Merge pull request 'ha' (#1) from ha into main

Reviewed-on: https://gitea.bv.stef.lan/stef/zabbix-role/pulls/1

.gitignore

@@ -0,0 +1,2 @@
+files/*.crt
+files/*.key

README.md

@@ -1,31 +1,154 @@
-Role Name
+Zabbix
 =========
 
-A brief description of the role goes here.
+Deploiement d'une infrascutrure ZAbbix complete
+Deux serveur zabbix 
+- HA
+- Keealived pour nginx 
+- Certiticats TLS
+
+Distribution prise en charges:
+- Debian13
+- Almalinux
+
+Pour Ajouter une distribution RHEL like
+Ajouter un block dans tasks/main.yml
+
+Similaire à ceci ( voir https://www.zabbix.com/download pour le path associé a votre distribution):
+```
+- name: Prepare <Votre distribution>
+  when: ansible_distribution == "AlmaLinux"  <= Nom de votre distriution 
+  block:
+    - name: add gpg
+      ansible.builtin.dnf:
+        name: gnupg2
+        state: present
+    - name: Copie GPG key
+      ansible.builtin.copy:
+        src: RPM-GPG-KEY-ZABBIX-B5333005
+        dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
+    - name: Import a key
+      ansible.builtin.rpm_key:
+        state: present
+        key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
+    - name: Add Package
+      ansible.builtin.dnf:
+        name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/<Votre distribution>/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
+        state: present
+```
 
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Nécéssite les fichiers de certificats suivants:
 
-Role Variables
+- zabbix_ca.cert
+- zabbix_server.cert
+- zabbix_server.key
+- zabbix_agent.cert
+- zabbix_agent.key
+- zabbix_proxy.cert
+- zabbix_proxy.key
+
+Ces fichiers sont a déposer dans /files
+
+Note: vous pouvez changer le nom des fichiers en ce cas modifier les variables suivante dans default/main.yml
+```
+zabbix_ca: zabbix_ca
+zabbix_server: zabbix_server
+zabbix_proxy: zabbix_proxy
+zabbix_agent: zabbix_agent
+```
+
+# Variables
 --------------
+## Role Variables
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+Variable definies dans default/main.yml
+
+# defaults file for zabbix
+
+
+| Variable | Role | Remarques|
+|----------|------|----------|
+|zabbix_version|Version de zabbix|Ne fonctionnent actuellement pour les Debian|
+|roles_cibles| utlisés pour générer les Variable Server et ActiveServer | Exemple:['srv', 'proxy']|
+|db_name|Nom de la base de postgres des serveurs||
+|db_user|Nom de l'utilisateur de la base postgres serveurs||
+|db_passwd|Mot de passe l'utilisateur de la base postgres serveurs||
+|proxy_db_name|Nom de la base des proxys||
+|proxy_db_user|Nom de l'utilisateur de la base des proxys||
+|proxy_db_passwd|Mot de passe de l'utilisateur de la base des proxys||
+|zabbix_ca|Nom du fichier de CA||
+|zabbix_server|Nom du fichier de certificat utilisés par les serveurs||
+|zabbix_proxy|Nom du fichier de certificat utilisés par les proxy||
+|zabbix_agent|Nom du fichier de certificat utilisés par les agents||
+
+
+## Group Variables
+
+| Variable | Role | Remarques|
+|----------|------|----------|
+|db_host| adatabase.bv.stef.lan|
+|db_port| 5432|Non utilisé pour le moment|
+|postgresql_version|| Exemple 17, uniquement implementé dans débian|
+|zabbix_crypt| Type de chiffrement utilisé| tls ou psk pour le moment seul tls est totalement implementé|
+|zabbix_cert_ca_name| zabbix_ca||
+|zabbix_cert_server_name| zabbix_server||
+|zabbix_cert_agent_name| zabbix_agent||
+|TLSServerCertSubject| DN des serveurs zabbix| exemple: "CN=zabbix_server,C=FR"|
+|TLSServerCertIssuer| DN du CA zabbix| exemple:  "CN=zabbix_ca,C=FR"|
+|ZabbixHA| Activation du HA ou non | true ou false|
+|vip_address| Vip keealived des nginx| exemple 192.168.200.75|
+|vip_fqdn| FQDN de la Vip keealived des nginx|exemple: zabbix.mondomain.com|
+|ActiveVault| Active ou non le vault| true ou false|
+|Vault| Modele du vault| HashiCorp actuellement uniquement implémenté|
+|VaultToken|Token d'acces au vault||
+|VaultURL| Url du vault | exemple: https://vault.mondomain.com|
+|VaultPrefix| Path des secret zabbix| exemple: /v1/secret/data/zabbix/|
+|VaultDBPath| nom du secret des credential d'acces DB| exemple: /database|
+
+## Hosts Variables
+L'host master keepalived doit contenir:
+```
+keepalived:
+  state: MASTER
+  priority: 244
+```
+
+L'host backup keepalived doit contenir:
+```
+keepalived:
+  state: BACKUP
+  priority: 243
+```
 
