diff --git a/roles/zabbix_proxy/tasks/AlmaLinux.yml b/roles/zabbix_proxy/tasks/AlmaLinux.yml new file mode 100644 index 0000000..170ced9 --- /dev/null +++ b/roles/zabbix_proxy/tasks/AlmaLinux.yml @@ -0,0 +1,233 @@ +- name: Install Zabbix Proxy on Debian 13 + vars: + zabbix_version: "7.4" + zabbix_server_ip: "192.168.77.101" + zabbix_db_file: "/var/lib/zabbix/zabbix_proxy.db" + zabbix_db_type: "sqlite" # sqlite | mysql | postgres + zabbix_api_url: "https://zabbix.sectorq.eu/api_jsonrpc.php" + zabbix_var_lib_path: "/var/lib/zabbix" + zabbix_config_path: "/etc/zabbix" + zabbix_log_path: "/var/log/zabbix" + become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}" + block: + # ========================================================== + # Install repository + # ========================================================== + - name: Gather facts + ansible.builtin.setup: + + - name: Set proxy group name + set_fact: + clustename: "rocky9" + + - name: Set proxy name + set_fact: + clustename: "rocky9" + + - name: Show default IP + ansible.builtin.debug: + msg: "{{ ansible_default_ipv4.address }}" + - name: Install base packages + ansible.builtin.dnf: + name: + - wget + - gnupg + state: present + + # - name: Create apt proxy file + # ansible.builtin.copy: + # dest: /etc/apt/apt.conf.d/02proxy + # content: | + # Acquire::http::Proxy "http://192.168.77.101:3142"; + # Acquire::https::Proxy "false"; + + # ========================================================== + # Import Zabbix GPG key + # ========================================================== + + # - name: Import Zabbix 7.4 GPG key + # ansible.builtin.rpm_key: + # state: present + # key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD + + + + # ========================================================== + # Install Zabbix repository + # ========================================================== + + - name: Install Zabbix repository + ansible.builtin.dnf: + name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/91.noarch/zabbix-release-latest-{{ zabbix_version }}.el10.noarch.rpm" + state: present + disable_gpg_check: true + # ========================================================== + # Install proxy based on DB type + # ========================================================== + + - name: Install SQLite proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-sqlite3 + - sqlite + - sqlite-devel + - zabbix-selinux-policy + state: present + when: zabbix_db_type == "sqlite" + + - name: Install MySQL proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-mysql + - zabbix-selinux-policy + - default-mysql-client + state: present + when: zabbix_db_type == "mysql" + + - name: Install PostgreSQL proxy + ansible.builtin.dnf: + name: + - zabbix-proxy-pgsql + - postgresql-client + - zabbix-selinux-policy + state: present + when: zabbix_db_type == "postgres" + + - name: Install Zabbix agent + ansible.builtin.dnf: + name: zabbix-agent2 + state: present + + # ========================================================== + # SQLite setup + # ========================================================== + + - name: Ensure Zabbix directory ownership (SQLite) + file: + path: /var/lib/zabbix + owner: zabbix + group: zabbix + recurse: yes + when: zabbix_db_type == "sqlite" + + + # ========================================================== + # MySQL setup + # ========================================================== + + - name: Import MySQL schema + shell: | + zcat /usr/share/zabbix/mysql/proxy.sql.gz | \ + mysql -h {{ zabbix_db_host }} \ + -u {{ zabbix_db_user }} \ + -p{{ zabbix_db_password }} \ + {{ zabbix_db_name }} + when: zabbix_db_type == "mysql" + + # ========================================================== + # PostgreSQL setup + # ========================================================== + + - name: Import PostgreSQL schema + shell: | + zcat /usr/share/zabbix/postgresql/proxy.sql.gz | \ + PGPASSWORD={{ zabbix_db_password }} psql \ + -h {{ zabbix_db_host }} \ + -U {{ zabbix_db_user }} \ + {{ zabbix_db_name }} + become_user: postgres + when: zabbix_db_type == "postgres" + + - name: Configure Zabbix agent + lineinfile: + path: /etc/zabbix/zabbix_agent2.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: + - { key: "Server", value: "127.0.0.1" } + - { key: "ServerActive", value: "{{ clustename }}-vm01.home.lan;{{ clustename }}-vm02.home.lan;{{ clustename }}-vm03.home.lan;{{ clustename }}-vm04.home.lan;{{ clustename }}-vm05.home.lan" } + - { key: "Hostname", value: "{{ inventory_hostname }}" } + - { key: "HostMetadata", value: "linux,jaydee,auto_proxy" } + - { key: "SourceIP", value: "{{ ansible_default_ipv4.address }}" } + + + # ========================================================== + # Configure proxy + # ========================================================== + + - name: Configure Zabbix proxy + lineinfile: + path: /etc/zabbix/zabbix_proxy.conf + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + loop: >- + {{ + [ + {'key': 'Server', 'value': zabbix_server_ip}, + {'key': 'Hostname', 'value': inventory_hostname }, + {'key': 'ProxyMode', 'value': '0'} + ] + + + ( + (zabbix_db_type == "sqlite") + | ternary( + [ + {'key': 'DBName', 'value': zabbix_db_file} + ], + [ + {'key': 'DBName', 'value': zabbix_db_name}, + {'key': 'DBUser', 'value': zabbix_db_user}, + {'key': 'DBPassword', 'value': zabbix_db_password}, + {'key': 'DBHost', 'value': zabbix_db_host} + ] + ) + ) + }} + + + # ========================================================== + # Start service + # ========================================================== + - name: Check SELinux status + command: getenforce + register: selinux_status + changed_when: false + + - name: Display SELinux status + debug: + msg: "SELinux is {{ selinux_status.stdout }}" + + - name: Add SELinux file context for Zabbix var_lib + sefcontext: + target: "{{ zabbix_var_lib_path }}(/.*)?" + setype: zabbix_var_lib_t + state: present + when: ansible_selinux.status == "enabled" + + - name: Add SELinux file context for Zabbix logs + sefcontext: + target: "{{ zabbix_log_path }}(/.*)?" + setype: zabbix_log_t + state: present + when: ansible_selinux.status == "enabled" + + - name: Restore SELinux contexts for Zabbix directories + command: restorecon -R {{ item }} + loop: + - "{{ zabbix_var_lib_path }}" + when: ansible_selinux.status == "enabled" + + - name: Restart Zabbix proxy + systemd: + name: zabbix-proxy + state: restarted + enabled: yes + + - name: Restart Zabbix agent + systemd: + name: zabbix-agent2 + state: restarted + enabled: yes + + - name: Create hosts / proxies in zabbix + ansible.builtin.include_tasks: "configure.yml"