110 lines
2.6 KiB
YAML
110 lines
2.6 KiB
YAML
- name: load zabbix secrets
|
|
include_vars: '{{ item }}'
|
|
with_fileglob:
|
|
- vault/zabbix
|
|
tags: always
|
|
|
|
- name: ensure zabbix packages are installed
|
|
package:
|
|
name={{ zbx_srv_required_packages|join(',') }}
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure users can connect to postgresql socket
|
|
seboolean:
|
|
name=selinuxuser_postgresql_connect_enabled
|
|
state=yes
|
|
persistent=yes
|
|
|
|
- name: ensure zabbix database user exists
|
|
become: true
|
|
become_user: postgres
|
|
postgresql_user:
|
|
name: "{{ zabbix_db_user }}"
|
|
password: "{{ zabbix_db_password|d(omit) }}"
|
|
state: present
|
|
- name: ensure zabbix database exists
|
|
become: true
|
|
become_user: postgres
|
|
postgresql_db:
|
|
name={{ zabbix_db_name }}
|
|
owner={{ zabbix_db_user }}
|
|
state=present
|
|
- name: ensure zabbix database is populated
|
|
become: false
|
|
zabbix_db_schema:
|
|
username: '{{ zabbix_db_user }}'
|
|
database: '{{ zabbix_db_name }}'
|
|
password: '{{ zabbix_db_password|d(omit) }}'
|
|
host: '{{ zabbix_db_host|d(omit) }}'
|
|
|
|
- name: ensure zabbix server temporary directory exists
|
|
file:
|
|
path=/var/tmp/zabbixsrv
|
|
mode=0750
|
|
owner=zabbixsrv
|
|
group=zabbixsrv
|
|
seuser=system_u
|
|
setype=zabbix_tmp_t
|
|
state=directory
|
|
|
|
- name: ensure zabbix server is configured
|
|
template:
|
|
src=zabbix_server.conf.j2
|
|
dest=/etc/zabbix_server.conf
|
|
owner=root
|
|
group=zabbixsrv
|
|
mode=0640
|
|
notify: restart zabbix server
|
|
|
|
- name: ensure zabbix is allowed in firewall
|
|
firewalld:
|
|
port=10051/tcp
|
|
permanent=no
|
|
immediate=yes
|
|
state=enabled
|
|
notify: save firewalld configuration
|
|
tags:
|
|
- firewalld
|
|
- name: ensure zabbix server can connect to the network
|
|
seboolean:
|
|
name=zabbix_can_network
|
|
state=yes
|
|
persistent=yes
|
|
|
|
- name: ensure zabbix server starts at boot
|
|
service:
|
|
name=zabbix-server-pgsql
|
|
enabled=yes
|
|
- meta: flush_handlers
|
|
- name: ensure zabbix server is running
|
|
service:
|
|
name=zabbix-server-pgsql
|
|
state=started
|
|
|
|
- name: ensure php is configured for zabbix front end
|
|
template:
|
|
src=zabbix-php.httpd.conf.j2
|
|
dest=/etc/httpd/conf.d/zabbix-php.conf
|
|
mode=0644
|
|
notify: reload httpd
|
|
- name: ensure zabbix web gui is configured
|
|
template:
|
|
src=zabbix.conf.php.j2
|
|
dest=/etc/zabbix/web/zabbix.conf.php
|
|
owner=root
|
|
group=apache
|
|
mode=0640
|
|
- name: ensure zabbix web gui redirect is configured
|
|
template:
|
|
src=zabbix-redir.httpd.conf.j2
|
|
dest=/etc/httpd/conf.d/zabbix-redir.conf
|
|
mode=0644
|
|
notify: reload httpd
|
|
- name: ensure apache can connect to zabbix
|
|
seboolean:
|
|
name=httpd_can_network_connect
|
|
persistent=yes
|
|
state=yes
|