From ff2be0d4d55ba4203efa965fac3a1a5fac331a24 Mon Sep 17 00:00:00 2001 From: Evgeny Date: Wed, 5 Jun 2024 07:30:38 -0400 Subject: [PATCH 1/4] Bgmot modules zabbix70 (#1273) * zabbix_proxy_group module added. * zabbix_proxy module updated to support Zabbix 7.0. * zabbix_host module updated to support Zabbix 7.0. * Fix lint/sanity tests failures. * Remove mistakenly committed tests/integration/inventory. * zabbix_proxy module: handle proxy parameters dependency better. * zabbix_discovery_rule module updated to support Zabbix 7.0. * zabbix_group_events_info module updated to support Zabbix 7.0. * zabbix_host_events_info module updated to support Zabbix 7.0. * zabbix_proxy_info module updated to support Zabbix 7.0. * zabbix_script module: update tests to run for Zabbix 7.0. * Revert "zabbix_script module: update tests to run for Zabbix 7.0." This reverts commit a4917a0275cc2a79a84395ee5aff44343c751293. * Additional options to run Zabbix server docker to handle script tests properly. * Rmove Zabbix 6.2 and add Zabbix 7.0 for plugins integration testing. * Changelog fragment added. * Fix sanity test problems. * Fix plugins integration tests for Zabbxi < 7.0. * zabbix_host_events_info: fix for Zabbix > 6.0. --- .env_srv | 1 + .github/workflows/plugins-integration.yml | 2 +- changelogs/fragments/zabbix70_modules.yml | 5 + docker-compose.yml | 2 + plugins/modules/zabbix_discovery_rule.py | 23 +- plugins/modules/zabbix_group_events_info.py | 17 +- plugins/modules/zabbix_host.py | 203 ++++++-- plugins/modules/zabbix_host_events_info.py | 3 +- plugins/modules/zabbix_proxy.py | 492 ++++++++++++++++-- plugins/modules/zabbix_proxy_group.py | 255 +++++++++ plugins/modules/zabbix_proxy_info.py | 23 +- .../test_zabbix_discovery_rule/tasks/main.yml | 17 +- .../targets/test_zabbix_host/tasks/main.yml | 6 + .../tasks/zabbix_host_tests.yml | 87 ++++ .../targets/test_zabbix_proxy/tasks/main.yml | 322 +----------- .../tasks/test_zabbix_proxy_before70.yml | 301 +++++++++++ .../tasks/test_zabbix_proxy_since70.yml | 356 +++++++++++++ .../test_zabbix_proxy_group/meta/main.yml | 3 + .../test_zabbix_proxy_group/tasks/main.yml | 10 + .../tasks/zabbix_proxy_group_tests.yml | 64 +++ .../test_zabbix_proxy_info/tasks/main.yml | 33 +- 21 files changed, 1805 insertions(+), 420 deletions(-) create mode 100644 .env_srv create mode 100644 changelogs/fragments/zabbix70_modules.yml create mode 100644 plugins/modules/zabbix_proxy_group.py create mode 100644 tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_before70.yml create mode 100644 tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_since70.yml create mode 100644 tests/integration/targets/test_zabbix_proxy_group/meta/main.yml create mode 100644 tests/integration/targets/test_zabbix_proxy_group/tasks/main.yml create mode 100644 tests/integration/targets/test_zabbix_proxy_group/tasks/zabbix_proxy_group_tests.yml diff --git a/.env_srv b/.env_srv new file mode 100644 index 000000000..44857afb2 --- /dev/null +++ b/.env_srv @@ -0,0 +1 @@ +ZBX_ENABLEGLOBALSCRIPTS=1 diff --git a/.github/workflows/plugins-integration.yml b/.github/workflows/plugins-integration.yml index ca50cae9b..c76ad2ca4 100644 --- a/.github/workflows/plugins-integration.yml +++ b/.github/workflows/plugins-integration.yml @@ -21,8 +21,8 @@ jobs: matrix: zabbix_container: - version: "6.0" - - version: "6.2" - version: "6.4" + - version: "7.0" ansible: # https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-changelogs - stable-2.15 diff --git a/changelogs/fragments/zabbix70_modules.yml b/changelogs/fragments/zabbix70_modules.yml new file mode 100644 index 000000000..18b5dfc36 --- /dev/null +++ b/changelogs/fragments/zabbix70_modules.yml @@ -0,0 +1,5 @@ +breaking_changes: + - Remove support for Zabbix 6.2 +minor_changes: + - zabbix_discovery_rule, zabbix_group_events_info, zabbix_host, zabbix_host_events_info, zabbix_proxy, zabbix_proxy_info modules updated to work wih Zabbix 7.0 + - added new module zabbix_proxy_group (Zabbix 7.0) diff --git a/docker-compose.yml b/docker-compose.yml index 512e4877f..98149d80c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,8 @@ services: - "zabbix-db" links: - "zabbix-db" + env_file: + - ./.env_srv zabbix-web: image: zabbix/zabbix-web-nginx-pgsql:ubuntu-${zabbix_version}-latest environment: diff --git a/plugins/modules/zabbix_discovery_rule.py b/plugins/modules/zabbix_discovery_rule.py index 2296f3db8..e20aa0cbd 100644 --- a/plugins/modules/zabbix_discovery_rule.py +++ b/plugins/modules/zabbix_discovery_rule.py @@ -428,11 +428,18 @@ def get_proxy_by_proxy_name(self, proxy_name): proxy matching proxy name """ try: - proxy_list = self._zapi.proxy.get({ - "output": "extend", - "selectInterface": "extend", - "filter": {"host": [proxy_name]} - }) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + proxy_list = self._zapi.proxy.get({ + "output": "extend", + "selectInterface": "extend", + "filter": {"host": [proxy_name]} + }) + else: + proxy_list = self._zapi.proxy.get({ + "output": "extend", + "filter": {"name": [proxy_name]} + }) + if len(proxy_list) < 1: self._module.fail_json(msg="Proxy not found: %s" % proxy_name) else: @@ -458,7 +465,11 @@ def _construct_parameters(self, **kwargs): "dchecks": kwargs["dchecks"] } if kwargs["proxy"]: - _params["proxy_hostid"] = self.get_proxy_by_proxy_name(kwargs["proxy"])["proxyid"] + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + _params["proxy_hostid"] = self.get_proxy_by_proxy_name(kwargs["proxy"])["proxyid"] + else: + _params["proxyid"] = self.get_proxy_by_proxy_name(kwargs["proxy"])["proxyid"] + return _params def check_difference(self, **kwargs): diff --git a/plugins/modules/zabbix_group_events_info.py b/plugins/modules/zabbix_group_events_info.py index e41cab26f..1bad1be89 100644 --- a/plugins/modules/zabbix_group_events_info.py +++ b/plugins/modules/zabbix_group_events_info.py @@ -90,7 +90,7 @@ description: acknowledges informations type: complex contains: - alias: + username: description: Account who acknowledge type: str clock: @@ -208,6 +208,9 @@ from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.zabbix.plugins.module_utils.base import ZabbixBase + +from ansible.module_utils.compat.version import LooseVersion + import ansible_collections.community.zabbix.plugins.module_utils.helpers as zabbix_utils @@ -228,10 +231,14 @@ def get_triggers_by_group_id_in_problem_state(self, group_id, trigger_severity): def get_last_event_by_trigger_id(self, triggers_id): """ Get the last event from triggerid""" output = ["eventid", "clock", "acknowledged", "value"] - select_acknowledges = ["clock", "alias", "message"] - event = self._zapi.event.get({"output": output, "objectids": triggers_id, - "select_acknowledges": select_acknowledges, "limit": 1, "sortfield": "clock", - "sortorder": "DESC"}) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + event = self._zapi.event.get({"output": output, "objectids": triggers_id, + "select_acknowledges": "extend", "limit": 1, "sortfield": "clock", + "sortorder": "DESC"}) + else: + event = self._zapi.event.get({"output": output, "objectids": triggers_id, + "selectAcknowledges": "extend", "limit": 1, "sortfield": "clock", + "sortorder": "DESC"}) return event[0] diff --git a/plugins/modules/zabbix_host.py b/plugins/modules/zabbix_host.py index 00c04c221..bdf010aba 100644 --- a/plugins/modules/zabbix_host.py +++ b/plugins/modules/zabbix_host.py @@ -73,9 +73,22 @@ choices: ["present", "absent"] default: "present" type: str + monitored_by: + description: + - Parameter introduced in Zabbix 7.0. + - Source that is used to monitor the host. + choices: ["zabbix_server", "proxy", "proxy_group"] + type: str proxy: description: - The name of the Zabbix proxy to be used. + - Required if C(monitored_by) is "proxy" + type: str + proxy_group: + description: + - Parameter introduced in Zabbix 7.0. + - Proxy group that is used to monitor the host. + - Required if C(monitored_by) is "proxy_group" type: str interfaces: type: list @@ -347,7 +360,7 @@ ansible.builtin.set_fact: ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 -- name: Create a new host or rewrite an existing host's info +- name: Create a new host or rewrite an existing host's info (Zabbix <= 7.0) # Set task level following variables for Zabbix Server host in task vars: ansible_network_os: community.zabbix.zabbix @@ -408,6 +421,46 @@ - tag: ExampleHostsTag2 value: ExampleTagValue +- name: Create a new host or update it - monitored by Zabbix Proxy (Zabbix >= 7.0) +# Set task level following variables for Zabbix Server host in task + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + become: false + delegate_to: zabbix-example-fqdn.org# you can use delegate_to or task level ansible_host like next example + community.zabbix.zabbix_host: + host_name: ExampleHost + host_groups: + - Example group1 + status: enabled + state: present + monitored_by: proxy + proxy: a.zabbix.proxy + +- name: Create a new host or update it - monitored by Zabbix Proxy Group (Zabbix >= 7.0) +# Set task level following variables for Zabbix Server host in task + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + become: false + delegate_to: zabbix-example-fqdn.org# you can use delegate_to or task level ansible_host like next example + community.zabbix.zabbix_host: + host_name: ExampleHost + host_groups: + - Example group1 + status: enabled + state: present + monitored_by: proxy_group + proxy: a.zabbix.proxy.group + - name: Update an existing host's TLS settings # Set current task level variables for Zabbix Server host in task vars: @@ -437,6 +490,8 @@ from ansible_collections.community.zabbix.plugins.module_utils.base import ZabbixBase +from ansible.module_utils.compat.version import LooseVersion + import ansible_collections.community.zabbix.plugins.module_utils.helpers as zabbix_utils @@ -459,7 +514,7 @@ def get_template_ids(self, template_list): if template_list is None or len(template_list) == 0: return template_ids for template in template_list: - template_list = self._zapi.template.get({"output": "extend", "filter": {"host": template}}) + template_list = self._zapi.template.get({"output": ["templateid"], "filter": {"host": template}}) if len(template_list) < 1: self._module.fail_json(msg="Template not found: %s" % template) else: @@ -469,13 +524,23 @@ def get_template_ids(self, template_list): def add_host(self, host_name, group_ids, status, interfaces, proxy_id, visible_name, description, tls_connect, tls_accept, tls_psk_identity, tls_psk, tls_issuer, tls_subject, ipmi_authtype, ipmi_privilege, - ipmi_username, ipmi_password, macros, tags): + ipmi_username, ipmi_password, macros, tags, monitored_by, proxy_group_id): try: if self._module.check_mode: self._module.exit_json(changed=True) parameters = {"host": host_name, "interfaces": interfaces, "groups": group_ids, "status": status} - if proxy_id: - parameters["proxy_hostid"] = proxy_id + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + if proxy_id: + parameters["proxy_hostid"] = proxy_id + else: + if monitored_by == 1: + if proxy_id: + parameters["monitored_by"] = 1 # By single proxy + parameters["proxyid"] = proxy_id + elif monitored_by == 2: + if proxy_group_id: + parameters["monitored_by"] = 2 # By single proxy + parameters["proxy_groupid"] = proxy_group_id if visible_name: parameters["name"] = visible_name if tls_connect: @@ -513,7 +578,8 @@ def add_host(self, host_name, group_ids, status, interfaces, proxy_id, visible_n def update_host(self, host_name, group_ids, status, host_id, interfaces, exist_interface_list, proxy_id, visible_name, description, tls_connect, tls_accept, tls_psk_identity, tls_psk, tls_issuer, - tls_subject, ipmi_authtype, ipmi_privilege, ipmi_username, ipmi_password, macros, tags, discovered_host, zabbix_host_obj): + tls_subject, ipmi_authtype, ipmi_privilege, ipmi_username, ipmi_password, macros, tags, + discovered_host, zabbix_host_obj, monitored_by, proxy_group_id): try: if self._module.check_mode: self._module.exit_json(changed=True) @@ -523,8 +589,17 @@ def update_host(self, host_name, group_ids, status, host_id, interfaces, exist_i else: # A "plain" host parameters = {"hostid": host_id, "groups": group_ids, "status": status} - if (proxy_id >= 0 and proxy_id != zabbix_host_obj["proxy_hostid"]): - parameters["proxy_hostid"] = proxy_id + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + if (proxy_id >= 0 and proxy_id != zabbix_host_obj["proxy_hostid"]): + parameters["proxy_hostid"] = proxy_id + else: + if monitored_by == 1: + if (proxy_id >= 0 and proxy_id != zabbix_host_obj["proxyid"]): + parameters["proxyid"] = proxy_id + elif monitored_by == 2: + if (proxy_group_id >= 0 and proxy_group_id != zabbix_host_obj["proxy_groupid"]): + parameters["proxy_groupid"] = proxy_group_id + parameters["monitored_by"] = monitored_by if (visible_name is not None and visible_name != zabbix_host_obj["name"]): parameters["name"] = visible_name if (tls_connect is not None and tls_connect != zabbix_host_obj["tls_connect"]): @@ -571,34 +646,7 @@ def delete_host(self, host_id, host_name): # get host by host name def get_host_by_host_name(self, host_name): params = { - "output": [ - "inventory_mode", - "hostid", - "proxy_hostid", - "host", - "status", - "lastaccess", - "ipmi_authtype", - "ipmi_privilege", - "ipmi_username", - "ipmi_password", - "maintenanceid", - "maintenance_status", - "maintenance_type", - "maintenance_from", - "name", - "flags", - "templateid", - "description", - "tls_connect", - "tls_accept", - "tls_issuer", - "tls_subject", - "proxy_address", - "auto_compress", - "custom_interfaces", - "uuid" - ], + "output": "extend", "selectInventory": "extend", "selectMacros": "extend", "selectTags": ["tag", "value"], @@ -615,20 +663,31 @@ def get_host_by_host_name(self, host_name): # get proxyid by proxy name def get_proxyid_by_proxy_name(self, proxy_name): - proxy_list = self._zapi.proxy.get({"output": "extend", "filter": {"host": [proxy_name]}}) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + proxy_list = self._zapi.proxy.get({"output": "extend", "filter": {"host": [proxy_name]}}) + else: + proxy_list = self._zapi.proxy.get({"output": "extend", "filter": {"name": [proxy_name]}}) if len(proxy_list) < 1: self._module.fail_json(msg="Proxy not found: %s" % proxy_name) else: return int(proxy_list[0]["proxyid"]) + # get proxy_group_id by proxy group name + def get_proxy_group_id_by_name(self, proxy_group_name): + proxy_group_list = self._zapi.proxygroup.get({"output": "extend", "filter": {"name": proxy_group_name}}) + if len(proxy_group_list) < 1: + self._module.fail_json(msg="Proxy group not found: %s" % proxy_group_name) + else: + return int(proxy_group_list[0]["proxy_groupid"]) + # get group ids by group names def get_group_ids_by_group_names(self, group_names): if self.check_host_group_exist(group_names): - return self._zapi.hostgroup.get({"output": "extend", "filter": {"name": group_names}}) + return self._zapi.hostgroup.get({"output": ["groupid"], "filter": {"name": group_names}}) # get host groups ids by host id def get_group_ids_by_host_id(self, host_id): - return self._zapi.hostgroup.get({"output": "extend", "hostids": host_id}) + return self._zapi.hostgroup.get({"output": ["groupid"], "hostids": host_id}) # get host templates by host id def get_host_templates_by_host_id(self, host_id): @@ -715,7 +774,7 @@ def check_all_properties(self, host_id, group_ids, status, interfaces, template_ exist_interfaces, host, proxy_id, visible_name, description, host_name, inventory_mode, inventory_zabbix, tls_accept, tls_psk_identity, tls_psk, tls_issuer, tls_subject, tls_connect, ipmi_authtype, ipmi_privilege, - ipmi_username, ipmi_password, macros, tags): + ipmi_username, ipmi_password, macros, tags, monitored_by, proxy_group_id): # get the existing host's groups exist_host_groups = sorted(self.get_group_ids_by_host_id(host_id), key=lambda k: k["groupid"]) if sorted(group_ids, key=lambda k: k["groupid"]) != exist_host_groups: @@ -735,8 +794,16 @@ def check_all_properties(self, host_id, group_ids, status, interfaces, template_ if set(list(template_ids)) != set(exist_template_ids): return True - if int(host["proxy_hostid"]) != int(proxy_id): - return True + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + if int(host["proxy_hostid"]) != int(proxy_id): + return True + else: + if int(host["monitored_by"]) != monitored_by: + return True + if int(host["proxyid"]) != int(proxy_id): + return True + if int(host["proxy_groupid"]) != int(proxy_group_id): + return True # Check whether the visible_name has changed; Zabbix defaults to the technical hostname if not set. if visible_name: @@ -816,11 +883,18 @@ def link_or_clear_template(self, host_id, template_id_list): exist_template_ids = set(exist_template_id_list) template_ids = set(template_id_list) template_id_list = list(template_ids) + template_id_list_ = [] + for t in template_id_list: + template_id_list_.append({"templateid": t}) # get unlink and clear templates templates_clear = exist_template_ids.difference(template_ids) templates_clear_list = list(templates_clear) - request_str = {"hostid": host_id, "templates": template_id_list, "templates_clear": templates_clear_list} + templates_clear_list_ = [] + for t in templates_clear_list: + templates_clear_list_.append({"templateid": t}) + + request_str = {"hostid": host_id, "templates": template_id_list_, "templates_clear": templates_clear_list_} try: if self._module.check_mode: self._module.exit_json(changed=True) @@ -973,7 +1047,9 @@ def main(): ] ), force=dict(type="bool", default=True), + monitored_by=dict(type="str", required=False, choices=["zabbix_server", "proxy", "proxy_group"], default=None), proxy=dict(type="str", required=False), + proxy_group=dict(type="str", required=False), visible_name=dict(type="str", required=False), description=dict(type="str", required=False), macros=dict( @@ -997,8 +1073,13 @@ def main(): ) ) )) + module = AnsibleModule( argument_spec=argument_spec, + required_if=([ + ["monitored_by", "proxy", ("proxy",)], + ["monitored_by", "proxy_group", ("proxy_group",)] + ]), supports_check_mode=True ) @@ -1026,10 +1107,20 @@ def main(): proxy = module.params["proxy"] macros = module.params["macros"] tags = module.params["tags"] + monitored_by = module.params["monitored_by"] + proxy_group = module.params["proxy_group"] # convert enabled to 0; disabled to 1 status = 1 if status == "disabled" else 0 + # convert monitored_by to int + if monitored_by == "zabbix_server": + monitored_by = 0 + elif monitored_by == "proxy": + monitored_by = 1 + elif monitored_by == "proxy_group": + monitored_by = 2 + host = Host(module) template_ids = [] @@ -1063,6 +1154,11 @@ def main(): else: proxy_id = 0 + if proxy_group: + proxy_group_id = host.get_proxy_group_id_by_name(proxy_group) + else: + proxy_group_id = 0 + # check if host exist is_host_exist = host.is_host_exist(host_name) @@ -1074,7 +1170,17 @@ def main(): # If proxy is not specified as a module parameter, use the existing setting if proxy is None: - proxy_id = int(zabbix_host_obj["proxy_hostid"]) + if LooseVersion(host._zbx_api_version) < LooseVersion("7.0"): + proxy_id = int(zabbix_host_obj["proxy_hostid"]) + else: + proxy_id = int(zabbix_host_obj["proxyid"]) + + if LooseVersion(host._zbx_api_version) >= LooseVersion("7.0"): + # If monitored_by and proxy_group are not specified as a module parameters, use the existing setting + if monitored_by is None: + monitored_by = int(zabbix_host_obj["monitored_by"]) + if proxy_group is None: + proxy_group_id = int(zabbix_host_obj["proxy_groupid"]) if state == "absent": # remove host @@ -1183,12 +1289,13 @@ def