Disroot-Ansible/zabbix
10
0
Fork 0
Code Pull requests Packages Projects Releases Activity

Compare commits

merge into: Disroot-Ansible:v6_update
Branches Tags
Disroot-Ansible:main
Disroot-Ansible:518
Disroot-Ansible:v6_update
Disroot-Ansible:userparameter
...
pull from: Disroot-Ansible:main
Branches Tags
Disroot-Ansible:main
Disroot-Ansible:518
Disroot-Ansible:v6_update
Disroot-Ansible:userparameter

25 commits
v6_update ... main

Author SHA1 Message Date
meaz 8ef000647a Merge pull request 'Fix #719 by restarting services' (#9) from 719 into main 
Reviewed-on: #9
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
 2023-12-19 14:48:45 +00:00
meaz 3098f4cbea
Fix #719 by restarting services 2023-12-16 18:35:09 +01:00
muppeth 29a0c887a3 Merge pull request 'Added SiteCheck user parameters' (#8) from sitecheckfix into main 
Reviewed-on: #8
 2023-12-13 20:16:42 +00:00
muppeth a1c0b1448c
added sitecheck 2023-12-03 00:12:56 +01:00
muppeth 00a2a3935f Merge pull request 'Issue 679 - Added ldap checks parameters' (#7) from 679 into main 
Reviewed-on: #7
 2023-11-28 20:19:26 +00:00
muppeth 5fc3bf9909
added ldap checks 2023-11-22 00:45:37 +01:00
meaz eb5003d6b2 Merge pull request 'update dovecot userparameter' (#6) from dovecot into main 
Reviewed-on: #6
 2023-11-17 12:33:30 +00:00
meaz bd39882074 Merge branch 'main' into dovecot 2023-11-17 12:33:20 +00:00
muppeth 6c9c795c70 Merge pull request '518 - Merge postgres and mariadb checks' (#5) from 518 into main 
Reviewed-on: #5
 2023-11-16 20:50:08 +00:00
meaz 5213557bc9
update dovecot userparameter 2023-10-27 15:16:15 +02:00
muppeth cf9371d64a
update from main 2023-10-27 11:59:51 +02:00
muppeth 4a44b2898d
update from main 2023-10-27 11:56:57 +02:00
muppeth 0e5982e398
merge from main 2023-10-27 11:51:50 +02:00
muppeth 30754c0ea7 added custom file tasks 2023-10-27 11:42:05 +02:00
muppeth 013f6a2ae5 added mariadb and postgres user parameters 2023-10-27 11:42:03 +02:00
muppeth 4956208d5e updated role to zabbix 6.4 2023-10-27 11:39:56 +02:00
meaz b87223477f Merge pull request 'Mumble and jitsi checks change' (#4) from mumble_checks into main 
Reviewed-on: #4
 2023-10-07 07:47:19 +00:00
muppeth 55f3728759
changes to mumble and jitsi user parameters 2023-10-02 15:15:58 +02:00
meaz 71035ef836 Merge pull request 'stupid ; forgotten' (#3) from fix_config into main 
Reviewed-on: #3
 2023-09-02 05:59:39 +00:00
meaz 98c1db36e3
force restart of agent 2023-08-19 12:21:56 +02:00
meaz b50d383062
stupid ; forgotten 2023-08-19 12:21:04 +02:00
meaz 10dcfe9818 v6 update (#1) 
It updates vagrant, zabbix to v6, the different templates, etc.

Tested on vagrant and proxmox machine.

Co-authored-by: meaz <meaz@disroot.org>
Reviewed-on: #1
 2023-08-07 06:13:22 +00:00
muppeth b08b54699e
added custom file tasks 2023-05-12 21:58:11 +02:00
muppeth a25e493f87
added mariadb and postgres user parameters 2023-05-12 01:23:55 +02:00
muppeth 14d4b870e3
updated role to zabbix 6.4 2023-05-09 00:13:59 +02:00
42 changed files with 1737 additions and 320 deletions
Show stats Expand all files Collapse all files

2
Playbooks/zabbix.yml
View file

@ -3,8 +3,6 @@
- hosts: zabbix
roles:
- mariadb
# - nginx
#- php-fpm
- zabbix
vars_files:

21
README.MD
View file

@ -5,14 +5,24 @@ This role deploys, configures and updates Zabbix. You can deploy test instance u
`vagrant up`
`ansible-playbook -b Playbooks/zabbix.yml`
Then you can access Zabbix from your computer on http://192.168.33.27
Then you can access Zabbix from your computer on http://192.168.33.27:8080
The default login credentials for Zabbix are:
Username: Admin
Password: zabbix
* Username: Admin
* Password: zabbix
⚠️ If mariadb is deployed on a different server than zabbix, then you have to do `mysql> set global log_bin_trust_function_creators = 1;` on your mariadb server, then deploy this role, and set it back to `mysql> set global log_bin_trust_function_creators = 0;`
## Zabbix-agent
* zabbix-agent service needs to be deployed to the container you want to monitor (set `zabbix_agent: 'true'` when you run the role) in order to be catched by zabbix-server.
* This role allows you to add your own scripts. See `#Zabbix Scripts` section in `defaults/main.yml`.
## TODO
- obviously better Readme file
- Find better way that zabbix_installed: 'false' and zabbix_proxy_installed: 'false'
- Find better way than zabbix_proxy_installed: 'false' (01.08.23: it not needed anymore, but needs more tests)
- When a script needs for example psql for lufi script, then it won't work if the needed package (example postgresql-client) is not installed on the container that zabbix-agent runs on. We could add a task in `install_agent` that installs dependencies and have `zabbix_script_deps` var.
- It would be nice to have `userparameter_container.conf.j2` more vanilla as most of them won't work without the disroot scripts repo.
## CHANGELOG
@ -20,3 +30,4 @@ Password: zabbix
- Create readme file
- Create Playbook
- Create Vagrantfile
- **01.08.23** - Fix role issues and update to v6.0

2
Vagrantfile vendored
View file

@ -8,7 +8,7 @@
Vagrant.configure("2") do |config|
#config.ssh.insert_key = false
config.vm.define "zabbix" do |zabbix|
zabbix.vm.box = "generic/debian10"
zabbix.vm.box = "generic/debian11"
zabbix.vm.provider :libvirt do |libvirt|
libvirt.memory = 256
end

122
defaults/main.yml
View file

@ -1,37 +1,44 @@
---
#zabbix_installed: 'false'
zabbix_proxy_installed: 'true'
zabbix_proxy_installed: 'false' # set to false the first time you deploy proxy, then to true once it is deployed. NOT NEEDED ANYMORE?
#main
zabbix_version: '5.0'
zabbix_agent: 'true'
zabbix_server: 'true'
zabbix_proxy: 'false'
zabbix_version: '6.0'
zabbix_agent: 'true' # set to true if you want to deploy it.
zabbix_server: 'true' # set to true if you want to deploy it.
zabbix_proxy: 'false' # set to true if you want to deploy it.
#Zabbix Server
zabbix_server_pkg:
- zabbix-server-mysql
- zabbix-frontend-php
- zabbix-nginx-conf
- zabbix-sql-scripts
- gzip
- python3-pymysql
zabbix_server_hostname: 'localhost'
zabbix_server_name: 'Monitoring Monitoring'
zabbix_server_name: 'Monitoring'
zabbix_server_listen_port: '10051'
zabbix_server_log_path: '/var/log/zabbix/zabbix_server.log'
zabbix_server_log_size: '1' #in MB
zabbix_debug_level: '3'
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
zabbix_server_db_host: 'localhost'
zabbix_server_db_plugin: 'mysql'
zabbix_server_db_port: '0'
zabbix_server_db_name: 'zabbix'
zabbix_server_db_user: 'zabbixadmin'
zabbix_server_db_passwd: 'changeme'
zabbix_server_pollers: '5' # Number of pre-forked instances of pollers.
zabbix_server_pollers: '5' # Number of pre-forked instances of pollers.
zabbix_server_ipmi_pollers: '0'
zabbix_server_timeout: '4'
zabbix_server_alert_scripts: '/usr/lib/zabbix/alertscripts/usr/lib/zabbix/alertscripts'
zabbix_server_alert_scripts: '/usr/lib/zabbix/alertscripts'
zabbix_server_external_scripts: '/usr/lib/zabbix/externalscripts'
zabbix_server_fping: '/usr/bin/fping'
zabbix_server_fping6: '/usr/bin/fping6'
@ -39,8 +46,8 @@ zabbix_server_queries_slow: '3000'
zabbix_cachesize: '8M'
#Zabbix Client
zabbix_agent_params:
- name: "container"
zabbix_web_listen: '8080'
zabbix_web_servername: 'example.com'
zabbix_agent_pid: '/var/run/zabbix/zabbix_agentd.pid'
zabbix_agent_logfile: '/var/log/zabbix/zabbix_agentd.log'
@ -53,15 +60,19 @@ zabbix_agent_pkg:
- gzip
- zabbix-get
- zabbix-sender
zabbix_client_pkg:
- zabbix-agent
- gzip
#Zabbix Scripts
zabbix_agent_params: # this deploys userparameters
- name: "container" # this one is useful for LXC containers
zabbix_scripts_deploy: 'false'
zabbix_scripts_repo: 'https://git.disroot.org/Disroot/zabbix-scripts.git'
zabbix_scripts_repo: '' # add your script repo address here
zabbix_scripts_dir: '/usr/local/bin/zabbix-scripts'
zabbix_scripts_version: 'master'
zabbix_scripts_version: 'main'
#zabbix_scripts_config_items: # Uncomment those if you want to add more config items from your scripts
# - key: ''
# value: ''
#Zabbix Proxy
zabbix_proxy_pkg:
- zabbix-proxy-mysql
@ -78,71 +89,30 @@ zabbix_proxy_debug_level: '3'
zabbix_proxy_db_host: 'localhost'
zabbix_proxy_db_name: 'zabbix_proxy'
zabbix_proxy_db_user: 'zabbixproxyadmin'
zabbix_proxy_db_passwd: 'dupa123'
zabbix_proxy_db_passwd: 'changeme'
zabbix_proxy_local_buffer: '0'
zabbix_proxy_offline_buffer: '1'
zabbix_proxy_heartbeat_freq: '60'
zabbix_proxy_config_freq: '3600'
zabbix_proxy_data_sernder_freq: '1'
zabbix_proxy_start_pollers: '5'
zabbix_proxy_ipmi_pollers: '0'
#PHP Vars
php_version: '8.0'
php_etc_path: '/etc/php'
install_php: 'true'
pool_listen: '/var/run/php/php{{ php_version }}-fpm.sock'
# PHP
zabbix_pm: 'dynamic'
zabbix_pm_max_children: '50'
zabbix_pm_start_servers: '5'
zabbix_pm_min_spare_servers: '5'
zabbix_pm_max_spare_servers: '35'
zabbix_pm_max_requests: '200'
php_pkgs:
- php{{ php_version }}-fpm
- php{{ php_version }}-bz2
- php{{ php_version }}-cgi
- php{{ php_version }}-cli
- php{{ php_version }}-common
- php{{ php_version }}-curl
- php{{ php_version }}-dev
- php{{ php_version }}-enchant
- php{{ php_version }}-gd
- php{{ php_version }}-gmp
- php{{ php_version }}-igbinary
- php{{ php_version }}-interbase
- php{{ php_version }}-intl
- php{{ php_version }}-mbstring # frontend
- php{{ php_version }}-msgpack
- php{{ php_version }}-pspell
- php{{ php_version }}-readline
- php{{ php_version }}-zip
- php{{ php_version }}-gd # frontend
- php{{ php_version }}-bcmath # frontend
- php{{ php_version }}-xml # frontend
- php{{ php_version }}-ldap # frontend
#nginx
nginx_default_vhost: 'zabbix'
nginx_default_vhost_ssl: 'zabbix'
#nginx_www_dir: '/var/www/'
nginx_vhosts:
- name: 'zabbix'
template: 'zabbix'
proto: 'http'
listen: '80'
root: '/usr/share/zabbix'
use_access_log: 'true'
use_error_log: 'true'
nginx_error_log_level: 'warn'
state: 'enable'
letsencrypt: 'false'
# MARIADB CONFIG
#MariaDB
mariadb_databases:
- name: '{{ zabbix_server_db_name }}'
collation: 'utf8_general_ci' # should it be utf8_bin?
encoding: 'utf8'
collation: 'utf8mb4_bin'
encoding: 'utf8mb4'
- name: '{{ zabbix_proxy_db_name }}'
collation: 'utf8_general_ci'
encoding: 'utf8'
collation: 'utf8mb4_bin'
encoding: 'utf8mb4'
mariadb_users:
- name: '{{ zabbix_server_db_user }}'

