roles/zabbix-server: Deploy Zabbix server, web UI

The *zabbix-server* role deploys the Zabbix server database, daemon, and
web interface. It requires the *apache* role to configure Apache HTTPD
to serve the web UI.

roles/zabbix-server/defaults/main.yml

@@ -0,0 +1,9 @@
+zabbix_db_name: zabbix
+zabbix_db_user: "{{ zabbix_db_name }}"
+zabbix_db_host: ""
+zabbix_php_max_execution_time: 300
+zabbix_php_memory_limit: 128M
+zabbix_php_post_max_size: 16M
+zabbix_php_upload_max_filesize: 2M
+zabbix_php_max_input_time: 300
+zabbix_web_redir: true

roles/zabbix-server/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: restart zabbix server
+  service:
+    name=zabbix-server
+    state=restarted
+- name: save firewalld configuration
+  command: firewall-cmd --runtime-to-permanent

roles/zabbix-server/library/zabbix_db_schema

@@ -0,0 +1,69 @@
+#!/usr/bin/python
+import os
+import psycopg2
+
+
+SCHEMA_DIRECTORY = '/usr/share/zabbix-postgresql'
+SCHEMA_FILES = [
+    'schema.sql',
+]
+DATA_FILES = [
+    'images.sql',
+    'data.sql',
+]
+
+def main():
+    module = AnsibleModule(
+        argument_spec=dict(
+            database=dict(required=True),
+            username=dict(required=True),
+            password=dict(no_log=True),
+            host=dict(),
+            schema_only=dict(type='bool', default=False),
+        ),
+        supports_check_mode=True,
+    )
+
+    database = module.params['database']
+    username = module.params['username']
+    password = module.params['password']
+    host = module.params['host']
+    schema_only = module.params['schema_only']
+
+    dsn = {
+        'dbname': database,
+        'user': username,
+    }
+    if password:
+        dsn['password'] = password
+    if host:
+        dsn['host'] = host
+
+    conn = psycopg2.connect(**dsn)
+    with conn.cursor() as cur:
+        cur.execute('SELECT tablename FROM pg_tables '
+                    "WHERE schemaname = 'public'")
+        changed = cur.rowcount == 0
+
+    if changed and not module.check_mode:
+        psql = module.get_bin_path('psql')
+        if password:
+            os.environ['PGPASSWORD'] = password
+        if schema_only:
+            scripts = SCHEMA_FILES
+        else:
+            scripts = SCHEMA_FILES + DATA_FILES
+        for filename in scripts:
+            path = os.path.join(SCHEMA_DIRECTORY, filename)
+            cmd = ['psql', '-U', username, '-f', path]
+            if host:
+                cmd.extend(('-h', host))
+            cmd.append(database)
+            module.run_command(cmd, check_rc=True)
+
+    module.exit_json(changed=changed)
+
+
+from ansible.module_utils.basic import *
+
+main()

roles/zabbix-server/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- apache

roles/zabbix-server/tasks/main.yml

@@ -0,0 +1,109 @@
+- name: load zabbix secrets
+  include_vars: '{{ item }}'
+  with_fileglob:
+  - vault/zabbix
+  tags: always
+
+- name: ensure zabbix packages are installed
+  package:
+    name={{ zbx_srv_required_packages|join(',') }}
+    state=present
+  tags:
+  - install
+
+- name: ensure users can connect to postgresql socket
+  seboolean:
+    name=selinuxuser_postgresql_connect_enabled
+    state=yes
+    persistent=yes
+
+- name: ensure zabbix database user exists
+  become: true
+  become_user: postgres
+  postgresql_user:
+    name: "{{ zabbix_db_user }}"
+    password: "{{ zabbix_db_password|d(omit) }}"
+    state: present
+- name: ensure zabbix database exists
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name={{ zabbix_db_name }}
+    owner={{ zabbix_db_user }}
+    state=present
+- name: ensure zabbix database is populated
+  become: false
+  zabbix_db_schema:
+    username: '{{ zabbix_db_user }}'
+    database: '{{ zabbix_db_name }}'
+    password: '{{ zabbix_db_password|d(omit) }}'
+    host: '{{ zabbix_db_host|d(omit) }}'
+
+- name: ensure zabbix server temporary directory exists
+  file:
+    path=/var/tmp/zabbixsrv
+    mode=0750
+    owner=zabbixsrv
+    group=zabbixsrv
+    seuser=system_u
+    setype=zabbix_tmp_t
+    state=directory
+
+- name: ensure zabbix server is configured
+  template:
+    src=zabbix_server.conf.j2
+    dest=/etc/zabbix_server.conf
+    owner=root
+    group=zabbixsrv
+    mode=0640
+  notify: restart zabbix server
+
+- name: ensure zabbix is allowed in firewall
+  firewalld:
+    port=10051/tcp
+    permanent=no
+    immediate=yes
+    state=enabled
+  notify: save firewalld configuration
+  tags:
+  - firewalld
+- name: ensure zabbix server can connect to the network
+  seboolean:
+    name=zabbix_can_network
+    state=yes
+    persistent=yes
+
+- name: ensure zabbix server starts at boot
+  service:
+    name=zabbix-server-pgsql
+    enabled=yes
+- meta: flush_handlers
+- name: ensure zabbix server is running
+  service:
+    name=zabbix-server-pgsql
+    state=started
+
+- name: ensure php is configured for zabbix front end
+  template:
+    src=zabbix-php.httpd.conf.j2
+    dest=/etc/httpd/conf.d/zabbix-php.conf
+    mode=0644
+  notify: reload httpd
+- name: ensure zabbix web gui is configured
+  template:
+    src=zabbix.conf.php.j2
+    dest=/etc/zabbix/web/zabbix.conf.php
+    owner=root
+    group=apache
+    mode=0640
+- name: ensure zabbix web gui redirect is configured
+  template:
+    src=zabbix-redir.httpd.conf.j2
+    dest=/etc/httpd/conf.d/zabbix-redir.conf
+    mode=0644
+  notify: reload httpd
+- name: ensure apache can connect to zabbix
+  seboolean:
+    name=httpd_can_network_connect
+    persistent=yes
+    state=yes

