stef
/
role_zabbix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'ha' (#1) from ha into main 

Reviewed-on: https://gitea.bv.stef.lan/stef/zabbix-role/pulls/1
main
stef 2026-02-18 22:27:23 +01:00
parent 618c5ef1a0 28fddc5412
commit bce30dd66c
28 changed files with 1123 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored 100644
View File

@ -0,0 +1,2 @@
files/*.crt
files/*.key

143
README.md
View File

@ -1,31 +1,154 @@
Role Name
Zabbix
=========
A brief description of the role goes here.
Deploiement d'une infrascutrure ZAbbix complete
Deux serveur zabbix
- HA
- Keealived pour nginx
- Certiticats TLS
Distribution prise en charges:
- Debian13
- Almalinux
Pour Ajouter une distribution RHEL like
Ajouter un block dans tasks/main.yml
Similaire à ceci ( voir https://www.zabbix.com/download pour le path associé a votre distribution):
```
- name: Prepare <Votre distribution>
when: ansible_distribution == "AlmaLinux" <= Nom de votre distriution
block:
- name: add gpg
ansible.builtin.dnf:
name: gnupg2
state: present
- name: Copie GPG key
ansible.builtin.copy:
src: RPM-GPG-KEY-ZABBIX-B5333005
dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Import a key
ansible.builtin.rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Add Package
ansible.builtin.dnf:
name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/<Votre distribution>/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
```
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Nécéssite les fichiers de certificats suivants:
Role Variables
- zabbix_ca.cert
- zabbix_server.cert
- zabbix_server.key
- zabbix_agent.cert
- zabbix_agent.key
- zabbix_proxy.cert
- zabbix_proxy.key
Ces fichiers sont a déposer dans /files
Note: vous pouvez changer le nom des fichiers en ce cas modifier les variables suivante dans default/main.yml
```
zabbix_ca: zabbix_ca
zabbix_server: zabbix_server
zabbix_proxy: zabbix_proxy
zabbix_agent: zabbix_agent
```
# Variables
--------------
## Role Variables
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Variable definies dans default/main.yml
# defaults file for zabbix
| Variable | Role | Remarques|
|----------|------|----------|
|zabbix_version|Version de zabbix|Ne fonctionnent actuellement pour les Debian|
|roles_cibles| utlisés pour générer les Variable Server et ActiveServer | Exemple:['srv', 'proxy']|
|db_name|Nom de la base de postgres des serveurs||
|db_user|Nom de l'utilisateur de la base postgres serveurs||
|db_passwd|Mot de passe l'utilisateur de la base postgres serveurs||
|proxy_db_name|Nom de la base des proxys||
|proxy_db_user|Nom de l'utilisateur de la base des proxys||
|proxy_db_passwd|Mot de passe de l'utilisateur de la base des proxys||
|zabbix_ca|Nom du fichier de CA||
|zabbix_server|Nom du fichier de certificat utilisés par les serveurs||
|zabbix_proxy|Nom du fichier de certificat utilisés par les proxy||
|zabbix_agent|Nom du fichier de certificat utilisés par les agents||
## Group Variables
| Variable | Role | Remarques|
|----------|------|----------|
|db_host| adatabase.bv.stef.lan|
|db_port| 5432|Non utilisé pour le moment|
|postgresql_version|| Exemple 17, uniquement implementé dans débian|
|zabbix_crypt| Type de chiffrement utilisé| tls ou psk pour le moment seul tls est totalement implementé|
|zabbix_cert_ca_name| zabbix_ca||
|zabbix_cert_server_name| zabbix_server||
|zabbix_cert_agent_name| zabbix_agent||
|TLSServerCertSubject| DN des serveurs zabbix| exemple: "CN=zabbix_server,C=FR"|
|TLSServerCertIssuer| DN du CA zabbix| exemple: "CN=zabbix_ca,C=FR"|
|ZabbixHA| Activation du HA ou non | true ou false|
|vip_address| Vip keealived des nginx| exemple 192.168.200.75|
|vip_fqdn| FQDN de la Vip keealived des nginx|exemple: zabbix.mondomain.com|
|ActiveVault| Active ou non le vault| true ou false|
|Vault| Modele du vault| HashiCorp actuellement uniquement implémenté|
|VaultToken|Token d'acces au vault||
|VaultURL| Url du vault | exemple: https://vault.mondomain.com|
|VaultPrefix| Path des secret zabbix| exemple: /v1/secret/data/zabbix/|
|VaultDBPath| nom du secret des credential d'acces DB| exemple: /database|
## Hosts Variables
L'host master keepalived doit contenir:
```
keepalived:
state: MASTER
priority: 244
```
L'host backup keepalived doit contenir:
```
keepalived:
state: BACKUP
priority: 243
```
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
None
Exemple Inventory
zabbix_instance01:
hosts:
server01.mondomain.com:
role: srv
server02.mondomain.com:
role: srv
database.mondomain.com:
role: db
front.mondomain.com:
role: front
proxy01.mondomain.com:
role: proxy
proxy02.mondomain.com:
role: proxy
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------

