Update to 2024-09-04 10:00

2025-04-11 15:53:21 +02:00 · 2024-09-04 10:00:14 +02:00 · 2024-09-04 10:00:14 +02:00 · ecfba7bb01
commit ecfba7bb01
parent 24261372f0
8 changed files with 58 additions and 27 deletions
--- a/roles/zabbix_server/defaults/main.yml
+++ b/roles/zabbix_server/defaults/main.yml
@ -15,7 +15,7 @@ zabbix_server_db_name: zabbix
 # zabbix_server_db_pass: secret

 zabbix_server_php_user: zabbix
-zabbix_server_php_version: 74
+zabbix_server_php_version: 82

 # If you want to use a custom php pool
 # zabbix_server_php_fpm_pool: php70
--- a/roles/zabbix_server/files/zabbix_server.te
+++ b/roles/zabbix_server/files/zabbix_server.te
@ -1,10 +1,12 @@
-module zabbix_server 1.2;
+module zabbix_server 1.4;

 require {
        type zabbix_var_run_t;
        type zabbix_t;
        type zabbix_var_lib_t;
        type mysqld_db_t;
+        type httpd_t;
+        type unconfined_service_t;
        class sock_file { create unlink write };
        class unix_stream_socket connectto;
        class file { execute execute_no_trans };
@ -17,4 +19,5 @@ allow zabbix_t self:capability dac_override;
 allow zabbix_t zabbix_var_lib_t:file { execute execute_no_trans };
 allow zabbix_t zabbix_var_run_t:sock_file { create unlink };
 allow zabbix_t mysqld_db_t:sock_file write;
-
+allow zabbix_t unconfined_service_t:unix_stream_socket connectto;
+allow httpd_t unconfined_service_t:unix_stream_socket connectto;
--- a/roles/zabbix_server/tasks/facts.yml
+++ b/roles/zabbix_server/tasks/facts.yml
@ -1,11 +1,19 @@
 ---

- import_tasks: ../includes/get_rand_pass.yml
-  vars:
-    - pass_file: /etc/zabbix/ansible_db_pass
-  when: zabbix_server_db_pass is not defined
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
  tags: zabbix
- set_fact: zabbix_server_db_pass={{ rand_pass }}
+
+# Create a random app secret if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "/etc/zabbix/ansible_db_pass"
+    - set_fact: zabbix_server_db_pass={{ rand_pass }}
  when: zabbix_server_db_pass is not defined
  tags: zabbix

--- a/roles/zabbix_server/tasks/install.yml
+++ b/roles/zabbix_server/tasks/install.yml
@ -1,22 +1,7 @@
 ---

- name: Install packages
-  yum:
-    name:
-      - zabbix-server-mysql
-      - zabbix-web
-      - zabbix-java-gateway
-      - zabbix-get
-      - mariadb
-      - fping
-      - patrix
-      - perl-JSON
-      - perl-IO-Socket-SSL
-      - perl-libwww-perl
-      - perl-URI
-      - perl-DateTime-Format-ISO8601
-      - perl-Getopt-Long
-      - perl-Pod-Usage
+- name: Installed packages
+  package: name={{ zabbix_server_packages }}
  tags: zabbix

 - name: Install backup scripts
--- a/roles/zabbix_server/tasks/selinux.yml
+++ b/roles/zabbix_server/tasks/selinux.yml
@ -18,7 +18,7 @@
  when: zabbix_server_selinux_policy.changed
  tags: zabbix

- name: Load policy for Zabbix Proxy
+- name: Load policy for Zabbix Server
  command: semodule -i /etc/selinux/targeted/local/zabbix_server.pp
  when: zabbix_server_selinux_policy.changed
  tags: zabbix
--- a/roles/zabbix_server/templates/php.conf.j2
+++ b/roles/zabbix_server/templates/php.conf.j2
@ -27,7 +27,7 @@ php_admin_value[upload_tmp_dir] = /tmp
 php_admin_value[post_max_size] = 32M
 php_admin_value[upload_max_filesize] = 5M
 php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
-php_admin_value[open_basedir] = /usr/share/zabbix:/etc/zabbix:/tmp:/var/lib/zabbix/sessions:/etc/alternative/:/usr/share/fonts/dejavu/
+php_admin_value[open_basedir] = /usr/share/zabbix:/etc/zabbix:/tmp:/var/lib/zabbix/sessions:/etc/alternative/:/usr/share/fonts/dejavu/:/usr/share/zabbix/assets/fonts/graphfont.ttf
 php_admin_value[max_execution_time] = 600
 php_admin_value[max_input_time] = 600
 php_admin_flag[allow_url_include] = off
--- a/roles/zabbix_server/vars/RedHat-8.yml
+++ b/roles/zabbix_server/vars/RedHat-8.yml
@ -0,0 +1,17 @@
+---
+
+zabbix_server_packages:
+  - zabbix-server-mysql
+  - zabbix-web
+  - zabbix-java-gateway
+  - zabbix-get
+  - mariadb
+  - fping
+  - patrix
+  - perl-JSON
+  - perl-IO-Socket-SSL
+  - perl-libwww-perl
+  - perl-URI
+  - perl-DateTime-Format-ISO8601
+  - perl-Getopt-Long
+  - perl-Pod-Usage
--- a/roles/zabbix_server/vars/RedHat-9.yml
+++ b/roles/zabbix_server/vars/RedHat-9.yml
@ -0,0 +1,18 @@
+---
+
+zabbix_server_packages:
+  - glibc-langpack-en
+  - zabbix-server-mysql
+  - zabbix-web
+  - zabbix-java-gateway
+  - zabbix-get
+  - mariadb
+  - fping
+  - patrix
+  - perl-JSON
+  - perl-IO-Socket-SSL
+  - perl-libwww-perl
+  - perl-URI
+  - perl-DateTime-Format-ISO8601
+  - perl-Getopt-Long
+  - perl-Pod-Usage