roles/zabbix-server/templates/zabbix-php.httpd.conf.j2

@@ -0,0 +1,6 @@
+php_value max_execution_time {{ zabbix_php_max_execution_time }}
+php_value memory_limit {{ zabbix_php_memory_limit }}
+php_value post_max_size {{ zabbix_php_post_max_size }}
+php_value upload_max_filesize {{ zabbix_php_upload_max_filesize }}
+php_value max_input_time {{ zabbix_php_max_input_time }}
+php_value date.timezone {{ zabbix_php_timezone|d('UTC') }}

roles/zabbix-server/templates/zabbix-redir.httpd.conf.j2

@@ -0,0 +1,6 @@
+# vim: set ft=apache :
+
+# Automatically redirect requests for / to /zabbix/
+{% if zabbix_web_redir|bool %}
+RedirectMatch 301 ^/$ /zabbix/
+{% endif %}

roles/zabbix-server/templates/zabbix.conf.php.j2

@@ -0,0 +1,20 @@
+<?php
+// Zabbix GUI configuration file
+global $DB;
+
+$DB['TYPE']     = 'POSTGRESQL';
+$DB['SERVER']   = '{{ zabbix_db_host }}';
+$DB['PORT']     = '{{ zabbix_db_port|d(0) }}';
+$DB['DATABASE'] = '{{ zabbix_db_name }}';
+$DB['USER']     = '{{ zabbix_db_user }}';
+$DB['PASSWORD'] = '{{ zabbix_db_password|d('') }}';
+
+// SCHEMA is relevant only for IBM_DB2 database
+$DB['SCHEMA'] = '';
+
+$ZBX_SERVER      = 'localhost';
+$ZBX_SERVER_PORT = '10051';
+$ZBX_SERVER_NAME = '';
+
+$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
+?>

