{"id":23637034,"url":"https://github.com/ansibleguy/sw_zabbix","last_synced_at":"2025-08-20T16:10:50.256Z","repository":{"id":53920622,"uuid":"435295458","full_name":"ansibleguy/sw_zabbix","owner":"ansibleguy","description":"Ansible Role to provision Zabbix services","archived":false,"fork":false,"pushed_at":"2024-08-17T20:49:09.000Z","size":191,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"latest","last_synced_at":"2024-08-17T21:45:24.605Z","etag":null,"topics":["ansible","ansible-role","automation","iac","infrastructure-as-code","monitoring","zabbix"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansibleguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"ansible0guy","github":"ansibleguy"}},"created_at":"2021-12-05T22:36:55.000Z","updated_at":"2024-08-17T20:49:13.000Z","dependencies_parsed_at":"2023-02-15T17:16:08.604Z","dependency_job_id":"4219be43-84a8-4192-a4c7-cefba486ebd8","html_url":"https://github.com/ansibleguy/sw_zabbix","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ansibleguy/sw_zabbix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_zabbix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_zabbix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_zabbix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_zabbix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansibleguy","download_url":"https://codeload.github.com/ansibleguy/sw_zabbix/tar.gz/refs/heads/latest","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_zabbix/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266242053,"owners_count":23898101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","automation","iac","infrastructure-as-code","monitoring","zabbix"],"created_at":"2024-12-28T06:17:29.806Z","updated_at":"2025-07-21T05:03:23.766Z","avatar_url":"https://github.com/ansibleguy.png","language":"Jinja","funding_links":["https://ko-fi.com/ansible0guy","https://github.com/sponsors/ansibleguy"],"categories":[],"sub_categories":[],"readme":"[![Zabbix](https://assets.zabbix.com/img/logo/zabbix_logo_313x82.png)](https://www.zabbix.com)\n\n# Ansible Role - Zabbix deployment\n\nAnsible Role to deploy Zabbix Server/Proxy/Agent components on a linux server.\n\nThe roles target is it to **configure the Zabbix components foundational**.\n\nYou will need to manage the zabbix-agent integration(s) into your systems on your own! (_per example: adding MySQL users and client-config to monitor its status_)\n\n**NOTE:** Check out the [Zabbix Server dockerized](https://github.com/ansibleguy/sw_zabbix_server) Role if you prefer Docker setups.\n\n[![Lint](https://github.com/ansibleguy/sw_zabbix/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/sw_zabbix/actions/workflows/lint.yml)\n[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/sw_zabbix)\n\n**Molecule Integration-Tests**:\n\n* Status: [![Molecule Test Status](https://badges.ansibleguy.net/sw_zabbix.molecule.svg)](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |\n[![Functional-Tests](https://github.com/ansibleguy/sw_zabbix/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/ansibleguy/sw_zabbix/actions/workflows/integration_test_result.yml)\n* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-molecule-sw_zabbix/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70\u0026lines=1000) | [Short](https://badges.ansibleguy.net/log/molecule_sw_zabbix_test_short.log) | [Full](https://badges.ansibleguy.net/log/molecule_sw_zabbix_test.log)\n\nInternal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)\n\n**Tested:**\n* Debian 11\n* Debian 12\n\n----\n\n## Install\n\n```bash\n# latest\nansible-galaxy role install git+https://github.com/ansibleguy/sw_zabbix\n\n# from galaxy\nansible-galaxy install ansibleguy.sw_zabbix\n\n# or to custom role-path\nansible-galaxy install ansibleguy.sw_zabbix --roles-path ./roles\n\n# install dependencies\nansible-galaxy install -r requirements.yml\n```\n\n----\n\n## Advertisement\n\n* Need **professional support** using Ansible or Zabbix? Contact us:\n\n  E-Mail: [contact@oxl.at](mailto:contact@oxl.at)\n\n  Tel: [+43 3115 40 900 0](tel:+433115409000)\n\n  Web: [EN](https://www.o-x-l.com) | [DE](https://www.oxl.at)\n\n  Language: German or English\n\n* You want a simple **Ansible GUI**?\n\n  Check-out this [Ansible WebUI](https://github.com/ansibleguy/webui)\n\n----\n\n## Usage\n\n### Config\n\nDefine the zabbix dictionary as needed.\n\nExample for a zabbix server:\n```yaml\nzabbix:\n  manage:\n    agent2: true  # activated by default\n    server: true\n \n  server:\n    nginx:  # configure the webserver settings =\u003e see: https://github.com/ansibleguy/infra_nginx\n      domain: 'zabbix.template.ansibleguy.net'\n      aliases: ['zbx.template.ansibleguy.net']\n \n      ssl:\n        mode: 'letsencrypt'  # or snakeoil/selfsigned/ca\n        #  if you use 'selfsigned', 'snakeoil' or 'ca':\n        #    cert:\n        #      cn: 'Zabbix Server'\n        #      org: 'AnsibleGuy'\n        #      email: 'zabbix@template.ansibleguy.net'\n      letsencrypt:\n        email: 'zabbix@template.ansibleguy.net'\n\n    tls_cert_copy: 'server.crt'  # will be copied from the roles 'files/certs' directory to the target system\n    tls_key_copy: 'server.key'  # must be configured for server-authentication\n    tls_ca_copy: 'ca.crt'\n    settings:\n      ListenIP: '172.16.0.54'\n      ProxyDataFrequency: 10\n      ProxyConfigFrequency: 600\n      SSHKeyLocation: '/etc/zabbix/private/id_rsa'\n\n  agent2:\n    tls_psk: !vault ...