[add] zabbix server & agent ansible

Ansible/roles/bootstrap/tasks/destroy.yml

@@ -2,7 +2,6 @@
 - name: Suppression du cluster k8s
   ansible.builtin.include_role:
     name: k8s
-    tasks_from: destroy
 - name: Suppression de Docker
   ansible.builtin.include_role:
     name: docker

Ansible/roles/bootstrap/tasks/main.yml

@@ -2,9 +2,20 @@
 - name: Environnement
   ansible.builtin.include_role:
     name: environment
-- name: Docker
-  ansible.builtin.include_role:
-    name: docker
+  when: inventory_hostname in lookup('inventory_hostnames', 'admin:node')
+# - name: Docker
+#   ansible.builtin.include_role:
+#     name: docker
+#   when: inventory_hostname == "bastion"
 - name: K8S
   ansible.builtin.include_role:
     name: k8s
+  when: inventory_hostname == "bastion"
+- name: Zabbix-server
+  ansible.builtin.include_role:
+    name: zabbix-server
+  when: inventory_hostname == "zabbix-server"
+- name: Zabbix-agent
+  ansible.builtin.include_role:
+    name: zabbix-agent
+  when: inventory_hostname in lookup('inventory_hostnames', 'admin:node')

Ansible/roles/docker/tasks/destroy.yml

@@ -35,3 +35,8 @@
   become: true
   community.docker.docker_login:
     state: absent
+- name: Suppression du dossier vapormap
+  become: true
+  ansible.builtin.file:
+    path: "{{VAPORMAP_DIR}}"
+    state: absent

Ansible/roles/docker/tasks/main.yml

 ---
+- name: Git clone
+  become: true
+  ansible.builtin.git:
+    repo: "https://{{USERNAME}}:{{PASSWORD}}@gitlab.imt-atlantique.fr/f21munie/vapormap.git"
+    dest: "{{VAPORMAP_DIR}}"
+  ignore_errors: true
+- name: Gestion des droits de vapormap-prod
+  become: true
+  ansible.builtin.file:
+    path: "{{VAPORMAP_DIR}}"
+    recurse: true
+    owner: "{{VAPORMAP_USER}}"
+    group: "{{VAPORMAP_GROUP}}"
+    mode: "755"
+- name: Configuration du fichier .env.front
+  become: true
+  ansible.builtin.template:
+    src: .env.front.j2
+    dest: "{{VAPORMAP_DIR}}/env/.env.front"
+    owner: "{{VAPORMAP_USER}}"
+    group: "{{VAPORMAP_GROUP}}"
+    mode: "755"
+- name: Ajout de l'IP API à la variable no_proxy
+  become: true
+  ansible.builtin.shell: export no_proxy=$no_proxy,"{{PUB_API_IP}}"
 - name: Installation docker / docker-compose
   become: true
   ansible.builtin.pip:

Ansible/roles/environment/tasks/destroy.yml

 ---
-- name: Suppression du dossier vapormap
-  become: true
-  ansible.builtin.file:
-    path: "{{VAPORMAP_DIR}}"
-    state: absent
 - name: Suppression utilisateur app-vapormap
   become: true
   ansible.builtin.user:

