From f3855df1a89702289af6fe29bc3e39f616a3d0b2 Mon Sep 17 00:00:00 2001 From: stef Date: Mon, 16 Feb 2026 22:20:56 +0000 Subject: [PATCH 01/11] Debut de separation par distribution + ajout keepalived --- defaults/main.yml | 55 +++++++++++--------- handlers/main.yml | 5 ++ tasks/Debian/install-agent2.yml | 66 ++++++++++++++++++++++++ tasks/Debian/install-db.yml | 73 ++++++++++++++++++++++++++ tasks/Debian/install-front.yml | 41 +++++++++++++++ tasks/Debian/install-proxy.yml | 91 +++++++++++++++++++++++++++++++++ tasks/Debian/install-srv.yml | 53 +++++++++++++++++++ tasks/RedHat/install-agent2.yml | 66 ++++++++++++++++++++++++ tasks/RedHat/install-db.yml | 75 +++++++++++++++++++++++++++ tasks/RedHat/install-srv.yml | 53 +++++++++++++++++++ tasks/main.yml | 53 +++++++++---------- templates/keepalived.conf.j2 | 22 ++++++++ templates/zabbix_front.conf.j2 | 67 ++++++++++++++++++++++++ vars/Debian.yml | 47 +++++++++++++++++ vars/RedHat.yml | 28 ++++++++++ 15 files changed, 741 insertions(+), 54 deletions(-) create mode 100644 tasks/Debian/install-agent2.yml create mode 100644 tasks/Debian/install-db.yml create mode 100644 tasks/Debian/install-front.yml create mode 100644 tasks/Debian/install-proxy.yml create mode 100644 tasks/Debian/install-srv.yml create mode 100644 tasks/RedHat/install-agent2.yml create mode 100644 tasks/RedHat/install-db.yml create mode 100644 tasks/RedHat/install-srv.yml create mode 100644 templates/keepalived.conf.j2 create mode 100644 templates/zabbix_front.conf.j2 create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml diff --git a/defaults/main.yml b/defaults/main.yml index 40b657b..4ffdbc2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,36 @@ --- # defaults file for zabbix + +Debian: + repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb + db: + packages: + - postgresql-contrib + - postgresql + - python3-psycopg2 + - zabbix-sql-scripts + - zabbix-agent2 + srv: + packages: + - zabbix-server-pgsql + - zabbix-agent2 + front: + packages: + - zabbix-frontend-php + - php8.4-pgsql + - zabbix-nginx-conf + - nginx + - zabbix-agent2 + proxy: + packages: + - mariadb-server + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2 + agent: + packages: + - zabbix-agent2 + rhel_db_packages: - postgresql-server - postgresql @@ -27,32 +58,8 @@ rhel_proxy_packages: - zabbix-sql-scripts - zabbix-agent2 -debian_db_packages: - - postgresql-contrib - - postgresql - - python3-psycopg2 - - zabbix-sql-scripts - - zabbix-agent2 -debian_srv_packages: - - zabbix-server-pgsql - - zabbix-agent2 -debian_proxy_packages: - - mariadb-server - - zabbix-proxy-mysql - - zabbix-sql-scripts - - zabbix-agent2 - -debian_agent_packages: - - zabbix-agent2 - -debian_front_packages: - - zabbix-frontend-php - - php8.4-pgsql - - zabbix-nginx-conf - - nginx - - zabbix-agent2 roles_cibles: ['srv', 'proxy'] diff --git a/handlers/main.yml b/handlers/main.yml index a5a5b8e..52f627b 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -23,4 +23,9 @@ - name: Restart Zabbix Agent2 service: name: zabbix-agent2 + state: restarted + +- name: Restart Keepalived + service: + name: keepalived state: restarted \ No newline at end of file diff --git a/tasks/Debian/install-agent2.yml b/tasks/Debian/install-agent2.yml new file mode 100644 index 0000000..4b6dbd4 --- /dev/null +++ b/tasks/Debian/install-agent2.yml @@ -0,0 +1,66 @@ + +- name: Agent2 - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ agent.packages }}" + tags: + - install_agent + +- name: Agent2 - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', roles_cibles) | + map(attribute='inventory_hostname') | + list }} + +- name: Agent2 - Generate Server List + set_fact: + Server: "{{ hotes_filtres | join(',') }}" + +- name: Agent2 - Generate ActiveServer List + set_fact: + ServerActive: "{{ hotes_filtres | join(';') }}" + +- name: Agent2 - Generate agent2 config + ansible.builtin.template: + src: zabbix_agent2.conf.j2 + dest: /etc/zabbix/zabbix_agent2.conf + owner: zabbix + group: zabbix + mode: 0640 + +- name: Agent2 - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Agent2 - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca }}.crt" + - "{{ zabbix_agent }}.crt" + - "{{ zabbix_agent }}.key" + when: zabbix_crypt=="tls" + +- name: Enable and start service zabbix agent2 + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-agent2 diff --git a/tasks/Debian/install-db.yml b/tasks/Debian/install-db.yml new file mode 100644 index 0000000..5768078 --- /dev/null +++ b/tasks/Debian/install-db.yml @@ -0,0 +1,73 @@ +- name: Database - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ db.packages }}" + tags: + - install_db + when: ansible_os_family == "Debian" + +- name: Database - Enable and start service postgresl + ansible.builtin.service: + name: postgresql + state: started + enabled: yes + tags: + - install_db + +- name: Database - Generate create db script + ansible.builtin.template: + src: create_db.j2 + dest: /tmp/create_db.sql + owner: postgres + tags: + - install_db + +- name: Database - Create DB + ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql' + tags: + - install_db + +- name: Database - Add zabbix user to pg_hba + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + insertafter: '# Database administrative login by Unix domain socket' + line: "local {{ db_name }} {{ db_user }} trust" + firstmatch: yes + state: present + +- name: Database - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' + lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5" + state: present + loop: "{{ groups[my_group] }}" + when: + - hostvars[item].role is defined + - hostvars[item].role == 'srv' or hostvars[item].role == 'front' + - hostvars[item]['ansible_default_ipv4'] is defined + +- name: Database - Configure postgres Listen address + ansible.builtin.lineinfile: + path: /etc/postgresql/17/main/postgresql.conf + regexp: '^#listen_addresses = .