.
172 | * `zabbix_web_env`: (Optional) A Dictionary of PHP Environments
173 |
174 | The following properties are related when TLS/SSL is configured:
175 |
176 | * `zabbix_apache_tls`: If the Apache vhost should be configured with TLS encryption or not.
177 | * `zabbix_apache_redirect`: If a redirect should take place from HTTP to HTTPS
178 | * `zabbix_apache_tls_crt`: The path to the TLS certificate file.
179 | * `zabbix_apache_tls_key`: The path to the TLS key file.
180 | * `zabbix_apache_tls_chain`: The path to the TLS certificate chain file.
181 | * `zabbix_apache_SSLPassPhraseDialog`: Type of pass phrase dialog for encrypted private keys.
182 | * `zabbix_apache_SSLSessionCache`: Type of the global/inter-process SSL Session Cache
183 | * `zabbix_apache_SSLSessionCacheTimeout`: Number of seconds before an SSL session expires in the Session Cache
184 | * `zabbix_apache_SSLCryptoDevice`: Enable use of a cryptographic hardware accelerator
185 |
186 | When `zabbix_apache_tls_crt`, `zabbix_apache_tls_key` and/or `zabbix_apache_tls_chain` are used, make sure that these files exists before executing this role. The Zabbix-Web role will not install the mentioned files.
187 |
188 | See https://httpd.apache.org/docs/current/mod/mod_ssl.html for SSL* configuration options for Apache HTTPD.
189 |
190 | ### Zabbix Server
191 |
192 | * `zabbix_server_name`: The name of the Zabbix Server.
193 | * `zabbix_server_database`: The type of database used. Can be: mysql or pgsql
194 | * `zabbix_server_database_long`: The type of database used, but long name. Can be: mysql or postgresql
195 | * `zabbix_server_hostname`: The hostname on which the zabbix-server is running. Default set to: {{ inventory_hostname }}
196 | * `zabbix_server_listenport`: On which port the Zabbix Server is available. Default: 10051
197 | * `zabbix_server_dbhost`: The hostname on which the database is running.
198 | * `zabbix_server_dbname`: The database name which is used by the Zabbix Server.
199 | * `zabbix_server_dbuser`: The database username which is used by the Zabbix Server.
200 | * `zabbix_server_dbpassword`: The database user password which is used by the Zabbix Server.
201 | * `zabbix_server_dbport`: The database port which is used by the Zabbix Server.
202 |
203 | The following properties are related when using Elasticsearch for history storage:
204 |
205 | * `zabbix_server_history_url`: String with url to the Elasticsearch server or a list if the types are stored on different Elasticsearch URLs.
206 | * `zabbix_server_history_types`: List of history types to store in Elasticsearch.
207 |
208 | See the following links for more information regarding Zabbix and Elasticsearch
209 | https://www.zabbix.com/documentation/3.4/manual/appendix/install/elastic_search_setup
210 | https://www.zabbix.com/documentation/4.0/manual/appendix/install/elastic_search_setup
211 |
212 | ## Examples of configuration
213 |
214 | ### zabbix_repo_yum
215 |
216 | Current default configuration and example for specifying a yum repository:
217 |
218 | ````
219 | zabbix_repo_yum:
220 | - name: zabbix
221 | description: Zabbix Official Repository - $basearch
222 | baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/
223 | gpgcheck: 0
224 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
225 | state: present
226 | - name: zabbix
227 | description: Zabbix Official Repository non-supported - $basearch
228 | baseurl: http://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/
229 | gpgcheck: 0
230 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
231 | state: present
232 | ````
233 |
234 | # Dependencies
235 |
236 | This role has one dependency for Apache usage: geerlingguy.apache. Via the variable zabbix_websrv != 'apache' this can be skipped.
237 |
238 | As it is also possible to run the zabbix-web on a different host than the zabbix-server, the zabbix-server is not configured to be an dependency.