Ansible/roles/environment/tasks/main.yml

 ---
-- name: Mise à jour du système
-  become: true
-  ansible.builtin.apt:
-    name: "*"
-    state: latest
-    update_cache: true
+# - name: Mise à jour du système
+#   become: true
+  # ansible.builtin.apt:
+  #   name: "*"
+  #   state: latest
+  #   update_cache: true
+- name: Update apt repo and cache
+  become: true
+  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+- name: Upgrade all packages on servers
+  become: true
+  apt: upgrade=dist force_apt_get=yes
+- name: Check if a reboot is needed on all servers
+  become: true
+  register: reboot_required_file
+  stat: path=/var/run/reboot-required get_md5=no
+- name: Reboot the box if kernel updated
+  become: true
+  reboot:
+    msg: "Reboot initiated by Ansible for kernel updates"
+    connect_timeout: 5
+    reboot_timeout: 300
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: uptime
+  when: reboot_required_file.stat.exists
 - name: Groupe app-vapormap
   become: true
   ansible.builtin.group:
@@ -28,28 +48,3 @@
       - python3
       - python3-pip
     state: latest
-- name: Git clone
-  become: true
-  ansible.builtin.git:
-    repo: "https://{{USERNAME}}:{{PASSWORD}}@gitlab.imt-atlantique.fr/f21munie/vapormap.git"
-    dest: "{{VAPORMAP_DIR}}"
-  ignore_errors: true
-- name: Gestion des droits de vapormap-prod
-  become: true
-  ansible.builtin.file:
-    path: "{{VAPORMAP_DIR}}"
-    recurse: true
-    owner: "{{VAPORMAP_USER}}"
-    group: "{{VAPORMAP_GROUP}}"
-    mode: "755"
-- name: Configuration du fichier .env.front
-  become: true
-  ansible.builtin.template:
-    src: .env.front.j2
-    dest: "{{VAPORMAP_DIR}}/env/.env.front"
-    owner: "{{VAPORMAP_USER}}"
-    group: "{{VAPORMAP_GROUP}}"
-    mode: "755"
-- name: Ajout de l'IP API à la variable no_proxy
-  become: true
-  ansible.builtin.shell: export no_proxy=$no_proxy,"{{PUB_API_IP}}"

Ansible/roles/k8s/tasks/main.yml

@@ -30,9 +30,6 @@
     owner: "{{VAPORMAP_USER}}"
     group: "{{VAPORMAP_GROUP}}"
     mode: "664"
-- name: Application d'un label au node bastion
-  become: true
-  ansible.builtin.shell: sudo kubectl label nodes bastion disktype=master
 - name: Application des manifestes
   become: true
   ansible.builtin.command: sudo kubectl apply -f {{K8S_VAPORMAP_DIR}}/{{item}}

Ansible/roles/zabbix-agent/defaults/main.yml

+---
+# DB
+ZABBIX_SERVER: '192.168.1.90'
+
+HOSTNAME: '{{inventory_hostname}}'

Ansible/roles/zabbix-agent/handlers/main.yml

+---
+- name: zabbix-server restarted
+  become: true
+  ansible.builtin.service:
+    name: zabbix-server
+    state: restarted
+    enabled: true
+- name: zabbix-agent restarted
+  become: true
+  ansible.builtin.service:
+    name: zabbix-agent
+    state: restarted
+    enabled: true
+- name: apache2 restarted
+  become: true
+  ansible.builtin.service:
+    name: apache2
+    state: restarted
+    enabled: true

Ansible/roles/zabbix-agent/tasks/destroy.yml

+---

Ansible/roles/zabbix-agent/tasks/main.yml

+---
+- name: Téléchargement zabbix dépôt APT
+  become: true
+  ansible.builtin.get_url:
+    url: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
+    dest: "/home/ubuntu/zabbix-release_6.4-1+ubuntu22.04_all.deb"
+- name: Installation des packages zabbix dépôt APT / Mise à jour du système
+  become: true
+  ansible.builtin.shell: dpkg -i zabbix-release_6.4-1+ubuntu22.04_all.deb && apt update
+- name: Installation de Zabbix-agent
+  become: true
+  ansible.builtin.apt:
+    name:
+      - zabbix-agent
+    state: latest
+- name: Configuration zabbix_agentd.conf
+  become: true
+  ansible.builtin.template:
+    src: zabbix_agentd.conf.j2
+    dest: "/etc/zabbix/zabbix_agentd.conf"
+    mode: "755"
+  notify:
+    - zabbix-agent restarted