13
files/postgresql/pgsql.bgwriter.sql Normal file
View file

@ -0,0 +1,13 @@
SELECT row_to_json(T)
FROM
(SELECT checkpoints_timed,
checkpoints_req,
checkpoint_write_time,
checkpoint_sync_time,
current_setting('block_size')::int*buffers_checkpoint AS buffers_checkpoint,
current_setting('block_size')::int*buffers_clean AS buffers_clean,
maxwritten_clean,
current_setting('block_size')::int*buffers_backend AS buffers_backend,
buffers_backend_fsync,
current_setting('block_size')::int*buffers_alloc AS buffers_alloc
FROM pg_stat_bgwriter) T

2
files/postgresql/pgsql.cache.hit.sql Normal file
View file

@ -0,0 +1,2 @@
SELECT round(sum(blks_hit)*100/sum(blks_hit+blks_read), 2)
FROM pg_stat_database

18
files/postgresql/pgsql.config.hash.sql Normal file
View file

@ -0,0 +1,18 @@
SELECT md5(
json_build_object(
'extensions', (
SELECT array_agg(extname) FROM (
SELECT extname
FROM pg_extension
ORDER BY extname
) AS e
),
'settings', (
SELECT json_object(array_agg(name), array_agg(setting)) FROM (
SELECT name, setting
FROM pg_settings
WHERE name != 'application_name'
ORDER BY name
) AS s
)
)::text);

2
files/postgresql/pgsql.connections.prepared.sql Normal file
View file

@ -0,0 +1,2 @@
SELECT count(*)
FROM pg_prepared_xacts

38
files/postgresql/pgsql.connections.sql Normal file
View file

@ -0,0 +1,38 @@
DO LANGUAGE plpgsql $$
DECLARE
ver integer;
res text;
BEGIN
SELECT current_setting('server_version_num') INTO ver;
IF (ver >= 90600) THEN
SELECT json_object_agg(datname, row_to_json(T)) INTO res from (
SELECT
datname,
sum(CASE WHEN state = 'active' THEN 1 ELSE 0 END) AS active,
sum(CASE WHEN state = 'idle' THEN 1 ELSE 0 END) AS idle,
sum(CASE WHEN state = 'idle in transaction' THEN 1 ELSE 0 END) AS idle_in_transaction,
count(*) AS total,
count(*)*100/(SELECT current_setting('max_connections')::int) AS total_pct,
sum(CASE WHEN wait_event IS NOT NULL THEN 1 ELSE 0 END) AS waiting
FROM pg_stat_activity WHERE datid is not NULL GROUP BY datname ) T;
ELSE
SELECT json_object_agg(datname, row_to_json(T)) INTO res from (
SELECT
datname,
sum(CASE WHEN state = 'active' THEN 1 ELSE 0 END) AS active,
sum(CASE WHEN state = 'idle' THEN 1 ELSE 0 END) AS idle,
sum(CASE WHEN state = 'idle in transaction' THEN 1 ELSE 0 END) AS idle_in_transaction,
count(*) AS total,
count(*)*100/(SELECT current_setting('max_connections')::int) AS total_pct,
sum(CASE WHEN waiting IS TRUE THEN 1 ELSE 0 END) AS waiting
FROM pg_stat_activity GROUP BY datname ) T;
END IF;
perform set_config('zbx_tmp.db_conn_json_res', res, false);
END $$;
SELECT current_setting('zbx_tmp.db_conn_json_res');

38
files/postgresql/pgsql.connections.sum.sql Normal file
View file

@ -0,0 +1,38 @@
DO LANGUAGE plpgsql $$
DECLARE
ver integer;
res text;
BEGIN
SELECT current_setting('server_version_num') INTO ver;
IF (ver >= 90600) THEN
SELECT row_to_json(T) INTO res from (
SELECT
sum(CASE WHEN state = 'active' THEN 1 ELSE 0 END) AS active,
sum(CASE WHEN state = 'idle' THEN 1 ELSE 0 END) AS idle,
sum(CASE WHEN state = 'idle in transaction' THEN 1 ELSE 0 END) AS idle_in_transaction,
count(*) AS total,
count(*)*100/(SELECT current_setting('max_connections')::int) AS total_pct,
sum(CASE WHEN wait_event IS NOT NULL AND state != 'idle' THEN 1 ELSE 0 END) AS waiting,
(SELECT count(*) FROM pg_prepared_xacts) AS prepared
FROM pg_stat_activity WHERE datid is not NULL
) T;
ELSE
SELECT row_to_json(T) INTO res from (
SELECT
sum(CASE WHEN state = 'active' THEN 1 ELSE 0 END) AS active,
sum(CASE WHEN state = 'idle' THEN 1 ELSE 0 END) AS idle,
sum(CASE WHEN state = 'idle in transaction' THEN 1 ELSE 0 END) AS idle_in_transaction,
count(*) AS total,
count(*)*100/(SELECT current_setting('max_connections')::int) AS total_pct,
sum(CASE WHEN waiting IS TRUE AND state != 'idle' THEN 1 ELSE 0 END) AS waiting,
(SELECT count(*) FROM pg_prepared_xacts) AS prepared
FROM pg_stat_activity
) T;
END IF;
perform set_config('zbx_tmp.conn_json_res', res, false);
END $$;
select current_setting('zbx_tmp.conn_json_res');

17
files/postgresql/pgsql.dbstat.sql Normal file
View file

@ -0,0 +1,17 @@
SELECT json_object_agg(datname, row_to_json(T)) FROM (
SELECT datname,
numbackends,
xact_commit,
xact_rollback,
blks_read,
blks_hit,
tup_returned,
tup_fetched,
tup_inserted,
tup_updated,
tup_deleted,
conflicts,
temp_files,
temp_bytes,
deadlocks
FROM pg_stat_database where datname is not null) T

16
files/postgresql/pgsql.dbstat.sum.sql Normal file
View file

@ -0,0 +1,16 @@
SELECT row_to_json(T) from (
SELECT sum(numbackends) AS numbackends,
sum(xact_commit) AS xact_commit,
sum(xact_rollback) AS xact_rollback,
sum(blks_read) AS blks_read,
sum(blks_hit) AS blks_hit,
sum(tup_returned) AS tup_returned,
sum(tup_fetched) AS tup_fetched,
sum(tup_inserted) AS tup_inserted,
sum(tup_updated) AS tup_updated,
sum(tup_deleted) AS tup_deleted,
sum(conflicts) AS conflicts,
sum(temp_files) AS temp_files,
sum(temp_bytes) AS temp_bytes,
sum(deadlocks) AS deadlocks
FROM pg_stat_database) T

10
files/postgresql/pgsql.discovery.db.sql Normal file
View file

@ -0,0 +1,10 @@
WITH T AS (
SELECT
datname AS "{#DBNAME}"
FROM pg_database
WHERE
NOT datistemplate
AND datname != 'postgres'
)
SELECT '{"data":'|| regexp_replace(coalesce(json_agg(T), '[]'::json)::text, E'[\\n\\r\\s]+', '', 'g') || '}'
FROM T