239 |
240 | # Example Playbook
241 |
242 | There are two ways of using the zabbix-web:
243 |
244 | * Single instance
245 | * Multi host setup
246 |
247 | ## Single instance
248 |
249 | When there is one host running both Zabbix Server and the Zabbix Web (Running MySQL as database):
250 |
251 | ```
252 | - hosts: zabbix-server
253 | become: yes
254 | roles:
255 | - { role: geerlingguy.apache }
256 | - { role: dj-wasabi.zabbix-server, zabbix_server_database: mysql, zabbix_server_database_long: mysql, zabbix_server_dbport: 3306 }
257 | - { role: dj-wasabi.zabbix-web, zabbix_url: zabbix.dj-wasabi.nl, zabbix_server_database: mysql, zabbix_server_database_long: mysql, zabbix_server_dbport: 3306}
258 | ```
259 |
260 | ## Multi host setup
261 |
262 | This is a two host setup. On one host (Named: "zabbix-server") the Zabbix Server is running, and the other host (Named: zabbix-web) runs Zabbix Web (with MySQL as database):
263 |
264 | ```
265 | - hosts: zabbix-server
266 | become: yes
267 | roles:
268 | - { role: dj-wasabi.zabbix-server, zabbix_server_database: mysql, zabbix_server_database_long: mysql, zabbix_server_dbport: 3306 }
269 |
270 | - hosts: zabbix-web
271 | become: yes
272 | roles:
273 | - { role: geerlingguy.apache }
274 | - { role: dj-wasabi.zabbix-web, zabbix_server_hostname: zabbix-server, zabbix_url: zabbix.dj-wasabi.nl, zabbix_server_database: mysql, zabbix_server_database_long: mysql, zabbix_server_dbport: 3306 }
275 | ```
276 |
277 | ## Adding Environment Variables for zabbix_web
278 |
279 | Sometimes you need to add environment variables to your
280 | zabbix.conf.php, for example to add LDAP CA certificates. To do this add a `zabbix_web_env` dictionary:
281 |
282 | ```
283 | - { role: dj-wasabi.zabbix-web, zabbix_url: zabbix.dj-wasabi.nl, zabbix_server_database: mysql, zabbix_server_database_long: mysql, zabbix_server_dbport: 3306, zabbix_web_env: {LDAPTLS_CACERT: /etc/ssl/certs/ourcert.pem}
284 | ```
285 |
286 | ## Using Elasticsearch for history storage
287 |
288 | To use Elasticsearch for history storage you need to configure the `zabbix_server_history_url` and `zabbix_server_history_types`. You will also need to configure Elasticsearch
289 | in the zabbix-server (https://galaxy.ansible.com/dj-wasabi/zabbix-server/) role.
290 |
291 | Zabbix can store the following history types
292 | in Elasticsearch:
293 | * Numeric (unsigned) - `uint`
294 | * Numeric (float) - `dbl`
295 | * Character - `str`
296 | * Log - `log`
297 | * Text - `text`
298 |
299 | To store all history types in the same history URL the following variables should be set (make sure history url points to your Elasticsearch cluster):
300 |
301 | ```
302 | zabbix_server_history_url: "http://localhost:9200"
303 | zabbix_server_history_types:
304 | - 'str'
305 | - 'text'
306 | - 'log'
307 | - 'uint'
308 | - 'dbl'
309 | ```
310 |
311 | # Molecule
312 |
313 | This role is configured to be tested with Molecule. Molecule will boot at least 3 different kinds of containers, one for each supported Operating System (Debian, Ubuntu and RedHat).
314 | Pull Requests are only merged when the tests are successful.
315 |
316 | For more information, please check the following page: https://www.werner-dijkerman.nl/2016/07/10/testing-ansible-roles-with-molecule-testinfra-and-docker
317 |
318 | # License
319 |
320 | MIT
321 |
322 | # Author Information
323 |
324 | Github: https://github.com/dj-wasabi/ansible-zabbix-web
325 |
326 | mail: ikben [ at ] werner-dijkerman . nl
327 |
--------------------------------------------------------------------------------