From 4efc621b12a15880bd875bd79717bf5566a9effb Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Tue, 26 Mar 2024 10:41:14 +0000 Subject: [PATCH 01/22] Single common task to install zabbix-web RedHat can pin the minor version, and has a toggle to disable repo. Debian can't pin minor version. The other debian option cache_valid_time seems irrelevant? We use the common package module, which is just a wrapper around apt/yum, and use this construction; user_supplied_var | default(_calculated_var | default(omit)) to send additional parameters to the respective modules. The workaround ZBX-10467 is dependent on packages being installed, so had to get moved aswell. --- roles/zabbix_web/defaults/main.yml | 2 -- roles/zabbix_web/tasks/Debian.yml | 24 ------------------------ roles/zabbix_web/tasks/RedHat.yml | 16 ---------------- roles/zabbix_web/tasks/main.yml | 25 +++++++++++++++++++++++++ roles/zabbix_web/vars/Debian.yml | 2 ++ roles/zabbix_web/vars/RedHat.yml | 4 ++++ 6 files changed, 31 insertions(+), 42 deletions(-) diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index e5833485a..bcd8be2d3 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -50,8 +50,6 @@ zabbix_server_dbschema: # Yum/APT Variables zabbix_web_version_minor: "*" -zabbix_web_disable_repo: - - epel # Elasticsearch # zabbix_server_history_url: diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 255ecb235..69fc6ac39 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -44,27 +44,3 @@ - install - dependencies - database - -- name: "Debian | Install zabbix-web" - ansible.builtin.apt: - pkg: "zabbix-frontend-php" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - tags: - - install - -- name: "Debian | Link graphfont.ttf (workaround ZBX-10467)" - ansible.builtin.file: - src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf" - path: "/usr/share/zabbix/fonts/graphfont.ttf" - state: link - become: true - tags: - - install diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml index 2cde6bd41..0669b7160 100644 --- a/roles/zabbix_web/tasks/RedHat.yml +++ b/roles/zabbix_web/tasks/RedHat.yml @@ -4,22 +4,6 @@ tags: - always -- name: "RedHat | Install zabbix-web-{{ zabbix_server_database }}" - ansible.builtin.yum: - name: - - "zabbix-web-{{ zabbix_server_database }}" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - tags: - - install - - name: "RedHat | Install zabbix-web-configuration" ansible.builtin.yum: name: diff --git a/roles/zabbix_web/tasks/main.yml b/roles/zabbix_web/tasks/main.yml index 157a94825..d00b418d1 100644 --- a/roles/zabbix_web/tasks/main.yml +++ b/roles/zabbix_web/tasks/main.yml @@ -62,6 +62,31 @@ - name: Include OS Specific Tasks ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" +- name: "Install zabbix-web package" + ansible.builtin.package: + name: "{{ _zabbix_web_package }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: _zabbix_web_package_installed + until: _zabbix_web_package_installed is succeeded + become: true + tags: + - install + +- name: "Debian | Link graphfont.ttf (workaround ZBX-10467)" + when: ansible_facts['os_family'] == 'Debian' + ansible.builtin.file: + src: "/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf" + path: "/usr/share/zabbix/fonts/graphfont.ttf" + state: link + become: true + tags: + - install + - name: "Install the web server specific tasks" ansible.builtin.include_tasks: "{{ zabbix_web_http_server }}.yml" diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index 943e7b982..cb2cc0814 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -44,3 +44,5 @@ zabbix_valid_web_versions: "20": - 6.4 - 6.0 + +_zabbix_web_package: zabbix-frontend-php diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 583b41cd5..efd4e30e8 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -41,3 +41,7 @@ zabbix_selinux_dependencies: - python3-libsemanage "8": - python3-libsemanage + +_zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_disable_repo: + - epel From f22855ed60514e197ffc42ea624efa07edecbd2e Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Wed, 8 May 2024 22:00:26 +0000 Subject: [PATCH 02/22] Remove mysql install tasks It doesn't really make sense installing this package on all of RedHat family, when there's no corresponding Debian task doing the same. MySQL/mariadb is gets installed by the zabbix_server role. And the PyMySQL dependency is only needed for the ansible collection community.mysql, which we don't use in this role. --- molecule/zabbix_server/prepare.yml | 11 ----------- molecule/zabbix_web/prepare.yml | 19 ------------------- 2 files changed, 30 deletions(-) diff --git a/molecule/zabbix_server/prepare.yml b/molecule/zabbix_server/prepare.yml index 2ef218f7c..12ff225ad 100644 --- a/molecule/zabbix_server/prepare.yml +++ b/molecule/zabbix_server/prepare.yml @@ -56,17 +56,6 @@ when: - ansible_os_family == 'RedHat' - - name: "Installing packages on CentOS" - ansible.builtin.yum: - name: - - mysql - state: present - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - ansible_os_family == 'RedHat' - - inventory_hostname in groups['mysql'] - - name: "Apt update" ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" register: installation_dependencies diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 4a12c95ae..471ebf557 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -56,17 +56,6 @@ when: - ansible_os_family == 'RedHat' - - name: "Installing MySQL on CentOS" - ansible.builtin.yum: - name: - - mysql - state: present - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - ansible_os_family == 'RedHat' - - inventory_hostname in groups['mysql'] - - name: "Apt update" ansible.builtin.shell: "apt-get update" register: installation_dependencies @@ -104,14 +93,6 @@ when: - ansible_os_family == 'RedHat' - - name: PyMySQL - ansible.builtin.pip: - name: PyMySQL - register: installation_dependencies - until: installation_dependencies is succeeded - when: - - inventory_hostname in groups['mysql'] - - name: Enabeling PHP 8.0 block: - name: Add epel From e17762bca563cd40d4ce4d71a91d7901d60f9269 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Wed, 8 May 2024 22:05:51 +0000 Subject: [PATCH 03/22] Improve when condition logic for os_family It's better to check for what it IS we're looking for rather than what it's not. You could be looking at 'Suse' at some point, and this logic wouldn't hold. --- molecule/zabbix_proxy/prepare.yml | 8 +++----- molecule/zabbix_server/prepare.yml | 8 +++----- molecule/zabbix_web/prepare.yml | 8 +++----- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/molecule/zabbix_proxy/prepare.yml b/molecule/zabbix_proxy/prepare.yml index fd6fde987..fee0d5a0f 100644 --- a/molecule/zabbix_proxy/prepare.yml +++ b/molecule/zabbix_proxy/prepare.yml @@ -60,10 +60,9 @@ ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -76,8 +75,7 @@ state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: diff --git a/molecule/zabbix_server/prepare.yml b/molecule/zabbix_server/prepare.yml index 12ff225ad..f651985d9 100644 --- a/molecule/zabbix_server/prepare.yml +++ b/molecule/zabbix_server/prepare.yml @@ -60,10 +60,9 @@ ansible.builtin.shell: "apt-get update && echo exit 0 > /usr/sbin/policy-rc.d" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -75,8 +74,7 @@ state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 471ebf557..5f8886dea 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -60,10 +60,9 @@ ansible.builtin.shell: "apt-get update" register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - - name: "Installing packages on NON-CentOS" + - name: "Installing packages on Debian family" ansible.builtin.apt: name: - net-tools @@ -76,8 +75,7 @@ state: present register: installation_dependencies until: installation_dependencies is succeeded - when: - - ansible_os_family != 'RedHat' + when: ansible_facts['os_family'] == 'Debian' - name: "Configure SUDO." ansible.builtin.lineinfile: From f2ccb55930fcab423ab3b40defd1e9b9b2b6cdda Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Wed, 8 May 2024 22:16:01 +0000 Subject: [PATCH 04/22] Swap out remi for appstream php:8.0/common Use dnf module instead of command, this makes the task idempotent. --- molecule/zabbix_web/prepare.yml | 18 +++--------------- molecule/zabbix_web/requirements.yml | 2 -- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 5f8886dea..d98e9300f 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -91,21 +91,9 @@ when: - ansible_os_family == 'RedHat' - - name: Enabeling PHP 8.0 - block: - - name: Add epel - ansible.builtin.include_role: - name: geerlingguy.repo-epel - - - name: Add remi - ansible.builtin.include_role: - name: geerlingguy.repo-remi - - - name: Reset dnf library - ansible.builtin.shell: dnf module reset php - - - name: Set php Version - ansible.builtin.shell: dnf module enable -y php:remi-8.0 + - name: Enabling PHP 8.0 + ansible.builtin.dnf: + name: "@php:8.0/common" when: - ansible_os_family == 'RedHat' - ansible_distribution_major_version == "8" diff --git a/molecule/zabbix_web/requirements.yml b/molecule/zabbix_web/requirements.yml index 5e3796937..e08ac4c1f 100644 --- a/molecule/zabbix_web/requirements.yml +++ b/molecule/zabbix_web/requirements.yml @@ -2,5 +2,3 @@ - src: geerlingguy.apache - src: geerlingguy.nginx - src: geerlingguy.php -- src: geerlingguy.repo-epel -- src: geerlingguy.repo-remi From 873f5eaf26b0dbfb3d2e8af3c3d0dda9bfebb3aa Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 18 May 2024 13:58:23 +0000 Subject: [PATCH 05/22] Make it clear tasks are a workaround Remove ubuntu-22.04 from this workaround, support for ubuntu-22.04 was added in 5.0.0[1]. Not sure if it's a good idea to pin the geerlingguy role? We can pin it to a specific version, but I haven't figured out why it's not respecting a relative version, like '>=5.0.0' [1] https://github.com/geerlingguy/ansible-role-php/pull/406 --- molecule/zabbix_web/prepare.yml | 56 ++++++++++++---------------- molecule/zabbix_web/requirements.yml | 8 ++-- 2 files changed, 29 insertions(+), 35 deletions(-) diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index d98e9300f..5fefe275e 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -118,40 +118,32 @@ - ansible_distribution_major_version >= '8' - ansible_os_family == "RedHat" - - name: Set PHP Version (Ubuntu 2204) - ansible.builtin.set_fact: - __php_default_version_debian: "8.1" - when: - - ansible_distribution_major_version >= '22' - - ansible_os_family == "Debian" - - - name: Set PHP Version (Ubuntu 2404) - ansible.builtin.set_fact: - __php_default_version_debian: "8.3" + - name: Workaround for geerlingguy.php missing ubuntu-24.04 support when: - - ansible_distribution_major_version >= '24' - - ansible_os_family == "Debian" + - ansible_facts['distribution'] == "Ubuntu" + - ansible_facts['distribution_major_version'] >= '24' + block: + - name: Set PHP Version + ansible.builtin.set_fact: + __php_default_version_debian: "8.3" - - name: Set PHP packages (Ubuntu 2204 & 2404) - ansible.builtin.set_fact: - __php_packages: - - php{{ __php_default_version_debian }}-common - - php{{ __php_default_version_debian }}-cli - - php{{ __php_default_version_debian }}-dev - - php{{ __php_default_version_debian }}-fpm - - libpcre3-dev - - php{{ __php_default_version_debian }}-gd - - php{{ __php_default_version_debian }}-curl - - php{{ __php_default_version_debian }}-imap - - php-json - - php{{ __php_default_version_debian }}-opcache - - php{{ __php_default_version_debian }}-xml - - php{{ __php_default_version_debian }}-mbstring - - php{{ __php_default_version_debian }}-apcu - - php{{ __php_default_version_debian }}-sqlite3 - when: - - ansible_distribution_major_version >= '22' - - ansible_os_family == "Debian" + - name: Set PHP packages + ansible.builtin.set_fact: + __php_packages: + - php{{ __php_default_version_debian }}-common + - php{{ __php_default_version_debian }}-cli + - php{{ __php_default_version_debian }}-dev + - php{{ __php_default_version_debian }}-fpm + - libpcre3-dev + - php{{ __php_default_version_debian }}-gd + - php{{ __php_default_version_debian }}-curl + - php{{ __php_default_version_debian }}-imap + - php-json + - php{{ __php_default_version_debian }}-opcache + - php{{ __php_default_version_debian }}-xml + - php{{ __php_default_version_debian }}-mbstring + - php{{ __php_default_version_debian }}-apcu + - php{{ __php_default_version_debian }}-sqlite3 roles: - role: geerlingguy.apache diff --git a/molecule/zabbix_web/requirements.yml b/molecule/zabbix_web/requirements.yml index e08ac4c1f..75de0d7fb 100644 --- a/molecule/zabbix_web/requirements.yml +++ b/molecule/zabbix_web/requirements.yml @@ -1,4 +1,6 @@ --- -- src: geerlingguy.apache -- src: geerlingguy.nginx -- src: geerlingguy.php +roles: + - src: geerlingguy.apache + - src: geerlingguy.nginx + - src: geerlingguy.php + version: '5.0.1' From 614d61a4f11a024d2834340a5d3b3a304fd8b478 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 18 May 2024 18:28:56 +0000 Subject: [PATCH 06/22] Remove zabbix 5.0 related task Zabbix 5 wanted to install the sql-scripts to /usr/share/doc, and this task removes a line in yum.conf that prevented that from happening. But since 6.0 we haven't had to deal with that, so out it goes. --- molecule/zabbix_proxy/prepare.yml | 1 - molecule/zabbix_server/prepare.yml | 8 -------- molecule/zabbix_web/prepare.yml | 8 -------- 3 files changed, 17 deletions(-) diff --git a/molecule/zabbix_proxy/prepare.yml b/molecule/zabbix_proxy/prepare.yml index fee0d5a0f..493f54974 100644 --- a/molecule/zabbix_proxy/prepare.yml +++ b/molecule/zabbix_proxy/prepare.yml @@ -70,7 +70,6 @@ - python3-pip - gpg-agent - sudo - - doc-base update_cache: true state: present register: installation_dependencies diff --git a/molecule/zabbix_server/prepare.yml b/molecule/zabbix_server/prepare.yml index f651985d9..3cc41d94b 100644 --- a/molecule/zabbix_server/prepare.yml +++ b/molecule/zabbix_server/prepare.yml @@ -81,11 +81,3 @@ dest: /etc/sudoers line: "Defaults !requiretty" state: present - - - name: "Make sure the docs are installed." - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - when: - - ansible_os_family == 'RedHat' diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 5fefe275e..31d2e7dc0 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -83,14 +83,6 @@ line: "Defaults !requiretty" state: present - - name: "Make sure the docs are installed." - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - when: - - ansible_os_family == 'RedHat' - - name: Enabling PHP 8.0 ansible.builtin.dnf: name: "@php:8.0/common" From 85ed950ca6622aa322fcae9ab23814ba642e3ba2 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 18 May 2024 18:34:00 +0000 Subject: [PATCH 07/22] Remove tasks and checks guarding against EL7 This role doesn't support EL7 anymore, so we can remove these tasks/checks. --- molecule/zabbix_web/prepare.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/molecule/zabbix_web/prepare.yml b/molecule/zabbix_web/prepare.yml index 31d2e7dc0..1f6513042 100644 --- a/molecule/zabbix_web/prepare.yml +++ b/molecule/zabbix_web/prepare.yml @@ -107,7 +107,6 @@ - php-pecl-apcu - php-xml when: - - ansible_distribution_major_version >= '8' - ansible_os_family == "RedHat" - name: Workaround for geerlingguy.php missing ubuntu-24.04 support From b5986ee5cd007d7712a92173531bc7633ecc2177 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Fri, 24 May 2024 07:49:03 +0000 Subject: [PATCH 08/22] Move delegated_dbhost to first block This calculation doesn't change. So let's provide/reuse it across the whole block. --- roles/zabbix_proxy/tasks/initialize-mysql.