diff --git a/README.md b/README.md index e69de29..be3b56a 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,13 @@ +# Ansible role that configures Zabbix Server in a server or container + +To be used with Ansible-pull: +```console +apt install ansible +ansible-pull -U "ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-zabbix-server.git" +``` + +Based on [Official Zabbix Server Role][1] + +[1]: https://github.com/ansible-collections/community.zabbix/tree/main/roles/zabbix_server + + diff --git a/local.yml b/local.yml new file mode 100644 index 0000000..07485df --- /dev/null +++ b/local.yml @@ -0,0 +1,14 @@ +- hosts: localhost + gather_facts: yes + user: root + + roles: + - zabbix_server + + vars: + zabbix_admin_user: sistemas + zabbix_external_url: 'https://push.agofer.net' + zabbix_repo_deb_gpg_key_url: http://repo.zabbix.com/zabbix-official-repo.key + zabbix_repo_gpg_key: '/etc/apt/keyrings/zabbix-repo.asc' + +#key: 'https://repo.zabbix.com/zabbix-official-repo-apr2024.gpg' diff --git a/roles/zabbix_server/meta/main.yml b/roles/zabbix_server/meta/main.yml new file mode 100644 index 0000000..260fbda --- /dev/null +++ b/roles/zabbix_server/meta/main.yml @@ -0,0 +1,6 @@ +--- +# Meta: Dependencias de servidor zabbix + +dependencies: + - { role: zabbix_common } +# - { role: postgresql } diff --git a/roles/zabbix_server/tasks/instalar_gchat_media_type.yml b/roles/zabbix_server/tasks/instalar_gchat_media_type.yml new file mode 100644 index 0000000..7bfa527 --- /dev/null +++ b/roles/zabbix_server/tasks/instalar_gchat_media_type.yml @@ -0,0 +1,101 @@ +--- +# Instala Media Type para enviar notificaciones via Google Chat +# a un webhook creado en una sala de Chat. + +- name: Crear Media Type en servidor Zabbix usando API + zabbix_mediatype: + name: Webhook a Google Chat + description: 'Ver https://developers.google.com/hangouts/chat/how-tos/webhooks' + server_url: "http://{{ hostvars['zabbix_server'].ansible_fqdn }}/zabbix" + login_user: "{{ zabbix_admin_user }}" + login_password: "{{ zabbix_admin_pass }}" + type: 'webhook' + webhook_script: "{{ lookup('file', 'gchat_webhook.js') }}" + webhook_params: + - name: alert_message + value: '{ALERT.MESSAGE}' + - name: alert_subject + value: '{ALERT.SUBJECT}' + - name: event_date + value: '{EVENT.DATE}' + - name: event_id + value: '{EVENT.ID}' + - name: event_nseverity + value: '{EVENT.NSEVERITY}' + - name: event_opdata + value: '{EVENT.OPDATA}' + - name: event_recovery_date + value: '{EVENT.RECOVERY.DATE}' + - name: event_recovery_time + value: '{EVENT.RECOVERY.TIME}' + - name: event_severity + value: '{EVENT.SEVERITY}' + - name: event_source + value: '{EVENT.SOURCE}' + - name: event_status + value: '{EVENT.STATUS}' + - name: event_tags + value: '{EVENT.TAGS}' + - name: event_time + value: '{EVENT.TIME}' + - name: event_update_action + value: '{EVENT.UPDATE.ACTION}' + - name: event_update_date + value: '{EVENT.UPDATE.DATE}' + - name: event_update_message + value: '{EVENT.UPDATE.MESSAGE}' + - name: event_update_status + value: '{EVENT.UPDATE.STATUS}' + - name: event_update_time + value: '{EVENT.UPDATE.TIME}' + - name: event_update_user + value: '{USER.FULLNAME}' + - name: event_value + value: '{EVENT.VALUE}' + - name: gchat_endpoint + value: '{{ zabbix_gchat_endpoint }}' + - name: host_ip + value: '{HOST.IP}' + - name: host_name + value: '{HOST.NAME}' + - name: HTTPProxy + value: '' + - name: trigger_description + value: '{TRIGGER.DESCRIPTION}' + - name: trigger_id + value: '{TRIGGER.ID}' + - name: use_default_message + value: 'false' + - name: zabbix_url + value: '{{ zabbix_external_url }}' + message_templates: + - eventsource: triggers + recovery: operations + subject: "{EVENT.NAME}" + body: | + Problem started at {EVENT.TIME} on {EVENT.DATE} + Problem name: {EVENT.NAME} + Host: {HOST.NAME} + Severity: {EVENT.SEVERITY} + {TRIGGER.URL} + - eventsource: triggers + recovery: recovery_operations + subject: "Resolved: {EVENT.NAME}" + body: | + Problem has been resolved at {EVENT.RECOVERY.TIME} on {EVENT.RECOVERY.DATE} + Problem name: {EVENT.NAME} + Host: {HOST.NAME} + Severity: {EVENT.SEVERITY} + Original problem ID: {EVENT.ID} + {TRIGGER.URL} + - eventsource: triggers + recovery: update_operations + subject: "Updated: {EVENT.NAME}" + body: | + {USER.FULLNAME} {EVENT.UPDATE.ACTION} problem at {EVENT.UPDATE.DATE} {EVENT.UPDATE.TIME}. + {EVENT.UPDATE.MESSAGE} + Current problem status is {EVENT.STATUS}, acknowledged: {EVENT.ACK.STATUS}. + state: present + webhook_timeout: '30s' + delegate_to: ansible_server + diff --git a/roles/zabbix_server/tasks/instalar_plantilla_extensiones.yml b/roles/zabbix_server/tasks/instalar_plantilla_extensiones.yml new file mode 100644 index 0000000..569e716 --- /dev/null +++ b/roles/zabbix_server/tasks/instalar_plantilla_extensiones.yml @@ -0,0 +1,27 @@ +--- +# Enlace git zabbix para templates 6.4 +# https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates?at=release%2F6.4 +# +# Se debe modificar con los nuevos templates +# Descarga e instala plantilla para OS Linux que corresponde a las extensiones +# de agente Zabbix instaladas por el rol zabbix_agent_extensions +# +# +# + +- name: Descargar plantilla en formato XML + get_url: + url: 'https://raw.githubusercontent.com/scoopex/zabbix-agent-extensions/master/zabbix_templates/5.2/custom-os-linux.xml' + dest: '{{ role_path }}/files/agent_extensions_5.2_custom_os_linux.xml' + mode: '0444' + delegate_to: ansible_server + +- name: Importar plantilla en servidor Zabbix usando API + zabbix_template: + server_url: "http://{{ hostvars['zabbix_server'].ansible_fqdn }}/zabbix" + login_user: "{{ zabbix_admin_user }}" + login_password: "{{ zabbix_admin_pass }}" + template_xml: "{{ lookup('file', 'agent_extensions_5.2_custom_os_linux.xml') }}" + state: present + delegate_to: ansible_server + diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml new file mode 100644 index 0000000..6c40fda --- /dev/null +++ b/roles/zabbix_server/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Instalar servidor zabbix + +- name: Leer variables de acuerdo a la version de Ubuntu + include_vars: "{{ ansible_lsb.codename }}.yml" + +- name: Descargar llave del repositorio + get_url: + url: "{{ zabbix_repo_deb_gpg_key_url }}" + dest: "{{ zabbix_repo_gpg_key }}" + mode: "0644" + +- name: Agregar repositorio zabbix en nuevo formato + deb822_repository: + name: Zabbix + enabled: true + types: deb + uris: '{{ zabbix_repo822.uri }}' + suites: '{{ zabbix_repo822.dist }}' + components: main + architectures: '{{ zabbix_repo822.arch }}' + signed_by: '{{ zabbix_repo_gpg_key }}' + +- name: Instalar servidor Zabbix + apt: + pkg: '{{ paquetes_zabbix_server }}' + state: 'latest' + diff --git a/roles/zabbix_server/tasks/reemplazar_envio_mensajes.yml b/roles/zabbix_server/tasks/reemplazar_envio_mensajes.yml new file mode 100644 index 0000000..2127869 --- /dev/null +++ b/roles/zabbix_server/tasks/reemplazar_envio_mensajes.yml @@ -0,0 +1,22 @@ +--- +# Reemplazar envio de mensajes XMPP con programa externo + +- name: Instalar sendxmpp para envío de mensajes por línea de comandos + apt: + name: 'sendxmpp' + state: latest + +- name: Crear archivo de configuración sendxmpp + template: + src: 'sendxmpprc.j2' + dest: '/etc/zabbix/sendxmpprc' + mode: 0600 + owner: 'zabbix' + group: 'zabbix' + +- name: Crear script para enviar mensajes zabbix usando sendxmpp + copy: + src: 'xmpp.sh' + dest: '/usr/lib/zabbix/alertscripts/xmpp.sh' + mode: 0755 + diff --git a/roles/zabbix_server/tasks/templates.yml b/roles/zabbix_server/tasks/templates.yml new file mode 100644 index 0000000..efb7f53 --- /dev/null +++ b/roles/zabbix_server/tasks/templates.yml @@ -0,0 +1,129 @@ +# github https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates?at=refs%2Fheads%2Frelease%2F6.4 +--- +- name: Crear la carpeta de destino si no existe + file: + path: /usr/share/agofer/repositorio_zabbix + state: directory + mode: '0755' + +#- name: Clonar el repositorio de GitHub con profundidad 1 +# command: git clone --depth=1 https://git.zabbix.com/scm/zbx/zabbix.git /home/sistemas/repositorio_zabbix +# args: +# creates: /home/sistemas/repositorio_zabbix/.git +# +#- name: Crear la carpeta de destino en el directorio del rol si no existe +# file: +# path: "{{ role_path }}/files" +# state: directory +# mode: '0755' +# +#- name: Mover el contenido del repositorio al directorio del rol +# copy: +# src: "{{ item }}" +# dest: "{{ role_path }}/files/" +# remote_src: yes +# with_fileglob: +# - "/home/sistemas/repositorio_zabbix/*" +# +#- name: Limpiar directorios temporales +# file: +# path: /home/sistemas/repositorio_zabbix +# state: absent + +#- name: Import Zabbix templates from JSON +# # set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# community.zabbix.zabbix_template: +# template_json: "{{ lookup('file', 'zabbix_apache2.json') }}" +# state: present + +#- name: Import Zabbix templates from XML +# set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# zabbix_template: +# template_xml: "{{ lookup('file', 'zabbix_apache2.xml') }}" +# state: present + +#- name: Import Zabbix template from Ansible dict variable +# set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# zabbix_template: +# template_json: +# zabbix_export: +# version: "3.2" +# templates: +# - name: Template for Testing +# description: "Testing template import" +# template: Test Template +# groups: +# - name: Templates +# state: present +# +#- name: Configure macros on the existing Zabbix template +# # set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# zabbix_template: +# template_name: Template +# macros: +# - macro: "{$TEST_MACRO}" +# value: "Example" +# state: present +# +#- name: Add tags to the existing Zabbix template +# set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# zabbix_template: +# template_name: Template +# tags: +# - tag: class +# value: application +# state: present +# +#- name: Delete Zabbix template +# set task level variables as we change ansible_connection plugin here +# vars: +# ansible_network_os: community.zabbix.zabbix +# ansible_connection: httpapi +# ansible_httpapi_port: 80 +# ansible_httpapi_use_ssl: false +# ansible_httpapi_validate_certs: false +# ansible_zabbix_url_path: '' +# become: False +# zabbix_template: +# template_name: Template +# state: absent diff --git a/roles/zabbix_server/templates/nginx.conf.j2 b/roles/zabbix_server/templates/nginx.conf.j2 new file mode 100644 index 0000000..42433b8 --- /dev/null +++ b/roles/zabbix_server/templates/nginx.conf.j2 @@ -0,0 +1,63 @@ +{{ ansible_managed | comment }} + +server { + listen 80; + server_name servidorc0c8.dmz.agofer; + + root /usr/share/zabbix; + + index index.php; + + location = /favicon.ico { + log_not_found off; + } + + location / { + try_files $uri $uri/ =404; + } + + location /assets { + access_log off; + expires 10d; + } + + location ~ /\.ht { + deny all; + } + + location ~ /(api\/|conf[^\.]