From 7bc2a10a8c3dd9728653e143ba3550d02ba2ffe7 Mon Sep 17 00:00:00 2001 From: Troy W Date: Thu, 6 Jun 2024 12:57:16 -0400 Subject: [PATCH] Separate installation of repos (#1272) --- .github/workflows/repo.yml | 72 ++++++++++++ changelogs/fragments/pr_1250.yml | 7 ++ docs/ZABBIX_AGENT_ROLE.md | 4 +- docs/ZABBIX_JAVAGATEWAY_ROLE.md | 1 + docs/ZABBIX_PROXY_ROLE.md | 3 +- docs/ZABBIX_REPO_ROLE.md | 92 ++++++++++++++++ docs/ZABBIX_SERVER_ROLE.md | 11 +- docs/ZABBIX_WEB_ROLE.md | 11 +- .../zabbix_agent_tests/common/molecule.yml | 2 + molecule/zabbix_javagateway/molecule.yml | 3 + molecule/zabbix_proxy/molecule.yml | 3 + molecule/zabbix_repo/converge.yml | 4 + molecule/zabbix_repo/destroy.yml | 23 ++++ molecule/zabbix_repo/molecule.yml | 33 ++++++ molecule/zabbix_repo/prepare.yml | 26 +++++ molecule/zabbix_repo/tests/test_default.py | 19 ++++ molecule/zabbix_server/molecule.yml | 3 + molecule/zabbix_web/molecule.yml | 2 + roles/zabbix_agent/defaults/main.yml | 35 +----- roles/zabbix_agent/tasks/Debian.yml | 93 ---------------- roles/zabbix_agent/tasks/Linux.yml | 3 +- roles/zabbix_agent/tasks/RedHat.yml | 19 ---- roles/zabbix_agent/tasks/main.yml | 9 ++ roles/zabbix_agent/tasks/selinux.yml | 2 +- roles/zabbix_agent/vars/Debian.yml | 3 - roles/zabbix_javagateway/defaults/main.yml | 23 ---- roles/zabbix_javagateway/tasks/Debian.yml | 56 ---------- roles/zabbix_javagateway/tasks/RedHat.yml | 19 ---- roles/zabbix_javagateway/tasks/main.yml | 9 ++ roles/zabbix_javagateway/vars/Debian.yml | 3 - roles/zabbix_proxy/defaults/main.yml | 22 ---- roles/zabbix_proxy/requirements.yml | 3 - roles/zabbix_proxy/tasks/Debian.yml | 103 ------------------ roles/zabbix_proxy/tasks/main.yml | 15 ++- roles/zabbix_proxy/vars/Debian.yml | 2 - roles/zabbix_repo/README.md | 1 + roles/zabbix_repo/defaults/main.yml | 26 +++++ roles/zabbix_repo/handlers/main.yml | 6 + roles/zabbix_repo/meta/main.yml | 26 +++++ .../tasks/Debian.yml | 41 +++---- .../tasks/RedHat.yml | 24 ++-- roles/zabbix_repo/tasks/main.yml | 8 ++ roles/zabbix_repo/vars/Debian.yml | 3 + roles/zabbix_repo/vars/RedHat.yml | 1 + roles/zabbix_repo/vars/main.yml | 2 + roles/zabbix_server/defaults/main.yml | 22 ---- roles/zabbix_server/requirements.yml | 5 - roles/zabbix_server/tasks/RedHat.yml | 39 ------- roles/zabbix_server/tasks/main.yml | 14 ++- roles/zabbix_server/vars/Debian.yml | 3 - roles/zabbix_web/defaults/main.yml | 21 ---- roles/zabbix_web/tasks/Debian.yml | 72 ------------ roles/zabbix_web/tasks/RedHat.yml | 22 +--- roles/zabbix_web/tasks/apache.yml | 2 +- roles/zabbix_web/tasks/main.yml | 9 ++ roles/zabbix_web/vars/Debian.yml | 3 - 56 files changed, 467 insertions(+), 621 deletions(-) create mode 100644 .github/workflows/repo.yml create mode 100644 changelogs/fragments/pr_1250.yml create mode 100644 docs/ZABBIX_REPO_ROLE.md create mode 100644 molecule/zabbix_repo/converge.yml create mode 100644 molecule/zabbix_repo/destroy.yml create mode 100644 molecule/zabbix_repo/molecule.yml create mode 100644 molecule/zabbix_repo/prepare.yml create mode 100644 molecule/zabbix_repo/tests/test_default.py delete mode 100644 roles/zabbix_proxy/requirements.yml delete mode 100644 roles/zabbix_proxy/tasks/Debian.yml create mode 120000 roles/zabbix_repo/README.md create mode 100644 roles/zabbix_repo/defaults/main.yml create mode 100644 roles/zabbix_repo/handlers/main.yml create mode 100644 roles/zabbix_repo/meta/main.yml rename roles/{zabbix_server => zabbix_repo}/tasks/Debian.yml (70%) rename roles/{zabbix_proxy => zabbix_repo}/tasks/RedHat.yml (68%) create mode 100644 roles/zabbix_repo/tasks/main.yml create mode 100644 roles/zabbix_repo/vars/Debian.yml create mode 100644 roles/zabbix_repo/vars/RedHat.yml create mode 100644 roles/zabbix_repo/vars/main.yml delete mode 100644 roles/zabbix_server/requirements.yml delete mode 100644 roles/zabbix_server/tasks/RedHat.yml diff --git a/.github/workflows/repo.yml b/.github/workflows/repo.yml new file mode 100644 index 000000000..e124a6e60 --- /dev/null +++ b/.github/workflows/repo.yml @@ -0,0 +1,72 @@ +--- +name: "community.zabbix.zabbix_repo" +on: + push: + paths: + - "roles/zabbix_repo/**" + - "molecule/zabbix_repo/**" + - "molecule/requirements.txt" + - ".github/workflows/server.yml" + pull_request: + paths: + - "roles/zabbix_repo/**" + - "molecule/zabbix_repo/**" + - "molecule/requirements.txt" + - ".github/workflows/server.yml" +jobs: + molecule: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + container: + - rockylinux9 + - rockylinux8 + - ubuntu2404 + - ubuntu2204 + - ubuntu2004 + - debian12 + - debian11 + collection_role: + - zabbix_repo + version: + - v64 + - v60 + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python 3.9 + uses: actions/setup-python@v5 + with: + python-version: 3.9 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r molecule/requirements.txt + + - name: Build the collection + run: | + # Pin versions to speed up CI + sed -i 's/ansible\.windows:\s*"\*"/ansible.windows: "2.3.0"/' galaxy.yml + sed -i 's/ansible\.netcommon:\s*"\*"/ansible.netcommon: "6.1.1"/' galaxy.yml + sed -i 's/ansible\.posix:\s*"\*"/ansible.posix: "1.5.4"/' galaxy.yml + sed -i 's/community\.general:\s*"\*"/community.general: "8.6.0"/' galaxy.yml + sed -i 's/community\.mysql:\s*"\*"/community.mysql: "3.9.0"/' galaxy.yml + sed -i 's/community\.postgresql:\s*"\*"/community.postgresql: "3.4.0"/' galaxy.yml + + collection_file=$( basename $(ansible-galaxy collection build -f | awk -F" " '{print $NF}')) + echo "COLLECTION_FILE=$collection_file" >> $GITHUB_ENV + + - name: