ansible/zabbix-server
ansible/zabbix-server
2
0
Fork 0
Code Issues 1 Pull requests Activity

feat: initial commit

Browse source
This commit is contained in:
Simon Cornet 2025-06-06 17:53:55 +02:00
commit 8cee41cfa8
16 changed files with 328 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
.ansible-lint Normal file
View file

@ -0,0 +1,23 @@
---
exclude_paths:
- ".gitlab/*"
- ".gitlab-ci.yml"
- "defaults/main.yaml"
- "meta/main.yaml"
- "vars/*"
kinds:
- playbook: "**/*.{yml,yaml}"
skip_list:
- "command-shell"
- "experimental"
- "git-latest"
- "no-changed-when"
- "no-handler"
- "name[casing]"
- "name[template]"
- "risky-file-permissions"
- "schema[playbook]"
- "var-naming[no-role-prefix]"

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
.ansible

18
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,18 @@
---
# gitLab ci stages
stages:
# deployment
- "gitleaks"
- "linting"
- "deployment"
# include jobs
include:
# deployment
- local: ".gitlab/gitleaks.yaml"
- local: ".gitlab/linting.yaml"
- local: ".gitlab/deployment.yaml"

32
.gitlab/deployment.yaml Normal file
View file

@ -0,0 +1,32 @@
---
# deploy ansible/roles/common code
deployment:
stage: "deployment"
image:
name: "cr.simoncor.net/siempie/ssh-client:v25.06.03"
entrypoint: ["/bin/sh", "-c"]
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# prepare ssh
before_script:
# prepare ssh
- |
# prepare ssh
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_CONFIG" > ~/.ssh/config
echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
# deployment commands
script:
- |
# install ansible roles dependancies
ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \
"sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"

18
.gitlab/gitleaks.yaml Normal file
View file

@ -0,0 +1,18 @@
---
# gitleaks
gitleaks:
stage: "gitleaks"
image:
name: "ghcr.io/gitleaks/gitleaks:latest"
variables:
GIT_DEPTH: 1
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# start linting
script:
- "gitleaks detect --source . --verbose --redact --max-decode-depth 1"

30
.gitlab/linting.yaml Normal file
View file

@ -0,0 +1,30 @@
---
# linting
ansible-lint:
stage: "linting"
image: "docker.io/pipelinecomponents/ansible-lint:0.79.0"
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
# start linting
script:
- "ansible-lint -c .ansible-lint ."
# yamllint
yamllint:
stage: "linting"
image: "registry.gitlab.com/pipeline-components/yamllint:0.35.0"
rules:
# run only on push to default branch
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
- when: "never"
script:
# run yamllint
- "yamllint ."

30
.yamllint Normal file
View file

@ -0,0 +1,30 @@
---
extends: 'default'
rules:
braces:
max-spaces-inside: 1
forbid: true
comments:
min-spaces-from-content: 1
comments-indentation: false
empty-lines:
max: 2
indentation:
spaces: 2
check-multi-line-strings: true
line-length:
max: 120
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: true
new-line-at-end-of-file: 'enable'
octal-values:
forbid-implicit-octal: true
forbid-explicit-octal: true
truthy:
allowed-values:
- 'true'
- 'false'
quoted-strings:
quote-type: 'any'
required: true