|include|locale) { + deny all; + return 404; + } + + location /vendor { + deny all; + return 404; + } + + location ~ [^/]\.php(/|$) { + fastcgi_pass unix:/var/run/php/zabbix.sock; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + + fastcgi_param DOCUMENT_ROOT /usr/share/zabbix; + fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name; + fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } +} diff --git a/roles/zabbix_server/templates/php-fpm.conf.j2 b/roles/zabbix_server/templates/php-fpm.conf.j2 new file mode 100644 index 0000000..fd96aa1 --- /dev/null +++ b/roles/zabbix_server/templates/php-fpm.conf.j2 @@ -0,0 +1,24 @@ +[zabbix] +user = www-data +group = www-data + +listen = /var/run/php/zabbix.sock +listen.owner = www-data +listen.allowed_clients = 127.0.0.1 + +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 35 +pm.max_requests = 200 + +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php/sessions/ + +php_value[max_execution_time] = 300 +php_value[memory_limit] = 128M +php_value[post_max_size] = 16M +php_value[upload_max_filesize] = 2M +php_value[max_input_time] = 300 +php_value[max_input_vars] = 10000 diff --git a/roles/zabbix_server/templates/sendxmpprc.j2 b/roles/zabbix_server/templates/sendxmpprc.j2 new file mode 100644 index 0000000..0523953 --- /dev/null +++ b/roles/zabbix_server/templates/sendxmpprc.j2 @@ -0,0 +1,5 @@ +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Configuracion de sendxmpp para enviar mensajes jabber por linea de comandos +# {{ ansible_managed }} +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +pbx@agofer.com.co;talk.google.com:5222 64sXAapzYN8hMNE agofer.com.co diff --git a/roles/zabbix_server/templates/zabbix_server.conf.j2 b/roles/zabbix_server/templates/zabbix_server.conf.j2 new file mode 100644 index 0000000..60de3de --- /dev/null +++ b/roles/zabbix_server/templates/zabbix_server.conf.j2 @@ -0,0 +1,26 @@ +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Archivo de configuracion del servidor Zabbix +# {{ ansible_managed }} +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +LogFile=/var/log/zabbix/zabbix_server.log +LogFileSize=0 +PidFile=/run/zabbix/zabbix_server.pid +SocketDir=/run/zabbix +DBName=zabbix +DBUser=zabbix +DBPassword={{ zabbix_psql_pass }} +StartTrappers=5 +SNMPTrapperFile=/var/log/snmptrap/snmptrap.log +{# 2024-01-17 Se aumentan estos valores, que estaban en su configuración default #} +CacheSize=2G +HistoryIndexCacheSize=512M +ValueCacheSize=400M +{# -JEG /2024-01-17 #} +Timeout=4 +AlertScriptsPath=/usr/lib/zabbix/alertscripts +ExternalScripts=/usr/lib/zabbix/externalscripts +FpingLocation=/usr/bin/fping +Fping6Location=/usr/bin/fping6 +LogSlowQueries=3000 +StatsAllowedIP=127.0.0.1 diff --git a/roles/zabbix_server/vars/noble.yml b/roles/zabbix_server/vars/noble.yml new file mode 100644 index 0000000..8d46c00 --- /dev/null +++ b/roles/zabbix_server/vars/noble.yml @@ -0,0 +1,17 @@ +--- + +paquetes_zabbix_server: + - zabbix-server-pgsql + - zabbix-frontend-php + - php8.3-pgsql + - zabbix-nginx-conf + - zabbix-sql-scripts + - zabbix-agent2 + - postgresql + - postgresql-contrib + +zabbix_repo822: + arch: {{ 'amd64' if ansible_machine != 'aarch64' else 'arm64'}} + dist: 'noble' + uri: 'http://repo.zabbix.com/zabbix/7.0/ubuntu' +