13
files/postgresql/pgsql.frozenxid.sql Normal file
View file

@ -0,0 +1,13 @@
SELECT row_to_json(T)
FROM (
SELECT
extract(epoch FROM now())::integer AS ts,
((1 - max(age(d.datfrozenxid))::double precision /
current_setting('autovacuum_freeze_max_age')::bigint) * 100)::numeric(9,6)
AS prc_before_av,
((1 - abs(max(age(d.datfrozenxid))::double precision /
(1::bigint << (min(t.typlen)*8)))) * 100)::numeric(9,6)
AS prc_before_stop
FROM pg_database d CROSS JOIN pg_type t
WHERE t.typname = 'xid'
) T;

46
files/postgresql/pgsql.locks.sql Normal file
View file

@ -0,0 +1,46 @@
WITH T AS
(SELECT db.datname dbname,
lower(replace(Q.mode, 'Lock', '')) AS MODE,
coalesce(T.qty, 0) val
FROM pg_database db
JOIN (
VALUES ('AccessShareLock') ,('RowShareLock') ,('RowExclusiveLock') ,('ShareUpdateExclusiveLock') ,('ShareLock') ,('ShareRowExclusiveLock') ,('ExclusiveLock') ,('AccessExclusiveLock')) Q(MODE) ON TRUE NATURAL
LEFT JOIN
(SELECT datname,
MODE,
count(MODE) qty
FROM pg_locks lc
RIGHT JOIN pg_database db ON db.oid = lc.database
GROUP BY 1, 2) T
WHERE NOT db.datistemplate
ORDER BY 1, 2)
SELECT json_object_agg(dbname, row_to_json(T2))
FROM
(SELECT dbname,
sum(val) AS total,
sum(CASE
WHEN MODE = 'accessexclusive' THEN val
END) AS accessexclusive,
sum(CASE
WHEN MODE = 'accessshare' THEN val
END) AS accessshare,
sum(CASE
WHEN MODE = 'exclusive' THEN val
END) AS EXCLUSIVE,
sum(CASE
WHEN MODE = 'rowexclusive' THEN val
END) AS rowexclusive,
sum(CASE
WHEN MODE = 'rowshare' THEN val
END) AS rowshare,
sum(CASE
WHEN MODE = 'share' THEN val
END) AS SHARE,
sum(CASE
WHEN MODE = 'sharerowexclusive' THEN val
END) AS sharerowexclusive,
sum(CASE
WHEN MODE = 'shareupdateexclusive' THEN val
END) AS shareupdateexclusive
FROM T
GROUP BY dbname) T2

2
files/postgresql/pgsql.ping.time.sql Normal file
View file

@ -0,0 +1,2 @@
\timing
SELECT 1;

31
files/postgresql/pgsql.query.time.sql Normal file
View file

@ -0,0 +1,31 @@
WITH T AS
(SELECT db.datname,
coalesce(T.query_time_max, 0) query_time_max,
coalesce(T.tx_time_max, 0) tx_time_max,
coalesce(T.mro_time_max, 0) mro_time_max,
coalesce(T.query_time_sum, 0) query_time_sum,
coalesce(T.tx_time_sum, 0) tx_time_sum,
coalesce(T.mro_time_sum, 0) mro_time_sum,
coalesce(T.query_slow_count, 0) query_slow_count,
coalesce(T.tx_slow_count, 0) tx_slow_count,
coalesce(T.mro_slow_count, 0) mro_slow_count
FROM pg_database db NATURAL
LEFT JOIN (
SELECT datname,
extract(epoch FROM now())::integer ts,
coalesce(max(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle', 'idle in transaction', 'idle in transaction (aborted)') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) query_time_max,
coalesce(max(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) tx_time_max,
coalesce(max(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle') AND query ~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) mro_time_max,
coalesce(sum(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle', 'idle in transaction', 'idle in transaction (aborted)') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) query_time_sum,
coalesce(sum(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) tx_time_sum,
coalesce(sum(extract('epoch' FROM (clock_timestamp() - query_start))::integer * (state NOT IN ('idle') AND query ~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) mro_time_sum,
coalesce(sum((extract('epoch' FROM (clock_timestamp() - query_start)) > :tmax)::integer * (state NOT IN ('idle', 'idle in transaction', 'idle in transaction (aborted)') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) query_slow_count,
coalesce(sum((extract('epoch' FROM (clock_timestamp() - query_start)) > :tmax)::integer * (state NOT IN ('idle') AND query !~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) tx_slow_count,
coalesce(sum((extract('epoch' FROM (clock_timestamp() - query_start)) > :tmax)::integer * (state NOT IN ('idle') AND query ~* E'^(\\s*(--[^\\n]*\\n|/\\*.*\\*/|\\n))*(autovacuum|VACUUM|ANALYZE|REINDEX|CLUSTER|CREATE|ALTER|TRUNCATE|DROP)')::integer), 0) mro_slow_count
FROM pg_stat_activity
WHERE pid <> pg_backend_pid()
GROUP BY 1) T
WHERE NOT db.datistemplate )
SELECT json_object_agg(datname, row_to_json(T))
FROM T

18
files/postgresql/pgsql.replication.lag.sql Normal file
View file

@ -0,0 +1,18 @@
SELECT
CASE
WHEN NOT pg_is_in_recovery() THEN
'SELECT 0 AS value'
WHEN current_setting('server_version_num')::integer < 100000 THEN
'SELECT '
'CASE WHEN pg_last_xlog_receive_location() = pg_last_xlog_replay_location() '
'THEN 0 '
'ELSE COALESCE(EXTRACT(EPOCH FROM now() - pg_last_xact_replay_timestamp())::integer, 0) '
'END AS value'
WHEN current_setting('server_version_num')::integer >= 100000 THEN
'SELECT '
'CASE WHEN pg_last_wal_receive_lsn() = pg_last_wal_replay_lsn() '
'THEN 0 '
'ELSE COALESCE(EXTRACT(EPOCH FROM now() - pg_last_xact_replay_timestamp())::integer, 0) '
'END AS value'
END
\gexec

1
files/postgresql/pgsql.replication.recovery_role.sql Normal file
View file

@ -0,0 +1 @@
SELECT pg_is_in_recovery()::int

21
files/postgresql/pgsql.replication.status.sql Normal file
View file

@ -0,0 +1,21 @@
DO LANGUAGE plpgsql $$
DECLARE
ver integer;
res text := 2;
BEGIN
SELECT current_setting('server_version_num') INTO ver;
IF (SELECT pg_is_in_recovery()) THEN
IF (ver >= 90600) THEN
SELECT * INTO res from (
SELECT COUNT(*) FROM pg_stat_wal_receiver
) T;
ELSE
res := 'ZBX_NOTSUPPORTED: Requires PostgreSQL version 9.6 or higher';
END IF;
END IF;
perform set_config('zbx_tmp.repl_status_res', res, false);
END $$;
SELECT current_setting('zbx_tmp.repl_status_res');

9
files/postgresql/pgsql.scans.sql Normal file
View file

@ -0,0 +1,9 @@
WITH T AS (
SELECT
sum(CASE WHEN relkind IN ('r', 't', 'm') THEN pg_stat_get_numscans(oid) END) seq,
sum(CASE WHEN relkind = 'i' THEN pg_stat_get_numscans(oid) END) idx
FROM pg_class
WHERE relkind IN ('r', 't', 'm', 'i')
)
SELECT row_to_json(T)
FROM T

30
files/postgresql/pgsql.transactions.sql Normal file
View file

@ -0,0 +1,30 @@
DO LANGUAGE plpgsql $$
DECLARE
ver integer;
res text;
BEGIN
SELECT current_setting('server_version_num') INTO ver;
IF (ver >= 90600) THEN
SELECT row_to_json(T) INTO res from (
SELECT
coalesce(extract(epoch FROM max(CASE WHEN state = 'idle in transaction' THEN age(now(), query_start) END)), 0) AS idle,
coalesce(extract(epoch FROM max(CASE WHEN state <> 'idle in transaction' AND state <> 'idle' THEN age(now(), query_start) END)), 0) AS active,
coalesce(extract(epoch FROM max(CASE WHEN wait_event IS NOT NULL AND state='active' THEN age(now(), query_start) END)), 0) AS waiting,
(SELECT coalesce(extract(epoch FROM max(age(now(), prepared))), 0) FROM pg_prepared_xacts) AS prepared,
max(age(backend_xmin)) AS xmin_age
FROM pg_stat_activity WHERE backend_type='client backend') T;
ELSE
SELECT row_to_json(T) INTO res from (
SELECT
coalesce(extract(epoch FROM max(CASE WHEN state = 'idle in transaction' THEN age(now(), query_start) END)), 0) AS idle,
coalesce(extract(epoch FROM max(CASE WHEN state <> 'idle in transaction' AND state <> 'idle' THEN age(now(), query_start) END)), 0) AS active,
coalesce(extract(epoch FROM max(CASE WHEN waiting IS TRUE THEN age(now(), query_start) END)), 0) AS waiting,
(SELECT coalesce(extract(epoch FROM max(age(now(), prepared))), 0) FROM pg_prepared_xacts) AS prepared
FROM pg_stat_activity) T;
END IF;
perform set_config('zbx_tmp.trans_json_res', res, false);
END $$;
SELECT current_setting('zbx_tmp.trans_json_res');

1
files/postgresql/pgsql.uptime.sql Normal file
View file

@ -0,0 +1 @@
SELECT date_part('epoch', now() - pg_postmaster_start_time())::int

26
files/postgresql/pgsql.wal.stat.sql Normal file
View file

@ -0,0 +1,26 @@
DO LANGUAGE plpgsql $$
DECLARE
ver integer;
res text := '{"write":0,"count":0}';
BEGIN
SELECT current_setting('server_version_num') INTO ver;
IF (SELECT NOT pg_is_in_recovery()) THEN
IF (ver >= 100000) THEN
SELECT row_to_json(T) INTO res FROM (
SELECT pg_wal_lsn_diff(pg_current_wal_lsn(),'0/00000000') AS WRITE,
count(*) FROM pg_ls_waldir() AS COUNT
) T;
ELSE
SELECT row_to_json(T) INTO res FROM (
SELECT pg_xlog_location_diff(pg_current_xlog_location(),'0/00000000') AS WRITE,
count(*) FROM pg_ls_dir('pg_xlog') AS COUNT
) T;
END IF;
END IF;
perform set_config('zbx_tmp.wal_json_res', res, false);
END $$;
select current_setting('zbx_tmp.wal_json_res');