main(): host_id, group_ids, status, interfaces, template_ids, exist_interfaces, zabbix_host_obj, proxy_id, visible_name, description, host_name, inventory_mode, inventory_zabbix, tls_accept, tls_psk_identity, tls_psk, tls_issuer, tls_subject, tls_connect, ipmi_authtype, ipmi_privilege, - ipmi_username, ipmi_password, macros, tags): + ipmi_username, ipmi_password, macros, tags, monitored_by, proxy_group_id): host.update_host( host_name, group_ids, status, host_id, interfaces, exist_interfaces, proxy_id, visible_name, description, tls_connect, tls_accept, tls_psk_identity, tls_psk, tls_issuer, tls_subject, - ipmi_authtype, ipmi_privilege, ipmi_username, ipmi_password, macros, tags, discovered_host, zabbix_host_obj) + ipmi_authtype, ipmi_privilege, ipmi_username, ipmi_password, macros, tags, discovered_host, zabbix_host_obj, + monitored_by, proxy_group_id) host.link_or_clear_template(host_id, template_ids) @@ -1196,7 +1303,7 @@ def main(): host.update_inventory_zabbix(host_id, inventory_zabbix) module.exit_json(changed=True, - result="Successfully update host %s (%s) and linked with template '%s'" + result="Successfully updated host %s (%s) and linked with template '%s'" % (host_name, ip, link_templates)) else: module.exit_json(changed=False) @@ -1215,7 +1322,7 @@ def main(): host_id = host.add_host( host_name, group_ids, status, interfaces, proxy_id, visible_name, description, tls_connect, tls_accept, tls_psk_identity, tls_psk, tls_issuer, tls_subject, ipmi_authtype, ipmi_privilege, ipmi_username, - ipmi_password, macros, tags) + ipmi_password, macros, tags, monitored_by, proxy_group_id) host.link_or_clear_template(host_id, template_ids) diff --git a/plugins/modules/zabbix_host_events_info.py b/plugins/modules/zabbix_host_events_info.py index c957e68de..2d9029f8d 100644 --- a/plugins/modules/zabbix_host_events_info.py +++ b/plugins/modules/zabbix_host_events_info.py @@ -299,9 +299,8 @@ def get_triggers_by_host_id_in_problem_state(self, host_id, trigger_severity, ta def get_last_event_by_trigger_id(self, triggers_id): """ Get the last event from triggerid""" output = ["eventid", "clock", "acknowledged", "value"] - select_acknowledges = ["clock", "alias", "message"] event = self._zapi.event.get({"output": output, "objectids": triggers_id, - "select_acknowledges": select_acknowledges, "selectTags": "extend", "limit": 1, "sortfield": "clock", + "select_acknowledges": "extend", "selectTags": "extend", "limit": 1, "sortfield": "clock", "sortorder": "DESC"}) return event[0] diff --git a/plugins/modules/zabbix_proxy.py b/plugins/modules/zabbix_proxy.py index a5ddbe137..7c1a6ec10 100644 --- a/plugins/modules/zabbix_proxy.py +++ b/plugins/modules/zabbix_proxy.py @@ -40,6 +40,7 @@ type: str proxy_address: description: + - Deprecated for Zabbix version >= 7.0. - Comma-delimited list of IP/CIDR addresses or DNS names to accept active proxy requests from. - Requires I(status=active). required: false @@ -51,6 +52,7 @@ type: str status: description: + - Deprecated for Zabbix version >= 7.0. - Type of proxy. (4 - active, 5 - passive) required: false choices: ["active", "passive"] @@ -102,6 +104,7 @@ type: str interface: description: + - Deprecated for Zabbix version >= 7.0. - Dictionary with params for the interface when proxy is in passive mode. - For more information, review proxy interface documentation at - U(https://www.zabbix.com/documentation/current/en/manual/api/reference/proxy/object#proxy-interface). @@ -133,6 +136,155 @@ default: "10051" default: {} type: dict + address: + description: + - Parameter introduced in Zabbix 7.0. + - IP address or DNS name to connect to. + - Required if the Zabbix proxy operating mode is passive + required: false + type: str + port: + description: + - Parameter introduced in Zabbix 7.0. + - Port number to connect to. + - supported if the Zabbix proxy operating mode is passive. + required: false + type: str + default: "10051" + proxy_group: + description: + - Parameter introduced in Zabbix 7.0. + - Proxy group name. + required: false + type: str + local_address: + description: + - Parameter introduced in Zabbix 7.0. + - Address for active agents. IP address or DNS name to connect to. + - Required if proxy_groupid is not 0 + required: false + type: str + local_port: + description: + - Parameter introduced in Zabbix 7.0. + - Local proxy port number to connect to. + - Supported if proxy_groupid is not 0 + required: false + type: str + default: "10051" + allowed_addresses: + description: + - Parameter introduced in Zabbix 7.0. + - Comma-delimited IP addresses or DNS names of active Zabbix proxy. + required: false + type: str + operating_mode: + description: + - Parameter introduced in Zabbix 7.0. + - Type of proxy. + required: false + choices: ["active", "passive"] + default: "active" + type: str + custom_timeouts: + description: + - Parameter introduced in Zabbix 7.0. + - Whether to override global item timeouts on the proxy level. + - 0 - use global settings; 1 - override timeouts. + required: false + type: int + default: 0 + choices: [0, 1] + timeout_zabbix_agent: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on Zabbix agent checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Rired if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_simple_check: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on simple checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_snmp_agent: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on SNMP agent checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_external_check: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on external checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_db_monitor: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on DB checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_http_agent: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on HTTPagent checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_ssh_agent: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on SSH checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_telnet_agent: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on Telnet checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_script: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on script type checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str + timeout_browser: + description: + - Parameter introduced in Zabbix 7.0. + - Spend no more than this number of seconds on browser type checks processing. + - Accepts seconds or time unit with suffix (e.g., 30s, 1m). + - "Possible values range: 1-600s." + - Required if if C(custom_timeouts) is set to 1. + required: false + type: str extends_documentation_fragment: - community.zabbix.zabbix @@ -152,7 +304,7 @@ ansible.builtin.set_fact: ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 -- name: Create or update a proxy with proxy type active +- name: Create or update a proxy with proxy type active (Zabbix version < 7.0) # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix @@ -169,7 +321,7 @@ state: present proxy_address: ExampleProxy.local -- name: Create a new passive proxy using only it's IP +- name: Create a new passive proxy using only its IP (Zabbix version < 7.0) # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix @@ -189,7 +341,7 @@ ip: 10.1.1.2 port: 10051 -- name: Create a new passive proxy using only it's DNS +- name: Create a new passive proxy using only its DNS (Zabbix version < 7.0) # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix @@ -207,6 +359,59 @@ interface: dns: proxy.example.com port: 10051 + +- name: Create or update a proxy with proxy type active (Zabbix version >= 7.0) + # set task level variables as we change ansible_connection plugin here + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + ansible_host: zabbix-example-fqdn.org + community.zabbix.zabbix_proxy: + proxy_name: ExampleProxy + description: ExampleProxy + operating_mode: operating_mode + state: present + allowed_addresses: ExampleProxy.local + +- name: Create a new passive proxy using only its IP (Zabbix version >= 7.0) + # set task level variables as we change ansible_connection plugin here + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + ansible_host: zabbix-example-fqdn.org + community.zabbix.zabbix_proxy: + proxy_name: ExampleProxy + description: ExampleProxy + operating_mode: passive + state: present + address: 10.1.1.2 + port: 10051 + +- name: Create a new passive proxy using only its DNS (Zabbix version >= 7.0) + # set task level variables as we change ansible_connection plugin here + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + ansible_host: zabbix-example-fqdn.org + community.zabbix.zabbix_proxy: + proxy_name: ExampleProxy + description: ExampleProxy + operating_mode: passive + state: present + address: proxy.example.com + port: 10051 """ RETURN = r""" # """ @@ -216,6 +421,8 @@ from ansible_collections.community.zabbix.plugins.module_utils.base import ZabbixBase +from ansible.module_utils.compat.version import LooseVersion + import ansible_collections.community.zabbix.plugins.module_utils.helpers as zabbix_utils @@ -225,9 +432,13 @@ def __init__(self, module, zbx=None, zapi_wrapper=None): self.existing_data = None def proxy_exists(self, proxy_name): - result = self._zapi.proxy.get({"output": "extend", - "selectInterface": "extend", - "filter": {"host": proxy_name}}) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + result = self._zapi.proxy.get({"output": "extend", + "selectInterface": "extend", + "filter": {"host": proxy_name}}) + else: + result = self._zapi.proxy.get({"output": "extend", + "filter": {"name": proxy_name}}) if len(result) > 0 and "proxyid" in result[0]: self.existing_data = result[0] @@ -245,19 +456,46 @@ def add_proxy(self, data): if data[item]: parameters[item] = data[item] - if "proxy_address" in data and data["status"] != "5": - parameters.pop("proxy_address", False) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + if "proxy_address" in data and data["status"] != "5": + parameters.pop("proxy_address", False) + else: + if "allowed_addresses" in data and data["operating_mode"] != "0": + parameters.pop("allowed_addresses", False) + + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + if "interface" in data and data["status"] != "6": + parameters.pop("interface", False) + else: + if "interface" in data and data["operating_mode"] != "1": + parameters.pop("interface", False) + + if data["proxy_group"]: + proxy_group = data["proxy_group"] + result = self._zapi.proxygroup.get({"output": "extend", "filter": {"name": proxy_group}}) - if "interface" in data and data["status"] != "6": - parameters.pop("interface", False) + if len(result) == 0: + self._module.fail_json(msg="Failed to find proxy group %s" % (proxy_group)) + + proxy_group_id = result[0]["proxy_groupid"] + parameters.pop("proxy_group", False) + parameters["proxy_groupid"] = proxy_group_id proxy_ids_list = self._zapi.proxy.create(parameters) - self._module.exit_json(changed=True, - result="Successfully added proxy %s (%s)" % (data["host"], data["status"])) + + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + self._module.exit_json(changed=True, + result="Successfully added proxy %s (%s)" % (data["host"], data["status"])) + else: + self._module.exit_json(changed=True, + result="Successfully added proxy %s (%s)" % (data["name"], data["operating_mode"])) if len(proxy_ids_list) >= 1: return proxy_ids_list["proxyids"][0] except Exception as e: - self._module.fail_json(msg="Failed to create proxy %s: %s" % (data["host"], e)) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + self._module.fail_json(msg="Failed to create proxy %s: %s" % (data["host"], e)) + else: + self._module.fail_json(msg="Failed to create proxy %s: %s" % (data["name"], e)) def delete_proxy(self, proxy_id, proxy_name): try: @@ -277,15 +515,36 @@ def update_proxy(self, proxy_id, data): for key in data: if data[key]: parameters[key] = data[key] + + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + status_or_operating_mode_name = "status" + status_or_operating_mode_value = "5" + else: + status_or_operating_mode_name = "operating_mode" + status_or_operating_mode_value = "0" + if "custom_timeouts" in parameters: + parameters["custom_timeouts"] = str(parameters["custom_timeouts"]) + + if data["proxy_group"]: + proxy_group = data["proxy_group"] + result = self._zapi.proxygroup.get({"output": "extend", "filter": {"name": proxy_group}}) + + if len(result) == 0: + self._module.fail_json(msg="Failed to find proxy group %s" % (proxy_group)) + + proxy_group_id = result[0]["proxy_groupid"] + parameters.pop("proxy_group", False) + parameters["proxy_groupid"] = proxy_group_id + if "interface" in parameters: - if parameters["status"] == "5": + if parameters[status_or_operating_mode_name] == status_or_operating_mode_value: # Active proxy parameters.pop("interface", False) else: # Passive proxy parameters["interface"]["useip"] = str(parameters["interface"]["useip"]) - if parameters["status"] == "5": + if parameters[status_or_operating_mode_name] == status_or_operating_mode_value: # Active proxy parameters.pop("tls_connect", False) else: @@ -302,14 +561,23 @@ def update_proxy(self, proxy_id, data): else: difference["proxyid"] = proxy_id self._zapi.proxy.update(parameters) - self._module.exit_json( - changed=True, - result="Successfully updated proxy %s (%s)" % - (data["host"], proxy_id) - ) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + self._module.exit_json( + changed=True, + result="Successfully updated proxy %s (%s)" % (data["host"], proxy_id) + ) + else: + self._module.exit_json( + changed=True, + result="Successfully updated proxy %s (%s)" % (data["name"], proxy_id) + ) except Exception as e: - self._module.fail_json(msg="Failed to update proxy %s: %s" % - (data["host"], e)) + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + self._module.fail_json(msg="Failed to update proxy %s: %s" % + (data["host"], e)) + else: + self._module.fail_json(msg="Failed to update proxy %s: %s" % + (data["name"], e)) def main(): @@ -318,6 +586,8 @@ def main(): proxy_name=dict(type="str", required=True), proxy_address=dict(type="str", required=False), status=dict(type="str", default="active", choices=["active", "passive"]), + allowed_addresses=dict(type="str", required=False, default=None), + operating_mode=dict(type="str", default="active", choices=["active", "passive"]), state=dict(type="str", default="present", choices=["present", "absent"]), description=dict(type="str", required=False), tls_connect=dict(type="str", default="no_encryption", choices=["no_encryption", "PSK", "certificate"]), @@ -336,17 +606,53 @@ def main(): dns=dict(type="str", default=""), port=dict(type="str", default="10051") ), - ) + ), + address=dict(type="str", required=False, default=None), + port=dict(type="str", required=False, default="10051"), + proxy_group=dict(type="str", required=False, default=None), + local_address=dict(type="str", required=False, default=None), + local_port=dict(type="str", required=False, default="10051"), + custom_timeouts=dict(type="int", required=False, default=0, choices=[0, 1]), + timeout_zabbix_agent=dict(type="str", required=False, default=None), + timeout_simple_check=dict(type="str", required=False, default=None), + timeout_snmp_agent=dict(type="str", required=False, default=None), + timeout_external_check=dict(type="str", required=False, default=None), + timeout_db_monitor=dict(type="str", required=False, default=None), + timeout_http_agent=dict(type="str", required=False, default=None), + timeout_ssh_agent=dict(type="str", required=False, default=None), + timeout_telnet_agent=dict(type="str", required=False, default=None), + timeout_script=dict(type="str", required=False, default=None), + timeout_browser=dict(type="str", required=False, default=None) )) + + # Create temporary proxy object to be able to pull Zabbix version to resolve parameters dependencies + module = AnsibleModule(argument_spec=argument_spec) + proxy = Proxy(module) + + if LooseVersion(proxy._zbx_api_version) < LooseVersion("7.0"): + required = [ + ["tls_connect", "PSK", ("tls_psk_identity", "tls_psk"), False], + ["tls_accept", "PSK", ("tls_psk_identity", "tls_psk"), False], + ["status", "passive", ("interface",)] + ] + else: + required = [ + ["operating_mode", "passive", ("address",)], + ["custom_timeouts", 1, ( + "timeout_zabbix_agent", "timeout_simple_check", "timeout_snmp_agent", + "timeout_external_check", "timeout_db_monitor", "timeout_http_agent", + "timeout_ssh_agent", "timeout_telnet_agent", "timeout_script", + "timeout_browser"), False] + ] + module = AnsibleModule( argument_spec=argument_spec, + required_if=required, supports_check_mode=True ) proxy_name = module.params["proxy_name"] - proxy_address = module.params["proxy_address"] description = module.params["description"] - status = module.params["status"] tls_connect = module.params["tls_connect"] tls_accept = module.params["tls_accept"] tls_issuer = module.params["ca_cert"] @@ -354,10 +660,40 @@ def main(): tls_psk_identity = module.params["tls_psk_identity"] tls_psk = module.params["tls_psk"] state = module.params["state"] - interface = module.params["interface"] - # convert enabled to 0; disabled to 1 - status = 6 if status == "passive" else 5 + proxy = Proxy(module) + + # convert enabled / disabled to integer + if LooseVersion(proxy._zbx_api_version) < LooseVersion("7.0"): + proxy_address = "" + if "proxy_address" in module.params: + proxy_address = module.params["proxy_address"] + if "interface" in module.params: + interface = module.params["interface"] + status = 6 if module.params["status"] == "passive" else 5 + else: + allowed_addresses = module.params["allowed_addresses"] + operating_mode = 1 if module.params["operating_mode"] == "passive" else 0 + address = module.params["address"] + port = module.params["port"] + proxy_group = module.params["proxy_group"] + local_address = module.params["local_address"] + local_port = module.params["local_port"] + allowed_addresses = module.params["allowed_addresses"] + custom_timeouts = module.params["custom_timeouts"] + timeout_zabbix_agent = module.params["timeout_zabbix_agent"] + timeout_simple_check = module.params["timeout_simple_check"] + timeout_snmp_agent = module.params["timeout_snmp_agent"] + timeout_external_check = module.params["timeout_external_check"] + timeout_db_monitor = module.params["timeout_db_monitor"] + timeout_http_agent = module.params["timeout_http_agent"] + timeout_ssh_agent = module.params["timeout_ssh_agent"] + timeout_telnet_agent = module.params["timeout_telnet_agent"] + timeout_script = module.params["timeout_script"] + timeout_browser = module.params["timeout_browser"] + if proxy_group: + if local_address is None: + module.fail_json(msg="local_address parameter is required when proxy_group is specified.") if tls_connect == "certificate": tls_connect = 4 @@ -373,8 +709,6 @@ def main(): else: tls_accept = 1 - proxy = Proxy(module) - # check if proxy already exists proxy_id = proxy.proxy_exists(proxy_name) @@ -383,7 +717,56 @@ def main(): # remove proxy proxy.delete_proxy(proxy_id, proxy_name) else: - proxy.update_proxy(proxy_id, { + if LooseVersion(proxy._zbx_api_version) < LooseVersion("7.0"): + proxy.update_proxy(proxy_id, { + "host": proxy_name, + "description": description, + "status": str(status), + "tls_connect": str(tls_connect), + "tls_accept": str(tls_accept), + "tls_issuer": tls_issuer, + "tls_subject": tls_subject, + "tls_psk_identity": tls_psk_identity, + "tls_psk": tls_psk, + "interface": interface, + "proxy_address": proxy_address + }) + else: + proxy.update_proxy(proxy_id, { + "name": proxy_name, + "description": description, + "operating_mode": str(operating_mode), + "tls_connect": str(tls_connect), + "tls_accept": str(tls_accept), + "tls_issuer": tls_issuer, + "tls_subject": tls_subject, + "tls_psk_identity": tls_psk_identity, + "tls_psk": tls_psk, + "allowed_addresses": allowed_addresses, + "address": address, + "port": port, + "proxy_group": proxy_group, + "local_address": local_address, + "local_port": local_port, + "custom_timeouts": custom_timeouts, + "timeout_zabbix_agent": timeout_zabbix_agent, + "timeout_simple_check": timeout_simple_check, + "timeout_snmp_agent": timeout_snmp_agent, + "timeout_external_check": timeout_external_check, + "timeout_db_monitor": timeout_db_monitor, + "timeout_http_agent": timeout_http_agent, + "timeout_ssh_agent": timeout_ssh_agent, + "timeout_telnet_agent": timeout_telnet_agent, + "timeout_script": timeout_script, + "timeout_browser": timeout_browser + }) + else: + if state == "absent": + # the proxy is already deleted. + module.exit_json(changed=False) + + if LooseVersion(proxy._zbx_api_version) < LooseVersion("7.0"): + proxy_id = proxy.add_proxy(data={ "host": proxy_name, "description": description, "status": str(status), @@ -396,24 +779,35 @@ def main(): "interface": interface, "proxy_address": proxy_address }) - else: - if state == "absent": - # the proxy is already deleted. - module.exit_json(changed=False) - - proxy_id = proxy.add_proxy(data={ - "host": proxy_name, - "description": description, - "status": str(status), - "tls_connect": str(tls_connect), - "tls_accept": str(tls_accept), - "tls_issuer": tls_issuer, - "tls_subject": tls_subject, - "tls_psk_identity": tls_psk_identity, - "tls_psk": tls_psk, - "interface": interface, - "proxy_address": proxy_address - }) + else: + proxy_id = proxy.add_proxy(data={ + "name": proxy_name, + "description": description, + "operating_mode": str(operating_mode), + "tls_connect": str(tls_connect), + "tls_accept": str(tls_accept), + "tls_issuer": tls_issuer, + "tls_subject": tls_subject, + "tls_psk_identity": tls_psk_identity, + "tls_psk": tls_psk, + "allowed_addresses": allowed_addresses, + "address": address, + "port": port, + "proxy_group": proxy_group, + "local_address": local_address, + "local_port": local_port, + "custom_timeouts": custom_timeouts, + "timeout_zabbix_agent": timeout_zabbix_agent, + "timeout_simple_check": timeout_simple_check, + "timeout_snmp_agent": timeout_snmp_agent, + "timeout_external_check": timeout_external_check, + "timeout_db_monitor": timeout_db_monitor, + "timeout_http_agent": timeout_http_agent, + "timeout_ssh_agent": timeout_ssh_agent, + "timeout_telnet_agent": timeout_telnet_agent, + "timeout_script": timeout_script, + "timeout_browser": timeout_browser + }) if __name__ == "__main__": diff --git a/plugins/modules/zabbix_proxy_group.py b/plugins/modules/zabbix_proxy_group.py new file mode 100644 index 000000000..712e6beb2 --- /dev/null +++ b/plugins/modules/zabbix_proxy_group.py @@ -0,0 +1,255 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# (c) 2024, Evgeny Yurchenko +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +DOCUMENTATION = r""" +--- +module: zabbix_proxy_group +short_description: Create/update/delete Zabbix proxy group +description: + - This module allows you to create, modify and delete Zabbix proxy group. +author: + - Evgeny Yurchenko (@BGmot) +requirements: + - python >= 3.9 +options: + name: + description: + - Name of the proxy group. + required: true + type: str + description: + description: + - Description of the proxy group. + required: false + type: str + failover_delay: + description: + - Failover period for each proxy in the group to have online/offline state. + - Time suffixes are supported, e.g. 30s, 1m. + required: false + type: str + default: 1m + min_online: + description: + - Minimum number of online proxies required for the group to be online. + - "Possible values range: 1-1000." + required: false + type: str + default: "1" + state: + description: + - State of the proxy group. + - On C(present), it will create if proxy group does not exist or update it if the associated data is different. + - On C(absent) will remove the proxy group if it exists. + choices: ["present", "absent"] + default: "present" + type: str + +extends_documentation_fragment: +- community.zabbix.zabbix + +""" + +EXAMPLES = r""" +--- +# If you want to use Username and Password to be authenticated by Zabbix Server +- name: Set credentials to access Zabbix Server API + ansible.builtin.set_fact: + ansible_user: Admin + ansible_httpapi_pass: zabbix + +# If you want to use API token to be authenticated by Zabbix Server +# https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens +- name: Set API token + ansible.builtin.set_fact: + ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 + +- name: Create/update Zabbix proxy group + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + ansible_host: zabbix-example-fqdn.org + community.zabbix.zabbix_proxy_group: + name: ProxyGroup01 + description: Example Zabbix Proxy Group + state: present + failover_delay: 10s + min_online: 2 + +- name: delete Zabbix proxy group + vars: + ansible_network_os: community.zabbix.zabbix + ansible_connection: httpapi + ansible_httpapi_port: 443 + ansible_httpapi_use_ssl: true + ansible_httpapi_validate_certs: false + ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu + ansible_host: zabbix-example-fqdn.org + community.zabbix.zabbix_proxy_group: + name: ProxyGroup01 + state: absent +""" + +RETURN = r""" # """ + + +from ansible.module_utils.basic import AnsibleModule + +from ansible_collections.community.zabbix.plugins.module_utils.base import ZabbixBase + +import ansible_collections.community.zabbix.plugins.module_utils.helpers as zabbix_utils + + +class ProxyGroup(ZabbixBase): + def __init__(self, module, zbx=None, zapi_wrapper=None): + super(ProxyGroup, self).__init__(module, zbx, zapi_wrapper) + self.existing_data = None + + def proxy_group_exists(self, proxy_group_name): + result = self._zapi.proxygroup.get({"output": "extend", + "filter": {"name": proxy_group_name}}) + + if len(result) > 0 and "proxy_groupid" in result[0]: + self.existing_data = result[0] + return result[0]["proxy_groupid"] + else: + return result + + def add_proxy_group(self, data): + try: + if self._module.check_mode: + self._module.exit_json(changed=True) + + parameters = {} + for item in data: + if data[item]: + parameters[item] = data[item] + + proxy_group_ids_list = self._zapi.proxygroup.create(parameters) + + self._module.exit_json(changed=True, + result="Successfully added proxy group %s" % (data["name"])) + + if len(proxy_group_ids_list) >= 1: + return proxy_group_ids_list["proxy_groupids"][0] + + except Exception as e: + self._module.fail_json(msg="Failed to create proxy group %s: %s" % (data["name"], e)) + + def delete_proxy_group(self, proxy_group_id, proxy_group_name): + try: + if self._module.check_mode: + self._module.exit_json(changed=True) + + self._zapi.proxygroup.delete([proxy_group_id]) + + self._module.exit_json(changed=True, result="Successfully deleted proxy group %s" % proxy_group_name) + + except Exception as e: + self._module.fail_json(msg="Failed to delete proxy group %s: %s" % (proxy_group_name, str(e))) + + def update_proxy_group(self, proxy_group_id, data): + try: + if self._module.check_mode: + self._module.exit_json(changed=True) + + parameters = {} + for key in data: + if data[key]: + parameters[key] = data[key] + + parameters["proxy_groupid"] = proxy_group_id + + change_parameters = {} + difference = zabbix_utils.helper_cleanup_data(zabbix_utils.helper_compare_dictionaries(parameters, self.existing_data, change_parameters)) + + if difference == {}: + self._module.exit_json(changed=False) + else: + difference["proxy_groupid"] = proxy_group_id + self._zapi.proxygroup.update(parameters) + self._module.exit_json( + changed=True, + result="Successfully updated proxy group %s (%s)" % (data["name"], proxy_group_id) + ) + + except Exception as e: + self._module.fail_json(msg="Failed to update proxy group %s: %s" % (data["name"], e)) + + +def main(): + argument_spec = zabbix_utils.zabbix_common_argument_spec() + argument_spec.update(dict( + name=dict(type="str", required=True), + description=dict(type="str", required=False), + failover_delay=dict(type="str", default="1m"), + state=dict(type="str", default="present", choices=["present", "absent"]), + min_online=dict(type="str", default="1") + )) + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + + proxy_group_name = module.params["name"] + description = module.params["description"] + failover_delay = module.params["failover_delay"] + min_online = module.params["min_online"] + state = module.params["state"] + + proxy_group = ProxyGroup(module) + + # check if proxy group already exists + proxy_group_id = proxy_group.proxy_group_exists(proxy_group_name) + + if proxy_group_id: + if state == "absent": + # remove proxy group + proxy_group.delete_proxy_group(proxy_group_id, proxy_group_name) + else: + proxy_group.update_proxy_group(proxy_group_id, { + "name": proxy_group_name, + "description": description, + "failover_delay": str(failover_delay), + "min_online": str(min_online) + }) + else: + if state == "absent": + # the proxy group is already deleted. + module.exit_json(changed=False) + + proxy_group_id = proxy_group.add_proxy_group(data={ + "name": proxy_group_name, + "description": description, + "failover_delay": str(failover_delay), + "min_online": str(min_online) + }) + + +if __name__ == "__main__": + main() diff --git a/plugins/modules/zabbix_proxy_info.py b/plugins/modules/zabbix_proxy_info.py index c82112609..bde67cdf9 100644 --- a/plugins/modules/zabbix_proxy_info.py +++ b/plugins/modules/zabbix_proxy_info.py @@ -123,6 +123,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.zabbix.plugins.module_utils.base import ZabbixBase +from ansible.module_utils.compat.version import LooseVersion import ansible_collections.community.zabbix.plugins.module_utils.helpers as zabbix_utils @@ -130,13 +131,21 @@ class Proxy(ZabbixBase): def get_proxy(self, name, hosts=False): result = {} - params = { - "filter": { - "host": name - }, - "output": "extend", - "selectInterface": "extend", - } + if LooseVersion(self._zbx_api_version) < LooseVersion("7.0"): + params = { + "filter": { + "host": name + }, + "selectInterface": "extend", + "output": "extend" + } + else: + params = { + "filter": { + "name": name + }, + "output": "extend" + } if hosts: params["selectHosts"] = ["host", "hostid"] diff --git a/tests/integration/targets/test_zabbix_discovery_rule/tasks/main.yml b/tests/integration/targets/test_zabbix_discovery_rule/tasks/main.yml index cbf13b391..88ae6f94a 100644 --- a/tests/integration/targets/test_zabbix_discovery_rule/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_discovery_rule/tasks/main.yml @@ -214,16 +214,31 @@ ansible.builtin.assert: that: drule_reset is changed - - name: test - create new active Zabbix proxy server + - name: test - create new active Zabbix proxy server (Zabbix < 7.0) community.zabbix.zabbix_proxy: proxy_name: ACME_proxy status: active state: present register: zbxproxy_active + when: zabbix_version is version('7.0', '<') - name: assert that proxy was created ansible.builtin.assert: that: zbxproxy_active is changed + when: zabbix_version is version('7.0', '<') + + - name: test - create new active Zabbix proxy server (Zabbix >= 7.0) + community.zabbix.zabbix_proxy: + proxy_name: ACME_proxy + operating_mode: active + state: present + register: zbxproxy_active + when: zabbix_version is version('7.0', '>=') + + - name: assert that proxy was created + ansible.builtin.assert: + that: zbxproxy_active is changed + when: zabbix_version is version('7.0', '>=') - name: test - update Zabbix discovery rule proxy community.zabbix.zabbix_discovery_rule: diff --git a/tests/integration/targets/test_zabbix_host/tasks/main.yml b/tests/integration/targets/test_zabbix_host/tasks/main.yml index c4675797f..f8df8b8c6 100644 --- a/tests/integration/targets/test_zabbix_host/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_host/tasks/main.yml @@ -21,3 +21,9 @@ - ExampleHost - ExampleHost1 - ExampleHost2 + + - name: "clean up Zabbix Proxy Group if tests failed" + community.zabbix.zabbix_proxy_group: + name: TestProxyGroup + state: absent + when: zabbix_version is version('7.0', '>=') diff --git a/tests/integration/targets/test_zabbix_host/tasks/zabbix_host_tests.yml b/tests/integration/targets/test_zabbix_host/tasks/zabbix_host_tests.yml index 20246a16b..d18f061c3 100644 --- a/tests/integration/targets/test_zabbix_host/tasks/zabbix_host_tests.yml +++ b/tests/integration/targets/test_zabbix_host/tasks/zabbix_host_tests.yml @@ -40,6 +40,7 @@ ip: 10.1.1.1 dns: "" port: "12345" + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy macros: - macro: MACRO1 @@ -98,6 +99,7 @@ ip: 10.1.1.1 dns: "" port: "12345" + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy macros: - macro: MACRO1 @@ -157,6 +159,7 @@ ip: 10.1.1.1 dns: "" port: "12345" + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy register: zabbix_host1 @@ -207,6 +210,7 @@ ip: 10.1.1.1 dns: "" port: "12345" + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy register: zabbix_host1 @@ -487,6 +491,7 @@ - name: "test: remove host proxy" community.zabbix.zabbix_host: host_name: ExampleHost + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('zabbix_server', omit) }}" proxy: "" register: zabbix_host1 @@ -498,6 +503,7 @@ - name: "test: add host proxy" community.zabbix.zabbix_host: host_name: ExampleHost + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy register: zabbix_host1 @@ -509,6 +515,7 @@ - name: "test: add host proxy (again)" community.zabbix.zabbix_host: host_name: ExampleHost + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy register: zabbix_host1 @@ -1424,3 +1431,83 @@ community.zabbix.zabbix_host: host_name: ExampleHost state: absent + +- name: perform tests for Zabbix >= 7.0 + when: zabbix_version is version('7.0', '>=') + block: + - name: create zabbix proxy group + community.zabbix.zabbix_proxy_group: + name: TestProxyGroup + + - name: create host monitored by zabbix proxy group + community.zabbix.zabbix_host: + host_name: ExampleHost + state: present + host_groups: + - Linux servers + monitored_by: proxy_group + proxy_group: TestProxyGroup + register: zbx_host_create_proxy_group + + - name: expect host to be created (changed) + ansible.builtin.assert: + that: zbx_host_create_proxy_group is changed + + - name: create host monitored by zabbix proxy group again + community.zabbix.zabbix_host: + host_name: ExampleHost + state: present + host_groups: + - Linux servers + monitored_by: proxy_group + proxy_group: TestProxyGroup + register: zbx_host_create_proxy_group_again + + - name: expect host to be not changed + ansible.builtin.assert: + that: zbx_host_create_proxy_group_again is not changed + + - name: update host monitored by zabbix server + community.zabbix.zabbix_host: + host_name: ExampleHost + state: present + monitored_by: zabbix_server + register: zbx_host_update_zabbix_server + + - name: expect host to be changed + ansible.builtin.assert: + that: zbx_host_update_zabbix_server is changed + + - name: update host to be monitored by zabbix proxy group + community.zabbix.zabbix_host: + host_name: ExampleHost + state: present + monitored_by: proxy_group + proxy_group: TestProxyGroup + register: zbx_host_update_proxy_group + + - name: expect host to be changed + ansible.builtin.assert: + that: zbx_host_update_proxy_group is changed + + - name: update host to be monitored by zabbix proxy group again + community.zabbix.zabbix_host: + host_name: ExampleHost + state: present + monitored_by: proxy_group + proxy_group: TestProxyGroup + register: zbx_host_update_proxy_group_again + + - name: expect host not to be changed + ansible.builtin.assert: + that: zbx_host_update_proxy_group_again is not changed + + - name: cleanup host + community.zabbix.zabbix_host: + host_name: ExampleHost + state: absent + + - name: cleanup proxy group + community.zabbix.zabbix_proxy_group: + name: TestProxyGroup + state: absent diff --git a/tests/integration/targets/test_zabbix_proxy/tasks/main.yml b/tests/integration/targets/test_zabbix_proxy/tasks/main.yml index 86ece24f3..d20ddf405 100644 --- a/tests/integration/targets/test_zabbix_proxy/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_proxy/tasks/main.yml @@ -1,301 +1,23 @@ --- -- name: test - create new passive Zabbix proxy server - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.2 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_new - -- name: assert that proxy was created - ansible.builtin.assert: - that: zbxproxy_new is changed - -- name: test - create same passive Zabbix proxy server - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.2 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_existing - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_existing is changed - -- name: test - update Zabbix proxy server description - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.2 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_desc_update - -- name: assert that description has been updated - ansible.builtin.assert: - that: zbxproxy_desc_update is changed - -- name: test - update Zabbix proxy server interface - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.3 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_interface_update - -- name: assert that interface has been updated - ansible.builtin.assert: - that: zbxproxy_interface_update is changed - -- name: test - update Zabbix proxy server description & interface (again) - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.3 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_desc_interface_update - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_desc_interface_update is changed - -- name: test - update Zabbix proxy server interface to use only ip - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 1 - ip: 10.1.1.3 - port: 10051 - register: zbxproxy_interface_onlyip - -- name: assert that interface has been updated - ansible.builtin.assert: - that: zbxproxy_interface_onlyip is changed - -- name: test - update Zabbix proxy server interface to use only ip again - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 1 - ip: 10.1.1.3 - port: 10051 - register: zbxproxy_interface_onlyip_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_interface_onlyip_again is changed - -- name: test - update Zabbix proxy server interface to use only dns - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 0 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_interface_onlydns - -- name: assert that interface has been updated - ansible.builtin.assert: - that: zbxproxy_interface_onlydns is changed - -- name: test - update Zabbix proxy server interface to use only dns again - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 0 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_interface_onlydns_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_interface_onlydns_again is changed - -- name: test - update Zabbix proxy server interface to fail - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy desc - state: present - status: passive - interface: - useip: 1 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_interface_fail - ignore_errors: true - -- name: assert that module has failed - ansible.builtin.assert: - that: zbxproxy_interface_fail is failed - -- name: test - update Zabbix proxy server to be active - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - register: zbxproxy_active_update - -- name: assert that proxy was updated - ansible.builtin.assert: - that: zbxproxy_active_update is changed - -- name: test - update Zabbix proxy server to be active (again) - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - register: zbxproxy_active_update_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_active_update_again is changed - -- name: test - update Zabbix proxy server to be active and use proxy_address - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - proxy_address: 10.1.1.0/24,zabbix.example.com - register: zbxproxy_active_proxyaddress - -- name: assert that proxy was updated - ansible.builtin.assert: - that: zbxproxy_active_proxyaddress is changed - -- name: test - update Zabbix proxy server to be active use proxy_address (again) - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - proxy_address: 10.1.1.0/24,zabbix.example.com - register: zbxproxy_active_proxyaddress_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_active_proxyaddress_again