 Dependencies
 ------------
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+None
+
+Exemple Inventory
+
+    zabbix_instance01:
+      hosts:
+        server01.mondomain.com:
+          role: srv
+        server02.mondomain.com:
+          role: srv
+        database.mondomain.com:
+          role: db
+        front.mondomain.com:
+          role: front
+        proxy01.mondomain.com:
+          role: proxy
+        proxy02.mondomain.com:
+          role: proxy
 
 Example Playbook
 ----------------
 
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
 
 License
 -------

defaults/main.yml

@@ -1,59 +1,7 @@
 ---
 # defaults file for zabbix
-rhel_db_packages:
-  - postgresql-server
-  - postgresql
-  - postgresql-plpython3
-  - zabbix-agent2
-
-rhel_srv_packages:
-  - zabbix-server-pgsql 
-  - zabbix-sql-scripts 
-  - zabbix-selinux-policy
-  - zabbix-agent2
-
-rhel_agent_packages:
-  - zabbix-agent2
-
-rhel_front_packages:
-  - zabbix-web-pgsql 
-  - zabbix-nginx-conf 
-  - zabbix-agent2
-
-
-rhel_proxy_packages:
-  - mariadb
-  - zabbix-proxy-mysql 
-  - zabbix-sql-scripts
-  - zabbix-agent2
-
-debian_db_packages:
-  - postgresql-contrib
-  - postgresql
-  - python3-psycopg2
-  - zabbix-sql-scripts 
-  - zabbix-agent2
-
-debian_srv_packages:
-  - zabbix-server-pgsql 
-  - zabbix-agent2
-
-debian_proxy_packages:
-  - mariadb-server
-  - zabbix-proxy-mysql 
-  - zabbix-sql-scripts
-  - zabbix-agent2
-
-debian_agent_packages:
-  - zabbix-agent2
-
-debian_front_packages:
-  - zabbix-frontend-php 
-  - php8.4-pgsql 
-  - zabbix-nginx-conf 
-  - nginx
-  - zabbix-agent2
 
+zabbix_version: 7.4
 roles_cibles: ['srv', 'proxy']
 
 db_name: zabbix

files/RPM-GPG-KEY-ZABBIX-B5333005

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
+jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
+OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
+v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
+QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
+j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
+13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
+X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
+/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
+wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
+ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
+tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
+BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
+piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
+gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
+Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
+EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
+HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
+JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
+alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
+ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
+vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
+9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
+otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
+/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
+BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
+8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
+mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
+26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
+jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
+DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
+GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
+BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
+2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
+/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
+tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
+GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
+aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
+pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
+MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
+Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
+mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
+mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
+N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
+CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
+pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
+RF/42ix6CdCLj9WuDJRHAPA6nA==
+=iQwh
+-----END PGP PUBLIC KEY BLOCK-----

