Update to 2021-12-01 19:13

roles/zabbix_server/tasks/conf.yml

@@ -0,0 +1,90 @@
+---
+
+- name: Deploy patrix configuration file
+  template: src=patrixrc.j2 dest=/var/lib/zabbix/.patrixrc owner=zabbix group=zabbix mode=600
+  when: (zabbix_server_matrix_user is defined and zabbix_server_matrix_pass is defined) or zabbix_server_matrix_access_token is defined
+  tags: zabbix
+
+- name: Deploy PHP configuration
+  template: src=php.conf.j2 dest=/etc/opt/remi/php{{ zabbix_server_php_version }}/php-fpm.d/zabbix_server.conf
+  when: zabbix_server_php_fpm_pool is not defined
+  notify: restart php-fpm
+  tags: zabbix
+
+- name: Remove PHP configuration from other versions
+  file: path=/etc/opt/remi/php{{ item }}/php-fpm.d/zabbix_server.conf state=absent
+  with_items: "{{ httpd_php_versions | difference([ zabbix_server_php_version ]) }}"
+  notify: restart php-fpm
+  tags: zabbix
+
+- name: Remove PHP configuration (using a custom pool)
+  file: path=/etc/opt/remi/php{{ zabbix_server_php_version }}/php-fpm.d/zabbix_server.conf state=absent
+  when: zabbix_server_php_fpm_pool is defined
+  notify: restart php-fpm
+  tags: zabbix
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ zabbix_server_db_name }}"
+    - db_user: "{{ zabbix_server_db_user }}"
+    - db_server: "{{ zabbix_server_db_server }}"
+    - db_pass: "{{ zabbix_server_db_pass }}"
+    - db_encoding: utf8
+    - db_collation: utf8_bin
+  tags: zabbix
+
+- name: Check if database is initialized
+  command: mysql -h'{{ zabbix_server_db_server }}' -u'{{ zabbix_server_db_user }}' -p'{{ zabbix_server_db_pass }}' '{{ zabbix_server_db_name }}' -e 'select mandatory,optional from dbversion'
+  register: zabbix_server_db_init
+  changed_when: False
+  failed_when: False
+  tags: zabbix
+
+- name: Check Zabbix version
+  shell: rpm -q --qf "%{version}" zabbix-server-mysql
+  args:
+    warn: False
+  register: zabbix_server_version
+  changed_when: False
+  tags: zabbix
+
+- when: zabbix_server_db_init.rc != 0
+  tags: zabbix
+  block:
+    - name: Uncompress Zabbix schema file
+      shell: gzip -dc /usr/share/doc/zabbix-server-mysql/create.sql.gz > /tmp/zabbix.sql
+
+    - name: Load DB schema
+      mysql_db:
+        name: "{{ zabbix_server_db_name }}"
+        state: import
+        target: /tmp/zabbix.sql
+        login_host: "{{ zabbix_server_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ mysql_admin_pass }}"
+
+    - name: Remove schema file
+      file: path=/tmp/zabbix.sql state=absent
+
+- name: Deploy zabbix server config
+  template: src=zabbix_server.conf.j2 dest=/etc/zabbix/zabbix_server.conf group=zabbix mode=640
+  notify: restart zabbix-server
+  tags: zabbix
+
+- name: Deploy java gateway configuration
+  template: src=zabbix_java_gateway.conf.j2 dest=/etc/zabbix/zabbix_java_gateway.conf
+  notify: restart zabbix-java-gateway
+  tags: zabbix
+
+- name: Deploy zabbix web config
+  template: src=zabbix.conf.php.j2 dest=/etc/zabbix/web/zabbix.conf.php group=apache mode=640
+  tags: zabbix
+
+- name: Deploy httpd config
+  template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/zabbix_server.conf
+  notify: reload httpd
+  tags: zabbix
+
+- name: Deploy server scripts
+  copy: src=scripts/ dest=/var/lib/zabbix/bin/ mode=755
+  tags: zabbix

roles/zabbix_server/tasks/directories.yml

@@ -0,0 +1,17 @@
+---
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(ompit) }}
+  with_items:
+    - dir: /var/lib/zabbix/.matrix_zabbix
+      owner: zabbix
+      group: zabbix
+      mode: 700
+    - dir: /var/lib/zabbix/sessions
+      owner: apache
+      group: apache
+      mode: 700
+  tags: zabbix
+
+  #- name: Ensure proper permission on the web config dir
+  #  file: path=/etc/zabbix/web/ state=directory mode=750 group={{ zabbix_server_php_user }}
+  #  tags: zabbix

