first commit

tasks/install-agent2.yml

@@ -0,0 +1,76 @@
+
+- name: Install Agent2 Debian packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ debian_agent_packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "Debian" 
+
+- name: Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ rhel_agent_packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "RedHat" 
+   
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/install-db.yml

@@ -0,0 +1,84 @@
+
+
+- name: Install RHEL packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ rhel_db_packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "RedHat"
+
+- name: Install Debian packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ debian_db_packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "Debian" 
+
+- name: Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Run create db script
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/install-front.yml

@@ -0,0 +1,47 @@
+- name: Install RHEL Front
+  when: ansible_os_family == "RedHat"
+  block:
+    - name: Install packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: latest
+      loop: "{{ rhel_front_packages }}"
+      tags:
+          - install_front
+    - name: Generate front php config
+      ansible.builtin.template:
+          src: zabbix.conf.php.j2
+          dest: /usr/share/zabbix/conf/zabbix.conf.php
+          owner: root
+          group: root
+          mode: 644  
+      tags:
+        - install_front
+
+- name: Install Debian Front
+  when: ansible_os_family == "Debian"
+  block:
+    - name: Install Debian packages
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: latest
+      loop: "{{ debian_front_packages }}"
+      tags:
+        - install_front
+
+    - name: Configure nginx port
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/nginx.conf
+        regexp: 'listen          8080;'
+        line: "        listen          80;"
+      tags:
+        - install_srv
+
+    - name: Configure nginx url
+      ansible.builtin.lineinfile:
+        path: /etc/zabbix/nginx.conf
+        regexp: 'server_name     example.com;'
+        line: "        server_name     {{ inventory_hostname }};"
+      tags:
+        - install_srv
+      notify: Restart nginx

tasks/install-proxy.yml

@@ -0,0 +1,100 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ debian_proxy_packages }}"
+  tags:
+    - install_proxy
+  when: ansible_os_family == "Debian" 
+
+
+- name: Proxy - Install RedHat packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ rhel_proxy_packages }}"
+  tags:
+    - install_proxy
+  when: ansible_os_family == "RedHat" 
+
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy 

tasks/install-srv.yml

@@ -0,0 +1,57 @@
+- name: Install Debian packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ debian_srv_packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "Debian" 
+
+
+- name: Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ rhel_srv_packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "RedHat" 
+
+- name: Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+    
+- name: Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server

tasks/main.yml

@@ -0,0 +1,74 @@
+---
+# tasks file for zabbix
+- name: check OS version
+  debug: var=ansible_os_family
+- name: Prepare RHEL
+  block:
+    - name: Alma Repo
+      ansible.builtin.shell:
+        cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm
+    - name: disable firewall
+      ansible.builtin.service:
+        name: firewalld
+        state: stopped
+        enabled: false
+    - name: clean repo
+      ansible.builtin.shell:
+        cmd: dnf clean all
+  when: ansible_os_family == "RedHat"
+- name: Prepare Debian
+  block:
+  - name: Debian Repo
+    ansible.builtin.apt:
+      deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+  - name: Mise à jour le cache des paquets
+    ansible.builtin.apt:
+      update_cache: yes
+  when: ansible_os_family == "Debian"
+
+
+- name: Install Database
+  when: role == "db"
+  block:
+    - name: Install Zabbix DB
+      ansible.builtin.include_tasks: install-db.yml
+      when: role == "db"
+      tags:
+       - database
+  tags:
+    - install_db
+
+- name: Install server
+  when: role == "srv"
+  block:
+    - name: Install Zabbix Server
+      ansible.builtin.include_tasks: install-srv.yml
+      when: role == "srv"
+  tags:
+    - install_srv
+
+- name: Install zabbix_proxy
+  when: role == "proxy"
+  block:
+    - name: Install Zabbix Proxy
+      ansible.builtin.include_tasks: install-proxy.yml
+      when: role == "proxy"
+  tags:
+    - install_proxy
+
+- name: Install Front
+  when: role == "front"
+  block:
+    - name: Install Zabbix Front
+      ansible.builtin.include_tasks: install-front.yml
+      when: role == "front"
+  tags:
+    - install_front
+
+- name: Install Agent
+  block:
+    - name: Install Zabbix Agent
+      ansible.builtin.include_tasks: install-agent2.yml
+  tags:
+    - install_agent
+    - never