54
defaults/main.yml
View File

@ -1,59 +1,7 @@
---
# defaults file for zabbix
rhel_db_packages:
- postgresql-server
- postgresql
- postgresql-plpython3
- zabbix-agent2
rhel_srv_packages:
- zabbix-server-pgsql
- zabbix-sql-scripts
- zabbix-selinux-policy
- zabbix-agent2
rhel_agent_packages:
- zabbix-agent2
rhel_front_packages:
- zabbix-web-pgsql
- zabbix-nginx-conf
- zabbix-agent2
rhel_proxy_packages:
- mariadb
- zabbix-proxy-mysql
- zabbix-sql-scripts
- zabbix-agent2
debian_db_packages:
- postgresql-contrib
- postgresql
- python3-psycopg2
- zabbix-sql-scripts
- zabbix-agent2
debian_srv_packages:
- zabbix-server-pgsql
- zabbix-agent2
debian_proxy_packages:
- mariadb-server
- zabbix-proxy-mysql
- zabbix-sql-scripts
- zabbix-agent2
debian_agent_packages:
- zabbix-agent2
debian_front_packages:
- zabbix-frontend-php
- php8.4-pgsql
- zabbix-nginx-conf
- nginx
- zabbix-agent2
zabbix_version: 7.4
roles_cibles: ['srv', 'proxy']
db_name: zabbix

52
files/RPM-GPG-KEY-ZABBIX-B5333005 100644
View File

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGYwjIcBEADHPOcYeW6xpiMh2ZO6a9OCncCs4IBQa7Ie+omyzJLNldnBMrxO
jbZXY2brQZWu5GEA6rTrexbfq9w/MaGiV5hAJ/x9oKHHKod79IfYLWsYS+rKTEr4
OptCGYqmJhdB29m44feut/PjjbjTuD0nwkaaE4Cm90r2aHMj5CcuD0/V823MgOwY
v5uz1Az9OhMLHB+qO/QDGZOxfmETpfj0J1Sh1afTngXoPgyniBT0BuyAMRlb2js6
QSpT9AnVxVDMVZwu5Ioy9Jf1Rz8ibP6LTN4Rh+TDFJizzoqJMqfDjN8PculcVZvG
j3bpweL0txhSykuLN75GPP1DO7rSVljIAChpY1hPtpYBD3F7uL0udpauVhVUY3Vs
13kxbsDgSr84s+tpRxV9BaQy2pjQY/jyesbFpFCjGHqUZVS1F3huWYBukQn3Em7C
X3WgzWe1iewPxENCLSGfSEVBcQ28guNvy2INcHHjx+AWOXFfkDKVZtBOH5MVr6hR
/xJH9S8Pd4wJZ4wvXwwDUBMD0Jju5ELE9/NQty8AeL6tjZomVhO2nFUe3N0lKE2K
wNLt0N4PqDrCHogQ7knROMR+9KqjFu+ko39TZmCUlVncX3s0v0t9gxIK9zQoX9p6
ngAr7IM8rGe/BGD7crYsrveWtBA7AY2DX9Z9iQylsXrq8tfGyhMaH3SgLwARAQAB
tCtaYWJiaXggTExDIChBcHIgMjAyNCkgPHBhY2thZ2VyQHphYmJpeC5jb20+iQJU
BBMBCgA+FiEETD1vLMdfUUZ1T8N02RMhmrUzMAUFAmYwjIcCGwMFCRLMAwAFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2RMhmrUzMAWf/w/+NSQz9LfZo7eNuKpd
piWsQgI+73sdLXmABp9kNWYrYTghXUe0WkWyLuFRMOh4fxZCtdiwpeEKGEDUgPr7
gTMH7ay7gD2kCJLCJl1tUCh4ryXJvVMyN9J+x7w742fOdPrVK9/ULad1KAH6zx+J
Ym/Qt5JfYMhjeCIBKpappGMVCFb3sEJUT4e7ggqt9uUgbjlpQtYhZg65vaX9C7qZ
EXxaWEfBkBNiHEeImuv6wjp1rM4cNMQW7lnfnvlo1MmkmDzQjCFA5g41DvK1YQcE
HWDW6Zp30SGQqthEHNOPHezNCxD1vMxfUCUawSZP5ajuK6o/CGM9L5rjvcCnpe+6
JVCX93KkPB0VqgfzzHB7OQsWQ8csRkjsW0v+5PkXbRRkf98YzaYDqVa1AvGv5YOv
alEPlqvQ6Xnm/6xV9gIr49Kgkf+VFvigbvwKfiH0hseWZN5ykswFoZ4mvYCJO6m4
ouU4sSW8AM/LxHHvlAZdO9h8O961nh5fs8AIl4EJb+4kClnYFGaguCKZyAu1V7bJ
vDZ0OlaRtnh2cEPBd9W0CoPZaEHYcUDFmMIlxab1oGgDqIN4SJoCTnJLJ4BloQFs
9rIpAMcXxA3lqNnBjbolXqUTJq9WIpe6q/r38ADh0M5najksbwZWU0WZ+j2DJmgV
otW7wuTabGL9k3lnyNRwlK4OkRe5Ag0EZjCMhwEQAL1RylY+ljV/Ma9rAcZxwT08
/emKEE4VMeDlJbzEWeMNjx8IpeVI3JlADkolbggcBEELZiwRRAJrJaYcBDNq0ZmE
BG5ffJin12iIU6f0GFg4x4elcPi9diP/1foz6k93eWYMpAj17B1YTM9ZgKKIJmuf
8GDsMTb/AgHcGC+gkduZGakUcHv538o+ub8/021HPqmYcF/HVaENv0LJd3yxLB6/
mhSCT9axuX6NDQxVxzXKz+PAnz1uYyz7yZB4YXROHNwnvOGPYbljIGQPTIgjrCNP
26ySH9t6JYxWY7bXJKGepSnk0QeGHiM0p6TC9n3BS6RkmKUt0c6cXbW+BCc8QHOj
jzPOxjbvpmbZtVo56ZQYm/DWuj0lg+/pYKSReX5YJ8gnvhRoNM/fLeWsIGMZJaM9
DygVTU0/0r7rxYbXoDqHMhsdMvjmrSAD3pDcPDci6WyeaLcvphvfZR4uyKtz1FS0
GU+B0ly1gwItDca2En01AbrYX3eLnSw6ZwegBy42gnzAooFmGrfQUuskr+j5hxzs
BBCTtU6zEBGIMAVs1pNCnUVEleD/2E2U4Uzqi/XQv95b3msqP3tNkWrp1Em12Wls
2bIe47+uOpfcxzsAADLTu5avJT0YcJ3u1lBB6rIBcFL6kmkqD1u2pgFZw5Otdo4h
/8gxK3CZ/g81yCsBOcNZABEBAAGJAjwEGAEKACYWIQRMPW8sx19RRnVPw3TZEyGa
tTMwBQUCZjCMhwIbDAUJEswDAAAKCRDZEyGatTMwBeZUEACOatbYmCCIdcqF05id
GsoPRqXEQHj8cY3NmzD4nlATJPHLN8+p6TH1mDInnBFfDp6Ll1u8PHnvGccVDUl+
aJCDCOcscqaKNaIbAi39OFLyED/j1t2g0VH9M0F41ZOofQN/Tf4SaR3ziY4j4hn+
pWpzqcdQ4zCSA+c95NijkeSgGFdT8OzCbWrmvKHdoeaescRMJg3Zmi3Aegqaaxe8
MMmixmGYk7jz35G0oBABCEcWTeqFXpQIG91AN5F0qe+tgQgwEr2N8YvIdRUb0e1c
Yc7Ly7pNHgH7wd0L2SND2pamXrZ6+kbUVVg46aa6XKvx36Fa2R0n6Var+Dcb9Rsr
mLq69/n2C18QLKwMnVSJfetPzQhAOnJ85Q2alRIyrMa7wq7+5NLcNBTGRRm4WYut
mzRvmmMmt0r+LOaV1fUdtfUVyIDrAb7rdqGW4eGbWTSLOcSgX7czThne7/v3zuSP
N0nc8yosGQp2aT8XCuzWqGQQ10NxUKP374jdetWgFI/8fH5zVx67TrViJ0FnK2Ug
CTtaHKt7jwwkMs6Y0kCCi/xysw+6UlDmBvzM5TVcWSO/lDUotFccn7IC782ghT03
pY9AfSJCu2NB44LODaLg9jyXbv2MPq8ZsWRqxxmmCUinmQMV6rI/nWPZpgEpKId7
RF/42ix6CdCLj9WuDJRHAPA6nA==
=iQwh
-----END PGP PUBLIC KEY BLOCK-----

