roles/zabbix-server: Deploy Zabbix server, web UI
The *zabbix-server* role deploys the Zabbix server database, daemon, and web interface. It requires the *apache* role to configure Apache HTTPD to serve the web UI.
This commit is contained in:
109
roles/zabbix-server/tasks/main.yml
Normal file
109
roles/zabbix-server/tasks/main.yml
Normal file
@@ -0,0 +1,109 @@
|
||||
- name: load zabbix secrets
|
||||
include_vars: '{{ item }}'
|
||||
with_fileglob:
|
||||
- vault/zabbix
|
||||
tags: always
|
||||
|
||||
- name: ensure zabbix packages are installed
|
||||
package:
|
||||
name={{ zbx_srv_required_packages|join(',') }}
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure users can connect to postgresql socket
|
||||
seboolean:
|
||||
name=selinuxuser_postgresql_connect_enabled
|
||||
state=yes
|
||||
persistent=yes
|
||||
|
||||
- name: ensure zabbix database user exists
|
||||
become: true
|
||||
become_user: postgres
|
||||
postgresql_user:
|
||||
name: "{{ zabbix_db_user }}"
|
||||
password: "{{ zabbix_db_password|d(omit) }}"
|
||||
state: present
|
||||
- name: ensure zabbix database exists
|
||||
become: true
|
||||
become_user: postgres
|
||||
postgresql_db:
|
||||
name={{ zabbix_db_name }}
|
||||
owner={{ zabbix_db_user }}
|
||||
state=present
|
||||
- name: ensure zabbix database is populated
|
||||
become: false
|
||||
zabbix_db_schema:
|
||||
username: '{{ zabbix_db_user }}'
|
||||
database: '{{ zabbix_db_name }}'
|
||||
password: '{{ zabbix_db_password|d(omit) }}'
|
||||
host: '{{ zabbix_db_host|d(omit) }}'
|
||||
|
||||
- name: ensure zabbix server temporary directory exists
|
||||
file:
|
||||
path=/var/tmp/zabbixsrv
|
||||
mode=0750
|
||||
owner=zabbixsrv
|
||||
group=zabbixsrv
|
||||
seuser=system_u
|
||||
setype=zabbix_tmp_t
|
||||
state=directory
|
||||
|
||||
- name: ensure zabbix server is configured
|
||||
template:
|
||||
src=zabbix_server.conf.j2
|
||||
dest=/etc/zabbix_server.conf
|
||||
owner=root
|
||||
group=zabbixsrv
|
||||
mode=0640
|
||||
notify: restart zabbix server
|
||||
|
||||
- name: ensure zabbix is allowed in firewall
|
||||
firewalld:
|
||||
port=10051/tcp
|
||||
permanent=no
|
||||
immediate=yes
|
||||
state=enabled
|
||||
notify: save firewalld configuration
|
||||
tags:
|
||||
- firewalld
|
||||
- name: ensure zabbix server can connect to the network
|
||||
seboolean:
|
||||
name=zabbix_can_network
|
||||
state=yes
|
||||
persistent=yes
|
||||
|
||||
- name: ensure zabbix server starts at boot
|
||||
service:
|
||||
name=zabbix-server-pgsql
|
||||
enabled=yes
|
||||
- meta: flush_handlers
|
||||
- name: ensure zabbix server is running
|
||||
service:
|
||||
name=zabbix-server-pgsql
|
||||
state=started
|
||||
|
||||
- name: ensure php is configured for zabbix front end
|
||||
template:
|
||||
src=zabbix-php.httpd.conf.j2
|
||||
dest=/etc/httpd/conf.d/zabbix-php.conf
|
||||
mode=0644
|
||||
notify: reload httpd
|
||||
- name: ensure zabbix web gui is configured
|
||||
template:
|
||||
src=zabbix.conf.php.j2
|
||||
dest=/etc/zabbix/web/zabbix.conf.php
|
||||
owner=root
|
||||
group=apache
|
||||
mode=0640
|
||||
- name: ensure zabbix web gui redirect is configured
|
||||
template:
|
||||
src=zabbix-redir.httpd.conf.j2
|
||||
dest=/etc/httpd/conf.d/zabbix-redir.conf
|
||||
mode=0644
|
||||
notify: reload httpd
|
||||
- name: ensure apache can connect to zabbix
|
||||
seboolean:
|
||||
name=httpd_can_network_connect
|
||||
persistent=yes
|
||||
state=yes
|
||||
Reference in New Issue
Block a user