stef
/
role_zabbix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Almalinux validé

main
stef 2026-02-18 21:25:00 +00:00
parent 7c8f30ce06
commit 28799357f3
11 changed files with 352 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored 100644
View File

@ -0,0 +1,2 @@
files/*.crt
files/*.key

143
README.md
View File

@ -1,31 +1,154 @@
Role Name
Zabbix
=========
A brief description of the role goes here.
Deploiement d'une infrascutrure ZAbbix complete
Deux serveur zabbix
- HA
- Keealived pour nginx
- Certiticats TLS
Distribution prise en charges:
- Debian13
- Almalinux
Pour Ajouter une distribution RHEL like
Ajouter un block dans tasks/main.yml
Similaire à ceci ( voir https://www.zabbix.com/download pour le path associé a votre distribution):
```
- name: Prepare <Votre distribution>
when: ansible_distribution == "AlmaLinux" <= Nom de votre distriution
block:
- name: add gpg
ansible.builtin.dnf:
name: gnupg2
state: present
- name: Copie GPG key
ansible.builtin.copy:
src: RPM-GPG-KEY-ZABBIX-B5333005
dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Import a key
ansible.builtin.rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Add Package
ansible.builtin.dnf:
name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/<Votre distribution>/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
```
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Nécéssite les fichiers de certificats suivants:
Role Variables
- zabbix_ca.cert
- zabbix_server.cert
- zabbix_server.key
- zabbix_agent.cert
- zabbix_agent.key
- zabbix_proxy.cert
- zabbix_proxy.key
Ces fichiers sont a déposer dans /files
Note: vous pouvez changer le nom des fichiers en ce cas modifier les variables suivante dans default/main.yml
```
zabbix_ca: zabbix_ca
zabbix_server: zabbix_server
zabbix_proxy: zabbix_proxy
zabbix_agent: zabbix_agent
```
# Variables
--------------
## Role Variables
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Variable definies dans default/main.yml
# defaults file for zabbix
| Variable | Role | Remarques|
|----------|------|----------|
|zabbix_version|Version de zabbix|Ne fonctionnent actuellement pour les Debian|
|roles_cibles| utlisés pour générer les Variable Server et ActiveServer | Exemple:['srv', 'proxy']|
|db_name|Nom de la base de postgres des serveurs||
|db_user|Nom de l'utilisateur de la base postgres serveurs||
|db_passwd|Mot de passe l'utilisateur de la base postgres serveurs||
|proxy_db_name|Nom de la base des proxys||
|proxy_db_user|Nom de l'utilisateur de la base des proxys||
|proxy_db_passwd|Mot de passe de l'utilisateur de la base des proxys||
|zabbix_ca|Nom du fichier de CA||
|zabbix_server|Nom du fichier de certificat utilisés par les serveurs||
|zabbix_proxy|Nom du fichier de certificat utilisés par les proxy||
|zabbix_agent|Nom du fichier de certificat utilisés par les agents||
## Group Variables
| Variable | Role | Remarques|
|----------|------|----------|
|db_host| adatabase.bv.stef.lan|
|db_port| 5432|Non utilisé pour le moment|
|postgresql_version|| Exemple 17, uniquement implementé dans débian|
|zabbix_crypt| Type de chiffrement utilisé| tls ou psk pour le moment seul tls est totalement implementé|
|zabbix_cert_ca_name| zabbix_ca||
|zabbix_cert_server_name| zabbix_server||
|zabbix_cert_agent_name| zabbix_agent||
|TLSServerCertSubject| DN des serveurs zabbix| exemple: "CN=zabbix_server,C=FR"|
|TLSServerCertIssuer| DN du CA zabbix| exemple: "CN=zabbix_ca,C=FR"|
|ZabbixHA| Activation du HA ou non | true ou false|
|vip_address| Vip keealived des nginx| exemple 192.168.200.75|
|vip_fqdn| FQDN de la Vip keealived des nginx|exemple: zabbix.mondomain.com|
|ActiveVault| Active ou non le vault| true ou false|
|Vault| Modele du vault| HashiCorp actuellement uniquement implémenté|
|VaultToken|Token d'acces au vault||
|VaultURL| Url du vault | exemple: https://vault.mondomain.com|
|VaultPrefix| Path des secret zabbix| exemple: /v1/secret/data/zabbix/|
|VaultDBPath| nom du secret des credential d'acces DB| exemple: /database|
## Hosts Variables
L'host master keepalived doit contenir:
```
keepalived:
state: MASTER
priority: 244
```
L'host backup keepalived doit contenir:
```
keepalived:
state: BACKUP
priority: 243
```
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
None
Exemple Inventory
zabbix_instance01:
hosts:
server01.mondomain.com:
role: srv
server02.mondomain.com:
role: srv
database.mondomain.com:
role: db
front.mondomain.com:
role: front
proxy01.mondomain.com:
role: proxy
proxy02.mondomain.com:
role: proxy
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------

