From 9b508f22b7f10c73f389084a302496e627bcec6a Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 19 Mar 2017 23:34:36 +0100
Subject: [PATCH] Add zabbix-server role

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 group_vars/all/zabbix_server.yml              |  7 +++
 roles/zabbix-server/defaults/main.yml         |  8 +++
 roles/zabbix-server/handlers/main.yml         |  7 +++
 roles/zabbix-server/tasks/main.yml            | 63 +++++++++++++++++++
 roles/zabbix-server/templates/nginx.d.conf.j2 | 48 ++++++++++++++
 roles/zabbix-server/templates/pgpass.j2       |  2 +
 roles/zabbix-server/templates/php-fpm.conf.j2 | 24 +++++++
 .../templates/zabbix.conf.php.j2              | 19 ++++++
 .../templates/zabbix_server.conf              |  6 ++
 9 files changed, 184 insertions(+)
 create mode 100644 group_vars/all/zabbix_server.yml
 create mode 100644 roles/zabbix-server/defaults/main.yml
 create mode 100644 roles/zabbix-server/handlers/main.yml
 create mode 100644 roles/zabbix-server/tasks/main.yml
 create mode 100644 roles/zabbix-server/templates/nginx.d.conf.j2
 create mode 100644 roles/zabbix-server/templates/pgpass.j2
 create mode 100644 roles/zabbix-server/templates/php-fpm.conf.j2
 create mode 100644 roles/zabbix-server/templates/zabbix.conf.php.j2
 create mode 100644 roles/zabbix-server/templates/zabbix_server.conf

diff --git a/group_vars/all/zabbix_server.yml b/group_vars/all/zabbix_server.yml
new file mode 100644
index 000000000..59ae204bd
--- /dev/null
+++ b/group_vars/all/zabbix_server.yml
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64323962376133366330393062343963646263323339663438323733613864323437343135346261
+3332613736373461356164323134623032353334383935620a356130383264316166613236356331
+39646334393066613937633137626639643764303835653231623861616332343035306465326335
+3330653462653865320a316136613333386238396431633363636366366565386539323930323337
+33356332313939313863386362373632386234333739633336343130373138613963616631343362
+6563636533303935333465393031366366646262383265613162
diff --git a/roles/zabbix-server/defaults/main.yml b/roles/zabbix-server/defaults/main.yml
new file mode 100644
index 000000000..ae54ecba2
--- /dev/null
+++ b/roles/zabbix-server/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+zabbix_db_name: zabbix-server
+zabbix_db_user: zabbix-server
+zabbix_domain: zabbix.archlinux.org
+zabbix_web_dir: /usr/share/webapps/zabbix
+zabbix_pgpass: /var/lib/zabbix-server/.pgpass
+
diff --git a/roles/zabbix-server/handlers/main.yml b/roles/zabbix-server/handlers/main.yml
new file mode 100644
index 000000000..190a8ab0a
--- /dev/null
+++ b/roles/zabbix-server/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart zabbix server
+  service: name=zabbix-server-pgsql state=restarted
+
+- name: restart php-fpm@zabbix-web
+  service: name=php-fpm@zabbix-web state=restarted
diff --git a/roles/zabbix-server/tasks/main.yml b/roles/zabbix-server/tasks/main.yml
new file mode 100644
index 000000000..7260828f5
--- /dev/null
+++ b/roles/zabbix-server/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+
+- name: install packages
+  pacman: name=zabbix-server,zabbix-frontend-php
+
+- file: path=/etc/zabbix state=directory owner=root group=root mode=755
+
+- name: install server config
+  template: src=zabbix_server.conf dest=/etc/zabbix/zabbix_server.conf owner=zabbix-server group=zabbix-server mode=600
+  notify:
+    - restart zabbix server
+
+- name: install nginx config
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/zabbix.conf owner=root group=root mode=644
+  notify:
+    - reload nginx
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ zabbix_domain }} state=directory owner=root group=root mode=0755
+
+- name: create zabbix db user
+  postgresql_user: name={{ zabbix_db_user }} password={{ zabbix_db_password }}
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: create zabbix db
+  postgresql_db: db="{{zabbix_db_name}}" owner={{zabbix_db_user}}
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: create zabbix .pgpass
+  template: src=pgpass.j2 dest="{{zabbix_pgpass}}" owner=zabbix-server group=zabbix-server mode=600
+  no_log: true
+