roles/zabbix_server/tasks/facts.yml

@@ -0,0 +1,10 @@
+---
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: /etc/zabbix/ansible_db_pass
+  when: zabbix_server_db_pass is not defined
+  tags: zabbix
+- set_fact: zabbix_server_db_pass={{ rand_pass }}
+  when: zabbix_server_db_pass is not defined
+  tags: zabbix

roles/zabbix_server/tasks/install.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Install packages
+  yum:
+    name:
+      - zabbix-server-mysql
+      - zabbix-web
+      - zabbix-java-gateway
+      - zabbix-get
+      - mariadb
+      - fping
+      - patrix
+      - perl-JSON
+      - perl-IO-Socket-SSL
+      - perl-libwww-perl
+      - perl-URI
+      - perl-DateTime-Format-ISO8601
+      - perl-Getopt-Long
+      - perl-Pod-Usage
+  tags: zabbix
+
+- name: Install backup scripts
+  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/zabbix.sh mode=700
+  loop:
+    - pre
+    - post
+  tags: zabbix

roles/zabbix_server/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Handle Zabbix Server port
+  iptables_raw:
+    name: zabbix_server_port
+    state: "{{ (zabbix_server_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_server_port }} -s {{ zabbix_server_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: zabbix,firewall

roles/zabbix_server/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- include: facts.yml
+- include: install.yml
+- include: directories.yml
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+- include: conf.yml
+- include: iptables.yml
+- include: service.yml
+

roles/zabbix_server/tasks/selinux.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Copy SELinux policy
+  copy: src=zabbix_server.te dest=/etc/selinux/targeted/local/
+  register: zabbix_server_selinux_policy
+  tags: zabbix
+
+- name: Install needed packages
+  yum:
+    name: policycoreutils
+  tags: zabbix
+
+- name: Compile SELinux policy
+  shell: |
+    cd /etc/selinux/targeted/local/
+    checkmodule -M -m -o zabbix_server.mod zabbix_server.te
+    semodule_package -o zabbix_server.pp -m zabbix_server.mod
+  when: zabbix_server_selinux_policy.changed
+  tags: zabbix
+
+- name: Load policy for Zabbix Proxy
+  command: semodule -i /etc/selinux/targeted/local/zabbix_server.pp
+  when: zabbix_server_selinux_policy.changed
+  tags: zabbix
+
+- name: Set SELinux context
+  sefcontext:
+    target: '/var/lib/zabbix/sessions(/.*)?'
+    setype: httpd_var_lib_t
+    state: present
+  tags: zabbix
+
+- name: Restore SELinux context
+  command: restorecon -R /var/lib/zabbix/
+  changed_when: False
+  tags: zabbix
+
+- name: Allow network connections in SELinux
+  seboolean: name=zabbix_can_network state=True persistent=True
+  tags: zabbix

roles/zabbix_server/tasks/service.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Remove custom unit
+  file: path=/etc/systemd/system/zabbix-server.service state=absent
+  register: zabbix_server_custom_unit
+  notify: restart zabbix-server
+  tags: zabbix
+
+- name: Create unit snippet dir
+  file: path=/etc/systemd/system/zabbix-server.service.d state=directory
+  tags: zabbix
+
+- name: Customize systemd unit
+  copy:
+    content: |
+      [Service]
+      ExecReload=/usr/sbin/zabbix_server -R config_cache_reload
+      PrivateTmp=yes
+      PrivateDevices=yes
+      ProtectSystem=full
+      ProtectHome=yes
+      {% if not zabbix_server_uses_system_proxy %}
+      # Disable system proxy
+      {% for proto in ['http_proxy','https_proxy','HTTP_PROXY','HTTPS_PROXY'] %}
+      Environment={{ proto }}=
+      {% endfor %}
+      {% endif %}
+    dest: /etc/systemd/system/zabbix-server.service.d/99-ansible.conf
+  register: zabbix_server_snippet_unit
+  notify: restart zabbix-server
+  tags: zabbix
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: zabbix_server_custom_unit.changed or zabbix_server_snippet_unit.changed
+  tags: zabbix
+
+- name: Start and enable the service
+  service: name=zabbix-server state=started enabled=True
+  register: zabbix_server_started
+  tags: zabbix
+
+- name: Handle Zabbix Java Gateway daemon
+  service:
+    name: zabbix-java-gateway
+    state: "{{ (zabbix_server_conf['StartJavaPollers'] is defined and zabbix_server_conf['StartJavaPollers'] > 0) | ternary('started','stopped') }}"
+    enabled: "{{ (zabbix_server_conf['StartJavaPollers'] is defined and zabbix_server_conf['StartJavaPollers'] > 0) | ternary(True,False) }}"
+  tags: zabbix