Install the collection + run: ansible-galaxy collection install -vvvv $COLLECTION_FILE + + - name: Run server role tests + run: >- + MY_MOLECULE_CONTAINER=${{ matrix.container }} + MY_MOLECULE_IMAGE=${{ matrix.container }} + MY_MOLECULE_VERSION=${{ matrix.version }} + MY_MOLECULE_DOCKER_COMMAND=${{ matrix.command }} + molecule test -s ${{ matrix.collection_role }} diff --git a/changelogs/fragments/pr_1250.yml b/changelogs/fragments/pr_1250.yml new file mode 100644 index 000000000..236268b72 --- /dev/null +++ b/changelogs/fragments/pr_1250.yml @@ -0,0 +1,7 @@ +major_changes: + - All Roles - Separate installation of Zabbix repo from all other roles and link them together. +minor_changes: + - All Roles - Include installation of GPG key for RHEL based operating systems. + - All Roles - Add support for yum authentication on RHEL based operating systems. + - All Roles - Add the `zabbix_manage_repo` variable. + - All Roles - Changed logic for installing selinux related changes based the status of selinux on the target system. diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md index dcc7ed6ff..870c5ded6 100644 --- a/docs/ZABBIX_AGENT_ROLE.md +++ b/docs/ZABBIX_AGENT_ROLE.md @@ -119,10 +119,12 @@ The following is an overview of all available configuration default for this rol * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. * `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key. * `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### SElinux -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_zabbix_run_sudo`: Default: `False`. Enable Zabbix root access on system. ### Zabbix Agent diff --git a/docs/ZABBIX_JAVAGATEWAY_ROLE.md b/docs/ZABBIX_JAVAGATEWAY_ROLE.md index 149ae05b3..9207b1c6c 100644 --- a/docs/ZABBIX_JAVAGATEWAY_ROLE.md +++ b/docs/ZABBIX_JAVAGATEWAY_ROLE.md @@ -64,6 +64,7 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. * `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. * `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### Java Gatewaty diff --git a/docs/ZABBIX_PROXY_ROLE.md b/docs/ZABBIX_PROXY_ROLE.md index 5aaeb36e5..f91856355 100644 --- a/docs/ZABBIX_PROXY_ROLE.md +++ b/docs/ZABBIX_PROXY_ROLE.md @@ -105,6 +105,7 @@ The following is an overview of all available configuration default for this rol * `zabbix_proxy_manage_service`: Default: `True`. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service. * `zabbix_proxy_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_proxy_include`. * `zabbix_proxy_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### Database specific @@ -138,7 +139,7 @@ The following is an overview of all available configuration default for this rol ### SElinux -* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. +Selinux changes will be installed based on the status of selinux running on the target system. ## Proxy diff --git a/docs/ZABBIX_REPO_ROLE.md b/docs/ZABBIX_REPO_ROLE.md new file mode 100644 index 000000000..68aa633d9 --- /dev/null +++ b/docs/ZABBIX_REPO_ROLE.md @@ -0,0 +1,92 @@ +# community.zabbix.zabbix_server role + +![Zabbix Manage Repo](https://github.com/ansible-collections/community.zabbix/workflows/community.zabbix.zabbix_manage_repo/badge.svg) + +**Table of Contents** + +- [Overview](#overview) +- [Requirements](#requirements) + * [Operating systems](#operating-systems) + * [Zabbix Versions](#zabbix-versions) +- [Installation](#installation) +- [Role Variables](#role-variables) +- [Example Playbook](#example-playbook) +- [License](#license) +- [Author Information](#author-information) + +# Overview + +This is a Ansible role for installing the yum or apt repository for Zabbix. This will not install the Zabbix Server or any other component of Zabbix itself. + +# Requirements + +## Operating systems + +This role will work on the following operating systems: + + * Red Hat + * Debian + * Ubuntu + +So, you'll need one of those operating systems.. :-) +Please send Pull Requests or suggestions when you want to use this role for other Operating systems. + +## Zabbix Versions + +See the following list of supported Operating systems with the Zabbix releases: + +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | + +# Installation + +Installing this role is very simple: `ansible-galaxy install community.zabbix.zabbix_manage_repo` + +Please be aware that this role only installs the repo itself. It is generally used by the various other Zabbix roles (i.e. server or web) and not normally used by itself. + +# Role Variables + +* `zabbix_repo_apt_priority`: Option: An integer value for the priority of the repo. +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. +* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. +* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_repo_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_http_proxy`: Optional: HTTP proxy information. +* `zabbix_https_proxy`: Optional: HTTPS proxy information. +* `zabbix_repo_gpg_key`: Optional: The keyring path. Default: `{{ debian_keyring_path }}zabbix-repo.asc` +* `zabbix_repo_keyring_path`: Optional: The path to store keyrings in Debian distributions. Default: `/etc/apt/keyrings/` +* `zabbix_repo_package`: The name of the package to lock the apt priority to. +* `zabbix_repo_version`: Optional. The main version (i.e. major.minor) of Zabbix that will be installed on the host(s). Default: 6.4 +* `zabbix_repo_yum`: A list with Yum repository configuration. +* `zabbix_repo_yum_gpg_check`: Optional. Yum should check GPG keys. Default: 0 +* `zabbix_repo_yum_gpg_key_url`: The URL to download the Zabbix GPG key from. Default: `http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD` +* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) + +# Example Playbook + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + +```yaml + - hosts: zabbix-server + roles: + - role: community.zabbix.zabbix_repo +``` + +# License + +GNU General Public License v3.0 or later + +See LICENCE to see the full text. + +# Author Information + +Please send suggestion or pull requests to make this role better. Also let us know if you encounter any issues installing or using this role. + +Github: https://github.com/ansible-collections/community.zabbix diff --git a/docs/ZABBIX_SERVER_ROLE.md b/docs/ZABBIX_SERVER_ROLE.md index dd3dd30f8..0659aaf14 100644 --- a/docs/ZABBIX_SERVER_ROLE.md +++ b/docs/ZABBIX_SERVER_ROLE.md @@ -103,19 +103,16 @@ The following is an overview of all available configuration default for this rol * `zabbix_server_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_server_version: 6.0`. * `zabbix_server_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) * `zabbix_server_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_service_state`: Default: `started`. Can be overridden to stopped if needed * `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed -* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}` -* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. -* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. -* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. + ### SElinux -* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_zabbix_can_network`: Default: `False`. * `selinux_allow_zabbix_can_http`: Default: `False`. diff --git a/docs/ZABBIX_WEB_ROLE.md b/docs/ZABBIX_WEB_ROLE.md index 120bb0cb7..16558348e 100644 --- a/docs/ZABBIX_WEB_ROLE.md +++ b/docs/ZABBIX_WEB_ROLE.md @@ -88,16 +88,12 @@ The following is an overview of all available configuration defaults for this ro * `zabbix_web_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_web_version: 6.0`. * `zabbix_web_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) * `zabbix_web_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_web_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. * `zabbix_web_doubleprecision`: Default: `False`. For upgraded installations, please read database [upgrade notes](https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500) (Paragraph "Enabling extended range of numeric (float) values") before enabling this option. * `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. -* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}` -* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. -* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. -* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. + ### Zabbix Web specific @@ -156,7 +152,8 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config ### SElinux -* `zabbix_web_selinux`: Default: `False`. Enables an SELinux policy so that the web will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_httpd_can_connect_zabbix`: Default: `false`. Set SELinux boolean to allow httpd to connect to zabbix. * `selinux_allow_httpd_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP. * `selinux_allow_httpd_can_network_connect_db`: Default: `false` Set SELinux boolean to allow httpd to connect databases over the network. diff --git a/molecule/zabbix_agent_tests/common/molecule.yml b/molecule/zabbix_agent_tests/common/molecule.yml index 4666f0192..bdb70e74f 100644 --- a/molecule/zabbix_agent_tests/common/molecule.yml +++ b/molecule/zabbix_agent_tests/common/molecule.yml @@ -33,6 +33,8 @@ provisioner: zabbix_agent_listenip: 0.0.0.0 zabbix_agent_tlsconnect: psk zabbix_agent_tlsaccept: psk + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_agent_version: 6.4 v62: diff --git a/molecule/zabbix_javagateway/molecule.yml b/molecule/zabbix_javagateway/molecule.yml index 4e1a05ab2..c0481cb00 100644 --- a/molecule/zabbix_javagateway/molecule.yml +++ b/molecule/zabbix_javagateway/molecule.yml @@ -21,6 +21,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_javagateway_version: 6.4 v62: diff --git a/molecule/zabbix_proxy/molecule.yml b/molecule/zabbix_proxy/molecule.yml index 128841a25..f9567dad5 100644 --- a/molecule/zabbix_proxy/molecule.yml +++ b/molecule/zabbix_proxy/molecule.yml @@ -23,6 +23,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_proxy_version: 6.4 v62: diff --git a/molecule/zabbix_repo/converge.yml b/molecule/zabbix_repo/converge.yml new file mode 100644 index 000000000..52433ba46 --- /dev/null +++ b/molecule/zabbix_repo/converge.yml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - role: zabbix_repo diff --git a/molecule/zabbix_repo/destroy.yml b/molecule/zabbix_repo/destroy.yml new file mode 100644 index 000000000..7ef374be5 --- /dev/null +++ b/molecule/zabbix_repo/destroy.yml @@ -0,0 +1,23 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(True) }}" + with_items: "{{ molecule_yml.platforms }}" + + - name: Destroy 3rd party instance(s) + docker_container: + name: "{{ item.name }}-db" + state: absent + force_kill: true + loop: "{{ molecule_yml.platforms }}" diff --git a/molecule/zabbix_repo/molecule.yml b/molecule/zabbix_repo/molecule.yml new file mode 100644 index 000000000..873e93ced --- /dev/null +++ b/molecule/zabbix_repo/molecule.yml @@ -0,0 +1,33 @@ +--- +driver: + name: docker +platforms: + - name: zabbix-repo-${MY_MOLECULE_VERSION:-v64}-${MY_MOLECULE_CONTAINER:-rockylinux8} + image: geerlingguy/docker-${MY_MOLECULE_IMAGE:-rockylinux8}-ansible:latest + privileged: true + pre_build_image: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + networks: + - name: zabbix + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + groups: + - ${MY_MOLECULE_VERSION:-v64} + +provisioner: + name: ansible + env: + ANSIBLE_COLLECTIONS_PATHS: $HOME/.ansible/collections/ansible_collections/community/zabbix + ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles + inventory: + group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 + v64: + zabbix_server_version: 6.4 + v60: + zabbix_server_version: 6.0 + +verifier: + name: testinfra diff --git a/molecule/zabbix_repo/prepare.yml b/molecule/zabbix_repo/prepare.yml new file mode 100644 index 000000000..1d33fac42 --- /dev/null +++ b/molecule/zabbix_repo/prepare.yml @@ -0,0 +1,26 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: "Apt update" + ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" + args: + warn: "{{ produce_warn | default(omit) }}" + register: installation_dependencies + until: installation_dependencies is succeeded + when: + - ansible_os_family != 'RedHat' + + - name: "Configure SUDO." + ansible.builtin.lineinfile: + dest: /etc/sudoers + line: "Defaults !requiretty" + state: present + + - name: "Make sure the docs are installed." + ansible.builtin.lineinfile: + dest: /etc/yum.conf + line: "tsflags=nodocs" + state: absent + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/zabbix_repo/tests/test_default.py b/molecule/zabbix_repo/tests/test_default.py new file mode 100644 index 000000000..81d1393f1 --- /dev/null +++ b/molecule/zabbix_repo/tests/test_default.py @@ -0,0 +1,19 @@ +import os +import pytest +from pathlib import Path + + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") + + +def test_zabbix_manage_repo_installed(host): + os = host.system_info.distribution + if os in ["rocky"]: + result = host.ansible("command", "yum update -y", check=False, become=True)["rc"] + elif os in ["debian", "ubuntu"]: + result = host.ansible("command", "apt update", check=False, become=True)["rc"] + assert result == 0 diff --git a/molecule/zabbix_server/molecule.yml b/molecule/zabbix_server/molecule.yml index ff7972ef7..c67162b42 100644 --- a/molecule/zabbix_server/molecule.yml +++ b/molecule/zabbix_server/molecule.yml @@ -22,6 +22,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_server_version: 6.4 v62: diff --git a/molecule/zabbix_web/molecule.yml b/molecule/zabbix_web/molecule.yml index 135acf0e1..720e3f0a7 100644 --- a/molecule/zabbix_web/molecule.yml +++ b/molecule/zabbix_web/molecule.yml @@ -33,6 +33,8 @@ provisioner: group_vars: all: zabbix_api_server_url: zabbix-web-${MY_MOLECULE_VERSION:-v64}-${MY_MOLECULE_DATABASE:-mysql}-${MY_MOLECULE_CONTAINER:-rockylinux8} + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_server_version: 6.4 zabbix_web_version: 6.4 diff --git a/roles/zabbix_agent/defaults/main.yml b/roles/zabbix_agent/defaults/main.yml index 43946b810..8831cc759 100644 --- a/roles/zabbix_agent/defaults/main.yml +++ b/roles/zabbix_agent/defaults/main.yml @@ -10,7 +10,7 @@ zabbix_agent_sender_package: "{{ zabbix_sender_package }}" zabbix_get_package: zabbix-get # Depricate in 3.0 zabbox_agent_get_package: "{{ zabbix_get_package }}" zabbix_agent_package_state: present -zabbix_selinux: false +zabbix_agent_selinux: false zabbix_agent_conf_mode: "0644" zabbix_agent_dont_detect_ip: false @@ -18,9 +18,6 @@ zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" # Selinux related vars selinux_allow_zabbix_run_sudo: false -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true - zabbix_agent_install_agent_only: false # Zabbix role related vars @@ -28,35 +25,8 @@ zabbix_apt_force_apt_get: true zabbix_apt_install_recommends: false # Override Ansible specific facts -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https zabbix_agent_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-agent2-plugins - description: Zabbix Official Repository (Agent2 Plugins) - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main # Zabbix API stuff zabbix_api_server_host: localhost @@ -102,8 +72,7 @@ zabbix_agent_chassis: false zabbix_agent_tls_config: unencrypted: "1" psk: "2" - cert: - "4" + cert: "4" # IPMI settings zabbix_agent_ipmi_authtype: -1 diff --git a/roles/zabbix_agent/tasks/Debian.yml b/roles/zabbix_agent/tasks/Debian.yml index 940f1e2f0..d19378424 100644 --- a/roles/zabbix_agent/tasks/Debian.yml +++ b/roles/zabbix_agent/tasks/Debian.yml @@ -1,99 +1,6 @@ --- # Tasks specific for Debian/Ubuntu Systems -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Installing gnupg" - ansible.builtin.apt: - pkg: gnupg - update_cache: true - cache_valid_time: 3600 - force: true - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - tags: - - install - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: Configure APT Prefrence - when: - - zabbix_agent_apt_priority is defined - - zabbix_agent_apt_priority | int - block: - - name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - become: true - - - name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" - content: | - Package: {{ zabbix_agent_package }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_agent_apt_priority | int }} - owner: root - mode: "0644" - become: true - tags: - - install - - name: "Debian | Installing zabbix-agent" ansible.builtin.apt: pkg: "{{ zabbix_agent_package }}" diff --git a/roles/zabbix_agent/tasks/Linux.yml b/roles/zabbix_agent/tasks/Linux.yml index aa8bca132..52870b7ba 100644 --- a/roles/zabbix_agent/tasks/Linux.yml +++ b/roles/zabbix_agent/tasks/Linux.yml @@ -85,8 +85,7 @@ - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_selinux | bool + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: "Adding zabbix group" ansible.builtin.group: diff --git a/roles/zabbix_agent/tasks/RedHat.yml b/roles/zabbix_agent/tasks/RedHat.yml index caab1e4f3..48ee3a2c2 100644 --- a/roles/zabbix_agent/tasks/RedHat.yml +++ b/roles/zabbix_agent/tasks/RedHat.yml @@ -1,25 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Installing zabbix-agent" ansible.builtin.package: pkg: diff --git a/roles/zabbix_agent/tasks/main.yml b/roles/zabbix_agent/tasks/main.yml index 509bb629f..22d5ae3e6 100644 --- a/roles/zabbix_agent/tasks/main.yml +++ b/roles/zabbix_agent/tasks/main.yml @@ -87,6 +87,15 @@ zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" when: zabbix_api_server_port is undefined +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_version: "{{ zabbix_agent_version }}" + zabbix_repo_package: "{{ zabbix_agent_package }}" + zabbix_repo_apt_priority: "{{ zabbix_agent_apt_priority | default (omit) }}" + when: zabbix_manage_repo | default(true) + - name: "Install the correct repository" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" when: diff --git a/roles/zabbix_agent/tasks/selinux.yml b/roles/zabbix_agent/tasks/selinux.yml index f82072d68..80a718119 100644 --- a/roles/zabbix_agent/tasks/selinux.yml +++ b/roles/zabbix_agent/tasks/selinux.yml @@ -67,7 +67,7 @@ - name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" ansible.builtin.set_fact: - zabbix_selinux: "{{ true }}" + zabbix_agent_selinux: "{{ true }}" when: - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' tags: diff --git a/roles/zabbix_agent/vars/Debian.yml b/roles/zabbix_agent/vars/Debian.yml index fa6e088d1..e7c7d0629 100644 --- a/roles/zabbix_agent/vars/Debian.yml +++ b/roles/zabbix_agent/vars/Debian.yml @@ -33,6 +33,3 @@ zabbix_valid_agent_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_javagateway/defaults/main.yml b/roles/zabbix_javagateway/defaults/main.yml index d7f659648..093d189f4 100644 --- a/roles/zabbix_javagateway/defaults/main.yml +++ b/roles/zabbix_javagateway/defaults/main.yml @@ -3,35 +3,12 @@ #zabbix_javagateway_version:6.4 zabbix_javagateway_package_state: present -zabbix_repo_yum_schema: https zabbix_java_gateway_conf_mode: "0644" -zabbix_repo_yum_gpgcheck: 0 zabbix_javagateway_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid zabbix_javagateway_listenip: 0.0.0.0 zabbix_javagateway_listenport: 10052 zabbix_javagateway_startpollers: 5 - -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true diff --git a/roles/zabbix_javagateway/tasks/Debian.yml b/roles/zabbix_javagateway/tasks/Debian.yml index fd970ab75..667e53cf1 100644 --- a/roles/zabbix_javagateway/tasks/Debian.yml +++ b/roles/zabbix_javagateway/tasks/Debian.yml @@ -1,60 +1,4 @@ --- -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_javagateway_version | regex_replace('\\.', '') }}" - tags: - - always - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - register: zabbix_repo - become: true - tags: - - install - -- name: "Debian | Update apt cache if repo was added" - ansible.builtin.apt: update_cache=yes - when: zabbix_repo is changed - - name: "Debian | Installing zabbix-java-gateway" ansible.builtin.apt: pkg: zabbix-java-gateway diff --git a/roles/zabbix_javagateway/tasks/RedHat.yml b/roles/zabbix_javagateway/tasks/RedHat.yml index 96d9d3928..37f2fd3b5 100644 --- a/roles/zabbix_javagateway/tasks/RedHat.yml +++ b/roles/zabbix_javagateway/tasks/RedHat.yml @@ -1,25 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Installing zabbix-java-gateway" ansible.builtin.package: pkg: zabbix-java-gateway diff --git a/roles/zabbix_javagateway/tasks/main.yml b/roles/zabbix_javagateway/tasks/main.yml index aeeecbc8f..529af73a6 100644 --- a/roles/zabbix_javagateway/tasks/main.yml +++ b/roles/zabbix_javagateway/tasks/main.yml @@ -22,6 +22,15 @@ tags: - always +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_proxy_javagateway_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_javagateway_version }}" + zabbix_repo_package: "zabbix-java-gateway" + when: zabbix_manage_repo | default(true) + - name: "Install the correct repository" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_javagateway/vars/Debian.yml b/roles/zabbix_javagateway/vars/Debian.yml index 3ec096b9b..dbb48d793 100644 --- a/roles/zabbix_javagateway/vars/Debian.yml +++ b/roles/zabbix_javagateway/vars/Debian.yml @@ -20,6 +20,3 @@ zabbix_valid_javagateway_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_proxy/defaults/main.yml b/roles/zabbix_proxy/defaults/main.yml index 635c40f40..80574b9d6 100644 --- a/roles/zabbix_proxy/defaults/main.yml +++ b/roles/zabbix_proxy/defaults/main.yml @@ -39,29 +39,7 @@ zabbix_proxy_tls_config: zabbix_proxy_version_minor: "*" # Yum/APT Variables -zabbix_repo_yum_schema: https -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_proxy_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present -zabbix_proxy_apt_priority: zabbix_proxy_package_state: present -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true # Proxy Configuration Variables (Only ones with role provided defaults) zabbix_proxy_allowroot: 0 diff --git a/roles/zabbix_proxy/requirements.yml b/roles/zabbix_proxy/requirements.yml deleted file mode 100644 index 37db26ffa..000000000 --- a/roles/zabbix_proxy/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.mysql -- src: geerlingguy.postgresql diff --git a/roles/zabbix_proxy/tasks/Debian.yml b/roles/zabbix_proxy/tasks/Debian.yml deleted file mode 100644 index 94b56890c..000000000 --- a/roles/zabbix_proxy/tasks/Debian.