Debut de separation par distribution + ajout keepalived

defaults/main.yml

@@ -1,5 +1,36 @@
 ---
 # defaults file for zabbix
+
+Debian: 
+  repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+  db: 
+    packages:
+      - postgresql-contrib
+      - postgresql
+      - python3-psycopg2
+      - zabbix-sql-scripts 
+      - zabbix-agent2 
+  srv:
+    packages:  
+      - zabbix-server-pgsql 
+      - zabbix-agent2
+  front:
+    packages:
+      - zabbix-frontend-php 
+      - php8.4-pgsql 
+      - zabbix-nginx-conf 
+      - nginx
+      - zabbix-agent2
+  proxy:
+    packages:
+      - mariadb-server
+      - zabbix-proxy-mysql 
+      - zabbix-sql-scripts
+      - zabbix-agent2
+  agent:
+    packages: 
+      - zabbix-agent2
+
 rhel_db_packages:
   - postgresql-server
   - postgresql
@@ -27,32 +58,8 @@ rhel_proxy_packages:
   - zabbix-sql-scripts
   - zabbix-agent2
 
-debian_db_packages:
-  - postgresql-contrib
-  - postgresql
-  - python3-psycopg2
-  - zabbix-sql-scripts 
-  - zabbix-agent2
 
-debian_srv_packages:
-  - zabbix-server-pgsql 
-  - zabbix-agent2
 
-debian_proxy_packages:
-  - mariadb-server
-  - zabbix-proxy-mysql 
-  - zabbix-sql-scripts
-  - zabbix-agent2
-
-debian_agent_packages:
-  - zabbix-agent2
-
-debian_front_packages:
-  - zabbix-frontend-php 
-  - php8.4-pgsql 
-  - zabbix-nginx-conf 
-  - nginx
-  - zabbix-agent2
 
 roles_cibles: ['srv', 'proxy']
 

handlers/main.yml

@@ -23,4 +23,9 @@
 - name: Restart Zabbix Agent2
   service:
     name: zabbix-agent2
+    state: restarted
+
+- name: Restart Keepalived
+  service:
+    name: keepalived
     state: restarted

tasks/Debian/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/Debian/install-db.yml

@@ -0,0 +1,73 @@
+- name: Database - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "Debian" 
+
+- name: Database - Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Database - Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Database - Create DB
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Database - Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Database - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Database - Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Database - Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Database - Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Database - Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/Debian/install-front.yml

@@ -0,0 +1,41 @@
+- name: Front - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ front.packages }}"
+  tags:
+    - install_front
+
+- name: Front - Configure nginx port
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'listen          8080;'
+    line: "        listen          80;"
+  tags:
+    - install_front
+
+# - name: Front - Setup
+#   ansible.builtin.template:
+#       src: zabbix_front.conf.j2
+#       dest: /etc/zabbix/web/zabbix.conf.php
+#       owner: www-data
+#       group: www-data
+#       mode: 0600 
+
+- name: Front - Configure nginx url
+  ansible.builtin.lineinfile:
+    path: /etc/zabbix/nginx.conf
+    regexp: 'server_name     example.com;'
+    line: "        server_name     {{ inventory_hostname }};"
+  tags:
+    - install_front
+  notify: Restart nginx
+
+- name: Front - Configure keepalived
+  ansible.builtin.template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart Keepalived

tasks/Debian/install-proxy.yml

@@ -0,0 +1,91 @@
+- name: Proxy - Install Debian Proxy packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ proxy.packages }}"
+  tags:
+    - install_proxy
+  when: ansible_os_family == "Debian" 
+
+
+- name: Proxy - Enable and start service mariadb
+  ansible.builtin.service:
+    name: mariadb
+    state: started
+    enabled: yes
+  tags:
+    - install_proxy
+
+- name: Proxy - Generate mariadb proxy creation script
+  ansible.builtin.template:
+    src: create_proxy_db.j2
+    dest: /tmp/create_proxy_db.sql
+  tags:
+    - install_proxy
+
+- name: Proxy - Create mariadb proxy database
+  ansible.builtin.shell: mysql -uroot <  /tmp/create_proxy_db.sql
+  tags:
+   - install_proxy
+
+- name: Proxy - Populate mariadb proxy database
+  ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
+  tags:
+   - install_proxy
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Proxy - Génération la liste des servers
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', 'srv') |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Proxy - Set fact Server
+  set_fact:
+    Server: "{{ hotes_filtres | join(';') }}"
+
+- name: Proxy - Generate config
+  ansible.builtin.template:
+      src: zabbix_proxy.conf.j2
+      dest: /etc/zabbix/zabbix_proxy.conf
+      owner: root
+      group: zabbix
+      mode: 400
+      
+  tags:
+    - install_proxy
+    
+- name: Proxy - Create certificats directory
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Copy certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_proxy}}.crt"
+    - "{{ zabbix_proxy}}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Proxy - Enable and start service zabbix proxy
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-proxy 

