From f3855df1a89702289af6fe29bc3e39f616a3d0b2 Mon Sep 17 00:00:00 2001 From: stef Date: Mon, 16 Feb 2026 22:20:56 +0000 Subject: [PATCH] Debut de separation par distribution + ajout keepalived --- defaults/main.yml | 55 +++++++++++--------- handlers/main.yml | 5 ++ tasks/Debian/install-agent2.yml | 66 ++++++++++++++++++++++++ tasks/Debian/install-db.yml | 73 ++++++++++++++++++++++++++ tasks/Debian/install-front.yml | 41 +++++++++++++++ tasks/Debian/install-proxy.yml | 91 +++++++++++++++++++++++++++++++++ tasks/Debian/install-srv.yml | 53 +++++++++++++++++++ tasks/RedHat/install-agent2.yml | 66 ++++++++++++++++++++++++ tasks/RedHat/install-db.yml | 75 +++++++++++++++++++++++++++ tasks/RedHat/install-srv.yml | 53 +++++++++++++++++++ tasks/main.yml | 53 +++++++++---------- templates/keepalived.conf.j2 | 22 ++++++++ templates/zabbix_front.conf.j2 | 67 ++++++++++++++++++++++++ vars/Debian.yml | 47 +++++++++++++++++ vars/RedHat.yml | 28 ++++++++++ 15 files changed, 741 insertions(+), 54 deletions(-) create mode 100644 tasks/Debian/install-agent2.yml create mode 100644 tasks/Debian/install-db.yml create mode 100644 tasks/Debian/install-front.yml create mode 100644 tasks/Debian/install-proxy.yml create mode 100644 tasks/Debian/install-srv.yml create mode 100644 tasks/RedHat/install-agent2.yml create mode 100644 tasks/RedHat/install-db.yml create mode 100644 tasks/RedHat/install-srv.yml create mode 100644 templates/keepalived.conf.j2 create mode 100644 templates/zabbix_front.conf.j2 create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml diff --git a/defaults/main.yml b/defaults/main.yml index 40b657b..4ffdbc2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,36 @@ --- # defaults file for zabbix + +Debian: + repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb + db: + packages: + - postgresql-contrib + - postgresql + - python3-psycopg2 + - zabbix-sql-scripts + - zabbix-agent2 + srv: + packages: + - zabbix-server-pgsql + - zabbix-agent2 + front: + packages: + - zabbix-frontend-php + - php8.4-pgsql + - zabbix-nginx-conf + - nginx + - zabbix-agent2 + proxy: + packages: + - mariadb-server + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2 + agent: + packages: + - zabbix-agent2 + rhel_db_packages: - postgresql-server - postgresql @@ -27,32 +58,8 @@ rhel_proxy_packages: - zabbix-sql-scripts - zabbix-agent2 -debian_db_packages: - - postgresql-contrib - - postgresql - - python3-psycopg2 - - zabbix-sql-scripts - - zabbix-agent2 -debian_srv_packages: - - zabbix-server-pgsql - - zabbix-agent2 -debian_proxy_packages: - - mariadb-server - - zabbix-proxy-mysql - - zabbix-sql-scripts - - zabbix-agent2 - -debian_agent_packages: - - zabbix-agent2 - -debian_front_packages: - - zabbix-frontend-php - - php8.4-pgsql - - zabbix-nginx-conf - - nginx - - zabbix-agent2 roles_cibles: ['srv', 'proxy'] diff --git a/handlers/main.yml b/handlers/main.yml index a5a5b8e..52f627b 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -23,4 +23,9 @@ - name: Restart Zabbix Agent2 service: name: zabbix-agent2 + state: restarted + +- name: Restart Keepalived + service: + name: keepalived state: restarted \ No newline at end of file diff --git a/tasks/Debian/install-agent2.yml b/tasks/Debian/install-agent2.yml new file mode 100644 index 0000000..4b6dbd4 --- /dev/null +++ b/tasks/Debian/install-agent2.yml @@ -0,0 +1,66 @@ + +- name: Agent2 - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ agent.packages }}" + tags: + - install_agent + +- name: Agent2 - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', roles_cibles) | + map(attribute='inventory_hostname') | + list }} + +- name: Agent2 - Generate Server List + set_fact: + Server: "{{ hotes_filtres | join(',') }}" + +- name: Agent2 - Generate ActiveServer List + set_fact: + ServerActive: "{{ hotes_filtres | join(';') }}" + +- name: Agent2 - Generate agent2 config + ansible.builtin.template: + src: zabbix_agent2.conf.j2 + dest: /etc/zabbix/zabbix_agent2.conf + owner: zabbix + group: zabbix + mode: 0640 + +- name: Agent2 - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Agent2 - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca }}.crt" + - "{{ zabbix_agent }}.crt" + - "{{ zabbix_agent }}.key" + when: zabbix_crypt=="tls" + +- name: Enable and start