roles/zabbix-server/templates/zabbix_server.conf.j2

@@ -0,0 +1,643 @@
+# This is a configuration file for Zabbix server daemon
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: ListenPort
+#	Listen port for trapper.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10051
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbixsrv/zabbix_server.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_server.pid
+PidFile=/run/zabbixsrv/zabbix_server.pid
+
+### Option: DBHost
+#	Database host name.
+#	If set to localhost, socket is used for MySQL.
+#	If set to empty string, socket is used for PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBHost=localhost
+DBHost={{ zabbix_db_host }}
+
+### Option: DBName
+#	Database name.
+#	For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
+#
+# Mandatory: yes
+# Default:
+# DBName=
+
+DBName={{ zabbix_db_name }}
+
+### Option: DBSchema
+#	Schema name. Used for IBM DB2 and PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBSchema=
+
+### Option: DBUser
+#	Database user. Ignored for SQLite.
+#
+# Mandatory: no
+# Default:
+# DBUser=
+
+DBUser={{ zabbix_db_user }}
+
+### Option: DBPassword
+#	Database password. Ignored for SQLite.
+#	Comment this line if no password is used.
+#
+# Mandatory: no
+# Default:
+# DBPassword=
+{% if zabbix_db_password is defined %}
+
+DBPassword={{ zabbix_db_password }}
+{% endif %}
+
+### Option: DBSocket
+#	Path to MySQL socket.
+#
+# Mandatory: no
+# Default:
+# DBSocket=/var/lib/mysql/mysql.sock
+
+### Option: DBPort
+#	Database port when not using local socket. Ignored for SQLite.
+#
+# Mandatory: no
+# Range: 1024-65535
+# Default (for MySQL):
+# DBPort=3306
+
+############ ADVANCED PARAMETERS ################
+
+### Option: StartPollers
+#	Number of pre-forked instances of pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollers=5
+
+### Option: StartIPMIPollers
+#	Number of pre-forked instances of IPMI pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartIPMIPollers=0
+
+### Option: StartPollersUnreachable
+#	Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
+#	At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
+#	are started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollersUnreachable=1
+
+### Option: StartTrappers
+#	Number of pre-forked instances of trappers.
+#	Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
+#	At least one trapper process must be running to display server availability and view queue
+#	in the frontend.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartTrappers=5
+
+### Option: StartPingers
+#	Number of pre-forked instances of ICMP pingers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPingers=1
+
+### Option: StartDiscoverers
+#	Number of pre-forked instances of discoverers.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartDiscoverers=1
+{% if zabbix_start_discoverers is defined %}
+StartDiscoverers={{ zabbix_start_discoverers }}
+{% endif %}
+
+### Option: StartHTTPPollers
+#	Number of pre-forked instances of HTTP pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPPollers=1
+
+### Option: StartTimers
+#	Number of pre-forked instances of timers.
+#	Timers process time-based trigger functions and maintenance periods.
+#	Only the first timer process handles the maintenance periods.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartTimers=1
+
+### Option: StartEscalators
+#	Number of pre-forked instances of escalators.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartEscalators=1
+
+### Option: JavaGateway
+#	IP address (or hostname) of Zabbix Java gateway.
+#	Only required if Java pollers are started.
+#
+# Mandatory: no
+# Default:
+# JavaGateway=
+
+### Option: JavaGatewayPort
+#	Port that Zabbix Java gateway listens on.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# JavaGatewayPort=10052
+
+### Option: StartJavaPollers
+#	Number of pre-forked instances of Java pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartJavaPollers=0
+
+### Option: StartVMwareCollectors
+#	Number of pre-forked vmware collector instances.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartVMwareCollectors=0
+
+### Option: VMwareFrequency
+#	How often Zabbix will connect to VMware service to obtain a new data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwareFrequency=60
+
+### Option: VMwarePerfFrequency
+#	How often Zabbix will connect to VMware service to obtain performance data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwarePerfFrequency=60
+
+### Option: VMwareCacheSize
+#	Size of VMware cache, in bytes.
+#	Shared memory size for storing VMware data.
+#	Only used if VMware collectors are started.
+#
+# Mandatory: no
+# Range: 256K-2G
+# Default:
+# VMwareCacheSize=8M
+
+### Option: VMwareTimeout
+#	Specifies how many seconds vmware collector waits for response from VMware service.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# VMwareTimeout=10
+
+### Option: SNMPTrapperFile
+#	Temporary file used for passing data from SNMP trap daemon to the server.
+#	Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
+#
+# Mandatory: no
+# Default:
+# SNMPTrapperFile=/tmp/zabbix_traps.tmp
+
+### Option: StartSNMPTrapper
+#	If 1, SNMP trapper process is started.
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# StartSNMPTrapper=0
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the trapper should listen on.
+#	Trapper will listen on all network interfaces if this parameter is missing.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+# ListenIP=127.0.0.1
+
+### Option: HousekeepingFrequency
+#	How often Zabbix will perform housekeeping procedure (in hours).
+#	Housekeeping is removing outdated information from the database.
+#	To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
+#	hours of outdated information are deleted in one housekeeping cycle, for each item.
+#	To lower load on server startup housekeeping is postponed for 30 minutes after server start.
+#	With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
+#	In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
+#	period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
+#
+# Mandatory: no
+# Range: 0-24
+# Default:
+# HousekeepingFrequency=1
+
