From c263a6a698704e9deae4a52c6c1aee5f966eb37e Mon Sep 17 00:00:00 2001 From: Erik Berg Date: Sat, 18 May 2024 23:36:20 +0200 Subject: [PATCH] Refactor zabbix proxy (#1196) * Enable skipping zabbix_valid_server_versions check This table is incomplete, and a hinderance for deployments to valid combinations. Allow the user to bypass this by supplying `-e enable_version_check=false` * Put zabbix_repo_deb_url in defaults Instead of having a partial url in vars/Debian.yml, and appending to it with additional info via set_fact, if zabbix_repo_deb_url is not defined. Just supply it as a default which can be overriden by user. Notes on Raspbian There are very few ways do differentiate Raspbian from Debian with ansible_facts. The only candidate seems to be ansible_facts.lsb.id. The lsb section does not get filled in unless some packages are installed. But luckily those packages come installed on Raspbian systems. And we just default it back to ansible_facts.distribution if lsb.id is not present. So we're gonna simplify and drop some tasks. Tested with ansible-core 2.13.13 on; 2024-03-12-raspios-bullseye-armhf-lite 2024-03-15-raspios-bookworm-armhf-lite If this for some unforseen reason wouldn't work on older or newer versions of raspbian, there's always the option of just overriding the zabbix_repo_deb_url. * Single common task to install zabbix-proxy Install the zabbix-proxy-{{ zabbix_proxy_database }} from a single common task. RedHat can pin the minor version, and has a toggle to disable repo. Debian can't pin minor version. The other debian options cache_valid_time, default_release and force seem irrelevant. We use the common package module, which is just a wrapper around apt/yum, and use this construction; user_supplied_var | default(_calculated_var | default(omit)) to send additional parameters to the respective modules. * Single common task to install zabbix-sql-scripts We don't need additional tasks for installing zabbix-sql-scripts, we can just tack them on to zabbix-proxy-{{ database }}, with the when condition found only on the Debian side of things. * Install MySQL dependencies from mysql task It's cleaner, less conditional checking, and a single task for all supported systems. Remove PyMySQL installation via pip task and switch from mysqldb to pymysql for all debian based systems. The only reason we're installing any python/mysql dependencies at all is to use the ansible community.mysql collection, which has a preference for pymysql, and mysqldb as a backup [1]. Upgrade system-packages of pymysql with pip for a couple of distributions. Upgrading system-packages with pip is generally a bad idea, older versions of pymysql has issues with newer version of mysql (>=8). pymysql>=0.9.0,<0.10.0 fixes the issue with passwords missing during login, but still has a problem setting log_bin_trust_function_creators. pymysql>=0.10.0,<0.11.0, fixes the remaining issue. We don't want to stray to far off from the system defaults Also, drop zabbix_python_prefix. It's all python3. [1] https://github.com/ansible-collections/community.mysql/blob/main/plugins/module_utils/mysql.py#L21-L36 * Install PostgreSQL dependencies from postresql task It's cleaner, less conditional checking, and a single task for all supported systems. The list of packages also remains the same for all supported systems within the os_family, so we can reduce the lookup. We're also trimming out the last of zabbix_python_prefix, and always go for python3 The Debian systems had split installing the dependencies in two tasks, one for the python dependency and one that gets triggered if zabbix_proxy_install_database_client is true. We're gonna reuse this variable, and bring it to RedHat systems, and for mysql aswell in this commit. And to bring it all back to one task, we use this construction; - package: name: "{{ _dependencies | select | list }}" vars: _dependencies: - "{{ install_client | ternary('client-package', '') }}" - some-python-dependency This will create a list of two items, the python-dependency, and possibly an empty string. We use `| select` to filter out the empty strings, and `| list` while strictly not necessary, was historically appended in case the preceeding result ended up being a generator. * Install SQLite3 dependencies from sqlite3 task Less conditional checking, and should feel familiar as both mysql and postgresql do this now. * Simplify logic for dbhost_run_install (mysql) It was difficult to see what this code was supposed to achieve. The most important variable zabbix_proxy_dbhost_run_install was hidden behind two conditions of delegated_dbhost. But here we try to bring it back to view. if zabbix_proxy_dbhost_run_install is true, we want the code to be delegated_to the zabbix_proxy_dbhost, otherwise we want to run it from the zabbix_proxy. However, we have a funny situation where zabbix_proxy_dbhost is by default localhost, which means we'd still be on the zabbix_proxy. We store this calculation in delegated_dbhost. if (dbhost == localhost) then zabbix_proxy else dbhost The mysql tasks have an additional variable zabbix_proxy_real_dbhost, which we try applying first and if not, we default to whatever zabbix_proxy_dbhost_run_install wants. * pgsql: Consolidate delegate and remote tasks With a clear understanding of zabbix_proxy_dbhost_run_install, we can now use it to determine whether or not we need to become the postgres user, and rely upon the default(omit) construction for any potentially provided or missing arguments to login_{user,pass,host} * Refactor MySQL schema import Similar to pgsql, we check for existing dbversion in a block, if the query fails, we create the database in a rescue section. There are a few things to note however. The check and schema creation is not delegated. It happens from zabbix_proxy. This is to verify that our dbuser can access the dbname from zabbix_proxy and has all the permissions needed (after creation) to alter