*' + line: "listen_addresses = '*'" + tags: + - install_db + + +- name: Database - Restart postgresql + service: + name: postgresql + state: restarted + tags: + - install_db + +- name: Database - Populate zabbix database + ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix' + tags: + - install_db \ No newline at end of file diff --git a/tasks/Debian/install-front.yml b/tasks/Debian/install-front.yml new file mode 100644 index 0000000..60aba64 --- /dev/null +++ b/tasks/Debian/install-front.yml @@ -0,0 +1,41 @@ +- name: Front - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ front.packages }}" + tags: + - install_front + +- name: Front - Configure nginx port + ansible.builtin.lineinfile: + path: /etc/zabbix/nginx.conf + regexp: 'listen 8080;' + line: " listen 80;" + tags: + - install_front + +# - name: Front - Setup +# ansible.builtin.template: +# src: zabbix_front.conf.j2 +# dest: /etc/zabbix/web/zabbix.conf.php +# owner: www-data +# group: www-data +# mode: 0600 + +- name: Front - Configure nginx url + ansible.builtin.lineinfile: + path: /etc/zabbix/nginx.conf + regexp: 'server_name example.com;' + line: " server_name {{ inventory_hostname }};" + tags: + - install_front + notify: Restart nginx + +- name: Front - Configure keepalived + ansible.builtin.template: + src: keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + owner: root + group: root + mode: 0644 + notify: Restart Keepalived diff --git a/tasks/Debian/install-proxy.yml b/tasks/Debian/install-proxy.yml new file mode 100644 index 0000000..2417b0e --- /dev/null +++ b/tasks/Debian/install-proxy.yml @@ -0,0 +1,91 @@ +- name: Proxy - Install Debian Proxy packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ proxy.packages }}" + tags: + - install_proxy + when: ansible_os_family == "Debian" + + +- name: Proxy - Enable and start service mariadb + ansible.builtin.service: + name: mariadb + state: started + enabled: yes + tags: + - install_proxy + +- name: Proxy - Generate mariadb proxy creation script + ansible.builtin.template: + src: create_proxy_db.j2 + dest: /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Create mariadb proxy database + ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Populate mariadb proxy database + ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}' + tags: + - install_proxy + +- name: Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Proxy - Génération la liste des servers + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', 'srv') | + map(attribute='inventory_hostname') | + list }} + +- name: Proxy - Set fact Server + set_fact: + Server: "{{ hotes_filtres | join(';') }}" + +- name: Proxy - Generate config + ansible.builtin.template: + src: zabbix_proxy.conf.j2 + dest: /etc/zabbix/zabbix_proxy.conf + owner: root + group: zabbix + mode: 400 + + tags: + - install_proxy + +- name: Proxy - Create certificats directory + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Proxy - Copy certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_proxy}}.crt" + - "{{ zabbix_proxy}}.key" + when: zabbix_crypt=="tls" + +- name: Proxy - Enable and start service zabbix proxy + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-proxy \ No newline at end of file diff --git a/tasks/Debian/install-srv.yml b/tasks/Debian/install-srv.yml new file mode 100644 index 0000000..5c55607 --- /dev/null +++ b/tasks/Debian/install-srv.yml @@ -0,0 +1,53 @@ +- name: Server - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ srv.packages }}" + tags: + - install_srv + when: ansible_os_family == "Debian" + +- name: Server - Generate srv config + ansible.builtin.template: + src: zabbix_server.conf.j2 + dest: /etc/zabbix/zabbix_server.conf + owner: zabbix + group: zabbix + mode: 0640 + tags: + - install_srv + +- name: Server - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_server}}.crt" + - "{{ zabbix_server}}.key" + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server -Enable and start service zabbix server + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-server + tags: + - install_srv \ No newline at end of file diff --git a/tasks/RedHat/install-agent2.yml b/tasks/RedHat/install-agent2.yml new file mode 100644 index 0000000..4b6dbd4 --- /dev/null +++ b/tasks/RedHat/install-agent2.yml @@ -0,0 +1,66 @@ + +- name: Agent2 - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ agent.packages }}" + tags: + - install_agent + +- name: Agent2 - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', roles_cibles) | + map(attribute='inventory_hostname') | + list }} + +- name: Agent2 - Generate Server List + set_fact: + Server: "{{ hotes_filtres | join(',') }}" + +- name: Agent2 - Generate ActiveServer List + set_fact: + ServerActive: "{{ hotes_filtres | join(';') }}" + +- name: Agent2 - Generate agent2 config + ansible.builtin.template: + src: zabbix_agent2.conf.j2 + dest: /etc/zabbix/zabbix_agent2.conf + owner: zabbix + group: zabbix + mode: 0640 + +- name: Agent2 - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Agent2 - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca }}.crt" + - "{{ zabbix_agent }}.crt" + - "{{ zabbix_agent }}.key" + when: zabbix_crypt=="tls" + +- name: Enable and start service zabbix agent2 + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-agent2 diff --git a/tasks/RedHat/install-db.yml b/tasks/RedHat/install-db.yml new file mode 100644 index 0000000..5fb32a0 --- /dev/null +++ b/tasks/RedHat/install-db.yml @@ -0,0 +1,75 @@ + + +- name: Install RHEL packages + ansible.builtin.dnf: + name: "{{ item }}" + state: latest + loop: "{{ db.packages }}" + tags: + - install_db + when: ansible_os_family == "RedHat" + +- name: Enable and start service postgresl + ansible.builtin.service: + name: postgresql + state: started + enabled: yes + tags: + - install_db + +- name: Generate create db script + ansible.builtin.template: + src: create_db.j2 + dest: /tmp/create_db.sql + owner: postgres + tags: + - install_db + +- name: Run create db script + ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql' + tags: + - install_db + +- name: Add zabbix user to pg_hba + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + insertafter: '# Database administrative login by Unix domain socket' + line: "local {{ db_name }} {{ db_user }} trust" + firstmatch: yes + state: present + +- name: Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' + lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5" + state: present + loop: "{{ groups[my_group] }}" + when: + - hostvars[item].role is defined + - hostvars[item].role == 'srv' or hostvars[item].role == 'front' + - hostvars[item]['ansible_default_ipv4'] is defined + +- name: Configure postgres Listen address + ansible.builtin.lineinfile: + path: /etc/postgresql/17/main/postgresql.conf + regexp: '^#listen_addresses = .