service zabbix agent2 + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-agent2 diff --git a/tasks/Debian/install-db.yml b/tasks/Debian/install-db.yml new file mode 100644 index 0000000..5768078 --- /dev/null +++ b/tasks/Debian/install-db.yml @@ -0,0 +1,73 @@ +- name: Database - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ db.packages }}" + tags: + - install_db + when: ansible_os_family == "Debian" + +- name: Database - Enable and start service postgresl + ansible.builtin.service: + name: postgresql + state: started + enabled: yes + tags: + - install_db + +- name: Database - Generate create db script + ansible.builtin.template: + src: create_db.j2 + dest: /tmp/create_db.sql + owner: postgres + tags: + - install_db + +- name: Database - Create DB + ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql' + tags: + - install_db + +- name: Database - Add zabbix user to pg_hba + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + insertafter: '# Database administrative login by Unix domain socket' + line: "local {{ db_name }} {{ db_user }} trust" + firstmatch: yes + state: present + +- name: Database - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' + lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5" + state: present + loop: "{{ groups[my_group] }}" + when: + - hostvars[item].role is defined + - hostvars[item].role == 'srv' or hostvars[item].role == 'front' + - hostvars[item]['ansible_default_ipv4'] is defined + +- name: Database - Configure postgres Listen address + ansible.builtin.lineinfile: + path: /etc/postgresql/17/main/postgresql.conf + regexp: '^#listen_addresses = .*' + line: "listen_addresses = '*'" + tags: + - install_db + + +- name: Database - Restart postgresql + service: + name: postgresql + state: restarted + tags: + - install_db + +- name: Database - Populate zabbix database + ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix' + tags: + - install_db \ No newline at end of file diff --git a/tasks/Debian/install-front.yml b/tasks/Debian/install-front.yml new file mode 100644 index 0000000..60aba64 --- /dev/null +++ b/tasks/Debian/install-front.yml @@ -0,0 +1,41 @@ +- name: Front - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ front.packages }}" + tags: + - install_front + +- name: Front - Configure nginx port + ansible.builtin.lineinfile: + path: /etc/zabbix/nginx.conf + regexp: 'listen 8080;' + line: " listen 80;" + tags: + - install_front + +# - name: Front - Setup +# ansible.builtin.template: +# src: zabbix_front.conf.j2 +# dest: /etc/zabbix/web/zabbix.conf.php +# owner: www-data +# group: www-data +# mode: 0600 + +- name: Front - Configure nginx url + ansible.builtin.lineinfile: + path: /etc/zabbix/nginx.conf + regexp: 'server_name example.com;' + line: " server_name {{ inventory_hostname }};" + tags: + - install_front + notify: Restart nginx + +- name: Front - Configure keepalived + ansible.builtin.template: + src: keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + owner: root + group: root + mode: 0644 + notify: Restart Keepalived diff --git a/tasks/Debian/install-proxy.yml b/tasks/Debian/install-proxy.yml new file mode 100644 index 0000000..2417b0e --- /dev/null +++ b/tasks/Debian/install-proxy.yml @@ -0,0 +1,91 @@ +- name: Proxy - Install Debian Proxy packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ proxy.packages }}" + tags: + - install_proxy + when: ansible_os_family == "Debian" + + +- name: Proxy - Enable and start service mariadb + ansible.builtin.service: + name: mariadb + state: started + enabled: yes + tags: + - install_proxy + +- name: Proxy - Generate mariadb proxy creation script + ansible.builtin.template: + src: create_proxy_db.j2 + dest: /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Create mariadb proxy database + ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql + tags: + - install_proxy + +- name: Proxy - Populate mariadb proxy database + ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}' + tags: + - install_proxy + +- name: Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Proxy - Génération la liste des servers + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', 'srv') | + map(attribute='inventory_hostname') | + list }} + +- name: Proxy - Set fact Server + set_fact: + Server: "{{ hotes_filtres | join(';') }}" + +- name: Proxy - Generate config + ansible.builtin.template: + src: zabbix_proxy.conf.j2 + dest: /etc/zabbix/zabbix_proxy.conf + owner: root + group: zabbix + mode: 400 + + tags: + - install_proxy + +- name: Proxy - Create certificats directory + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Proxy - Copy certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_proxy}}.crt" + - "{{ zabbix_proxy}}.key" + when: zabbix_crypt=="tls" + +- name: Proxy - Enable and start service zabbix proxy + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-proxy \ No newline at end of file diff --git a/tasks/Debian/install-srv.yml b/tasks/Debian/install-srv.yml new file mode 100644 index 0000000..5c55607 --- /dev/null +++ b/tasks/Debian/install-srv.yml @@ -0,0 +1,53 @@ +- name: Server - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ srv.packages }}" + tags: + - install_srv + when: ansible_os_family == "Debian" + +- name: Server - Generate srv config + ansible.builtin.template: + src: zabbix_server.conf.j2 + dest: /etc/zabbix/zabbix_server.conf + owner: zabbix + group: zabbix + mode: 0640 + tags: + - install_srv + +- name: Server - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_server}}.crt" + - "{{ zabbix_server}}.key" + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server -Enable and start service zabbix server + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-server + tags: + - install_srv \ No newline at end of file diff --git a/tasks/RedHat/install-agent2.yml b/tasks/RedHat/install-agent2.yml new file mode 100644 index 0000000..4b6dbd4 --- /dev/null +++ b/tasks/RedHat/install-agent2.yml @@ -0,0 +1,66 @@ + +- name: Agent2 - Install packages + ansible.builtin.apt: + name: "{{ item }}" + state: latest + loop: "{{ agent.packages }}" + tags: + - install_agent + +- name: Agent2 - Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles + set_fact: + hotes_filtres: >- + {{ groups[my_group] | + map('extract', hostvars) | + selectattr('role', 'in', roles_cibles) | + map(attribute='inventory_hostname') | + list }} + +- name: Agent2 - Generate Server List + set_fact: + Server: "{{ hotes_filtres | join(',') }}" + +- name: Agent2 - Generate ActiveServer List + set_fact: + ServerActive: "{{ hotes_filtres | join(';') }}" + +- name: Agent2 - Generate agent2 config + ansible.builtin.template: + src: zabbix_agent2.conf.j2 + dest: /etc/zabbix/zabbix_agent2.conf + owner: zabbix + group: zabbix + mode: 0640 + +- name: Agent2 - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + +- name: Agent2 - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca }}.crt" + - "{{ zabbix_agent }}.crt" + - "{{ zabbix_agent }}.key" + when: zabbix_crypt=="tls" + +- name: Enable and start service zabbix agent2 + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-agent2 diff --git a/tasks/RedHat/install-db.yml b/tasks/RedHat/install-db.yml new file mode 100644 index 0000000..5fb32a0 --- /dev/null +++ b/tasks/RedHat/install-db.yml @@ -0,0 +1,75 @@ + + +- name: Install RHEL packages + ansible.builtin.dnf: + name: "{{ item }}" + state: latest + loop: "{{ db.packages }}" + tags: + - install_db + when: ansible_os_family == "RedHat" + +- name: Enable and start service postgresl + ansible.builtin.service: + name: postgresql + state: started + enabled: yes + tags: + - install_db + +- name: Generate create db script + ansible.builtin.template: + src: create_db.j2 + dest: /tmp/create_db.sql + owner: postgres + tags: + - install_db + +- name: Run create db script + ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql' + tags: + - install_db + +- name: Add zabbix user to pg_hba + ansible.builtin.lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + insertafter: '# Database administrative login by Unix domain socket' + line: "local {{ db_name }} {{ db_user }} trust" + firstmatch: yes + state: present + +- name: Find Group + set_fact: + my_group: "{{ group_names | first }}" + +- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv' + lineinfile: + path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf + line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5" + state: present + loop: "{{ groups[my_group] }}" + when: + - hostvars[item].role is defined + - hostvars[item].role == 'srv' or hostvars[item].role == 'front' + - hostvars[item]['ansible_default_ipv4'] is defined + +- name: Configure postgres Listen address + ansible.builtin.lineinfile: + path: /etc/postgresql/17/main/postgresql.conf + regexp: '^#listen_addresses = .*' + line: "listen_addresses = '*'" + tags: + - install_db + + +- name: Restart postgresql + service: + name: postgresql + state: restarted + tags: + - install_db + +- name: Populate zabbix database + ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix' + tags: + - install_db \ No newline at end of file diff --git a/tasks/RedHat/install-srv.yml b/tasks/RedHat/install-srv.yml new file mode 100644 index 0000000..9ec54f7 --- /dev/null +++ b/tasks/RedHat/install-srv.yml @@ -0,0 +1,53 @@ +- name: Server - Install packages + ansible.builtin.dnf: + name: "{{ item }}" + state: latest + loop: "{{ srv.packages }}" + tags: + - install_srv + when: ansible_os_family == "RedHat" + +- name: Server - Generate srv config + ansible.builtin.template: + src: zabbix_server.conf.j2 + dest: /etc/zabbix/zabbix_server.conf + owner: zabbix + group: zabbix + mode: 0640 + tags: + - install_srv + +- name: Server - Create cert directory if zabbix_crypt=="tls" + ansible.builtin.file: + path: "/etc/zabbix/certs" + state: directory + recurse: yes + owner: zabbix + group: zabbix + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server - Copy Certificats + ansible.builtin.copy: + src: "{{ item }}" + dest: "/etc/zabbix/certs/{{ item }}" + owner: zabbix + group: zabbix + loop: + - "{{ zabbix_ca}}.crt" + - "{{ zabbix_server}}.crt" + - "{{ zabbix_server}}.key" + when: zabbix_crypt=="tls" + tags: + - install_srv + +- name: Server -Enable and start service zabbix server + ansible.builtin.service: + name: "{{ item }}" + state: restarted + enabled: true + loop: + - zabbix-server + tags: + - install_srv \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 914d983..9bf8fce 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,73 +2,66 @@ # tasks file for zabbix - name: check OS version debug: var=ansible_os_family + +- name: include os variables + include_vars: "{{ansible_os_family}}.yml" + tags: always + - name: Prepare RHEL block: - name: Alma Repo ansible.builtin.shell: - cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm + cmd: "rpm -Uvh {{repo}}" - name: disable firewall ansible.builtin.service: - name: firewalld - state: stopped - enabled: false + name: firewalld + state: stopped + enabled: false - name: clean repo ansible.builtin.shell: cmd: dnf clean all when: ansible_os_family == "RedHat" + - name: Prepare Debian block: - name: Debian Repo ansible.builtin.apt: - deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb + deb: "{{repo}}" - name: Mise à jour le cache des paquets ansible.builtin.apt: update_cache: yes when: ansible_os_family == "Debian" - -- name: Install Database +- name: Database - Install when: role == "db" block: - name: Install Zabbix DB - ansible.builtin.include_tasks: install-db.yml + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml" when: role == "db" - tags: - - database tags: - install_db -- name: Install server +- name: Server - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml" when: role == "srv" - block: - - name: Install Zabbix Server - ansible.builtin.include_tasks: install-srv.yml - when: role == "srv" tags: - install_srv -- name: Install zabbix_proxy - when: role == "proxy" - block: - - name: Install Zabbix Proxy - ansible.builtin.include_tasks: install-proxy.yml - when: role == "proxy" +- name: Proxy - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml" tags: - install_proxy + when: role == "proxy" -- name: Install Front - when: role == "front" - block: - - name: Install Zabbix Front - ansible.builtin.include_tasks: install-front.yml - when: role == "front" + +- name: Front - Install + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml" + when: role == "srv" tags: - install_front - name: Install Agent - block: - - name: Install Zabbix Agent - ansible.builtin.include_tasks: install-agent2.yml + ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml" tags: - install_agent - never \ No newline at end of file diff --git a/templates/keepalived.conf.j2 b/templates/keepalived.conf.j2 new file mode 100644 index 0000000..76d1de3 --- /dev/null +++ b/templates/keepalived.conf.j2 @@ -0,0 +1,22 @@ +vrrp_track_process track_nginx { + process nginx + weight 10 +} + +vrrp_instance VI_1 { + state {{ keepalived.state }} + interface {{ansible_default_ipv4.interface}} + virtual_router_id 51 + priority {{ keepalived.priority }} + advert_int 1 + authentication { + auth_type PASS + auth_pass 12345 + } + virtual_ipaddress { + {{ vip_address }} + } + track_process { + track_nginx + } +} \ No newline at end of file diff --git a/templates/zabbix_front.conf.j2 b/templates/zabbix_front.conf.j2 new file mode 100644 index 0000000..8c405c6 --- /dev/null +++ b/templates/zabbix_front.conf.j2 @@ -0,0 +1,67 @@ +?php +// Zabbix GUI configuration file. + +$DB['TYPE'] = 'POSTGRESQL'; +$DB['SERVER'] = '{{db_host}}'; +$DB['PORT'] = '0'; +$DB['DATABASE'] = 'zabbix'; +$DB['USER'] = ''; +$DB['PASSWORD'] = ''; + +// Schema name. Used for PostgreSQL. +$DB['SCHEMA'] = ''; + +// Used for TLS connection. +$DB['ENCRYPTION'] = false; +$DB['KEY_FILE'] = ''; +$DB['CERT_FILE'] = ''; +$DB['CA_FILE'] = ''; +$DB['VERIFY_HOST'] = false; +$DB['CIPHER_LIST'] = ''; + +// Vault configuration. Used if database credentials are stored in Vault secrets manager. +{% if Vault is defined %} +$DB['VAULT'] = '{{Vault}}'; +$DB['VAULT_URL'] = '{{VaultURL}}'; +$DB['VAULT_PREFIX'] = '{{VaultPrefix}}'; +$DB['VAULT_DB_PATH'] = '{{VaultDBPath}}'; +$DB['VAULT_TOKEN'] = '{{VaultToken}}'; +$DB['VAULT_CERT_FILE'] = ''; +$DB['VAULT_KEY_FILE'] = ''; +// Uncomment to bypass local caching of credentials. +// $DB['VAULT_CACHE'] = true; +{% endif %} +// Uncomment and set to desired values to override Zabbix hostname/IP and port. +// $ZBX_SERVER = ''; +// $ZBX_SERVER_PORT = ''; + +$ZBX_SERVER_NAME = 'zserver02.bv.stef.lan'; + +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; + +// Uncomment this block only if you are using Elasticsearch. +// Elasticsearch url (can be string if same url is used for all types). +//$HISTORY['url'] = [ +// 'uint' => 'http://localhost:9200', +// 'text' => 'http://localhost:9200' +//]; +// Value types stored in Elasticsearch. +//$HISTORY['types'] = ['uint', 'text']; + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +//$SSO['SP_KEY'] = 'conf/certs/sp.key'; +//$SSO['SP_CERT'] = 'conf/certs/sp.crt'; +//$SSO['IDP_CERT'] = 'conf/certs/idp.crt'; +//$SSO['SETTINGS'] = []; + +// If set to false, support for HTTP authentication will be disabled. +// $ALLOW_HTTP_AUTH = true; + +$ZBX_SERVER_TLS['ACTIVE'] = '0'; +$ZBX_SERVER_TLS['CA_FILE'] = ''; +$ZBX_SERVER_TLS['KEY_FILE'] = ''; +$ZBX_SERVER_TLS['CERT_FILE'] = ''; +$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = ''; +$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = ''; + diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..2aeca8d --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,47 @@ +--- +# defaults file for zabbix +repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb +db: + packages: + - postgresql-contrib + - postgresql + - python3-psycopg2 + - zabbix-sql-scripts + - zabbix-agent2 +srv: + packages: + - zabbix-server-pgsql + - zabbix-agent2 +front: + packages: + - zabbix-frontend-php + - php8.4-pgsql + - zabbix-nginx-conf + - nginx + - zabbix-agent2 + - keepalived +proxy: + packages: + - mariadb-server + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2 +agent: + packages: + - zabbix-agent2 + + +roles_cibles: ['srv', 'proxy'] + +db_name: zabbix +db_user: zabbix +db_passwd: zabbix + +proxy_db_name: zabbix_proxy +proxy_db_user: zabbix_proxy +proxy_db_passwd: zabbix_proxy + +zabbix_ca: zabbix_ca +zabbix_server: zabbix_server +zabbix_proxy: zabbix_proxy +zabbix_agent: zabbix_agent \ No newline at end of file diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..4e2145b --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,28 @@ +repo: +db: + packages: + - postgresql-server + - postgresql + - postgresql-plpython3 + - zabbix-agent2 + +srv: + packages: + - zabbix-server-pgsql + - zabbix-sql-scripts + - zabbix-selinux-policy + - zabbix-agent2 +agent: + packages: + - zabbix-agent2 +front: + packages: + - zabbix-web-pgsql + - zabbix-nginx-conf + - zabbix-agent2 +proxy: + packages: + - mariadb + - zabbix-proxy-mysql + - zabbix-sql-scripts + - zabbix-agent2