tasks/Debian/install-srv.yml

@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "Debian" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+    
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv

tasks/RedHat/install-agent2.yml

@@ -0,0 +1,66 @@
+
+- name: Agent2 -  Install packages
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ agent.packages }}"
+  tags:
+    - install_agent
+ 
+- name: Agent2 - Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Agent2 - Créer la liste des hôtes correspondant aux rôles cibles
+  set_fact:
+    hotes_filtres: >-
+      {{ groups[my_group] |
+      map('extract', hostvars) |
+      selectattr('role', 'in', roles_cibles) |
+      map(attribute='inventory_hostname') |
+      list }}
+
+- name: Agent2 - Generate Server List
+  set_fact:
+    Server: "{{ hotes_filtres | join(',') }}"
+
+- name: Agent2 - Generate ActiveServer List
+  set_fact:
+    ServerActive: "{{ hotes_filtres | join(';') }}"
+
+- name: Agent2 - Generate agent2 config
+  ansible.builtin.template:
+      src: zabbix_agent2.conf.j2
+      dest: /etc/zabbix/zabbix_agent2.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640
+
+- name: Agent2 - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+   
+- name: Agent2 - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca }}.crt"
+    - "{{ zabbix_agent }}.crt"
+    - "{{ zabbix_agent }}.key"
+  when: zabbix_crypt=="tls"
+
+- name: Enable and start service zabbix agent2
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-agent2

tasks/RedHat/install-db.yml

@@ -0,0 +1,75 @@
+
+
+- name: Install RHEL packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ db.packages }}"
+  tags:
+    - install_db
+  when: ansible_os_family == "RedHat"
+
+- name: Enable and start service postgresl
+  ansible.builtin.service:
+    name: postgresql
+    state: started
+    enabled: yes
+  tags:
+    - install_db
+
+- name: Generate create db script
+  ansible.builtin.template:
+    src: create_db.j2
+    dest: /tmp/create_db.sql
+    owner: postgres
+  tags:
+    - install_db
+
+- name: Run create db script
+  ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
+  tags:
+   - install_db
+
+- name: Add zabbix user to pg_hba
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    insertafter: '# Database administrative login by Unix domain socket'
+    line: "local   {{ db_name }}          {{ db_user }}           trust"
+    firstmatch: yes
+    state: present
+
+- name: Find Group
+  set_fact:
+    my_group:  "{{ group_names | first }}"
+
+- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
+  lineinfile:
+    path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
+    line: "host    {{ db_name }}          {{ db_user }}    {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32       md5"
+    state: present
+  loop: "{{ groups[my_group] }}"
+  when: 
+    - hostvars[item].role is defined
+    - hostvars[item].role == 'srv' or hostvars[item].role == 'front'
+    - hostvars[item]['ansible_default_ipv4'] is defined
+
+- name: Configure postgres Listen address
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/17/main/postgresql.conf
+    regexp: '^#listen_addresses = .*'
+    line: "listen_addresses = '*'"
+  tags:
+   - install_db
+
+
+- name: Restart postgresql
+  service:
+    name: postgresql
+    state: restarted
+  tags:
+   - install_db
+
+- name: Populate zabbix database
+  ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
+  tags:
+   - install_db

tasks/RedHat/install-srv.yml

@@ -0,0 +1,53 @@
+- name: Server - Install packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: latest
+  loop: "{{ srv.packages }}"
+  tags:
+    - install_srv
+  when: ansible_os_family == "RedHat" 
+
+- name: Server - Generate srv config
+  ansible.builtin.template:
+      src: zabbix_server.conf.j2
+      dest: /etc/zabbix/zabbix_server.conf
+      owner: zabbix
+      group: zabbix
+      mode: 0640 
+  tags:
+    - install_srv
+
+- name: Server - Create cert directory if zabbix_crypt=="tls"
+  ansible.builtin.file:
+    path:  "/etc/zabbix/certs"
+    state: directory
+    recurse: yes
+    owner: zabbix
+    group: zabbix
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server - Copy Certificats
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/etc/zabbix/certs/{{ item }}"
+    owner: zabbix
+    group: zabbix
+  loop:
+    - "{{ zabbix_ca}}.crt"
+    - "{{ zabbix_server}}.crt"
+    - "{{ zabbix_server}}.key"
+  when: zabbix_crypt=="tls"
+  tags:
+    - install_srv
+
+- name: Server -Enable and start service zabbix server
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: true
+  loop: 
+    - zabbix-server
+  tags:
+    - install_srv