14
files/zabbix_agent.crt
View File

@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5YwCgYIKoZIzj0EAwMw
ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw
NTZaFw0yNzAyMTQxNzAwNTZaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi
aXhfYWdlbnQwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF1NBVjvH9JE+SbFBVI
aZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5d+Gc3JNym0UU
mXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJNbGw7ybpGoTX0
Bu+amWlETXDlpi5huUkXx86wiy93vaNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl
Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPRT
QcdvRdtphLmDBwtx+7MXd9NiMAoGCCqGSM49BAMDA4GMADCBiAJCAXCtWzhuuXX7
r9duhPWWPJcoL94r71QOgTuMIFp2hGEQQTkpDn8npQe33SEzKleiYlgk1TsNcOGC
V7bzrryRAZbFAkIAzgZP2zW2Vhr6AF0EDW3S7A35v/oi0bGOuuCE7Kb2V9rcaAwM
k9tVv3bRZIAF6bowHcdxNCdUlptk0q1NNE6h43I=
-----END CERTIFICATE-----

10
files/zabbix_agent.key
View File

@ -1,10 +0,0 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBIKtXJBBZMdk4xVf9qKzrJGJks/aruTaX226yh0XHDR2l+49jlwIh
z2LuWCBSnWkOearNi0CiD/0SqBypl6GAvtmgBwYFK4EEACOhgYkDgYYABAF1NBVj
vH9JE+SbFBVIaZZiJn9gXzUHUjhPwCzcHt55jOmbrrszPpOUeYe+5ahqr96sdNS5
d+Gc3JNym0UUmXS6rgHj/3weApB6SmRUOk7im/PmegSECOgA4GSEgP97eoBjYNJN
bGw7ybpGoTX0Bu+amWlETXDlpi5huUkXx86wiy93vQ==
-----END EC PRIVATE KEY-----