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: "Debian | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_proxy_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Set some facts for Zabbix" - ansible.builtin.set_fact: - datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }} - tags: - - install - - config - -- name: "Debian | Installing gnupg" - ansible.builtin.apt: - pkg: gnupg - update_cache: true - cache_valid_time: 3600 - force: true - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - tags: - - install - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - when: - - zabbix_proxy_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-proxy-{{ zabbix_proxy_database }}" - content: | - Package: zabbix-proxy-{{ zabbix_proxy_database }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_proxy_apt_priority }} - owner: root - mode: "0644" - when: - - zabbix_proxy_apt_priority | int - become: true - tags: - - install diff --git a/roles/zabbix_proxy/tasks/main.yml b/roles/zabbix_proxy/tasks/main.yml index 3043bdaef..1c1bafe24 100644 --- a/roles/zabbix_proxy/tasks/main.yml +++ b/roles/zabbix_proxy/tasks/main.yml @@ -15,7 +15,6 @@ - name: Set More Variables ansible.builtin.set_fact: zabbix_proxy_db_long: "{{ 'postgresql' if zabbix_proxy_database == 'pgsql' else zabbix_proxy_database }}" - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" zabbix_proxy_fpinglocation: "{{ zabbix_proxy_fpinglocation if zabbix_proxy_fpinglocation is defined else _zabbix_proxy_fpinglocation}}" zabbix_proxy_fping6location: "{{ zabbix_proxy_fping6location if zabbix_proxy_fping6location is defined else _zabbix_proxy_fping6location}}" tags: @@ -46,8 +45,18 @@ - config - api -- name: "Complete OS Specific Tasks" - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_proxy_apt_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_proxy_version }}" + zabbix_repo_package: "zabbix-proxy-{{ zabbix_proxy_database }}" + when: zabbix_manage_repo | default(true) + +- name: "Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: "Install zabbix-proxy packages" ansible.builtin.package: diff --git a/roles/zabbix_proxy/vars/Debian.yml b/roles/zabbix_proxy/vars/Debian.yml index 2b1b58caf..b40a7e6a3 100644 --- a/roles/zabbix_proxy/vars/Debian.yml +++ b/roles/zabbix_proxy/vars/Debian.yml @@ -45,8 +45,6 @@ _zabbix_proxy_mysql_dependencies: _zabbix_proxy_sqlite3_dependencies: - sqlite3 -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" _zabbix_proxy_fping6location: /usr/bin/fping6 _zabbix_proxy_fpinglocation: /usr/bin/fping diff --git a/roles/zabbix_repo/README.md b/roles/zabbix_repo/README.md new file mode 120000 index 000000000..28683b139 --- /dev/null +++ b/roles/zabbix_repo/README.md @@ -0,0 +1 @@ +../../docs/ZABBIX_REPO_ROLE.md \ No newline at end of file diff --git a/roles/zabbix_repo/defaults/main.yml b/roles/zabbix_repo/defaults/main.yml new file mode 100644 index 000000000..9f4a162bf --- /dev/null +++ b/roles/zabbix_repo/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# Yum/APT Variables +zabbix_repo_version: "6.4" +zabbix_repo_yum_gpgcheck: 0 +zabbix_repo_yum_schema: https +zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_repo_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" +zabbix_repo_deb_component: main +zabbix_repo_yum: + - name: zabbix + description: Zabbix Official Repository - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_repo_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + mode: "0644" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-non-supported + description: Zabbix Official Repository non-supported - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" + mode: "0644" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present +zabbix_repo_apt_priority: +zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key +zabbix_repo_deb_include_deb_src: true +zabbix_repo_rpm_gpg_key_url: http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD diff --git a/roles/zabbix_repo/handlers/main.yml b/roles/zabbix_repo/handlers/main.yml new file mode 100644 index 000000000..5907e3a0f --- /dev/null +++ b/roles/zabbix_repo/handlers/main.yml @@ -0,0 +1,6 @@ +- name: "clean repo files from proxy creds" + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + become: true + when: + - ansible_os_family == 'RedHat' + - zabbix_http_proxy is defined or zabbix_https_proxy is defined diff --git a/roles/zabbix_repo/meta/main.yml b/roles/zabbix_repo/meta/main.yml new file mode 100644 index 000000000..8f01938a6 --- /dev/null +++ b/roles/zabbix_repo/meta/main.yml @@ -0,0 +1,26 @@ +--- +galaxy_info: + author: Werner Dijkerman + description: Installing and maintaining zabbix-server for RedHat/Debian/Ubuntu. + company: myCompany.Dotcom + license: MIT + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - lucid + - precise + - trusty + - name: Debian + versions: + - squeeze + - wheezy + galaxy_tags: + - zabbix + - monitoring + +dependencies: [] diff --git a/roles/zabbix_server/tasks/Debian.yml b/roles/zabbix_repo/tasks/Debian.yml similarity index 70% rename from roles/zabbix_server/tasks/Debian.yml rename to roles/zabbix_repo/tasks/Debian.yml index c7b106614..54b867322 100644 --- a/roles/zabbix_server/tasks/Debian.yml +++ b/roles/zabbix_repo/tasks/Debian.yml @@ -1,11 +1,4 @@ --- -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_server_version | regex_replace('\\.', '_') }}" - tags: - - always - - name: "Debian | Installing gnupg" ansible.builtin.apt: pkg: gnupg @@ -25,9 +18,9 @@ # In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. # It SHOULD be created with permissions 0755 if it is needed and does not already exist. # See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" +- name: "Debian | Create {{ zabbix_repo_keyring_path }} on older versions" ansible.builtin.file: - path: /etc/apt/keyrings/ + path: "{{ zabbix_repo_keyring_path }}" state: directory mode: "0755" become: true @@ -36,17 +29,17 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. + when: not ansible_check_mode # Because get_url always has changed status in check_mode. ansible.builtin.get_url: url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" + dest: "{{ zabbix_repo_gpg_key }}" mode: "0644" force: true environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_repo_files_installed - until: zabbix_server_repo_files_installed is succeeded + register: zabbix_repo_files_installed + until: zabbix_repo_files_installed is succeeded become: true tags: - install @@ -64,7 +57,8 @@ Suites: {{ ansible_distribution_release }} Components: {{ zabbix_repo_deb_component }} Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} + Signed-By: {{ zabbix_repo_gpg_key }} + register: zabbix_repo become: true tags: - install @@ -75,22 +69,31 @@ state: directory mode: "0755" when: - - zabbix_server_apt_priority | int + - zabbix_repo_apt_priority is defined + - zabbix_repo_apt_priority | int become: true tags: - install - name: "Debian | Configuring the weight for APT" ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" + dest: "/etc/apt/preferences.d/{{ zabbix_repo_package }}" content: | - Package: zabbix_server-{{ zabbix_proxy_database }} + Package: {{ zabbix_repo_package }} Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_server_apt_priority }} + Pin-Priority: {{ zabbix_repo_apt_priority }} owner: root mode: "0644" when: - - zabbix_server_apt_priority | int + - zabbix_repo_apt_priority is defined + - zabbix_repo_apt_priority | int + - zabbix_repo_package is defined + - zabbix_repo_package become: true tags: - install + +- name: "Debian | Update apt cache if repo was added" + ansible.builtin.apt: update_cache=yes + when: zabbix_repo is changed + become: true diff --git a/roles/zabbix_proxy/tasks/RedHat.yml b/roles/zabbix_repo/tasks/RedHat.yml similarity index 68% rename from roles/zabbix_proxy/tasks/RedHat.yml rename to roles/zabbix_repo/tasks/RedHat.yml index a3dddcec2..ea797d3bd 100644 --- a/roles/zabbix_proxy/tasks/RedHat.yml +++ b/roles/zabbix_repo/tasks/RedHat.yml @@ -1,12 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" - tags: - - always - - name: "RedHat | Make sure old file is absent" ansible.builtin.file: path: /etc/yum.repos.d/zabbix-supported.repo @@ -15,17 +9,28 @@ tags: - install +- name: "RedHat | Install GPG key" + ansible.builtin.rpm_key: + state: present + key: "{{ zabbix_repo_rpm_gpg_key_url }}" + become: true + tags: + - install + - name: "RedHat | Install basic repo file" ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" + gpgcheck: "{{ item.gpgcheck | default(omit) }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" + username: "{{ item.username | default(omit) }}" + password: "{{ item.password | default(omit) }}" + sslverify: "{{ item.sslverify | default('true') }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true @@ -33,8 +38,3 @@ - "clean repo files from proxy creds" tags: - install - -- name: "Configure SELinux when enabled" - ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_proxy_selinux | bool diff --git a/roles/zabbix_repo/tasks/main.yml b/roles/zabbix_repo/tasks/main.yml new file mode 100644 index 000000000..24a1060f8 --- /dev/null +++ b/roles/zabbix_repo/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Include OS-specific variables + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always + +- name: Install the correct repository + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_repo/vars/Debian.yml b/roles/zabbix_repo/vars/Debian.yml new file mode 100644 index 000000000..3576b4b76 --- /dev/null +++ b/roles/zabbix_repo/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +zabbix_repo_keyring_path: /etc/apt/keyrings/ +zabbix_repo_gpg_key: "{{ zabbix_repo_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_repo/vars/RedHat.yml b/roles/zabbix_repo/vars/RedHat.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/zabbix_repo/vars/RedHat.yml @@ -0,0 +1 @@ +--- diff --git a/roles/zabbix_repo/vars/main.yml b/roles/zabbix_repo/vars/main.yml new file mode 100644 index 000000000..3f674d7c1 --- /dev/null +++ b/roles/zabbix_repo/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for zabbix_server diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index b3c669ba9..fbd103d75 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -40,29 +40,7 @@ zabbix_service_state: started # Yum/APT Variables zabbix_server_version_minor: "*" zabbix_server_package_state: present -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_server_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present -zabbix_server_apt_priority: zabbix_server_conf_mode: 0640 -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true # Server Configuration Variables (Only ones with role provided defaults) zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts diff --git a/roles/zabbix_server/requirements.yml b/roles/zabbix_server/requirements.yml deleted file mode 100644 index 217a431bc..000000000 --- a/roles/zabbix_server/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- src: geerlingguy.apache -- src: geerlingguy.mysql -- src: geerlingguy.postgresql -- src: community.postgresql diff --git a/roles/zabbix_server/tasks/RedHat.yml b/roles/zabbix_server/tasks/RedHat.yml deleted file mode 100644 index 7fdb5bb72..000000000 --- a/roles/zabbix_server/tasks/RedHat.