jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-23 21:53:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-04-06 11:00

Browse Source
This commit is contained in:
Daniel Berteaud 2022-04-06 11:00:07 +02:00
parent f588ca82ba
commit 57d48dafc7
8 changed files with 66 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
roles/zabbix_proxy/defaults/main.yml
View File

@ -1,18 +1,44 @@
--- ---
# zabbix_proxy_encryption: none zabbix_proxy_port: 10051
# zabbix_proxy_port: 10051
zabbix_proxy_src_ip: zabbix_proxy_src_ip:
- 0.0.0.0/0 - 0.0.0.0/0
zabbix_proxy_server: zabbix.firewall-services.com zabbix_proxy_server: zabbix.example.org
# zabbix_proxy_pollers: 5 zabbix_proxy_java_gateway_port: 10052
# zabbix_proxy_ipmi_pollers: 1
# zabbix_proxy_unreachable_pollers: 2 zabbix_proxy_base_conf:
# zabbix_proxy_trappers: 5 Server: "{{ zabbix_proxy_server }}"
# zabbix_proxy_pingers: 4 Hostname: "{{ inventory_hostname }}"
# zabbix_proxy_discoverers: 1 LogType: system
# zabbix_proxy_http_pollers: 1 ListenPort: "{{ zabbix_proxy_port }}"
# zabbix_proxy_timeout: 15 PidFile: /run/zabbix/zabbix_proxy.pid
zabbix_proxy_cache_size: 32M DBName: /var/lib/zabbix/db/proxy.sqlite
ProxyOfflineBuffer: 72
SocketDir: /run/zabbix
ConfigFrequency: 600
DataSenderFrequency: 30
CacheSize: 32M
StartPollers: 5
StartIPMIPollers: 1
StartPollersUnreachable: 2
StartTrappers: 5
StartPingers: 4
StartDiscoverers: 1
StartHTTPPollers: 1
Timeout: 30
ExternalScripts: /var/lib/zabbix/bin/
TmpDir: /var/lib/zabbix/tmp
LoadModulePath: /usr/lib64/zabbix/modules
JavaGateway: 127.0.0.1
JavaGatewayPort: "{{ zabbix_proxy_java_gateway_port }}"
StartJavaPollers: 0
TLSPSKFile: /etc/zabbix/zabbix_proxy.psk
TLSPSKIdentity: "{{ inventory_hostname }}-proxy"
TLSConnect: psk
TLSAccept: psk
zabbix_proxy_extra_conf: {}
zabbix_proxy_conf: "{{ zabbix_proxy_base_conf | combine(zabbix_proxy_extra_conf, recursive=True) }}"
# If update is set to False, the role will only ensure packages are installed # If update is set to False, the role will only ensure packages are installed
# If set to True, it will update components to their latest version # If set to True, it will update components to their latest version

1
roles/zabbix_proxy/tasks/install.yml
View File

@ -11,6 +11,7 @@
name: name:
- zabbix-proxy-sqlite3 - zabbix-proxy-sqlite3
- zabbix-get - zabbix-get
- zabbix-java-gateway
- perl-JSON - perl-JSON
- perl-IO-Socket-SSL - perl-IO-Socket-SSL
- perl-libwww-perl - perl-libwww-perl

2
roles/zabbix_proxy/tasks/iptables.yml
View File

@ -3,5 +3,5 @@
iptables_raw: iptables_raw:
name: zabbix_proxy_port name: zabbix_proxy_port
state: "{{ (zabbix_proxy_src_ip | length > 0) | ternary('present','absent') }}" state: "{{ (zabbix_proxy_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port | default('10051') }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT" rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_proxy_port }} -s {{ zabbix_proxy_src_ip | join(',') }} -j ACCEPT"
tags: zabbix tags: zabbix

7
roles/zabbix_proxy/tasks/main.yml
View File

@ -2,19 +2,26 @@
- include_tasks: install.yml - include_tasks: install.yml
tags: always tags: always
- include_tasks: directories.yml - include_tasks: directories.yml
tags: always tags: always
- include_tasks: upgrade.yml - include_tasks: upgrade.yml
tags: always tags: always
- include_tasks: psk.yml - include_tasks: psk.yml
tags: always tags: always
- include_tasks: selinux.yml - include_tasks: selinux.yml
when: ansible_selinux.status == 'enabled' when: ansible_selinux.status == 'enabled'
tags: always tags: always
- include_tasks: conf.yml - include_tasks: conf.yml
tags: always tags: always
- include_tasks: iptables.yml - include_tasks: iptables.yml
when: iptables_manage | default(True) when: iptables_manage | default(True)
- include_tasks: service.yml - include_tasks: service.yml
tags: always tags: always

