ansible/zabbix-proxy
ansible/zabbix-proxy
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: initial commit

Browse source
This commit is contained in:
Simon Cornet 2025-06-06 18:08:13 +02:00
commit 29bec6f965
17 changed files with 343 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
.ansible-lint Normal file
View file

@ -0,0 +1,23 @@
---
exclude_paths:
- ".gitlab/*"
- ".gitlab-ci.yml"
- "defaults/main.yaml"
- "meta/main.yaml"
- "vars/*"
kinds:
- playbook: "**/*.{yml,yaml}"
skip_list:
- "command-shell"
- "experimental"
- "git-latest"
- "no-changed-when"
- "no-handler"
- "name[casing]"
- "name[template]"
- "risky-file-permissions"
- "schema[playbook]"
- "var-naming[no-role-prefix]"

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.ansible

18
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,18 @@
---
# gitLab ci stages
stages:
# deployment
- "gitleaks"
- "linting"
- "deployment"
# include jobs
include:
# deployment
- local: ".gitlab/gitleaks.yaml"
- local: ".gitlab/linting.yaml"
- local: ".gitlab/deployment.yaml"

32
.gitlab/deployment.yaml Normal file
View file

@ -0,0 +1,32 @@
---
# deploy ansible/roles/common code
deployment:
stage: "deployment"
image:
name: "cr.simoncor.net/siempie/ssh-client:v25.06.03"
entrypoint: ["/bin/sh", "-c"]
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# prepare ssh
before_script:
# prepare ssh
- |
# prepare ssh
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_CONFIG" > ~/.ssh/config
echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
# deployment commands
script:
- |
# install ansible roles dependancies
ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \
"sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"

18
.gitlab/gitleaks.yaml Normal file
View file

@ -0,0 +1,18 @@
---
# gitleaks
gitleaks:
stage: "gitleaks"
image:
name: "ghcr.io/gitleaks/gitleaks:latest"
variables:
GIT_DEPTH: 1
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# start linting
script:
- "gitleaks detect --source . --verbose --redact --max-decode-depth 1"

30
.gitlab/linting.yaml Normal file
View file

@ -0,0 +1,30 @@
---
# linting
ansible-lint:
stage: "linting"
image: "docker.io/pipelinecomponents/ansible-lint:0.79.0"
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# start linting
script:
- "ansible-lint -c .ansible-lint ."
# yamllint
yamllint:
stage: "linting"
image: "registry.gitlab.com/pipeline-components/yamllint:0.35.0"
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
script:
# run yamllint
- "yamllint ."

30
.yamllint Normal file
View file

@ -0,0 +1,30 @@
---
extends: 'default'
rules:
braces:
max-spaces-inside: 1
forbid: true
comments:
min-spaces-from-content: 1
comments-indentation: false
empty-lines:
max: 2
indentation:
spaces: 2
check-multi-line-strings: true
line-length:
max: 120
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: true
new-line-at-end-of-file: 'enable'
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true
truthy:
allowed-values:
- 'true'
- 'false'
quoted-strings:
quote-type: 'any'
required: true

