diff --git a/roles/docker/tasks/Rocky.yml b/roles/docker/tasks/Rocky.yml new file mode 100644 index 0000000..b2c26a6 --- /dev/null +++ b/roles/docker/tasks/Rocky.yml @@ -0,0 +1,130 @@ +- name: Setup docker + become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" + block: + - name: Facts + ansible.builtin.setup: + + - name: Remove old Docker packages + ansible.builtin.dnf: + name: + - docker + - docker-client + - docker-client-latest + - docker-common + - docker-latest + - docker-latest-logrotate + - docker-logrotate + - docker-engine + state: absent + + - name: Install required packages + ansible.builtin.dnf: + name: + - dnf-plugins-core + - ca-certificates + - curl + - gnupg2 + state: present + + - name: Add Docker repository + ansible.builtin.get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + mode: '0644' + + - name: Install Docker Engine + ansible.builtin.dnf: + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + state: latest + + - name: Add users to docker group + ansible.builtin.user: + name: "{{ item }}" + groups: docker + append: true + loop: "{{ docker_users }}" + when: docker_users | length > 0 + + - name: Create a directory docker.service.d + ansible.builtin.file: + path: /etc/systemd/system/docker.service.d/ + state: directory + mode: '0755' + + - name: Create a directory for certs + ansible.builtin.file: + path: /etc/docker/certs + state: directory + mode: '0700' + owner: root + group: root + + - name: Creating a file with content + ansible.builtin.copy: + dest: "/etc/systemd/system/docker.service.d/override.conf" + content: | + [Service] + ExecStart= + ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 + mode: '0600' + owner: root + group: root + notify: restart_docker + when: mode == "cert" + + - name: Just force systemd to reread configs + ansible.builtin.systemd: + daemon_reload: true + + - name: Check if file exists + ansible.builtin.stat: + path: /etc/docker/certs/ca.pem + register: file_check + + - name: Print file check result + ansible.builtin.debug: + var: file_check + + - name: Include role only if missing + ansible.builtin.include_role: + name: cert_gen + when: not file_check.stat.exists and mode == "cert" + + + - name: Create docker config file + ansible.builtin.copy: + dest: /etc/docker/daemon.json + content: | + { + "log-driver": "json-file", + "log-opts": { + "max-size": "10m", + "max-file": "3" + }, + "data-root": "/var/lib/docker", + "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"], + "dns-search": ["lan", "home.lan"] + + } + mode: '0644' + owner: root + group: root + + + - name: Restart docker service + ansible.builtin.service: + name: docker + state: restarted + + # - name: Get keys for raspotify + # ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions + - name: Install a plugin + community.docker.docker_plugin: + plugin_name: grafana/loki-docker-driver + alias: loki + state: enable \ No newline at end of file diff --git a/roles/zabbix_proxy/tasks/Debian.yml b/roles/zabbix_proxy/tasks/Debian.yml new file mode 100644 index 0000000..3896d8f --- /dev/null +++ b/roles/zabbix_proxy/tasks/Debian.yml @@ -0,0 +1,234 @@ +- name: Install Zabbix Proxy on Debian 13 + vars: + zabbix_version: "7.4" + zabbix_server_ip: "192.168.77.101" + zabbix_proxy_name: "{{ inventory_hostname }}" + zabbix_db_file: "/var/lib/zabbix/zabbix_proxy.db" + zabbix_db_type: "sqlite" # sqlite | mysql | postgres + zabbix_api_url: "https://zabbix.sectorq.eu/api_jsonrpc.php" + become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}" + block: + # ========================================================== + # Install repository + # ========================================================== + - name: Gather facts + ansible.builtin.setup: + + - name: Show default IP + ansible.builtin.debug: + msg: "{{ ansible_default_ipv4.address }}" + - name: Install base packages + apt: + name: + - wget + - gnupg + - apt-transport-https + update_cache: yes + state: present + + - name: Create apt proxy file + ansible.builtin.copy: + dest: /etc/apt/apt.conf.d/02proxy + content: | + Acquire::http::Proxy "http://192.168.77.101:3142"; + Acquire::https::Proxy "false"; + + + - name: Download Zabbix repo package + get_url: + url: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_{{ zabbix_version }}-1%2Bdebian13_all.deb" + dest: /tmp/zabbix-release.deb + + - name: Install Zabbix repository + apt: + deb: /tmp/zabbix-release.deb + + - name: Update apt cache + apt: + update_cache: yes + + # ========================================================== + # Install proxy based on DB type + # ========================================================== + + - name: Install SQLite proxy + apt: + name: + - zabbix-proxy-sqlite3 + - sqlite3 + state: present + when: zabbix_db_type == "sqlite" + + - name: Install MySQL proxy + apt: + name: + - zabbix-proxy-mysql + - default-mysql-client + state: present + when: zabbix_db_type == "mysql" + + - name: Install PostgreSQL proxy + apt: + name: + - zabbix-proxy-pgsql + - postgresql-client + state: present + when: zabbix_db_type == "postgres" + + - name: Install Zabbix agent + apt: + name: zabbix-agent2 + state: present + + # ========================================================== + # SQLite setup + # ========================================================== + + - name: Ensure Zabbix directory ownership (SQLite) + file: + path: /var/lib/zabbix + owner: zabbix + group: zabbix + recurse: yes + when: zabbix_db_type == "sqlite" + + + # ========================================================== + # MySQL setup + # ========================================================== + + - name: Import MySQL schema + shell: | + zcat /usr/share/zabbix/mysql/proxy.sql.gz | \ + mysql -h {{ zabbix_db_host }} \ + -u {{ zabbix_db_user }} \ + -p{{ zabbix_db_password }} \ + {{ zabbix_db_name }} + when: zabbix_db_type == "mysql" + + # ========================================================== + # PostgreSQL setup + # ========================================================== + + - name: Import PostgreSQL schema + shell: | + zcat /usr/share/zabbix/postgresql/proxy.sql.gz | \ + PGPASSWORD={{ zabbix_db_password }} psql \ + -h {{ zabbix_db_host }} \ + -U {{ zabbix_db_user }} \ + {{ zabbix_db_name }} + become_user: postgres + when: zabbix_db_type == "postgres" + + - name: Configure Zabbix agent + lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: >- + {{ [ + {'key': 'Server', 'value': '127.0.0.1'}, + {'key': 'ServerActive', 'value': 'debian13-vm01.home.lan;debian13-vm02.home.lan;debian13-vm03.home.lan;debian13-vm04.home.lan;debian13-vm05.home.lan'}, + {'key': 'Hostname', 'value': zabbix_proxy_name}, + {'key': 'HostMetadata', 'value': 'linux,jaydee'}, + ] + }} + + # ========================================================== + # Configure proxy + # ========================================================== + + - name: Configure Zabbix proxy + lineinfile: + path: /etc/zabbix/zabbix_proxy.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: >- + {{ + [ + {'key': 'Server', 'value': zabbix_server_ip}, + {'key': 'Hostname', 'value': zabbix_proxy_name}, + {'key': 'ProxyMode', 'value': '0'} + ] + + + ( + (zabbix_db_type == "sqlite") + | ternary( + [ + {'key': 'DBName', 'value': zabbix_db_file} + ], + [ + {'key': 'DBName', 'value': zabbix_db_name}, + {'key': 'DBUser', 'value': zabbix_db_user}, + {'key': 'DBPassword', 'value': zabbix_db_password}, + {'key': 'DBHost', 'value': zabbix_db_host} + ] + ) + ) + }} + + + # ========================================================== + # Start service + # ========================================================== + + - name: Restart Zabbix proxy + systemd: + name: zabbix-proxy + state: restarted + enabled: yes + + - name: Restart Zabbix agent + systemd: + name: zabbix-agent2 + state: restarted + enabled: yes + + - name: Check if proxy exists + uri: + url: "{{ zabbix_api_url }}" + method: POST + body_format: json + body: + jsonrpc: "2.0" + method: "proxy.get" + params: + filter: + name: "{{ zabbix_proxy_name }}" + id: 2 + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ zabbix_auth_token }}" + register: proxy_check + - name: Print proxy_check + debug: + msg: "{{ proxy_check }}" + - name: Print ansible_default_ipv4.address + debug: + msg: "{{ ansible_default_ipv4.address }}" + + - name: Create proxy if not exists + uri: + url: "{{ zabbix_api_url }}" + method: POST + body_format: json + body: + jsonrpc: "2.0" + method: "proxy.create" + params: + name: "{{ zabbix_proxy_name }}" + proxy_groupid: 1 + operating_mode: 0 + local_address: "{{ ansible_default_ipv4.address }}" + port: "10051" + id: 3 + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ zabbix_auth_token }}" + when: proxy_check.json.result | length == 0 + register: proxy_check2 + + + - name: Print proxy_check + debug: + msg: "{{ proxy_check2 }}" \ No newline at end of file diff --git a/roles/zabbix_proxy/tasks/Rocky.yml b/roles/zabbix_proxy/tasks/Rocky.yml new file mode 100644 index 0000000..bdfda1d --- /dev/null +++ b/roles/zabbix_proxy/tasks/Rocky.yml @@ -0,0 +1,233 @@ +- name: Install Zabbix Proxy on Debian 13 + vars: + zabbix_version: "7.4" + zabbix_server_ip: "192.168.77.101" + zabbix_proxy_name: "{{ inventory_hostname }}" + zabbix_db_file: "/var/lib/zabbix/zabbix_proxy.db" + zabbix_db_type: "sqlite" # sqlite | mysql | postgres + zabbix_api_url: "https://zabbix.sectorq.eu/api_jsonrpc.php" + become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}" + block: + # ========================================================== + # Install repository + # ========================================================== + - name: Gather facts + ansible.builtin.setup: + + - name: Show default IP + ansible.builtin.debug: + msg: "{{ ansible_default_ipv4.address }}" + - name: Install base packages + ansible.builtin.dnf: + name: + - wget + - gnupg + - apt-transport-https + state: present + + # - name: Create apt proxy file + # ansible.builtin.copy: + # dest: /etc/apt/apt.conf.d/02proxy + # content: | + # Acquire::http::Proxy "http://192.168.77.101:3142"; + # Acquire::https::Proxy "false"; + + + - name: Download Zabbix repo package + get_url: + url: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/rocky/9/noarch/zabbix-release-latest-{{ zabbix_version }}.el9.noarch.rpm" + dest: /tmp/zabbix-release.deb + + - name: Install Zabbix repository + ansible.builtin.dnf: + name: /tmp/zabbix-release.deb + state: present + - name: Update dnf cache + ansible.builtin.dnf: + update_cache: yes + + # ========================================================== + # Install proxy based on DB type + # ========================================================== + + - name: Install SQLite proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-sqlite3 + - sqlite3 + state: present + when: zabbix_db_type == "sqlite" + + - name: Install MySQL proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-mysql + - default-mysql-client + state: present + when: zabbix_db_type == "mysql" + + - name: Install PostgreSQL proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-pgsql + - postgresql-client + state: present + when: zabbix_db_type == "postgres" + + - name: Install Zabbix agent + ansible.builtin.dnf: + name: zabbix-agent2 + state: present + + # ========================================================== + # SQLite setup + # ========================================================== + + - name: Ensure Zabbix directory ownership (SQLite) + file: + path: /var/lib/zabbix + owner: zabbix + group: zabbix + recurse: yes + when: zabbix_db_type == "sqlite" + + + # ========================================================== + # MySQL setup + # ========================================================== + + - name: Import MySQL schema + shell: | + zcat /usr/share/zabbix/mysql/proxy.sql.gz | \ + mysql -h {{ zabbix_db_host }} \ + -u {{ zabbix_db_user }} \ + -p{{ zabbix_db_password }} \ + {{ zabbix_db_name }} + when: zabbix_db_type == "mysql" + + # ========================================================== + # PostgreSQL setup + # ========================================================== + + - name: Import PostgreSQL schema + shell: | + zcat /usr/share/zabbix/postgresql/proxy.sql.gz | \ + PGPASSWORD={{ zabbix_db_password }} psql \ + -h {{ zabbix_db_host }} \ + -U {{ zabbix_db_user }} \ + {{ zabbix_db_name }} + become_user: postgres + when: zabbix_db_type == "postgres" + + - name: Configure Zabbix agent + lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: >- + {{ [ + {'key': 'Server', 'value': '127.0.0.1'}, + {'key': 'ServerActive', 'value': 'debian13-vm01.home.lan;debian13-vm02.home.lan;debian13-vm03.home.lan;debian13-vm04.home.lan;debian13-vm05.home.lan'}, + {'key': 'Hostname', 'value': zabbix_proxy_name}, + {'key': 'HostMetadata', 'value': 'linux,jaydee'}, + ] + }} + + # ========================================================== + # Configure proxy + # ========================================================== + + - name: Configure Zabbix proxy + lineinfile: + path: /etc/zabbix/zabbix_proxy.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: >- + {{ + [ + {'key': 'Server', 'value': zabbix_server_ip}, + {'key': 'Hostname', 'value': zabbix_proxy_name}, + {'key': 'ProxyMode', 'value': '0'} + ] + + + ( + (zabbix_db_type == "sqlite") + | ternary( + [ + {'key': 'DBName', 'value': zabbix_db_file} + ], + [ + {'key': 'DBName', 'value': zabbix_db_name}, + {'key': 'DBUser', 'value': zabbix_db_user}, + {'key': 'DBPassword', 'value': zabbix_db_password}, + {'key': 'DBHost', 'value': zabbix_db_host} + ] + ) + ) + }} + + + # ========================================================== + # Start service + # ========================================================== + + - name: Restart Zabbix proxy + systemd: + name: zabbix-proxy + state: restarted + enabled: yes + + - name: Restart Zabbix agent + systemd: + name: zabbix-agent2 + state: restarted + enabled: yes + + - name: Check if proxy exists + uri: + url: "{{ zabbix_api_url }}" + method: POST + body_format: json + body: + jsonrpc: "2.0" + method: "proxy.get" + params: + filter: + name: "{{ zabbix_proxy_name }}" + id: 2 + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ zabbix_auth_token }}" + register: proxy_check + - name: Print proxy_check + debug: + msg: "{{ proxy_check }}" + - name: Print ansible_default_ipv4.address + debug: + msg: "{{ ansible_default_ipv4.address }}" + + - name: Create proxy if not exists + uri: + url: "{{ zabbix_api_url }}" + method: POST + body_format: json + body: + jsonrpc: "2.0" + method: "proxy.create" + params: + name: "{{ zabbix_proxy_name }}" + proxy_groupid: 1 + operating_mode: 0 + local_address: "{{ ansible_default_ipv4.address }}" + port: "10051" + id: 3 + headers: + Content-Type: "application/json" + Authorization: "Bearer {{ zabbix_auth_token }}" + when: proxy_check.json.result | length == 0 + register: proxy_check2 + + + - name: Print proxy_check + debug: + msg: "{{ proxy_check2 }}" \ No newline at end of file