Almalinux validé

2026-02-18 21:25:00 +00:00
parent 7c8f30ce06
commit 28799357f3
11 changed files with 352 additions and 37 deletions
--- a/tasks/Debian/install-front.yml
+++ b/tasks/Debian/install-front.yml
@@ -1,7 +1,7 @@
 - name: Front - Install packages
  ansible.builtin.apt:
    name: "{{ item }}"
-    state: latest
+    state: present
  loop: "{{ front.packages }}"
  tags:
    - install_front
--- a/tasks/RedHat/install-db.yml
+++ b/tasks/RedHat/install-db.yml
@@ -8,22 +8,17 @@
  tags:
    - install_db

- name: Database - Check if postgrsql configured
+- name: Database - Check if postgresql is configured
  stat:
-    path: /var/lib/pgsql/data
+    path: /var/lib/pgsql/data/PG_VERSION
  register: postgresqldata

- name: Database - debug
-  debug:
-    var: postgresqldata
-
 - name: Database - Init DB
  ansible.builtin.shell:
    cmd: postgresql-setup --initdb
  when:  postgresqldata.stat.exists == false
  tags:
    - install_db
-  

 - name: Database - Enable and start service postgresl
  ansible.builtin.service:
@@ -82,10 +77,19 @@
  service:
    name: postgresql
    state: restarted
+    enabled: true
  tags:
   - install_db

 - name: Populate zabbix database
  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
  tags:
-   - install_db
+   - install_db
+
+- name: Proxy - Enable and start service zabbix component
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2
--- a/tasks/RedHat/install-front.yml
+++ b/tasks/RedHat/install-front.yml
@@ -27,10 +27,27 @@
    - Restart php-fpm

 - name: Front - Configure keepalived
-  ansible.builtin.template:
-    src: keepalived.conf.j2
-    dest: /etc/keepalived/keepalived.conf
-    owner: root
-    group: root
-    mode: 0644
-  notify: Restart Keepalived
+  when: role == "srv"
+  block:
+    - name: Configure Keepalived
+      ansible.builtin.template:
+        src: keepalived.conf.j2
+        dest: /etc/keepalived/keepalived.conf
+        owner: root
+        group: root
+        mode: 0644
+    - name: Enable Keepalived service
+      ansible.builtin.systemd_service:
+        name: keepalived
+        state: restarted
+        enabled: true
+
+- name: Enable and start
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: 
+    - nginx
+    - php-fpm
+    - zabbix-agent2
--- a/tasks/RedHat/install-proxy.yml
+++ b/tasks/RedHat/install-proxy.yml
@@ -0,0 +1,98 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ proxy.packages }}"
+  tags:
+    - install_proxy
+    
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Proxy - Enable and restart mariadb
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: 
+    - mariadb
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy
+    - zabbix-agent2
--- a/tasks/RedHat/install-srv.yml
+++ b/tasks/RedHat/install-srv.yml
@@ -1,3 +1,4 @@
+# Server
 - name: Server - Install packages
  ansible.builtin.dnf:
    name: "{{ item }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,10 +15,14 @@
      ansible.builtin.dnf:
        name: gnupg2
        state: present
-    - name: Import a key from a url
+    - name: Copie GPG key
+      ansible.builtin.copy:
+        src: RPM-GPG-KEY-ZABBIX-B5333005
+        dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
+    - name: Import a key
      ansible.builtin.rpm_key:
        state: present
-        key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-B5333005
+        key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
    - name: Add Package
      ansible.builtin.dnf:
        name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
@@ -36,12 +40,23 @@
      ansible.builtin.shell:
        cmd: dnf clean all

+    - name: set selinux permivise
+      ansible.builtin.lineinfile:
+        path: /etc/selinux/config
+        regexp: '^SELINUX=.*'
+        line: "SELINUX=permissive"
+      register: selinux
+    
+    - name: Reboot if necessary
+      ansible.builtin.reboot:
+      when: selinux.changed
+
 - name: Prepare Debian
  when: ansible_os_family == "Debian"
  block:
    - name: Debian Repo
      ansible.builtin.apt:
-        deb: "{{repo}}"
+        deb: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+debian13_all.deb"
    - name: Mise à jour le cache des paquets
      ansible.builtin.apt:
        update_cache: yes
@@ -57,20 +72,21 @@

 - name: Server - Install
  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
-  when: role == "srv"
+  when: 
+    - role == "srv"
  tags:
    - install_srv

-# - name: Proxy - Install
-#   ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
-#   tags:
-#     - install_proxy
-#   when: role == "proxy"
+- name: Proxy - Install
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
+  tags:
+     - install_proxy
+  when: role == "proxy"


 - name: Front - Install
  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
-  when: role == "srv"
+  when: role == "srv" or role == "front"
  tags:
    - install_front