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/zabbix_proxy/tasks/initialize-mysql.yml b/roles/zabbix_proxy/tasks/initialize-mysql.yml index 35da77ecb..e53ecdde5 100644 --- a/roles/zabbix_proxy/tasks/initialize-mysql.yml +++ b/roles/zabbix_proxy/tasks/initialize-mysql.yml @@ -27,6 +27,7 @@ - name: "MySQL Database prep" when: zabbix_proxy_database_creation | bool + become: "{{ zabbix_proxy_dbhost_run_install }}" delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" vars: delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" @@ -62,6 +63,8 @@ - name: "MySQL verify or create schema" when: zabbix_proxy_database_sqlload | bool + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" tags: - database block: @@ -76,8 +79,6 @@ rescue: - name: "MySQL | Get and set schema import overrides" delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" - vars: - delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" block: - name: "MySQL | Get current value for variables" community.mysql.mysql_variables: @@ -128,8 +129,6 @@ - name: "MySQL | Revert variable overrides for schema import" when: _mysql_variable_defaults is defined delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" - vars: - delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" community.mysql.mysql_variables: variable: "{{ item.name }}" value: "{{ item.msg }}" From e2b4e79ea7b1c02f8f5855dc35f79a58969deb33 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Fri, 24 May 2024 07:55:47 +0000 Subject: [PATCH 09/22] Bump mysql container image, add workarounds PyMySQL 9>=,<10 did not have issues with this pinned mysql:8.0.32, but does with later releases, so we bump pymysql for additional debian and ubuntu releases. --- molecule/zabbix_server/prepare.yml | 2 +- roles/zabbix_server/tasks/initialize-mysql.yml | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/molecule/zabbix_server/prepare.yml b/molecule/zabbix_server/prepare.yml index 3cc41d94b..493f54974 100644 --- a/molecule/zabbix_server/prepare.yml +++ b/molecule/zabbix_server/prepare.yml @@ -6,7 +6,7 @@ - name: "Create MySQL Container" docker_container: name: "{{ item.name }}-db" - image: mysql:8.0.32 + image: mysql:8.0 state: started recreate: true networks: diff --git a/roles/zabbix_server/tasks/initialize-mysql.yml b/roles/zabbix_server/tasks/initialize-mysql.yml index 745884cd1..a118a035e 100644 --- a/roles/zabbix_server/tasks/initialize-mysql.yml +++ b/roles/zabbix_server/tasks/initialize-mysql.yml @@ -14,6 +14,16 @@ - database - dependencies +# NOTE: Upgrading system-packages with pip is generally a bad idea, but +# these packaged older versions seems to have a problem with mysql 8 and above +- name: Upgrade pymysql + when: + - ansible_facts['distribution'] in ['Debian', 'Ubuntu'] + - ansible_facts['distribution_release'] in ['bullseye', 'focal'] + ansible.builtin.pip: + name: "pymysql>=0.10.0,<0.11.0" + state: latest + - name: "MySQL Database prep" when: zabbix_server_database_creation become: "{{ zabbix_server_dbhost_run_install }}" From c3deb6611f62849013c11382cfa8feda6c4a0733 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Fri, 24 May 2024 08:02:22 +0000 Subject: [PATCH 10/22] Increase similarity in init-mysql between roles --- roles/zabbix_proxy/tasks/initialize-mysql.yml | 7 +++---- roles/zabbix_server/tasks/initialize-mysql.yml | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/roles/zabbix_proxy/tasks/initialize-mysql.yml b/roles/zabbix_proxy/tasks/initialize-mysql.yml index e53ecdde5..2fe5653be 100644 --- a/roles/zabbix_proxy/tasks/initialize-mysql.yml +++ b/roles/zabbix_proxy/tasks/initialize-mysql.yml @@ -57,8 +57,8 @@ login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" name: "{{ zabbix_proxy_dbuser }}" password: "{{ zabbix_proxy_dbpassword }}" - priv: "{{ zabbix_proxy_dbname }}.*:ALL" host: "{{ zabbix_proxy_privileged_host }}" + priv: "{{ zabbix_proxy_dbname }}.*:ALL" state: present - name: "MySQL verify or create schema" @@ -96,15 +96,15 @@ register: _mysql_variable_defaults - name: "MySQL | Set variable overrides for schema import" - when: item.msg != _mysql_schema_import_overrides[item.name] community.mysql.mysql_variables: variable: "{{ item.name }}" value: "{{ _mysql_schema_import_overrides[item.name] }}" - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + when: item.msg != _mysql_schema_import_overrides[item.name] loop: "{{ _mysql_variable_defaults.results }}" loop_control: label: "{{ item.name }}: {{ _mysql_schema_import_overrides[item.name] }}" @@ -127,7 +127,6 @@ always: - name: "MySQL | Revert variable overrides for schema import" - when: _mysql_variable_defaults is defined delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" community.mysql.mysql_variables: variable: "{{ item.name }}" diff --git a/roles/zabbix_server/tasks/initialize-mysql.yml b/roles/zabbix_server/tasks/initialize-mysql.yml index a118a035e..9d58e8c23 100644 --- a/roles/zabbix_server/tasks/initialize-mysql.yml +++ b/roles/zabbix_server/tasks/initialize-mysql.yml @@ -25,7 +25,7 @@ state: latest - name: "MySQL Database prep" - when: zabbix_server_database_creation + when: zabbix_server_database_creation | bool become: "{{ zabbix_server_dbhost_run_install }}" delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" vars: From