5
handlers/main.yml
View file

@ -14,3 +14,8 @@
systemd:
name: zabbix-proxy
state: restarted
- name: restart nginx
systemd:
name: nginx
state: restarted

32
tasks/configure.yml
View file

@ -2,7 +2,7 @@
- name: '[Configure] - Configure Zabbix Server'
template:
src: 'templates/zabbix_server.conf.j2'
src: 'templates/etc/zabbix/zabbix_server.conf.j2'
dest: '/etc/zabbix/zabbix_server.conf'
owner: 'root'
group: 'root'
@ -10,14 +10,9 @@
when: zabbix_server == 'true'
notify: restart zabbix_server
- name: '[Configure] - Create Zabbix frontend Dir'
file:
path: '/etc/zabbix/web'
state: 'directory'
- name: '[Configure] - Configure Zabbix Proxy'
template:
src: 'templates/zabbix_proxy.conf.j2'
src: 'templates/etc/zabbix/zabbix_proxy.conf.j2'
dest: '/etc/zabbix/zabbix_proxy.conf'
owner: 'root'
group: 'root'
@ -27,17 +22,36 @@
- name: '[Configure] - Configure Zabbix frontend'
template:
src: 'templates/zabbix.conf.php.j2'
src: 'templates/etc/zabbix/web/zabbix.conf.php.j2'
dest: '/etc/zabbix/web/zabbix.conf.php'
owner: 'www-data'
group: 'www-data'
when: zabbix_server == 'true'
notify: restart zabbix_server
- name: '[Configure] - Configure nginx'
template:
src: 'templates/etc/zabbix/nginx.conf.j2'
dest: '/etc/zabbix/nginx.conf'
owner: 'root'
group: 'root'
mode: '0644'
when: zabbix_server == 'true'
notify: restart zabbix_server
- name: '[Configure] - Configure Zabbix php'
template:
src: 'templates/etc/zabbix/php-fpm.conf.j2'
dest: '/etc/zabbix/php-fpm.conf'
owner: 'root'
group: 'root'
mode: '0644'
when: zabbix_server == 'true'
notify: restart zabbix_server
- name: '[Configure] - Configure Zabbix Agent'
template:
src: 'templates/zabbix_agentd.conf.j2'
src: 'templates/etc/zabbix/zabbix_agentd.conf.j2'
dest: '/etc/zabbix/zabbix_agentd.conf'
owner: 'root'
group: 'root'

10
tasks/custom_agent.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: '[POSTGRES] - Copy postgres checks related files'
copy:
src: 'files/postgresql'
dest: '/var/lib/zabbix/'
owner: 'zabbix'
group: 'zabbix'
loop: '{{ zabbix_agent_params }}'
when: zabbix_agent_params is defined and item.name == 'postgres'

16
tasks/install_agent.yml
View file

@ -10,14 +10,9 @@
notify:
- restart zabbix_agent
- name: "[Agent] - Make sure the service is enabled"
systemd:
name: zabbix-agent
enabled: yes
- name: "[Agent] - Deploy Zabbix custom userparameters"
template:
src: 'zabbix_agent.d/userparameter_container.conf.j2'
src: 'templates/etc/zabbix/zabbix_agent.d/userparameter_container.conf.j2'
dest: '/etc/zabbix/zabbix_agentd.d/userparameter_container.conf'
notify:
- restart zabbix_agent
@ -29,6 +24,8 @@
force: 'yes'
version: '{{ zabbix_scripts_version }}'
when: zabbix_scripts_deploy == 'true'
notify:
- restart zabbix_agent
- name: '[Agent] - Ensure config dir path exists'
file:
@ -41,3 +38,10 @@
src: 'zabbix-scripts.cfg.j2'
dest: '/var/local/container-scripts/zabbix-scripts.cfg'
when: zabbix_scripts_deploy == 'true'
notify:
- restart zabbix_agent
- name: "[Agent] - Make sure the service is enabled"
systemd:
name: zabbix-agent
enabled: yes

10
tasks/install_client.yml
View file

@ -1,10 +0,0 @@
---
- name: "[APT] - Install Zabbix from repository"
apt:
name: "{{ zabbix_client_pkg }}"
state: latest
update_cache: yes
install_recommends: no
notify:
- restart zabbix_agent

23
tasks/install_proxy.yml
View file

@ -10,16 +10,17 @@
notify:
- restart zabbix_proxy
- name: "[Agent] - Make sure the service is enabled"
systemd:
name: zabbix-proxy
enabled: yes
- name: '[Proxy] - Remove apache2'
apt:
name: "{{ zabbix_apache }}"
state: absent
- name: "[Proxy] - Check if Zabbix proxy is already installed"
shell:
cmd: "{{ zabbix_server_db_plugin }} -h {{ zabbix_proxy_db_host }} -u {{ zabbix_proxy_db_user }} -p{{ zabbix_proxy_db_passwd }} {{ zabbix_proxy_db_name }} -se 'SELECT * from dbversion;'"
register: zabbixproxy_installed
ignore_errors: true
- name: '[Proxy] - Importing Zabbix Proxy schema. Onetime only shot'
mysql_db:
login_host: "{{ zabbix_proxy_db_host }}"
@ -27,7 +28,15 @@
login_user: '{{ zabbix_proxy_db_user }}'
name: "{{ zabbix_proxy_db_name }}"
state: import
target: /usr/share/doc/zabbix-proxy-mysql/schema.sql.gz
when: zabbix_proxy_installed == 'false'
target: /usr/share/zabbix-sql-scripts/mysql/proxy.sql
when: "'ERROR' in zabbixproxy_installed.stderr"
# ERROR 1146 means the table doesn't exist
# when: zabbix_proxy_installed == 'false' NOT NEEDED ANYMORE?
notify:
- restart zabbix_server
- name: "[Proxy] - Make sure the service is enabled"
systemd:
name: zabbix-proxy
enabled: yes
state: restarted

21
tasks/install_server.yml
View file

@ -2,11 +2,7 @@
- name: '[Server] - Install Zabbix from repository'
apt:
pkg:
- zabbix-server-mysql
- zabbix-frontend-php
- gzip
- python3-pymysql
pkg: "{{ zabbix_server_pkg }}"
state: latest
update_cache: yes
install_recommends: no
@ -14,17 +10,12 @@
notify:
- restart zabbix_server
- name: "[Agent] - Make sure the service is enabled"
systemd:
name: zabbix-server
enabled: yes
- name: '[Server] - Remove apache2'
apt:
name: "{{ zabbix_apache }}"
state: absent
- name: "[Check] - Zabbix is already installed?"
- name: "[Server] - Check if Zabbix is already installed"
shell:
cmd: "{{ zabbix_server_db_plugin }} -h {{ zabbix_server_db_host }} -u {{ zabbix_server_db_user }} -p{{ zabbix_server_db_passwd }} {{ zabbix_server_db_name }} -se 'SELECT instanceid from config;'"
register: zabbix_installed
@ -37,8 +28,14 @@
login_user: '{{ zabbix_server_db_user }}'
name: "{{ zabbix_server_db_name }}"
state: import
target: /usr/share/doc/zabbix-server-mysql/create.sql.gz
target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
when: "'ERROR 1146' in zabbix_installed.stderr"
# ERROR 1146 means the table doesn't exist
notify:
- restart zabbix_server
- restart nginx
- name: "[Server] - Make sure the service is enabled"
systemd:
name: zabbix-server
enabled: yes

7
tasks/main.yml
View file

@ -1,5 +1,8 @@
---
- name: Update
include: update.yml
- name: Manage apt apt_repository
include: apt.yml
@ -11,6 +14,10 @@
include: install_agent.yml
when: zabbix_agent == 'true'
- name: Copy additional custom files for checks
include: custom_agent.yml
when: zabbix_agent == 'true'
- name: install Zabbix Proxy
include: install_proxy.yml
when: zabbix_proxy == 'true'

37
tasks/update.yml Normal file
View file

@ -0,0 +1,37 @@
---
- name: "[Update] - Check installed version"
shell:
cmd: "apt-cache policy zabbix-server-mysql | grep Installed | cut -f 3 -d':' | cut -f1,2 -d'.'"
register: installed_version
- name: "[Update] - Make sure the server is stopped"
systemd:
name: zabbix-server
state: stopped
when: installed_version.stdout != zabbix_version
ignore_errors: true # needed otherwise there is an error on first installation as it doesn't exist
notify: restart zabbix_server
- name: "[Update] - Make sure the agent is stopped"
systemd:
name: zabbix-agent
state: stopped
when: installed_version != zabbix_version
ignore_errors: true # needed otherwise there is an error on first installation as it doesn't exist
notify: restart zabbix_agent
- name: "[Update] - Make sure the proxy is stopped"
systemd:
name: zabbix-proxy
state: stopped
when: installed_version != zabbix_version
ignore_errors: true # needed otherwise there is an error on first installation as it doesn't exist
notify: restart zabbix_proxy
- name: '[Update] - Remove current repository'
file:
path: '/etc/apt/sources.list.d/zabbix.list'
state: 'absent'
when: installed_version != zabbix_version

