senke/talas-group
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talas-group/04_INFRA_DEPLOIEMENT/Ansible/roles/zabbix_proxy/tasks/main.yml
senke 66471934af Initial commit: Talas Group project management & documentation 
Knowledge base of ~80+ markdown files across 14 domains (00-13),
Logseq graph, hardware design files (KiCAD), infrastructure configs,
and talas-wiki static site.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 20:10:41 +02:00

181 lines
5.9 KiB
YAML
Raw Blame History

---
# file: roles/zabbix_proxy/tasks/main.yml
- name: "flush handlers to reload postgres to allow authentication"
ansible.builtin.meta: flush_handlers
tags: zabbix_proxy
- name: "set fact for version <= 7.0"
ansible.builtin.set_fact:
zabbix_repository_url: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}_all.deb"
when: zabbix_version is version('7.0','<=')
tags: zabbix_proxy
- name: "set fact for version > 7.0"
ansible.builtin.set_fact:
zabbix_repository_url: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/{{ ansible_distribution | lower }}/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}_all.deb"
when: zabbix_version is version('7.0','>')
tags: zabbix_proxy
- name: "repository"
ansible.builtin.apt:
deb: "{{ zabbix_repository_url }}"
register: zabbix_repository
tags: zabbix_proxy
- name: "refresh apt if repo was modified"
ansible.builtin.apt:
update_cache: true
when: zabbix_repository.changed
tags: zabbix_proxy
- name: "apt install zabbix-get zabbix-proxy-pgsql snmp-mibs-downloader bc"
ansible.builtin.apt:
name:
- zabbix-get
- zabbix-proxy-pgsql
- zabbix-sql-scripts
- snmp-mibs-downloader
- bc
- python3-psycopg2
tags: zabbix_proxy
- name: "/etc/zabbix/zabbix_proxy.conf"
ansible.builtin.template:
src: zabbix_proxy.conf.j2
dest: /etc/zabbix/zabbix_proxy.conf
backup: yes
owner: zabbix
notify: restart zabbix_proxy
tags:
- zabbix_proxy
- zabbix_proxy_config
- name: "zabbix_proxy_psk handling"
block:
- name: "get zabbix_proxy_psk from hashicorp vault"
ansible.builtin.set_fact:
zabbix_proxy_psk: "{{ lookup('hashi_vault', 'secret=cosium-kv/data/' + host_vars_location + '/' + ansible_hostname)['zabbix_proxy_psk'] }}"
rescue:
- name: "generate a random password for zabbix_proxy_psk"
ansible.builtin.set_fact:
zabbix_proxy_psk: "{{ lookup('password','/dev/null chars=hexdigits length=512') | lower }}"
- name: "patching hashicorp vault with 'zabbix_proxy_psk'"
delegate_to: localhost
become: no
ansible.builtin.command: "vault kv patch cosium-kv/{{ host_vars_location }}/{{ ansible_hostname }} zabbix_proxy_psk={{ zabbix_proxy_psk }}"
notify: restart zabbix_proxy
always:
- name: "/etc/zabbix/zabbix_proxy.psk"
ansible.builtin.copy:
content: "{{ zabbix_proxy_psk }}"
dest: /etc/zabbix/zabbix_proxy.psk
owner: zabbix
mode: 0400
notify: restart zabbix_proxy
tags:
- zabbix_proxy
- zabbix_proxy_config
- name: "check if the database is initialised"
community.postgresql.postgresql_query:
login_db: zabbix_proxy
login_host: localhost
port: 6432
login_user: zabbix
login_password: "{{ lookup('hashi_vault', 'secret=cosium-kv/data/' + host_vars_location + '/' + ansible_hostname)['postgres_user_zabbix_password'] }}"
query: "SELECT 1 FROM proxy_history LIMIT 1"
register: zabbix_database_status
ignore_errors: true
check_mode: false
changed_when: false
tags: zabbix_proxy
- name: "create the database schema"
community.postgresql.postgresql_db:
login_host: localhost
port: 6432
login_user: zabbix
login_password: "{{ lookup('hashi_vault', 'secret=cosium-kv/data/' + host_vars_location + '/' + ansible_hostname)['postgres_user_zabbix_password'] }}"
name: zabbix_proxy
state: restore
target: "/usr/share/zabbix/sql-scripts/postgresql/proxy.sql"
when: zabbix_database_status.failed
tags: zabbix_proxy
- name: "partition table proxy_history"
import_tasks: proxy_history_partition.yml
tags: zabbix_proxy
- name: "directory /etc/zabbix/externalscripts"
file:
path: /etc/zabbix/externalscripts
state: directory
tags:
- zabbix_proxy
- zabbix_proxy_config
- name: "externalscripts"
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/externalscripts/{{ item }}"
mode: "0755"
loop:
- zext_ssl_cert.sh
tags:
- zabbix_proxy
- zabbix_proxy_config
- name: "/etc/systemd/system/zabbix-proxy.service"
ansible.builtin.copy:
src: "zabbix-proxy.service"
dest: "/etc/systemd/system/zabbix-proxy.service"
notify:
- systemctl daemon-reload
- restart zabbix_proxy
tags: zabbix_proxy
- name: "make sure zabbix-proxy.service is enabled"
ansible.builtin.systemd_service:
name: zabbix-proxy.service
enabled: true
tags: zabbix_proxy
- name: "get zabbix api token ~/.ansible_zabbix_api_token"
ansible.builtin.slurp:
src: "~/.ansible_zabbix_api_token"
delegate_to: localhost
become: false
run_once: true
register: zabbix_user_api_token_slurp
check_mode: false
when: zabbix_proxy_add_host_on_zabbix_server
tags: zabbix_proxy
- name: "set fact zabbix_user_api_token"
set_fact:
zabbix_user_api_token: "{{ zabbix_user_api_token_slurp['content'] | b64decode | trim | ansible.builtin.mandatory }}"
run_once: true
when: zabbix_proxy_add_host_on_zabbix_server
tags: zabbix_proxy
- name: "make sure zabbix proxy is added on zabbix"
vars:
ansible_zabbix_auth_key: "{{ hostvars[inventory_hostname]['zabbix_user_api_token'] }}" # Use hostvars to access fact from task vars scope
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_zabbix_url_path: ""
delegate_to: "{{ global_zabbix_server }}"
become: false
community.zabbix.zabbix_proxy:
proxy_name: "{{ ansible_hostname }}"
status: active
state: present
proxy_address: "{{ ansible_host }}"
tls_accept: PSK
tls_psk_identity: "PSK {{ ansible_hostname }}"
tls_psk: "{{ zabbix_proxy_psk }}"
when: zabbix_proxy_add_host_on_zabbix_server
tags: zabbix_proxy
Reference in a new issue View git blame Copy permalink