14
files/zabbix_ca.crt
View File

@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICLjCCAZCgAwIBAgIUf6NkS48Id1xnJfmxiYE95Rt5W/IwCgYIKoZIzj0EAwMw
ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNjU5
MjlaFw0zNjAyMTIxNjU5MjlaMCExCzAJBgNVBAYTAkZSMRIwEAYDVQQDDAl6YWJi
aXhfY2EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACYb7pFnvHYBLPUiUNtaBqK
/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ58BO/Gs1CUlxiHS7P
8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocrV3ItZyYE083piGds
Fbg9vlzj1deBlTRCkgSglCLoa6NjMGEwHQYDVR0OBBYEFCDuYWOIBppXJTMO/GBn
cB6hyS1bMB8GA1UdIwQYMBaAFCDuYWOIBppXJTMO/GBncB6hyS1bMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA4GLADCBhwJBRUwp
n7+2jjrsTkR9NjP5DJP2sav0JJf5u80Y86mslp6rEIU4VTcwVhNXyvzUPrTS308t
FlCnOcKDA/Pd68A8My4CQgHb5LHzI+Np3FT+kb4gvOw9YgHFUS5iDy4yB9ffT6z1
5QrcIaD0atAPVyM4u7wVoif9wcHcyRiGFR+qaV6UwwoFHA==
-----END CERTIFICATE-----

7
files/zabbix_ca.key
View File

@ -1,7 +0,0 @@
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIB+MT26kyyojwNQxOgLQ10uFxH2DHG+iT2h9xa82BwvUod9AhPytAB
mQJhx/GYHMnFH5ff4nya20Xsj1/NTEeVHH+gBwYFK4EEACOhgYkDgYYABACYb7pF
nvHYBLPUiUNtaBqK/zxQQ0JQ0xBBvKN1Lfpew0BlmPy8ZFdTrUz4BohVbmYmkdQ5
8BO/Gs1CUlxiHS7P8AApdAfIUdQtOdcy6KQ7FErTyDwyf594GHqWw4ycLaOaYocr
V3ItZyYE083piGdsFbg9vlzj1deBlTRCkgSglCLoaw==
-----END EC PRIVATE KEY-----

14
files/zabbix_proxy.crt
View File

@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICKTCCAYqgAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5cwCgYIKoZIzj0EAwMw
ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxODE5
MjlaFw0yNzAyMTQxODE5MjlaMCQxCzAJBgNVBAYTAkZSMRUwEwYDVQQDDAx6YWJi
aXhfcHJveHkwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACasAU16MClAB06k8lQ
G2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI66wj3SMWwtOB
pZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79OLEbw1zvbAvG
+Z0yIlNnEFtP/vAapciWFaUUChSarqNaMFgwHwYDVR0jBBgwFoAUIO5hY4gGmlcl
Mw78YGdwHqHJLVswCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFPPI
gzk03dz6sWYKdd2MW2n4Y5LrMAoGCCqGSM49BAMDA4GMADCBiAJCASKlHzi830st
8RM0DtPRF4v4YiPNSK4bFXiAS+/OjveR1Y6oFQfuZZinTFUU3P9A5UfinxqLrDJW
iMtjmym4JYmZAkIAmwn9mVrpoKtUmxwBbPDhJLrgCTXPP0sttIuRRDbrGsSTCDhB
HXaRfoA5969eZJ6zcGxI84TZzYSRvvE5AjMxH+k=
-----END CERTIFICATE-----

10
files/zabbix_proxy.key
View File

@ -1,10 +0,0 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBlgrJJI/T9N2pOj5pFrMfuDaYboRfqckR2U0NnOVpqgUBLyVzQK+l
s7iNnopgtqPEUI6zRVQCMAEII0Relhoc7+egBwYFK4EEACOhgYkDgYYABACasAU1
6MClAB06k8lQG2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI
66wj3SMWwtOBpZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79
OLEbw1zvbAvG+Z0yIlNnEFtP/vAapciWFaUUChSarg==
-----END EC PRIVATE KEY-----

14
files/zabbix_server.crt
View File

@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICKTCCAYugAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5UwCgYIKoZIzj0EAwMw
ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw
MzRaFw0yNzAyMTQxNzAwMzRaMCUxCzAJBgNVBAYTAkZSMRYwFAYDVQQDDA16YWJi
aXhfc2VydmVyMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAQNnum/k11nyoW7yc
6LICHe+rHmv18AguNfVg/tQ1lk9DPkOYp3xC+kcZQDkazeKqxEKY9l3jzG84gxvW
qtlc4o0BvoYEEKLPiLXfKSzhkXcmyiAwXKT71t6peDIGYCnZHC8n6Hsio1UH9voA
R6+bc3/rX+xxsDn1KiJ9ibHwyYeoSgGjWjBYMB8GA1UdIwQYMBaAFCDuYWOIBppX
JTMO/GBncB6hyS1bMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBQ+
1/AYNQleyhffJLBauHtkqwYu0TAKBggqhkjOPQQDAwOBiwAwgYcCQQf2/5hVMbPP
L18i8VzeSZvNu+hqho0zGqTMY7oCekbEH6J4w+QQqslr9ps+9d+ce3nuQtuJEIBl
1PCgaTHq5Ht7AkIBs+uzxTYQCRRvZ3CtjxYYYKLbSimqGWlnV9qMHASBxV/dskHU
nP/JzeMgJuG44HwdaeqAb1dS1PYsYkPMkdwtLcQ=
-----END CERTIFICATE-----