61
templates/etc/zabbix/nginx.conf.j2 Normal file
View file

@ -0,0 +1,61 @@
server {
listen {{ zabbix_web_listen }};
server_name {{ zabbix_web_servername }};
root /usr/share/zabbix;
index index.php;
location = /favicon.ico {
log_not_found off;
}
location / {
try_files $uri $uri/ =404;
}
location /assets {
access_log off;
expires 10d;
}
location ~ /\.ht {
deny all;
}
location ~ /(api\/|conf[^\.]|include|locale) {
deny all;
return 404;
}
location /vendor {
deny all;
return 404;
}
location ~ [^/]\.php(/|$) {
fastcgi_pass unix:/var/run/php/zabbix.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param DOCUMENT_ROOT /usr/share/zabbix;
fastcgi_param SCRIPT_FILENAME /usr/share/zabbix$fastcgi_script_name;
fastcgi_param PATH_TRANSLATED /usr/share/zabbix$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}

24
templates/etc/zabbix/php-fpm.conf.j2 Normal file
View file

@ -0,0 +1,24 @@
[zabbix]
user = www-data
group = www-data
listen = /var/run/php/zabbix.sock
listen.owner = www-data
listen.allowed_clients = 127.0.0.1
pm = {{ zabbix_pm }}
pm.max_children = {{ zabbix_pm_max_children }}
pm.start_servers = {{ zabbix_pm_start_servers }}
pm.min_spare_servers = {{ zabbix_pm_min_spare_servers }}
pm.max_spare_servers = {{ zabbix_pm_max_spare_servers }}
pm.max_requests = {{ zabbix_pm_max_requests }}
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/sessions/
php_value[max_execution_time] = 300
php_value[memory_limit] = 128M
php_value[post_max_size] = 16M
php_value[upload_max_filesize] = 2M
php_value[max_input_time] = 300
php_value[max_input_vars] = 10000

58
templates/etc/zabbix/web/zabbix.conf.php.j2 Normal file
View file

@ -0,0 +1,58 @@
<?php
// Zabbix GUI configuration file.
$DB['TYPE'] = 'MYSQL';
$DB['SERVER'] = '{{ zabbix_server_db_host }}';
$DB['PORT'] = '{{ zabbix_server_db_port }}';
$DB['DATABASE'] = '{{ zabbix_server_db_name }}';
$DB['USER'] = '{{ zabbix_server_db_user }}';
$DB['PASSWORD'] = '{{ zabbix_server_db_passwd }}';
// Schema name. Used for PostgreSQL.
$DB['SCHEMA'] = '';
// Used for TLS connection.
$DB['ENCRYPTION'] = false;
$DB['KEY_FILE'] = '';
$DB['CERT_FILE'] = '';
$DB['CA_FILE'] = '';
$DB['VERIFY_HOST'] = false;
$DB['CIPHER_LIST'] = '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = '';
$DB['VAULT_DB_PATH'] = '';
$DB['VAULT_TOKEN'] = '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = true;
// Uncomment and set to desired values to override Zabbix hostname/IP and port.
{% if zabbix_server_hostname is defined %}
$ZBX_SERVER = '{{ zabbix_server_hostname }}';
{% endif %}
{% if zabbix_server_listen_port is defined %}
$ZBX_SERVER_PORT = '{{ zabbix_server_listen_port }}';
{% endif %}
$ZBX_SERVER_NAME = '{{ zabbix_server_name }}';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Uncomment this block only if you are using Elasticsearch.
// Elasticsearch url (can be string if same url is used for all types).
//$HISTORY['url'] = [
// 'uint' => 'http://localhost:9200',
// 'text' => 'http://localhost:9200'
//];
// Value types stored in Elasticsearch.
//$HISTORY['types'] = ['uint', 'text'];
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
//$SSO['SP_KEY'] = 'conf/certs/sp.key';
//$SSO['SP_CERT'] = 'conf/certs/sp.crt';
//$SSO['IDP_CERT'] = 'conf/certs/idp.crt';
//$SSO['SETTINGS'] = [];

136
templates/etc/zabbix/zabbix_agent.d/userparameter_container.conf.j2 Normal file
View file

@ -0,0 +1,136 @@
#!/bin/bash
#This is custom user parameters for LXC containers.
{% for item in zabbix_agent_params %}
{% if item.name == 'container' %}
# Container default parameters
UserParameter=ct.ramtotal,free -b |grep Mem | awk '{print $2}'
UserParameter=ct.ramused,free -b |grep Mem | awk '{print $3}'
UserParameter=ct.ramfree,free -b |grep Mem |awk '{print $7}'
UserParameter=ct.ramfree_proc,free | grep Mem | awk '{print $7/$2 * 100.0}' | awk '{printf "%.0f\n", $1}'
UserParameter=ct.ramcache,free -b | grep Mem | awk '{print $7}'
UserParameter=ct.swaptotal,free -b |grep Swap |awk '{print $2}'
UserParameter=ct.swapused,free -b |grep Swap |awk '{print $3}'
UserParameter=ct.swapfree,free -b |grep Swap |awk '{print $4}'
UserParameter=ct.swapfree_proc,free -b |grep Swap | awk '{print ($2 - $3)/$2 * 100.0}' | awk '{printf "%.0f\n", $1}'
UserParameter=ct.uptime,cat /proc/uptime | awk '{print $1}'
UserParameter=ct.processes,ps -AL --no-headers | wc -l
UserParameter=ct.localtime,date +%s
UserParameter=ct.issue,cat /etc/issue
{% endif %}
{% if item.name == 'postfix' %}
# Postfix parameters
UserParameter=postfix.pfmailq,mailq | grep -v "Mail queue is empty" | grep -c '^[0-9A-Z]'
UserParameter=postfix[*],/usr/local/bin/zabbix_scripts/postfix-zabbix-stats.bash $1
{% endif %}
{% if item.name == 'ldap' %}
# LDAP parameters
UserParameter=ldap.user_count,cat /tmp/ldap_stats | grep "active" | awk '{print $2}'
UserParameter=ldap.user_deleted,cat /tmp/ldap_stats | grep "deleted" | awk '{print $2}'
UserParameter=ldap.user_blocked,cat /tmp/ldap_stats | grep "blocked" | awk '{print $2}'
{% endif %}
{% if item.name == 'postgres' %}
{% include "files/userparameter_postgres.conf" ignore missing %}
{% endif %}
{% if item.name == 'nginx' %}
#NGINX userparameters
UserParameter=nginx[*],/usr/local/bin/zabbix_scripts/nginx-check.sh "$1" "$2"
{% endif %}
{% if item.name == 'nextcloud' %}
# Nextcloud
UserParameter=nextcloud[*],cat /tmp/cloudstats | grep "$1" | cut -d "<" -f 2 | cut -d ">" -f 2 | head -n 1
{% endif %}
{% if item.name == 'dovecot' %}
# Dovecot
UserParameter=dovecot[*],cat /tmp/dovecot_stats | grep $1 | cut -d' ' -f2-
UserParameter=dovecot.processes,ps -A |grep imap |wc -l
{% endif %}
{% if item.name == 'lufi' %}
# Lufi
UserParameter=lufi[*],cat /tmp/lufi_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'privatebin' %}
# PrivateBin
UserParameter=privatebin[*],cat /tmp/bin_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'etherpad' %}
# Etherpad
UserParameter=etherpad[*],cat /tmp/pad_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'forgejo' %}
# Forgejo
UserParameter=forgejo[*],cat /tmp/git_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'prosody' %}
# Prosody
UserParameter=prosody[*],cat /tmp/prosody_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'jitsi' %}
# Jitsi
UserParameter=jitsi[*],curl -s http://localhost:8888/stats | jq '$1'
{% endif %}
{% if item.name == 'mumble' %}
# Mumble
UserParameter=mumble[*],cat /tmp/mumble_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'mariadb' %}
# Mariadb
UserParameter=mysql.ping[*], mysqladmin -h"$1" -P"$2" ping
UserParameter=mysql.get_status_variables[*], mysql -h"$1" -P"$2" -sNX -e "show global status"
UserParameter=mysql.version[*], mysqladmin -s -h"$1" -P"$2" version
UserParameter=mysql.db.discovery[*], mysql -h"$1" -P"$2" -sN -e "show databases"
UserParameter=mysql.dbsize[*], mysql -h"$1" -P"$2" -sN -e "SELECT COALESCE(SUM(DATA_LENGTH + INDEX_LENGTH),0) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='$3'"
UserParameter=mysql.replication.discovery[*], mysql -h"$1" -P"$2" -sNX -e "show slave status"
UserParameter=mysql.slave_status[*], mysql -h"$1" -P"$2" -sNX -e "show slave status"
{% endif %}
{% if item.name == 'postgres' %}
# Postgres
UserParameter=pgsql.bgwriter[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.bgwriter.sql"
UserParameter=pgsql.connections.sum[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.connections.sum.sql"
UserParameter=pgsql.connections[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.connections.sql"
UserParameter=pgsql.connections.prepared[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.connections.prepared.sql"
UserParameter=pgsql.dbstat.sum[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.dbstat.sum.sql"
UserParameter=pgsql.dbstat[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.dbstat.sql"
UserParameter=pgsql.transactions[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.transactions.sql"
UserParameter=pgsql.config.hash[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.config.hash.sql"
UserParameter=pgsql.wal.stat[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.wal.stat.sql"
UserParameter=pgsql.locks[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.locks.sql"
UserParameter=pgsql.queries[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -v tmax=$6 -f "/var/lib/zabbix/postgresql/pgsql.query.time.sql"
UserParameter=pgsql.uptime[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.uptime.sql"
UserParameter=pgsql.cache.hit[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.cache.hit.sql"
UserParameter=pgsql.scans[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.scans.sql"
UserParameter=pgsql.frozenxid[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.frozenxid.sql"
UserParameter=pgsql.discovery.db[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.discovery.db.sql"
UserParameter=pgsql.db.size[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -c "SELECT pg_database_size('$6')"
UserParameter=pgsql.ping[*], pg_isready -h "$1" -p "$2"
UserParameter=pgsql.ping.time[*], LANG=C.UTF-8 psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.ping.time.sql"
UserParameter=pgsql.version[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -c "SELECT version();"
UserParameter=pgsql.replication.count[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -c "SELECT count(*) FROM pg_stat_replication"
UserParameter=pgsql.replication.recovery_role[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.replication.recovery_role.sql"
UserParameter=pgsql.replication.lag.sec[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.replication.lag.sql"
UserParameter=pgsql.replication.status[*], psql -qtAX postgresql://"$3":"$4"@"$1":"$2"/"$5" -f "/var/lib/zabbix/postgresql/pgsql.replication.status.sql"
{% endif %}
{% if item.name == 'sitecheck' %}
UserParameter=site.score[*],python3 /usr/local/bin/zabbix-scripts/sitecheck.py $1 $2
{% endif %}
{% endfor %}