30
README.md Normal file
View file

@ -0,0 +1,30 @@
# Overview
This role the opinionated installation and configuration of a Zabbix Proxy.
## Supported Operating Systems
| Operating System | Version |
| --- | ----- |
| Debian | 12 |
## Variables
| Variable | Type | Default | Required |
| --- | --- | --- | --- |
| zabbix_proxy_psk_id | string | | Yes |
| zabbix_proxy_psk | string(enc) | | Yes |
| zabbix_server_host | string | `zabbix.siempie.internal` | No |
## Example usage
```yaml
zabbix_server_host: "zabbix.siempie.internal"
zabbix_proxy_psk_id: "proxy-siempie"
zabbix_proxy_psk: !vault
$ANSIBLE_VAULT;1.1;AES256
31633463613336373164373333633038393164383835646633303163316665303934646363383530
...
```
```

7
defaults/main.yaml Normal file
View file

@ -0,0 +1,7 @@
---
# zabbix_version
zabbix_major_version: "7.2"
# zabbix proxy
zabbix_server_host: "zabbix.siempie.internal"

8
handlers/main.yaml Normal file
View file

@ -0,0 +1,8 @@
---
# zabbix proxy
- name: "restart zabbix-proxy"
ansible.builtin.service:
name: "zabbix-proxy"
state: "restarted"
enabled: true

8
meta/main.yaml Normal file
View file

@ -0,0 +1,8 @@
---
galaxy_info:
author: "siempie"
description: "install and configure a Zabbix Server"
license: "MIT"
role_name: "zabbix_server"
dependencies: []

7
renovate.json Normal file
View file

@ -0,0 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "local>cicd/renovate" ],
"ansible": {
"fileMatch": [ "(.*).ya?ml$" ]
}
}

21
tasks/config.yaml Normal file
View file

@ -0,0 +1,21 @@
---
# configure psk
- name: "configure psk"
ansible.builtin.template:
src: "templates/zabbix/zabbix_proxy.psk.j2"
dest: "/etc/zabbix/zabbix_proxy.psk"
owner: "zabbix"
group: "zabbix"
mode: "0640"
notify: "restart zabbix-proxy"
# config proxy
- name: "configure zabbix-proxy"
ansible.builtin.template:
src: "templates/zabbix/zabbix_proxy.conf.j2"
dest: "/etc/zabbix/zabbix_proxy.conf"
owner: "root"
group: "root"
mode: "0664"
notify: "restart zabbix-proxy"

34
tasks/install.yaml Normal file
View file

@ -0,0 +1,34 @@
---
# install zabbix-server
- name: "install zabbix-server"
when: "zabbix_major_version not in zabbix_current_version.stdout"
block:
# install repository - debian
- name: "install repository"
when: 'ansible_os_family == "Debian"'
block:
# remove old proxy
- name: "remove old proxy"
ansible.builtin.apt:
name: "zabbix-proxy"
state: "absent"
loop:
- "zabbix-proxy"
# install zabbix proxy
- name: "install zabbix-proxy"
ansible.builtin.apt:
name: "zabbix-proxy-sqlite3"
state: "present"
update_cache: true
# create zabbix db directory
- name: "create zabbix db directory"
ansible.builtin.file:
path: "/usr/lib/zabbix/proxy/"
state: "directory"
owner: "zabbix"
group: "zabbix"

28
tasks/main.yaml Normal file
View file

@ -0,0 +1,28 @@
---
# load variables and collect version information
- name: "include vars and collect versions"
block:
# collect zabbix-proxy version information
- name: "collect version information"
ansible.builtin.shell:
cmd: "zabbix_proxy --version | head -n 1"
changed_when: false
failed_when: false
ignore_errors: true
register: "zabbix_current_version"
# zabbix-proxy install
- name: "zabbix-proxy install"
ansible.builtin.import_tasks: "install.yaml"
tags:
- "zabbix_proxy_install"
# zabbix-proxy config
- name: "zabbix-proxy config"
ansible.builtin.import_tasks: "config.yaml"
tags:
- "zabbix_proxy_config"

47
templates/zabbix/zabbix_proxy.conf.j2 Normal file
View file

@ -0,0 +1,47 @@
# general
ProxyMode=0
Server={{ zabbix_server_host }}
Hostname={{ inventory_hostname }}
ListenPort=10051
EnableRemoteCommands=1
DBName=/usr/lib/zabbix/proxy/zabbix.db
PidFile=/run/zabbix/zabbix_proxy.pid
SocketDir=/run/zabbix
AllowRoot=0
User=zabbix
# logging
LogType=system
DebugLevel=1
# tls
TLSConnect=psk
TLSPSKIdentity={{ zabbix_proxy_psk_id }}
TLSPSKFile=/etc/zabbix/zabbix_proxy.psk
# general proxy parameters
ProxyLocalBuffer=1
ProxyOfflineBuffer=1
DataSenderFrequency=2
# advanced proxy parameters
StartPollers=25
StartIPMIPollers=1
StartPreprocessors=5
StartPollersUnreachable=10
StartTrappers=25
StartPingers=10
StartDiscoverers=10
StartHTTPPollers=25
# other
HousekeepingFrequency=1
CacheSize=32M
Timeout=5
UnreachablePeriod=10
UnreachableDelay=5
UnavailableDelay=60
FpingLocation=/usr/bin/fping
Fping6Location=/usr/bin/fping6
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1

1
templates/zabbix/zabbix_proxy.psk.j2 Normal file
View file

@ -0,0 +1 @@
{{ zabbix_proxy_psk }}