diff --git a/molecule/zabbix_proxy/prepare.yml b/molecule/zabbix_proxy/prepare.yml index fd6fde987..493f54974 100644 --- a/molecule/zabbix_proxy/prepare.yml +++ b/molecule/zabbix_proxy/prepare.yml @@ -60,10 +60,9 @@ ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -71,13 +70,11 @@ - python3-pip - gpg-agent - sudo - - doc-base update_cache: true state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: diff --git a/molecule/zabbix_server/prepare.yml b/molecule/zabbix_server/prepare.yml index 2ef218f7c..493f54974 100644 --- a/molecule/zabbix_server/prepare.yml +++ b/molecule/zabbix_server/prepare.yml @@ -6,7 +6,7 @@ - name: "Create MySQL Container" docker_container: name: "{{ item.name }}-db" - image: mysql:8.0.32 + image: mysql:8.0 state: started recreate: true networks: @@ -56,25 +56,13 @@ when: - ansible_os_family == 'RedHat' - - name: "Installing packages on CentOS" - ansible.builtin.yum: - name: - - mysql - state: present - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - ansible_os_family == 'RedHat' - - inventory_hostname in groups['mysql'] - - name: "Apt update" ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -86,19 +74,10 @@ state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: dest: /etc/sudoers line: "Defaults !requiretty" state: present - - - name: "Make sure the docs are installed." - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/zabbix_web/molecule.yml b/molecule/zabbix_web/molecule.yml index 260a85f3a..80c7acab0 100644 --- a/molecule/zabbix_web/molecule.yml +++ b/molecule/zabbix_web/molecule.yml @@ -46,7 +46,6 @@ provisioner: zabbix_web_version: 6.0 mysql: zabbix_server_database: mysql - zabbix_server_dbport: 3306 zabbix_server_dbhost: "{{ inventory_hostname }}-db" zabbix_server_dbhost_run_install: false zabbix_server_privileged_host: "%" @@ -56,7 +55,6 @@ provisioner: zabbix_server_mysql_login_port: 3306 pgsql: zabbix_server_database: pgsql - zabbix_server_dbport: 5432 zabbix_server_dbhost: "{{ inventory_hostname }}-db" zabbix_server_dbhost_run_install: false zabbix_server_pgsql_login_host: "{{ inventory_hostname }}-db" diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 4a12c95ae..1f6513042 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -56,25 +56,13 @@ when: - ansible_os_family == 'RedHat' - - name: "Installing MySQL on CentOS" - ansible.builtin.yum: - name: - - mysql - state: present - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - ansible_os_family == 'RedHat' - - inventory_hostname in groups['mysql'] - - name: "Apt update" ansible.builtin.shell: "apt-get update" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -87,8 +75,7 @@ state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: @@ -96,37 +83,9 @@ line: "Defaults !requiretty" state: present - - name: "Make sure the docs are installed." - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - when: - - ansible_os_family == 'RedHat' - - - name: PyMySQL - ansible.builtin.pip: - name: PyMySQL - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - inventory_hostname in groups['mysql'] - - - name: Enabeling PHP 8.0 - block: - - name: Add epel - ansible.builtin.include_role: - name: geerlingguy.repo-epel - - - name: Add remi - ansible.builtin.include_role: - name: geerlingguy.repo-remi - - - name: Reset dnf library - ansible.builtin.shell: dnf module reset php - - - name: Set php Version - ansible.builtin.shell: dnf module enable -y php:remi-8.0 + - name: Enabling PHP 8.0 + ansible.builtin.dnf: + name: "@php:8.0/common" when: - ansible_os_family == 'RedHat' - ansible_distribution_major_version == "8" @@ -148,43 +107,34 @@ - php-pecl-apcu - php-xml when: - - ansible_distribution_major_version >= '8' - ansible_os_family == "RedHat" - - name: Set PHP Version (Ubuntu 2204) - ansible.builtin.set_fact: - __php_default_version_debian: "8.1" - when: - - ansible_distribution_major_version >= '22' - - ansible_os_family == "Debian" - - - name: Set PHP Version (Ubuntu 2404) - ansible.builtin.set_fact: - __php_default_version_debian: "8.3" + - name: Workaround for geerlingguy.php missing ubuntu-24.04 support when: - - ansible_distribution_major_version >= '24' - - ansible_os_family == "Debian" - - - name: Set PHP packages (Ubuntu 2204 & 2404) - ansible.builtin.set_fact: - __php_packages: - - php{{ __php_default_version_debian }}-common - - php{{ __php_default_version_debian }}-cli - - php{{ __php_default_version_debian }}-dev - - php{{ __php_default_version_debian }}-fpm - - libpcre3-dev - - php{{ __php_default_version_debian }}-gd - - php{{ __php_default_version_debian }}-curl - - php{{ __php_default_version_debian }}-imap - - php-json - - php{{ __php_default_version_debian }}-opcache - - php{{ __php_default_version_debian }}-xml - - php{{ __php_default_version_debian }}-mbstring - - php{{ __php_default_version_debian }}-apcu - - php{{ __php_default_version_debian }}-sqlite3 - when: - - ansible_distribution_major_version >= '22' - - ansible_os_family == "Debian" + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_major_version'] >= '24' + block: + - name: Set PHP Version + ansible.builtin.set_fact: + __php_default_version_debian: "8.3" + + - name: Set PHP packages + ansible.builtin.set_fact: + __php_packages: + - php{{ __php_default_version_debian }}-common + - php{{ __php_default_version_debian }}-cli + - php{{ __php_default_version_debian }}-dev + - php{{ __php_default_version_debian }}-fpm + - libpcre3-dev + - php{{ __php_default_version_debian }}-gd + - php{{ __php_default_version_debian }}-curl + - php{{ __php_default_version_debian }}-imap + - php-json + - php{{ __php_default_version_debian }}-opcache + - php{{ __php_default_version_debian }}-xml + - php{{ __php_default_version_debian }}-mbstring + - php{{ __php_default_version_debian }}-apcu + - php{{ __php_default_version_debian }}-sqlite3 roles: - role: geerlingguy.apache diff --git a/molecule/zabbix_web/requirements.yml b/molecule/zabbix_web/requirements.yml index 5e3796937..75de0d7fb 100644 --- a/molecule/zabbix_web/requirements.yml +++ b/molecule/zabbix_web/requirements.yml @@ -1,6 +1,6 @@ --- -- src: geerlingguy.apache -- src: geerlingguy.nginx -- src: geerlingguy.php -- src: geerlingguy.repo-epel -- src: geerlingguy.repo-remi +roles: + - src: geerlingguy.apache + - src: geerlingguy.nginx + - src: geerlingguy.php + version: '5.0.1' diff --git a/roles/zabbix_proxy/tasks/initialize-mysql.yml b/roles/zabbix_proxy/tasks/initialize-mysql.yml index 35da77ecb..2fe5653be 100644 --- a/roles/zabbix_proxy/tasks/initialize-mysql.yml +++ b/roles/zabbix_proxy/tasks/initialize-mysql.yml @@ -27,6 +27,7 @@ - name: "MySQL Database prep" when: zabbix_proxy_database_creation | bool + become: "{{ zabbix_proxy_dbhost_run_install }}" delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" vars: delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" @@ -56,12 +57,14 @@ login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" name: "{{ zabbix_proxy_dbuser }}" password: "{{ zabbix_proxy_dbpassword }}" - priv: "{{ zabbix_proxy_dbname }}.*:ALL" host: "{{ zabbix_proxy_privileged_host }}" + priv: "{{ zabbix_proxy_dbname }}.*:ALL" state: present - name: "MySQL verify or create schema" when: zabbix_proxy_database_sqlload | bool + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" tags: - database block: @@ -76,8 +79,6 @@ rescue: - name: "MySQL | Get and set schema import overrides" delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" - vars: - delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" block: - name: "MySQL | Get current value for variables" community.mysql.mysql_variables: @@ -95,15 +96,15 @@ register: _mysql_variable_defaults - name: "MySQL | Set variable overrides for schema import" - when: item.msg != _mysql_schema_import_overrides[item.name] community.mysql.mysql_variables: variable: "{{ item.name }}" value: "{{ _mysql_schema_import_overrides[item.name] }}" - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + when: item.msg != _mysql_schema_import_overrides[item.name] loop: "{{ _mysql_variable_defaults.results }}" loop_control: label: "{{ item.name }}: {{ _mysql_schema_import_overrides[item.name] }}" @@ -126,10 +127,7 @@ always: - name: "MySQL | Revert variable overrides for schema import" - when: _mysql_variable_defaults is defined delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" - vars: - delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" community.mysql.mysql_variables: variable: "{{ item.name }}" value: "{{ item.msg }}" diff --git a/roles/zabbix_server/tasks/initialize-mysql.yml b/roles/zabbix_server/tasks/initialize-mysql.yml index 745884cd1..9d58e8c23 100644 --- a/roles/zabbix_server/tasks/initialize-mysql.yml +++ b/roles/zabbix_server/tasks/initialize-mysql.yml @@ -14,8 +14,18 @@ - database - dependencies +# NOTE: Upgrading system-packages with pip is generally a bad idea, but +# these packaged older versions seems to have a problem with mysql 8 and above +- name: Upgrade pymysql + when: + - ansible_facts['distribution'] in ['Debian', 'Ubuntu'] + - ansible_facts['distribution_release'] in ['bullseye', 'focal'] + ansible.builtin.pip: + name: "pymysql>=0.10.0,<0.11.0" + state: latest + - name: "MySQL Database prep" - when: zabbix_server_database_creation + when: zabbix_server_database_creation | bool become: "{{ zabbix_server_dbhost_run_install }}" delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" vars: diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index e5833485a..0591ce351 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -43,15 +43,16 @@ zabbix_server_dbhost: localhost zabbix_server_dbname: zabbix-server zabbix_server_dbuser: zabbix-server zabbix_server_dbpassword: zabbix-server -zabbix_server_dbport: 5432 +_zabbix_server_database_default_port: + mysql: 3306 + pgsql: 5432 +zabbix_server_dbport: "{{ _zabbix_server_database_default_port[zabbix_server_database] }}" zabbix_server_dbencryption: false zabbix_server_dbverifyhost: false zabbix_server_dbschema: # Yum/APT Variables zabbix_web_version_minor: "*" -zabbix_web_disable_repo: - - epel # Elasticsearch # zabbix_server_history_url: @@ -68,7 +69,6 @@ zabbix_server_history_types: - "dbl" # SELinux specific -zabbix_web_selinux: false selinux_allow_httpd_can_connect_ldap: false selinux_allow_httpd_can_network_connect_db: false selinux_allow_httpd_can_connect_zabbix: false diff --git a/roles/zabbix_web/handlers/main.yml b/roles/zabbix_web/handlers/main.yml index e97787b12..bcc34a816 100644 --- a/roles/zabbix_web/handlers/main.yml +++ b/roles/zabbix_web/handlers/main.yml @@ -5,8 +5,6 @@ state: restarted enabled: true become: true - when: - - zabbix_web_http_server == 'apache' - name: test nginx config listen: restart nginx @@ -14,8 +12,6 @@ register: zabbix_nginx_cfg_check notify: restart nginx tested become: true - when: - - zabbix_web_http_server == 'nginx' - name: restart nginx tested ansible.builtin.service: @@ -24,7 +20,6 @@ enabled: true become: true when: - - zabbix_web_http_server == 'nginx' - zabbix_nginx_cfg_check.rc == 0 - name: restart php-fpm-version @@ -33,8 +28,6 @@ state: restarted enabled: true become: true - when: - - zabbix_web_version is version('5.0', '>=') - name: "clean repo files from proxy creds" ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 255ecb235..ed97d539c 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -1,70 +1 @@ --- -- name: "Debian | Set PHP Dependencies" - ansible.builtin.set_fact: - zabbix_web_php_dependencies: "{{ _apache_php_dependencies if zabbix_web_http_server == 'apache' else _nginx_php_dependencies }}" - tags: - - config - -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Install PHP Dependencies" - ansible.builtin.apt: - pkg: "{{ zabbix_web_php_dependencies }}" - state: "present" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_php_dependencies_install - until: zabbix_web_php_dependencies_install is succeeded - become: true - tags: - - install - - dependencies - -- name: "Debian | Install PgSQL Dependencies" - ansible.builtin.apt: - pkg: "php{{ zabbix_web_php_installed_version }}-pgsql" - state: "present" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_php_dependencies_install - until: zabbix_web_php_dependencies_install is succeeded - become: true - when: zabbix_server_database == 'pgsql' - tags: - - install - - dependencies - - database - -- name: "Debian | Install zabbix-web" - ansible.builtin.apt: - pkg: "zabbix-frontend-php" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - tags: - - install - -- name: "Debian | Link graphfont.ttf (workaround ZBX-10467)" - ansible.builtin.file: - src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf" - path: "/usr/share/zabbix/fonts/graphfont.ttf" - state: link - become: true - tags: - - install diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml index 2cde6bd41..0afa475b8 100644 --- a/roles/zabbix_web/tasks/RedHat.yml +++ b/roles/zabbix_web/tasks/RedHat.yml @@ -4,41 +4,6 @@ tags: - always -- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" - ansible.builtin.yum: - name: - - "zabbix-web-{{ zabbix_server_database }}" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - tags: - - install - -- name: "RedHat | Install zabbix-web-configuration" - ansible.builtin.yum: - name: - - "zabbix-{{ zabbix_web_http_server }}-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - when: - - zabbix_web_version is version('6.0', '!=') - - ansible_distribution_major_version == '9' - tags: - - install - - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml when: ansible_facts.selinux.status | default('disabled') == 'enabled' diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index fa7e78e03..19d304595 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -8,37 +8,21 @@ - always - name: "Apache | Installing Zabbix Apache Conf" - block: - - name: "Debian | Install zabbix-apache-conf" - ansible.builtin.apt: - pkg: "zabbix-apache-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "Debian" - - - name: "RedHat | Install zabbix-apache-conf" - ansible.builtin.yum: - name: - - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor | default ('*')}}" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "RedHat" + package: + name: "{{ _zabbix_web_apache_packages + _zabbix_web_apache_php_dependencies | default([]) }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true tags: - install + - dependencies + - database - name: "Apache | Get Apache version" ansible.builtin.shell: | diff --git a/roles/zabbix_web/tasks/main.yml b/roles/zabbix_web/tasks/main.yml index 157a94825..84c8f32c0 100644 --- a/roles/zabbix_web/tasks/main.yml +++ b/roles/zabbix_web/tasks/main.yml @@ -62,6 +62,31 @@ - name: Include OS Specific Tasks ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: "Install zabbix-web package" + ansible.builtin.package: + name: "{{ _zabbix_web_package }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: _zabbix_web_package_installed + until: _zabbix_web_package_installed is succeeded + become: true + tags: + - install + +- name: "Debian | Link graphfont.ttf (workaround ZBX-10467)" + when: ansible_facts['os_family'] == 'Debian' + ansible.builtin.file: + src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf" + path: "/usr/share/zabbix/fonts/graphfont.ttf" + state: link + become: true + tags: + - install + - name: "Install the web server specific tasks" ansible.builtin.include_tasks: "{{ zabbix_web_http_server }}.yml" @@ -85,8 +110,6 @@ group: "{{ zabbix_web_group }}" mode: "{{ zabbix_web_conf_mode }}" become: true - notify: - - "restart {{ zabbix_web_http_server }}" tags: - config diff --git a/roles/zabbix_web/tasks/nginx.yml b/roles/zabbix_web/tasks/nginx.yml index 1f50263ca..c07abf847 100644 --- a/roles/zabbix_web/tasks/nginx.yml +++ b/roles/zabbix_web/tasks/nginx.yml @@ -11,35 +11,17 @@ - install - name: "Nginx | Installing Zabbix Nginx Conf" - block: - - name: "Debian | Install zabbix-nginx-conf" - ansible.builtin.apt: - pkg: "zabbix-nginx-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "Debian" - - - name: "RedHat | Install zabbix-nginx-conf" - ansible.builtin.yum: - name: - - "zabbix-nginx-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "RedHat" + package: + name: "{{ _zabbix_web_nginx_packages + _zabbix_web_nginx_php_dependencies | default([]) }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_nginx_conf_install + until: zabbix_nginx_conf_install is succeeded + become: true tags: - install diff --git a/roles/zabbix_web/tasks/selinux.yml b/roles/zabbix_web/tasks/selinux.yml index 35fc904be..debae80fb 100644 --- a/roles/zabbix_web/tasks/selinux.yml +++ b/roles/zabbix_web/tasks/selinux.yml @@ -1,53 +1,29 @@ --- -- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8" - ansible.builtin.yum: +- name: "SELinux | Install related SELinux package" + ansible.builtin.package: name: - python3-libsemanage - state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" register: zabbix_web_dependencies_installed until: zabbix_web_dependencies_installed is succeeded become: true - when: - - ansible_os_family == "RedHat" - - ansible_selinux.status == "enabled" tags: - install -- name: "SELinux | Allow httpd to connect to db (SELinux)" +- name: "SELinux | Set booleans" ansible.posix.seboolean: - name: httpd_can_network_connect_db + name: "{{ item.name }}" + state: "{{ item.state }}" persistent: true - state: true become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_network_connect_db | bool - tags: - - config - -- name: "SELinux | Allow httpd to connect to zabbix (SELinux)" - ansible.posix.seboolean: - name: httpd_can_connect_zabbix - persistent: true - state: true - become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_connect_zabbix | bool - tags: - - config - -- name: "SELinux | Allow httpd to connect to ldap (SELinux)" - ansible.posix.seboolean: - name: httpd_can_connect_ldap - persistent: true - state: true - become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_connect_ldap | bool tags: - config + loop: + - name: httpd_can_network_connect_db + state: "{{ selinux_allow_httpd_can_network_connect_db | bool }}" + - name: httpd_can_connect_zabbix + state: "{{ selinux_allow_httpd_can_connect_zabbix | bool }}" + - name: httpd_can_connect_ldap + state: "{{ selinux_allow_httpd_can_connect_ldap | bool }}" diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index 943e7b982..27a543ac9 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -11,8 +11,6 @@ _zabbix_php_fpm_listen: /run/php/zabbix.sock _zabbix_php_fpm_mode: "0666" _zabbix_php_fpm_allowed_clients: 127.0.0.1 -_apache_php_dependencies: libapache2-mod-php{{ zabbix_web_php_installed_version }} -_nginx_php_dependencies: [] _nginx_user: www-data _nginx_group: www-data @@ -44,3 +42,14 @@ zabbix_valid_web_versions: "20": - 6.4 - 6.0 + +_zabbix_web_package: zabbix-frontend-php +_zabbix_web_apache_packages: + - zabbix-apache-conf +_zabbix_web_apache_php_dependencies: + - "libapache2-mod-php{{ zabbix_web_php_installed_version }}" + - "php{{ zabbix_web_php_installed_version }}-{{ zabbix_server_database }}" +_zabbix_web_nginx_packages: + - zabbix-nginx-conf +_zabbix_web_nginx_php_dependencies: + - "php{{ zabbix_web_php_installed_version }}-{{ zabbix_server_database }}" diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 583b41cd5..622806aef 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -28,16 +28,10 @@ zabbix_valid_web_versions: - 6.4 - 6.0 -zabbix_web_php_dependencies: - - "php-gd" - - "php-bcmath" - - "php-xml" - - "php-mbstring" - - "php-ldap" - - "php-{{ 'pgsql' if zabbix_server_database == 'pgsql' else 'mysqlnd' }}" - -zabbix_selinux_dependencies: - "9": - - python3-libsemanage - "8": - - python3-libsemanage +_zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_apache_packages: + - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_nginx_packages: + - "zabbix-nginx-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_disable_repo: + - epel