204
templates/zabbix_agentd.conf.j2 → templates/etc/zabbix/zabbix_agentd.conf.j2
View file

@ -25,7 +25,7 @@ PidFile={{ zabbix_agent_pid }}
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
@ -63,14 +63,33 @@ DebugLevel={{ zabbix_agent_debug_level }}
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
### Option: AllowKey
# Allow execution of item keys matching pattern.
# Multiple keys matching rules may be defined in combination with DenyKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
#
# Mandatory: no
### Option: DenyKey
# Deny execution of items keys matching pattern.
# Multiple keys matching rules may be defined in combination with AllowKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
# DenyKey=system.run[*]
### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
# Internal alias for AllowKey/DenyKey parameters depending on value:
# 0 - DenyKey=system.run[*]
# 1 - AllowKey=system.run[*]
#
# Mandatory: no
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
@ -84,11 +103,14 @@ DebugLevel={{ zabbix_agent_debug_level }}
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Mandatory: yes, if StartAgents is not explicitly set to 0
# Default:
# Server=
@ -122,12 +144,25 @@ ListenPort={{ zabbix_agent_listen_port }}
##### Active checks related
### Option: ServerActive
# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
# Zabbix server/proxy address or cluster configuration to get active checks from.
# Server/proxy address is IP address or DNS name and optional port separated by colon.
# Cluster configuration is one or more server addresses separated by semicolon.
# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
# More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# Example for Zabbix proxy:
# ServerActive=127.0.0.1:10051
# Example for multiple servers:
# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# Example for high availability:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
# Example for high availability with two clusters and one server:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
#
# Mandatory: no
# Default:
@ -136,8 +171,8 @@ ListenPort={{ zabbix_agent_listen_port }}
ServerActive={{ zabbix_agent_server_address }}
### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
# List of comma delimited unique, case sensitive hostnames.
# Required for active checks and must match hostnames as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
@ -157,11 +192,11 @@ Hostname={{ inventory_hostname }}
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# An agent will issue an error and not start if the value is over limit of 2034 bytes.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Range: 0-2034 bytes
# Default:
# HostMetadata=
@ -169,20 +204,42 @@ Hostname={{ inventory_hostname }}
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# the value returned by specified item is over limit of 65535 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: HostInterface
# Optional parameter that defines host interface.
# Host interface is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostInterfaceItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostInterface=
### Option: HostInterfaceItem
# Optional parameter that defines an item used for getting host interface.
# Host interface is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostInterface is not defined.
#
# Mandatory: no
# Default:
# HostInterfaceItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Range: 1-86400
# Default:
# RefreshActiveChecks=120
# RefreshActiveChecks=5
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
@ -212,6 +269,16 @@ Hostname={{ inventory_hostname }}
# Default:
# MaxLinesPerSecond=20
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of active checks.
# 0 - heartbeat messages disabled.
#
# Mandatory: no
# Range: 0-3600
# Default: 60
# HeartbeatFrequency=
############ ADVANCED PARAMETERS #################
### Option: Alias
@ -292,11 +359,22 @@ Include=/etc/zabbix/zabbix_agentd.d/*.conf
# Default:
# UserParameter=
### Option: UserParameterDir
# Directory to execute UserParameter commands from. Only one entry is allowed.
# When executing UserParameter commands the agent will change the working directory to the one
# specified in the UserParameterDir option.
# This way UserParameter commands can be specified using the relative ./ prefix.
#
# Mandatory: no
# Default:
# UserParameterDir=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_agentd --help".
#
# Mandatory: no
# Default:
@ -304,8 +382,12 @@ Include=/etc/zabbix/zabbix_agentd.d/*.conf
### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
@ -352,14 +434,14 @@ Include=/etc/zabbix/zabbix_agentd.d/*.conf
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
@ -392,3 +474,81 @@ Include=/etc/zabbix/zabbix_agentd.d/*.conf
# Mandatory: no
# Default:
# TLSPSKFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
####### For advanced users - TCP-related fine-tuning parameters #######
## Option: ListenBacklog
# The maximum number of pending connections in the queue. This parameter is passed to
# listen() function as argument 'backlog' (see "man listen").
#
# Mandatory: no
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
# Default: SOMAXCONN (hard-coded constant, depends on system)
# ListenBacklog=

394
templates/zabbix_proxy.conf.j2 → templates/etc/zabbix/zabbix_proxy.conf.j2
View file

@ -13,24 +13,24 @@
ProxyMode={{ zabbix_proxy_mode }}
### Option: Server
# IP address (or hostname) of Zabbix server.
# Active proxy will get configuration data from the server.
# For a proxy in the passive mode this parameter will be ignored.
# If ProxyMode is set to active mode:
# IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to.
# If port is not specified, default port is used.
# Cluster nodes need to be separated by semicolon.
# If ProxyMode is set to passive mode:
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
# Incoming connections will be accepted only from the addresses listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: yes (if ProxyMode is set to 0)
# Mandatory: yes
# Default:
# Server=
Server={{ zabbix_proxy_master_server }}
### Option: ServerPort
# Port of Zabbix trapper on Zabbix server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ServerPort=10051
### Option: Hostname
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
@ -77,7 +77,7 @@ ListenPort={{ zabbix_proxy_listen_port }}
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
@ -108,6 +108,24 @@ LogFileSize={{ zabbix_proxy_file_size }}
# Default:
DebugLevel={{ zabbix_proxy_debug_level }}
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
### Option: PidFile
# Name of PID file.
#
@ -117,10 +135,22 @@ DebugLevel={{ zabbix_proxy_debug_level }}
PidFile=/var/run/zabbix/zabbix_proxy.pid
### Option: SocketDir
# IPC socket directory.
# Directory to store IPC sockets used by internal Zabbix services.
#
# Mandatory: no
# Default:
# SocketDir=/tmp
### NOTE: Support for Oracle DB is deprecated since Zabbix 7.0 and will be removed in future versions.
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
#
# Mandatory: no
# Default:
@ -129,6 +159,9 @@ DBHost={{ zabbix_proxy_db_host }}
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
# empty string.
# Warning: do not attempt to use the same database Zabbix server is using.
#
# Mandatory: yes
@ -136,7 +169,7 @@ DBHost={{ zabbix_proxy_db_host }}
DBName={{ zabbix_proxy_db_name }}
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
# Schema name. Used for PostgreSQL.
#
# Mandatory: no
# Default:
@ -161,14 +194,25 @@ DBPassword={{ zabbix_proxy_db_passwd }}
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
# DBSocket=
# Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
# If the Net Service Name connection method is used to connect to Oracle database, the port number from the
# tnsnames.ora file will be used. The port number set here will be ignored.
#
# Mandatory: no
# Default (for MySQL):
# DBPort=3306
# Default:
# DBPort=
### Option: AllowUnsupportedDBVersions
# Allow proxy to work with unsupported database versions.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowUnsupportedDBVersions=0
######### PROXY SPECIFIC PARAMETERS #############
@ -190,25 +234,49 @@ ProxyLocalBuffer={{ zabbix_proxy_local_buffer }}
# Default:
ProxyOfflineBuffer={{ zabbix_proxy_offline_buffer }}
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of Proxy on server side.
# 0 - heartbeat messages disabled.
# For a proxy in the passive mode this parameter will be ignored.
### Option: ProxyBufferMode
# Specifies history, discovery and auto registration data storage mechanism:
# disk - data are stored in database and uploaded from database
# memory - data are stored in memory and uploaded from memory.
# If buffer runs out of memory the old data will be discarded.
# On shutdown the buffer is discarded.
# hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or
# the oldest record exceeds the configured age. If that happens the buffer is flushed
# to database and it works like in disk mode until all data have been uploaded and
# it starts working with memory again. On shutdown the memory buffer is flushed
# to database.
#
# Mandatory: no
# Range: 0-3600
# Values: disk, memory, hybrid
# Default:
HeartbeatFrequency={{ zabbix_proxy_heartbeat_freq }}
# ProxyBufferMode=disk
### Option: ConfigFrequency
ProxyMemoryBufferSize=16M
### Option: ProxyMemoryBufferAge
# Maximum age of data in proxy memory buffer, in seconds.
# When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer
# to switch to database mode until all records are uploaded to server.
# This parameter must be less or equal to ProxyOfflineBuffer parameter.
#
# Mandatory: no
# Range: 0,600-864000
# Default:
# ProxyMemoryBufferAge=0
### Option: ConfigFrequency - Deprecated, use ProxyConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
# Mandatory: no
### Option: ProxyConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
ConfigFrequency={{ zabbix_proxy_config_freq }}
ProxyConfigFrequency={{ zabbix_proxy_config_freq }}
### Option: DataSenderFrequency
# Proxy will send collected data to the Server every N seconds.
@ -229,14 +297,47 @@ DataSenderFrequency={{ zabbix_proxy_data_sernder_freq }}
# Default:
StartPollers={{ zabbix_proxy_start_pollers }}
### Option: StartAgentPollers
# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartAgentPollers=1
### Option: StartHTTPAgentPollers
# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPAgentPollers=1
### Option: MaxConcurrentChecksPerPoller
# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxConcurrentChecksPerPoller=1000
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
# The IPMI manager process is automatically started when at least one IPMI poller is started.
#
# Mandatory: no
# Range: 0-1000
# Default:
StartIPMIPollers={{ zabbix_proxy_ipmi_pollers }}
### Option: StartPreprocessors
# Number of pre-started instances of preprocessing workers.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartPreprocessors=3
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
@ -265,12 +366,12 @@ StartIPMIPollers={{ zabbix_proxy_ipmi_pollers }}
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
# Number of pre-started instances of discovery workers.
#
# Mandatory: no
# Range: 0-250
# Range: 0-1000
# Default:
# StartDiscoverers=1
# StartDiscoverers=5
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
@ -390,7 +491,7 @@ StartIPMIPollers={{ zabbix_proxy_ipmi_pollers }}
# Shared memory size, for storing hosts and items data.
#
# Mandatory: no
# Range: 128K-8G
# Range: 128K-64G
# Default:
# CacheSize=8M
@ -462,9 +563,18 @@ Timeout=4
# Default:
# UnreachableDelay=15
## Option: StartODBCPollers
# Number of pre-forked ODBC poller instances.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartODBCPollers=1
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
@ -553,6 +663,8 @@ LogSlowQueries=3000
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
@ -561,6 +673,8 @@ LogSlowQueries=3000
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
@ -569,7 +683,7 @@ LogSlowQueries=3000
### Option: SSLCALocation
# Location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
# This parameter is used in web monitoring, HTTP agent items and for communication with Vault.
#
# Mandatory: no
# Default:
@ -580,6 +694,7 @@ LogSlowQueries=3000
### Option: LoadModulePath
# Full path to location of proxy modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_proxy --help".
#
# Mandatory: no
# Default:
@ -587,14 +702,32 @@ LogSlowQueries=3000
### Option: LoadModule
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
### Option: StatsAllowedIP
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
# will be accepted.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Default:
# StatsAllowedIP=
#StatsAllowedIP=127.0.0.1
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
@ -635,14 +768,14 @@ LogSlowQueries=3000
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
@ -675,3 +808,194 @@ LogSlowQueries=3000
# Mandatory: no
# Default:
# TLSPSKFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
### Option: DBTLSConnect
# Setting this option enforces to use TLS connection to database.
# required - connect using TLS
# verify_ca - connect using TLS and verify certificate
# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
# matches its certificate
# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
# "verify_full".
# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
# Default is not to set any option and behavior depends on database configuration
#
# Mandatory: no
# Default:
# DBTLSConnect=
### Option: DBTLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
# Default:
# DBTLSCAFile=
### Option: DBTLSCertFile
# Full pathname of file containing Zabbix proxy certificate for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSCertFile=
### Option: DBTLSKeyFile
# Full pathname of file containing the private key for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSKeyFile=
### Option: DBTLSCipher
# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
# Supported only for MySQL
#
# Mandatory no
# Default:
# DBTLSCipher=
### Option: DBTLSCipher13
# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
# Supported only for MySQL, starting from version 8.0.16
#
# Mandatory no
# Default:
# DBTLSCipher13=
### Option: Vault
# Specifies vault:
# HashiCorp - HashiCorp KV Secrets Engine - Version 2
# CyberArk - CyberArk Central Credential Provider
#
# Mandatory: no
# Default:
# Vault=HashiCorp
### Option: VaultToken
# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
# specified in optional VaultDBPath configuration parameter.
# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
#
# Mandatory: no
# (yes, if Vault is explicitly set to HashiCorp)
# Default:
# VaultToken=
### Option: VaultURL
# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
#
# Mandatory: no
# Default:
# VaultURL=https://127.0.0.1:8200
### Option: VaultDBPath
# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
# Keys used for HashiCorp are 'password' and 'username'.
# Example path:
# secret/zabbix/database
# Keys used for CyberArk are 'Content' and 'UserName'.
# Example query:
# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
# This option can only be used if DBUser and DBPassword are not specified.
#
# Mandatory: no
# Default:
# VaultDBPath=
### Option: VaultTLSCertFile
# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
# If the certificate file contains also the private key, leave the SSL key file field empty. The directory
# containing this file is specified by configuration parameter SSLCertLocation.
#
# Mandatory: no
# Default:
# VaultTLSCertFile=
### Option: VaultTLSKeyFile
# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
# The directory containing this file is specified by configuration parameter SSLKeyLocation.
#
# Mandatory: no
# Default:
# VaultTLSKeyFile=
####### For advanced users - TCP-related fine-tuning parameters #######
## Option: ListenBacklog
# The maximum number of pending connections in the queue. This parameter is passed to
# listen() function as argument 'backlog' (see "man listen").
#
# Mandatory: no
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
# Default: SOMAXCONN (hard-coded constant, depends on system)
# ListenBacklog=