\n\n    settings:\n      Server: '172.16.0.54'\n      TLSPSKIdentity: 'RandomIdentity_O(73odfs23'\n```\n\nExample for a zabbix proxy:\n```yaml\nzabbix:\n  manage:\n    agent2: true\n    proxy: true\n \n  proxy:\n    tls_cert_copy: 'proxy01.crt'  # will be copied from the roles 'files/certs' directory to the target system\n    tls_key_copy: 'proxy01.key'  # must be configured for client-authentication\n    tls_ca_copy: 'ca.crt'\n\n    settings:\n      Server: '172.16.0.54'\n      TLSConnect: 'cert'\n      TLSAccept: 'cert'\n      ConfigFrequency: 600\n      ListenIP: '172.18.15.7'\n \n  agent2:\n    tls_psk: !vault ...  # plain key may only contain hexdigits (0-9 \u0026 a-f)\n\n    settings:\n      Server: '172.18.15.7'\n      ListenIP: '172.18.15.7'\n```\n\nExample for zabbix agent V2:\n```yaml\nzabbix:\n  # agent version 2 is enabled by default\n  #  manage:\n  #    agent2: true\n  \n  agent2:\n    tls_psk: !vault ...  # plain key may only contain hexdigits (0-9 \u0026 a-f)\n\n    settings:\n      Server: '172.16.0.54'\n      TLSPSKIdentity: 'RandomIdentity_lUF(o3s4kjh3o'\n      ListenIP: '172.16.0.80'\n```\n\nExample for the older zabbix agent:\n```yaml\nzabbix:\n  manage:\n    agent1: true\n\n  agent1:\n    tls_psk: !vault ...  # plain key may only contain hexdigits (0-9 \u0026 a-f)\n\n    settings:\n      Server: '172.16.0.54'\n      TLSPSKIdentity: 'RandomIdentity_lUF(o3s4kjh3o'\n      ListenIP: '172.16.0.80'\n```\n\nExample - if you don't want to use the ansible-managed nginx web-proxy:\n```yaml\nzabbix:\n  manage:\n    server: true\n    webserver: false  # \u003c=\n \n  server:\n    ...\n    settings:\n      ...\n```\n\nYou might want to use 'ansible-vault' to encrypt your passwords:\n```bash\nansible-vault encrypt_string\n```\n\n### Execution\n\nRun the playbook:\n```bash\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml --ask-vault-pass\n```\n\nThere are also some useful **tags** available:\n* config\n* install\n* uninstall\n* agent\n* proxy\n* server\n\n----\n\n## Functionality\n\n* **Package installation**\n  * Zabbix server\n    * Dependencies (_php, ..._)\n    * Apache2 =\u003e configured by Zabbix-Server package\n    * Nginx =\u003e using [THIS Role](https://github.com/ansibleguy/infra_nginx)\n    * MariaDB =\u003e using [THIS Role](https://github.com/ansibleguy/infra_mariadb)\n\n  * Zabbix proxy\n    * MariaDB =\u003e using [THIS Role](https://github.com/ansibleguy/infra_mariadb)\n\n  * Zabbix agent\n\n\n* **Configuration**\n  * **Features**:\n    * Copying your..\n      * scripts (_agent scripts, externalscripts, alertscripts_)\n      * userparameters\n      * certificates\n\n    * .. to the target system; just put them in the prepared 'files' directory of this role!\n   \n  * **Default config**:\n    * Using ansible-hostnames as Zabbix hostnames\n    * Traffic encryption using PSK\n    * Using a Self-Signed certificate for the Zabbix server\n    * not running as root\n    * Webserver best-practices =\u003e see: [THIS Role](https://github.com/ansibleguy/infra_nginx)\n    * Agent/Proxy/Server listening on all interfaces\n\n  * **Default opt-ins**:\n    * Logging to syslog\n    * Zabbix agent installation\n    * MariaDB setup for Zabbix proxy and server\n    * Nginx setup for Zabbix server\n\n  * **Default opt-outs**:\n    * Zabbix proxy and server installation\n    * Settings: UnsafeUserParameters, EnableRemoteCommands\n\n  * **Security**:\n    * Traffic encryption per PSK or Certificate is **ENFORCED**\n\n----\n\n## Info\n\n* **Note:** The lowest version supported is 6.0!\n\n\n* **Warning:** The target server/os for the Zabbix server-component should host only this service! Else you might possibly run into configuration/compatibility issues!\n\n\n* **Note:** this role currently only supports debian-based systems\n\n\n* **Info:** We chose to use Nginx and Apache2 so that the configuration managed by Zabbix (_Apache2_) and the one we manage using this role (_Nginx_) can co-exist safely.\nThis may be important in the future.\nElse incompatibilities would break future setups if Zabbix changes their config-handling.\n\n\n* **Info:** Zabbix-Server apache2 config is stored at: /etc/zabbix/apache.conf (_default_)\n\n\n* **Info:** The default login for the Zabbix server is: **User = Admin | Password = zabbix**\n\n\n* **Info:** If the server installation fails for some reason you might want to uninstall the 'zabbix-server-mysql' package before re-running this role!\n\n\n* **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!\n\n\n* **Info:** If you use PSKs to encrypt your traffic - it must be at least 32 hex-digits long!\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Fsw_zabbix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansibleguy%2Fsw_zabbix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Fsw_zabbix/lists"}