tables between zabbix version upgrades. For the schema creation we actually need some extra privileges, so we read what they currently are, set them to what we need, import our schema, and revert the extra privileges back to their original state. The reverting happens in the `always:` section, so if any other task should fail in schema creation (`rescue:` section) we always revert the privileges before failing. We also have to deal with varying paths to zabbix-proxy schema on RedHat based systems. e.g. /usr/share/doc/zabbix-proxy-pgsql-X.Y.Z And you don't necessarily know which version you're installing when you just want the latest. The code to retain support for older versions is already in place, by leveraging the ls_output_schema for the legacy path. * Refactor PostgreSQL schema import We take advantage of the community.postgres modules, and do a query for 'mandatory' in 'dbversion'. If the query fails, we're going to assume the database has not been populated yet, and rescue the task by populating it. Thereby alleviating the need for .done files. While zabbix-server has predictable paths to the schemas, the zabbix-proxy schema paths are versioned on RedHat based systems. e.g. /usr/share/doc/zabbix-proxy-pgsql-X.Y.Z And you don't necessarily know which version you're installing when you just want the latest. The code to retain support for older versions is already in place, by leveraging the ls_output_schema for the legacy path. * Refactor SQLite3 schema import Mostly reusing the code-style seen in the other database imports. Simplifying the commands used for creation, while keeping support for older style schemas (zabbix < 6). And the addition of setting a secure mode (0600) to the database file. * Simplify legacy tasks * Prefix database task-files with initialize It reflects more accurately what we're trying to achieve. Also strip out zabbix_proxy_db_long, it serves no purpose anymore. * Group similar directory tasks * Drop zabbix 5.0 compatibility This simplifies the code by removing zabbix-5.0 quirks/workarounds. --------- --- .github/workflows/proxy.yml | 16 +- molecule/zabbix_proxy/Dockerfile.debian.j2 | 3 + molecule/zabbix_proxy/Dockerfile.redhat.j2 | 3 + molecule/zabbix_proxy/molecule.yml | 11 +- molecule/zabbix_proxy/prepare.yml | 16 -- roles/zabbix_proxy/defaults/main.yml | 2 - roles/zabbix_proxy/tasks/Debian.yml | 106 ----------- roles/zabbix_proxy/tasks/RedHat.yml | 108 +---------- roles/zabbix_proxy/tasks/initialize-mysql.yml | 144 +++++++++++++++ roles/zabbix_proxy/tasks/initialize-pgsql.yml | 73 ++++++++ .../zabbix_proxy/tasks/initialize-sqlite3.yml | 62 +++++++ roles/zabbix_proxy/tasks/main.yml | 68 +++---- roles/zabbix_proxy/tasks/mysql.yml | 172 ------------------ roles/zabbix_proxy/tasks/postgresql.yml | 96 ---------- roles/zabbix_proxy/tasks/sqlite3.yml | 63 ------- .../templates/zabbix_proxy.conf.j2 | 2 - roles/zabbix_proxy/vars/Debian.yml | 26 ++- roles/zabbix_proxy/vars/RedHat.yml | 34 ++-- roles/zabbix_proxy/vars/main.yml | 7 - 19 files changed, 363 insertions(+), 649 deletions(-) create mode 100644 molecule/zabbix_proxy/Dockerfile.debian.j2 create mode 100644 molecule/zabbix_proxy/Dockerfile.redhat.j2 create mode 100644 roles/zabbix_proxy/tasks/initialize-mysql.yml create mode 100644 roles/zabbix_proxy/tasks/initialize-pgsql.yml create mode 100644 roles/zabbix_proxy/tasks/initialize-sqlite3.yml delete mode 100644 roles/zabbix_proxy/tasks/mysql.yml delete mode 100644 roles/zabbix_proxy/tasks/postgresql.yml delete mode 100644 roles/zabbix_proxy/tasks/sqlite3.yml delete mode 100644 roles/zabbix_proxy/vars/main.yml diff --git a/.github/workflows/proxy.yml b/.github/workflows/proxy.yml index ab52f9dfc..5618a0633 100644 --- a/.github/workflows/proxy.yml +++ b/.github/workflows/proxy.yml @@ -40,12 +40,11 @@ jobs: - v64 - v62 - v60 - include: - - interpreter: python3 - - interpreter: python - container: centos7 exclude: - - container: debian12 + - container: + name: debian12 + base_image: debian:12 + os_family: debian version: v62 - container: ubuntu2404 version: v62 @@ -81,10 +80,9 @@ jobs: - name: Run role tests run: >- - MY_MOLECULE_CONTAINER=${{ matrix.container }} - MY_MOLECULE_IMAGE=${{ matrix.container }} + MY_MOLECULE_CONTAINER=${{ matrix.container.name }} + MY_MOLECULE_IMAGE=${{ matrix.container.base_image }} + MY_MOLECULE_OS_FAMILY=${{ matrix.container.os_family }} MY_MOLECULE_VERSION=${{ matrix.version }} MY_MOLECULE_DATABASE=${{ matrix.database }} - MY_MOLECULE_INTERPRETER=${{ matrix.interpreter }} - MY_MOLECULE_DOCKER_COMMAND=${{ matrix.command }} molecule test -s ${{ matrix.collection_role }} diff --git a/molecule/zabbix_proxy/Dockerfile.debian.j2 b/molecule/zabbix_proxy/Dockerfile.debian.j2 new file mode 100644 index 000000000..b3d90f2a5 --- /dev/null +++ b/molecule/zabbix_proxy/Dockerfile.debian.j2 @@ -0,0 +1,3 @@ +FROM {{ item.base_image }} +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y python3-pip systemd-sysv +CMD ["/sbin/init"] diff --git a/molecule/zabbix_proxy/Dockerfile.redhat.j2 b/molecule/zabbix_proxy/Dockerfile.redhat.j2 new file mode 100644 index 000000000..dd48ee3b7 --- /dev/null +++ b/molecule/zabbix_proxy/Dockerfile.redhat.j2 @@ -0,0 +1,3 @@ +FROM {{ item.base_image }} +RUN yum install -y python3-pip +CMD ["/sbin/init"] diff --git a/molecule/zabbix_proxy/molecule.yml b/molecule/zabbix_proxy/molecule.yml index 4eadd60ab..0002a0a49 100644 --- a/molecule/zabbix_proxy/molecule.yml +++ b/molecule/zabbix_proxy/molecule.yml @@ -3,10 +3,11 @@ driver: name: docker platforms: - name: zabbix-proxy-${MY_MOLECULE_VERSION:-v64}-${MY_MOLECULE_DATABASE:-mysql}-${MY_MOLECULE_CONTAINER:-rockylinux8} - image: geerlingguy/docker-${MY_MOLECULE_IMAGE:-rockylinux8}-ansible:latest + dockerfile: Dockerfile.