10
files/zabbix_server.key
View File

@ -1,10 +0,0 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBWA0qpIubCVTvFj0jmQvNl5ucVI5wngXTLwiH6R9naCscSw7fxdRN
W52RikdZnQpExdY7m7cP7oWc/rTsTOAc2wqgBwYFK4EEACOhgYkDgYYABABA2e6b
+TXWfKhbvJzosgId76sea/XwCC419WD+1DWWT0M+Q5infEL6RxlAORrN4qrEQpj2
XePMbziDG9aq2VzijQG+hgQQos+Itd8pLOGRdybKIDBcpPvW3ql4MgZgKdkcLyfo
eyKjVQf2+gBHr5tzf+tf7HGwOfUqIn2JsfDJh6hKAQ==
-----END EC PRIVATE KEY-----

11
handlers/main.yml
View File

@ -10,6 +10,11 @@
name: nginx
state: restarted
- name: Restart php-fpm
service:
name: php-fpm
state: restarted
- name: Restart Zabbix Server
service:
name: zabbix-server
@ -24,3 +29,9 @@
service:
name: zabbix-agent2
state: restarted
- name: Restart Keepalived
service:
name: keepalived
state: restarted

66
tasks/Debian/install-agent2.yml 100644
View File

@ -0,0 +1,66 @@
- name: Agent2 - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ agent.packages }}"
tags:
- install_agent
- name: Agent2 - Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', roles_cibles) |
map(attribute='inventory_hostname') |
list }}
- name: Agent2 - Generate Server List
set_fact:
Server: "{{ hotes_filtres | join(',') }}"
- name: Agent2 - Generate ActiveServer List
set_fact:
ServerActive: "{{ hotes_filtres | join(';') }}"
- name: Agent2 - Generate agent2 config
ansible.builtin.template:
src: zabbix_agent2.conf.j2
dest: /etc/zabbix/zabbix_agent2.conf
owner: zabbix
group: zabbix
mode: 0640
- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Agent2 - Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca }}.crt"
- "{{ zabbix_agent }}.crt"
- "{{ zabbix_agent }}.key"
when: zabbix_crypt=="tls"
- name: Enable and start service zabbix agent2
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-agent2

73
tasks/Debian/install-db.yml 100644
View File

@ -0,0 +1,73 @@
- name: Database - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ db.packages }}"
tags:
- install_db
when: ansible_os_family == "Debian"
- name: Database - Enable and start service postgresl
ansible.builtin.service:
name: postgresql
state: started
enabled: yes
tags:
- install_db
- name: Database - Generate create db script
ansible.builtin.template:
src: create_db.j2
dest: /tmp/create_db.sql
owner: postgres
tags:
- install_db
- name: Database - Create DB
ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
tags:
- install_db
- name: Database - Add zabbix user to pg_hba
ansible.builtin.lineinfile:
path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
insertafter: '# Database administrative login by Unix domain socket'
line: "local {{ db_name }} {{ db_user }} trust"
firstmatch: yes
state: present
- name: Database - Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
lineinfile:
path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5"
state: present
loop: "{{ groups[my_group] }}"
when:
- hostvars[item].role is defined
- hostvars[item].role == 'srv' or hostvars[item].role == 'front'
- hostvars[item]['ansible_default_ipv4'] is defined
- name: Database - Configure postgres Listen address
ansible.builtin.lineinfile:
path: /etc/postgresql/17/main/postgresql.conf
regexp: '^#listen_addresses = .*'
line: "listen_addresses = '*'"
tags:
- install_db
- name: Database - Restart postgresql
service:
name: postgresql
state: restarted
tags:
- install_db
- name: Database - Populate zabbix database
ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
tags:
- install_db

41
tasks/Debian/install-front.yml 100644
View File

@ -0,0 +1,41 @@
- name: Front - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
loop: "{{ front.packages }}"
tags:
- install_front
- name: Front - Configure nginx port
ansible.builtin.lineinfile:
path: /etc/zabbix/nginx.conf
regexp: 'listen 8080;'
line: " listen 80;"
tags:
- install_front
# - name: Front - Setup
# ansible.builtin.template:
# src: zabbix_front.conf.j2
# dest: /etc/zabbix/web/zabbix.conf.php
# owner: www-data
# group: www-data
# mode: 0600
- name: Front - Configure nginx url
ansible.builtin.lineinfile:
path: /etc/zabbix/nginx.conf
regexp: 'server_name example.com;'
line: " server_name {{ inventory_hostname }};"
tags:
- install_front
notify: Restart nginx
- name: Front - Configure keepalived
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: 0644
notify: Restart Keepalived