is changed - -- name: test - update Zabbix proxy server to use encryption - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - tls_psk_identity: test - tls_connect: PSK - tls_accept: PSK - tls_psk: 123456789abcdef123456789abcdef12 - register: zbxproxy_encryption - -- name: assert that encryption has been enabled - ansible.builtin.assert: - that: zbxproxy_encryption is changed - -- name: test - update Zabbix proxy server to use encryption (again) - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - tls_psk_identity: test - tls_connect: PSK - tls_accept: PSK - tls_psk: 123456789abcdef123456789abcdef12 - register: zbxproxy_encryption_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: zbxproxy_encryption_again is changed - -- name: test - update Zabbix proxy server encryption settings - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: active - tls_connect: certificate - tls_accept: certificate - tls_issuer: AcmeCorp - tls_subject: AcmeCorpServer - register: zbxproxy_encryption_update - -- name: assert that encryption has been updated - ansible.builtin.assert: - that: zbxproxy_encryption_update is changed - -- name: test - update Zabbix proxy server back to being passive - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - description: Example Zabbix Proxy - state: present - status: passive - interface: - useip: 0 - ip: 10.1.1.2 - dns: zbxproxy_example01 - port: 10051 - register: zbxproxy_passive_update - -- name: assert that proxy was updated - ansible.builtin.assert: - that: zbxproxy_passive_update is changed - -- name: test - delete Zabbix proxy server - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - state: absent - register: zbxproxy_delete - -- name: assert that proxy has been deleted - ansible.builtin.assert: - that: zbxproxy_delete is changed - -- name: test - delete Zabbix proxy server (again) - community.zabbix.zabbix_proxy: - proxy_name: zbxproxy_example01 - state: absent - register: zbxproxy_delete_again - -- name: assert that nothing has been changed - ansible.builtin.assert: - that: not zbxproxy_delete_again is changed +- block: + - name: Run tests for Zabbix < 7.0 + when: zabbix_version is version('7.0', '<') + include_tasks: test_zabbix_proxy_before70.yml + + - name: Run tests for Zabbix >= 7.0 + when: zabbix_version is version('7.0', '>=') + include_tasks: test_zabbix_proxy_since70.yml + + always: + - name: Cleanup proxy + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + ignore_errors: true + + - name: Cleanup proxy group + community.zabbix.zabbix_proxy_group: + name: zbxproxy_group_example01 + state: absent + ignore_errors: true + when: zabbix_version is version('7.0', '>=') diff --git a/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_before70.yml b/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_before70.yml new file mode 100644 index 000000000..86ece24f3 --- /dev/null +++ b/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_before70.yml @@ -0,0 +1,301 @@ +--- +- name: test - create new passive Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.2 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_new + +- name: assert that proxy was created + ansible.builtin.assert: + that: zbxproxy_new is changed + +- name: test - create same passive Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.2 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_existing + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_existing is changed + +- name: test - update Zabbix proxy server description + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.2 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_desc_update + +- name: assert that description has been updated + ansible.builtin.assert: + that: zbxproxy_desc_update is changed + +- name: test - update Zabbix proxy server interface + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.3 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_interface_update + +- name: assert that interface has been updated + ansible.builtin.assert: + that: zbxproxy_interface_update is changed + +- name: test - update Zabbix proxy server description & interface (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.3 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_desc_interface_update + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_desc_interface_update is changed + +- name: test - update Zabbix proxy server interface to use only ip + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 1 + ip: 10.1.1.3 + port: 10051 + register: zbxproxy_interface_onlyip + +- name: assert that interface has been updated + ansible.builtin.assert: + that: zbxproxy_interface_onlyip is changed + +- name: test - update Zabbix proxy server interface to use only ip again + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 1 + ip: 10.1.1.3 + port: 10051 + register: zbxproxy_interface_onlyip_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_interface_onlyip_again is changed + +- name: test - update Zabbix proxy server interface to use only dns + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 0 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_interface_onlydns + +- name: assert that interface has been updated + ansible.builtin.assert: + that: zbxproxy_interface_onlydns is changed + +- name: test - update Zabbix proxy server interface to use only dns again + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 0 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_interface_onlydns_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_interface_onlydns_again is changed + +- name: test - update Zabbix proxy server interface to fail + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + status: passive + interface: + useip: 1 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_interface_fail + ignore_errors: true + +- name: assert that module has failed + ansible.builtin.assert: + that: zbxproxy_interface_fail is failed + +- name: test - update Zabbix proxy server to be active + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + register: zbxproxy_active_update + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_active_update is changed + +- name: test - update Zabbix proxy server to be active (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + register: zbxproxy_active_update_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_active_update_again is changed + +- name: test - update Zabbix proxy server to be active and use proxy_address + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + proxy_address: 10.1.1.0/24,zabbix.example.com + register: zbxproxy_active_proxyaddress + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_active_proxyaddress is changed + +- name: test - update Zabbix proxy server to be active use proxy_address (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + proxy_address: 10.1.1.0/24,zabbix.example.com + register: zbxproxy_active_proxyaddress_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_active_proxyaddress_again is changed + +- name: test - update Zabbix proxy server to use encryption + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + tls_psk_identity: test + tls_connect: PSK + tls_accept: PSK + tls_psk: 123456789abcdef123456789abcdef12 + register: zbxproxy_encryption + +- name: assert that encryption has been enabled + ansible.builtin.assert: + that: zbxproxy_encryption is changed + +- name: test - update Zabbix proxy server to use encryption (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + tls_psk_identity: test + tls_connect: PSK + tls_accept: PSK + tls_psk: 123456789abcdef123456789abcdef12 + register: zbxproxy_encryption_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: zbxproxy_encryption_again is changed + +- name: test - update Zabbix proxy server encryption settings + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: active + tls_connect: certificate + tls_accept: certificate + tls_issuer: AcmeCorp + tls_subject: AcmeCorpServer + register: zbxproxy_encryption_update + +- name: assert that encryption has been updated + ansible.builtin.assert: + that: zbxproxy_encryption_update is changed + +- name: test - update Zabbix proxy server back to being passive + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + status: passive + interface: + useip: 0 + ip: 10.1.1.2 + dns: zbxproxy_example01 + port: 10051 + register: zbxproxy_passive_update + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_passive_update is changed + +- name: test - delete Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + register: zbxproxy_delete + +- name: assert that proxy has been deleted + ansible.builtin.assert: + that: zbxproxy_delete is changed + +- name: test - delete Zabbix proxy server (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + register: zbxproxy_delete_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_delete_again is changed diff --git a/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_since70.yml b/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_since70.yml new file mode 100644 index 000000000..89988c37b --- /dev/null +++ b/tests/integration/targets/test_zabbix_proxy/tasks/test_zabbix_proxy_since70.yml @@ -0,0 +1,356 @@ +--- +- name: test - create new passive Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: passive + address: 10.1.1.2 + port: 10051 + register: zbxproxy_new + +- name: assert that proxy was created + ansible.builtin.assert: + that: zbxproxy_new is changed + +- name: test - create same passive Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: passive + address: 10.1.1.2 + port: 10051 + register: zbxproxy_existing + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_existing is changed + +- name: test - update Zabbix proxy server description + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + operating_mode: passive + address: 10.1.1.2 + port: 10051 + register: zbxproxy_desc_update + +- name: assert that description has been updated + ansible.builtin.assert: + that: zbxproxy_desc_update is changed + +- name: test - update Zabbix proxy server interface + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + operating_mode: passive + address: 10.1.1.3 + port: 10051 + register: zbxproxy_interface_update + +- name: assert that interface has been updated + ansible.builtin.assert: + that: zbxproxy_interface_update is changed + +- name: test - update Zabbix proxy server description & interface (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + operating_mode: passive + address: 10.1.1.3 + port: 10051 + register: zbxproxy_desc_interface_update + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_desc_interface_update is changed + +- name: test - update Zabbix proxy server interface to use DNS + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + operating_mode: passive + address: test-proxy01.local + port: 10051 + register: zbxproxy_interface_dns + +- name: assert that interface has been updated + ansible.builtin.assert: + that: zbxproxy_interface_dns is changed + +- name: test - update Zabbix proxy server interface to use DNS again + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy desc + state: present + operating_mode: passive + address: test-proxy01.local + port: 10051 + register: zbxproxy_interface_dns_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_interface_dns_again is changed + +- name: test - update Zabbix proxy server to be active + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + register: zbxproxy_active_update + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_active_update is changed + +- name: test - update Zabbix proxy server to be active (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + register: zbxproxy_active_update_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_active_update_again is changed + +- name: test - update Zabbix proxy server to be active and use allowed_addresses + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + allowed_addresses: 10.1.1.0/24,zabbix.example.com + register: zbxproxy_active_allowed_addresses + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_active_allowed_addresses is changed + +- name: test - update Zabbix proxy server to be active use allowed_addresses (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + allowed_addresses: 10.1.1.0/24,zabbix.example.com + register: zbxproxy_active_allowed_addresses_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_active_allowed_addresses_again is changed + +- name: test - update Zabbix proxy server to use encryption + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + tls_psk_identity: test + tls_connect: PSK + tls_accept: PSK + tls_psk: 123456789abcdef123456789abcdef12 + register: zbxproxy_encryption + +- name: assert that encryption has been enabled + ansible.builtin.assert: + that: zbxproxy_encryption is changed + +- name: test - update Zabbix proxy server to use encryption (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + tls_psk_identity: test + tls_connect: PSK + tls_accept: PSK + tls_psk: 123456789abcdef123456789abcdef12 + register: zbxproxy_encryption_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: zbxproxy_encryption_again is changed + +- name: test - update Zabbix proxy server encryption settings + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: active + tls_connect: certificate + tls_accept: certificate + tls_issuer: AcmeCorp + tls_subject: AcmeCorpServer + register: zbxproxy_encryption_update + +- name: assert that encryption has been updated + ansible.builtin.assert: + that: zbxproxy_encryption_update is changed + +- name: test - update Zabbix proxy server back to being passive + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + operating_mode: passive + address: test-proxy01.local + port: 10051 + register: zbxproxy_passive_update + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_passive_update is changed + +- name: test - create Zabbix proxy group + community.zabbix.zabbix_proxy_group: + name: zbxproxy_group_example01 + state: present + +- name: test - add Zabbix proxy to Zabbix proxy group + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + proxy_group: zbxproxy_group_example01 + state: present + local_address: test-proxy01.local + local_port: 10051 + register: zbxproxy_add_to_group + +- name: assert that proxy was updated + ansible.builtin.assert: + that: zbxproxy_add_to_group is changed + +- name: test - add Zabbix proxy to Zabbix proxy group again + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + proxy_group: zbxproxy_group_example01 + local_address: test-proxy01.local + local_port: 10051 + state: present + register: zbxproxy_add_to_group_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_add_to_group_again is changed + +- name: test - delete proxy + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + +- name: test - create Zabbix proxy with custom timeouts + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + address: 10.1.1.2 + operating_mode: passive + custom_timeouts: 1 + timeout_zabbix_agent: "10" + timeout_simple_check: "15" + timeout_snmp_agent: "16" + timeout_external_check: "20" + timeout_db_monitor: "25" + timeout_http_agent: "30" + timeout_ssh_agent: "15" + timeout_telnet_agent: "10" + timeout_script: "15" + timeout_browser: "30" + register: zbxproxy_create_with_timeouts + +- name: assert that proxy was created + ansible.builtin.assert: + that: zbxproxy_create_with_timeouts is changed + +- name: test - reate Zabbix proxy with custom timeouts again + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + address: 10.1.1.2 + operating_mode: passive + custom_timeouts: 1 + timeout_zabbix_agent: "10" + timeout_simple_check: "15" + timeout_snmp_agent: "16" + timeout_external_check: "20" + timeout_db_monitor: "25" + timeout_http_agent: "30" + timeout_ssh_agent: "15" + timeout_telnet_agent: "10" + timeout_script: "15" + timeout_browser: "30" + register: zbxproxy_create_with_timeouts_again + +- name: assert that nothing has changed + ansible.builtin.assert: + that: not zbxproxy_create_with_timeouts_again is changed + +- name: test - update timeout_zabbix_agent timeout for Zabbix proxy + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + description: Example Zabbix Proxy + state: present + address: 10.1.1.2 + operating_mode: passive + custom_timeouts: 1 + timeout_zabbix_agent: "15" + timeout_simple_check: "15" + timeout_snmp_agent: "16" + timeout_external_check: "20" + timeout_db_monitor: "25" + timeout_http_agent: "30" + timeout_ssh_agent: "15" + timeout_telnet_agent: "10" + timeout_script: "15" + timeout_browser: "30" + register: zbxproxy_update_with_timeouts + +- name: assert that nothing has changed + ansible.builtin.assert: + that: zbxproxy_update_with_timeouts is changed + +- name: test - delete proxy + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + +- name: test - create Zabbix proxy and add it to Zabbix proxy group + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + proxy_group: zbxproxy_group_example01 + local_address: test-proxy01.local + local_port: 10051 + state: present + register: zbxproxy_create_add_to_group_again + +- name: assert that proxy was created + ansible.builtin.assert: + that: zbxproxy_create_add_to_group_again is changed + +- name: test - delete Zabbix proxy server + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + register: zbxproxy_delete + +- name: assert that proxy has been deleted + ansible.builtin.assert: + that: zbxproxy_delete is changed + +- name: test - delete Zabbix proxy server (again) + community.zabbix.zabbix_proxy: + proxy_name: zbxproxy_example01 + state: absent + register: zbxproxy_delete_again + +- name: assert that nothing has been changed + ansible.builtin.assert: + that: not zbxproxy_delete_again is changed diff --git a/tests/integration/targets/test_zabbix_proxy_group/meta/main.yml b/tests/integration/targets/test_zabbix_proxy_group/meta/main.yml new file mode 100644 index 000000000..acdb704c8 --- /dev/null +++ b/tests/integration/targets/test_zabbix_proxy_group/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - setup_zabbix diff --git a/tests/integration/targets/test_zabbix_proxy_group/tasks/main.yml b/tests/integration/targets/test_zabbix_proxy_group/tasks/main.yml new file mode 100644 index 000000000..3dbda1f2c --- /dev/null +++ b/tests/integration/targets/test_zabbix_proxy_group/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- block: + - include_tasks: zabbix_proxy_group_tests.yml + + always: + - name: Cleanup + community.zabbix.zabbix_proxy_group: + name: TestProxyGroup + state: absent + ignore_errors: true diff --git a/tests/integration/targets/test_zabbix_proxy_group/tasks/zabbix_proxy_group_tests.yml b/tests/integration/targets/test_zabbix_proxy_group/tasks/zabbix_proxy_group_tests.yml new file mode 100644 index 000000000..f26a0113e --- /dev/null +++ b/tests/integration/targets/test_zabbix_proxy_group/tasks/zabbix_proxy_group_tests.yml @@ -0,0 +1,64 @@ +--- +- name: test - do not run tests for Zabbix < 7.0 + meta: end_play + when: zabbix_version is version('7.0', '<') + +- name: set module defaults + module_defaults: + community.zabbix.zabbix_proxy_group: + name: TestProxyGroup + + block: + - name: test - create new Zabbix proxy group + community.zabbix.zabbix_proxy_group: + description: Example Zabbix Proxy Group + state: present + failover_delay: 10s + min_online: 2 + register: proxy_group_new + + - name: assert that proxy group was created + ansible.builtin.assert: + that: proxy_group_new is changed + + - name: test - create same Zabbix proxy group + community.zabbix.zabbix_proxy_group: + description: Example Zabbix Proxy Group + state: present + failover_delay: 10s + min_online: 2 + register: proxy_group_existing + + - name: assert that nothing has been changed + ansible.builtin.assert: + that: not proxy_group_existing is changed + + - name: test - update Zabbix proxy group + community.zabbix.zabbix_proxy_group: + description: Example Zabbix Proxy Group + state: present + failover_delay: 20s + min_online: 1 + register: proxy_group_update + + - name: assert that proxy group has changed + ansible.builtin.assert: + that: proxy_group_update is changed + + - name: test - delete Zabbix proxy group + community.zabbix.zabbix_proxy_group: + state: absent + register: proxy_group_delete + + - name: assert that proxy group has been deleted + ansible.builtin.assert: + that: proxy_group_delete is changed + + - name: test - delete Zabbix proxy group (again) + community.zabbix.zabbix_proxy_group: + state: absent + register: proxy_group_delete_again + + - name: assert that nothing has been changed + ansible.builtin.assert: + that: not proxy_group_delete_again is changed diff --git a/tests/integration/targets/test_zabbix_proxy_info/tasks/main.yml b/tests/integration/targets/test_zabbix_proxy_info/tasks/main.yml index ddd101850..ae9a50ec9 100644 --- a/tests/integration/targets/test_zabbix_proxy_info/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_proxy_info/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: test - Create new Zabbix proxy +- name: test - Create new Zabbix proxy for Zabbix < 7.0 community.zabbix.zabbix_proxy: state: present proxy_name: ExampleProxy @@ -11,10 +11,29 @@ port: 10051 dns: ExampleProxy.local register: create_proxy_result + when: zabbix_version is version('7.0', '<') + + +- ansible.builtin.assert: + that: + - create_proxy_result.changed is sameas true + when: zabbix_version is version('7.0', '<') + +- name: test - Create new Zabbix proxy for Zabbix >= 7.0 + community.zabbix.zabbix_proxy: + state: present + proxy_name: ExampleProxy + description: ExampleProxy + operating_mode: passive + address: 10.1.1.2 + port: 10051 + register: create_proxy_result + when: zabbix_version is version('7.0', '>=') - ansible.builtin.assert: that: - create_proxy_result.changed is sameas true + when: zabbix_version is version('7.0', '>=') - name: test - Create new Zabbix host monitored by the proxy community.zabbix.zabbix_host: @@ -23,6 +42,7 @@ host_groups: - Linux servers status: enabled + monitored_by: "{{ zabbix_version is version('7.0', '>=') | ternary('proxy', omit) }}" proxy: ExampleProxy interfaces: - type: 1 @@ -43,6 +63,7 @@ proxy_hosts: true register: get_proxy_info_result +- debug: var=get_proxy_info_result - ansible.builtin.assert: that: - get_proxy_info_result["zabbix_proxy"].host == "ExampleProxy" @@ -53,6 +74,16 @@ - get_proxy_info_result["zabbix_proxy"].interface.useip == "1" - get_proxy_info_result["zabbix_proxy"].interface.port == "10051" - get_proxy_info_result["zabbix_proxy"].interface.dns == "ExampleProxy.local" + when: zabbix_version is version('7.0', '<') + +- ansible.builtin.assert: + that: + - get_proxy_info_result["zabbix_proxy"].name== "ExampleProxy" + - get_proxy_info_result["zabbix_proxy"].hosts | length > 0 + - get_proxy_info_result["zabbix_proxy"].hosts[0].host == "ExampleHost" + - get_proxy_info_result["zabbix_proxy"].address == "10.1.1.2" + - get_proxy_info_result["zabbix_proxy"].port == "10051" + when: zabbix_version is version('7.0', '>=') - name: test - cleanup test Zabbix host community.zabbix.zabbix_host: From 00aaf0075b7869fbf7fdad1a0ae4a6c73aad866a Mon Sep 17 00:00:00 2001 From: David Sieg <57900093+david-sieg@users.noreply.github.com> Date: Thu, 6 Jun 2024 03:25:48 +0200 Subject: [PATCH 2/4] Fix name of config file Zabbix Agent2 (#1267) --- changelogs/fragments/pr_1267.yml | 2 ++ roles/zabbix_agent/tasks/Windows.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/pr_1267.yml diff --git a/changelogs/fragments/pr_1267.yml b/changelogs/fragments/pr_1267.yml new file mode 100644 index 000000000..56acd96e2 --- /dev/null +++ b/changelogs/fragments/pr_1267.yml @@ -0,0 +1,2 @@ +bugfixes: + - zabbix-agent - fix name of Zabbix Agent 2 config filename diff --git a/roles/zabbix_agent/tasks/Windows.yml b/roles/zabbix_agent/tasks/Windows.yml index 2f9758249..ef611e3e1 100644 --- a/roles/zabbix_agent/tasks/Windows.yml +++ b/roles/zabbix_agent/tasks/Windows.yml @@ -32,7 +32,7 @@ zabbix_win_config_name: "zabbix_agentd.conf" zabbix2_win_svc_name: Zabbix Agent 2 zabbix2_win_exe_path: '{{ zabbix_win_install_dir }}\bin\zabbix_agent2.exe' - zabbix2_win_config_name: "zabbix_agentd2.conf" + zabbix2_win_config_name: "zabbix_agent2.conf" tags: - always From 7bc2a10a8c3dd9728653e143ba3550d02ba2ffe7 Mon Sep 17 00:00:00 2001 From: Troy W Date: Thu, 6 Jun 2024 12:57:16 -0400 Subject: [PATCH 3/4] Separate installation of repos (#1272) --- .github/workflows/repo.yml | 72 ++++++++++++ changelogs/fragments/pr_1250.yml | 7 ++ docs/ZABBIX_AGENT_ROLE.md | 4 +- docs/ZABBIX_JAVAGATEWAY_ROLE.md | 1 + docs/ZABBIX_PROXY_ROLE.md | 3 +- docs/ZABBIX_REPO_ROLE.md | 92 ++++++++++++++++ docs/ZABBIX_SERVER_ROLE.md | 11 +- docs/ZABBIX_WEB_ROLE.md | 11 +- .../zabbix_agent_tests/common/molecule.yml | 2 + molecule/zabbix_javagateway/molecule.yml | 3 + molecule/zabbix_proxy/molecule.yml | 3 + molecule/zabbix_repo/converge.yml | 4 + molecule/zabbix_repo/destroy.yml | 23 ++++ molecule/zabbix_repo/molecule.yml | 33 ++++++ molecule/zabbix_repo/prepare.yml | 26 +++++ molecule/zabbix_repo/tests/test_default.py | 19 ++++ molecule/zabbix_server/molecule.yml | 3 + molecule/zabbix_web/molecule.yml | 2 + roles/zabbix_agent/defaults/main.yml | 35 +----- roles/zabbix_agent/tasks/Debian.yml | 93 ---------------- roles/zabbix_agent/tasks/Linux.yml | 3 +- roles/zabbix_agent/tasks/RedHat.yml | 19 ---- roles/zabbix_agent/tasks/main.yml | 9 ++ roles/zabbix_agent/tasks/selinux.yml | 2 +- roles/zabbix_agent/vars/Debian.yml | 3 - roles/zabbix_javagateway/defaults/main.yml | 23 ---- roles/zabbix_javagateway/tasks/Debian.yml | 56 ---------- roles/zabbix_javagateway/tasks/RedHat.yml | 19 ---- roles/zabbix_javagateway/tasks/main.yml | 9 ++ roles/zabbix_javagateway/vars/Debian.yml | 3 - roles/zabbix_proxy/defaults/main.yml | 22 ---- roles/zabbix_proxy/requirements.yml | 3 - roles/zabbix_proxy/tasks/Debian.yml | 103 ------------------ roles/zabbix_proxy/tasks/main.yml | 15 ++- roles/zabbix_proxy/vars/Debian.yml | 2 - roles/zabbix_repo/README.md | 1 + roles/zabbix_repo/defaults/main.yml | 26 +++++ roles/zabbix_repo/handlers/main.yml | 6 + roles/zabbix_repo/meta/main.yml | 26 +++++ .../tasks/Debian.yml | 41 +++---- .../tasks/RedHat.yml | 24 ++-- roles/zabbix_repo/tasks/main.yml | 8 ++ roles/zabbix_repo/vars/Debian.yml | 3 + roles/zabbix_repo/vars/RedHat.yml | 1 + roles/zabbix_repo/vars/main.yml | 2 + roles/zabbix_server/defaults/main.yml | 22 ---- roles/zabbix_server/requirements.yml | 5 - roles/zabbix_server/tasks/RedHat.yml | 39 ------- roles/zabbix_server/tasks/main.yml | 14 ++- roles/zabbix_server/vars/Debian.yml | 3 - roles/zabbix_web/defaults/main.yml | 21 ---- roles/zabbix_web/tasks/Debian.yml | 72 ------------ roles/zabbix_web/tasks/RedHat.yml | 22 +--- roles/zabbix_web/tasks/apache.yml | 2 +- roles/zabbix_web/tasks/main.yml | 9 ++ roles/zabbix_web/vars/Debian.yml | 3 - 56 files changed, 467 insertions(+), 621 deletions(-) create mode 100644 .github/workflows/repo.yml create mode 100644 changelogs/fragments/pr_1250.yml create mode 100644 docs/ZABBIX_REPO_ROLE.md create mode 100644 molecule/zabbix_repo/converge.yml create mode 100644 molecule/zabbix_repo/destroy.yml create mode 100644 molecule/zabbix_repo/molecule.yml create mode 100644 molecule/zabbix_repo/prepare.yml create mode 100644 molecule/zabbix_repo/tests/test_default.py delete mode 100644 roles/zabbix_proxy/requirements.yml delete mode 100644 roles/zabbix_proxy/tasks/Debian.yml create mode 120000 roles/zabbix_repo/README.md create mode 100644 roles/zabbix_repo/defaults/main.yml create mode 100644 roles/zabbix_repo/handlers/main.yml create mode 100644 roles/zabbix_repo/meta/main.yml rename roles/{zabbix_server => zabbix_repo}/tasks/Debian.yml (70%) rename roles/{zabbix_proxy => zabbix_repo}/tasks/RedHat.yml (68%) create mode 100644 roles/zabbix_repo/tasks/main.yml create mode 100644 roles/zabbix_repo/vars/Debian.yml create mode 100644 roles/zabbix_repo/vars/RedHat.yml create mode 100644 roles/zabbix_repo/vars/main.yml delete mode 100644 roles/zabbix_server/requirements.yml delete mode 100644 roles/zabbix_server/tasks/RedHat.yml diff --git a/.github/workflows/repo.yml b/.github/workflows/repo.yml new file mode 100644 index 000000000..e124a6e60 --- /dev/null +++ b/.github/workflows/repo.yml @@ -0,0 +1,72 @@ +--- +name: "community.zabbix.zabbix_repo" +on: + push: + paths: + - "roles/zabbix_repo/**" + - "molecule/zabbix_repo/**" + - "molecule/requirements.txt" + - ".github/workflows/server.yml" + pull_request: + paths: + - "roles/zabbix_repo/**" + - "molecule/zabbix_repo/**" + - "molecule/requirements.txt" + - ".github/workflows/server.yml" +jobs: + molecule: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + container: + - rockylinux9 + - rockylinux8 + - ubuntu2404 + - ubuntu2204 + - ubuntu2004 + - debian12 + - debian11 + collection_role: + - zabbix_repo + version: + - v64 + - v60 + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Python 3.9 + uses: actions/setup-python@v5 + with: + python-version: 3.9 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r molecule/requirements.txt + + - name: Build the collection + run: | + # Pin versions to speed up CI + sed -i 's/ansible\.windows:\s*"\*"/ansible.windows: "2.3.0"/' galaxy.yml + sed -i 's/ansible\.netcommon:\s*"\*"/ansible.netcommon: "6.1.1"/' galaxy.yml + sed -i 's/ansible\.posix:\s*"\*"/ansible.posix: "1.5.4"/' galaxy.yml + sed -i 's/community\.general:\s*"\*"/community.general: "8.6.0"/' galaxy.yml + sed -i 's/community\.mysql:\s*"\*"/community.mysql: "3.9.0"/' galaxy.yml + sed -i 's/community\.postgresql:\s*"\*"/community.postgresql: "3.4.0"/' galaxy.yml + + collection_file=$( basename $(ansible-galaxy collection build -f | awk -F" " '{print $NF}')) + echo "COLLECTION_FILE=$collection_file" >> $GITHUB_ENV + + - name: Install the collection + run: ansible-galaxy collection install -vvvv $COLLECTION_FILE + + - name: Run server role tests + run: >- + MY_MOLECULE_CONTAINER=${{ matrix.container }} + MY_MOLECULE_IMAGE=${{ matrix.container }} + MY_MOLECULE_VERSION=${{ matrix.version }} + MY_MOLECULE_DOCKER_COMMAND=${{ matrix.command }} + molecule test -s ${{ matrix.collection_role }} diff --git a/changelogs/fragments/pr_1250.yml b/changelogs/fragments/pr_1250.yml new file mode 100644 index 000000000..236268b72 --- /dev/null +++ b/changelogs/fragments/pr_1250.yml @@ -0,0 +1,7 @@ +major_changes: + - All Roles - Separate installation of Zabbix repo from all other roles and link them together. +minor_changes: + - All Roles - Include installation of GPG key for RHEL based operating systems. + - All Roles - Add support for yum authentication on RHEL based operating systems. + - All Roles - Add the `zabbix_manage_repo` variable. + - All Roles - Changed logic for installing selinux related changes based the status of selinux on the target system. diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md index dcc7ed6ff..870c5ded6 100644 --- a/docs/ZABBIX_AGENT_ROLE.md +++ b/docs/ZABBIX_AGENT_ROLE.md @@ -119,10 +119,12 @@ The following is an overview of all available configuration default for this rol * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. * `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key. * `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### SElinux -* `zabbix_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_zabbix_run_sudo`: Default: `False`. Enable Zabbix root access on system. ### Zabbix Agent diff --git a/docs/ZABBIX_JAVAGATEWAY_ROLE.md b/docs/ZABBIX_JAVAGATEWAY_ROLE.md index 149ae05b3..9207b1c6c 100644 --- a/docs/ZABBIX_JAVAGATEWAY_ROLE.md +++ b/docs/ZABBIX_JAVAGATEWAY_ROLE.md @@ -64,6 +64,7 @@ The `zabbix_javagateway_version` is optional. The latest available major.minor v * `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. * `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. * `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### Java Gatewaty diff --git a/docs/ZABBIX_PROXY_ROLE.md b/docs/ZABBIX_PROXY_ROLE.md index 5aaeb36e5..f91856355 100644 --- a/docs/ZABBIX_PROXY_ROLE.md +++ b/docs/ZABBIX_PROXY_ROLE.md @@ -105,6 +105,7 @@ The following is an overview of all available configuration default for this rol * `zabbix_proxy_manage_service`: Default: `True`. When you run multiple Zabbix proxies in a High Available cluster setup (e.g. pacemaker), you don't want Ansible to manage the zabbix-proxy service, because Pacemaker is in control of zabbix-proxy service. * `zabbix_proxy_include_mode`: Default: `0755`. The "mode" for the directory configured with `zabbix_proxy_include`. * `zabbix_proxy_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. ### Database specific @@ -138,7 +139,7 @@ The following is an overview of all available configuration default for this rol ### SElinux -* `zabbix_proxy_selinux`: Default: `False`. Enables an SELinux policy so that the Proxy will run. +Selinux changes will be installed based on the status of selinux running on the target system. ## Proxy diff --git a/docs/ZABBIX_REPO_ROLE.md b/docs/ZABBIX_REPO_ROLE.md new file mode 100644 index 000000000..68aa633d9 --- /dev/null +++ b/docs/ZABBIX_REPO_ROLE.md @@ -0,0 +1,92 @@ +# community.zabbix.zabbix_server role + +![Zabbix Manage Repo](https://github.com/ansible-collections/community.zabbix/workflows/community.zabbix.zabbix_manage_repo/badge.svg) + +**Table of Contents** + +- [Overview](#overview) +- [Requirements](#requirements) + * [Operating systems](#operating-systems) + * [Zabbix Versions](#zabbix-versions) +- [Installation](#installation) +- [Role Variables](#role-variables) +- [Example Playbook](#example-playbook) +- [License](#license) +- [Author Information](#author-information) + +# Overview + +This is a Ansible role for installing the yum or apt repository for Zabbix. This will not install the Zabbix Server or any other component of Zabbix itself. + +# Requirements + +## Operating systems + +This role will work on the following operating systems: + + * Red Hat + * Debian + * Ubuntu + +So, you'll need one of those operating systems.. :-) +Please send Pull Requests or suggestions when you want to use this role for other Operating systems. + +## Zabbix Versions + +See the following list of supported Operating systems with the Zabbix releases: + +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | + +# Installation + +Installing this role is very simple: `ansible-galaxy install community.zabbix.zabbix_manage_repo` + +Please be aware that this role only installs the repo itself. It is generally used by the various other Zabbix roles (i.e. server or web) and not normally used by itself. + +# Role Variables + +* `zabbix_repo_apt_priority`: Option: An integer value for the priority of the repo. +* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. +* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. +* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_repo_version }}/{{ ansible_distribution.lower() }}` +* `zabbix_http_proxy`: Optional: HTTP proxy information. +* `zabbix_https_proxy`: Optional: HTTPS proxy information. +* `zabbix_repo_gpg_key`: Optional: The keyring path. Default: `{{ debian_keyring_path }}zabbix-repo.asc` +* `zabbix_repo_keyring_path`: Optional: The path to store keyrings in Debian distributions. Default: `/etc/apt/keyrings/` +* `zabbix_repo_package`: The name of the package to lock the apt priority to. +* `zabbix_repo_version`: Optional. The main version (i.e. major.minor) of Zabbix that will be installed on the host(s). Default: 6.4 +* `zabbix_repo_yum`: A list with Yum repository configuration. +* `zabbix_repo_yum_gpg_check`: Optional. Yum should check GPG keys. Default: 0 +* `zabbix_repo_yum_gpg_key_url`: The URL to download the Zabbix GPG key from. Default: `http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD` +* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) + +# Example Playbook + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + +```yaml + - hosts: zabbix-server + roles: + - role: community.zabbix.zabbix_repo +``` + +# License + +GNU General Public License v3.0 or later + +See LICENCE to see the full text. + +# Author Information + +Please send suggestion or pull requests to make this role better. Also let us know if you encounter any issues installing or using this role. + +Github: https://github.com/ansible-collections/community.zabbix diff --git a/docs/ZABBIX_SERVER_ROLE.md b/docs/ZABBIX_SERVER_ROLE.md index dd3dd30f8..0659aaf14 100644 --- a/docs/ZABBIX_SERVER_ROLE.md +++ b/docs/ZABBIX_SERVER_ROLE.md @@ -103,19 +103,16 @@ The following is an overview of all available configuration default for this rol * `zabbix_server_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_server_version: 6.0`. * `zabbix_server_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) * `zabbix_server_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_service_state`: Default: `started`. Can be overridden to stopped if needed * `zabbix_service_enabled`: Default: `True` Can be overridden to `False` if needed -* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_distribution.lower() }}` -* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. -* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. -* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. + ### SElinux -* `zabbix_server_selinux`: Default: `False`. Enables an SELinux policy so that the server will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_zabbix_can_network`: Default: `False`. * `selinux_allow_zabbix_can_http`: Default: `False`. diff --git a/docs/ZABBIX_WEB_ROLE.md b/docs/ZABBIX_WEB_ROLE.md index 120bb0cb7..16558348e 100644 --- a/docs/ZABBIX_WEB_ROLE.md +++ b/docs/ZABBIX_WEB_ROLE.md @@ -88,16 +88,12 @@ The following is an overview of all available configuration defaults for this ro * `zabbix_web_version`: Optional. The latest available major.minor version of Zabbix will be installed on the host(s). If you want to use an older version, please specify this in the major.minor format. Example: `zabbix_web_version: 6.0`. * `zabbix_web_version_minor`: When you want to specify a minor version to be installed. RedHat only. Default set to: `*` (latest available) -* `zabbix_repo_yum`: A list with Yum repository configuration. -* `zabbix_repo_yum_schema`: Default: `https`. Option to change the web schema for the yum repository(http/https) * `zabbix_web_disable_repo`: A list of repos to disable during install. Default `epel`. * `zabbix_web_package_state`: Default: `present`. Can be overridden to `latest` to update packages when needed. * `zabbix_web_doubleprecision`: Default: `False`. For upgraded installations, please read database [upgrade notes](https://www.zabbix.com/documentation/current/manual/installation/upgrade_notes_500) (Paragraph "Enabling extended range of numeric (float) values") before enabling this option. * `zabbix_web_conf_mode`: Default: `0644`. The "mode" for the Zabbix configuration file. -* `zabbix_repo_deb_url`: The URL to the Zabbix repository. Default `http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_distribution.lower() }}` -* `zabbix_repo_deb_component`: The repository component for Debian installs. Default `main`. -* `zabbix_repo_deb_gpg_key_url`: The URL to download the Zabbix GPG key from. Default `http://repo.zabbix.com/zabbix-official-repo.key`. -* `zabbix_repo_deb_include_deb_src`: True, if deb-src should be included in the zabbix.sources entry. Default `true`. +* `zabbix_manage_repo`: Have the collection install and configure the Zabbix repo Default `true`. + ### Zabbix Web specific @@ -156,7 +152,8 @@ The following properties are specific to Zabbix 5.0 and for the PHP(-FPM) config ### SElinux -* `zabbix_web_selinux`: Default: `False`. Enables an SELinux policy so that the web will run. +Selinux changes will be installed based on the status of selinux running on the target system. + * `selinux_allow_httpd_can_connect_zabbix`: Default: `false`. Set SELinux boolean to allow httpd to