tasks/main.yml

@@ -2,73 +2,66 @@
 # tasks file for zabbix
 - name: check OS version
   debug: var=ansible_os_family
+
+- name: include os variables
+  include_vars: "{{ansible_os_family}}.yml"
+  tags: always
+
 - name: Prepare RHEL
   block:
     - name: Alma Repo
       ansible.builtin.shell:
-        cmd: rpm -Uvh https://repo.zabbix.com/zabbix/7.0/alma/9/x86_64/zabbix-release-latest.el9.noarch.rpm
+        cmd: "rpm -Uvh {{repo}}"
     - name: disable firewall
       ansible.builtin.service:
-        name: firewalld
+         name: firewalld
-        state: stopped
+         state: stopped
-        enabled: false
+         enabled: false
     - name: clean repo
       ansible.builtin.shell:
         cmd: dnf clean all
   when: ansible_os_family == "RedHat"
+
 - name: Prepare Debian
   block:
   - name: Debian Repo
     ansible.builtin.apt:
-      deb: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+       deb: "{{repo}}"
   - name: Mise à jour le cache des paquets
     ansible.builtin.apt:
       update_cache: yes
   when: ansible_os_family == "Debian"
 
-
+- name: Database - Install
-- name: Install Database
   when: role == "db"
   block:
     - name: Install Zabbix DB
-      ansible.builtin.include_tasks: install-db.yml
+      ansible.builtin.include_tasks: "{{ansible_os_family}}/install-db.yml"
       when: role == "db"
-      tags:
-       - database
   tags:
     - install_db
 
-- name: Install server
+- name: Server - Install
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-srv.yml"
   when: role == "srv"
-  block:
-    - name: Install Zabbix Server
-      ansible.builtin.include_tasks: install-srv.yml
-      when: role == "srv"
   tags:
     - install_srv
 
-- name: Install zabbix_proxy
+- name: Proxy - Install
-  when: role == "proxy"
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-proxy.yml"
-  block:
-    - name: Install Zabbix Proxy
-      ansible.builtin.include_tasks: install-proxy.yml
-      when: role == "proxy"
   tags:
     - install_proxy
+  when: role == "proxy"
 
-- name: Install Front
+
-  when: role == "front"
+- name: Front - Install
-  block:
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-front.yml"
-    - name: Install Zabbix Front
+  when: role == "srv"
-      ansible.builtin.include_tasks: install-front.yml
-      when: role == "front"
   tags:
     - install_front
 
 - name: Install Agent
-  block:
+  ansible.builtin.include_tasks: "{{ansible_os_family}}/install-agent2.yml"
-    - name: Install Zabbix Agent
-      ansible.builtin.include_tasks: install-agent2.yml
   tags:
     - install_agent
     - never

templates/keepalived.conf.j2

@@ -0,0 +1,22 @@
+vrrp_track_process track_nginx {
+    process nginx
+    weight 10
+}
+
+vrrp_instance VI_1 {
+    state {{ keepalived.state }}
+    interface {{ansible_default_ipv4.interface}}
+    virtual_router_id 51
+    priority {{ keepalived.priority }}
+    advert_int 1
+    authentication {
+        auth_type PASS
+        auth_pass 12345
+    }
+    virtual_ipaddress {
+        {{ vip_address }}
+    }
+    track_process {
+         track_nginx
+      }
+}