412
templates/zabbix_server.conf.j2 → templates/etc/zabbix/zabbix_server.conf.j2
View file

@ -31,7 +31,7 @@ ListenPort={{ zabbix_server_listen_port }}
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=
@ -71,10 +71,22 @@ DebugLevel={{ zabbix_debug_level }}
PidFile=/var/run/zabbix/zabbix_server.pid
### Option: SocketDir
# IPC socket directory.
# Directory to store IPC sockets used by internal Zabbix services.
#
# Mandatory: no
# Default:
# SocketDir=/tmp
SocketDir=/run/zabbix
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
#
# Mandatory: no
# Default:
@ -82,7 +94,9 @@ DBHost={{ zabbix_server_db_host }}
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
# empty string.
#
# Mandatory: yes
# Default:
@ -91,14 +105,14 @@ DBHost={{ zabbix_server_db_host }}
DBName={{ zabbix_server_db_name }}
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
# Schema name. Used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
# Database user.
#
# Mandatory: no
# Default:
@ -107,7 +121,7 @@ DBName={{ zabbix_server_db_name }}
DBUser={{ zabbix_server_db_user }}
### Option: DBPassword
# Database password. Ignored for SQLite.
# Database password.
# Comment this line if no password is used.
#
# Mandatory: no
@ -119,15 +133,75 @@ DBPassword={{ zabbix_server_db_passwd }}
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
# DBSocket=
### Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
# Database port when not using local socket.
# If the Net Service Name connection method is used to connect to Oracle database, the port number from the
# tnsnames.ora file will be used. The port number set here will be ignored.
#
# Mandatory: no
# Range: 1024-65535
# Default (for MySQL):
# DBPort=3306
# Default:
# DBPort=
### Option: AllowUnsupportedDBVersions
# Allow server to work with unsupported database versions.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowUnsupportedDBVersions=0
### Option: HistoryStorageURL
# History storage HTTP[S] URL.
#
# Mandatory: no
# Default:
# HistoryStorageURL=
### Option: HistoryStorageTypes
# Comma separated list of value types to be sent to the history storage.
#
# Mandatory: no
# Default:
# HistoryStorageTypes=uint,dbl,str,log,text
### Option: HistoryStorageDateIndex
# Enable preprocessing of history values in history storage to store values in different indices based on date.
# 0 - disable
# 1 - enable
#
# Mandatory: no
# Default:
# HistoryStorageDateIndex=0
### Option: ExportDir
# Directory for real time export of events, history and trends in newline delimited JSON format.
# If set, enables real time export.
#
# Mandatory: no
# Default:
# ExportDir=
### Option: ExportFileSize
# Maximum size per export file in bytes.
# Only used for rotation if ExportDir is set.
#
# Mandatory: no
# Range: 1M-1G
# Default:
# ExportFileSize=1G
### Option: ExportType
# List of comma delimited types of real time export - allows to control export entities by their
# type (events, history, trends) individually.
# Valid only if ExportDir is set.
#
# Mandatory: no
# Default:
# ExportType=events,history,trends
############ ADVANCED PARAMETERS ################
@ -141,12 +215,22 @@ StartPollers={{ zabbix_server_pollers }}
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
# The IPMI manager process is automatically started when at least one IPMI poller is started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers={{ zabbix_server_ipmi_pollers }}
### Option: StartPreprocessors
# Number of pre-forked instances of preprocessing workers.
# The preprocessing manager process is automatically started when preprocessor worker is started.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartPreprocessors=3
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
@ -157,6 +241,16 @@ StartPollers={{ zabbix_server_pollers }}
# Default:
# StartPollersUnreachable=1
### Option: StartHistoryPollers
# Number of pre-forked instances of history pollers.
# Only required for calculated and internal checks.
# A database connection is required for each history poller instance.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHistoryPollers=5
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
@ -194,8 +288,9 @@ StartPollers={{ zabbix_server_pollers }}
### Option: StartTimers
# Number of pre-forked instances of timers.
# Timers process time-based trigger functions and maintenance periods.
# Only the first timer process handles the maintenance periods.
# Timers process maintenance periods.
# Only the first timer process handles host maintenance updates. Problem suppression updates are shared
# between all timers.
#
# Mandatory: no
# Range: 1-1000
@ -206,10 +301,19 @@ StartPollers={{ zabbix_server_pollers }}
# Number of pre-forked instances of escalators.
#
# Mandatory: no
# Range: 0-100
# Range: 1-100
# Default:
# StartEscalators=1
### Option: StartAlerters
# Number of pre-forked instances of alerters.
# Alerters send the notifications created by action operations.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartAlerters=3
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
@ -284,6 +388,8 @@ StartPollers={{ zabbix_server_pollers }}
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
@ -298,8 +404,6 @@ StartPollers={{ zabbix_server_pollers }}
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
ListenIP=0.0.0.0
### Option: HousekeepingFrequency
@ -322,7 +426,6 @@ ListenIP=0.0.0.0
# [housekeeperid], [tablename], [field], [value].
# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
# will be deleted per one task in one housekeeping cycle.
# SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
# If set to 0 then no limit is used at all. In this case you must know what you are doing!
#
# Mandatory: no
@ -330,20 +433,12 @@ ListenIP=0.0.0.0
# Default:
# MaxHousekeeperDelete=5000
### Option: SenderFrequency
# How often Zabbix will try to send unsent alerts (in seconds).
#
# Mandatory: no
# Range: 5-3600
# Default:
# SenderFrequency=30
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size for storing host, item and trigger data.
#
# Mandatory: no
# Range: 128K-8G
# Range: 128K-64G
# Default:
CacheSize={{ zabbix_cachesize }}
@ -382,7 +477,7 @@ CacheSize={{ zabbix_cachesize }}
# HistoryIndexCacheSize=4M
### Option: TrendCacheSize
# Size of trend cache, in bytes.
# Size of trend write cache, in bytes.
# Shared memory size for storing trends data.
#
# Mandatory: no
@ -390,6 +485,15 @@ CacheSize={{ zabbix_cachesize }}
# Default:
# TrendCacheSize=4M
### Option: TrendFunctionCacheSize
# Size of trend function cache, in bytes.
# Shared memory size for caching calculated trend function data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# TrendFunctionCacheSize=4M
### Option: ValueCacheSize
# Size of history value cache, in bytes.
# Shared memory size for caching item history data requests.
@ -445,6 +549,7 @@ Timeout={{ zabbix_server_timeout }}
### Option: AlertScriptsPath
# Full path to location of custom alert scripts.
# Default depends on compilation options.
# To see the default path run command "zabbix_server --help".
#
# Mandatory: no
# Default:
@ -455,6 +560,7 @@ AlertScriptsPath={{ zabbix_server_alert_scripts }}
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
# To see the default path run command "zabbix_server --help".
#
# Mandatory: no
# Default:
@ -535,6 +641,14 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
# Default:
# ProxyDataFrequency=1
### Option: StartLLDProcessors
# Number of pre-forked instances of low level discovery processors.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartLLDProcessors=2
### Option: AllowRoot
# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
# will try to switch to the user specified by the User configuration option instead.
@ -569,6 +683,8 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_server --help".
#
# Mandatory: no
# Default:
@ -577,6 +693,8 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
# Default depends on compilation options.
# To see the default path run command "zabbix_server --help".
#
# Mandatory: no
# Default:
@ -591,11 +709,25 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
# Default:
# SSLCALocation=
### Option: StatsAllowedIP
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
# will be accepted.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Default:
# StatsAllowedIP=127.0.0.1
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of server modules.
