Update to 2022-04-06 11:00

2025-10-31 02:41:36 +01:00 · 2022-04-06 11:00:07 +02:00
parent f588ca82ba
commit 57d48dafc7
8 changed files with 66 additions and 57 deletions
--- a/roles/zabbix_proxy/defaults/main.yml
+++ b/roles/zabbix_proxy/defaults/main.yml
@@ -1,18 +1,44 @@
 ---
-# zabbix_proxy_encryption: none
-# zabbix_proxy_port: 10051
+zabbix_proxy_port: 10051
 zabbix_proxy_src_ip:
  - 0.0.0.0/0
-zabbix_proxy_server: zabbix.firewall-services.com
-# zabbix_proxy_pollers: 5
-# zabbix_proxy_ipmi_pollers: 1
-# zabbix_proxy_unreachable_pollers: 2
-# zabbix_proxy_trappers: 5
-# zabbix_proxy_pingers: 4
-# zabbix_proxy_discoverers: 1
-# zabbix_proxy_http_pollers: 1
-# zabbix_proxy_timeout: 15
-zabbix_proxy_cache_size: 32M
+zabbix_proxy_server: zabbix.example.org
+zabbix_proxy_java_gateway_port: 10052
+
+zabbix_proxy_base_conf:
+  Server: "{{ zabbix_proxy_server }}"
+  Hostname: "{{ inventory_hostname }}"
+  LogType: system
+  ListenPort: "{{ zabbix_proxy_port }}"
+  PidFile: /run/zabbix/zabbix_proxy.pid
+  DBName: /var/lib/zabbix/db/proxy.sqlite
+  ProxyOfflineBuffer: 72
+  SocketDir: /run/zabbix
+  ConfigFrequency: 600
+  DataSenderFrequency: 30
+  CacheSize: 32M
+  StartPollers: 5
+  StartIPMIPollers: 1
+  StartPollersUnreachable: 2
+  StartTrappers: 5
+  StartPingers: 4
+  StartDiscoverers: 1
+  StartHTTPPollers: 1
+  Timeout: 30
+  ExternalScripts: /var/lib/zabbix/bin/
+  TmpDir: /var/lib/zabbix/tmp
+  LoadModulePath: /usr/lib64/zabbix/modules
+  JavaGateway: 127.0.0.1
+  JavaGatewayPort: "{{ zabbix_proxy_java_gateway_port }}"
+  StartJavaPollers: 0
+  TLSPSKFile: /etc/zabbix/zabbix_proxy.psk
+  TLSPSKIdentity: "{{ inventory_hostname }}-proxy"
+  TLSConnect: psk
+  TLSAccept: psk
+
+zabbix_proxy_extra_conf: {}
+zabbix_proxy_conf: "{{ zabbix_proxy_base_conf | combine(zabbix_proxy_extra_conf, recursive=True) }}"
+

 # If update is set to False, the role will only ensure packages are installed
 # If set to True, it will update components to their latest version
--- a/roles/zabbix_proxy/tasks/install.yml
+++ b/roles/zabbix_proxy/tasks/install.yml
@@ -11,6 +11,7 @@
   name:
      - zabbix-proxy-sqlite3
      - zabbix-get
+      - zabbix-java-gateway
      - perl-JSON
      - perl-IO-Socket-SSL
      - perl-libwww-perl
--- a/roles/zabbix_proxy/tasks/iptables.yml
+++ b/roles/zabbix_proxy/tasks/iptables.yml
@@ -3,5 +3,5 @@
  iptables_raw:
    name: zabbix_proxy_port
    state: "{{ (zabbix_proxy_src_ip | length > 0) | ternary('present','absent') }}"
-    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port | default('10051') }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT"
  tags: zabbix
--- a/roles/zabbix_proxy/tasks/main.yml
+++ b/roles/zabbix_proxy/tasks/main.yml
@@ -2,19 +2,26 @@

 - include_tasks: install.yml
  tags: always
+
 - include_tasks: directories.yml
  tags: always
+
 - include_tasks: upgrade.yml
  tags: always
+
 - include_tasks: psk.yml
  tags: always
+
 - include_tasks: selinux.yml
  when: ansible_selinux.status == 'enabled'
  tags: always
+
 - include_tasks: conf.yml
  tags: always
+
 - include_tasks: iptables.yml
  when: iptables_manage | default(True)
+
 - include_tasks: service.yml
  tags: always