c56cf4e3ec8e66bac095189e69a0f0c221ff9bbe Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 25 May 2024 08:11:46 +0000 Subject: [PATCH 11/22] Provide the default port for database servers This could have been an if-statement, I just don't like the "looseness" of the else part, so I opted for a lookup-table. --- molecule/zabbix_web/molecule.yml | 2 -- roles/zabbix_web/defaults/main.yml | 5 ++++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/molecule/zabbix_web/molecule.yml b/molecule/zabbix_web/molecule.yml index 260a85f3a..80c7acab0 100644 --- a/molecule/zabbix_web/molecule.yml +++ b/molecule/zabbix_web/molecule.yml @@ -46,7 +46,6 @@ provisioner: zabbix_web_version: 6.0 mysql: zabbix_server_database: mysql - zabbix_server_dbport: 3306 zabbix_server_dbhost: "{{ inventory_hostname }}-db" zabbix_server_dbhost_run_install: false zabbix_server_privileged_host: "%" @@ -56,7 +55,6 @@ provisioner: zabbix_server_mysql_login_port: 3306 pgsql: zabbix_server_database: pgsql - zabbix_server_dbport: 5432 zabbix_server_dbhost: "{{ inventory_hostname }}-db" zabbix_server_dbhost_run_install: false zabbix_server_pgsql_login_host: "{{ inventory_hostname }}-db" diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index bcd8be2d3..b3909c3d2 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -43,7 +43,10 @@ zabbix_server_dbhost: localhost zabbix_server_dbname: zabbix-server zabbix_server_dbuser: zabbix-server zabbix_server_dbpassword: zabbix-server -zabbix_server_dbport: 5432 +_zabbix_server_database_default_port: + mysql: 3306 + pgsql: 5432 +zabbix_server_dbport: "{{ _zabbix_server_database_default_port[zabbix_server_database] }}" zabbix_server_dbencryption: false zabbix_server_dbverifyhost: false zabbix_server_dbschema: From 25e7480e68b47375c9ffb9ff423d61f93a0a4df3 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 25 May 2024 08:29:29 +0000 Subject: [PATCH 12/22] Remove unused zabbix_selinux_dependencies This lookup goes unused. --- roles/zabbix_web/vars/RedHat.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index efd4e30e8..6aca54563 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -36,12 +36,6 @@ zabbix_web_php_dependencies: - "php-ldap" - "php-{{ 'pgsql' if zabbix_server_database == 'pgsql' else 'mysqlnd' }}" -zabbix_selinux_dependencies: - "9": - - python3-libsemanage - "8": - - python3-libsemanage - _zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_disable_repo: - epel From 12173d9eff72550894ed53777ff312e86f0f651b Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 25 May 2024 08:33:57 +0000 Subject: [PATCH 13/22] Group selinux booleans, and apply regardless Having them only applied with a when condition leaves no way to undo the booleans once set. So we apply them regardless. If the booleans are defaulting to false, we set them false on the system. --- roles/zabbix_web/defaults/main.yml | 1 - roles/zabbix_web/tasks/selinux.yml | 43 +++++++----------------------- 2 files changed, 10 insertions(+), 34 deletions(-) diff --git a/roles/zabbix_web/defaults/main.yml b/roles/zabbix_web/defaults/main.yml index b3909c3d2..0591ce351 100644 --- a/roles/zabbix_web/defaults/main.yml +++ b/roles/zabbix_web/defaults/main.yml @@ -69,7 +69,6 @@ zabbix_server_history_types: - "dbl" # SELinux specific -zabbix_web_selinux: false selinux_allow_httpd_can_connect_ldap: false selinux_allow_httpd_can_network_connect_db: false selinux_allow_httpd_can_connect_zabbix: false diff --git a/roles/zabbix_web/tasks/selinux.yml b/roles/zabbix_web/tasks/selinux.yml index 35fc904be..2a18fe189 100644 --- a/roles/zabbix_web/tasks/selinux.yml +++ b/roles/zabbix_web/tasks/selinux.yml @@ -10,44 +10,21 @@ register: zabbix_web_dependencies_installed until: zabbix_web_dependencies_installed is succeeded become: true - when: - - ansible_os_family == "RedHat" - - ansible_selinux.status == "enabled" tags: - install -- name: "SELinux | Allow httpd to connect to db (SELinux)" +- name: "SELinux | Set booleans" ansible.posix.seboolean: - name: httpd_can_network_connect_db + name: "{{ item.name }}" + state: "{{ item.state }}" persistent: true - state: true become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_network_connect_db | bool - tags: - - config - -- name: "SELinux | Allow httpd to connect to zabbix (SELinux)" - ansible.posix.seboolean: - name: httpd_can_connect_zabbix - persistent: true - state: true - become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_connect_zabbix | bool - tags: - - config - -- name: "SELinux | Allow httpd to connect to ldap (SELinux)" - ansible.posix.seboolean: - name: httpd_can_connect_ldap - persistent: true - state: true - become: true - when: - - ansible_selinux.status == "enabled" - - selinux_allow_httpd_can_connect_ldap | bool tags: - config + loop: + - name: httpd_can_network_connect_db + state: "{{ selinux_allow_httpd_can_network_connect_db | bool }}" + - name: httpd_can_connect_zabbix + state: "{{ selinux_allow_httpd_can_connect_zabbix | bool }}" + - name: httpd_can_connect_ldap + state: "{{ selinux_allow_httpd_can_connect_ldap | bool }}" From bece2716941ff19edd42c08aac6d6bc058ac0e62 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 25 May 2024 09:03:59 +0000 Subject: [PATCH 14/22] Install selinux packages regardless Use the generic `package` module for package installs, and install this ansible dependency regardless. --- roles/zabbix_web/tasks/selinux.