connect to zabbix. * `selinux_allow_httpd_can_connect_ldap`: Default: `false`. Set SELinux boolean to allow httpd to connect to LDAP. * `selinux_allow_httpd_can_network_connect_db`: Default: `false` Set SELinux boolean to allow httpd to connect databases over the network. diff --git a/molecule/zabbix_agent_tests/common/molecule.yml b/molecule/zabbix_agent_tests/common/molecule.yml index 4666f0192..bdb70e74f 100644 --- a/molecule/zabbix_agent_tests/common/molecule.yml +++ b/molecule/zabbix_agent_tests/common/molecule.yml @@ -33,6 +33,8 @@ provisioner: zabbix_agent_listenip: 0.0.0.0 zabbix_agent_tlsconnect: psk zabbix_agent_tlsaccept: psk + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_agent_version: 6.4 v62: diff --git a/molecule/zabbix_javagateway/molecule.yml b/molecule/zabbix_javagateway/molecule.yml index 4e1a05ab2..c0481cb00 100644 --- a/molecule/zabbix_javagateway/molecule.yml +++ b/molecule/zabbix_javagateway/molecule.yml @@ -21,6 +21,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_javagateway_version: 6.4 v62: diff --git a/molecule/zabbix_proxy/molecule.yml b/molecule/zabbix_proxy/molecule.yml index 128841a25..f9567dad5 100644 --- a/molecule/zabbix_proxy/molecule.yml +++ b/molecule/zabbix_proxy/molecule.yml @@ -23,6 +23,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_proxy_version: 6.4 v62: diff --git a/molecule/zabbix_repo/converge.yml b/molecule/zabbix_repo/converge.yml new file mode 100644 index 000000000..52433ba46 --- /dev/null +++ b/molecule/zabbix_repo/converge.yml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - role: zabbix_repo diff --git a/molecule/zabbix_repo/destroy.yml b/molecule/zabbix_repo/destroy.yml new file mode 100644 index 000000000..7ef374be5 --- /dev/null +++ b/molecule/zabbix_repo/destroy.yml @@ -0,0 +1,23 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" + vars: + molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" + molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}" + tasks: + - name: Destroy molecule instance(s) + docker_container: + name: "{{ item.name }}" + state: absent + force_kill: "{{ item.force_kill | default(True) }}" + with_items: "{{ molecule_yml.platforms }}" + + - name: Destroy 3rd party instance(s) + docker_container: + name: "{{ item.name }}-db" + state: absent + force_kill: true + loop: "{{ molecule_yml.platforms }}" diff --git a/molecule/zabbix_repo/molecule.yml b/molecule/zabbix_repo/molecule.yml new file mode 100644 index 000000000..873e93ced --- /dev/null +++ b/molecule/zabbix_repo/molecule.yml @@ -0,0 +1,33 @@ +--- +driver: + name: docker +platforms: + - name: zabbix-repo-${MY_MOLECULE_VERSION:-v64}-${MY_MOLECULE_CONTAINER:-rockylinux8} + image: geerlingguy/docker-${MY_MOLECULE_IMAGE:-rockylinux8}-ansible:latest + privileged: true + pre_build_image: true + command: ${MOLECULE_DOCKER_COMMAND:-""} + networks: + - name: zabbix + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + groups: + - ${MY_MOLECULE_VERSION:-v64} + +provisioner: + name: ansible + env: + ANSIBLE_COLLECTIONS_PATHS: $HOME/.ansible/collections/ansible_collections/community/zabbix + ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles + inventory: + group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 + v64: + zabbix_server_version: 6.4 + v60: + zabbix_server_version: 6.0 + +verifier: + name: testinfra diff --git a/molecule/zabbix_repo/prepare.yml b/molecule/zabbix_repo/prepare.yml new file mode 100644 index 000000000..1d33fac42 --- /dev/null +++ b/molecule/zabbix_repo/prepare.yml @@ -0,0 +1,26 @@ +--- +- name: Prepare + hosts: all + tasks: + - name: "Apt update" + ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" + args: + warn: "{{ produce_warn | default(omit) }}" + register: installation_dependencies + until: installation_dependencies is succeeded + when: + - ansible_os_family != 'RedHat' + + - name: "Configure SUDO." + ansible.builtin.lineinfile: + dest: /etc/sudoers + line: "Defaults !requiretty" + state: present + + - name: "Make sure the docs are installed." + ansible.builtin.lineinfile: + dest: /etc/yum.conf + line: "tsflags=nodocs" + state: absent + when: + - ansible_os_family == 'RedHat' diff --git a/molecule/zabbix_repo/tests/test_default.py b/molecule/zabbix_repo/tests/test_default.py new file mode 100644 index 000000000..81d1393f1 --- /dev/null +++ b/molecule/zabbix_repo/tests/test_default.py @@ -0,0 +1,19 @@ +import os +import pytest +from pathlib import Path + + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] +).get_hosts("all") + + +def test_zabbix_manage_repo_installed(host): + os = host.system_info.distribution + if os in ["rocky"]: + result = host.ansible("command", "yum update -y", check=False, become=True)["rc"] + elif os in ["debian", "ubuntu"]: + result = host.ansible("command", "apt update", check=False, become=True)["rc"] + assert result == 0 diff --git a/molecule/zabbix_server/molecule.yml b/molecule/zabbix_server/molecule.yml index ff7972ef7..c67162b42 100644 --- a/molecule/zabbix_server/molecule.yml +++ b/molecule/zabbix_server/molecule.yml @@ -22,6 +22,9 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: + all: + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_server_version: 6.4 v62: diff --git a/molecule/zabbix_web/molecule.yml b/molecule/zabbix_web/molecule.yml index 135acf0e1..720e3f0a7 100644 --- a/molecule/zabbix_web/molecule.yml +++ b/molecule/zabbix_web/molecule.yml @@ -33,6 +33,8 @@ provisioner: group_vars: all: zabbix_api_server_url: zabbix-web-${MY_MOLECULE_VERSION:-v64}-${MY_MOLECULE_DATABASE:-mysql}-${MY_MOLECULE_CONTAINER:-rockylinux8} + zabbix_repo_apt_priority: 1 + zabbix_repo_yum_gpg_check: 1 v64: zabbix_server_version: 6.4 zabbix_web_version: 6.4 diff --git a/roles/zabbix_agent/defaults/main.yml b/roles/zabbix_agent/defaults/main.yml index 43946b810..8831cc759 100644 --- a/roles/zabbix_agent/defaults/main.yml +++ b/roles/zabbix_agent/defaults/main.yml @@ -10,7 +10,7 @@ zabbix_agent_sender_package: "{{ zabbix_sender_package }}" zabbix_get_package: zabbix-get # Depricate in 3.0 zabbox_agent_get_package: "{{ zabbix_get_package }}" zabbix_agent_package_state: present -zabbix_selinux: false +zabbix_agent_selinux: false zabbix_agent_conf_mode: "0644" zabbix_agent_dont_detect_ip: false @@ -18,9 +18,6 @@ zabbix_agent_tlspskidentity_file: "/etc/zabbix/tls_psk_auto.identity" # Selinux related vars selinux_allow_zabbix_run_sudo: false -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true - zabbix_agent_install_agent_only: false # Zabbix role related vars @@ -28,35 +25,8 @@ zabbix_apt_force_apt_get: true zabbix_apt_install_recommends: false # Override Ansible specific facts -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https zabbix_agent_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-agent2-plugins - description: Zabbix Official Repository (Agent2 Plugins) - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_agent_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main # Zabbix API stuff zabbix_api_server_host: localhost @@ -102,8 +72,7 @@ zabbix_agent_chassis: false zabbix_agent_tls_config: unencrypted: "1" psk: "2" - cert: - "4" + cert: "4" # IPMI settings zabbix_agent_ipmi_authtype: -1 diff --git a/roles/zabbix_agent/tasks/Debian.yml b/roles/zabbix_agent/tasks/Debian.yml index 940f1e2f0..d19378424 100644 --- a/roles/zabbix_agent/tasks/Debian.yml +++ b/roles/zabbix_agent/tasks/Debian.yml @@ -1,99 +1,6 @@ --- # Tasks specific for Debian/Ubuntu Systems -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_agent_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_agent_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Installing gnupg" - ansible.builtin.apt: - pkg: gnupg - update_cache: true - cache_valid_time: 3600 - force: true - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - tags: - - install - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: Configure APT Prefrence - when: - - zabbix_agent_apt_priority is defined - - zabbix_agent_apt_priority | int - block: - - name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - become: true - - - name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-agent-{{ zabbix_underscore_version }}" - content: | - Package: {{ zabbix_agent_package }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_agent_apt_priority | int }} - owner: root - mode: "0644" - become: true - tags: - - install - - name: "Debian | Installing zabbix-agent" ansible.builtin.apt: pkg: "{{ zabbix_agent_package }}" diff --git a/roles/zabbix_agent/tasks/Linux.yml b/roles/zabbix_agent/tasks/Linux.yml index aa8bca132..52870b7ba 100644 --- a/roles/zabbix_agent/tasks/Linux.yml +++ b/roles/zabbix_agent/tasks/Linux.yml @@ -85,8 +85,7 @@ - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_selinux | bool + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: "Adding zabbix group" ansible.builtin.group: diff --git a/roles/zabbix_agent/tasks/RedHat.yml b/roles/zabbix_agent/tasks/RedHat.yml index caab1e4f3..48ee3a2c2 100644 --- a/roles/zabbix_agent/tasks/RedHat.yml +++ b/roles/zabbix_agent/tasks/RedHat.yml @@ -1,25 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Installing zabbix-agent" ansible.builtin.package: pkg: diff --git a/roles/zabbix_agent/tasks/main.yml b/roles/zabbix_agent/tasks/main.yml index 509bb629f..22d5ae3e6 100644 --- a/roles/zabbix_agent/tasks/main.yml +++ b/roles/zabbix_agent/tasks/main.yml @@ -87,6 +87,15 @@ zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" when: zabbix_api_server_port is undefined +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_version: "{{ zabbix_agent_version }}" + zabbix_repo_package: "{{ zabbix_agent_package }}" + zabbix_repo_apt_priority: "{{ zabbix_agent_apt_priority | default (omit) }}" + when: zabbix_manage_repo | default(true) + - name: "Install the correct repository" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" when: diff --git a/roles/zabbix_agent/tasks/selinux.yml b/roles/zabbix_agent/tasks/selinux.yml index f82072d68..80a718119 100644 --- a/roles/zabbix_agent/tasks/selinux.yml +++ b/roles/zabbix_agent/tasks/selinux.yml @@ -67,7 +67,7 @@ - name: "SELinux | Set zabbix_selinux to true if getenforce returns Enforcing or Permissive" ansible.builtin.set_fact: - zabbix_selinux: "{{ true }}" + zabbix_agent_selinux: "{{ true }}" when: - 'getenforce_bin.stat.exists and ("Enforcing" in sestatus.stdout or "Permissive" in sestatus.stdout)' tags: diff --git a/roles/zabbix_agent/vars/Debian.yml b/roles/zabbix_agent/vars/Debian.yml index fa6e088d1..e7c7d0629 100644 --- a/roles/zabbix_agent/vars/Debian.yml +++ b/roles/zabbix_agent/vars/Debian.yml @@ -33,6 +33,3 @@ zabbix_valid_agent_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_javagateway/defaults/main.yml b/roles/zabbix_javagateway/defaults/main.yml index d7f659648..093d189f4 100644 --- a/roles/zabbix_javagateway/defaults/main.yml +++ b/roles/zabbix_javagateway/defaults/main.yml @@ -3,35 +3,12 @@ #zabbix_javagateway_version:6.4 zabbix_javagateway_package_state: present -zabbix_repo_yum_schema: https zabbix_java_gateway_conf_mode: "0644" -zabbix_repo_yum_gpgcheck: 0 zabbix_javagateway_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_javagateway_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main zabbix_javagateway_pidfile: /run/zabbix/zabbix_java_gateway.pid zabbix_javagateway_listenip: 0.0.0.0 zabbix_javagateway_listenport: 10052 zabbix_javagateway_startpollers: 5 - -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true diff --git a/roles/zabbix_javagateway/tasks/Debian.yml b/roles/zabbix_javagateway/tasks/Debian.yml index fd970ab75..667e53cf1 100644 --- a/roles/zabbix_javagateway/tasks/Debian.yml +++ b/roles/zabbix_javagateway/tasks/Debian.yml @@ -1,60 +1,4 @@ --- -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_javagateway_version | regex_replace('\\.', '') }}" - tags: - - always - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - register: zabbix_repo - become: true - tags: - - install - -- name: "Debian | Update apt cache if repo was added" - ansible.builtin.apt: update_cache=yes - when: zabbix_repo is changed - - name: "Debian | Installing zabbix-java-gateway" ansible.builtin.apt: pkg: zabbix-java-gateway diff --git a/roles/zabbix_javagateway/tasks/RedHat.yml b/roles/zabbix_javagateway/tasks/RedHat.yml index 96d9d3928..37f2fd3b5 100644 --- a/roles/zabbix_javagateway/tasks/RedHat.yml +++ b/roles/zabbix_javagateway/tasks/RedHat.yml @@ -1,25 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Installing zabbix-java-gateway" ansible.builtin.package: pkg: zabbix-java-gateway diff --git a/roles/zabbix_javagateway/tasks/main.yml b/roles/zabbix_javagateway/tasks/main.yml index aeeecbc8f..529af73a6 100644 --- a/roles/zabbix_javagateway/tasks/main.yml +++ b/roles/zabbix_javagateway/tasks/main.yml @@ -22,6 +22,15 @@ tags: - always +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_proxy_javagateway_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_javagateway_version }}" + zabbix_repo_package: "zabbix-java-gateway" + when: zabbix_manage_repo | default(true) + - name: "Install the correct repository" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_javagateway/vars/Debian.yml b/roles/zabbix_javagateway/vars/Debian.yml index 3ec096b9b..dbb48d793 100644 --- a/roles/zabbix_javagateway/vars/Debian.yml +++ b/roles/zabbix_javagateway/vars/Debian.yml @@ -20,6 +20,3 @@ zabbix_valid_javagateway_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_proxy/defaults/main.yml b/roles/zabbix_proxy/defaults/main.yml index 635c40f40..80574b9d6 100644 --- a/roles/zabbix_proxy/defaults/main.yml +++ b/roles/zabbix_proxy/defaults/main.yml @@ -39,29 +39,7 @@ zabbix_proxy_tls_config: zabbix_proxy_version_minor: "*" # Yum/APT Variables -zabbix_repo_yum_schema: https -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_proxy_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present -zabbix_proxy_apt_priority: zabbix_proxy_package_state: present -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true # Proxy Configuration Variables (Only ones with role provided defaults) zabbix_proxy_allowroot: 0 diff --git a/roles/zabbix_proxy/requirements.yml b/roles/zabbix_proxy/requirements.yml deleted file mode 100644 index 37db26ffa..000000000 --- a/roles/zabbix_proxy/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.mysql -- src: geerlingguy.postgresql diff --git a/roles/zabbix_proxy/tasks/Debian.yml b/roles/zabbix_proxy/tasks/Debian.yml deleted file mode 100644 index 94b56890c..000000000 --- a/roles/zabbix_proxy/tasks/Debian.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -- name: "Debian | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_proxy_version | regex_replace('\\.', '_') }}" - tags: - - always - -- name: "Debian | Set some facts for Zabbix" - ansible.builtin.set_fact: - datafiles_path: /usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }} - tags: - - install - - config - -- name: "Debian | Installing gnupg" - ansible.builtin.apt: - pkg: gnupg - update_cache: true - cache_valid_time: 3600 - force: true - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: gnupg_installed - until: gnupg_installed is succeeded - become: true - tags: - - install - -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - when: - - zabbix_proxy_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix-proxy-{{ zabbix_proxy_database }}" - content: | - Package: zabbix-proxy-{{ zabbix_proxy_database }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_proxy_apt_priority }} - owner: root - mode: "0644" - when: - - zabbix_proxy_apt_priority | int - become: true - tags: - - install diff --git a/roles/zabbix_proxy/tasks/main.yml b/roles/zabbix_proxy/tasks/main.yml index 3043bdaef..1c1bafe24 100644 --- a/roles/zabbix_proxy/tasks/main.yml +++ b/roles/zabbix_proxy/tasks/main.yml @@ -15,7 +15,6 @@ - name: Set More Variables ansible.builtin.set_fact: zabbix_proxy_db_long: "{{ 'postgresql' if zabbix_proxy_database == 'pgsql' else zabbix_proxy_database }}" - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" zabbix_proxy_fpinglocation: "{{ zabbix_proxy_fpinglocation if zabbix_proxy_fpinglocation is defined else _zabbix_proxy_fpinglocation}}" zabbix_proxy_fping6location: "{{ zabbix_proxy_fping6location if zabbix_proxy_fping6location is defined else _zabbix_proxy_fping6location}}" tags: @@ -46,8 +45,18 @@ - config - api -- name: "Complete OS Specific Tasks" - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_proxy_apt_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_proxy_version }}" + zabbix_repo_package: "zabbix-proxy-{{ zabbix_proxy_database }}" + when: zabbix_manage_repo | default(true) + +- name: "Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: "Install zabbix-proxy packages" ansible.builtin.package: diff --git a/roles/zabbix_proxy/vars/Debian.yml b/roles/zabbix_proxy/vars/Debian.yml index 2b1b58caf..b40a7e6a3 100644 --- a/roles/zabbix_proxy/vars/Debian.yml +++ b/roles/zabbix_proxy/vars/Debian.yml @@ -45,8 +45,6 @@ _zabbix_proxy_mysql_dependencies: _zabbix_proxy_sqlite3_dependencies: - sqlite3 -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" _zabbix_proxy_fping6location: /usr/bin/fping6 _zabbix_proxy_fpinglocation: /usr/bin/fping diff --git a/roles/zabbix_repo/README.md b/roles/zabbix_repo/README.md new file mode 120000 index 000000000..28683b139 --- /dev/null +++ b/roles/zabbix_repo/README.md @@ -0,0 +1 @@ +../../docs/ZABBIX_REPO_ROLE.md \ No newline at end of file diff --git a/roles/zabbix_repo/defaults/main.yml b/roles/zabbix_repo/defaults/main.yml new file mode 100644 index 000000000..9f4a162bf --- /dev/null +++ b/roles/zabbix_repo/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# Yum/APT Variables +zabbix_repo_version: "6.4" +zabbix_repo_yum_gpgcheck: 0 +zabbix_repo_yum_schema: https +zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_repo_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" +zabbix_repo_deb_component: main +zabbix_repo_yum: + - name: zabbix + description: Zabbix Official Repository - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_repo_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + mode: "0644" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present + - name: zabbix-non-supported + description: Zabbix Official Repository non-supported - $basearch + baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" + mode: "0644" + gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX + state: present +zabbix_repo_apt_priority: +zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key +zabbix_repo_deb_include_deb_src: true +zabbix_repo_rpm_gpg_key_url: http://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD diff --git a/roles/zabbix_repo/handlers/main.yml b/roles/zabbix_repo/handlers/main.yml new file mode 100644 index 000000000..5907e3a0f --- /dev/null +++ b/roles/zabbix_repo/handlers/main.yml @@ -0,0 +1,6 @@ +- name: "clean repo files from proxy creds" + ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true + become: true + when: + - ansible_os_family == 'RedHat' + - zabbix_http_proxy is defined or zabbix_https_proxy is defined diff --git a/roles/zabbix_repo/meta/main.yml b/roles/zabbix_repo/meta/main.yml new file mode 100644 index 000000000..8f01938a6 --- /dev/null +++ b/roles/zabbix_repo/meta/main.yml @@ -0,0 +1,26 @@ +--- +galaxy_info: + author: Werner Dijkerman + description: Installing and maintaining zabbix-server for RedHat/Debian/Ubuntu. + company: myCompany.Dotcom + license: MIT + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - lucid + - precise + - trusty + - name: Debian + versions: + - squeeze + - wheezy + galaxy_tags: + - zabbix + - monitoring + +dependencies: [] diff --git a/roles/zabbix_server/tasks/Debian.yml b/roles/zabbix_repo/tasks/Debian.yml similarity index 70% rename from roles/zabbix_server/tasks/Debian.yml rename to roles/zabbix_repo/tasks/Debian.yml index c7b106614..54b867322 100644 --- a/roles/zabbix_server/tasks/Debian.yml +++ b/roles/zabbix_repo/tasks/Debian.yml @@ -1,11 +1,4 @@ --- -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" - zabbix_underscore_version: "{{ zabbix_server_version | regex_replace('\\.', '_') }}" - tags: - - always - - name: "Debian | Installing gnupg" ansible.builtin.apt: pkg: gnupg @@ -25,9 +18,9 @@ # In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. # It SHOULD be created with permissions 0755 if it is needed and does not already exist. # See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" +- name: "Debian | Create {{ zabbix_repo_keyring_path }} on older versions" ansible.builtin.file: - path: /etc/apt/keyrings/ + path: "{{ zabbix_repo_keyring_path }}" state: directory mode: "0755" become: true @@ -36,17 +29,17 @@ (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. + when: not ansible_check_mode # Because get_url always has changed status in check_mode. ansible.builtin.get_url: url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" + dest: "{{ zabbix_repo_gpg_key }}" mode: "0644" force: true environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_server_repo_files_installed - until: zabbix_server_repo_files_installed is succeeded + register: zabbix_repo_files_installed + until: zabbix_repo_files_installed is succeeded become: true tags: - install @@ -64,7 +57,8 @@ Suites: {{ ansible_distribution_release }} Components: {{ zabbix_repo_deb_component }} Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} + Signed-By: {{ zabbix_repo_gpg_key }} + register: zabbix_repo become: true tags: - install @@ -75,22 +69,31 @@ state: directory mode: "0755" when: - - zabbix_server_apt_priority | int + - zabbix_repo_apt_priority is defined + - zabbix_repo_apt_priority | int become: true tags: - install - name: "Debian | Configuring the weight for APT" ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" + dest: "/etc/apt/preferences.d/{{ zabbix_repo_package }}" content: | - Package: zabbix_server-{{ zabbix_proxy_database }} + Package: {{ zabbix_repo_package }} Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_server_apt_priority }} + Pin-Priority: {{ zabbix_repo_apt_priority }} owner: root mode: "0644" when: - - zabbix_server_apt_priority | int + - zabbix_repo_apt_priority is defined + - zabbix_repo_apt_priority | int + - zabbix_repo_package is defined + - zabbix_repo_package become: true tags: - install + +- name: "Debian | Update apt cache if repo was added" + ansible.builtin.apt: update_cache=yes + when: zabbix_repo is changed + become: true diff --git a/roles/zabbix_proxy/tasks/RedHat.yml b/roles/zabbix_repo/tasks/RedHat.yml similarity index 68% rename from roles/zabbix_proxy/tasks/RedHat.yml rename to roles/zabbix_repo/tasks/RedHat.yml index a3dddcec2..ea797d3bd 100644 --- a/roles/zabbix_proxy/tasks/RedHat.yml +++ b/roles/zabbix_repo/tasks/RedHat.yml @@ -1,12 +1,6 @@ --- # Tasks specific for RedHat systems -- name: "RedHat | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" - tags: - - always - - name: "RedHat | Make sure old file is absent" ansible.builtin.file: path: /etc/yum.repos.d/zabbix-supported.repo @@ -15,17 +9,28 @@ tags: - install +- name: "RedHat | Install GPG key" + ansible.builtin.rpm_key: + state: present + key: "{{ zabbix_repo_rpm_gpg_key_url }}" + become: true + tags: + - install + - name: "RedHat | Install basic repo file" ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" + gpgcheck: "{{ item.gpgcheck | default(omit) }}" gpgkey: "{{ item.gpgkey }}" mode: "{{ item.mode | default('0644') }}" priority: "{{ item.priority | default('99') }}" state: "{{ item.state | default('present') }}" proxy: "{{ zabbix_http_proxy | default(omit) }}" + username: "{{ item.username | default(omit) }}" + password: "{{ item.password | default(omit) }}" + sslverify: "{{ item.sslverify | default('true') }}" with_items: "{{ zabbix_repo_yum }}" register: yum_repo_installed become: true @@ -33,8 +38,3 @@ - "clean repo files from proxy creds" tags: - install - -- name: "Configure SELinux when enabled" - ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_proxy_selinux | bool diff --git a/roles/zabbix_repo/tasks/main.yml b/roles/zabbix_repo/tasks/main.yml new file mode 100644 index 000000000..24a1060f8 --- /dev/null +++ b/roles/zabbix_repo/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Include OS-specific variables + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" + tags: + - always + +- name: Install the correct repository + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_repo/vars/Debian.yml b/roles/zabbix_repo/vars/Debian.yml new file mode 100644 index 000000000..3576b4b76 --- /dev/null +++ b/roles/zabbix_repo/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +zabbix_repo_keyring_path: /etc/apt/keyrings/ +zabbix_repo_gpg_key: "{{ zabbix_repo_keyring_path }}zabbix-repo.asc" diff --git a/roles/zabbix_repo/vars/RedHat.yml b/roles/zabbix_repo/vars/RedHat.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/zabbix_repo/vars/RedHat.yml @@ -0,0 +1 @@ +--- diff --git a/roles/zabbix_repo/vars/main.yml b/roles/zabbix_repo/vars/main.yml new file mode 100644 index 000000000..3f674d7c1 --- /dev/null +++ b/roles/zabbix_repo/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for zabbix_server diff --git a/roles/zabbix_server/defaults/main.yml b/roles/zabbix_server/defaults/main.yml index b3c669ba9..fbd103d75 100644 --- a/roles/zabbix_server/defaults/main.yml +++ b/roles/zabbix_server/defaults/main.yml @@ -40,29 +40,7 @@ zabbix_service_state: started # Yum/APT Variables zabbix_server_version_minor: "*" zabbix_server_package_state: present -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_server_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_server_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present -zabbix_server_apt_priority: zabbix_server_conf_mode: 0640 -zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key -zabbix_repo_deb_include_deb_src: true # Server Configuration Variables (Only ones with role provided defaults) zabbix_server_alertscriptspath: /usr/lib/zabbix/alertscripts diff --git a/roles/zabbix_server/requirements.yml b/roles/zabbix_server/requirements.yml deleted file mode 100644 index 217a431bc..000000000 --- a/roles/zabbix_server/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- src: geerlingguy.apache -- src: geerlingguy.mysql -- src: geerlingguy.postgresql -- src: community.postgresql diff --git a/roles/zabbix_server/tasks/RedHat.yml b/roles/zabbix_server/tasks/RedHat.yml deleted file mode 100644 index 7fdb5bb72..000000000 --- a/roles/zabbix_server/tasks/RedHat.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Tasks specific for RedHat systems - -- name: "RedHat | Set short version name" - ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_server_version | regex_replace('\\.', '') }}" - tags: - - always - -- name: "RedHat | Make sure old file is absent" - ansible.builtin.file: - path: /etc/yum.repos.d/zabbix-supported.repo - state: absent - become: true - tags: - - install - -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck }}" - gpgkey: "{{ item.gpgkey }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - -- name: "RedHat | Configure SELinux when enabled" - ansible.builtin.include_tasks: selinux.yml - when: ansible_facts.selinux.status | default('disabled') == 'enabled' diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml index 356403e0b..9af231a36 100644 --- a/roles/zabbix_server/tasks/main.yml +++ b/roles/zabbix_server/tasks/main.yml @@ -27,8 +27,18 @@ tags: - always -- name: Install the correct repository - ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_apt_priority: "{{ zabbix_server_apt_priority | default (omit) }}" + zabbix_repo_version: "{{ zabbix_server_version }}" + zabbix_repo_package: "zabbix_server-{{ zabbix_proxy_database }}" + when: zabbix_manage_repo | default(true) + +- name: "Configure SELinux when enabled" + ansible.builtin.include_tasks: selinux.yml + when: ansible_facts.selinux.status | default('disabled') == 'enabled' - name: Install zabbix-server packages ansible.builtin.package: diff --git a/roles/zabbix_server/vars/Debian.yml b/roles/zabbix_server/vars/Debian.yml index 6f088bbcf..4c9acaad3 100644 --- a/roles/zabbix_server/vars/Debian.yml +++ b/roles/zabbix_server/vars/Debian.yml @@ -27,9 +27,6 @@ zabbix_valid_server_versions: - 6.2 - 6.0 -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" - _zabbix_server_pgsql_dependencies: - "{{ zabbix_server_install_database_client | ternary('postgresql-client', '') }}" - python3-psycopg2 diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index 53744bab9..e5833485a 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -49,29 +49,9 @@ zabbix_server_dbverifyhost: false zabbix_server_dbschema: # Yum/APT Variables -zabbix_web_apt_priority: zabbix_web_version_minor: "*" -zabbix_repo_yum_gpgcheck: 0 -zabbix_repo_yum_schema: https -zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_web_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" -zabbix_repo_deb_component: main zabbix_web_disable_repo: - epel -zabbix_repo_yum: - - name: zabbix - description: Zabbix Official Repository - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/zabbix/{{ zabbix_web_version | regex_search('^[0-9]+.[0-9]+') }}/rhel/{{ ansible_distribution_major_version }}/$basearch/" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" - mode: "0644" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present - - name: zabbix-non-supported - description: Zabbix Official Repository non-supported - $basearch - baseurl: "{{ zabbix_repo_yum_schema }}://repo.zabbix.com/non-supported/rhel/{{ ansible_distribution_major_version }}/$basearch/" - mode: "0644" - gpgcheck: "{{ zabbix_repo_yum_gpgcheck | default('0') }}" - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX - state: present # Elasticsearch # zabbix_server_history_url: @@ -95,7 +75,6 @@ selinux_allow_httpd_can_connect_zabbix: false zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key zabbix_repo_deb_include_deb_src: true - # SAML certificates # zabbix_saml_idp_crt: # zabbix_saml_sp_crt: diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 4ddab341b..255ecb235 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -7,7 +7,6 @@ - name: "Debian | Set some variables" ansible.builtin.set_fact: - zabbix_short_version: "{{ zabbix_web_version | regex_replace('\\.', '') }}" zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" tags: - always @@ -46,77 +45,6 @@ - dependencies - database -# In releases older than Debian 12 and Ubuntu 22.04, /etc/apt/keyrings does not exist by default. -# It SHOULD be created with permissions 0755 if it is needed and does not already exist. -# See: https://wiki.debian.org/DebianRepository/UseThirdParty -- name: "Debian | Create /etc/apt/keyrings/ on older versions" - ansible.builtin.file: - path: /etc/apt/keyrings/ - state: directory - mode: "0755" - become: true - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "22") or - (ansible_distribution == "Debian" and ansible_distribution_major_version < "12") - -- name: "Debian | Download gpg key" - when: not ansible_check_mode # Because get_url always has changed status in check_mode. - ansible.builtin.get_url: - url: "{{ zabbix_repo_deb_gpg_key_url }}" - dest: "{{ zabbix_gpg_key }}" - mode: "0644" - force: true - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - tags: - - install - -- name: "Debian | Installing repository {{ ansible_distribution }}" - ansible.builtin.copy: - dest: /etc/apt/sources.list.d/zabbix.sources - owner: root - group: root - mode: 0644 - content: | - Types: deb{{ ' deb-src' if zabbix_repo_deb_include_deb_src }} - Enabled: yes - URIs: {{ zabbix_repo_deb_url }} - Suites: {{ ansible_distribution_release }} - Components: {{ zabbix_repo_deb_component }} - Architectures: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} - Signed-By: {{ zabbix_gpg_key }} - become: true - tags: - - install - -- name: "Debian | Create /etc/apt/preferences.d/" - ansible.builtin.file: - path: /etc/apt/preferences.d/ - state: directory - mode: "0755" - when: - - zabbix_web_apt_priority | int - become: true - tags: - - install - -- name: "Debian | Configuring the weight for APT" - ansible.builtin.copy: - dest: "/etc/apt/preferences.d/zabbix_server-{{ zabbix_proxy_database }}" - content: | - Package: zabbix_server-{{ zabbix_proxy_database }} - Pin: origin repo.zabbix.com - Pin-Priority: {{ zabbix_web_apt_priority }} - owner: root - mode: "0644" - when: - - zabbix_web_apt_priority | int - become: true - tags: - - install - - name: "Debian | Install zabbix-web" ansible.builtin.apt: pkg: "zabbix-frontend-php" diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml index 8dfb2e113..2cde6bd41 100644 --- a/roles/zabbix_web/tasks/RedHat.yml +++ b/roles/zabbix_web/tasks/RedHat.yml @@ -4,25 +4,6 @@ tags: - always -- name: "RedHat | Install basic repo file" - ansible.builtin.yum_repository: - name: "{{ item.name }}" - description: "{{ item.description | default(omit) }}" - baseurl: "{{ item.baseurl }}" - gpgcheck: "{{ item.gpgcheck | default(omit) }}" - gpgkey: "{{ item.gpgkey | default(omit) }}" - mode: "{{ item.mode | default('0644') }}" - priority: "{{ item.priority | default('99') }}" - state: "{{ item.state | default('present') }}" - proxy: "{{ zabbix_http_proxy | default(omit) }}" - with_items: "{{ zabbix_repo_yum }}" - register: yum_repo_installed - become: true - notify: - - "clean repo files from proxy creds" - tags: - - install - - name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" ansible.builtin.yum: name: @@ -60,5 +41,4 @@ - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml - when: - - zabbix_web_selinux | bool + when: ansible_facts.selinux.status | default('disabled') == 'enabled' diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index 7e55fe3e9..fa7e78e03 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -26,7 +26,7 @@ - name: "RedHat | Install zabbix-apache-conf" ansible.builtin.yum: name: - - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" + - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor | default ('*')}}" state: "{{ zabbix_web_package_state }}" update_cache: true disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" diff --git a/roles/zabbix_web/tasks/main.yml b/roles/zabbix_web/tasks/main.yml index 54a313a1c..157a94825 100644 --- a/roles/zabbix_web/tasks/main.yml +++ b/roles/zabbix_web/tasks/main.yml @@ -50,6 +50,15 @@ - config - install +- name: Install Repository + ansible.builtin.include_role: + name: community.zabbix.zabbix_repo + vars: + zabbix_repo_version: "{{ zabbix_web_version }}" + zabbix_repo_package: "zabbix-web-service" + zabbix_repo_apt_priority: "{{ zabbix_web_apt_priority | default (omit) }}" + when: zabbix_manage_repo | default(true) + - name: Include OS Specific Tasks ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index a859c0c4c..a52708c33 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -44,6 +44,3 @@ zabbix_valid_web_versions: - 6.4 - 6.2 - 6.0 - -debian_keyring_path: /etc/apt/keyrings/ -zabbix_gpg_key: "{{ debian_keyring_path }}zabbix-repo.asc" From 773cfa327015d8b2dc8fd1f50fb7302cc09eb92b Mon Sep 17 00:00:00 2001 From: Troy W Date: Thu, 6 Jun 2024 19:48:51 -0400 Subject: [PATCH 4/4] Remove Support for Zabbix 6.2 (#1274) --- .github/workflows/agent.yml | 6 - .github/workflows/javagateway.yml | 6 - .github/workflows/proxy.yml | 10 +- .github/workflows/server.yml | 7 +- .github/workflows/web.yml | 6 - changelogs/fragments/1250.yml | 2 + docs/ZABBIX_AGENT_ROLE.md | 20 +-- docs/ZABBIX_JAVAGATEWAY_ROLE.md | 18 +-- docs/ZABBIX_PROXY_ROLE.md | 18 +-- docs/ZABBIX_SERVER_ROLE.md | 18 +-- docs/ZABBIX_WEB_ROLE.md | 18 +-- .../zabbix_agent_tests/common/molecule.yml | 2 - molecule/zabbix_javagateway/molecule.yml | 2 - molecule/zabbix_proxy/molecule.yml | 2 - molecule/zabbix_server/molecule.yml | 2 - molecule/zabbix_web/molecule.yml | 3 - roles/zabbix_agent/vars/Debian.yml | 5 - roles/zabbix_agent/vars/RedHat.yml | 2 - roles/zabbix_agent/vars/Windows.yml | 1 - roles/zabbix_javagateway/vars/Debian.yml | 3 - roles/zabbix_javagateway/vars/RedHat.yml | 3 - roles/zabbix_proxy/vars/Debian.yml | 3 - roles/zabbix_proxy/vars/RedHat.yml | 2 - roles/zabbix_server/vars/Debian.yml | 3 - roles/zabbix_server/vars/RedHat.yml | 2 - roles/zabbix_web/vars/Debian.yml | 3 - roles/zabbix_web/vars/RedHat.yml | 2 - .../tasks/zabbix_authentication_tests.yml | 149 ------------------ .../test_zabbix_host_info/tasks/main.yml | 4 +- .../test_zabbix_settings/tasks/main.yml | 4 +- .../test_zabbix_template/defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- .../test_zabbix_template_info/tasks/main.yml | 2 +- .../test_zabbix_templategroup/tasks/main.yml | 4 +- .../test_zabbix_usergroup/tasks/main.yml | 8 +- 35 files changed, 63 insertions(+), 281 deletions(-) create mode 100644 changelogs/fragments/1250.yml diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index 29810bacd..4ed41594c 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -29,18 +29,12 @@ jobs: - debian11 version: - v64 - - v62 - v60 scenario_name: - default - autopsk - agent2 - agent2autopsk - exclude: - - container: debian12 - version: v62 - - container: ubuntu2404 - version: v62 steps: - name: Check out code diff --git a/.github/workflows/javagateway.yml b/.github/workflows/javagateway.yml index f3c261703..ee5f41c75 100644 --- a/.github/workflows/javagateway.yml +++ b/.github/workflows/javagateway.yml @@ -29,13 +29,7 @@ jobs: - debian11 version: - v64 - - v62 - v60 - exclude: - - container: debian12 - version: v62 - - container: ubuntu2404 - version: v62 collection_role: - zabbix_javagateway steps: diff --git a/.github/workflows/proxy.yml b/.github/workflows/proxy.yml index 64cf5db86..8e5d7195d 100644 --- a/.github/workflows/proxy.yml +++ b/.github/workflows/proxy.yml @@ -35,16 +35,8 @@ jobs: - sqlite3 version: - v64 - - v62 - v60 - exclude: - - container: - name: debian12 - base_image: debian:12 - os_family: debian - version: v62 - - container: ubuntu2404 - version: v62 + steps: - name: Check out code uses: actions/checkout@v4 diff --git a/.github/workflows/server.yml b/.github/workflows/server.yml index da651e41b..332b27fee 100644 --- a/.github/workflows/server.yml +++ b/.github/workflows/server.yml @@ -34,13 +34,8 @@ jobs: - pgsql version: - v64 - - v62 - v60 - exclude: - - container: debian12 - version: v62 - - container: ubuntu2404 - version: v62 + steps: - name: Check out code uses: actions/checkout@v4 diff --git a/.github/workflows/web.yml b/.github/workflows/web.yml index 5ceb8b746..4d0ebecd4 100644 --- a/.github/workflows/web.yml +++ b/.github/workflows/web.yml @@ -37,13 +37,7 @@ jobs: - apache version: - v64 - - v62 - v60 - exclude: - - container: ubuntu2404 - version: v62 - - container: debian12 - version: v62 steps: - name: Check out code uses: actions/checkout@v4 diff --git a/changelogs/fragments/1250.yml b/changelogs/fragments/1250.yml new file mode 100644 index 000000000..8f1f1dd41 --- /dev/null +++ b/changelogs/fragments/1250.yml @@ -0,0 +1,2 @@ +breaking_changes: + - Removed support for Zabbix 6.2 diff --git a/docs/ZABBIX_AGENT_ROLE.md b/docs/ZABBIX_AGENT_ROLE.md index 870c5ded6..043d70576 100644 --- a/docs/ZABBIX_AGENT_ROLE.md +++ b/docs/ZABBIX_AGENT_ROLE.md @@ -89,15 +89,15 @@ To successfully complete the install the role requires `python-netaddr` on the c See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | -|---------------------|-----|-----|-----| -| Red Hat Fam 9 | V | V | V | -| Red Hat Fam 8 | V | V | V | -| Ubuntu 24.04 noble | V | | V | -| Ubuntu 22.04 jammy | V | V | V | -| Ubuntu 20.04 focal | V | V | V | -| Debian 12 bookworm | V | V | V | -| Debian 11 bullseye | V | V | V | +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | You can bypass this matrix by setting `enable_version_check: false` @@ -109,7 +109,7 @@ The following is an overview of all available configuration default for this rol ### Overall Zabbix -* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4, 6.2, or 6.0 +* `zabbix_agent_version`: This is the version of zabbix. Default: The highest supported version for the operating system. Can be overridden to 6.4 or 6.0 * `zabbix_agent_version_minor`: When you want to specify a minor version to be installed. Is also used for `zabbix_sender` and `zabbix_get`. RedHat only. Default set to: `*` (latest available) * `zabbix_repo_yum`: A list with Yum repository configuration. * `zabbix_repo_yum_gpgcheck`: If Yum should check GPG keys on installation diff --git a/docs/ZABBIX_JAVAGATEWAY_ROLE.md b/docs/ZABBIX_JAVAGATEWAY_ROLE.md index 9207b1c6c..a500a5fc7 100644 --- a/docs/ZABBIX_JAVAGATEWAY_ROLE.md +++ b/docs/ZABBIX_JAVAGATEWAY_ROLE.md @@ -34,15 +34,15 @@ So, you'll need one of those operating systems.. :-) See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 | -|---------------------|-----|-----|-----| -| Red Hat Fam 9 | V | V | V | -| Red Hat Fam 8 | V | V | V | -| Ubuntu 24.04 noble | V | | V | -| Ubuntu 22.04 jammy | V | V | V | -| Ubuntu 20.04 focal | V | V | V | -| Debian 12 bookworm | V | | V | -| Debian 11 bullseye | V | V | V | +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | You can bypass this matrix by setting `enable_version_check: false` diff --git a/docs/ZABBIX_PROXY_ROLE.md b/docs/ZABBIX_PROXY_ROLE.md index f91856355..b1d7179bf 100644 --- a/docs/ZABBIX_PROXY_ROLE.md +++ b/docs/ZABBIX_PROXY_ROLE.md @@ -77,15 +77,15 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 | -|---------------------|-----|-----|-----| -| Red Hat Fam 9 | V | V | V | -| Red Hat Fam 8 | V | V | V | -| Ubuntu 24.04 noble | V | | V | -| Ubuntu 22.04 jammy | V | V | V | -| Ubuntu 20.04 focal | V | V | V | -| Debian 12 bookworm | V | | V | -| Debian 11 bullseye | V | V | V | +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | You can bypass this matrix by setting `enable_version_check: false` diff --git a/docs/ZABBIX_SERVER_ROLE.md b/docs/ZABBIX_SERVER_ROLE.md index 0659aaf14..a55b46da9 100644 --- a/docs/ZABBIX_SERVER_ROLE.md +++ b/docs/ZABBIX_SERVER_ROLE.md @@ -75,15 +75,15 @@ ansible-galaxy collection install community.postgresql See the following list of supported Operating systems with the Zabbix releases: -| Zabbix | 6.4 | 6.2 | 6.0 | -|---------------------|-----|-----|-----| -| Red Hat Fam 9 | V | V | V | -| Red Hat Fam 8 | V | V | V | -| Ubuntu 24.04 noble | V | | V | -| Ubuntu 22.04 jammy | V | V | V | -| Ubuntu 20.04 focal | V | V | V | -| Debian 12 bookworm | V | | V | -| Debian 11 bullseye | V | V | V | +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | You can bypass this matrix by setting `enable_version_check: false` diff --git a/docs/ZABBIX_WEB_ROLE.md b/docs/ZABBIX_WEB_ROLE.md index 16558348e..5e0d8bf2b 100644 --- a/docs/ZABBIX_WEB_ROLE.md +++ b/docs/ZABBIX_WEB_ROLE.md @@ -55,15 +55,15 @@ ansible-galaxy collection install community.general See the following list of supported Operating Systems with the Zabbix releases. -| Zabbix | 6.4 | 6.2 | 6.0 | -|---------------------|-----|-----|-----| -| Red Hat Fam 9 | V | V | V | -| Red Hat Fam 8 | V | V | V | -| Ubuntu 24.04 noble | V | | V | -| Ubuntu 22.04 jammy | V | V | V | -| Ubuntu 20.04 focal | V | V | V | -| Debian 12 bookworm | V | | V | -| Debian 11 bullseye | V | V | V | +| Zabbix | 6.4 | 6.0 | +|---------------------|-----|-----| +| Red Hat Fam 9 | V | V | +| Red Hat Fam 8 | V | V | +| Ubuntu 24.04 noble | V | V | +| Ubuntu 22.04 jammy | V | V | +| Ubuntu 20.04 focal | V | V | +| Debian 12 bookworm | V | V | +| Debian 11 bullseye | V | V | You can bypass this matrix by setting `enable_version_check: false` diff --git a/molecule/zabbix_agent_tests/common/molecule.yml b/molecule/zabbix_agent_tests/common/molecule.yml index bdb70e74f..6ef3ba22b 100644 --- a/molecule/zabbix_agent_tests/common/molecule.yml +++ b/molecule/zabbix_agent_tests/common/molecule.yml @@ -37,8 +37,6 @@ provisioner: zabbix_repo_yum_gpg_check: 1 v64: zabbix_agent_version: 6.4 - v62: - zabbix_agent_version: 6.2 v60: zabbix_agent_version: 6.0 scenario: diff --git a/molecule/zabbix_javagateway/molecule.yml b/molecule/zabbix_javagateway/molecule.yml index c0481cb00..5e5fca0f7 100644 --- a/molecule/zabbix_javagateway/molecule.yml +++ b/molecule/zabbix_javagateway/molecule.yml @@ -26,8 +26,6 @@ provisioner: zabbix_repo_yum_gpg_check: 1 v64: zabbix_javagateway_version: 6.4 - v62: - zabbix_javagateway_version: 6.2 v60: zabbix_javagateway_version: 6.0 diff --git a/molecule/zabbix_proxy/molecule.yml b/molecule/zabbix_proxy/molecule.yml index f9567dad5..4e1b27fe1 100644 --- a/molecule/zabbix_proxy/molecule.yml +++ b/molecule/zabbix_proxy/molecule.yml @@ -28,8 +28,6 @@ provisioner: zabbix_repo_yum_gpg_check: 1 v64: zabbix_proxy_version: 6.4 - v62: - zabbix_proxy_version: 6.2 v60: zabbix_proxy_version: 6.0 mysql: diff --git a/molecule/zabbix_server/molecule.yml b/molecule/zabbix_server/molecule.yml index c67162b42..f988cc033 100644 --- a/molecule/zabbix_server/molecule.yml +++ b/molecule/zabbix_server/molecule.yml @@ -27,8 +27,6 @@ provisioner: zabbix_repo_yum_gpg_check: 1 v64: zabbix_server_version: 6.4 - v62: - zabbix_server_version: 6.2 v60: zabbix_server_version: 6.0 mysql: diff --git a/molecule/zabbix_web/molecule.yml b/molecule/zabbix_web/molecule.yml index 720e3f0a7..9d4541bc5 100644 --- a/molecule/zabbix_web/molecule.yml +++ b/molecule/zabbix_web/molecule.yml @@ -38,9 +38,6 @@ provisioner: v64: zabbix_server_version: 6.4 zabbix_web_version: 6.4 - v62: - zabbix_server_version: 6.2 - zabbix_web_version: 6.2 v60: zabbix_server_version: 6.0 zabbix_web_version: 6.0 diff --git a/roles/zabbix_agent/vars/Debian.yml b/roles/zabbix_agent/vars/Debian.yml index e7c7d0629..36002ab95 100644 --- a/roles/zabbix_agent/vars/Debian.yml +++ b/roles/zabbix_agent/vars/Debian.yml @@ -7,17 +7,14 @@ zabbix_valid_agent_versions: # Debian "12": - 6.4 - - 6.2 - 6.0 "11": - 6.4 - - 6.2 - 6.0 "9": - 6.4 - - 6.2 - 6.0 # Ubuntu "24": @@ -26,10 +23,8 @@ zabbix_valid_agent_versions: "22": - 6.4 - - 6.2 - 6.0 "20": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_agent/vars/RedHat.yml b/roles/zabbix_agent/vars/RedHat.yml index 7c807652e..b799942a5 100644 --- a/roles/zabbix_agent/vars/RedHat.yml +++ b/roles/zabbix_agent/vars/RedHat.yml @@ -6,9 +6,7 @@ zabbix_agent: zabbix-agent zabbix_valid_agent_versions: "9": - 6.4 - - 6.2 - 6.0 "8": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_agent/vars/Windows.yml b/roles/zabbix_agent/vars/Windows.yml index 4dd64ba02..543758aa2 100644 --- a/roles/zabbix_agent/vars/Windows.yml +++ b/roles/zabbix_agent/vars/Windows.yml @@ -3,5 +3,4 @@ zabbix_valid_agent_versions: "10": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_javagateway/vars/Debian.yml b/roles/zabbix_javagateway/vars/Debian.yml index dbb48d793..a6612204b 100644 --- a/roles/zabbix_javagateway/vars/Debian.yml +++ b/roles/zabbix_javagateway/vars/Debian.yml @@ -5,7 +5,6 @@ zabbix_valid_javagateway_versions: - 6.0 "11": - 6.4 - - 6.2 - 6.0 # Ubuntu @@ -14,9 +13,7 @@ zabbix_valid_javagateway_versions: - 6.0 "22": - 6.4 - - 6.2 - 6.0 "20": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_javagateway/vars/RedHat.yml b/roles/zabbix_javagateway/vars/RedHat.yml index 62af028ff..2df5ee3ae 100644 --- a/roles/zabbix_javagateway/vars/RedHat.yml +++ b/roles/zabbix_javagateway/vars/RedHat.yml @@ -2,13 +2,10 @@ zabbix_valid_javagateway_versions: "9": - 6.4 - - 6.2 - 6.0 "8": - 6.4 - - 6.2 - 6.0 "7": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_proxy/vars/Debian.yml b/roles/zabbix_proxy/vars/Debian.yml index b40a7e6a3..bc7b1ff98 100644 --- a/roles/zabbix_proxy/vars/Debian.yml +++ b/roles/zabbix_proxy/vars/Debian.yml @@ -5,18 +5,15 @@ zabbix_valid_proxy_versions: - 6.0 "11": - 6.4 - - 6.2 - 6.0 "24": - 6.4 - 6.0 "22": - 6.4 - - 6.2 - 6.0 "20": - 6.4 - - 6.2 - 6.0 _zabbix_proxy_pgsql_dependencies: diff --git a/roles/zabbix_proxy/vars/RedHat.yml b/roles/zabbix_proxy/vars/RedHat.yml index 04900934e..5c2cc5d5b 100644 --- a/roles/zabbix_proxy/vars/RedHat.yml +++ b/roles/zabbix_proxy/vars/RedHat.yml @@ -1,11 +1,9 @@ zabbix_valid_proxy_versions: "9": - 6.4 - - 6.2 - 6.0 "8": - 6.4 - - 6.2 - 6.0 _zabbix_proxy_pgsql_dependencies: diff --git a/roles/zabbix_server/vars/Debian.yml b/roles/zabbix_server/vars/Debian.yml index 4c9acaad3..2d18e9054 100644 --- a/roles/zabbix_server/vars/Debian.yml +++ b/roles/zabbix_server/vars/Debian.yml @@ -12,7 +12,6 @@ zabbix_valid_server_versions: - 6.0 "11": - 6.4 - - 6.2 - 6.0 # Ubuntu "24": @@ -20,11 +19,9 @@ zabbix_valid_server_versions: - 6.0 "22": - 6.4 - - 6.2 - 6.0 "20": - 6.4 - - 6.2 - 6.0 _zabbix_server_pgsql_dependencies: diff --git a/roles/zabbix_server/vars/RedHat.yml b/roles/zabbix_server/vars/RedHat.yml index fb20631f8..d575d8fb0 100644 --- a/roles/zabbix_server/vars/RedHat.yml +++ b/roles/zabbix_server/vars/RedHat.yml @@ -11,11 +11,9 @@ __epel_repo: zabbix_valid_server_versions: "9": - 6.4 - - 6.2 - 6.0 "8": - 6.4 - - 6.2 - 6.0 _zabbix_server_pgsql_dependencies: diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index a52708c33..f8c3e42af 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -30,7 +30,6 @@ zabbix_valid_web_versions: - 6.0 "11": - 6.4 - - 6.2 - 6.0 # Ubuntu "24": @@ -38,9 +37,7 @@ zabbix_valid_web_versions: - 6.0 "22": - 6.4 - - 6.2 - 6.0 "20": - 6.4 - - 6.2 - 6.0 diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 785c18c99..9365ede15 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -21,11 +21,9 @@ __epel_repo: zabbix_valid_web_versions: "9": - 6.4 - - 6.2 - 6.0 "8": - 6.4 - - 6.2 - 6.0 zabbix_web_php_dependencies: diff --git a/tests/integration/targets/test_zabbix_authentication/tasks/zabbix_authentication_tests.yml b/tests/integration/targets/test_zabbix_authentication/tasks/zabbix_authentication_tests.yml index 90b8b7868..f73f5be2e 100644 --- a/tests/integration/targets/test_zabbix_authentication/tasks/zabbix_authentication_tests.yml +++ b/tests/integration/targets/test_zabbix_authentication/tasks/zabbix_authentication_tests.yml @@ -151,155 +151,6 @@ ansible.builtin.assert: that: zbxauth_update.changed is sameas True -- when: zabbix_version is version('6.2', '=') - name: support Zabbix version (=6.2) - block: - - name: test - create user directory - community.zabbix.zabbix_user_directory: - name: TestUserDirectory - host: "test.com" - port: 389 - base_dn: "ou=Users,dc=example,dc=org" - search_attribute: "uid" - - - name: test - update ldap_configured without mandatory paramters - community.zabbix.zabbix_authentication: - ldap_configured: true - ignore_errors: true - register: zbxauth_update - - - name: assert that authentication was NOT updated - ansible.builtin.assert: - that: - - zbxauth_update.failed is sameas True - - zbxauth_update.msg == "Please set ldap_userdirectory when you change a value of ldap_configured to true." - - - name: test - update saml_auth_enabled without mandatory paramters - community.zabbix.zabbix_authentication: - saml_auth_enabled: true - ignore_errors: true - register: zbxauth_update - - - name: assert that authentication was NOT updated - ansible.builtin.assert: - that: - - zbxauth_update.failed is sameas True - - zbxauth_update.msg == "Please set saml_idp_entityid, saml_sso_url, saml_username_attribute and saml_sp_entityid when you change a value of saml_auth_enabled to true." - - - name: test - update all authentication setting - community.zabbix.zabbix_authentication: - authentication_type: internal - http_auth_enabled: true - http_login_form: zabbix_login_form - http_strip_domains: "comp,any" - http_case_sensitive: true - ldap_configured: true - ldap_case_sensitive: true - ldap_userdirectory: TestUserDirectory - saml_auth_enabled: true - saml_idp_entityid: "" - saml_sso_url: "https://localhost/SAML2/SSO" - saml_slo_url: "https://localhost/SAML2/SLO" - saml_username_attribute: "uid" - saml_sp_entityid: "https://localhost" - saml_nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" - saml_sign_messages: true - saml_sign_assertions: true - saml_sign_authn_requests: true - saml_sign_logout_requests: true - saml_sign_logout_responses: true - saml_encrypt_nameid: true - saml_encrypt_assertions: true - saml_case_sensitive: true - passwd_min_length: 70 - passwd_check_rules: - - contain_uppercase_and_lowercase_letters - - contain_digits - - contain_special_characters - - avoid_easy_to_guess - register: zbxauth_update - - - name: assert that authentication was updated - ansible.builtin.assert: - that: zbxauth_update.changed is sameas True - - - name: test - update all authentication setting (again) - community.zabbix.zabbix_authentication: - authentication_type: internal - http_auth_enabled: true - http_login_form: zabbix_login_form - http_strip_domains: - - comp - - any - http_case_sensitive: true - ldap_configured: true - ldap_case_sensitive: true - ldap_userdirectory: TestUserDirectory - saml_auth_enabled: true - saml_idp_entityid: "" - saml_sso_url: "https://localhost/SAML2/SSO" - saml_slo_url: "https://localhost/SAML2/SLO" - saml_username_attribute: "uid" - saml_sp_entityid: "https://localhost" - saml_nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" - saml_sign_messages: true - saml_sign_assertions: true - saml_sign_authn_requests: true - saml_sign_logout_requests: true - saml_sign_logout_responses: true - saml_encrypt_nameid: true - saml_encrypt_assertions: true - saml_case_sensitive: true - passwd_min_length: 70 - passwd_check_rules: - - contain_uppercase_and_lowercase_letters - - contain_digits - - contain_special_characters - - avoid_easy_to_guess - register: zbxauth_update - - - name: assert that authentication was NOT updated - ansible.builtin.assert: - that: zbxauth_update.changed is sameas False - - - name: test - initialize all authentication setting - community.zabbix.zabbix_authentication: - authentication_type: internal - http_auth_enabled: false - http_login_form: zabbix_login_form - http_strip_domains: [] - http_case_sensitive: true - ldap_configured: false - ldap_case_sensitive: true - saml_auth_enabled: false - saml_idp_entityid: "" - saml_sso_url: "" - saml_slo_url: "" - saml_username_attribute: "" - saml_sp_entityid: "" - saml_nameid_format: "" - saml_sign_messages: false - saml_sign_assertions: false - saml_sign_authn_requests: false - saml_sign_logout_requests: false - saml_sign_logout_responses: false - saml_encrypt_nameid: false - saml_encrypt_assertions: false - saml_case_sensitive: false - passwd_min_length: 8 - passwd_check_rules: - - avoid_easy_to_guess - register: zbxauth_update - - - name: assert that authentication was updated - ansible.builtin.assert: - that: zbxauth_update.changed is sameas True - - - name: test - delete user directory - community.zabbix.zabbix_user_directory: - name: TestUserDirectory - state: absent - - when: zabbix_version is version('6.4', '>=') name: support Zabbix version (>=6.4) block: diff --git a/tests/integration/targets/test_zabbix_host_info/tasks/main.yml b/tests/integration/targets/test_zabbix_host_info/tasks/main.yml index 72c2f6364..3cd63e437 100644 --- a/tests/integration/targets/test_zabbix_host_info/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_host_info/tasks/main.yml @@ -49,7 +49,7 @@ community.zabbix.zabbix_host_info: register: gather_all_facts_result - - when: zabbix_version is version('5.4', '>=') and zabbix_version is version('6.2', '<') + - when: zabbix_version is version('6.0', '=') ansible.builtin.assert: that: - gather_all_facts_result.hosts | length == 1 @@ -70,7 +70,7 @@ - gather_all_facts_result.hosts.0.hostinterfaces.0.type == "1" - gather_all_facts_result.hosts.0.hostinterfaces.0.useip == "1" - - when: zabbix_version is version('6.2', '>=') + - when: zabbix_version is version('6.4', '>=') ansible.builtin.assert: that: - gather_all_facts_result.hosts | length == 1 diff --git a/tests/integration/targets/test_zabbix_settings/tasks/main.yml b/tests/integration/targets/test_zabbix_settings/tasks/main.yml index 7be88158e..d1056f097 100644 --- a/tests/integration/targets/test_zabbix_settings/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_settings/tasks/main.yml @@ -73,8 +73,8 @@ that: - zbx_settings.changed is sameas False -- when: zabbix_version is version('6.2', '>=') - name: support Zabbix version (>=6.2) +- when: zabbix_version is version('6.4', '>=') + name: support Zabbix version (>=6.4) block: - name: test - Zabbix settings (same as default) community.zabbix.zabbix_settings: diff --git a/tests/integration/targets/test_zabbix_template/defaults/main.yml b/tests/integration/targets/test_zabbix_template/defaults/main.yml index 6f736db53..7d1f6deba 100644 --- a/tests/integration/targets/test_zabbix_template/defaults/main.yml +++ b/tests/integration/targets/test_zabbix_template/defaults/main.yml @@ -1,2 +1,2 @@ --- -template_groups_key: "{{ 'template_groups' if zabbix_version is version('6.2', '>=') else 'groups' }}" +template_groups_key: "{{ 'template_groups' if zabbix_version is version('6.4', '>=') else 'groups' }}" diff --git a/tests/integration/targets/test_zabbix_template_info/defaults/main.yml b/tests/integration/targets/test_zabbix_template_info/defaults/main.yml index 6f736db53..7d1f6deba 100644 --- a/tests/integration/targets/test_zabbix_template_info/defaults/main.yml +++ b/tests/integration/targets/test_zabbix_template_info/defaults/main.yml @@ -1,2 +1,2 @@ --- -template_groups_key: "{{ 'template_groups' if zabbix_version is version('6.2', '>=') else 'groups' }}" +template_groups_key: "{{ 'template_groups' if zabbix_version is version('6.4', '>=') else 'groups' }}" diff --git a/tests/integration/targets/test_zabbix_template_info/tasks/main.yml b/tests/integration/targets/test_zabbix_template_info/tasks/main.yml index ae790f1f9..37915dc64 100644 --- a/tests/integration/targets/test_zabbix_template_info/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_template_info/tasks/main.yml @@ -27,7 +27,7 @@ - ansible.builtin.assert: that: - fetch_template_json_format_result.template_json[template_export_key].date is defined - when: zabbix_version is version('6.2', '<=') + when: zabbix_version is version('6.0', '=') - ansible.builtin.assert: that: diff --git a/tests/integration/targets/test_zabbix_templategroup/tasks/main.yml b/tests/integration/targets/test_zabbix_templategroup/tasks/main.yml index c04c20497..812368d79 100644 --- a/tests/integration/targets/test_zabbix_templategroup/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_templategroup/tasks/main.yml @@ -1,7 +1,7 @@ --- -- name: test - do not run tests for Zabbix < 6.2 +- name: test - do not run tests for Zabbix = 6.0 meta: end_play - when: zabbix_version is version('6.2', '<') + when: zabbix_version is version('6.0', '=') - name: test - create new Zabbix template group community.zabbix.zabbix_templategroup: diff --git a/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml b/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml index d1922315b..1ed0aa0ca 100644 --- a/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml +++ b/tests/integration/targets/test_zabbix_usergroup/tasks/main.yml @@ -49,7 +49,7 @@ ansible.builtin.assert: that: usergroup_reset is changed - - when: zabbix_version is version('6.2', '<') + - when: zabbix_version is version('6.0', '=') block: - name: test - update Zabbix user group with one right community.zabbix.zabbix_usergroup: @@ -88,7 +88,7 @@ ansible.builtin.assert: that: not usergroup_updated_rights_again is changed - - when: zabbix_version is version('6.2', '>=') + - when: zabbix_version is version('6.4', '>=') block: - name: test - update Zabbix user group with one hostgroup right community.zabbix.zabbix_usergroup: @@ -217,7 +217,7 @@ - name: test - reset Zabbix user group to default community.zabbix.zabbix_usergroup: - - when: zabbix_version is version('6.2', '>=') + - when: zabbix_version is version('6.4', '>=') block: - name: test - create new user directory community.zabbix.zabbix_user_directory: @@ -270,4 +270,4 @@ name: LDAP infra 1 host: "test.com" state: absent - when: zabbix_version is version('6.2', '>=') + when: zabbix_version is version('6.4', '>=')