30
README.md Normal file
View file

@ -0,0 +1,30 @@
# Overview
This role the opinionated installation and configuration of a Zabbix Server.
## Supported Operating Systems
| Operating System | Version |
| --- | ----- |
| Debian | 12 |
## Variables
| Variable | Type | Default | Required |
| --- | --- | --- | --- |
| zabbix_server_db_name | string | `zabbix` | No |
| zabbix_server_db_user | string | `zabbix` | No |
| zabbix_server_db_pass | string(enc) | `zabbixpass` | No |
## Example usage
```yaml
zabbix_server_db_name: "zabbix"
zabbix_server_db_user: "zabbix"
zabbix_server_db_pass: !vault
$ANSIBLE_VAULT;1.1;AES256
31633463613336373164373333633038393164383835646633303163316665303934646363383530
...
```
```

9
defaults/main.yaml Normal file
View file

@ -0,0 +1,9 @@
---
# zabbix_version
zabbix_major_version: "7.2"
# zabbix server
zabbix_server_db_name: "zabbix"
zabbix_server_db_user: "zabbix"
zabbix_server_db_pass: "zabbixpass"

8
handlers/main.yaml Normal file
View file

@ -0,0 +1,8 @@
---
# zabbix server
- name: "restart zabbix-server"
ansible.builtin.service:
name: "zabbix-server"
state: "restarted"
enabled: true

8
meta/main.yaml Normal file
View file

@ -0,0 +1,8 @@
---
galaxy_info:
author: "siempie"
description: "install and configure a Zabbix Server"
license: "MIT"
role_name: "zabbix_server"
dependencies: []

7
renovate.json Normal file
View file

@ -0,0 +1,7 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "local>cicd/renovate" ],
"ansible": {
"fileMatch": [ "(.*).ya?ml$" ]
}
}

11
tasks/config.yaml Normal file
View file

@ -0,0 +1,11 @@
---
# config server
- name: "config server"
ansible.builtin.template:
src: "templates/zabbix/server/zabbix_server.conf.j2"
dest: "/etc/zabbix/zabbix_server.conf"
owner: "root"
group: "root"
mode: "0664"
notify: "restart zabbix-server"

31
tasks/install.yaml Normal file
View file

@ -0,0 +1,31 @@
---
# install zabbix-server
- name: "install zabbix-server"
when: "zabbix_major_version not in zabbix_current_version.stdout"
block:
# install repository - debian
- name: "install repository"
when: 'ansible_os_family == "Debian"'
block:
# remove old server
- name: "remove old server"
ansible.builtin.apt:
name: "{{ item }}"
state: "absent"
loop:
- "zabbix-server-mysql"
- "zabbix-sql-scripts"
# install agent
- name: "install agent"
ansible.builtin.apt:
name: "{{ item }}"
state: "present"
update_cache: true
when: 'ansible_os_family == "Debian"'
loop:
- "zabbix-server-mysql"
- "zabbix-sql-scripts"

31
tasks/main.yaml Normal file
View file

@ -0,0 +1,31 @@
---
# load variables and collect version information
- name: "include vars and collect versions"
tags:
- "zabbix_agent_install"
- "zabbix_agent_config"
block:
# collect zabbix-agent2 version information
- name: "collect version information"
ansible.builtin.shell:
cmd: "zabbix_agent2 --version | head -n 1"
changed_when: false
failed_when: false
ignore_errors: true
register: "zabbix_current_version"
# zabbix-agent install
- name: "zabbix-agent install"
ansible.builtin.import_tasks: "install.yaml"
tags:
- "zabbix_agent_install"
# zabbix-agent config
- name: "zabbix-agent config"
ansible.builtin.import_tasks: "config.yaml"
tags:
- "zabbix_agent_config"

41
templates/zabbix/zabbix_server.conf.j2 Normal file
View file

@ -0,0 +1,41 @@
# general
ListenPort=10051
LogType=system
DebugLevel=1
PidFile=/var/run/zabbix/zabbix_server.pid
# database
DBHost=127.0.0.1
DBPort=3306
DBName={{ zabbix_server_db_name }}
DBUser={{ zabbix_server_db_user }}
DBPassword={{ zabbix_server_db_pass }}
DBSocket=/var/run/mysqld/mysqld.sock
# poller parameters
StartPollers=10
StartPollersUnreachable=10
StartTrappers=10
StartPingers=5
StartDiscoverers=5
StartHTTPPollers=5
StartTimers=5
# other parameters
HousekeepingFrequency=1
MaxHousekeeperDelete=10000
CacheSize=64M
CacheUpdateFrequency=90
StartDBSyncers=30
HistoryCacheSize=64M
TrendCacheSize=32M
ValueCacheSize=32M
Timeout=15
UnreachablePeriod=30
UnavailableDelay=30
UnreachableDelay=10
LogSlowQueries=1000
# locations
FpingLocation=/usr/bin/fping
Fping6Location=/usr/bin/fping6