Proxy
--- classes: - role::zabbix::zabbix_proxy # not sure if encrypted passwords need to be quoted profile::zabbix::zabbix_params::database_password: ENC[PKCS7,XXXXX_some_encrypted_string_XXXXXX] profile::zabbix::zabbix_params::innodb_buffer_pool_size: '3G' # needs to be set to around 70-75% of available RAM ...
Web
--- # Zabbix Web Frontend classes: - role::zabbix::zabbix_web # set passwords with encrypted strings. Ideally this should have a common_zabbix.eyaml file which has the password declarations kept in one place to prevent duplication profile::zabbix::zabbix_params::database_password: ENC[PKCS7,XXXXX_some_encrypted_string_XXXXXX] profile::zabbix::zabbix_params::api_user_pass: ENC[PKCS7,XXXXX_some_encrypted_string_XXXXXX] ...
Server
--- # Zabbix Server classes: - role::zabbix::zabbix_server # set passwords with encrypted strings. Ideally this should have a common_zabbix.eyaml file which has the password declarations kept in one place to prevent duplication profile::zabbix::zabbix_params::database_password: ENC[PKCS7,XXXXX_some_encrypted_string_XXXXXX] profile::zabbix::zabbix_params::api_user_pass: ENC[PKCS7,XXXXX_some_encrypted_string_XXXXXX] ...
Agent
--- classes: - 'role::base' profile::zabbix::agent::server: 'zabbix-proxy1.example.com,zabbix-proxy1.example.com' ...
DB
--- # Zabbix DB Slave lvm::volume_groups: myvg: physical_volumes: - /dev/sda2 - /dev/sda3 logical_volumes: opt: size: 20G tmp: size: 1G usr: size: 3G var: size: 150G home: size: 5G --- classes: - role::zabbix::zabbix_db_mstr
encrypted passwords created by:
- root@ puppet# pwd
- /etc/puppetlabs/puppet
- root@ puppet# eyaml encrypt --stdin
- ctrl-d to end
profile::zabbix::zabbix_params::database_password: ENC[PKCS7,XXXXXXXXXXXXXXXXXXXXXXXX] profile::zabbix::zabbix_params::innodb_buffer_pool_size: '3G' # needs to be set to around 70-75% of available RAM profile::zabbix::zabbix_srv_db_mstr::zabbix_server_ste: 'SOMEHOST.EXAMPLE.COM' # This Puppet module doesn't account for resilience, in any way. So this will need to be updated upon failover until DNS CNAME can be used. May be able to set both Server names profile::zabbix::zabbix_srv_db_mstr::zabbix_server_sdc: 'SOMEHOST.EXAMPLE.COM' # This Puppet module doesn't account for resilience, in any way. So this will need to be updated upon failover until DNS CNAME can be used. May be able to set both Server names profile::zabbix::zabbix_srv_db_mstr::zabbix_web: 'SOMEHOST.EXAMPLE.COM' # This Puppet module doesn't account for resilience, in any way. So this will need to be updated upon failover until DNS CNAME can be used. May be able to set both Server names # The following password is an encrypted hash for mysql. Hash created using # mysql> select password('some_password'); profile::zabbix::zabbix_srv_db_mstr::replicator_pw: ENC[PKCS7,XXXXXXXXXXXXXXXXXXXXXXXXXX] ...