Skip to content

Commit

Permalink
Quality of life improvements for zabbix server role (#1230)
Browse files Browse the repository at this point in the history 
* Don't set empty defaults

Empty defaults just create problems with common ansible
conventions, and is generally not a good practice.

* pgsql: Split out permissions

Coming up in community.postgresql 4.0.0 using priv with the
postgresql_user be removed, and we are encouraged already now to
start using the postgresql_privs module.

This should also take care of some outstanding issues with
installing on postgres-15 (#928)

* mysql: quality of life improvements

Much like the postgres user has carte blanche access to postgresql
database, the root user has to mysql databases over the mysql.sock.
We can use become when zabbix_server_dbhost_run_install: true in a
similar fashion.

Provide the default port for database servers. This could have
been an if-statement, I just don't like the "looseness" of the else
part. So I opted for a lookup-table.

* molecule: remove legacy options for tests

There's no testing against python2 anymore, nor zabbix-5.0. So lets
lighten the load by removing this baggage.
  • Loading branch information
@eb4x
eb4x authored May 18, 2024
1 parent 9f1c123 commit ef06198
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 19 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/server.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ jobs:
- v64
- v62
- v60
include:
- interpreter: python3
exclude:
- container: debian12
version: v62
Expand Down Expand Up @@ -86,6 +84,5 @@ jobs:
MY_MOLECULE_IMAGE=${{ matrix.container }}
MY_MOLECULE_VERSION=${{ matrix.version }}
MY_MOLECULE_DATABASE=${{ matrix.database }}
MY_MOLECULE_INTERPRETER=${{ matrix.interpreter }}
MY_MOLECULE_DOCKER_COMMAND=${{ matrix.command }}
molecule test -s ${{ matrix.collection_role }}
9 changes: 1 addition & 8 deletions molecule/zabbix_server/molecule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ platforms:
groups:
- ${MY_MOLECULE_DATABASE:-mysql}
- ${MY_MOLECULE_VERSION:-v64}
- ${MY_MOLECULE_INTERPRETER:-python3}

provisioner:
name: ansible
Expand All @@ -23,23 +22,18 @@ provisioner:
ANSIBLE_ROLES_PATH: $HOME/.ansible/collections/ansible_collections/community/zabbix/roles
inventory:
group_vars:
python3:
all:
ansible_python_interpreter: /usr/bin/python3
python:
ansible_python_interpreter: /usr/bin/python
v64:
zabbix_server_version: 6.4
v62:
zabbix_server_version: 6.2
v60:
zabbix_server_version: 6.0
v50:
zabbix_server_version: 5.0
mysql:
zabbix_server_dbname: zabbix
zabbix_server_dbuser: zabbix-dbuser
zabbix_server_database: mysql
zabbix_server_dbport: 3306
zabbix_server_dbhost: "{{ inventory_hostname }}-db"
zabbix_server_dbhost_run_install: false
zabbix_server_privileged_host: "%"
Expand All @@ -49,7 +43,6 @@ provisioner:
zabbix_server_mysql_login_port: 3306
pgsql:
zabbix_server_database: pgsql
zabbix_server_dbport: 5432
zabbix_server_dbhost: "{{ inventory_hostname }}-db"
zabbix_server_dbhost_run_install: false
zabbix_server_pgsql_login_host: "{{ inventory_hostname }}-db"
Expand Down
11 changes: 7 additions & 4 deletions roles/zabbix_server/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,21 @@ zabbix_server_manage_service: true
# Database
zabbix_server_database_sqlload: true
zabbix_server_database_timescaledb: false
zabbix_server_real_dbhost:
#zabbix_server_real_dbhost:
zabbix_server_dbhost: localhost
zabbix_server_dbname: zabbix-server
zabbix_server_privileged_host: localhost
zabbix_server_dbencoding: utf8
zabbix_server_dbcollation: utf8_bin
zabbix_server_dbschema:
#zabbix_server_dbschema:
zabbix_server_dbuser: zabbix-server
zabbix_server_dbpassword: zabbix-server
zabbix_server_dbpassword_hash_method: md5
zabbix_server_dbsocket:
zabbix_server_dbport: 5432
#zabbix_server_dbsocket:
_zabbix_server_database_default_port:
mysql: 3306
pgsql: 5432
zabbix_server_dbport: "{{ _zabbix_server_database_default_port[zabbix_server_database] }}"
zabbix_server_dbhost_run_install: true
zabbix_server_database: pgsql
zabbix_server_database_creation: true
Expand Down
1 change: 1 addition & 0 deletions roles/zabbix_server/tasks/initialize-mysql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

- name: "MySQL Database prep"
when: zabbix_server_database_creation
become: "{{ zabbix_server_dbhost_run_install }}"
delegate_to: "{{ zabbix_server_real_dbhost | default(zabbix_server_dbhost_run_install | ternary(delegated_dbhost, inventory_hostname)) }}"
vars:
delegated_dbhost: "{{ (zabbix_server_dbhost == 'localhost') | ternary(inventory_hostname, zabbix_server_dbhost) }}"
Expand Down
16 changes: 12 additions & 4 deletions roles/zabbix_server/tasks/initialize-pgsql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbname }}"
state: present

- name: "PostgreSQL | Create database user"
community.postgresql.postgresql_user:
Expand All @@ -43,10 +42,19 @@
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
name: "{{ zabbix_server_dbuser }}"
password: "{{ ('md5' + (zabbix_server_dbpassword + zabbix_server_dbuser)|hash('md5')) if zabbix_server_dbpassword_hash_method == 'md5' else zabbix_server_dbpassword }}"

- name: "PostgreSQL | Set database/user permissions"
community.postgresql.postgresql_privs:
login_user: "{{ zabbix_server_pgsql_login_user | default(omit) }}"
login_password: "{{ zabbix_server_pgsql_login_password | default(omit) }}"
login_host: "{{ zabbix_server_pgsql_login_host | default(omit) }}"
port: "{{ zabbix_server_dbport }}"
login_unix_socket: "{{ zabbix_server_pgsql_login_unix_socket | default(omit) }}"
db: "{{ zabbix_server_dbname }}"
priv: ALL
state: present
encrypted: true
privs: ALL
type: schema
objs: public
role: "{{ zabbix_server_dbuser }}"

- name: "PostgreSQL | Create timescaledb extension"
when: zabbix_server_database_timescaledb
Expand Down

0 comments on commit ef06198

Please sign in to comment.