Update to 2022-04-06 11:00

2025-07-26 15:55:56 +02:00 · 2022-04-06 11:00:07 +02:00
parent f588ca82ba
commit 57d48dafc7
8 changed files with 66 additions and 57 deletions
--- a/roles/zabbix_proxy/tasks/install.yml
+++ b/roles/zabbix_proxy/tasks/install.yml
@@ -11,6 +11,7 @@
   name:
      - zabbix-proxy-sqlite3
      - zabbix-get
+      - zabbix-java-gateway
      - perl-JSON
      - perl-IO-Socket-SSL
      - perl-libwww-perl
--- a/roles/zabbix_proxy/tasks/iptables.yml
+++ b/roles/zabbix_proxy/tasks/iptables.yml
@@ -3,5 +3,5 @@
  iptables_raw:
    name: zabbix_proxy_port
    state: "{{ (zabbix_proxy_src_ip | length > 0) | ternary('present','absent') }}"
-    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port | default('10051') }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT"
  tags: zabbix
--- a/roles/zabbix_proxy/tasks/main.yml
+++ b/roles/zabbix_proxy/tasks/main.yml
@@ -2,19 +2,26 @@

 - include_tasks: install.yml
  tags: always
+
 - include_tasks: directories.yml
  tags: always
+
 - include_tasks: upgrade.yml
  tags: always
+
 - include_tasks: psk.yml
  tags: always
+
 - include_tasks: selinux.yml
  when: ansible_selinux.status == 'enabled'
  tags: always
+
 - include_tasks: conf.yml
  tags: always
+
 - include_tasks: iptables.yml
  when: iptables_manage | default(True)
+
 - include_tasks: service.yml
  tags: always

--- a/roles/zabbix_proxy/tasks/psk.yml
+++ b/roles/zabbix_proxy/tasks/psk.yml
@@ -1,19 +1,11 @@
 ---
- name: Check if a TLS PSK key exists
-  stat: path=/etc/zabbix/zabbix_proxy.psk
-  register: zbx_proxy_psk
-  tags: zabbix

 - name: Generate random PSK key for TLS encryption
  shell: "openssl rand -hex 32 > /etc/zabbix/zabbix_proxy.psk"
-  when:
-    - not zbx_proxy_psk.stat.exists
-    - zabbix_proxy_encryption | default('none') == "psk"
+  args:
+    creates: /etc/zabbix/zabbix_proxy.psk
  tags: zabbix

 - name: Restrict permission on PSK file
  file: path=/etc/zabbix/zabbix_proxy.psk owner=root group=zabbix mode=0640
-  when:
-    - not zbx_proxy_psk.stat.exists
-    - zabbix_proxy_encryption | default('none') == "psk"
  tags: zabbix
--- a/roles/zabbix_proxy/tasks/service.yml
+++ b/roles/zabbix_proxy/tasks/service.yml
@@ -39,3 +39,10 @@
  service: name=zabbix-proxy state=started enabled=True
  register: zabbix_proxy_started
  tags: zabbix
+
+- name: Handle Zabbix Java Gateway daemon
+  service:
+    name: zabbix-java-gateway
+    state: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary('started','stopped') }}"
+    enabled: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary(True,False) }}"
+  tags: zabbix
--- a/roles/zabbix_proxy/tasks/upgrade.yml
+++ b/roles/zabbix_proxy/tasks/upgrade.yml
@@ -1,11 +1,10 @@
 ---

- name: Stop the service
-  service: name=zabbix-proxy state=stopped
-  when: zabbix_proxy_rpm.changed
-  tags: zabbix
+- when: zabbix_proxy_rpm.changed
+  block:
+    - name: Stop the service
+      service: name=zabbix-proxy state=stopped

- name: Drop the SQLite database (no schema upgrade for SQLite)
-  file: path=/var/lib/zabbix/db/proxy.sqlite state=absent
-  when: zabbix_proxy_rpm.changed
+    - name: Drop the SQLite database (no schema upgrade for SQLite)
+      file: path=/var/lib/zabbix/db/proxy.sqlite state=absent
  tags: zabbix