templates/zabbix_front.conf.j2

@@ -0,0 +1,67 @@
+?php
+// Zabbix GUI configuration file.
+
+$DB['TYPE']			= 'POSTGRESQL';
+$DB['SERVER']			= '{{db_host}}';
+$DB['PORT']			= '0';
+$DB['DATABASE']			= 'zabbix';
+$DB['USER']			= '';
+$DB['PASSWORD']			= '';
+
+// Schema name. Used for PostgreSQL.
+$DB['SCHEMA']			= '';
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= false;
+$DB['KEY_FILE']			= '';
+$DB['CERT_FILE']		= '';
+$DB['CA_FILE']			= '';
+$DB['VERIFY_HOST']		= false;
+$DB['CIPHER_LIST']		= '';
+
+// Vault configuration. Used if database credentials are stored in Vault secrets manager.
+{% if Vault is defined %}
+$DB['VAULT']			= '{{Vault}}';
+$DB['VAULT_URL']		= '{{VaultURL}}';
+$DB['VAULT_PREFIX']		= '{{VaultPrefix}}';
+$DB['VAULT_DB_PATH']		= '{{VaultDBPath}}';
+$DB['VAULT_TOKEN']		= '{{VaultToken}}';
+$DB['VAULT_CERT_FILE']		= '';
+$DB['VAULT_KEY_FILE']		= '';
+// Uncomment to bypass local caching of credentials.
+// $DB['VAULT_CACHE']		= true;
+{% endif %}
+// Uncomment and set to desired values to override Zabbix hostname/IP and port.
+// $ZBX_SERVER			= '';
+// $ZBX_SERVER_PORT		= '';
+
+$ZBX_SERVER_NAME		= 'zserver02.bv.stef.lan';
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Uncomment this block only if you are using Elasticsearch.
+// Elasticsearch url (can be string if same url is used for all types).
+//$HISTORY['url'] = [
+//	'uint' => 'http://localhost:9200',
+//	'text' => 'http://localhost:9200'
+//];
+// Value types stored in Elasticsearch.
+//$HISTORY['types'] = ['uint', 'text'];
+
+// Used for SAML authentication.
+// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
+//$SSO['SP_KEY']			= 'conf/certs/sp.key';
+//$SSO['SP_CERT']			= 'conf/certs/sp.crt';
+//$SSO['IDP_CERT']		= 'conf/certs/idp.crt';
+//$SSO['SETTINGS']		= [];
+
+// If set to false, support for HTTP authentication will be disabled.
+// $ALLOW_HTTP_AUTH = true;
+
+$ZBX_SERVER_TLS['ACTIVE'] = '0';
+$ZBX_SERVER_TLS['CA_FILE'] = '';
+$ZBX_SERVER_TLS['KEY_FILE'] = '';
+$ZBX_SERVER_TLS['CERT_FILE'] = '';
+$ZBX_SERVER_TLS['CERTIFICATE_ISSUER']  = '';
+$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = '';
+

vars/Debian.yml

@@ -0,0 +1,47 @@
+---
+# defaults file for zabbix
+repo: https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian13_all.deb
+db: 
+  packages:
+    - postgresql-contrib
+    - postgresql
+    - python3-psycopg2
+    - zabbix-sql-scripts 
+    - zabbix-agent2 
+srv:
+  packages:  
+    - zabbix-server-pgsql 
+    - zabbix-agent2
+front:
+  packages:
+    - zabbix-frontend-php 
+    - php8.4-pgsql 
+    - zabbix-nginx-conf 
+    - nginx
+    - zabbix-agent2
+    - keepalived
+proxy:
+  packages:
+    - mariadb-server
+    - zabbix-proxy-mysql 
+    - zabbix-sql-scripts
+    - zabbix-agent2
+agent:
+  packages: 
+    - zabbix-agent2
+
+
+roles_cibles: ['srv', 'proxy']
+
+db_name: zabbix
+db_user: zabbix
+db_passwd: zabbix
+
+proxy_db_name: zabbix_proxy
+proxy_db_user: zabbix_proxy
+proxy_db_passwd: zabbix_proxy
+
+zabbix_ca: zabbix_ca
+zabbix_server: zabbix_server
+zabbix_proxy: zabbix_proxy
+zabbix_agent: zabbix_agent

vars/RedHat.yml

@@ -0,0 +1,28 @@
+repo: 
+db:
+  packages:
+    - postgresql-server
+    - postgresql
+    - postgresql-plpython3
+    - zabbix-agent2
+
+srv:
+  packages:
+    - zabbix-server-pgsql 
+    - zabbix-sql-scripts 
+    - zabbix-selinux-policy
+    - zabbix-agent2
+agent:
+  packages:
+    - zabbix-agent2
+front:
+  packages:
+    - zabbix-web-pgsql 
+    - zabbix-nginx-conf 
+    - zabbix-agent2
+proxy:
+  packages:
+    - mariadb
+    - zabbix-proxy-mysql 
+    - zabbix-sql-scripts
+    - zabbix-agent2