${MY_MOLECULE_OS_FAMILY:-redhat}.j2 + base_image: ${MY_MOLECULE_IMAGE:-rockylinux/rockylinux:8-ubi-init} + image: ${MY_MOLECULE_CONTAINER:-rockylinux8} privileged: true - pre_build_image: true - command: ${MOLECULE_DOCKER_COMMAND:-""} + command: /sbin/init networks: - name: zabbix volumes: @@ -22,10 +23,8 @@ provisioner: ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles inventory: group_vars: - python3: + all: ansible_python_interpreter: /usr/bin/python3 - python: - ansible_python_interpreter: /usr/bin/python v64: zabbix_proxy_version: 6.4 v62: diff --git a/molecule/zabbix_proxy/prepare.yml b/molecule/zabbix_proxy/prepare.yml index 1ff492d62..5a3c3139f 100644 --- a/molecule/zabbix_proxy/prepare.yml +++ b/molecule/zabbix_proxy/prepare.yml @@ -95,19 +95,3 @@ dest: /etc/sudoers line: "Defaults !requiretty" state: present - - - name: "Make sure the docs can be installed. (RedHat)" - ansible.builtin.lineinfile: - dest: /etc/yum.conf - line: "tsflags=nodocs" - state: absent - when: - - ansible_os_family == 'RedHat' - - - name: "Make sure the docs can be installed. (Debian)" - ansible.builtin.lineinfile: - path: /etc/dpkg/dpkg.cfg.d/excludes - state: absent - regexp: "path-exclude=/usr/share/doc/*" - when: - - ansible_os_family != 'RedHat' diff --git a/roles/zabbix_proxy/defaults/main.yml b/roles/zabbix_proxy/defaults/main.yml index d7bc80a64..942461774 100644 --- a/roles/zabbix_proxy/defaults/main.yml +++ b/roles/zabbix_proxy/defaults/main.yml @@ -43,8 +43,6 @@ zabbix_repo_yum_schema: https zabbix_repo_yum_gpgcheck: 0 zabbix_repo_deb_url: "http://repo.zabbix.com/zabbix/{{ zabbix_proxy_version }}/{{ ansible_facts.lsb.id | default(ansible_facts['distribution']) | lower }}{% if ansible_facts['architecture'] == 'aarch64' and ansible_facts.lsb.id | default(ansible_facts['distribution']) in ['Debian', 'Ubuntu'] %}-arm64{% endif %}" zabbix_repo_deb_component: main -zabbix_proxy_disable_repo: - - epel zabbix_repo_yum: - name: zabbix description: Zabbix Official Repository - $basearch diff --git a/roles/zabbix_proxy/tasks/Debian.yml b/roles/zabbix_proxy/tasks/Debian.yml index 79534eceb..5877d5636 100644 --- a/roles/zabbix_proxy/tasks/Debian.yml +++ b/roles/zabbix_proxy/tasks/Debian.yml @@ -2,7 +2,6 @@ - name: "Debian | Set short version name" ansible.builtin.set_fact: zabbix_short_version: "{{ zabbix_proxy_version | regex_replace('\\.', '') }}" - zabbix_python_prefix: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}" zabbix_underscore_version: "{{ zabbix_proxy_version | regex_replace('\\.', '_') }}" tags: - always @@ -102,108 +101,3 @@ become: true tags: - install - -- name: "Debian | Installing zabbix-proxy-{{ zabbix_proxy_database }}" - ansible.builtin.apt: - pkg: "zabbix-proxy-{{ zabbix_proxy_database }}" - update_cache: true - cache_valid_time: 0 - force: true - state: "{{ zabbix_proxy_package_state }}" - default_release: "{{ ansible_distribution_release }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: is_zabbix_proxy_package_installed - until: is_zabbix_proxy_package_installed is succeeded - become: true - tags: - - install - -- name: "Debian | Installing zabbix-sql-scripts" - ansible.builtin.apt: - pkg: zabbix-sql-scripts - state: "{{ zabbix_proxy_package_state }}" - update_cache: true - cache_valid_time: 0 - default_release: "{{ ansible_distribution_release }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_package_sql_installed - until: zabbix_proxy_package_sql_installed is succeeded - when: - - zabbix_proxy_version is version('6.0', '>=') - become: true - tags: - - install - -- name: "Debian | Install Ansible module dependencies" - ansible.builtin.apt: - name: "{{ zabbix_python_prefix }}-psycopg2" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - zabbix_proxy_database_creation - tags: - - install - - dependencies - -- name: "Debian | Install Mysql Client package" - ansible.builtin.apt: - name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_dependencies_installed - until: zabbix_proxy_dependencies_installed is succeeded - become: true - when: - - zabbix_proxy_database == 'mysql' - - zabbix_proxy_install_database_client - tags: - - install - - dependencies - - database - -- name: "Debian | Install PostgreSQL Client package" - ansible.builtin.apt: - name: postgresql-client - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - become: true - when: - - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - - zabbix_proxy_database == 'pgsql' - - zabbix_proxy_install_database_client - tags: - - install - - dependencies - - database - -- name: "Debian | Install sqlite3" - ansible.builtin.apt: - name: sqlite3 - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: are_zabbix_proxy_dependency_packages_installed - until: are_zabbix_proxy_dependency_packages_installed is succeeded - become: true - when: - - zabbix_proxy_database == 'sqlite3' - tags: - - install - - dependencies - - database diff --git a/roles/zabbix_proxy/tasks/RedHat.yml b/roles/zabbix_proxy/tasks/RedHat.yml index f35b3c7b3..a51baee63 100644 --- a/roles/zabbix_proxy/tasks/RedHat.yml +++ b/roles/zabbix_proxy/tasks/RedHat.yml @@ -7,19 +7,6 @@ tags: - always -- name: "RedHat | Define package without version" - ansible.builtin.set_fact: - zabbix_proxy_package: "zabbix-proxy-{{ zabbix_proxy_database }}" - cacheable: true - tags: - - always - -- name: "RedHat | Set facts for Zabbix" - ansible.builtin.set_fact: - datafiles_path: "/usr/share/doc/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}" - tags: - - always - - name: "RedHat | Make sure old file is absent" ansible.builtin.file: path: /etc/yum.repos.d/zabbix-supported.repo @@ -47,99 +34,10 @@ tags: - install -- name: Install packages for Zabbix Repository - block: - - name: "RedHat | Installing zabbix-proxy-{{ zabbix_proxy_database }}" - ansible.builtin.yum: - pkg: "{{ zabbix_proxy_package }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: is_zabbix_proxy_package_installed - until: is_zabbix_proxy_package_installed is succeeded - - - name: "RedHat | Installing zabbix-sql-scripts" - ansible.builtin.yum: - pkg: "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" - state: "{{ zabbix_proxy_package_state }}" - disablerepo: "{{ zabbix_proxy_disable_repo | default(omit) }}" - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_sql_package_installed - until: zabbix_proxy_sql_package_installed is succeeded - become: true - tags: - - install - -- name: "RedHat | Install Ansible PostgreSQL Client package" +- name: "RedHat | Add EPEL Repo (Centos 7 Only)" + when: ansible_facts['distribution_major_version'] == '7' ansible.builtin.yum: - name: "{{ pgsql_depenencies[ansible_distribution_major_version] }}" - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: are_zabbix_proxy_pgsql_packages_installed - until: are_zabbix_proxy_pgsql_packages_installed is succeeded - when: - - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - - zabbix_proxy_database == 'pgsql' - tags: - - install - - database - - dependencies - -- name: "RedHat | Install Mysql Client Package" - block: - - name: "RedHat | Add Mysql Repo (Centos 7 Only)" - ansible.builtin.yum_repository: - name: mariadb - description: MariaDB 10.8 CentOS repository list - file: mariadb - baseurl: "https://mirror.rackspace.com/mariadb/yum/10.11/centos{{ ansible_distribution_major_version }}-amd64" - gpgcheck: no - when: ansible_distribution_major_version == '7' - - - name: "RedHat | Install Mysql Client package" - ansible.builtin.yum: - name: "{{ mysql_client_pkgs[ansible_distribution_major_version] }}" - state: installed - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - become: true - register: are_zabbix_proxy_mysql_packages_installed - until: are_zabbix_proxy_mysql_packages_installed is succeeded - when: - - zabbix_proxy_database_creation or zabbix_proxy_database_sqlload - - zabbix_proxy_install_database_client - - zabbix_proxy_database == 'mysql' - tags: - - install - - database - - dependencies - -- name: "RedHat | Install sqlite3" - ansible.builtin.yum: - name: - - sqlite - state: present - environment: - http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" - https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" - register: zabbix_proxy_sqlite_packages_installed - until: zabbix_proxy_sqlite_packages_installed is succeeded - become: true - when: - - zabbix_proxy_database == 'sqlite3' - tags: - - install - - database - - dependencies + name: epel-release - name: "Configure SELinux when enabled" ansible.builtin.include_tasks: selinux.yml diff --git a/roles/zabbix_proxy/tasks/initialize-mysql.yml b/roles/zabbix_proxy/tasks/initialize-mysql.yml new file mode 100644 index 000000000..e3b525a83 --- /dev/null +++ b/roles/zabbix_proxy/tasks/initialize-mysql.yml @@ -0,0 +1,144 @@ +--- +# task file for mysql +- name: "Install MySQL dependencies" + when: zabbix_proxy_database_creation or zabbix_proxy_database_sqlload + ansible.builtin.package: + name: "{{ _zabbix_proxy_mysql_dependencies[ ansible_facts['distribution_major_version'] ] | select | list }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + register: _zabbix_proxy_dependencies_installed + until: _zabbix_proxy_dependencies_installed is succeeded + tags: + - install + - database + - dependencies + +# NOTE: Upgrading system-packages with pip is generally a bad idea, but +# these packaged older versions seems to have a problem with mysql 8 and above +- name: Upgrade pymysql + when: + - ansible_facts['distribution'] in ['CentOS', 'Debian', 'Ubuntu'] + - ansible_facts['distribution_release'] in ['Core', 'buster', 'bullseye', 'bionic', 'focal'] + ansible.builtin.pip: + name: "pymysql>=0.10.0,<0.11.0" + state: latest + +- name: "MySQL Database prep" + when: zabbix_proxy_database_creation | bool + delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" + tags: + - database + - skip_ansible_lint + block: + - name: "MySQL | Create database" + community.mysql.mysql_db: + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" + login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + name: "{{ zabbix_proxy_dbname }}" + encoding: "{{ zabbix_proxy_dbencoding }}" + collation: "{{ zabbix_proxy_dbcollation }}" + state: present + register: zabbix_database_created + + - name: "MySQL | Create database user" + community.mysql.mysql_user: + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" + login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + name: "{{ zabbix_proxy_dbuser }}" + password: "{{ zabbix_proxy_dbpassword }}" + priv: "{{ zabbix_proxy_dbname }}.*:ALL" + host: "{{ zabbix_proxy_privileged_host }}" + plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}" + state: present + +- name: "MySQL verify or create schema" + when: zabbix_proxy_database_sqlload | bool + tags: + - database + block: + - name: "MySQL | Get current database version" + community.mysql.mysql_query: + login_user: "{{ zabbix_proxy_dbuser }}" + login_password: "{{ zabbix_proxy_dbpassword }}" + login_host: "{{ zabbix_proxy_dbhost }}" + login_port: "{{ zabbix_proxy_dbport }}" + login_db: "{{ zabbix_proxy_dbname }}" + query: 'SELECT mandatory FROM dbversion' + rescue: + - name: "MySQL | Get and set schema import overrides" + delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" + block: + - name: "MySQL | Get current value for variables" + community.mysql.mysql_variables: + variable: "{{ name }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" + login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + loop: + - innodb_default_row_format + - log_bin_trust_function_creators + loop_control: + loop_var: name + register: _mysql_variable_defaults + + - name: "MySQL | Set variable overrides for schema import" + when: item.msg != _mysql_schema_import_overrides[item.name] + community.mysql.mysql_variables: + variable: "{{ item.name }}" + value: "{{ _mysql_schema_import_overrides[item.name] }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" + login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + loop: "{{ _mysql_variable_defaults.results }}" + loop_control: + label: "{{ item.name }}: {{ _mysql_schema_import_overrides[item.name] }}" + vars: + _mysql_schema_import_overrides: + innodb_default_row_format: "dynamic" + log_bin_trust_function_creators: "ON" + + - name: "MySQL | Import schema" + community.mysql.mysql_db: + login_user: "{{ zabbix_proxy_dbuser }}" + login_password: "{{ zabbix_proxy_dbpassword }}" + login_host: "{{ zabbix_proxy_dbhost }}" + login_port: "{{ zabbix_proxy_dbport }}" + name: "{{ zabbix_proxy_dbname }}" + encoding: "{{ zabbix_proxy_dbencoding }}" + collation: "{{ zabbix_proxy_dbcollation }}" + state: import + target: /usr/share/zabbix-sql-scripts/mysql/proxy.sql + + always: + - name: "MySQL | Revert variable overrides for schema import" + when: _mysql_variable_defaults is defined + delegate_to: "{{ zabbix_proxy_real_dbhost | default(zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}" + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" + community.mysql.mysql_variables: + variable: "{{ item.name }}" + value: "{{ item.msg }}" + login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" + login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" + login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" + loop: "{{ _mysql_variable_defaults.results | default([]) }}" + loop_control: + label: "{{ item.name }}: {{ item.msg }}" diff --git a/roles/zabbix_proxy/tasks/initialize-pgsql.yml b/roles/zabbix_proxy/tasks/initialize-pgsql.yml new file mode 100644 index 000000000..fc2c675ab --- /dev/null +++ b/roles/zabbix_proxy/tasks/initialize-pgsql.yml @@ -0,0 +1,73 @@ +--- +# task file for postgresql +- name: "Install PostgreSQL dependencies" + when: zabbix_proxy_database_creation or zabbix_proxy_database_sqlload + ansible.builtin.package: + name: "{{ _zabbix_proxy_pgsql_dependencies | select | list }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + register: _zabbix_proxy_pgsql_packages_installed + until: _zabbix_proxy_pgsql_packages_installed is succeeded + tags: + - install + - database + - dependencies + +- name: "PostgreSQL Database prep" + when: zabbix_proxy_database_creation | bool + become: "{{ zabbix_proxy_dbhost_run_install }}" + become_user: postgres + delegate_to: "{{ zabbix_proxy_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname) }}" + vars: + delegated_dbhost: "{{ (zabbix_proxy_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_proxy_dbhost) }}" + tags: + - database + block: + - name: "PostgreSQL | Create database" + community.postgresql.postgresql_db: + login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}" + port: "{{ zabbix_proxy_dbport }}" + login_unix_socket: "{{ zabbix_proxy_pgsql_login_unix_socket | default(omit) }}" + name: "{{ zabbix_proxy_dbname }}" + state: present + + - name: "PostgreSQL | Create database user" + community.postgresql.postgresql_user: + login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}" + login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}" + login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}" + port: "{{ zabbix_proxy_dbport }}" + name: "{{ zabbix_proxy_dbuser }}" + password: "{{ ('md5' + (zabbix_proxy_dbpassword + zabbix_proxy_dbuser)|hash('md5')) if zabbix_proxy_dbpassword_hash_method == 'md5' else zabbix_proxy_dbpassword }}" + db: "{{ zabbix_proxy_dbname }}" + priv: ALL + state: present + encrypted: true + +- name: "PostgreSQL verify or create schema" + when: zabbix_proxy_database_sqlload | bool + tags: + - database + block: + - name: "PostgreSQL | Get current database version" + community.postgresql.postgresql_query: + login_user: "{{ zabbix_proxy_dbuser }}" + login_password: "{{ zabbix_proxy_dbpassword }}" + login_host: "{{ zabbix_proxy_dbhost }}" + port: "{{ zabbix_proxy_dbport }}" + db: "{{ zabbix_proxy_dbname }}" + query: 'SELECT mandatory FROM dbversion' + rescue: + - name: "PostgreSQL | Import schema" + community.postgresql.postgresql_db: + login_user: "{{ zabbix_proxy_dbuser }}" + login_password: "{{ zabbix_proxy_dbpassword }}" + login_host: "{{ zabbix_proxy_dbhost }}" + port: "{{ zabbix_proxy_dbport }}" + db: "{{ zabbix_proxy_dbname }}" + state: restore + target: /usr/share/zabbix-sql-scripts/postgresql/proxy.sql diff --git a/roles/zabbix_proxy/tasks/initialize-sqlite3.yml b/roles/zabbix_proxy/tasks/initialize-sqlite3.yml new file mode 100644 index 000000000..ae8f8602b --- /dev/null +++ b/roles/zabbix_proxy/tasks/initialize-sqlite3.yml @@ -0,0 +1,62 @@ +--- +# task file for sqlite3 +- name: "Install SQLite3 dependencies" + when: zabbix_proxy_database_creation or zabbix_proxy_database_sqlload + ansible.builtin.package: + name: "{{ _zabbix_proxy_sqlite3_dependencies }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + become: true + register: _zabbix_proxy_sqlite3_packages_installed + until: _zabbix_proxy_sqlite3_packages_installed is succeeded + tags: + - install + - database + - dependencies + +- name: "SQLite3 | Set path for default dbname" + when: zabbix_proxy_dbname == "zabbix_proxy" + ansible.builtin.set_fact: + zabbix_proxy_dbname: /var/lib/zabbix/zabbix_proxy.db + tags: + - database + +- name: "SQLite3 Database prep" + when: zabbix_proxy_database_creation | bool + become: true + tags: + - database + block: + - name: "SQLite3 | Create path directories" + ansible.builtin.file: + state: directory + name: "{{ zabbix_proxy_dbname | dirname }}" + mode: "0744" + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" + seuser: system_u + serole: object_r + setype: zabbix_var_lib_t + + - name: "SQLite3 | Import schema" + when: zabbix_proxy_database_sqlload + become_user: "{{ zabbix_os_user }}" + ansible.builtin.shell: | + set -euxo pipefail + sqlite3 {{ zabbix_proxy_dbname }} < /usr/share/zabbix-sql-scripts/sqlite3/proxy.sql + args: + creates: "{{ zabbix_proxy_dbname }}" + executable: /bin/bash + + - name: "Sqlite3 | Fix zabbix db file permission (SELinux)" + when: ansible_selinux.status == "enabled" + ansible.builtin.file: + state: file + path: "{{ zabbix_proxy_dbname }}" + mode: "0600" + owner: "{{ zabbix_os_user }}" + group: "{{ zabbix_os_user }}" + seuser: system_u + serole: object_r + setype: zabbix_var_lib_t diff --git a/roles/zabbix_proxy/tasks/main.yml b/roles/zabbix_proxy/tasks/main.yml index 1e8831c35..3043bdaef 100644 --- a/roles/zabbix_proxy/tasks/main.yml +++ b/roles/zabbix_proxy/tasks/main.yml @@ -35,13 +35,6 @@ zabbix_api_server_port: "{{ '443' if zabbix_api_use_ssl|bool else '80' }}" when: zabbix_api_server_port is undefined -- name: Set Path to SQL File - ansible.builtin.set_fact: - datafile_path: "{{ db_file_path[zabbix_short_version] }}" - tags: - - install - - config - - name: "Set default ip address for zabbix_proxy_ip" ansible.builtin.set_fact: zabbix_proxy_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4'].address }}" @@ -56,54 +49,45 @@ - name: "Complete OS Specific Tasks" ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" -- name: "Get the file for database schema" - ansible.builtin.shell: ls -1 {{ db_file_path[zabbix_short_version] }} - changed_when: false +- name: "Install zabbix-proxy packages" + ansible.builtin.package: + name: "{{ _zabbix_proxy_packages }}" + state: "{{ zabbix_proxy_package_state }}" + update_cache: true + disablerepo: "{{ zabbix_proxy_disable_repo | default(_zabbix_proxy_disable_repo | default(omit)) }}" + environment: + http_proxy: "{{ zabbix_http_proxy | default(None) | default(omit) }}" + https_proxy: "{{ zabbix_https_proxy | default(None) | default(omit) }}" + register: _zabbix_proxy_package_installed + until: _zabbix_proxy_package_installed is succeeded become: true - when: - - zabbix_proxy_database_sqlload - register: ls_output_schema tags: - - database + - install -- name: "Installing the database" - ansible.builtin.include_tasks: "{{ zabbix_proxy_db_long }}.yml" +- name: "Initialize the database" + ansible.builtin.include_tasks: "initialize-{{ zabbix_proxy_database }}.yml" -- name: "Create include dir zabbix-proxy" +- name: "Create directories" ansible.builtin.file: - path: "{{ zabbix_proxy_include }}" - owner: "{{ zabbix_os_user }}" - group: "{{ zabbix_os_user }}" - mode: "{{ zabbix_proxy_include_mode }}" state: directory - become: true - tags: - - install - - config - -- name: "Create module dir zabbix-proxy" - ansible.builtin.file: - path: "{{ zabbix_proxy_loadmodulepath }}" + path: "{{ item.path }}" owner: "{{ zabbix_os_user }}" group: "{{ zabbix_os_user }}" - state: directory - mode: "0755" + mode: "{{ item.mode | default('0755') }}" become: true + loop: + - path: "{{ zabbix_proxy_include }}" + mode: "{{ zabbix_proxy_include_mode }}" + - path: "{{ zabbix_proxy_loadmodulepath }}" + - required: "{{ zabbix_proxy_tlspskfile is defined }}" + path: "{{ zabbix_proxy_tlspskfile | default('/path/to/zabbix_proxy_tlspskfile/zabbix_proxy.psk') | dirname }}" + loop_control: + label: "{{ item.path }}" + when: item.required | default(true) tags: - install - config -- name: "Create directory for PSK file if not exist." - ansible.builtin.file: - path: "{{ zabbix_proxy_tlspskfile | dirname }}" - mode: 0755 - state: directory - become: true - when: - - zabbix_proxy_tlspskfile is defined - tags: - - config - - name: "Place TLS PSK File" ansible.builtin.copy: dest: "{{ zabbix_proxy_tlspskfile }}" diff --git a/roles/zabbix_proxy/tasks/mysql.yml b/roles/zabbix_proxy/tasks/mysql.yml deleted file mode 100644 index dde847a53..000000000 --- a/roles/zabbix_proxy/tasks/mysql.yml +++ /dev/null @@ -1,172 +0,0 @@ ---- -# task file for mysql -- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - ansible.builtin.set_fact: - delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" - when: - - zabbix_proxy_dbhost_run_install - tags: - - database - -- name: "MySQL | Set the correct delegated_dbhost (to support MySQL db deployment on a remote dbhost)" - ansible.builtin.set_fact: - delegated_dbhost: "{{ inventory_hostname }}" - when: - - not zabbix_proxy_dbhost_run_install - tags: - - database - -- name: "MySQL | Override delegated_dbhost with real dbhost when dbhost is behind loadbalancer" - ansible.builtin.set_fact: - delegated_dbhost: "{{ zabbix_proxy_real_dbhost }}" - when: zabbix_proxy_real_dbhost | default(false) - tags: - - database - -- name: PyMySQL - ansible.builtin.pip: - name: PyMySQL - register: installation_dependencies - until: installation_dependencies is succeeded - tags: - - database - -- name: "MySQL | Create database" - community.mysql.mysql_db: - name: "{{ zabbix_proxy_dbname }}" - encoding: "{{ zabbix_proxy_dbencoding }}" - collation: "{{ zabbix_proxy_dbcollation }}" - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - state: present - when: zabbix_proxy_database_creation - register: zabbix_database_created - delegate_to: "{{ delegated_dbhost }}" - tags: - - database - - skip_ansible_lint - -- name: "MySQL | Create database user" - community.mysql.mysql_user: - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - name: "{{ zabbix_proxy_dbuser }}" - password: "{{ zabbix_proxy_dbpassword }}" - priv: "{{ zabbix_proxy_dbname }}.*:ALL" - host: "{{ zabbix_proxy_privileged_host }}" - plugin: "{{ 'mysql_native_password' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else omit }}" - state: present - when: zabbix_proxy_database_creation - delegate_to: "{{ delegated_dbhost }}" - tags: - - database - -- name: "MySQL | Check if we have done files" - ansible.builtin.stat: - path: /etc/zabbix/schema.done - register: done_file - become: true - when: - - zabbix_proxy_database_sqlload - tags: - - database - -- name: "MySQL | Get version_comment" - community.mysql.mysql_variables: - variable: version - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - delegate_to: "{{ delegated_dbhost }}" - register: install_mysql_version - tags: - - database - -- name: "MySQL | Get current value for innodb_default_row_format" - community.mysql.mysql_variables: - variable: innodb_default_row_format - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - delegate_to: "{{ delegated_dbhost }}" - register: mysql_innodb_default_row_format - when: - - install_mysql_version.msg is version('5.6', '>=') - tags: - - database - -- name: "MySQL | Set innodb_default_row_format to dynamic" - community.mysql.mysql_variables: - variable: innodb_default_row_format - value: dynamic - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - when: - - zabbix_proxy_database_sqlload | bool - - not done_file.stat.exists - - install_mysql_version.msg is version('5.6', '>=') - - mysql_innodb_default_row_format.msg != 'dynamic' - delegate_to: "{{ delegated_dbhost }}" - tags: - - database - -- name: "MySQL | Create database and import file" - community.mysql.mysql_db: - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - name: "{{ zabbix_proxy_dbname }}" - encoding: "{{ zabbix_proxy_dbencoding }}" - collation: "{{ zabbix_proxy_dbcollation }}" - state: import - target: "{{ ls_output_schema.stdout }}" - when: - - zabbix_proxy_database_sqlload - - not done_file.stat.exists - delegate_to: "{{ delegated_dbhost }}" - tags: - - database - -- name: "MySQL | Revert innodb_default_row_format to previous value" - community.mysql.mysql_variables: - variable: innodb_default_row_format - value: "{{ mysql_innodb_default_row_format.msg }}" - login_host: "{{ zabbix_proxy_mysql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_mysql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_mysql_login_password | default(omit) }}" - login_port: "{{ zabbix_proxy_mysql_login_port | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_mysql_login_unix_socket | default(omit) }}" - when: - - zabbix_proxy_database_sqlload | bool - - not done_file.stat.exists - - mysql_innodb_default_row_format.msg != 'dynamic' - delegate_to: "{{ delegated_dbhost }}" - tags: - - database - -- name: "MySQL | Create done file" - ansible.builtin.file: - path: /etc/zabbix/schema.done - state: touch - mode: "0644" - become: true - when: - - zabbix_proxy_database_sqlload - - not done_file.stat.exists - tags: - - database diff --git a/roles/zabbix_proxy/tasks/postgresql.yml b/roles/zabbix_proxy/tasks/postgresql.yml deleted file mode 100644 index e71af9aba..000000000 --- a/roles/zabbix_proxy/tasks/postgresql.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# task file for postgresql - -- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - ansible.builtin.set_fact: - delegated_dbhost: "{{ zabbix_proxy_dbhost if (zabbix_proxy_dbhost != 'localhost') else inventory_hostname }}" - when: - - zabbix_proxy_dbhost_run_install - tags: - - database - -- name: "PostgreSQL | Set the correct delegated_dbhost (to support postgres db deployment on a remote dbhost)" - ansible.builtin.set_fact: - delegated_dbhost: "{{ inventory_hostname }}" - when: - - not zabbix_proxy_dbhost_run_install - tags: - - database - -- name: "PostgreSQL | Delegated" - block: - - name: "PostgreSQL | Delegated | Create database" - community.postgresql.postgresql_db: - name: "{{ zabbix_proxy_dbname }}" - port: "{{ zabbix_proxy_dbport }}" - state: present - - - name: "PostgreSQL | Delegated | Create database user" - community.postgresql.postgresql_user: - db: "{{ zabbix_proxy_dbname }}" - name: "{{ zabbix_proxy_dbuser }}" - password: "{{ ('md5' + (zabbix_proxy_dbpassword + zabbix_proxy_dbuser)|hash('md5')) if zabbix_proxy_dbpassword_hash_method == 'md5' else zabbix_proxy_dbpassword }}" - port: "{{ zabbix_proxy_dbport }}" - priv: ALL - state: present - encrypted: true - become: true - become_user: postgres - delegate_to: "{{ delegated_dbhost }}" - when: - - zabbix_proxy_database_creation - - zabbix_proxy_pgsql_login_host is not defined - tags: - - database - -- name: "PostgreSQL | Remote" - block: - - name: "PostgreSQL | Remote | Create database" - community.postgresql.postgresql_db: - login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}" - login_unix_socket: "{{ zabbix_proxy_pgsql_login_unix_socket | default(omit) }}" - name: "{{ zabbix_proxy_dbname }}" - port: "{{ zabbix_proxy_dbport }}" - state: present - - name: "PostgreSQL | Remote | Create database user" - community.postgresql.postgresql_user: - login_host: "{{ zabbix_proxy_pgsql_login_host | default(omit) }}" - login_user: "{{ zabbix_proxy_pgsql_login_user | default(omit) }}" - login_password: "{{ zabbix_proxy_pgsql_login_password | default(omit) }}" - db: "{{ zabbix_proxy_dbname }}" - name: "{{ zabbix_proxy_dbuser }}" - password: "{{ ('md5' + (zabbix_proxy_dbpassword + zabbix_proxy_dbuser)|hash('md5')) if zabbix_proxy_dbpassword_hash_method == 'md5' else zabbix_proxy_dbpassword }}" - port: "{{ zabbix_proxy_dbport }}" - priv: ALL - state: present - encrypted: true - when: - - zabbix_proxy_database_creation - - zabbix_proxy_pgsql_login_host is defined - tags: - - database - -- name: "PostgreSQL | Handle Compressed Schema File" - ansible.builtin.set_fact: - zabbix_proxy_cat_cmd: zcat - when: "'.gz' in ls_output_schema.stdout" - tags: - - database - -- name: "PostgreSQL | Importing schema file" - ansible.builtin.shell: | - set -euxo pipefail - {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | psql -h '{{ zabbix_proxy_dbhost }}' -U '{{ zabbix_proxy_dbuser }}' -d '{{ zabbix_proxy_dbname }}' - touch /etc/zabbix/schema.done - args: - creates: /etc/zabbix/schema.done - executable: /bin/bash - environment: - PGPASSWORD: "{{ zabbix_proxy_dbpassword }}" - become: true - when: - - zabbix_proxy_database_creation - tags: - - database diff --git a/roles/zabbix_proxy/tasks/sqlite3.yml b/roles/zabbix_proxy/tasks/sqlite3.yml deleted file mode 100644 index 3d74b73e7..000000000 --- a/roles/zabbix_proxy/tasks/sqlite3.