files/zabbix_agent.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5YwCgYIKoZIzj0EAwMw
-ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw
-NTZaFw0yNzAyMTQxNzAwNTZaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi
-aXhfYWdlbnQwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF1NBVjvH9JE+SbFBVI
-aZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5d+Gc3JNym0UU
-mXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJNbGw7ybpGoTX0
-Bu+amWlETXDlpi5huUkXx86wiy93vaNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl
-Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPRT
-QcdvRdtphLmDBwtx+7MXd9NiMAoGCCqGSM49BAMDA4GMADCBiAJCAXCtWzhuuXX7
-r9duhPWWPJcoL94r71QOgTuMIFp2hGEQQTkpDn8npQe33SEzKleiYlgk1TsNcOGC
-V7bzrryRAZbFAkIAzgZP2zW2Vhr6AF0EDW3S7A35v/oi0bGOuuCE7Kb2V9rcaAwM
-k9tVv3bRZIAF6bowHcdxNCdUlptk0q1NNE6h43I=
------END CERTIFICATE-----

files/zabbix_agent.key

@@ -1,10 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBIKtXJBBZMdk4xVf9qKzrJGJks/aruTaX226yh0XHDR2l+49jlwIh
-z2LuWCBSnWkOearNi0CiD/0SqBypl6GAvtmgBwYFK4EEACOhgYkDgYYABAF1NBVj
-vH9JE+SbFBVIaZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5
-d+Gc3JNym0UUmXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJN
-bGw7ybpGoTX0Bu+amWlETXDlpi5huUkXx86wiy93vQ==
------END EC PRIVATE KEY-----

files/zabbix_ca.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICLjCCAZCgAwIBAgIUf6NkS48Id1xnJfmxiYE95Rt5W/IwCgYIKoZIzj0EAwMw
-ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNjU5
-MjlaFw0zNjAyMTIxNjU5MjlaMCExCzAJBgNVBAYTAkZSMRIwEAYDVQQDDAl6YWJi
-aXhfY2EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACYb7pFnvHYBLPUiUNtaBqK
-/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ58BO/Gs1CUlxiHS7P
-8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocrV3ItZyYE083piGds
-Fbg9vlzj1deBlTRCkgSglCLoa6NjMGEwHQYDVR0OBBYEFCDuYWOIBppXJTMO/GBn
-cB6hyS1bMB8GA1UdIwQYMBaAFCDuYWOIBppXJTMO/GBncB6hyS1bMA8GA1UdEwEB
-/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA4GLADCBhwJBRUwp
-n7+2jjrsTkR9NjP5DJP2sav0JJf5u80Y86mslp6rEIU4VTcwVhNXyvzUPrTS308t
-FlCnOcKDA/Pd68A8My4CQgHb5LHzI+Np3FT+kb4gvOw9YgHFUS5iDy4yB9ffT6z1
-5QrcIaD0atAPVyM4u7wVoif9wcHcyRiGFR+qaV6UwwoFHA==
------END CERTIFICATE-----

files/zabbix_ca.key

@@ -1,7 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIB+MT26kyyojwNQxOgLQ10uFxH2DHG+iT2h9xa82BwvUod9AhPytAB
-mQJhx/GYHMnFH5ff4nya20Xsj1/NTEeVHH+gBwYFK4EEACOhgYkDgYYABACYb7pF
-nvHYBLPUiUNtaBqK/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ5
-8BO/Gs1CUlxiHS7P8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocr
-V3ItZyYE083piGdsFbg9vlzj1deBlTRCkgSglCLoaw==
------END EC PRIVATE KEY-----

files/zabbix_proxy.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5cwCgYIKoZIzj0EAwMw
-ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxODE5
-MjlaFw0yNzAyMTQxODE5MjlaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi
-aXhfcHJveHkwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACasAU16MClAB06k8lQ
-G2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI66wj3SMWwtOB
-pZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79OLEbw1zvbAvG
-+Z0yIlNnEFtP/vAapciWFaUUChSarqNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl
-Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPPI
-gzk03dz6sWYKdd2MW2n4Y5LrMAoGCCqGSM49BAMDA4GMADCBiAJCASKlHzi830st
-8RM0DtPRF4v4YiPNSK4bFXiAS+/OjveR1Y6oFQfuZZinTFUU3P9A5UfinxqLrDJW
-iMtjmym4JYmZAkIAmwn9mVrpoKtUmxwBbPDhJLrgCTXPP0sttIuRRDbrGsSTCDhB
-HXaRfoA5969eZJ6zcGxI84TZzYSRvvE5AjMxH+k=
------END CERTIFICATE-----

