diff --git a/roles/ind/promgraf/docker-compose.yml b/roles/ind/promgraf/docker-compose.yml index 4dbf844..417b511 100644 --- a/roles/ind/promgraf/docker-compose.yml +++ b/roles/ind/promgraf/docker-compose.yml @@ -14,6 +14,7 @@ services: image: grafana/promtail:master volumes: - /var/log:/var/log + - ./promtail:/etc/promtail/ command: -config.file=/etc/promtail/docker-config.yaml networks: - promtail-loki @@ -40,6 +41,7 @@ services: - prometheus-cadvisor - grafana-prometheus command: >- + --web.enable-lifecycle --config.file=/app.cfg/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/usr/share/prometheus/console_libraries diff --git a/roles/ind/zabbix/cron.vars b/roles/ind/zabbix/cron.vars new file mode 100644 index 0000000..bd19c06 --- /dev/null +++ b/roles/ind/zabbix/cron.vars @@ -0,0 +1,25 @@ +--- +cronjob: + #- name: home + # job_name: "Daily /home/docker/ Backup" + # job_minute: "0" + # job_hour: "2" + # job_day: "*" + # user: "root" + # job_command: "/home/restic/restic.sh --backup /home/docker/" + + - name: appdata + job_name: "Daily /ceph/ Backup" + job_minute: "0" + job_hour: "3" + job_day: "*" + user: "root" + job_command: "/home/docker/restic.sh --backup /ceph/ " + + - name: weeklydb + job_name: "Weekly /data/ verification" + job_minute: "10" + job_hour: "6" + job_day: "1" + user: "root" + job_command: "/home/docker/restic.sh --verify /ceph/" \ No newline at end of file diff --git a/roles/ind/zabbix/docker-compose.env b/roles/ind/zabbix/docker-compose.env new file mode 100644 index 0000000..e0718b5 --- /dev/null +++ b/roles/ind/zabbix/docker-compose.env @@ -0,0 +1,5 @@ +MYSQL_USER=zabbix +MYSQL_PASSWORD=kvcm08m2ou3nc0923w4n +MYSQL_ROOT_PASSWORD=kqjnvq038rn32n4jkn +ZABBIX_DATA_PATH=/zabbix +ZBX_STARTPINGERS=1 \ No newline at end of file diff --git a/roles/ind/zabbix/zabbix-install.yml b/roles/ind/zabbix/zabbix-install.yml new file mode 100644 index 0000000..46ecaba --- /dev/null +++ b/roles/ind/zabbix/zabbix-install.yml @@ -0,0 +1,164 @@ +--- +- hosts: all + become: yes + remote_user: ansible + gather_facts: false + + vars: + docker_compose_definition: | + services: + # Zabbix database + zabbix-db: + container_name: zabbix-db + image: mariadb:10.11.4 + restart: always + volumes: + - ${ZABBIX_DATA_PATH}/zabbix-db/mariadb:/var/lib/mysql:rw + - ${ZABBIX_DATA_PATH}/zabbix-db/backups:/backups + command: + - mariadbd + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_bin + - --default-authentication-plugin=mysql_native_password + environment: + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + stop_grace_period: 1m + + # Zabbix server + zabbix-server: + container_name: zabbix-server + image: zabbix/zabbix-server-mysql:ubuntu-6.4-latest + restart: always + ports: + - 10051:10051 + volumes: + - /etc/localtime:/etc/localtime:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/alertscripts:/usr/lib/zabbix/alertscripts:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/externalscripts:/usr/lib/zabbix/externalscripts:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/dbscripts:/var/lib/zabbix/dbscripts:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/export:/var/lib/zabbix/export:rw + - ${ZABBIX_DATA_PATH}/zabbix-server/modules:/var/lib/zabbix/modules:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/enc:/var/lib/zabbix/enc:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/ssh_keys:/var/lib/zabbix/ssh_keys:ro + - ${ZABBIX_DATA_PATH}/zabbix-server/mibs:/var/lib/zabbix/mibs:ro + environment: + - MYSQL_ROOT_USER=root + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - DB_SERVER_HOST=zabbix-db + - ZBX_STARTPINGERS=${ZBX_STARTPINGERS} + depends_on: + - zabbix-db + stop_grace_period: 30s + sysctls: + - net.ipv4.ip_local_port_range=1024 65000 + - net.ipv4.conf.all.accept_redirects=0 + - net.ipv4.conf.all.secure_redirects=0 + - net.ipv4.conf.all.send_redirects=0 + + # Zabbix web UI + zabbix-web: + container_name: zabbix-web + image: zabbix/zabbix-web-nginx-mysql:ubuntu-6.4-latest + restart: always + ports: + - 8080:8080 + volumes: + - /etc/localtime:/etc/localtime:ro + - ${ZABBIX_DATA_PATH}/zabbix-web/nginx:/etc/ssl/nginx:ro + - ${ZABBIX_DATA_PATH}/zabbix-web/modules/:/usr/share/zabbix/modules/:ro + environment: + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - DB_SERVER_HOST=zabbix-db + - ZBX_SERVER_HOST=zabbix-server + - ZBX_SERVER_NAME=Zabbix Docker + - PHP_TZ=America/Chicago + + depends_on: + - zabbix-db + - zabbix-server + stop_grace_period: 10s + + tasks: + - name: Upgrade-packages.yml - update packages + include: ../../lib/upgrade-packages.yml + + - name: Install-docker.yml - setting up docker + include: ../../lib/install-docker.yml + + - name: Install Restic and setup + include: ../../lib/setup-restic.yml + + - name: Setup Restic Cron jobs + include: ../../lib/setup-restic-cron.yml + + - name: Create zabbix user + user: + name: zabbix + uid: 2005 + group: users + state: present + create_home: yes + home: /home/zabbix + shell: /bin/bash + + - name: Install Python Packages + apt: + name: + - python3-full + - python3-pip + state: present + update_cache: yes + + - name: Setup Service + copy: + dest: /etc/systemd/system/zabbix.service + content: | + [Unit] + Description=zabbix + After=network.target + + [Service#] + User=docker + WorkingDirectory=/home/docker + ExecStart=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml up -d + Restart=always + + [Install] + WantedBy=multi-user.target + owner: root + group: root + mode: '0644' + + - name: Write docker-compose.yml + ansible.builtin.copy: + content: "{{ docker_compose_definition }}" + dest: /home/docker/docker-compose.yml + owner: docker + group: docker + mode: u=rw,g=r,o=r + + - name: Check if zabbix directory exists + stat: + path: /zabbix + register: zabbix_stat + + - name: Restore zabbix Dir + shell: | + restic --password-file /home/restic/.resticpassword -r sftp:misamisa://home/restic/$(hostname) --target / restore latest + args: + chdir: /home/restic + creates: /zabbix + when: not zabbix.stat.exists or not zabbix_stat.stat.isdir + + - name: Reload systemd daemon + systemd: + daemon_reload: yes + + - name: Start zabbix Service + systemd: + name: zabbix + state: started + enabled: yes \ No newline at end of file diff --git a/zabbix.tf b/zabbix.tf new file mode 100644 index 0000000..b8e2506 --- /dev/null +++ b/zabbix.tf @@ -0,0 +1,48 @@ +resource "proxmox_lxc" "zabbix" { + target_node = "pve" + hostname = "zabbix" + vmid = 220 + ostemplate = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" + password = "terraform" + unprivileged = true + cores = 6 + memory = 4096 + swap = 1024 + start = true + tags = "terraform" + nameserver = "192.168.0.24" + ssh_public_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFw70PrMsilcsqCrwW1I6PAt3anQbhmVg+t/HUfomug ryan@mxDesktop" + + features { + nesting = true + } + + rootfs { + storage = "nvme" + size = "64G" + } + + mountpoint{ + key = "0" + slot = 0 + storage = "Cephtest" + mp = "/ceph" + size = "200G" + } + + network { + name = "eth0" + bridge = "vmbr0" + ip = "192.168.0.59/24" + gw = "192.168.0.1" + + } + + provisioner "local-exec" { + command = "./.ansible.d/setup.sh $IP" + environment = { + IP = "192.168.0.59" + } + } + +}