Skip to content

Commit

Permalink
Make Zabbix repository gpg key URL customizable (#1186)
Browse files Browse the repository at this point in the history
  • Loading branch information
jtekuelve authored Mar 7, 2024
1 parent 0a689a5 commit 5f3c13a
Show file tree
Hide file tree
Showing 21 changed files with 58 additions and 15 deletions.
7 changes: 7 additions & 0 deletions changelogs/fragments/1186-custom_gpg_key_url.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
minor_changes:
- agent, javagateway, proxy, server, and web role - introduced default variable zabbix_repo_deb_gpg_key_url with value http://repo.zabbix.com/zabbix-official-repo.key
- agent, javagateway, proxy, server, and web role - used zabbix_repo_deb_gpg_key_url in "Debian | Download gpg key" instead of hardcoded url
- agent, javagateway, proxy, server, and web role - added the http_proxy and https_proxy environment variables to "Debian | Download gpg key" analog to other tasks
- agent, javagateway, proxy, server, and web role - introduced default variable zabbix_repo_deb_include_deb_src with value true
- agent, javagateway, proxy, server, and web role - used variable zabbix_repo_deb_include_deb_src in "Debian | Installing repository" to determine whether deb-src should be added to /etc/apt/sources.list.d/zabbix.sources
- agent, javagateway, proxy, server, and web role - removed superfluous slash in zabbix_gpg_key of the Debian vars and renamed key to zabbix-repo instead of zabbix-official-repo
2 changes: 2 additions & 0 deletions docs/ZABBIX_AGENT_ROLE.md
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,8 @@ The following is an overview of all available configuration default for this rol
* `zabbix_agent_disable_repo`: A list of repos to disable during install. Default `epel`.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux

Expand Down
2 changes: 2 additions & 0 deletions docs/ZABBIX_JAVAGATEWAY_ROLE.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v
* `zabbix_javagateway_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### Java Gatewaty

Expand Down
3 changes: 3 additions & 0 deletions docs/ZABBIX_PROXY_ROLE.md
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ The following is an overview of all available configuration default for this rol
* `*zabbix_proxy_package_state`: Default: `present`. Can be overridden to `latest` to update packages
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux

* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run.
Expand Down
2 changes: 2 additions & 0 deletions docs/ZABBIX_SERVER_ROLE.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ The following is an overview of all available configuration default for this rol
* `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### SElinux

Expand Down
2 changes: 2 additions & 0 deletions docs/ZABBIX_WEB_ROLE.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,8 @@ The following is an overview of all available configuration defaults for this ro
* `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file.
* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}`
* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`.
* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`.
* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`.

### Zabbix Web specific

Expand Down
3 changes: 3 additions & 0 deletions roles/zabbix_agent/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ zabbix_agent2_deny_key: "{{ zabbix_agent_deny_key }}"
# Selinux related vars
selinux_allow_zabbix_run_sudo: false

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

zabbix_agent_install_agent_only: false
zabbix_agent_packages:
- "{{ zabbix_agent_package }}"
Expand Down
4 changes: 2 additions & 2 deletions roles/zabbix_agent/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
Expand All @@ -85,7 +85,7 @@
group: root
mode: 0644
content: |
Types: deb deb-src
Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Expand Down
2 changes: 1 addition & 1 deletion roles/zabbix_agent/vars/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,5 @@ zabbix_valid_agent_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}"
3 changes: 3 additions & 0 deletions roles/zabbix_javagateway/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,6 @@ zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid
zabbix_javagateway_listenip: 0.0.0.0
zabbix_javagateway_listenport: 10052
zabbix_javagateway_startpollers: 5

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true
7 changes: 5 additions & 2 deletions roles/zabbix_javagateway/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,13 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
tags:
- install
Expand All @@ -63,7 +66,7 @@
group: root
mode: 0644
content: |
Types: deb deb-src
Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Expand Down
2 changes: 1 addition & 1 deletion roles/zabbix_javagateway/vars/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ zabbix_valid_javagateway_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}"
2 changes: 2 additions & 0 deletions roles/zabbix_proxy/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ zabbix_repo_yum:
state: present
zabbix_proxy_apt_priority:
zabbix_proxy_package_state: present
zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

# Proxy Configuration Variables (Only ones with role provided defaults)
zabbix_proxy_allowroot: 0
Expand Down
7 changes: 5 additions & 2 deletions roles/zabbix_proxy/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,13 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: are_zabbix_proxy_dependency_packages_installed
until: are_zabbix_proxy_dependency_packages_installed is succeeded
become: true
Expand All @@ -90,7 +93,7 @@
group: root
mode: 0644
content: |
Types: deb deb-src
Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Expand Down
2 changes: 1 addition & 1 deletion roles/zabbix_proxy/vars/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ mysql_plugin:
"10": mysql_native_password

debian_keyring_path: /etc/apt/keyrings/
zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}"
_zabbix_proxy_fping6location: /usr/bin/fping6
_zabbix_proxy_fpinglocation: /usr/bin/fping
2 changes: 2 additions & 0 deletions roles/zabbix_server/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ zabbix_repo_yum:
zabbix_server_apt_priority:
zabbix_server_install_recommends: true
zabbix_server_conf_mode: 0640
zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true

# Server Configuration Variables (Only ones with role provided defaults)
zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts
Expand Down
7 changes: 5 additions & 2 deletions roles/zabbix_server/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,13 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
register: zabbix_server_repo_files_installed
until: zabbix_server_repo_files_installed is succeeded
become: true
Expand All @@ -89,7 +92,7 @@
group: root
mode: 0644
content: |
Types: deb deb-src
Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Expand Down
2 changes: 1 addition & 1 deletion roles/zabbix_server/vars/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ zabbix_valid_server_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}"
_zabbix_server_fping6location: /usr/bin/fping6
_zabbix_server_fpinglocation: /usr/bin/fping
3 changes: 3 additions & 0 deletions roles/zabbix_web/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,9 @@ zabbix_server_history_types:
- "dbl"

zabbix_selinux: false

zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key
zabbix_repo_deb_include_deb_src: true
# selinux_allow_zabbix_can_network: false
# zabbix_apache_can_connect_ldap: false

Expand Down
7 changes: 5 additions & 2 deletions roles/zabbix_web/tasks/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,10 +90,13 @@
- name: "Debian | Download gpg key"
when: not ansible_check_mode # Because get_url always has changed status in check_mode.
ansible.builtin.get_url:
url: http://repo.zabbix.com/zabbix-official-repo.key
url: "{{ zabbix_repo_deb_gpg_key_url }}"
dest: "{{ zabbix_gpg_key }}"
mode: "0644"
force: true
environment:
http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}"
https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}"
become: true
tags:
- install
Expand All @@ -105,7 +108,7 @@
group: root
mode: 0644
content: |
Types: deb deb-src
Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }}
Enabled: yes
URIs: {{ zabbix_repo_deb_url }}
Suites: {{ ansible_distribution_release }}
Expand Down
2 changes: 1 addition & 1 deletion roles/zabbix_web/vars/Debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,5 +47,5 @@ zabbix_valid_web_versions:
- 6.0

debian_keyring_path: /etc/apt/keyrings/
zabbix_gpg_key: "{{ debian_keyring_path }}/zabbix-official-repo.asc"
zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"
_zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}"

0 comments on commit 5f3c13a

Please sign in to comment.