*' + line: "listen_addresses = '*'" + tags: + - install_db + + +- name: Restart postgresql + service: + name: postgresql + state: restarted + tags: + - install_db + +- name: Populate zabbix database + ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix' + tags: + - install_db \ No newline at end of file diff --git a/tasks/RedHat/install-srv.yml b/tasks/RedHat/install-srv.yml new file mode 100644 index 0000000..9ec54f7 --- /dev/null +++ b/tasks/RedHat/install-srv.yml @@ -0,0 +1,53 @@ +- name: Server - Install packages + ansible.builtin.dnf: + name: "{{ item }}" + state: latest + loop: "{{ srv.packages }}" + tags: + - install_srv + when: ansible_os_family == "RedHat" + +- name: Server - Generate srv config + ansible.builtin.template: + src: zabbix_server.conf.j2 + dest: /etc/zabbix/zabbix_server.conf + owner: zabbix + group: zabbix + mode: 0640 + tags: + - install_srv + +- name: Server - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_server}}.crt" + - "{{ zabbix_server}}.key" + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server -Enable and start service zabbix server + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-server + tags: + - install_srv \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 914d983..9bf8fce 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,73 +2,66 @@ # tasks file for zabbix - name: check OS version debug: var=ansible_os_family + +- name: include os variables + include_vars: "{{ansible_os_family}}.yml" + tags: always + - name: Prepare RHEL block: - name: Alma Repo ansible.builtin.shell: - cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm + cmd: "rpm -Uvh {{repo}}" - name: disable firewall ansible.builtin.service: - name: firewalld - state: stopped - enabled: false + name: firewalld + state: stopped + enabled: false - name: clean repo ansible.builtin.shell: cmd: dnf clean all when: ansible_os_family == "RedHat" + - name: Prepare Debian block: - name: Debian Repo ansible.builtin.apt: - deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb + deb: "{{repo}}" - name: Mise à jour le cache des paquets ansible.builtin.apt: update_cache: yes when: ansible_os_family == "Debian" - -- name: Install Database +- name: Database - Install when: role == "db" block: - name: Install Zabbix DB - ansible.builtin.include_tasks: install-db.yml + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml" when: role == "db" - tags: - - database tags: - install_db -- name: Install server +- name: Server - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml" when: role == "srv" - block: - - name: Install Zabbix Server - ansible.builtin.include_tasks: install-srv.yml - when: role == "srv" tags: - install_srv -- name: Install zabbix_proxy - when: role == "proxy" - block: - - name: Install Zabbix Proxy - ansible.builtin.include_tasks: install-proxy.yml - when: role == "proxy" +- name: Proxy - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" tags: - install_proxy + when: role == "proxy" -- name: Install Front - when: role == "front" - block: - - name: Install Zabbix Front - ansible.builtin.include_tasks: install-front.yml - when: role == "front" + +- name: Front - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml" + when: role == "srv" tags: - install_front - name: Install Agent - block: - - name: Install Zabbix Agent - ansible.builtin.include_tasks: install-agent2.yml + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml" tags: - install_agent - never \ No newline at end of file diff --git a/templates/keepalived.conf.j2 b/templates/keepalived.conf.j2 new file mode 100644 index 0000000..76d1de3 --- /dev/null +++ b/templates/keepalived.conf.j2 @@ -0,0 +1,22 @@ +vrrp_track_process track_nginx { + process nginx + weight 10 +} + +vrrp_instance VI_1 { + state {{ keepalived.state }} + interface {{ansible_default_ipv4.interface}} + virtual_router_id 51 + priority {{ keepalived.priority }} + advert_int 1 + authentication { + auth_type PASS + auth_pass 12345 + } + virtual_ipaddress { + {{ vip_address }} + } + track_process { + track_nginx + } +} \ No newline at end of file diff --git a/templates/zabbix_front.conf.j2 b/templates/zabbix_front.conf.j2 new file mode 100644 index 0000000..8c405c6 --- /dev/null +++ b/templates/zabbix_front.conf.j2 @@ -0,0 +1,67 @@ +?php +// Zabbix GUI configuration file. + +$DB['TYPE'] = 'POSTGRESQL'; +$DB['SERVER'] = '{{db_host}}'; +$DB['PORT'] = '0'; +$DB['DATABASE'] = 'zabbix'; +$DB['USER'] = ''; +$DB['PASSWORD'] = ''; + +// Schema name. Used for PostgreSQL. +$DB['SCHEMA'] = ''; + +// Used for TLS connection. +$DB['ENCRYPTION'] = false; +$DB['KEY_FILE'] = ''; +$DB['CERT_FILE'] = ''; +$DB['CA_FILE'] = ''; +$DB['VERIFY_HOST'] = false; +$DB['CIPHER_LIST'] = ''; + +// Vault configuration. Used if database credentials are stored in Vault secrets manager. +{% if Vault is defined %} +$DB['VAULT'] = '{{Vault}}'; +$DB['VAULT_URL'] = '{{VaultURL}}'; +$DB['VAULT_PREFIX'] = '{{VaultPrefix}}'; +$DB['VAULT_DB_PATH'] = '{{VaultDBPath}}'; +$DB['VAULT_TOKEN'] = '{{VaultToken}}'; +$DB['VAULT_CERT_FILE'] = ''; +$DB['VAULT_KEY_FILE'] = ''; +// Uncomment to bypass local caching of credentials. +// $DB['VAULT_CACHE'] = true; +{% endif %} +// Uncomment and set to desired values to override Zabbix hostname/IP and port. +// $ZBX_SERVER = ''; +// $ZBX_SERVER_PORT = ''; + +$ZBX_SERVER_NAME = 'zserver02.bv.stef.lan'; + +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; + +// Uncomment this block only if you are using Elasticsearch. +// Elasticsearch url (can be string if same url is used for all types). +//$HISTORY['url'] = [ +// 'uint' => 'http://localhost:9200', +// 'text' => 'http://localhost:9200' +//]; +// Value types stored in Elasticsearch. +//$HISTORY['types'] = ['uint', 'text']; + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +//$SSO['SP_KEY'] = 'conf/certs/sp.key'; +//$SSO['SP_CERT'] = 'conf/certs/sp.crt'; +//$SSO['IDP_CERT'] = 'conf/certs/idp.crt'; +//$SSO['SETTINGS'] = []; + +// If set to false, support for HTTP authentication will be disabled. +// $ALLOW_HTTP_AUTH = true; + +$ZBX_SERVER_TLS['ACTIVE'] = '0'; +$ZBX_SERVER_TLS['CA_FILE'] = ''; +$ZBX_SERVER_TLS['KEY_FILE'] = ''; +$ZBX_SERVER_TLS['CERT_FILE'] = ''; +$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = ''; +$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = ''; + diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..2aeca8d --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,47 @@ +--- +# defaults file for zabbix +repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb +db: + packages: + - postgresql-contrib + - postgresql + - python3-psycopg2 + - zabbix-sql-scripts + - zabbix-agent2 +srv: + packages: + - zabbix-server-pgsql + - zabbix-agent2 +front: + packages: + - zabbix-frontend-php + - php8.4-pgsql + - zabbix-nginx-conf + - nginx + - zabbix-agent2 + - keepalived +proxy: + packages: + - mariadb-server + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2 +agent: + packages: + - zabbix-agent2 + + +roles_cibles: ['srv', 'proxy'] + +db_name: zabbix +db_user: zabbix +db_passwd: zabbix + +proxy_db_name: zabbix_proxy +proxy_db_user: zabbix_proxy +proxy_db_passwd: zabbix_proxy + +zabbix_ca: zabbix_ca +zabbix_server: zabbix_server +zabbix_proxy: zabbix_proxy +zabbix_agent: zabbix_agent \ No newline at end of file diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..4e2145b --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,28 @@ +repo: +db: + packages: + - postgresql-server + - postgresql + - postgresql-plpython3 + - zabbix-agent2 + +srv: + packages: + - zabbix-server-pgsql + - zabbix-sql-scripts + - zabbix-selinux-policy + - zabbix-agent2 +agent: + packages: + - zabbix-agent2 +front: + packages: + - zabbix-web-pgsql + - zabbix-nginx-conf + - zabbix-agent2 +proxy: + packages: + - mariadb + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2 From 7c8f30ce06db2735b142a5d467a4967657716e70 Mon Sep 17 00:00:00 2001 From: stef Date: Tue, 17 Feb 2026 23:01:51 +0000 Subject: [PATCH 02/11] Ajout Alma en cours --- defaults/main.yml | 61 +--------------------------------- handlers/main.yml | 5 +++ tasks/RedHat/install-db.yml | 48 +++++++++++++++++--------- tasks/RedHat/install-front.yml | 36 ++++++++++++++++++++ tasks/RedHat/install-srv.yml | 5 ++- tasks/main.yml | 50 ++++++++++++++++++---------- vars/RedHat.yml | 8 +++-- 7 files changed, 114 insertions(+), 99 deletions(-) create mode 100644 tasks/RedHat/install-front.yml diff --git a/defaults/main.yml b/defaults/main.yml index 4ffdbc2..6079d9a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,66 +1,7 @@ --- # defaults file for zabbix -Debian: - repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb - db: - packages: - - postgresql-contrib - - postgresql - - python3-psycopg2 - - zabbix-sql-scripts - - zabbix-agent2 - srv: - packages: - - zabbix-server-pgsql - - zabbix-agent2 - front: - packages: - - zabbix-frontend-php - - php8.4-pgsql - - zabbix-nginx-conf - - nginx - - zabbix-agent2 - proxy: - packages: - - mariadb-server - - zabbix-proxy-mysql - - zabbix-sql-scripts - - zabbix-agent2 - agent: - packages: - - zabbix-agent2 - -rhel_db_packages: - - postgresql-server - - postgresql - - postgresql-plpython3 - - zabbix-agent2 - -rhel_srv_packages: - - zabbix-server-pgsql - - zabbix-sql-scripts - - zabbix-selinux-policy - - zabbix-agent2 - -rhel_agent_packages: - - zabbix-agent2 - -rhel_front_packages: - - zabbix-web-pgsql - - zabbix-nginx-conf - - zabbix-agent2 - - -rhel_proxy_packages: - - mariadb - - zabbix-proxy-mysql - - zabbix-sql-scripts - - zabbix-agent2 - - - - +zabbix_version: 7.4 roles_cibles: ['srv', 'proxy'] db_name: zabbix diff --git a/handlers/main.yml b/handlers/main.yml index 52f627b..90b89ab 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,6 +10,11 @@ name: nginx state: restarted +- name: Restart php-fpm + service: + name: php-fpm + state: restarted + - name: Restart Zabbix Server service: name: zabbix-server diff --git a/tasks/RedHat/install-db.yml b/tasks/RedHat/install-db.yml index 5fb32a0..7cc4bab 100644 --- a/tasks/RedHat/install-db.yml +++ b/tasks/RedHat/install-db.yml @@ -1,15 +1,31 @@ -- name: Install RHEL packages +- name: Database - Install RHEL packages ansible.builtin.dnf: name: "{{ item }}" - state: latest + state: present loop: "{{ db.packages }}" tags: - install_db - when: ansible_os_family == "RedHat" -- name: Enable and start service postgresl +- name: Database - Check if postgrsql configured + stat: + path: /var/lib/pgsql/data + register: postgresqldata + +- name: Database - debug + debug: + var: postgresqldata + +- name: Database - Init DB + ansible.builtin.shell: + cmd: postgresql-setup --initdb + when: postgresqldata.stat.exists == false + tags: + - install_db + + +- name: Database - Enable and start service postgresl ansible.builtin.service: name: postgresql state: started @@ -17,7 +33,7 @@ tags: - install_db -- name: Generate create db script +- name: Database - Generate create db script ansible.builtin.template: src: create_db.j2 dest: /tmp/create_db.sql @@ -25,26 +41,26 @@ tags: - install_db -- name: Run create db script +- name: Database - Run create db script ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql' tags: - - install_db + - install_db -- name: Add zabbix user to pg_hba +- name: Database - Add zabbix user to pg_hba ansible.builtin.lineinfile: - path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf - insertafter: '# Database administrative login by Unix domain socket' + path: /var/lib/pgsql/data/pg_hba.conf + insertafter: '# "local" is for Unix domain socket connections only' line: "local {{ db_name }} {{ db_user }} trust" firstmatch: yes state: present -- name: Find Group +- name: Database -Find Group set_fact: my_group: "{{ group_names | first }}" -- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' +- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' lineinfile: - path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + path: /var/lib/pgsql/data/pg_hba.conf line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5" state: present loop: "{{ groups[my_group] }}" @@ -53,16 +69,16 @@ - hostvars[item].role == 'srv' or hostvars[item].role == 'front' - hostvars[item]['ansible_default_ipv4'] is defined -- name: Configure postgres Listen address +- name: Database - Configure postgres Listen address ansible.builtin.lineinfile: - path: /etc/postgresql/17/main/postgresql.conf + path: /var/lib/pgsql/data/postgresql.conf regexp: '^#listen_addresses = .*' line: "listen_addresses = '*'" tags: - install_db -- name: Restart postgresql +- name: Database - Restart postgresql service: name: postgresql state: restarted diff --git a/tasks/RedHat/install-front.yml b/tasks/RedHat/install-front.yml new file mode 100644 index 0000000..e032ffd --- /dev/null +++ b/tasks/RedHat/install-front.yml @@ -0,0 +1,36 @@ +- name: Front - Install packages + ansible.builtin.dnf: + name: "{{ item }}" + state: present + loop: "{{ front.packages }}" + tags: + - install_front + +- name: Front - Configure nginx port + ansible.builtin.lineinfile: + path: /etc/nginx/conf.d/zabbix.conf + regexp: 'listen 8080;' + line: " listen 80;" + tags: + - install_front + notify: Restart nginx + +- name: Front - Configure nginx url + ansible.builtin.lineinfile: + path: /etc/nginx/conf.d/zabbix.conf + regexp: 'server_name example.com;' + line: " server_name {{ inventory_hostname }};" + tags: + - install_front + notify: + - Restart nginx + - Restart php-fpm + +- name: Front - Configure keepalived + ansible.builtin.template: + src: keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + owner: root + group: root + mode: 0644 + notify: Restart Keepalived diff --git a/tasks/RedHat/install-srv.yml b/tasks/RedHat/install-srv.yml index 9ec54f7..ca010ec 100644 --- a/tasks/RedHat/install-srv.yml +++ b/tasks/RedHat/install-srv.yml @@ -1,12 +1,10 @@ - name: Server - Install packages ansible.builtin.dnf: name: "{{ item }}" - state: latest + state: present loop: "{{ srv.packages }}" tags: - install_srv - when: ansible_os_family == "RedHat" - - name: Server - Generate srv config ansible.builtin.template: src: zabbix_server.conf.j2 @@ -49,5 +47,6 @@ enabled: true loop: - zabbix-server + - zabbix-agent2 tags: - install_srv \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 9bf8fce..a0c7274 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,14 +4,29 @@ debug: var=ansible_os_family - name: include os variables - include_vars: "{{ansible_os_family}}.yml" + include_vars: "{{ ansible_os_family }}.yml" tags: always -- name: Prepare RHEL + +- name: Prepare Alma + when: ansible_distribution == "AlmaLinux" + block: + - name: add gpg + ansible.builtin.dnf: + name: gnupg2 + state: present + - name: Import a key from a url + ansible.builtin.rpm_key: + state: present + key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-B5333005 + - name: Add Package + ansible.builtin.dnf: + name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm" + state: present + +- name: Prepare RH like + when: ansible_os_family == "RedHat" block: - - name: Alma Repo - ansible.builtin.shell: - cmd: "rpm -Uvh {{repo}}" - name: disable firewall ansible.builtin.service: name: firewalld @@ -20,17 +35,16 @@ - name: clean repo ansible.builtin.shell: cmd: dnf clean all - when: ansible_os_family == "RedHat" - name: Prepare Debian - block: - - name: Debian Repo - ansible.builtin.apt: - deb: "{{repo}}" - - name: Mise à jour le cache des paquets - ansible.builtin.apt: - update_cache: yes when: ansible_os_family == "Debian" + block: + - name: Debian Repo + ansible.builtin.apt: + deb: "{{repo}}" + - name: Mise à jour le cache des paquets + ansible.builtin.apt: + update_cache: yes - name: Database - Install when: role == "db" @@ -47,11 +61,11 @@ tags: - install_srv -- name: Proxy - Install - ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" - tags: - - install_proxy - when: role == "proxy" +# - name: Proxy - Install +# ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" +# tags: +# - install_proxy +# when: role == "proxy" - name: Front - Install diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 4e2145b..f409361 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,17 +1,19 @@ -repo: db: packages: - postgresql-server + - postgresql-contrib - postgresql - postgresql-plpython3 + - zabbix-sql-scripts - zabbix-agent2 + - zabbix-agent2-plugin-postgresql srv: packages: - zabbix-server-pgsql - - zabbix-sql-scripts - zabbix-selinux-policy - zabbix-agent2 + - keepalived agent: packages: - zabbix-agent2 @@ -20,6 +22,8 @@ front: - zabbix-web-pgsql - zabbix-nginx-conf - zabbix-agent2 + - zabbix-selinux-policy + - php-fpm proxy: packages: - mariadb From 28799357f34e1128e6f0d3ce144a81dc91f737cb Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 21:25:00 +0000 Subject: [PATCH 03/11] =?UTF-8?q?Almalinux=20valid=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 + README.md | 143 +++++++++++++++++++++++++++--- files/RPM-GPG-KEY-ZABBIX-B5333005 | 52 +++++++++++ handlers/main.yml | 3 +- tasks/Debian/install-front.yml | 2 +- tasks/RedHat/install-db.yml | 20 +++-- tasks/RedHat/install-front.yml | 31 +++++-- tasks/RedHat/install-proxy.yml | 98 ++++++++++++++++++++ tasks/RedHat/install-srv.yml | 1 + tasks/main.yml | 36 +++++--- vars/RedHat.yml | 1 + 11 files changed, 352 insertions(+), 37 deletions(-) create mode 100644 .gitignore create mode 100644 files/RPM-GPG-KEY-ZABBIX-B5333005 create mode 100644 tasks/RedHat/install-proxy.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..09d401b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +files/*.crt +files/*.key \ No newline at end of file diff --git a/README.md b/README.md index 225dd44..51fc174 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,154 @@ -Role Name +Zabbix ========= -A brief description of the role goes here. +Deploiement d'une infrascutrure ZAbbix complete +Deux serveur zabbix +- HA +- Keealived pour nginx +- Certiticats TLS + +Distribution prise en charges: +- Debian13 +- Almalinux + +Pour Ajouter une distribution RHEL like +Ajouter un block dans tasks/main.yml + +Similaire à ceci ( voir https://www.zabbix.com/download pour le path associé a votre distribution): +``` +- name: Prepare + when: ansible_distribution == "AlmaLinux" <= Nom de votre distriution + block: + - name: add gpg + ansible.builtin.dnf: + name: gnupg2 + state: present + - name: Copie GPG key + ansible.builtin.copy: + src: RPM-GPG-KEY-ZABBIX-B5333005 + dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005 + - name: Import a key + ansible.builtin.rpm_key: + state: present + key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005 + - name: Add Package + ansible.builtin.dnf: + name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release//{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm" + state: present +``` Requirements ------------ -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. +Nécéssite les fichiers de certificats suivants: -Role Variables +- zabbix_ca.cert +- zabbix_server.cert +- zabbix_server.key +- zabbix_agent.cert +- zabbix_agent.key +- zabbix_proxy.cert +- zabbix_proxy.key + +Ces fichiers sont a déposer dans /files + +Note: vous pouvez changer le nom des fichiers en ce cas modifier les variables suivante dans default/main.yml +``` +zabbix_ca: zabbix_ca +zabbix_server: zabbix_server +zabbix_proxy: zabbix_proxy +zabbix_agent: zabbix_agent +``` + +# Variables -------------- +## Role Variables -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +Variable definies dans default/main.yml + +# defaults file for zabbix + + +| Variable | Role | Remarques| +|----------|------|----------| +|zabbix_version|Version de zabbix|Ne fonctionnent actuellement pour les Debian| +|roles_cibles| utlisés pour générer les Variable Server et ActiveServer | Exemple:['srv', 'proxy']| +|db_name|Nom de la base de postgres des serveurs|| +|db_user|Nom de l'utilisateur de la base postgres serveurs|| +|db_passwd|Mot de passe l'utilisateur de la base postgres serveurs|| +|proxy_db_name|Nom de la base des proxys|| +|proxy_db_user|Nom de l'utilisateur de la base des proxys|| +|proxy_db_passwd|Mot de passe de l'utilisateur de la base des proxys|| +|zabbix_ca|Nom du fichier de CA|| +|zabbix_server|Nom du fichier de certificat utilisés par les serveurs|| +|zabbix_proxy|Nom du fichier de certificat utilisés par les proxy|| +|zabbix_agent|Nom du fichier de certificat utilisés par les agents|| + + +## Group Variables + +| Variable | Role | Remarques| +|----------|------|----------| +|db_host| adatabase.bv.stef.lan| +|db_port| 5432|Non utilisé pour le moment| +|postgresql_version|| Exemple 17, uniquement implementé dans débian| +|zabbix_crypt| Type de chiffrement utilisé| tls ou psk pour le moment seul tls est totalement implementé| +|zabbix_cert_ca_name| zabbix_ca|| +|zabbix_cert_server_name| zabbix_server|| +|zabbix_cert_agent_name| zabbix_agent|| +|TLSServerCertSubject| DN des serveurs zabbix| exemple: "CN=zabbix_server,C=FR"| +|TLSServerCertIssuer| DN du CA zabbix| exemple: "CN=zabbix_ca,C=FR"| +|ZabbixHA| Activation du HA ou non | true ou false| +|vip_address| Vip keealived des nginx| exemple 192.168.200.75| +|vip_fqdn| FQDN de la Vip keealived des nginx|exemple: zabbix.mondomain.com| +|ActiveVault| Active ou non le vault| true ou false| +|Vault| Modele du vault| HashiCorp actuellement uniquement implémenté| +|VaultToken|Token d'acces au vault|| +|VaultURL| Url du vault | exemple: https://vault.mondomain.com| +|VaultPrefix| Path des secret zabbix| exemple: /v1/secret/data/zabbix/| +|VaultDBPath| nom du secret des credential d'acces DB| exemple: /database| + +## Hosts Variables +L'host master keepalived doit contenir: +``` +keepalived: + state: MASTER + priority: 244 +``` + +L'host backup keepalived doit contenir: +``` +keepalived: + state: BACKUP + priority: 243 +``` Dependencies ------------ -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. +None + +Exemple Inventory + + zabbix_instance01: + hosts: + server01.mondomain.com: + role: srv + server02.mondomain.com: + role: srv + database.mondomain.com: + role: db + front.mondomain.com: + role: front + proxy01.mondomain.com: + role: proxy + proxy02.mondomain.com: + role: proxy Example Playbook ---------------- -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - hosts: servers - roles: - - { role: username.rolename, x: 42 } License ------- diff --git a/files/RPM-GPG-KEY-ZABBIX-B5333005 b/files/RPM-GPG-KEY-ZABBIX-B5333005 new file mode 100644 index 0000000..ef43a30 --- /dev/null +++ b/files/RPM-GPG-KEY-ZABBIX-B5333005 @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO +jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4 +OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY +v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6 +QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG +j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs +13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C +X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR +/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K +wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6 +ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB +tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU +BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd +piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7 +gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J +Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ +EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE +HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6 +JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv +alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4 +ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ +vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs +9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV +otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08 +/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE +BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf +8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/ +mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP +26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj +jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9 +DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0 +GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs +BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls +2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h +/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa +tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id +GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+ +aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+ +pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8 +MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c +Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr +mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut +mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP +N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug +CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03 +pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7 +RF/42ix6CdCLj9WuDJRHAPA6nA== +=iQwh +-----END PGP PUBLIC KEY BLOCK----- diff --git a/handlers/main.yml b/handlers/main.yml index 90b89ab..d227dcc 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -33,4 +33,5 @@ - name: Restart Keepalived service: name: keepalived - state: restarted \ No newline at end of file + state: restarted + diff --git a/tasks/Debian/install-front.yml b/tasks/Debian/install-front.yml index 60aba64..796066a 100644 --- a/tasks/Debian/install-front.yml +++ b/tasks/Debian/install-front.yml @@ -1,7 +1,7 @@ - name: Front - Install packages ansible.builtin.apt: name: "{{ item }}" - state: latest + state: present loop: "{{ front.packages }}" tags: - install_front diff --git a/tasks/RedHat/install-db.yml b/tasks/RedHat/install-db.yml index 7cc4bab..3b71768 100644 --- a/tasks/RedHat/install-db.yml +++ b/tasks/RedHat/install-db.yml @@ -8,22 +8,17 @@ tags: - install_db -- name: Database - Check if postgrsql configured +- name: Database - Check if postgresql is configured stat: - path: /var/lib/pgsql/data + path: /var/lib/pgsql/data/PG_VERSION register: postgresqldata -- name: Database - debug - debug: - var: postgresqldata - - name: Database - Init DB ansible.builtin.shell: cmd: postgresql-setup --initdb when: postgresqldata.stat.exists == false tags: - install_db - - name: Database - Enable and start service postgresl ansible.builtin.service: @@ -82,10 +77,19 @@ service: name: postgresql state: restarted + enabled: true tags: - install_db - name: Populate zabbix database ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix' tags: - - install_db \ No newline at end of file + - install_db + +- name: Proxy - Enable and start service zabbix component + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-agent2 \ No newline at end of file diff --git a/tasks/RedHat/install-front.yml b/tasks/RedHat/install-front.yml index e032ffd..593c035 100644 --- a/tasks/RedHat/install-front.yml +++ b/tasks/RedHat/install-front.yml @@ -27,10 +27,27 @@ - Restart php-fpm - name: Front - Configure keepalived - ansible.builtin.template: - src: keepalived.conf.j2 - dest: /etc/keepalived/keepalived.conf - owner: root - group: root - mode: 0644 - notify: Restart Keepalived + when: role == "srv" + block: + - name: Configure Keepalived + ansible.builtin.template: + src: keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + owner: root + group: root + mode: 0644 + - name: Enable Keepalived service + ansible.builtin.systemd_service: + name: keepalived + state: restarted + enabled: true + +- name: Enable and start + ansible.builtin.systemd_service: + name: "{{ item }}" + state: started + enabled: true + loop: + - nginx + - php-fpm + - zabbix-agent2 diff --git a/tasks/RedHat/install-proxy.yml b/tasks/RedHat/install-proxy.yml new file mode 100644 index 0000000..fe56edd --- /dev/null +++ b/tasks/RedHat/install-proxy.yml @@ -0,0 +1,98 @@ +- name: Proxy - Install Debian Proxy packages + ansible.builtin.dnf: + name: "{{ item }}" + state: present + loop: "{{ proxy.packages }}" + tags: + - install_proxy + +- name: Proxy - Enable and start service mariadb + ansible.builtin.service: + name: mariadb + state: started + enabled: yes + tags: + - install_proxy + +- name: Proxy - Generate mariadb proxy creation script + ansible.builtin.template: + src: create_proxy_db.j2 + dest: /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Create mariadb proxy database + ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Populate mariadb proxy database + ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}' + tags: + - install_proxy + +- name: Proxy - Enable and restart mariadb + ansible.builtin.systemd_service: + name: "{{ item }}" + state: started + enabled: true + loop: + - mariadb + +- name: Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Proxy - Génération la liste des servers + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', 'srv') | + map(attribute='inventory_hostname') | + list }} + +- name: Proxy - Set fact Server + set_fact: + Server: "{{ hotes_filtres | join(';') }}" + +- name: Proxy - Generate config + ansible.builtin.template: + src: zabbix_proxy.conf.j2 + dest: /etc/zabbix/zabbix_proxy.conf + owner: root + group: zabbix + mode: 400 + + tags: + - install_proxy + +- name: Proxy - Create certificats directory + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Proxy - Copy certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_proxy}}.crt" + - "{{ zabbix_proxy}}.key" + when: zabbix_crypt=="tls" + +- name: Proxy - Enable and start service zabbix proxy + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-proxy + - zabbix-agent2 \ No newline at end of file diff --git a/tasks/RedHat/install-srv.yml b/tasks/RedHat/install-srv.yml index ca010ec..2187b39 100644 --- a/tasks/RedHat/install-srv.yml +++ b/tasks/RedHat/install-srv.yml @@ -1,3 +1,4 @@ +# Server - name: Server - Install packages ansible.builtin.dnf: name: "{{ item }}" diff --git a/tasks/main.yml b/tasks/main.yml index a0c7274..c037e43 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,10 +15,14 @@ ansible.builtin.dnf: name: gnupg2 state: present - - name: Import a key from a url + - name: Copie GPG key + ansible.builtin.copy: + src: RPM-GPG-KEY-ZABBIX-B5333005 + dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005 + - name: Import a key ansible.builtin.rpm_key: state: present - key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-B5333005 + key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005 - name: Add Package ansible.builtin.dnf: name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm" @@ -36,12 +40,23 @@ ansible.builtin.shell: cmd: dnf clean all + - name: set selinux permivise + ansible.builtin.lineinfile: + path: /etc/selinux/config + regexp: '^SELINUX=.*' + line: "SELINUX=permissive" + register: selinux + + - name: Reboot if necessary + ansible.builtin.reboot: + when: selinux.changed + - name: Prepare Debian when: ansible_os_family == "Debian" block: - name: Debian Repo ansible.builtin.apt: - deb: "{{repo}}" + deb: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+debian13_all.deb" - name: Mise à jour le cache des paquets ansible.builtin.apt: update_cache: yes @@ -57,20 +72,21 @@ - name: Server - Install ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml" - when: role == "srv" + when: + - role == "srv" tags: - install_srv -# - name: Proxy - Install -# ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" -# tags: -# - install_proxy -# when: role == "proxy" +- name: Proxy - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" + tags: + - install_proxy + when: role == "proxy" - name: Front - Install ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml" - when: role == "srv" + when: role == "srv" or role == "front" tags: - install_front diff --git a/vars/RedHat.yml b/vars/RedHat.yml index f409361..c495932 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -26,6 +26,7 @@ front: - php-fpm proxy: packages: + - mariadb-server - mariadb - zabbix-proxy-mysql - zabbix-sql-scripts From ca14d2f6eeb1cc1d78e2c13bcb3d4df4e42bdad8 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:24 +0100 Subject: [PATCH 04/11] Supprimer files/zabbix_agent.crt --- files/zabbix_agent.crt | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 files/zabbix_agent.crt diff --git a/files/zabbix_agent.crt b/files/zabbix_agent.crt deleted file mode 100644 index 0ac9510..0000000 --- a/files/zabbix_agent.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5YwCgYIKoZIzj0EAwMw -ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw -NTZaFw0yNzAyMTQxNzAwNTZaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi -aXhfYWdlbnQwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF1NBVjvH9JE+SbFBVI -aZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5d+Gc3JNym0UU -mXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJNbGw7ybpGoTX0 -Bu+amWlETXDlpi5huUkXx86wiy93vaNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl -Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPRT -QcdvRdtphLmDBwtx+7MXd9NiMAoGCCqGSM49BAMDA4GMADCBiAJCAXCtWzhuuXX7 -r9duhPWWPJcoL94r71QOgTuMIFp2hGEQQTkpDn8npQe33SEzKleiYlgk1TsNcOGC -V7bzrryRAZbFAkIAzgZP2zW2Vhr6AF0EDW3S7A35v/oi0bGOuuCE7Kb2V9rcaAwM -k9tVv3bRZIAF6bowHcdxNCdUlptk0q1NNE6h43I= ------END CERTIFICATE----- From bfb7b9794099972a7cbba83cb28dc95ed2416825 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:32 +0100 Subject: [PATCH 05/11] Supprimer files/zabbix_agent.key --- files/zabbix_agent.key | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 files/zabbix_agent.key diff --git a/files/zabbix_agent.key b/files/zabbix_agent.key deleted file mode 100644 index 7be598b..0000000 --- a/files/zabbix_agent.key +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQAIw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIBIKtXJBBZMdk4xVf9qKzrJGJks/aruTaX226yh0XHDR2l+49jlwIh -z2LuWCBSnWkOearNi0CiD/0SqBypl6GAvtmgBwYFK4EEACOhgYkDgYYABAF1NBVj -vH9JE+SbFBVIaZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5 -d+Gc3JNym0UUmXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJN -bGw7ybpGoTX0Bu+amWlETXDlpi5huUkXx86wiy93vQ== ------END EC PRIVATE KEY----- From 158cef89b33e169dd357db37dc3d765b28d497c4 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:37 +0100 Subject: [PATCH 06/11] Supprimer files/zabbix_ca.crt --- files/zabbix_ca.crt | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 files/zabbix_ca.crt diff --git a/files/zabbix_ca.crt b/files/zabbix_ca.crt deleted file mode 100644 index 4cd125f..0000000 --- a/files/zabbix_ca.