+### Option: MaxHousekeeperDelete
+#	The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
+#	[housekeeperid], [tablename], [field], [value].
+#	No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
+#	will be deleted per one task in one housekeeping cycle.
+#	SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
+#	If set to 0 then no limit is used at all. In this case you must know what you are doing!
+#
+# Mandatory: no
+# Range: 0-1000000
+# Default:
+# MaxHousekeeperDelete=5000
+
+### Option: SenderFrequency
+#	How often Zabbix will try to send unsent alerts (in seconds).
+#
+# Mandatory: no
+# Range: 5-3600
+# Default:
+# SenderFrequency=30
+
+### Option: CacheSize
+#	Size of configuration cache, in bytes.
+#	Shared memory size for storing host, item and trigger data.
+#
+# Mandatory: no
+# Range: 128K-8G
+# Default:
+# CacheSize=8M
+
+### Option: CacheUpdateFrequency
+#	How often Zabbix will perform update of configuration cache, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# CacheUpdateFrequency=60
+
+### Option: StartDBSyncers
+#	Number of pre-forked instances of DB Syncers.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartDBSyncers=4
+
+### Option: HistoryCacheSize
+#	Size of history cache, in bytes.
+#	Shared memory size for storing history data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryCacheSize=16M
+
+### Option: HistoryIndexCacheSize
+#	Size of history index cache, in bytes.
+#	Shared memory size for indexing history cache.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryIndexCacheSize=4M
+
+### Option: TrendCacheSize
+#	Size of trend cache, in bytes.
+#	Shared memory size for storing trends data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendCacheSize=4M
+
+### Option: ValueCacheSize
+#	Size of history value cache, in bytes.
+#	Shared memory size for caching item history data requests.
+#	Setting to 0 disables value cache.
+#
+# Mandatory: no
+# Range: 0,128K-64G
+# Default:
+# ValueCacheSize=8M
+
+### Option: Timeout
+#	Specifies how long we wait for agent, SNMP device or external check (in seconds).
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+Timeout=4
+
+### Option: TrapperTimeout
+#	Specifies how many seconds trapper may spend processing new data.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# TrapperTimeout=300
+
+### Option: UnreachablePeriod
+#	After how many seconds of unreachability treat a host as unavailable.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachablePeriod=45
+
+### Option: UnavailableDelay
+#	How often host is checked for availability during the unavailability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnavailableDelay=60
+
+### Option: UnreachableDelay
+#	How often host is checked for availability during the unreachability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachableDelay=15
+
+### Option: AlertScriptsPath
+#	Full path to location of custom alert scripts.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# AlertScriptsPath=/usr/share/zabbix/alertscripts
+
+### Option: ExternalScripts
+#	Full path to location of external scripts.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# ExternalScripts=/usr/share/zabbix/externalscripts
+ExternalScripts=/var/lib/zabbixsrv/externalscripts
+
+### Option: FpingLocation
+#	Location of fping.
+#	Make sure that fping binary has root ownership and SUID flag set.
+#
+# Mandatory: no
+# Default:
+# FpingLocation=/usr/sbin/fping
+
+### Option: Fping6Location
+#	Location of fping6.
+#	Make sure that fping6 binary has root ownership and SUID flag set.
+#	Make empty if your fping utility is capable to process IPv6 addresses.
+#
+# Mandatory: no
+# Default:
+# Fping6Location=/usr/sbin/fping6
+
+### Option: SSHKeyLocation
+#	Location of public and private keys for SSH checks and actions.
+#
+# Mandatory: no
+# Default:
+# SSHKeyLocation=
+
+### Option: LogSlowQueries
+#	How long a database query may take before being logged (in milliseconds).
+#	Only works if DebugLevel set to 3, 4 or 5.
+#	0 - don't log slow queries.
+#
+# Mandatory: no
+# Range: 1-3600000
+# Default:
+# LogSlowQueries=0
+
+LogSlowQueries=3000
+
+### Option: TmpDir
+#	Temporary directory.
+#
+# Mandatory: no
+# Default:
+# TmpDir=/tmp
+TmpDir=/var/tmp/zabbixsrv
+
+### Option: StartProxyPollers
+#	Number of pre-forked instances of pollers for passive proxies.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartProxyPollers=1
+
+### Option: ProxyConfigFrequency
+#	How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ProxyConfigFrequency=3600
+
+### Option: ProxyDataFrequency
+#	How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProxyDataFrequency=1
+
+### Option: AllowRoot
+#	Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/etc/zabbix_server.general.conf
+# Include=/etc/zabbix_server.conf.d/
+# Include=/etc/zabbix_server.conf.d/*.conf
+
+### Option: SSLCertLocation
+#	Location of SSL client certificates.
+#	This parameter is used only in web monitoring.
+#
+# Mandatory: no
+# Default:
+# SSLCertLocation=/usr/share/zabbix/ssl/certs
+
+### Option: SSLKeyLocation
+#	Location of private keys for SSL client certificates.
+#	This parameter is used only in web monitoring.
+#
+# Mandatory: no
+# Default:
+# SSLKeyLocation=/usr/share/zabbix/ssl/keys
+
+### Option: SSLCALocation
+#	Override the location of certificate authority (CA) files for SSL server certificate verification.
+#	If not set, system-wide directory will be used.
+#	This parameter is used only in web monitoring and SMTP authentication.
+#
+# Mandatory: no
+# Default:
+# SSLCALocation=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of server modules.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at server startup. Modules are used to extend functionality of the server.
+#	Format: LoadModule=<module.so>
+#	The modules must be located in directory specified by LoadModulePath.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the server certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the server private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=

roles/zabbix-server/vars/main.yml

@@ -0,0 +1,4 @@
+zbx_srv_required_packages:
+- python3-psycopg2
+- zabbix-server-pgsql
+- zabbix-web-pgsql