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Tasks specific for RedHat systems - -- name: "RedHat | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" - tags: - - always - -- name: "RedHat | Make sure old file is absent" - ansible.builtin.file: - path: /etc/yum.repos.d/zabbix-supported.repo - state: absent - become: true - tags: - - install - -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - -- name: "RedHat | Configure SELinux when enabled" - ansible.builtin.include_tasks: selinux.yml - when: ansible_facts.selinux.status | default('disabled') == 'enabled' diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml index 356403e0b..9af231a36 100644 --- a/roles/zabbix_server/tasks/main.yml +++ b/roles/zabbix_server/tasks/main.yml @@ -27,8 +27,18 @@ tags: - always -- name: Install the correct repository - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_server_apt_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_server_version }}" + zabbix_repo_package: "zabbix_server-{{ zabbix_proxy_database }}" + when: zabbix_manage_repo | default(true) + +- name: "Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: Install zabbix-server packages ansible.builtin.package: diff --git a/roles/zabbix_server/vars/Debian.yml b/roles/zabbix_server/vars/Debian.yml index 6f088bbcf..4c9acaad3 100644 --- a/roles/zabbix_server/vars/Debian.yml +++ b/roles/zabbix_server/vars/Debian.yml @@ -27,9 +27,6 @@ zabbix_valid_server_versions: - 6.2 - 6.0 -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" - _zabbix_server_pgsql_dependencies: - "{{ zabbix_server_install_database_client | ternary('postgresql-client', '') }}" - python3-psycopg2 diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index 53744bab9..e5833485a 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -49,29 +49,9 @@ zabbix_server_dbverifyhost: false zabbix_server_dbschema: # Yum/APT Variables -zabbix_web_apt_priority: zabbix_web_version_minor: "*" -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main zabbix_web_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_web_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present # Elasticsearch # zabbix_server_history_url: @@ -95,7 +75,6 @@ selinux_allow_httpd_can_connect_zabbix: false zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key zabbix_repo_deb_include_deb_src: true - # SAML certificates # zabbix_saml_idp_crt: # zabbix_saml_sp_crt: diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 4ddab341b..255ecb235 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -7,7 +7,6 @@ - name: "Debian | Set some variables" ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_web_version | regex_replace('\\.', '') }}" zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" tags: - always @@ -46,77 +45,6 @@ - dependencies - database -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - when: - - zabbix_web_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" - content: | - Package: zabbix_server-{{ zabbix_proxy_database }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_web_apt_priority }} - owner: root - mode: "0644" - when: - - zabbix_web_apt_priority | int - become: true - tags: - - install - - name: "Debian | Install zabbix-web" ansible.builtin.apt: pkg: "zabbix-frontend-php" diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml index 8dfb2e113..2cde6bd41 100644 --- a/roles/zabbix_web/tasks/RedHat.yml +++ b/roles/zabbix_web/tasks/RedHat.yml @@ -4,25 +4,6 @@ tags: - always -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description | default(omit) }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck | default(omit) }}" - gpgkey: "{{ item.gpgkey | default(omit) }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" ansible.builtin.yum: name: @@ -60,5 +41,4 @@ - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_web_selinux | bool + when: ansible_facts.selinux.status | default('disabled') == 'enabled' diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index 7e55fe3e9..fa7e78e03 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -26,7 +26,7 @@ - name: "RedHat | Install zabbix-apache-conf" ansible.builtin.yum: name: - - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" + - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor | default ('*')}}" state: "{{ zabbix_web_package_state }}" update_cache: true disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" diff --git a/roles/zabbix_web/tasks/main.yml b/roles/zabbix_web/tasks/main.yml index 54a313a1c..157a94825 100644 --- a/roles/zabbix_web/tasks/main.yml +++ b/roles/zabbix_web/tasks/main.yml @@ -50,6 +50,15 @@ - config - install +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_version: "{{ zabbix_web_version }}" + zabbix_repo_package: "zabbix-web-service" + zabbix_repo_apt_priority: "{{ zabbix_web_apt_priority | default (omit) }}" + when: zabbix_manage_repo | default(true) + - name: Include OS Specific Tasks ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index a859c0c4c..a52708c33 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -44,6 +44,3 @@ zabbix_valid_web_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc"