Debut de separation par distribution + ajout keepalived

2026-02-16 22:20:56 +00:00
parent 618c5ef1a0
commit f3855df1a8
15 changed files with 741 additions and 54 deletions
--- a/tasks/RedHat/install-agent2.yml
+++ b/tasks/RedHat/install-agent2.yml
@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2
--- a/tasks/RedHat/install-db.yml
+++ b/tasks/RedHat/install-db.yml
@@ -0,0 +1,75 @@
+
+
+- name: Install RHEL packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "RedHat"
+
+- name: Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Run create db script
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db
--- a/tasks/RedHat/install-srv.yml
+++ b/tasks/RedHat/install-srv.yml
@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "RedHat" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv