stef
/
role_zabbix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: stef:3dcc57ff2cf3571f524290ac64b971e073c5b41d
Branches Tags
stef:main
..
compare: stef:1e354a88bdf13b234d0ce445c001258cfcd21c13
Branches Tags
stef:main

No commits in common. "3dcc57ff2cf3571f524290ac64b971e073c5b41d" and "1e354a88bdf13b234d0ce445c001258cfcd21c13" have entirely different histories.
3dcc57ff2c ... 1e354a88bd

9 changed files with 399 additions and 17 deletions
Show Stats Expand all files Collapse all files

18
README.md
View File

@ -146,23 +146,7 @@ Exemple Inventory
role: proxy role: proxy
Example Playbook Example Playbook
------------------- ----------------
Fichier playbooks/zabbix.yml:
```
- name: Install zabbix on hosts
hosts:
- zabbix_instance01
- zabbix_instance02
become: true
roles:
- zabbix
```
Exemple de déploiement
```
ansible-playbook playbooks/zabbix.yml --limit zabbix_instance01
```

10
files/zabbix_proxy.key 100644
View File

@ -0,0 +1,10 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBlgrJJI/T9N2pOj5pFrMfuDaYboRfqckR2U0NnOVpqgUBLyVzQK+l
s7iNnopgtqPEUI6zRVQCMAEII0Relhoc7+egBwYFK4EEACOhgYkDgYYABACasAU1
6MClAB06k8lQG2hn6CUJCBKhjOcIRZqL1L5PdWprqnKfYdioOgzHfIlgikBrGryI
66wj3SMWwtOBpZXg3wDcPRLSDDkwZa0hjCQfUHqO1wPQKN8sfnY1X41LXz4RrV79
OLEbw1zvbAvG+Z0yIlNnEFtP/vAapciWFaUUChSarg==
-----END EC PRIVATE KEY-----

14
files/zabbix_server.crt 100644
View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICKTCCAYugAwIBAgIUZxhmpvLrqv/1ePzPg28YX/V3q5UwCgYIKoZIzj0EAwMw
ITELMAkGA1UEBhMCRlIxEjAQBgNVBAMMCXphYmJpeF9jYTAeFw0yNjAyMTQxNzAw
MzRaFw0yNzAyMTQxNzAwMzRaMCUxCzAJBgNVBAYTAkZSMRYwFAYDVQQDDA16YWJi
aXhfc2VydmVyMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAQNnum/k11nyoW7yc
6LICHe+rHmv18AguNfVg/tQ1lk9DPkOYp3xC+kcZQDkazeKqxEKY9l3jzG84gxvW
qtlc4o0BvoYEEKLPiLXfKSzhkXcmyiAwXKT71t6peDIGYCnZHC8n6Hsio1UH9voA
R6+bc3/rX+xxsDn1KiJ9ibHwyYeoSgGjWjBYMB8GA1UdIwQYMBaAFCDuYWOIBppX
JTMO/GBncB6hyS1bMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMB0GA1UdDgQWBBQ+
1/AYNQleyhffJLBauHtkqwYu0TAKBggqhkjOPQQDAwOBiwAwgYcCQQf2/5hVMbPP
L18i8VzeSZvNu+hqho0zGqTMY7oCekbEH6J4w+QQqslr9ps+9d+ce3nuQtuJEIBl
1PCgaTHq5Ht7AkIBs+uzxTYQCRRvZ3CtjxYYYKLbSimqGWlnV9qMHASBxV/dskHU
nP/JzeMgJuG44HwdaeqAb1dS1PYsYkPMkdwtLcQ=
-----END CERTIFICATE-----

