Debut de separation par distribution + ajout keepalived

tasks/Debian/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/Debian/install-db.yml

@@ -0,0 +1,73 @@
+- name: Database - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "Debian" 
+
+- name: Database - Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Database - Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Database - Create DB
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Database - Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Database - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Database - Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Database - Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Database - Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/Debian/install-front.yml

@@ -0,0 +1,41 @@
+- name: Front - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ front.packages }}"
+  tags:
+    - install_front
+
+- name: Front - Configure nginx port
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'listen          8080;'
+    line: "        listen          80;"
+  tags:
+    - install_front
+
+# - name: Front - Setup
+#   ansible.builtin.template:
+#       src: zabbix_front.conf.j2
+#       dest: /etc/zabbix/web/zabbix.conf.php
+#       owner: www-data
+#       group: www-data
+#       mode: 0600 
+
+- name: Front - Configure nginx url
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'server_name     example.com;'
+    line: "        server_name     {{ inventory_hostname }};"
+  tags:
+    - install_front
+  notify: Restart nginx
+
+- name: Front - Configure keepalived
+  ansible.builtin.template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart Keepalived

tasks/Debian/install-proxy.yml

@@ -0,0 +1,91 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ proxy.packages }}"
+  tags:
+    - install_proxy
+  when: ansible_os_family == "Debian" 
+
+
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy 

tasks/Debian/install-srv.yml

@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "Debian" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+    
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv

tasks/RedHat/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/RedHat/install-db.yml

@@ -0,0 +1,75 @@
+
+
+- name: Install RHEL packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "RedHat"
+
+- name: Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Run create db script
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/RedHat/install-srv.yml

@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "RedHat" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv

tasks/main.yml

@@ -2,73 +2,66 @@
 # tasks file for zabbix
 - name: check OS version
   debug: var=ansible_os_family
+
+- name: include os variables
+  include_vars: "{{ansible_os_family}}.yml"
+  tags: always
+
 - name: Prepare RHEL
   block:
     - name: Alma Repo
       ansible.builtin.shell:
-        cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm
+        cmd: "rpm -Uvh {{repo}}"
     - name: disable firewall
       ansible.builtin.service:
-        name: firewalld
-        state: stopped
-        enabled: false
+         name: firewalld
+         state: stopped
+         enabled: false
     - name: clean repo
       ansible.builtin.shell:
         cmd: dnf clean all
   when: ansible_os_family == "RedHat"
+
 - name: Prepare Debian
   block:
   - name: Debian Repo
     ansible.builtin.apt:
-      deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+       deb: "{{repo}}"
   - name: Mise à jour le cache des paquets
     ansible.builtin.apt:
       update_cache: yes
   when: ansible_os_family == "Debian"
 
-
-- name: Install Database
+- name: Database - Install
   when: role == "db"
   block:
     - name: Install Zabbix DB
-      ansible.builtin.include_tasks: install-db.yml
+      ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml"
       when: role == "db"
-      tags:
-       - database
   tags:
     - install_db
 
-- name: Install server
+- name: Server - Install
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
   when: role == "srv"
-  block:
-    - name: Install Zabbix Server
-      ansible.builtin.include_tasks: install-srv.yml
-      when: role == "srv"
   tags:
     - install_srv
 
-- name: Install zabbix_proxy
-  when: role == "proxy"
-  block:
-    - name: Install Zabbix Proxy
-      ansible.builtin.include_tasks: install-proxy.yml
-      when: role == "proxy"
+- name: Proxy - Install
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
   tags:
     - install_proxy
+  when: role == "proxy"
 
-- name: Install Front
-  when: role == "front"
-  block:
-    - name: Install Zabbix Front
-      ansible.builtin.include_tasks: install-front.yml
-      when: role == "front"
+
+- name: Front - Install
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
+  when: role == "srv"
   tags:
     - install_front
 
 - name: Install Agent
-  block:
-    - name: Install Zabbix Agent
-      ansible.builtin.include_tasks: install-agent2.yml
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml"
   tags:
     - install_agent
     - never