52
files/RPM-GPG-KEY-ZABBIX-B5333005 100644
View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
RF/42ix6CdCLj9WuDJRHAPA6nA==
=iQwh
-----END PGP PUBLIC KEY BLOCK-----

3
handlers/main.yml
View File

@ -33,4 +33,5 @@
- name: Restart Keepalived
service:
name: keepalived
state: restarted
state: restarted

2
tasks/Debian/install-front.yml
View File

@ -1,7 +1,7 @@
- name: Front - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
state: present
loop: "{{ front.packages }}"
tags:
- install_front

20
tasks/RedHat/install-db.yml
View File

@ -8,22 +8,17 @@
tags:
- install_db
- name: Database - Check if postgrsql configured
- name: Database - Check if postgresql is configured
stat:
path: /var/lib/pgsql/data
path: /var/lib/pgsql/data/PG_VERSION
register: postgresqldata
- name: Database - debug
debug:
var: postgresqldata
- name: Database - Init DB
ansible.builtin.shell:
cmd: postgresql-setup --initdb
when: postgresqldata.stat.exists == false
tags:
- install_db
- name: Database - Enable and start service postgresl
ansible.builtin.service:
@ -82,10 +77,19 @@
service:
name: postgresql
state: restarted
enabled: true
tags:
- install_db
- name: Populate zabbix database
ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
tags:
- install_db
- install_db
- name: Proxy - Enable and start service zabbix component
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-agent2

31
tasks/RedHat/install-front.yml
View File

@ -27,10 +27,27 @@
- Restart php-fpm
- name: Front - Configure keepalived
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: 0644
notify: Restart Keepalived
when: role == "srv"
block:
- name: Configure Keepalived
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: 0644
- name: Enable Keepalived service
ansible.builtin.systemd_service:
name: keepalived
state: restarted
enabled: true
- name: Enable and start
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- nginx
- php-fpm
- zabbix-agent2

98
tasks/RedHat/install-proxy.yml 100644
View File

@ -0,0 +1,98 @@
- name: Proxy - Install Debian Proxy packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop: "{{ proxy.packages }}"
tags:
- install_proxy
- name: Proxy - Enable and start service mariadb
ansible.builtin.service:
name: mariadb
state: started
enabled: yes
tags:
- install_proxy
- name: Proxy - Generate mariadb proxy creation script
ansible.builtin.template:
src: create_proxy_db.j2
dest: /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Create mariadb proxy database
ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Populate mariadb proxy database
ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
tags:
- install_proxy
- name: Proxy - Enable and restart mariadb
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- mariadb
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Proxy - Génération la liste des servers
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', 'srv') |
map(attribute='inventory_hostname') |
list }}
- name: Proxy - Set fact Server
set_fact:
Server: "{{ hotes_filtres | join(';') }}"
- name: Proxy - Generate config
ansible.builtin.template:
src: zabbix_proxy.conf.j2
dest: /etc/zabbix/zabbix_proxy.conf
owner: root
group: zabbix
mode: 400
tags:
- install_proxy
- name: Proxy - Create certificats directory
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Proxy - Copy certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_proxy}}.crt"
- "{{ zabbix_proxy}}.key"
when: zabbix_crypt=="tls"
- name: Proxy - Enable and start service zabbix proxy
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-proxy
- zabbix-agent2

1
tasks/RedHat/install-srv.yml
View File

@ -1,3 +1,4 @@
# Server
- name: Server - Install packages
ansible.builtin.dnf:
name: "{{ item }}"

36
tasks/main.yml
View File

@ -15,10 +15,14 @@
ansible.builtin.dnf:
name: gnupg2
state: present
- name: Import a key from a url
- name: Copie GPG key
ansible.builtin.copy:
src: RPM-GPG-KEY-ZABBIX-B5333005
dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Import a key
ansible.builtin.rpm_key:
state: present
key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-B5333005
key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Add Package
ansible.builtin.dnf:
name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
@ -36,12 +40,23 @@
ansible.builtin.shell:
cmd: dnf clean all
- name: set selinux permivise
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX=.*'
line: "SELINUX=permissive"
register: selinux
- name: Reboot if necessary
ansible.builtin.reboot:
when: selinux.changed
- name: Prepare Debian
when: ansible_os_family == "Debian"
block:
- name: Debian Repo
ansible.builtin.apt:
deb: "{{repo}}"
deb: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+debian13_all.deb"
- name: Mise à jour le cache des paquets
ansible.builtin.apt:
update_cache: yes
@ -57,20 +72,21 @@
- name: Server - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
when: role == "srv"
when:
- role == "srv"
tags:
- install_srv
# - name: Proxy - Install
# ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
# tags:
# - install_proxy
# when: role == "proxy"
- name: Proxy - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
tags:
- install_proxy
when: role == "proxy"
- name: Front - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
when: role == "srv"
when: role == "srv" or role == "front"
tags:
- install_front

1
vars/RedHat.yml
View File

@ -26,6 +26,7 @@ front:
- php-fpm
proxy:
packages:
- mariadb-server
- mariadb
- zabbix-proxy-mysql
- zabbix-sql-scripts