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# task file for sqlite3 - -- name: "Sqlite3 | Default Database Path" - ansible.builtin.set_fact: - zabbix_proxy_dbname: /var/lib/zabbix/zabbix_proxy.db - when: - - zabbix_proxy_dbname == "zabbix_proxy" - tags: - - database - -- name: "Sqlite3 | Create database" - ansible.builtin.file: - name: "{{ zabbix_proxy_dbname | dirname }}" - mode: 0744 - owner: "{{ zabbix_os_user }}" - group: "{{ zabbix_os_user }}" - seuser: system_u - serole: object_r - setype: zabbix_var_lib_t - state: directory - become: true - when: - - zabbix_proxy_database_creation - tags: - - database - -- name: "Sqlite3 | Handle Compressed Schema File" - ansible.builtin.set_fact: - zabbix_proxy_cat_cmd: zcat - when: "'.gz' in ls_output_schema.stdout" - tags: - - database - -- name: "Sqlite3 | Importing schema file" - become: true - become_user: "{{ zabbix_os_user }}" - ansible.builtin.shell: | - set -euxo pipefail - {{ zabbix_proxy_cat_cmd }} {{ ls_output_schema.stdout }} | sqlite3 {{ zabbix_proxy_dbname }} - args: - creates: "{{ zabbix_proxy_dbname }}" - executable: /bin/bash - environment: - PGPASSWORD: "{{ zabbix_proxy_dbpassword }}" - when: - - zabbix_proxy_database_creation - tags: - - database - -- name: "Sqlite3 | Fix zabbix db file permission (SELinux)" - ansible.builtin.file: - path: "{{ zabbix_proxy_dbname }}" - state: file - seuser: system_u - serole: object_r - setype: zabbix_var_lib_t - become: true - when: - - ansible_selinux.status == "enabled" - - zabbix_proxy_database_creation - tags: - - database diff --git a/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 b/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 index 60ae3f0a5..3d585cbab 100644 --- a/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 +++ b/roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 @@ -7,9 +7,7 @@ # https://www.zabbix.com/documentation/{{ zabbix_proxy_version }}/en/manual/appendix/config/zabbix_proxy {{ (zabbix_proxy_allowroot is defined and zabbix_proxy_allowroot is not none) | ternary('','# ') }}AllowRoot={{ zabbix_proxy_allowroot | default('') }} -{% if zabbix_proxy_version is version('6.0', '>=') %} {{ (zabbix_proxy_allowunsupporteddbversions is defined and zabbix_proxy_allowunsupporteddbversions is not none) | ternary('','# ') }}AllowUnsupportedDBVersions={{ zabbix_proxy_allowunsupporteddbversions | default('') }} -{% endif %} {{ (zabbix_proxy_cachesize is defined and zabbix_proxy_cachesize is not none) | ternary('','# ') }}CacheSize={{ zabbix_proxy_cachesize | default('') }} {{ (zabbix_proxy_configfrequency is defined and zabbix_proxy_configfrequency is not none) | ternary('','# ') }}ConfigFrequency={{ zabbix_proxy_configfrequency | default('') }} {{ (zabbix_proxy_datasenderfrequency is defined and zabbix_proxy_datasenderfrequency is not none) | ternary('','# ') }}DataSenderFrequency={{ zabbix_proxy_datasenderfrequency | default('') }} diff --git a/roles/zabbix_proxy/vars/Debian.yml b/roles/zabbix_proxy/vars/Debian.yml index 8e5eb356c..e9e811b18 100644 --- a/roles/zabbix_proxy/vars/Debian.yml +++ b/roles/zabbix_proxy/vars/Debian.yml @@ -27,30 +27,37 @@ zabbix_valid_proxy_versions: - 6.2 - 6.0 -mysql_client_pkgs: +_zabbix_proxy_pgsql_dependencies: + - "{{ zabbix_proxy_install_database_client | ternary('postgresql-client', '') }}" + - python3-psycopg2 + +_zabbix_proxy_mysql_dependencies: # Debian "12": - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql "11": - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql "10": - mariadb-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql # Ubuntu "24": - default-mysql-client - "{{ zabbix_python_prefix }}-mysqldb" "22": - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql "20": - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql "18": - default-mysql-client - - "{{ zabbix_python_prefix }}-mysqldb" + - python3-pymysql + +_zabbix_proxy_sqlite3_dependencies: + - sqlite3 mysql_plugin: "18": mysql_native_password @@ -73,6 +80,9 @@ _zabbix_repo_default_deb_gpg_key_url_by_distrib: "22": https://repo.zabbix.com/zabbix-official-repo.key "20": https://repo.zabbix.com/zabbix-official-repo.key "18": https://repo.zabbix.com/zabbix-official-repo.key - _zabbix_proxy_fping6location: /usr/bin/fping6 _zabbix_proxy_fpinglocation: /usr/bin/fping + +_zabbix_proxy_packages: + - "zabbix-proxy-{{ zabbix_proxy_database }}" + - "zabbix-sql-scripts" diff --git a/roles/zabbix_proxy/vars/RedHat.yml b/roles/zabbix_proxy/vars/RedHat.yml index e8ee7e2ae..6a22ec36d 100644 --- a/roles/zabbix_proxy/vars/RedHat.yml +++ b/roles/zabbix_proxy/vars/RedHat.yml @@ -12,27 +12,24 @@ zabbix_valid_proxy_versions: - 6.2 - 6.0 -pgsql_depenencies: - "9": - - python3-psycopg2 - - postgresql - "8": - - python3-psycopg2 - - postgresql - "7": - - python-psycopg2 - - postgresql +_zabbix_proxy_pgsql_dependencies: + - "{{ zabbix_proxy_install_database_client | ternary('postgresql', '') }}" + - python3-psycopg2 -mysql_client_pkgs: +_zabbix_proxy_mysql_dependencies: "9": - - mysql + - "{{ zabbix_proxy_install_database_client | ternary('mysql', '') }}" - python3-PyMySQL "8": - - mysql + - "{{ zabbix_proxy_install_database_client | ternary('mysql', '') }}" - python3-PyMySQL "7": - - MariaDB-client - - MySQL-python + - "{{ zabbix_proxy_install_database_client | ternary('mariadb', '') }}" + - python3-PyMySQL + - python36-cryptography + +_zabbix_proxy_sqlite3_dependencies: + - sqlite selinux_pkgs: "9": @@ -53,3 +50,10 @@ mysql_plugin: _zabbix_proxy_fping6location: /usr/sbin/fping6 _zabbix_proxy_fpinglocation: /usr/sbin/fping + +_zabbix_proxy_packages: + - "zabbix-proxy-{{ zabbix_proxy_database }}-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" + - "zabbix-sql-scripts-{{ zabbix_proxy_version }}.{{ zabbix_proxy_version_minor }}" + +_zabbix_proxy_disable_repo: + - epel diff --git a/roles/zabbix_proxy/vars/main.yml b/roles/zabbix_proxy/vars/main.yml deleted file mode 100644 index 90779c270..000000000 --- a/roles/zabbix_proxy/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# vars file for zabbix_proxy -db_file_path: - "62": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" - "64": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" - "60": "/usr/share/zabbix-sql-scripts/{{ zabbix_proxy_db_long }}/proxy.sql" - "50": "/usr/share/doc/zabbix-proxy-{{ zabbix_proxy_database }}*/schema.sql.gz"