91
tasks/Debian/install-proxy.yml 100644
View File

@ -0,0 +1,91 @@
- name: Proxy - Install Debian Proxy packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ proxy.packages }}"
tags:
- install_proxy
when: ansible_os_family == "Debian"
- name: Proxy - Enable and start service mariadb
ansible.builtin.service:
name: mariadb
state: started
enabled: yes
tags:
- install_proxy
- name: Proxy - Generate mariadb proxy creation script
ansible.builtin.template:
src: create_proxy_db.j2
dest: /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Create mariadb proxy database
ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Populate mariadb proxy database
ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
tags:
- install_proxy
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Proxy - Génération la liste des servers
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', 'srv') |
map(attribute='inventory_hostname') |
list }}
- name: Proxy - Set fact Server
set_fact:
Server: "{{ hotes_filtres | join(';') }}"
- name: Proxy - Generate config
ansible.builtin.template:
src: zabbix_proxy.conf.j2
dest: /etc/zabbix/zabbix_proxy.conf
owner: root
group: zabbix
mode: 400
tags:
- install_proxy
- name: Proxy - Create certificats directory
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Proxy - Copy certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_proxy}}.crt"
- "{{ zabbix_proxy}}.key"
when: zabbix_crypt=="tls"
- name: Proxy - Enable and start service zabbix proxy
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-proxy

53
tasks/Debian/install-srv.yml 100644
View File

@ -0,0 +1,53 @@
- name: Server - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ srv.packages }}"
tags:
- install_srv
when: ansible_os_family == "Debian"
- name: Server - Generate srv config
ansible.builtin.template:
src: zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
owner: zabbix
group: zabbix
mode: 0640
tags:
- install_srv
- name: Server - Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
tags:
- install_srv
- name: Server - Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_server}}.crt"
- "{{ zabbix_server}}.key"
when: zabbix_crypt=="tls"
tags:
- install_srv
- name: Server -Enable and start service zabbix server
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-server
tags:
- install_srv

66
tasks/RedHat/install-agent2.yml 100644
View File

@ -0,0 +1,66 @@
- name: Agent2 - Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ agent.packages }}"
tags:
- install_agent
- name: Agent2 - Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', roles_cibles) |
map(attribute='inventory_hostname') |
list }}
- name: Agent2 - Generate Server List
set_fact:
Server: "{{ hotes_filtres | join(',') }}"
- name: Agent2 - Generate ActiveServer List
set_fact:
ServerActive: "{{ hotes_filtres | join(';') }}"
- name: Agent2 - Generate agent2 config
ansible.builtin.template:
src: zabbix_agent2.conf.j2
dest: /etc/zabbix/zabbix_agent2.conf
owner: zabbix
group: zabbix
mode: 0640
- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Agent2 - Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca }}.crt"
- "{{ zabbix_agent }}.crt"
- "{{ zabbix_agent }}.key"
when: zabbix_crypt=="tls"
- name: Enable and start service zabbix agent2
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-agent2

95
tasks/RedHat/install-db.yml 100644
View File

@ -0,0 +1,95 @@
- name: Database - Install RHEL packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop: "{{ db.packages }}"
tags:
- install_db
- name: Database - Check if postgresql is configured
stat:
path: /var/lib/pgsql/data/PG_VERSION
register: postgresqldata
- name: Database - Init DB
ansible.builtin.shell:
cmd: postgresql-setup --initdb
when: postgresqldata.stat.exists == false
tags:
- install_db
- name: Database - Enable and start service postgresl
ansible.builtin.service:
name: postgresql
state: started
enabled: yes
tags:
- install_db
- name: Database - Generate create db script
ansible.builtin.template:
src: create_db.j2
dest: /tmp/create_db.sql
owner: postgres
tags:
- install_db
- name: Database - Run create db script
ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
tags:
- install_db
- name: Database - Add zabbix user to pg_hba
ansible.builtin.lineinfile:
path: /var/lib/pgsql/data/pg_hba.conf
insertafter: '# "local" is for Unix domain socket connections only'
line: "local {{ db_name }} {{ db_user }} trust"
firstmatch: yes
state: present
- name: Database -Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
lineinfile:
path: /var/lib/pgsql/data/pg_hba.conf
line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5"
state: present
loop: "{{ groups[my_group] }}"
when:
- hostvars[item].role is defined
- hostvars[item].role == 'srv' or hostvars[item].role == 'front'
- hostvars[item]['ansible_default_ipv4'] is defined
- name: Database - Configure postgres Listen address
ansible.builtin.lineinfile:
path: /var/lib/pgsql/data/postgresql.conf
regexp: '^#listen_addresses = .*'
line: "listen_addresses = '*'"
tags:
- install_db
- name: Database - Restart postgresql
service:
name: postgresql
state: restarted
enabled: true
tags:
- install_db
- name: Populate zabbix database
ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
tags:
- install_db
- name: Proxy - Enable and start service zabbix component
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-agent2

53
tasks/RedHat/install-front.yml 100644
View File

@ -0,0 +1,53 @@
- name: Front - Install packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop: "{{ front.packages }}"
tags:
- install_front
- name: Front - Configure nginx port
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/zabbix.conf
regexp: 'listen 8080;'
line: " listen 80;"
tags:
- install_front
notify: Restart nginx
- name: Front - Configure nginx url
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/zabbix.conf
regexp: 'server_name example.com;'
line: " server_name {{ inventory_hostname }};"
tags:
- install_front
notify:
- Restart nginx
- Restart php-fpm
- name: Front - Configure keepalived
when: role == "srv"
block:
- name: Configure Keepalived
ansible.builtin.template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: 0644
- name: Enable Keepalived service
ansible.builtin.systemd_service:
name: keepalived
state: restarted
enabled: true
- name: Enable and start
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- nginx
- php-fpm
- zabbix-agent2