--- a/roles/zabbix_proxy/tasks/psk.yml
+++ b/roles/zabbix_proxy/tasks/psk.yml
@@ -1,19 +1,11 @@
 ---
- name: Check if a TLS PSK key exists
-  stat: path=/etc/zabbix/zabbix_proxy.psk
-  register: zbx_proxy_psk
-  tags: zabbix

 - name: Generate random PSK key for TLS encryption
  shell: "openssl rand -hex 32 > /etc/zabbix/zabbix_proxy.psk"
-  when:
-    - not zbx_proxy_psk.stat.exists
-    - zabbix_proxy_encryption | default('none') == "psk"
+  args:
+    creates: /etc/zabbix/zabbix_proxy.psk
  tags: zabbix

 - name: Restrict permission on PSK file
  file: path=/etc/zabbix/zabbix_proxy.psk owner=root group=zabbix mode=0640
-  when:
-    - not zbx_proxy_psk.stat.exists
-    - zabbix_proxy_encryption | default('none') == "psk"
  tags: zabbix
--- a/roles/zabbix_proxy/tasks/service.yml
+++ b/roles/zabbix_proxy/tasks/service.yml
@@ -39,3 +39,10 @@
  service: name=zabbix-proxy state=started enabled=True
  register: zabbix_proxy_started
  tags: zabbix
+
+- name: Handle Zabbix Java Gateway daemon
+  service:
+    name: zabbix-java-gateway
+    state: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary('started','stopped') }}"
+    enabled: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary(True,False) }}"
+  tags: zabbix
--- a/roles/zabbix_proxy/tasks/upgrade.yml
+++ b/roles/zabbix_proxy/tasks/upgrade.yml
@@ -1,11 +1,10 @@
 ---

- name: Stop the service
-  service: name=zabbix-proxy state=stopped
-  when: zabbix_proxy_rpm.changed
-  tags: zabbix
+- when: zabbix_proxy_rpm.changed
+  block:
+    - name: Stop the service
+      service: name=zabbix-proxy state=stopped

- name: Drop the SQLite database (no schema upgrade for SQLite)
-  file: path=/var/lib/zabbix/db/proxy.sqlite state=absent
-  when: zabbix_proxy_rpm.changed
+    - name: Drop the SQLite database (no schema upgrade for SQLite)
+      file: path=/var/lib/zabbix/db/proxy.sqlite state=absent
  tags: zabbix
--- a/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
+++ b/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
@@ -1,29 +1,6 @@
-Server={{ zabbix_proxy_server }}
-Hostname={{ inventory_hostname }}
-LogType=system
-PidFile=/var/run/zabbix/zabbix_proxy.pid
-DBName=/var/lib/zabbix/db/proxy.sqlite
-ProxyOfflineBuffer=72
-SocketDir=/var/run/zabbix
-ConfigFrequency=600
-DataSenderFrequency=30
-CacheSize={{ zabbix_proxy_cache_size | default('32M') }}
-StartPollers={{ zabbix_proxy_pollers | default(5) }}
-StartIPMIPollers={{ zabbix_proxy_ipmi_pollers | default(1) }}
-StartPollersUnreachable={{ zabbix_proxy_unreachable_pollers | default(2) }}
-StartTrappers={{ zabbix_proxy_trappers | default(5) }}
-StartPingers={{ zabbix_proxy_pingers | default(4) }}
-StartDiscoverers={{ zabbix_proxy_discoverers | default(1) }}
-StartHTTPPollers={{ zabbix_proxy_http_pollers | default(1) }}
-Timeout={{ zabbix_proxy_timeout | default(30) }}
-ExternalScripts=/var/lib/zabbix/bin/
-TmpDir=/var/lib/zabbix/tmp
-{% if zabbix_proxy_encryption | default('none') == 'psk' %}
-TLSPSKFile=/etc/zabbix/zabbix_proxy.psk
-TLSPSKIdentity={{ inventory_hostname }}-proxy
-TLSConnect=psk
-TLSAccept=psk
-{% endif %}
-{% if ansible_all_ipv6_addresses | length < 1 %}
+{% for key in zabbix_proxy_conf.keys() | list %}
+{{ key }}={{zabbix_proxy_conf[key] }}
+{% endfor %}
+{% if ansible_all_ipv6_addresses | length < 1 and zabbix_proxy_conf['Fping6Location'] is not defined %}
 Fping6Location=
 {% endif %}