# Default depends on compilation options.
# To see the default path run command "zabbix_server --help".
#
# Mandatory: no
# Default:
@ -603,8 +735,12 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
### Option: LoadModule
# Module to load at server startup. Modules are used to extend functionality of the server.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# Formats:
# LoadModule=<module.so>
# LoadModule=<path/module.so>
# LoadModule=</abs_path/module.so>
# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
@ -641,3 +777,225 @@ LogSlowQueries={{ zabbix_server_queries_slow }}
# Mandatory: no
# Default:
# TLSKeyFile=
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
# Example for OpenSSL:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example for GnuTLS:
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
# Example for OpenSSL:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
### Option: DBTLSConnect
# Setting this option enforces to use TLS connection to database.
# required - connect using TLS
# verify_ca - connect using TLS and verify certificate
# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
# matches its certificate
# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
# "verify_full".
# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
# Default is not to set any option and behavior depends on database configuration
#
# Mandatory: no
# Default:
# DBTLSConnect=
### Option: DBTLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
# Default:
# DBTLSCAFile=
### Option: DBTLSCertFile
# Full pathname of file containing Zabbix server certificate for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSCertFile=
### Option: DBTLSKeyFile
# Full pathname of file containing the private key for authenticating to database.
# Supported only for MySQL and PostgreSQL
#
# Mandatory: no
# Default:
# DBTLSKeyFile=
### Option: DBTLSCipher
# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2
# Supported only for MySQL
#
# Mandatory no
# Default:
# DBTLSCipher=
### Option: DBTLSCipher13
# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol
# Supported only for MySQL, starting from version 8.0.16
#
# Mandatory no
# Default:
# DBTLSCipher13=
### Option: VaultToken
# Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
# to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
# configuration parameter.
# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
#
# Mandatory: no
# Default:
# VaultToken=
### Option: VaultURL
# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
#
# Mandatory: no
# Default:
# VaultURL=https://127.0.0.1:8200
### Option: VaultDBPath
# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
# Example: secret/zabbix/database
# This option can only be used if DBUser and DBPassword are not specified.
#
# Mandatory: no
# Default:
# VaultDBPath=
### Option: StartReportWriters
# Number of pre-forked report writer instances.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartReportWriters=0
### Option: WebServiceURL
# URL to Zabbix web service, used to perform web related tasks.
# Example: http://localhost:10053/report
#
# Mandatory: no
# Default:
# WebServiceURL=
### Option: ServiceManagerSyncFrequency
# How often Zabbix will synchronize configuration of a service manager (in seconds).
#
# Mandatory: no
# Range: 1-3600
# Default:
# ServiceManagerSyncFrequency=60
### Option: ProblemHousekeepingFrequency
# How often Zabbix will delete problems for deleted triggers (in seconds).
#
# Mandatory: no
# Range: 1-3600
# Default:
# ProblemHousekeepingFrequency=60
## Option: StartODBCPollers
# Number of pre-forked ODBC poller instances.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartODBCPollers=1
####### For advanced users - TCP-related fine-tuning parameters #######
## Option: ListenBacklog
# The maximum number of pending connections in the queue. This parameter is passed to
# listen() function as argument 'backlog' (see "man listen").
#
# Mandatory: no
# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
# Default: SOMAXCONN (hard-coded constant, depends on system)
# ListenBacklog=
####### High availability cluster parameters #######
## Option: HANodeName
# The high availability cluster node name.
# When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to.
#
# Mandatory: no
# Default:
# HANodeName=
## Option: NodeAddress
# IP or hostname with optional port to specify how frontend should connect to the server.
# Format: <address>[:<port>]
#
# If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used.
# If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used.
# This option can be overridden by address specified in frontend configuration.
#
# Mandatory: no
# Default:
# NodeAddress=localhost:10051

19
templates/zabbix.conf.php.j2
View file

@ -1,19 +0,0 @@
<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'MYSQL';
$DB['SERVER'] = '{{ zabbix_server_db_host }}';
$DB['PORT'] = '{{ zabbix_server_db_port }}';
$DB['DATABASE'] = '{{ zabbix_server_db_name }}';
$DB['USER'] = '{{ zabbix_server_db_user }}';
$DB['PASSWORD'] = '{{ zabbix_server_db_passwd }}';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
$ZBX_SERVER = '{{ zabbix_server_hostname }}';
$ZBX_SERVER_PORT = '{{ zabbix_server_listen_port }}';
$ZBX_SERVER_NAME = '{{ zabbix_server_name }}';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

89
templates/zabbix_agent.d/userparameter_container.conf.j2
View file

@ -1,89 +0,0 @@
#!/bin/bash
#This is custom user parameters for LXC containers.
{% for item in zabbix_agent_params %}
{% if item.name == 'container' %}
# Container default parameters
UserParameter=ct.ramtotal,free -b |grep Mem | awk '{print $2}'
UserParameter=ct.ramused,free -b |grep Mem | awk '{print $3}'
UserParameter=ct.ramfree,free -b |grep Mem |awk '{print $7}'
UserParameter=ct.ramfree_proc,free | grep Mem | awk '{print $7/$2 * 100.0}' | awk '{printf "%.0f\n", $1}'
UserParameter=ct.ramcache,free -b | grep Mem | awk '{print $7}'
UserParameter=ct.swaptotal,free -b |grep Swap |awk '{print $2}'
UserParameter=ct.swapused,free -b |grep Swap |awk '{print $3}'
UserParameter=ct.swapfree,free -b |grep Swap |awk '{print $4}'
UserParameter=ct.swapfree_proc,free -b |grep Swap | awk '{print ($2 - $3)/$2 * 100.0}' | awk '{printf "%.0f\n", $1}'
UserParameter=ct.uptime,cat /proc/uptime | awk '{print $1}'
UserParameter=ct.processes,ps -AL --no-headers | wc -l
UserParameter=ct.localtime,date +%s
UserParameter=ct.issue,cat /etc/issue
{% endif %}
{% if item.name == 'postfix' %}
# Postfix parameters
UserParameter=postfix.pfmailq,mailq | grep -v "Mail queue is empty" | grep -c '^[0-9A-Z]'
UserParameter=postfix[*],/usr/local/bin/zabbix_scripts/postfix-zabbix-stats.bash $1
{% endif %}
{% if item.name == 'ldap' %}
# LDAP parameters
UserParameter=ldap.user_count,cat /tmp/disroot_user_list
{% endif %}
{% if item.name == 'postgres' %}
{% include "files/userparameter_postgres.conf" ignore missing %}
{% endif %}
{% if item.name == 'nginx' %}
#NGINX userparameters
UserParameter=nginx[*],/usr/local/bin/zabbix_scripts/nginx-check.sh "$1" "$2"
{% endif %}
{% if item.name == 'nextcloud' %}
# Nextcloud
UserParameter=nextcloud[*],cat /tmp/cloudstats | grep "$1" | cut -d "<" -f 2 | cut -d ">" -f 2 | head -n 1
{% endif %}
{% if item.name == 'dovecot' %}
# Dovecot
UserParameter=dovecot.usercount,cat /tmp/dovecot_user_count
UserParameter=dovecot.devicecount,cat /tmp/dovecot_device_count
UserParameter=dovecot.processes,ps -A |grep imap |wc -l
{% endif %}
{% if item.name == 'lufi' %}
# Lufi
UserParameter=lufi[*],cat /tmp/lufi_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'privatebin' %}
# PrivateBin
UserParameter=privatebin[*],cat /tmp/bin_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'etherpad' %}
# Etherpad
UserParameter=etherpad[*],cat /tmp/pad_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'forgejo' %}
# Forgejo
UserParameter=forgejo[*],cat /tmp/git_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'prosody' %}
# Prosody
UserParameter=prosody[*],cat /tmp/prosody_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'jitsi' %}
# Jitsi
UserParameter=jitsi[*],cat /tmp/jitsi_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% if item.name == 'mumble' %}
# Mumble
UserParameter=prmumbleosody[*],cat /tmp/mumble_stats | grep $1 | cut -d' ' -f2-
{% endif %}
{% endfor %}