files/zabbix_proxy.key

@@ -1,10 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBlgrJJI/T9N2pOj5pFrMfuDaYboRfqckR2U0NnOVpqgUBLyVzQK+l
-s7iNnopgtqPEUI6zRVQCMAEII0Relhoc7+egBwYFK4EEACOhgYkDgYYABACasAU1
-6MClAB06k8lQG2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI
-66wj3SMWwtOBpZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79
-OLEbw1zvbAvG+Z0yIlNnEFtP/vAapciWFaUUChSarg==
------END EC PRIVATE KEY-----

files/zabbix_server.crt

@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICKTCCAYugAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5UwCgYIKoZIzj0EAwMw
-ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw
-MzRaFw0yNzAyMTQxNzAwMzRaMCUxCzAJBgNVBAYTAkZSMRYwFAYDVQQDDA16YWJi
-aXhfc2VydmVyMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAQNnum/k11nyoW7yc
-6LICHe+rHmv18AguNfVg/tQ1lk9DPkOYp3xC+kcZQDkazeKqxEKY9l3jzG84gxvW
-qtlc4o0BvoYEEKLPiLXfKSzhkXcmyiAwXKT71t6peDIGYCnZHC8n6Hsio1UH9voA
-R6+bc3/rX+xxsDn1KiJ9ibHwyYeoSgGjWjBYMB8GA1UdIwQYMBaAFCDuYWOIBppX
-JTMO/GBncB6hyS1bMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBQ+
-1/AYNQleyhffJLBauHtkqwYu0TAKBggqhkjOPQQDAwOBiwAwgYcCQQf2/5hVMbPP
-L18i8VzeSZvNu+hqho0zGqTMY7oCekbEH6J4w+QQqslr9ps+9d+ce3nuQtuJEIBl
-1PCgaTHq5Ht7AkIBs+uzxTYQCRRvZ3CtjxYYYKLbSimqGWlnV9qMHASBxV/dskHU
-nP/JzeMgJuG44HwdaeqAb1dS1PYsYkPMkdwtLcQ=
------END CERTIFICATE-----

files/zabbix_server.key

@@ -1,10 +0,0 @@
------BEGIN EC PARAMETERS-----
-BgUrgQQAIw==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBWA0qpIubCVTvFj0jmQvNl5ucVI5wngXTLwiH6R9naCscSw7fxdRN
-W52RikdZnQpExdY7m7cP7oWc/rTsTOAc2wqgBwYFK4EEACOhgYkDgYYABABA2e6b
-+TXWfKhbvJzosgId76sea/XwCC419WD+1DWWT0M+Q5infEL6RxlAORrN4qrEQpj2
-XePMbziDG9aq2VzijQG+hgQQos+Itd8pLOGRdybKIDBcpPvW3ql4MgZgKdkcLyfo
-eyKjVQf2+gBHr5tzf+tf7HGwOfUqIn2JsfDJh6hKAQ==
------END EC PRIVATE KEY-----

handlers/main.yml

@@ -10,6 +10,11 @@
     name: nginx
     state: restarted
 
+- name: Restart php-fpm
+  service:
+    name: php-fpm
+    state: restarted
+
 - name: Restart Zabbix Server
   service:
     name: zabbix-server
@@ -24,3 +29,9 @@
   service:
     name: zabbix-agent2
     state: restarted
+
+- name: Restart Keepalived
+  service:
+    name: keepalived
+    state: restarted
+

tasks/Debian/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/Debian/install-db.yml

@@ -0,0 +1,73 @@
+- name: Database - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "Debian" 
+
+- name: Database - Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Database - Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Database - Create DB
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Database - Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Database - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Database - Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Database - Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Database - Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/Debian/install-front.yml