10
files/zabbix_server.key 100644
View File

@ -0,0 +1,10 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIBWA0qpIubCVTvFj0jmQvNl5ucVI5wngXTLwiH6R9naCscSw7fxdRN
W52RikdZnQpExdY7m7cP7oWc/rTsTOAc2wqgBwYFK4EEACOhgYkDgYYABABA2e6b
+TXWfKhbvJzosgId76sea/XwCC419WD+1DWWT0M+Q5infEL6RxlAORrN4qrEQpj2
XePMbziDG9aq2VzijQG+hgQQos+Itd8pLOGRdybKIDBcpPvW3ql4MgZgKdkcLyfo
eyKjVQf2+gBHr5tzf+tf7HGwOfUqIn2JsfDJh6hKAQ==
-----END EC PRIVATE KEY-----

76
tasks/install-agent2.yml 100644
View File

@ -0,0 +1,76 @@
- name: Install Agent2 Debian packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ debian_agent_packages }}"
tags:
- install_srv
when: ansible_os_family == "Debian"
- name: Install packages
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ rhel_agent_packages }}"
tags:
- install_srv
when: ansible_os_family == "RedHat"
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Créer la liste des hôtes correspondant aux rôles cibles
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', roles_cibles) |
map(attribute='inventory_hostname') |
list }}
- name: Generate Server List
set_fact:
Server: "{{ hotes_filtres | join(',') }}"
- name: Generate ActiveServer List
set_fact:
ServerActive: "{{ hotes_filtres | join(';') }}"
- name: Generate agent2 config
ansible.builtin.template:
src: zabbix_agent2.conf.j2
dest: /etc/zabbix/zabbix_agent2.conf
owner: zabbix
group: zabbix
mode: 0640
- name: Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca }}.crt"
- "{{ zabbix_agent }}.crt"
- "{{ zabbix_agent }}.key"
when: zabbix_crypt=="tls"
- name: Enable and start service zabbix agent2
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-agent2

84
tasks/install-db.yml 100644
View File

@ -0,0 +1,84 @@
- name: Install RHEL packages
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ rhel_db_packages }}"
tags:
- install_db
when: ansible_os_family == "RedHat"
- name: Install Debian packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ debian_db_packages }}"
tags:
- install_db
when: ansible_os_family == "Debian"
- name: Enable and start service postgresl
ansible.builtin.service:
name: postgresql
state: started
enabled: yes
tags:
- install_db
- name: Generate create db script
ansible.builtin.template:
src: create_db.j2
dest: /tmp/create_db.sql
owner: postgres
tags:
- install_db
- name: Run create db script
ansible.builtin.shell: su - postgres -c 'psql -f /tmp/create_db.sql'
tags:
- install_db
- name: Add zabbix user to pg_hba
ansible.builtin.lineinfile:
path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
insertafter: '# Database administrative login by Unix domain socket'
line: "local {{ db_name }} {{ db_user }} trust"
firstmatch: yes
state: present
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Créer les entrées pg_hba pour tous les hosts avec rôle 'srv'
lineinfile:
path: /etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf
line: "host {{ db_name }} {{ db_user }} {{ hostvars[item]['ansible_default_ipv4']['address'] }}/32 md5"
state: present
loop: "{{ groups[my_group] }}"
when:
- hostvars[item].role is defined
- hostvars[item].role == 'srv' or hostvars[item].role == 'front'
- hostvars[item]['ansible_default_ipv4'] is defined
- name: Configure postgres Listen address
ansible.builtin.lineinfile:
path: /etc/postgresql/17/main/postgresql.conf
regexp: '^#listen_addresses = .*'
line: "listen_addresses = '*'"
tags:
- install_db
- name: Restart postgresql
service:
name: postgresql
state: restarted
tags:
- install_db
- name: Populate zabbix database
ansible.builtin.shell: 'zcat /usr/share/zabbix/sql-scripts/postgresql/server.sql.gz | psql -Uzabbix zabbix'
tags:
- install_db