12
roles/zabbix_proxy/tasks/psk.yml
View File

@ -1,19 +1,11 @@
--- ---
- name: Check if a TLS PSK key exists
stat: path=/etc/zabbix/zabbix_proxy.psk
register: zbx_proxy_psk
tags: zabbix
- name: Generate random PSK key for TLS encryption - name: Generate random PSK key for TLS encryption
shell: "openssl rand -hex 32 > /etc/zabbix/zabbix_proxy.psk" shell: "openssl rand -hex 32 > /etc/zabbix/zabbix_proxy.psk"
when: args:
- not zbx_proxy_psk.stat.exists creates: /etc/zabbix/zabbix_proxy.psk
- zabbix_proxy_encryption | default('none') == "psk"
tags: zabbix tags: zabbix
- name: Restrict permission on PSK file - name: Restrict permission on PSK file
file: path=/etc/zabbix/zabbix_proxy.psk owner=root group=zabbix mode=0640 file: path=/etc/zabbix/zabbix_proxy.psk owner=root group=zabbix mode=0640
when:
- not zbx_proxy_psk.stat.exists
- zabbix_proxy_encryption | default('none') == "psk"
tags: zabbix tags: zabbix

7
roles/zabbix_proxy/tasks/service.yml
View File

@ -39,3 +39,10 @@
service: name=zabbix-proxy state=started enabled=True service: name=zabbix-proxy state=started enabled=True
register: zabbix_proxy_started register: zabbix_proxy_started
tags: zabbix tags: zabbix
- name: Handle Zabbix Java Gateway daemon
service:
name: zabbix-java-gateway
state: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary('started','stopped') }}"
enabled: "{{ (zabbix_proxy_conf['StartJavaPollers'] is defined and zabbix_proxy_conf['StartJavaPollers'] > 0) | ternary(True,False) }}"
tags: zabbix

13
roles/zabbix_proxy/tasks/upgrade.yml
View File

@ -1,11 +1,10 @@
--- ---
- name: Stop the service - when: zabbix_proxy_rpm.changed
service: name=zabbix-proxy state=stopped block:
when: zabbix_proxy_rpm.changed - name: Stop the service
tags: zabbix service: name=zabbix-proxy state=stopped
- name: Drop the SQLite database (no schema upgrade for SQLite) - name: Drop the SQLite database (no schema upgrade for SQLite)
file: path=/var/lib/zabbix/db/proxy.sqlite state=absent file: path=/var/lib/zabbix/db/proxy.sqlite state=absent
when: zabbix_proxy_rpm.changed
tags: zabbix tags: zabbix

31
roles/zabbix_proxy/templates/zabbix_proxy.conf.j2
View File

@ -1,29 +1,6 @@
Server={{ zabbix_proxy_server }} {% for key in zabbix_proxy_conf.keys() | list %}
Hostname={{ inventory_hostname }} {{ key }}={{zabbix_proxy_conf[key] }}
LogType=system {% endfor %}
PidFile=/var/run/zabbix/zabbix_proxy.pid {% if ansible_all_ipv6_addresses | length < 1 and zabbix_proxy_conf['Fping6Location'] is not defined %}
DBName=/var/lib/zabbix/db/proxy.sqlite
ProxyOfflineBuffer=72
SocketDir=/var/run/zabbix
ConfigFrequency=600
DataSenderFrequency=30
CacheSize={{ zabbix_proxy_cache_size | default('32M') }}
StartPollers={{ zabbix_proxy_pollers | default(5) }}
StartIPMIPollers={{ zabbix_proxy_ipmi_pollers | default(1) }}
StartPollersUnreachable={{ zabbix_proxy_unreachable_pollers | default(2) }}
StartTrappers={{ zabbix_proxy_trappers | default(5) }}
StartPingers={{ zabbix_proxy_pingers | default(4) }}
StartDiscoverers={{ zabbix_proxy_discoverers | default(1) }}
StartHTTPPollers={{ zabbix_proxy_http_pollers | default(1) }}
Timeout={{ zabbix_proxy_timeout | default(30) }}
ExternalScripts=/var/lib/zabbix/bin/
TmpDir=/var/lib/zabbix/tmp
{% if zabbix_proxy_encryption | default('none') == 'psk' %}
TLSPSKFile=/etc/zabbix/zabbix_proxy.psk
TLSPSKIdentity={{ inventory_hostname }}-proxy
TLSConnect=psk
TLSAccept=psk
{% endif %}
{% if ansible_all_ipv6_addresses | length < 1 %}
Fping6Location= Fping6Location=
{% endif %} {% endif %}