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICLjCCAZCgAwIBAgIUf6NkS48Id1xnJfmxiYE95Rt5W/IwCgYIKoZIzj0EAwMw -ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNjU5 -MjlaFw0zNjAyMTIxNjU5MjlaMCExCzAJBgNVBAYTAkZSMRIwEAYDVQQDDAl6YWJi -aXhfY2EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACYb7pFnvHYBLPUiUNtaBqK -/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ58BO/Gs1CUlxiHS7P -8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocrV3ItZyYE083piGds -Fbg9vlzj1deBlTRCkgSglCLoa6NjMGEwHQYDVR0OBBYEFCDuYWOIBppXJTMO/GBn -cB6hyS1bMB8GA1UdIwQYMBaAFCDuYWOIBppXJTMO/GBncB6hyS1bMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA4GLADCBhwJBRUwp -n7+2jjrsTkR9NjP5DJP2sav0JJf5u80Y86mslp6rEIU4VTcwVhNXyvzUPrTS308t -FlCnOcKDA/Pd68A8My4CQgHb5LHzI+Np3FT+kb4gvOw9YgHFUS5iDy4yB9ffT6z1 -5QrcIaD0atAPVyM4u7wVoif9wcHcyRiGFR+qaV6UwwoFHA== ------END CERTIFICATE----- From adf50cb1dedc81c40b79dcdb03941de387867865 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:41 +0100 Subject: [PATCH 07/11] Supprimer files/zabbix_ca.key --- files/zabbix_ca.key | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 files/zabbix_ca.key diff --git a/files/zabbix_ca.key b/files/zabbix_ca.key deleted file mode 100644 index e28f500..0000000 --- a/files/zabbix_ca.key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIB+MT26kyyojwNQxOgLQ10uFxH2DHG+iT2h9xa82BwvUod9AhPytAB -mQJhx/GYHMnFH5ff4nya20Xsj1/NTEeVHH+gBwYFK4EEACOhgYkDgYYABACYb7pF -nvHYBLPUiUNtaBqK/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ5 -8BO/Gs1CUlxiHS7P8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocr -V3ItZyYE083piGdsFbg9vlzj1deBlTRCkgSglCLoaw== ------END EC PRIVATE KEY----- From 1e354a88bdf13b234d0ce445c001258cfcd21c13 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:45 +0100 Subject: [PATCH 08/11] Supprimer files/zabbix_proxy.crt --- files/zabbix_proxy.crt | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 files/zabbix_proxy.crt diff --git a/files/zabbix_proxy.crt b/files/zabbix_proxy.crt deleted file mode 100644 index f389bd3..0000000 --- a/files/zabbix_proxy.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5cwCgYIKoZIzj0EAwMw -ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxODE5 -MjlaFw0yNzAyMTQxODE5MjlaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi -aXhfcHJveHkwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACasAU16MClAB06k8lQ -G2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI66wj3SMWwtOB -pZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79OLEbw1zvbAvG -+Z0yIlNnEFtP/vAapciWFaUUChSarqNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl -Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPPI -gzk03dz6sWYKdd2MW2n4Y5LrMAoGCCqGSM49BAMDA4GMADCBiAJCASKlHzi830st -8RM0DtPRF4v4YiPNSK4bFXiAS+/OjveR1Y6oFQfuZZinTFUU3P9A5UfinxqLrDJW -iMtjmym4JYmZAkIAmwn9mVrpoKtUmxwBbPDhJLrgCTXPP0sttIuRRDbrGsSTCDhB -HXaRfoA5969eZJ6zcGxI84TZzYSRvvE5AjMxH+k= ------END CERTIFICATE----- From 2b45765379108f5cd2ad4fad23309d16ce8ab73a Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:52 +0100 Subject: [PATCH 09/11] Supprimer files/zabbix_proxy.key --- files/zabbix_proxy.key | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 files/zabbix_proxy.key diff --git a/files/zabbix_proxy.key b/files/zabbix_proxy.key deleted file mode 100644 index 7e20868..0000000 --- a/files/zabbix_proxy.key +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQAIw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIBlgrJJI/T9N2pOj5pFrMfuDaYboRfqckR2U0NnOVpqgUBLyVzQK+l -s7iNnopgtqPEUI6zRVQCMAEII0Relhoc7+egBwYFK4EEACOhgYkDgYYABACasAU1 -6MClAB06k8lQG2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI -66wj3SMWwtOBpZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79 -OLEbw1zvbAvG+Z0yIlNnEFtP/vAapciWFaUUChSarg== ------END EC PRIVATE KEY----- From 7a42bc1a895917e610f46268aba90c7d40099f26 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:26:56 +0100 Subject: [PATCH 10/11] Supprimer files/zabbix_server.crt --- files/zabbix_server.crt | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 files/zabbix_server.crt diff --git a/files/zabbix_server.crt b/files/zabbix_server.crt deleted file mode 100644 index 1d76111..0000000 --- a/files/zabbix_server.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICKTCCAYugAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5UwCgYIKoZIzj0EAwMw -ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw -MzRaFw0yNzAyMTQxNzAwMzRaMCUxCzAJBgNVBAYTAkZSMRYwFAYDVQQDDA16YWJi -aXhfc2VydmVyMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAQNnum/k11nyoW7yc -6LICHe+rHmv18AguNfVg/tQ1lk9DPkOYp3xC+kcZQDkazeKqxEKY9l3jzG84gxvW -qtlc4o0BvoYEEKLPiLXfKSzhkXcmyiAwXKT71t6peDIGYCnZHC8n6Hsio1UH9voA -R6+bc3/rX+xxsDn1KiJ9ibHwyYeoSgGjWjBYMB8GA1UdIwQYMBaAFCDuYWOIBppX -JTMO/GBncB6hyS1bMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBQ+ -1/AYNQleyhffJLBauHtkqwYu0TAKBggqhkjOPQQDAwOBiwAwgYcCQQf2/5hVMbPP -L18i8VzeSZvNu+hqho0zGqTMY7oCekbEH6J4w+QQqslr9ps+9d+ce3nuQtuJEIBl -1PCgaTHq5Ht7AkIBs+uzxTYQCRRvZ3CtjxYYYKLbSimqGWlnV9qMHASBxV/dskHU -nP/JzeMgJuG44HwdaeqAb1dS1PYsYkPMkdwtLcQ= ------END CERTIFICATE----- From 28fddc5412f26a04396de2deacb7d4f4efdccca5 Mon Sep 17 00:00:00 2001 From: stef Date: Wed, 18 Feb 2026 22:27:01 +0100 Subject: [PATCH 11/11] Supprimer files/zabbix_server.key --- files/zabbix_server.key | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 files/zabbix_server.key diff --git a/files/zabbix_server.key b/files/zabbix_server.key deleted file mode 100644 index a5c9771..0000000 --- a/files/zabbix_server.key +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQAIw== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIHcAgEBBEIBWA0qpIubCVTvFj0jmQvNl5ucVI5wngXTLwiH6R9naCscSw7fxdRN -W52RikdZnQpExdY7m7cP7oWc/rTsTOAc2wqgBwYFK4EEACOhgYkDgYYABABA2e6b -+TXWfKhbvJzosgId76sea/XwCC419WD+1DWWT0M+Q5infEL6RxlAORrN4qrEQpj2 -XePMbziDG9aq2VzijQG+hgQQos+Itd8pLOGRdybKIDBcpPvW3ql4MgZgKdkcLyfo -eyKjVQf2+gBHr5tzf+tf7HGwOfUqIn2JsfDJh6hKAQ== ------END EC PRIVATE KEY-----