47
tasks/install-front.yml 100644
View File

@ -0,0 +1,47 @@
- name: Install RHEL Front
when: ansible_os_family == "RedHat"
block:
- name: Install packages
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ rhel_front_packages }}"
tags:
- install_front
- name: Generate front php config
ansible.builtin.template:
src: zabbix.conf.php.j2
dest: /usr/share/zabbix/conf/zabbix.conf.php
owner: root
group: root
mode: 644
tags:
- install_front
- name: Install Debian Front
when: ansible_os_family == "Debian"
block:
- name: Install Debian packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ debian_front_packages }}"
tags:
- install_front
- name: Configure nginx port
ansible.builtin.lineinfile:
path: /etc/zabbix/nginx.conf
regexp: 'listen 8080;'
line: " listen 80;"
tags:
- install_srv
- name: Configure nginx url
ansible.builtin.lineinfile:
path: /etc/zabbix/nginx.conf
regexp: 'server_name example.com;'
line: " server_name {{ inventory_hostname }};"
tags:
- install_srv
notify: Restart nginx

100
tasks/install-proxy.yml 100644
View File

@ -0,0 +1,100 @@
- name: Proxy - Install Debian Proxy packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ debian_proxy_packages }}"
tags:
- install_proxy
when: ansible_os_family == "Debian"
- name: Proxy - Install RedHat packages
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ rhel_proxy_packages }}"
tags:
- install_proxy
when: ansible_os_family == "RedHat"
- name: Proxy - Enable and start service mariadb
ansible.builtin.service:
name: mariadb
state: started
enabled: yes
tags:
- install_proxy
- name: Proxy - Generate mariadb proxy creation script
ansible.builtin.template:
src: create_proxy_db.j2
dest: /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Create mariadb proxy database
ansible.builtin.shell: mysql -uroot < /tmp/create_proxy_db.sql
tags:
- install_proxy
- name: Proxy - Populate mariadb proxy database
ansible.builtin.shell: 'cat /usr/share/zabbix/sql-scripts/mysql/proxy.sql | mysql --default-character-set=utf8mb4 -u{{proxy_db_user}} --password={{proxy_db_passwd}} {{proxy_db_name}}'
tags:
- install_proxy
- name: Find Group
set_fact:
my_group: "{{ group_names | first }}"
- name: Proxy - Génération la liste des servers
set_fact:
hotes_filtres: >-
{{ groups[my_group] |
map('extract', hostvars) |
selectattr('role', 'in', 'srv') |
map(attribute='inventory_hostname') |
list }}
- name: Proxy - Set fact Server
set_fact:
Server: "{{ hotes_filtres | join(';') }}"
- name: Proxy - Generate config
ansible.builtin.template:
src: zabbix_proxy.conf.j2
dest: /etc/zabbix/zabbix_proxy.conf
owner: root
group: zabbix
mode: 400
tags:
- install_proxy
- name: Proxy - Create certificats directory
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Proxy - Copy certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_proxy}}.crt"
- "{{ zabbix_proxy}}.key"
when: zabbix_crypt=="tls"
- name: Proxy - Enable and start service zabbix proxy
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-proxy

57
tasks/install-srv.yml 100644
View File

@ -0,0 +1,57 @@
- name: Install Debian packages
ansible.builtin.apt:
name: "{{ item }}"
state: latest
loop: "{{ debian_srv_packages }}"
tags:
- install_srv
when: ansible_os_family == "Debian"
- name: Install packages
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
loop: "{{ rhel_srv_packages }}"
tags:
- install_srv
when: ansible_os_family == "RedHat"
- name: Generate srv config
ansible.builtin.template:
src: zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
owner: zabbix
group: zabbix
mode: 0640
tags:
- install_srv
- name: Create cert directory if zabbix_crypt=="tls"
ansible.builtin.file:
path: "/etc/zabbix/certs"
state: directory
recurse: yes
owner: zabbix
group: zabbix
when: zabbix_crypt=="tls"
- name: Copy Certificats
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/zabbix/certs/{{ item }}"
owner: zabbix
group: zabbix
loop:
- "{{ zabbix_ca}}.crt"
- "{{ zabbix_server}}.crt"
- "{{ zabbix_server}}.key"
when: zabbix_crypt=="tls"
- name: Enable and start service zabbix server
ansible.builtin.service:
name: "{{ item }}"
state: restarted
enabled: true
loop:
- zabbix-server