+- name: install database schema
+  shell: psql -U "{{zabbix_db_user}}" "{{zabbix_db_name}}" < "/usr/share/zabbix-server/postgresql/{{item}}"
+  become_user: zabbix-server
+  become: yes
+  with_items:
+    - schema.sql
+    - images.sql
+    - data.sql
+
+- name: make zabbix web user
+  user: name=zabbix-web shell=/bin/false home="{{ zabbix_web_dir }}" createhome=no
+
+- name: configure php-fpm
+  template:
+    src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/zabbix-web.conf"
+    owner=root group=root mode=0644
+  notify:
+    - restart php-fpm@zabbix-web
+
+- name: install zabbix web config
+  template: src=zabbix.conf.php.j2 dest=/usr/share/webapps/zabbix/conf/zabbix.conf.php owner=zabbix-web group=zabbix-web mode=600
+
+- name: run zabbix server service
+  service: name=zabbix-server-pgsql enabled=yes state=started
+
+- name: start and enable systemd socket
+  service: name=php-fpm@zabbix-web.socket state=running enabled=true
diff --git a/roles/zabbix-server/templates/nginx.d.conf.j2 b/roles/zabbix-server/templates/nginx.d.conf.j2
new file mode 100644
index 000000000..6975bc54c
--- /dev/null
+++ b/roles/zabbix-server/templates/nginx.d.conf.j2
@@ -0,0 +1,48 @@
+upstream zabbix {
+    server unix:///run/php-fpm/zabbix-web.socket;
+}
+
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ zabbix_domain }};
+
+    access_log   /var/log/nginx/{{ zabbix_domain }}/access.log;
+    error_log    /var/log/nginx/{{ zabbix_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ zabbix_domain }};
+
+    access_log   /var/log/nginx/{{ zabbix_domain }}/access.log;
+    error_log    /var/log/nginx/{{ zabbix_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ zabbix_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ zabbix_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ zabbix_domain }}/chain.pem;
+
+    root {{zabbix_web_dir}};
+
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        fastcgi_pass zabbix;
+    }
+
+}
diff --git a/roles/zabbix-server/templates/pgpass.j2 b/roles/zabbix-server/templates/pgpass.j2
new file mode 100644
index 000000000..63ecaa069
--- /dev/null
+++ b/roles/zabbix-server/templates/pgpass.j2
@@ -0,0 +1,2 @@
+# hostname:port:database:username:password
+localhost:*:{{zabbix_db_name}}:{{zabbix_db_user}}:{{zabbix_db_password}}
diff --git a/roles/zabbix-server/templates/php-fpm.conf.j2 b/roles/zabbix-server/templates/php-fpm.conf.j2
new file mode 100644
index 000000000..87d9b1273
--- /dev/null
+++ b/roles/zabbix-server/templates/php-fpm.conf.j2
@@ -0,0 +1,24 @@
+[global]
+error_log = syslog
+daemonize = no
+
+[zabbix-web]
+listen = /run/php-fpm/zabbix-web.socket
+listen.owner = zabbix-web
+listen.group = http
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2000
+
+php_admin_value[open_basedir] = {{zabbix_web_dir}}:/tmp
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 200
+php_admin_value[opcache.revalidate_freq] = 60
+php_admin_value[opcache.fast_shutdown] = 1
+php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen
diff --git a/roles/zabbix-server/templates/zabbix.conf.php.j2 b/roles/zabbix-server/templates/zabbix.conf.php.j2
new file mode 100644
index 000000000..b83663ca3
--- /dev/null
+++ b/roles/zabbix-server/templates/zabbix.conf.php.j2
@@ -0,0 +1,19 @@
+<?php
+// Zabbix GUI configuration file.
+global $DB;
+
+$DB['TYPE']     = 'POSTGRESQL';
+$DB['SERVER']   = 'localhost';
+$DB['PORT']     = '0';
+$DB['DATABASE'] = '{{zabbix_db_name}}';
+$DB['USER']     = '{{zabbix_db_user}}';
+$DB['PASSWORD'] = '{{zabbix_db_password}}';
+
+// Schema name. Used for IBM DB2 and PostgreSQL.
+$DB['SCHEMA'] = '';
+
+$ZBX_SERVER      = '{{zabbix_domain}}';
+$ZBX_SERVER_PORT = '10051';
+$ZBX_SERVER_NAME = 'Arch Linux Zabbix';
+
+$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
diff --git a/roles/zabbix-server/templates/zabbix_server.conf b/roles/zabbix-server/templates/zabbix_server.conf
new file mode 100644
index 000000000..8996770db
--- /dev/null
+++ b/roles/zabbix-server/templates/zabbix_server.conf
@@ -0,0 +1,6 @@
+LogType=system
+DBName={{zabbix_db_name}}
+DBUser={{zabbix_db_user}}
+DBPassword={{zabbix_db_password}}
+Timeout=4
+LogSlowQueries=3000
-- 
GitLab