98
tasks/RedHat/install-proxy.yml 100644
View File

@ -0,0 +1,98 @@
- name: Proxy - Install Debian Proxy packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop: "{{ proxy.packages }}"
tags:
- install_proxy
- name: Proxy - Enable and start service mariadb
ansible.builtin.service:
name: mariadb
state: started
enabled: yes
tags:
- install_proxy
- name: Proxy - Generate mariadb proxy creation script
ansible.builtin.template:
src: create_proxy_db.j2
dest: /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Create mariadb proxy database
ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Populate mariadb proxy database
ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
tags:
- install_proxy
- name: Proxy - Enable and restart mariadb
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
loop:
- mariadb
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Proxy - Génération la liste des servers
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', 'srv') |
map(attribute='inventory_hostname') |
list }}
- name: Proxy - Set fact Server
set_fact:
Server: "{{ hotes_filtres | join(';') }}"
- name: Proxy - Generate config
ansible.builtin.template:
src: zabbix_proxy.conf.j2
dest: /etc/zabbix/zabbix_proxy.conf
owner: root
group: zabbix
mode: 400
tags:
- install_proxy
- name: Proxy - Create certificats directory
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Proxy - Copy certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_proxy}}.crt"
- "{{ zabbix_proxy}}.key"
when: zabbix_crypt=="tls"
- name: Proxy - Enable and start service zabbix proxy
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-proxy
- zabbix-agent2

53
tasks/RedHat/install-srv.yml 100644
View File

@ -0,0 +1,53 @@
# Server
- name: Server - Install packages
ansible.builtin.dnf:
name: "{{ item }}"
state: present
loop: "{{ srv.packages }}"
tags:
- install_srv
- name: Server - Generate srv config
ansible.builtin.template:
src: zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
owner: zabbix
group: zabbix
mode: 0640
tags:
- install_srv
- name: Server - Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
tags:
- install_srv
- name: Server - Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_server}}.crt"
- "{{ zabbix_server}}.key"
when: zabbix_crypt=="tls"
tags:
- install_srv
- name: Server -Enable and start service zabbix server
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-server
- zabbix-agent2
tags:
- install_srv

107
tasks/main.yml
View File

@ -2,73 +2,96 @@
# tasks file for zabbix
- name: check OS version
debug: var=ansible_os_family
- name: Prepare RHEL
- name: include os variables
include_vars: "{{ ansible_os_family }}.yml"
tags: always
- name: Prepare Alma
when: ansible_distribution == "AlmaLinux"
block:
- name: add gpg
ansible.builtin.dnf:
name: gnupg2
state: present
- name: Copie GPG key
ansible.builtin.copy:
src: RPM-GPG-KEY-ZABBIX-B5333005
dest: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Import a key
ansible.builtin.rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-ZABBIX-B5333005
- name: Add Package
ansible.builtin.dnf:
name: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/alma/{{ ansible_distribution_major_version }}/noarch/zabbix-release-latest-{{ zabbix_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
- name: Prepare RH like
when: ansible_os_family == "RedHat"
block:
- name: Alma Repo
ansible.builtin.shell:
cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm
- name: disable firewall
ansible.builtin.service:
name: firewalld
state: stopped
enabled: false
name: firewalld
state: stopped
enabled: false
- name: clean repo
ansible.builtin.shell:
cmd: dnf clean all
when: ansible_os_family == "RedHat"
- name: set selinux permivise
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX=.*'
line: "SELINUX=permissive"
register: selinux
- name: Reboot if necessary
ansible.builtin.reboot:
when: selinux.changed
- name: Prepare Debian
block:
- name: Debian Repo
ansible.builtin.apt:
deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
- name: Mise à jour le cache des paquets
ansible.builtin.apt:
update_cache: yes
when: ansible_os_family == "Debian"
block:
- name: Debian Repo
ansible.builtin.apt:
deb: "https://repo.zabbix.com/zabbix/{{ zabbix_version }}/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_{{ zabbix_version }}+debian13_all.deb"
- name: Mise à jour le cache des paquets
ansible.builtin.apt:
update_cache: yes
- name: Install Database
- name: Database - Install
when: role == "db"
block:
- name: Install Zabbix DB
ansible.builtin.include_tasks: install-db.yml
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml"
when: role == "db"
tags:
- database
tags:
- install_db
- name: Install server
when: role == "srv"
block:
- name: Install Zabbix Server
ansible.builtin.include_tasks: install-srv.yml
when: role == "srv"
- name: Server - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
when:
- role == "srv"
tags:
- install_srv
- name: Install zabbix_proxy
when: role == "proxy"
block:
- name: Install Zabbix Proxy
ansible.builtin.include_tasks: install-proxy.yml
when: role == "proxy"
- name: Proxy - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
tags:
- install_proxy
- install_proxy
when: role == "proxy"
- name: Install Front
when: role == "front"
block:
- name: Install Zabbix Front
ansible.builtin.include_tasks: install-front.yml
when: role == "front"
- name: Front - Install
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
when: role == "srv" or role == "front"
tags:
- install_front
- name: Install Agent
block:
- name: Install Zabbix Agent
ansible.builtin.include_tasks: install-agent2.yml
ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml"
tags:
- install_agent
- never