@@ -0,0 +1,41 @@
+- name: Front - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ front.packages }}"
+  tags:
+    - install_front
+
+- name: Front - Configure nginx port
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'listen          8080;'
+    line: "        listen          80;"
+  tags:
+    - install_front
+
+# - name: Front - Setup
+#   ansible.builtin.template:
+#       src: zabbix_front.conf.j2
+#       dest: /etc/zabbix/web/zabbix.conf.php
+#       owner: www-data
+#       group: www-data
+#       mode: 0600 
+
+- name: Front - Configure nginx url
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'server_name     example.com;'
+    line: "        server_name     {{ inventory_hostname }};"
+  tags:
+    - install_front
+  notify: Restart nginx
+
+- name: Front - Configure keepalived
+  ansible.builtin.template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart Keepalived

tasks/Debian/install-proxy.yml

@@ -0,0 +1,91 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ proxy.packages }}"
+  tags:
+    - install_proxy
+  when: ansible_os_family == "Debian" 
+
+
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy 

tasks/Debian/install-srv.yml

@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "Debian" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+    
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv

tasks/RedHat/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/RedHat/install-db.yml

@@ -0,0 +1,95 @@
+
+
+- name: Database - Install RHEL packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+
+- name: Database - Check if postgresql is configured
+  stat:
+    path: /var/lib/pgsql/data/PG_VERSION
+  register: postgresqldata
+
+- name: Database - Init DB
+  ansible.builtin.shell:
+    cmd: postgresql-setup --initdb
+  when:  postgresqldata.stat.exists == false
+  tags:
+    - install_db
+
+- name: Database - Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Database - Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Database - Run create db script
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+    - install_db
+
+- name: Database - Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /var/lib/pgsql/data/pg_hba.conf
+    insertafter: '# "local" is for Unix domain socket connections only'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Database -Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /var/lib/pgsql/data/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Database - Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /var/lib/pgsql/data/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Database - Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+    enabled: true
+  tags:
+   - install_db
+
+- name: Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db
+
+- name: Proxy - Enable and start service zabbix component
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/RedHat/install-front.yml

@@ -0,0 +1,53 @@
+- name: Front - Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ front.packages }}"
+  tags:
+    - install_front
+
+- name: Front - Configure nginx port
+  ansible.builtin.lineinfile:
+    path: /etc/nginx/conf.d/zabbix.conf
+    regexp: 'listen          8080;'
+    line: "        listen          80;"
+  tags:
+    - install_front
+  notify: Restart nginx
+
+- name: Front - Configure nginx url
+  ansible.builtin.lineinfile:
+    path: /etc/nginx/conf.d/zabbix.conf
+    regexp: 'server_name     example.com;'
+    line: "        server_name     {{ inventory_hostname }};"
+  tags:
+    - install_front
+  notify: 
+    - Restart nginx
+    - Restart php-fpm
+
+- name: Front - Configure keepalived
+  when: role == "srv"
+  block:
+    - name: Configure Keepalived
+      ansible.builtin.template:
+        src: keepalived.conf.j2
+        dest: /etc/keepalived/keepalived.conf
+        owner: root
+        group: root
+        mode: 0644
+    - name: Enable Keepalived service
+      ansible.builtin.systemd_service:
+        name: keepalived
+        state: restarted
+        enabled: true
+
+- name: Enable and start
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: 
+    - nginx
+    - php-fpm
+    - zabbix-agent2

tasks/RedHat/install-proxy.yml

@@ -0,0 +1,98 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ proxy.packages }}"
+  tags:
+    - install_proxy
+    
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Proxy - Enable and restart mariadb
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: 
+    - mariadb
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy
+    - zabbix-agent2

tasks/RedHat/install-srv.yml

@@ -0,0 +1,53 @@
+# Server
+- name: Server - Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+    - zabbix-agent2
+  tags:
+    - install_srv

