Zabbix: Add HAProxy monitoring template

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
2026-06-14 22:36:09 +08:00 · 2025-11-03 15:54:57 +00:00
parent 5c3f92cee6
commit 0a4a78bf9a
4 changed files with 2427 additions and 1 deletions
--- a/roles/anubis/tasks/main.yml
+++ b/roles/anubis/tasks/main.yml
@@ -131,8 +131,8 @@
    selinux_module_name: zabbix_anubis
  when: selinux_zabbix_file.changed
  tags:
+  - anubis
  - selinux
-  - postfix
  - zabbix_agent

 - name: Install Zabbix agent config drop-in
--- a/roles/haproxy/files/zabbix/selinux-haproxy.te
+++ b/roles/haproxy/files/zabbix/selinux-haproxy.te
@@ -0,0 +1,10 @@
+module zabbix_haproxy 1.2;
+
+require {
+        type http_cache_port_t;
+        type zabbix_agent_t;
+        class tcp_socket name_connect;
+}
+
+#============= zabbix_agent_t ==============
+allow zabbix_agent_t http_cache_port_t:tcp_socket name_connect;
--- a/roles/haproxy/files/zabbix/template-haproxy.yml
+++ b/roles/haproxy/files/zabbix/template-haproxy.yml
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -129,3 +129,69 @@
  service: name=haproxy state=started enabled=yes
  tags:
  - haproxy
+
+### Monitoring config
+# Custom SELinux requirements for Zabbix to execute monitoring
+- name: Ensure a directory exists for HAProxy Zabbix selinux module
+  ansible.builtin.file:
+    path: /usr/local/share/zabbix
+    state: directory
+    mode: '0755'
+  tags:
+  - haproxy
+  - selinux
+  - zabbix_agent
+
+- name: Copy HAProxy Zabbix SELinux module
+  ansible.builtin.copy:
+    src: zabbix/selinux-haproxy.te
+    dest: /usr/local/share/zabbix/zabbix_haproxy.te
+    owner: root
+    group: root
+    mode: '0644'
+  register: selinux_zabbix_file
+  tags:
+  - haproxy
+  - selinux
+  - zabbix_agent
+
+- name: Compile and install SELinux module
+  ansible.builtin.include_tasks: "{{ tasks_path }}/compile-selinux.yml"
+  vars:
+    selinux_module_dir: /usr/local/share/zabbix
+    selinux_module_name: zabbix_haproxy
+  when: selinux_zabbix_file.changed
+  tags:
+  - haproxy
+  - selinux
+  - zabbix_agent
+
+- name: Zabbix API Block
+  vars:
+    ansible_zabbix_auth_key: "{{ zabbix_auth_key }}"
+    ansible_network_os: "{{ zabbix_network_os }}"
+    ansible_connection: "{{ zabbix_connection }}"
+    ansible_httpapi_port: "{{ zabbix_httpapi_port }}"
+    ansible_httpapi_use_ssl: "{{ zabbix_httpapi_use_ssl }}"
+    ansible_httpapi_validate_certs: "{{ zabbix_httpapi_validate_certs }}"
+    ansible_host: "{{ zabbix_server }}"
+    ansible_zabbix_url_path: "{{ zabbix_url_path }}"
+  tags:
+    - haproxy
+    - zabbix_api
+  block:
+    - name: Import HAProxy template file
+      community.zabbix.zabbix_template:
+        template_yaml: "{{ lookup('file', 'zabbix/template-haproxy.yml') }}"
+        state: present
+    - name: Ensure HAProxy hostgroup is present
+      community.zabbix.zabbix_group:
+        host_groups:
+          - HAProxy servers
+        state: present
+    - name: Add self to HAProxy in Zabbix
+      community.zabbix.zabbix_host:
+        host_name: "{{ inventory_hostname }}"
+        host_groups: HAProxy servers
+        link_templates: HAProxy Monitoring
+        force: false