22
templates/keepalived.conf.j2 100644
View File

@ -0,0 +1,22 @@
vrrp_track_process track_nginx {
process nginx
weight 10
}
vrrp_instance VI_1 {
state {{ keepalived.state }}
interface {{ansible_default_ipv4.interface}}
virtual_router_id 51
priority {{ keepalived.priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
{{ vip_address }}
}
track_process {
track_nginx
}
}

67
templates/zabbix_front.conf.j2 100644
View File

@ -0,0 +1,67 @@
?php
// Zabbix GUI configuration file.
$DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = '{{db_host}}';
$DB['PORT'] = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = '';
$DB['PASSWORD'] = '';
// Schema name. Used for PostgreSQL.
$DB['SCHEMA'] = '';
// Used for TLS connection.
$DB['ENCRYPTION'] = false;
$DB['KEY_FILE'] = '';
$DB['CERT_FILE'] = '';
$DB['CA_FILE'] = '';
$DB['VERIFY_HOST'] = false;
$DB['CIPHER_LIST'] = '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
{% if Vault is defined %}
$DB['VAULT'] = '{{Vault}}';
$DB['VAULT_URL'] = '{{VaultURL}}';
$DB['VAULT_PREFIX'] = '{{VaultPrefix}}';
$DB['VAULT_DB_PATH'] = '{{VaultDBPath}}';
$DB['VAULT_TOKEN'] = '{{VaultToken}}';
$DB['VAULT_CERT_FILE'] = '';
$DB['VAULT_KEY_FILE'] = '';
// Uncomment to bypass local caching of credentials.
// $DB['VAULT_CACHE'] = true;
{% endif %}
// Uncomment and set to desired values to override Zabbix hostname/IP and port.
// $ZBX_SERVER = '';
// $ZBX_SERVER_PORT = '';
$ZBX_SERVER_NAME = 'zserver02.bv.stef.lan';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Uncomment this block only if you are using Elasticsearch.
// Elasticsearch url (can be string if same url is used for all types).
//$HISTORY['url'] = [
// 'uint' => 'http://localhost:9200',
// 'text' => 'http://localhost:9200'
//];
// Value types stored in Elasticsearch.
//$HISTORY['types'] = ['uint', 'text'];
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
//$SSO['SP_KEY'] = 'conf/certs/sp.key';
//$SSO['SP_CERT'] = 'conf/certs/sp.crt';
//$SSO['IDP_CERT'] = 'conf/certs/idp.crt';
//$SSO['SETTINGS'] = [];
// If set to false, support for HTTP authentication will be disabled.
// $ALLOW_HTTP_AUTH = true;
$ZBX_SERVER_TLS['ACTIVE'] = '0';
$ZBX_SERVER_TLS['CA_FILE'] = '';
$ZBX_SERVER_TLS['KEY_FILE'] = '';
$ZBX_SERVER_TLS['CERT_FILE'] = '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = '';
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = '';

47
vars/Debian.yml 100644
View File

@ -0,0 +1,47 @@
---
# defaults file for zabbix
repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
db:
packages:
- postgresql-contrib
- postgresql
- python3-psycopg2
- zabbix-sql-scripts
- zabbix-agent2
srv:
packages:
- zabbix-server-pgsql
- zabbix-agent2
front:
packages:
- zabbix-frontend-php
- php8.4-pgsql
- zabbix-nginx-conf
- nginx
- zabbix-agent2
- keepalived
proxy:
packages:
- mariadb-server
- zabbix-proxy-mysql
- zabbix-sql-scripts
- zabbix-agent2
agent:
packages:
- zabbix-agent2
roles_cibles: ['srv', 'proxy']
db_name: zabbix
db_user: zabbix
db_passwd: zabbix
proxy_db_name: zabbix_proxy
proxy_db_user: zabbix_proxy
proxy_db_passwd: zabbix_proxy
zabbix_ca: zabbix_ca
zabbix_server: zabbix_server
zabbix_proxy: zabbix_proxy
zabbix_agent: zabbix_agent

33
vars/RedHat.yml 100644
View File

@ -0,0 +1,33 @@
db:
packages:
- postgresql-server
- postgresql-contrib
- postgresql
- postgresql-plpython3
- zabbix-sql-scripts
- zabbix-agent2
- zabbix-agent2-plugin-postgresql
srv:
packages:
- zabbix-server-pgsql
- zabbix-selinux-policy
- zabbix-agent2
- keepalived
agent:
packages:
- zabbix-agent2
front:
packages:
- zabbix-web-pgsql
- zabbix-nginx-conf
- zabbix-agent2
- zabbix-selinux-policy
- php-fpm
proxy:
packages:
- mariadb-server
- mariadb
- zabbix-proxy-mysql
- zabbix-sql-scripts
- zabbix-agent2