tasks/main.yml

@@ -2,11 +2,35 @@
 # tasks file for zabbix
 - name: check OS version
   debug: var=ansible_os_family
-- name: Prepare RHEL
+
+- name: include os variables
+  include_vars: "{{ ansible_os_family }}.yml"
+  tags: always
+
+
+- name: Prepare Alma
+  when: ansible_distribution == "AlmaLinux"
+  block:
+    - name: add gpg
+      ansible.builtin.dnf:
+        name: gnupg2
+        state: present
+    - name: Copie GPG key
+      ansible.builtin.copy:
+        src: RPM-GPG-KEY-ZABBIX-B5333005
+        dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
+    - name: Import a key
+      ansible.builtin.rpm_key:
+        state: present
+        key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
+    - name: Add Package
+      ansible.builtin.dnf:
+        name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
+        state: present
+
+- name: Prepare RH like
+  when: ansible_os_family == "RedHat"
   block:
-    - name: Alma Repo
-      ansible.builtin.shell:
-        cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm
     - name: disable firewall
       ansible.builtin.service:
          name: firewalld
@@ -15,60 +39,59 @@
     - name: clean repo
       ansible.builtin.shell:
         cmd: dnf clean all
-  when: ansible_os_family == "RedHat"
+
+    - name: set selinux permivise
+      ansible.builtin.lineinfile:
+        path: /etc/selinux/config
+        regexp: '^SELINUX=.*'
+        line: "SELINUX=permissive"
+      register: selinux
+    
+    - name: Reboot if necessary
+      ansible.builtin.reboot:
+      when: selinux.changed
+
 - name: Prepare Debian
+  when: ansible_os_family == "Debian"
   block:
     - name: Debian Repo
       ansible.builtin.apt:
-      deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+        deb: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+debian13_all.deb"
     - name: Mise à jour le cache des paquets
       ansible.builtin.apt:
         update_cache: yes
-  when: ansible_os_family == "Debian"
 
-
+- name: Database - Install
-- name: Install Database
   when: role == "db"
   block:
     - name: Install Zabbix DB
-      ansible.builtin.include_tasks: install-db.yml
+      ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml"
       when: role == "db"
-      tags:
-       - database
   tags:
     - install_db
 
-- name: Install server
+- name: Server - Install
-  when: role == "srv"
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
-  block:
+  when: 
-    - name: Install Zabbix Server
+    - role == "srv"
-      ansible.builtin.include_tasks: install-srv.yml
-      when: role == "srv"
   tags:
     - install_srv
 
-- name: Install zabbix_proxy
+- name: Proxy - Install
-  when: role == "proxy"
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
-  block:
-    - name: Install Zabbix Proxy
-      ansible.builtin.include_tasks: install-proxy.yml
-      when: role == "proxy"
   tags:
      - install_proxy
+  when: role == "proxy"
 
-- name: Install Front
+
-  when: role == "front"
+- name: Front - Install
-  block:
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
-    - name: Install Zabbix Front
+  when: role == "srv" or role == "front"
-      ansible.builtin.include_tasks: install-front.yml
-      when: role == "front"
   tags:
     - install_front
 
 - name: Install Agent
-  block:
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml"
-    - name: Install Zabbix Agent
-      ansible.builtin.include_tasks: install-agent2.yml
   tags:
     - install_agent
     - never

templates/keepalived.conf.j2

@@ -0,0 +1,22 @@
+vrrp_track_process track_nginx {
+    process nginx
+    weight 10
+}
+
+vrrp_instance VI_1 {
+    state {{ keepalived.state }}
+    interface {{ansible_default_ipv4.interface}}
+    virtual_router_id 51
+    priority {{ keepalived.priority }}
+    advert_int 1
+    authentication {
+        auth_type PASS
+        auth_pass 12345
+    }
+    virtual_ipaddress {
+        {{ vip_address }}
+    }
+    track_process {
+         track_nginx
+      }
+}