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/zabbix_web/tasks/selinux.yml b/roles/zabbix_web/tasks/selinux.yml index 2a18fe189..debae80fb 100644 --- a/roles/zabbix_web/tasks/selinux.yml +++ b/roles/zabbix_web/tasks/selinux.yml @@ -1,9 +1,8 @@ --- -- name: "SELinux | RedHat | Install related SELinux package on RHEL9 and RHEL8" - ansible.builtin.yum: +- name: "SELinux | Install related SELinux package" + ansible.builtin.package: name: - python3-libsemanage - state: present environment: http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" From a86fb557fe53490883565f45e4e45cde092be288 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Wed, 8 May 2024 21:57:56 +0000 Subject: [PATCH 15/22] RedHat: zabbix_web_php_dependencies goes unused --- roles/zabbix_web/vars/RedHat.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 6aca54563..674a64b40 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -28,14 +28,6 @@ zabbix_valid_web_versions: - 6.4 - 6.0 -zabbix_web_php_dependencies: - - "php-gd" - - "php-bcmath" - - "php-xml" - - "php-mbstring" - - "php-ldap" - - "php-{{ 'pgsql' if zabbix_server_database == 'pgsql' else 'mysqlnd' }}" - _zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_disable_repo: - epel From 3cb8643974fe4c5fcc7217c54eec6a30cc527019 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 10:23:13 +0200 Subject: [PATCH 16/22] Single task for installing zabbix-apache-conf Also, this zabbix_agent_disable_repo is probably a copy-paste error introduced at some point. --- roles/zabbix_web/tasks/apache.yml | 40 +++++++++---------------------- roles/zabbix_web/vars/Debian.yml | 1 + roles/zabbix_web/vars/RedHat.yml | 1 + 3 files changed, 13 insertions(+), 29 deletions(-) diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index fa7e78e03..2753991ed 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -8,35 +8,17 @@ - always - name: "Apache | Installing Zabbix Apache Conf" - block: - - name: "Debian | Install zabbix-apache-conf" - ansible.builtin.apt: - pkg: "zabbix-apache-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "Debian" - - - name: "RedHat | Install zabbix-apache-conf" - ansible.builtin.yum: - name: - - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor | default ('*')}}" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "RedHat" + package: + name: "{{ _zabbix_web_apache_package }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_apache_conf_install + until: zabbix_apache_conf_install is succeeded + become: true tags: - install diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index cb2cc0814..f5fb7337d 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -46,3 +46,4 @@ zabbix_valid_web_versions: - 6.0 _zabbix_web_package: zabbix-frontend-php +_zabbix_web_apache_package: zabbix-apache-conf diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 674a64b40..24c87c346 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -29,5 +29,6 @@ zabbix_valid_web_versions: - 6.0 _zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_apache_package: "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_disable_repo: - epel From 3e1036b5c158747ed2ab5fb15375d09f1e97d845 Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 10:56:49 +0200 Subject: [PATCH 17/22] Single task for installing zabbix-nginx-conf --- roles/zabbix_web/tasks/nginx.yml | 40 +++++++++----------------------- roles/zabbix_web/vars/Debian.yml | 1 + roles/zabbix_web/vars/RedHat.yml | 1 + 3 files changed, 13 insertions(+), 29 deletions(-) diff --git a/roles/zabbix_web/tasks/nginx.yml b/roles/zabbix_web/tasks/nginx.yml index 1f50263ca..242d13431 100644 --- a/roles/zabbix_web/tasks/nginx.yml +++ b/roles/zabbix_web/tasks/nginx.yml @@ -11,35 +11,17 @@ - install - name: "Nginx | Installing Zabbix Nginx Conf" - block: - - name: "Debian | Install zabbix-nginx-conf" - ansible.builtin.apt: - pkg: "zabbix-nginx-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "Debian" - - - name: "RedHat | Install zabbix-nginx-conf" - ansible.builtin.yum: - name: - - "zabbix-nginx-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_agent_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_apache_conf_install - until: zabbix_apache_conf_install is succeeded - become: true - when: ansible_os_family == "RedHat" + package: + name: "{{ _zabbix_web_nginx_package }}" + state: "{{ zabbix_web_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: zabbix_nginx_conf_install + until: zabbix_nginx_conf_install is succeeded + become: true tags: - install diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index f5fb7337d..891849874 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -47,3 +47,4 @@ zabbix_valid_web_versions: _zabbix_web_package: zabbix-frontend-php _zabbix_web_apache_package: zabbix-apache-conf +_zabbix_web_nginx_package: zabbix-nginx-conf diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index 24c87c346..f2a39887a 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -30,5 +30,6 @@ zabbix_valid_web_versions: _zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_apache_package: "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_nginx_package: "zabbix-nginx-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_disable_repo: - epel From 3d8e0ac742a058e9af8843896dacb1df8bde84fc Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 17:07:40 +0200 Subject: [PATCH 18/22] Move installation of debian php deps By converting zabbix_web_http_server_package to a list of one package, we can add zabbix_web_php_dependencies to it during installation of those packages. --- roles/zabbix_web/tasks/Debian.yml | 22 ---------------------- roles/zabbix_web/tasks/apache.yml | 2 +- roles/zabbix_web/tasks/nginx.yml | 2 +- roles/zabbix_web/vars/Debian.yml | 11 +++++++---- roles/zabbix_web/vars/RedHat.yml | 6 ++++-- 5 files changed, 13 insertions(+), 30 deletions(-) diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 69fc6ac39..671938dc9 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -1,32 +1,10 @@ --- -- name: "Debian | Set PHP Dependencies" - ansible.builtin.set_fact: - zabbix_web_php_dependencies: "{{ _apache_php_dependencies if zabbix_web_http_server == 'apache' else _nginx_php_dependencies }}" - tags: - - config - - name: "Debian | Set some variables" ansible.builtin.set_fact: zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" tags: - always -- name: "Debian | Install PHP Dependencies" - ansible.builtin.apt: - pkg: "{{ zabbix_web_php_dependencies }}" - state: "present" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_php_dependencies_install - until: zabbix_web_php_dependencies_install is succeeded - become: true - tags: - - install - - dependencies - - name: "Debian | Install PgSQL Dependencies" ansible.builtin.apt: pkg: "php{{ zabbix_web_php_installed_version }}-pgsql" diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index 2753991ed..d746512c2 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -9,7 +9,7 @@ - name: "Apache | Installing Zabbix Apache Conf" package: - name: "{{ _zabbix_web_apache_package }}" + name: "{{ _zabbix_web_apache_packages + _zabbix_web_apache_php_dependencies | default([]) }}" state: "{{ zabbix_web_package_state }}" update_cache: true disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" diff --git a/roles/zabbix_web/tasks/nginx.yml b/roles/zabbix_web/tasks/nginx.yml index 242d13431..c07abf847 100644 --- a/roles/zabbix_web/tasks/nginx.yml +++ b/roles/zabbix_web/tasks/nginx.yml @@ -12,7 +12,7 @@ - name: "Nginx | Installing Zabbix Nginx Conf" package: - name: "{{ _zabbix_web_nginx_package }}" + name: "{{ _zabbix_web_nginx_packages + _zabbix_web_nginx_php_dependencies | default([]) }}" state: "{{ zabbix_web_package_state }}" update_cache: true disablerepo: "{{ zabbix_web_disable_repo | default(_zabbix_web_disable_repo | default(omit)) }}" diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index 891849874..7d8f61e16 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -11,8 +11,6 @@ _zabbix_php_fpm_listen: /run/php/zabbix.sock _zabbix_php_fpm_mode: "0666" _zabbix_php_fpm_allowed_clients: 127.0.0.1 -_apache_php_dependencies: libapache2-mod-php{{ zabbix_web_php_installed_version }} -_nginx_php_dependencies: [] _nginx_user: www-data _nginx_group: www-data @@ -46,5 +44,10 @@ zabbix_valid_web_versions: - 6.0 _zabbix_web_package: zabbix-frontend-php -_zabbix_web_apache_package: zabbix-apache-conf -_zabbix_web_nginx_package: zabbix-nginx-conf +_zabbix_web_apache_packages: + - zabbix-apache-conf +_zabbix_web_apache_php_dependencies: + - "libapache2-mod-php{{ zabbix_web_php_installed_version }}" +_zabbix_web_nginx_packages: + - zabbix-nginx-conf +_zabbix_web_nginx_php_dependencies: [] diff --git a/roles/zabbix_web/vars/RedHat.yml b/roles/zabbix_web/vars/RedHat.yml index f2a39887a..622806aef 100644 --- a/roles/zabbix_web/vars/RedHat.yml +++ b/roles/zabbix_web/vars/RedHat.yml @@ -29,7 +29,9 @@ zabbix_valid_web_versions: - 6.0 _zabbix_web_package: "zabbix-web-{{ zabbix_server_database }}-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" -_zabbix_web_apache_package: "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" -_zabbix_web_nginx_package: "zabbix-nginx-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_apache_packages: + - "zabbix-apache-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" +_zabbix_web_nginx_packages: + - "zabbix-nginx-conf-{{ zabbix_web_version }}.{{ zabbix_web_version_minor }}" _zabbix_web_disable_repo: - epel From 542f21f3048161dd23b570c83ad1cdc85da3e46a Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 17:56:37 +0200 Subject: [PATCH 19/22] Move installation of debian php-pgsql There is a corresponding php-mysql package, and we might aswell make sure that is installed based on zabbix_server_database. --- roles/zabbix_web/tasks/Debian.yml | 18 ------------------ roles/zabbix_web/tasks/apache.yml | 2 ++ roles/zabbix_web/vars/Debian.yml | 4 +++- 3 files changed, 5 insertions(+), 19 deletions(-) diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 671938dc9..336171309 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -4,21 +4,3 @@ zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" tags: - always - -- name: "Debian | Install PgSQL Dependencies" - ansible.builtin.apt: - pkg: "php{{ zabbix_web_php_installed_version }}-pgsql" - state: "present" - update_cache: true - cache_valid_time: 0 - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_php_dependencies_install - until: zabbix_web_php_dependencies_install is succeeded - become: true - when: zabbix_server_database == 'pgsql' - tags: - - install - - dependencies - - database diff --git a/roles/zabbix_web/tasks/apache.yml b/roles/zabbix_web/tasks/apache.yml index d746512c2..19d304595 100644 --- a/roles/zabbix_web/tasks/apache.yml +++ b/roles/zabbix_web/tasks/apache.yml @@ -21,6 +21,8 @@ become: true tags: - install + - dependencies + - database - name: "Apache | Get Apache version" ansible.builtin.shell: | diff --git a/roles/zabbix_web/vars/Debian.yml b/roles/zabbix_web/vars/Debian.yml index 7d8f61e16..27a543ac9 100644 --- a/roles/zabbix_web/vars/Debian.yml +++ b/roles/zabbix_web/vars/Debian.yml @@ -48,6 +48,8 @@ _zabbix_web_apache_packages: - zabbix-apache-conf _zabbix_web_apache_php_dependencies: - "libapache2-mod-php{{ zabbix_web_php_installed_version }}" + - "php{{ zabbix_web_php_installed_version }}-{{ zabbix_server_database }}" _zabbix_web_nginx_packages: - zabbix-nginx-conf -_zabbix_web_nginx_php_dependencies: [] +_zabbix_web_nginx_php_dependencies: + - "php{{ zabbix_web_php_installed_version }}-{{ zabbix_server_database }}" From 780c9c73093ff6aedd512cbfae0bc3b43e73b24c Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 18:34:24 +0200 Subject: [PATCH 20/22] RedHat: Remove zabbix-{{ ..._http_server }}-conf I'm not sure what this when condition is for; when: - zabbix_web_version is version('6.0', '!=') - ansible_distribution_major_version == '9' But we're installing the package anyway. So just drop this task, maybe? --- roles/zabbix_web/tasks/RedHat.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/roles/zabbix_web/tasks/RedHat.yml b/roles/zabbix_web/tasks/RedHat.yml index 0669b7160..0afa475b8 100644 --- a/roles/zabbix_web/tasks/RedHat.yml +++ b/roles/zabbix_web/tasks/RedHat.yml @@ -4,25 +4,6 @@ tags: - always -- name: "RedHat | Install zabbix-web-configuration" - ansible.builtin.yum: - name: - - "zabbix-{{ zabbix_web_http_server }}-conf" - state: "{{ zabbix_web_package_state }}" - update_cache: true - disablerepo: "{{ zabbix_web_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_web_package_install - until: zabbix_web_package_install is succeeded - become: true - when: - - zabbix_web_version is version('6.0', '!=') - - ansible_distribution_major_version == '9' - tags: - - install - - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml when: ansible_facts.selinux.status | default('disabled') == 'enabled' From 99dd6289e79f22dab76990950a5ec2b520a6917b Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sun, 9 Jun 2024 19:44:20 +0200 Subject: [PATCH 21/22] zabbix_underscore_version goes unused --- roles/zabbix_web/tasks/Debian.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/roles/zabbix_web/tasks/Debian.yml b/roles/zabbix_web/tasks/Debian.yml index 336171309..ed97d539c 100644 --- a/roles/zabbix_web/tasks/Debian.yml +++ b/roles/zabbix_web/tasks/Debian.yml @@ -1,6 +1 @@ --- -- name: "Debian | Set some variables" - ansible.builtin.set_fact: - zabbix_underscore_version: "{{ zabbix_web_version | regex_replace('\\.', '_') }}" - tags: - - always From 0d9a25deef42cda73c84a98707019fece50eb3cd Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Mon, 10 Jun 2024 11:30:48 +0200 Subject: [PATCH 22/22] Remove useless when conditions and notifies We don't need restart apache/nginx when a php file gets updated, they are completely separate from running configuration. We can also drop the >= zabbix-5.0 condition. In the rest of the role, we're only calling the respective handler when we need to, so no more when conditions needed. --- roles/zabbix_web/handlers/main.yml | 7 ------- roles/zabbix_web/tasks/main.yml | 2 -- 2 files changed, 9 deletions(-) diff --git a/roles/zabbix_web/handlers/main.yml b/roles/zabbix_web/handlers/main.yml index e97787b12..bcc34a816 100644 --- a/roles/zabbix_web/handlers/main.yml +++ b/roles/zabbix_web/handlers/main.yml @@ -5,8 +5,6 @@ state: restarted enabled: true become: true - when: - - zabbix_web_http_server == 'apache' - name: test nginx config listen: restart nginx @@ -14,8 +12,6 @@ register: zabbix_nginx_cfg_check notify: restart nginx tested become: true - when: - - zabbix_web_http_server == 'nginx' - name: restart nginx tested ansible.builtin.service: @@ -24,7 +20,6 @@ enabled: true become: true when: - - zabbix_web_http_server == 'nginx' - zabbix_nginx_cfg_check.rc == 0 - name: restart php-fpm-version @@ -33,8 +28,6 @@ state: restarted enabled: true become: true - when: - - zabbix_web_version is version('5.0', '>=') - name: "clean repo files from proxy creds" ansible.builtin.shell: ls /etc/yum.repos.d/zabbix* && sed -i 's/^proxy =.*//' /etc/yum.repos.d/zabbix* || true diff --git a/roles/zabbix_web/tasks/main.yml b/roles/zabbix_web/tasks/main.yml index d00b418d1..84c8f32c0 100644 --- a/roles/zabbix_web/tasks/main.yml +++ b/roles/zabbix_web/tasks/main.yml @@ -110,8 +110,6 @@ group: "{{ zabbix_web_group }}" mode: "{{ zabbix_web_conf_mode }}" become: true - notify: - - "restart {{ zabbix_web_http_server }}" tags: - config