templates/zabbix_front.conf.j2

@@ -0,0 +1,67 @@
+?php
+// Zabbix GUI configuration file.
+
+$DB['TYPE']			= 'POSTGRESQL';
+$DB['SERVER']			= '{{db_host}}';
+$DB['PORT']			= '0';
+$DB['DATABASE']			= 'zabbix';
+$DB['USER']			= '';
+$DB['PASSWORD']			= '';
+
+// Schema name. Used for PostgreSQL.
+$DB['SCHEMA']			= '';
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= false;
+$DB['KEY_FILE']			= '';
+$DB['CERT_FILE']		= '';
+$DB['CA_FILE']			= '';
+$DB['VERIFY_HOST']		= false;
+$DB['CIPHER_LIST']		= '';
+
+// Vault configuration. Used if database credentials are stored in Vault secrets manager.
+{% if Vault is defined %}
+$DB['VAULT']			= '{{Vault}}';
+$DB['VAULT_URL']		= '{{VaultURL}}';
+$DB['VAULT_PREFIX']		= '{{VaultPrefix}}';
+$DB['VAULT_DB_PATH']		= '{{VaultDBPath}}';
+$DB['VAULT_TOKEN']		= '{{VaultToken}}';
+$DB['VAULT_CERT_FILE']		= '';
+$DB['VAULT_KEY_FILE']		= '';
+// Uncomment to bypass local caching of credentials.
+// $DB['VAULT_CACHE']		= true;
+{% endif %}
+// Uncomment and set to desired values to override Zabbix hostname/IP and port.
+// $ZBX_SERVER			= '';
+// $ZBX_SERVER_PORT		= '';
+
+$ZBX_SERVER_NAME		= 'zserver02.bv.stef.lan';
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Uncomment this block only if you are using Elasticsearch.
+// Elasticsearch url (can be string if same url is used for all types).
+//$HISTORY['url'] = [
+//	'uint' => 'http://localhost:9200',
+//	'text' => 'http://localhost:9200'
+//];
+// Value types stored in Elasticsearch.
+//$HISTORY['types'] = ['uint', 'text'];
+
+// Used for SAML authentication.
+// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
+//$SSO['SP_KEY']			= 'conf/certs/sp.key';
+//$SSO['SP_CERT']			= 'conf/certs/sp.crt';
+//$SSO['IDP_CERT']		= 'conf/certs/idp.crt';
+//$SSO['SETTINGS']		= [];
+
+// If set to false, support for HTTP authentication will be disabled.
+// $ALLOW_HTTP_AUTH = true;
+
+$ZBX_SERVER_TLS['ACTIVE'] = '0';
+$ZBX_SERVER_TLS['CA_FILE'] = '';
+$ZBX_SERVER_TLS['KEY_FILE'] = '';
+$ZBX_SERVER_TLS['CERT_FILE'] = '';
+$ZBX_SERVER_TLS['CERTIFICATE_ISSUER']  = '';
+$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = '';
+

vars/Debian.yml

@@ -0,0 +1,47 @@
+---
+# defaults file for zabbix
+repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+db: 
+  packages:
+    - postgresql-contrib
+    - postgresql
+    - python3-psycopg2
+    - zabbix-sql-scripts 
+    - zabbix-agent2 
+srv:
+  packages:  
+    - zabbix-server-pgsql 
+    - zabbix-agent2
+front:
+  packages:
+    - zabbix-frontend-php 
+    - php8.4-pgsql 
+    - zabbix-nginx-conf 
+    - nginx
+    - zabbix-agent2
+    - keepalived
+proxy:
+  packages:
+    - mariadb-server
+    - zabbix-proxy-mysql 
+    - zabbix-sql-scripts
+    - zabbix-agent2
+agent:
+  packages: 
+    - zabbix-agent2
+
+
+roles_cibles: ['srv', 'proxy']
+
+db_name: zabbix
+db_user: zabbix
+db_passwd: zabbix
+
+proxy_db_name: zabbix_proxy
+proxy_db_user: zabbix_proxy
+proxy_db_passwd: zabbix_proxy
+
+zabbix_ca: zabbix_ca
+zabbix_server: zabbix_server
+zabbix_proxy: zabbix_proxy
+zabbix_agent: zabbix_agent

vars/RedHat.yml

@@ -0,0 +1,33 @@
+db:
+  packages:
+    - postgresql-server
+    - postgresql-contrib 
+    - postgresql
+    - postgresql-plpython3
+    - zabbix-sql-scripts 
+    - zabbix-agent2
+    - zabbix-agent2-plugin-postgresql
+
+srv:
+  packages:
+    - zabbix-server-pgsql 
+    - zabbix-selinux-policy
+    - zabbix-agent2
+    - keepalived
+agent:
+  packages:
+    - zabbix-agent2
+front:
+  packages:
+    - zabbix-web-pgsql 
+    - zabbix-nginx-conf 
+    - zabbix-agent2
+    - zabbix-selinux-policy
+    - php-fpm
+proxy:
+  packages:
+    - mariadb-server
+    - mariadb
+    - zabbix-proxy-mysql 
+    - zabbix-sql-scripts
+    - zabbix-agent2