Ansible/roles/zabbix-agent/templates/zabbix_agentd.conf.j2

+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#       Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#       Specifies where log messages are written to:
+#               system  - syslog
+#               file    - file specified with LogFile parameter
+#               console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#       Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+#       Maximum size of log file in MB.
+#       0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#       Specifies debug level:
+#       0 - basic information about starting and stopping of Zabbix processes
+#       1 - critical information
+#       2 - error information
+#       3 - warnings
+#       4 - for debugging (produces lots of information)
+#       5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#       Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: AllowKey
+#       Allow execution of item keys matching pattern.
+#       Multiple keys matching rules may be defined in combination with DenyKey.
+#       Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#       Parameters are processed one by one according their appearance order.
+#       If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#       Deny execution of items keys matching pattern.
+#       Multiple keys matching rules may be defined in combination with AllowKey.
+#       Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#       Parameters are processed one by one according their appearance order.
+#       If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#       Internal alias for AllowKey/DenyKey parameters depending on value:
+#       0 - DenyKey=system.run[*]
+#       1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#       Enable logging of executed shell commands as warnings.
+#       0 - disabled
+#       1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#       List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#       Incoming connections will be accepted only from the hosts listed here.
+#       If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#       and '::/0' will allow any IPv4 or IPv6 address.
+#       '0.0.0.0/0' can be used to allow any IPv4 address.
+#       Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server={{ZABBIX_SERVER}}
+
+### Option: ListenPort
+#       Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#       List of comma delimited IP addresses that the agent should listen on.
+#       First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#       Number of pre-forked instances of zabbix_agentd that process passive checks.
+#       If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#       Zabbix server/proxy address to get active checks from.
+#       Server/proxy address is IP address or DNS name and optional port separated by colon.
+#       Multiple Zabbix servers and Zabbix proxies can be specified, separated by comma.
+#       More than one Zabbix proxy should not be specified from each Zabbix server.
+#       If Zabbix proxy is specified then Zabbix server for that proxy should not be specified.
+#       Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#       If port is not specified, default port is used.
+#       IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#       If port is not specified, square brackets for IPv6 addresses are optional.
+#       If this parameter is not specified, active checks are disabled.
+#       Example: ServerActive=127.0.0.1:20051,zabbix.example.com,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive={{ZABBIX_SERVER}}
+### Option: Hostname
+#       Unique, case sensitive hostname.
+#       Required for active checks and must match hostname as configured on the server.
+#       Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname={{HOSTNAME}}
+
+### Option: HostnameItem
+#       Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#       Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#       Optional parameter that defines host metadata.
+#       Host metadata is used at host auto-registration process.
+#       An agent will issue an error and not start if the value is over limit of 255 characters.
+#       If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#       Optional parameter that defines an item used for getting host metadata.
+#       Host metadata is used at host auto-registration process.
+#       During an auto-registration request an agent will log a warning message if
+#       the value returned by specified item is over limit of 255 characters.
+#       This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#       Optional parameter that defines host interface.
+#       Host interface is used at host auto-registration process.
+#       An agent will issue an error and not start if the value is over limit of 255 characters.
+#       If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#       Optional parameter that defines an item used for getting host interface.
+#       Host interface is used at host auto-registration process.
+#       During an auto-registration request an agent will log a warning message if
+#       the value returned by specified item is over limit of 255 characters.
+#       This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#       How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#       Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#       Maximum number of values in a memory buffer. The agent will send
+#       all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#       Maximum number of new lines the agent will send per second to Zabbix Server
+#       or Proxy processing 'log' and 'logrt' active checks.
+#       The provided value will be overridden by the parameter 'maxlines',
+#       provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#       Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#       Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#       Different Alias keys may reference the same item key.
+#       For example, to retrieve the ID of user 'zabbix':
+#       Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#       Now shorthand key zabbix.userid may be used to retrieve data.
+#       Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#       Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#       Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#       will try to switch to the user specified by the User configuration option instead.
+#       Has no effect if started under a regular user.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#       Drop privileges to a specific, existing user on the system.
+#       Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#       You may include individual files or all files in a directory in the configuration file.
+#       Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+Include=/etc/zabbix/zabbix_agentd.d/*.conf
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#       Allow all characters to be passed in arguments to user-defined parameters.
+#       The following characters are not allowed:
+#       \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#       Additionally, newline characters are not allowed.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#       User-defined parameter to monitor. There can be several user-defined parameters.
+#       Format: UserParameter=<key>,<shell command>
+#       See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#       Full path to location of agent modules.
+#       Default depends on compilation options.
+#       To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#       Module to load at agent startup. Modules are used to extend functionality of the agent.
+#       Formats:
+#               LoadModule=<module.so>
+#               LoadModule=<path/module.so>
+#               LoadModule=</abs_path/module.so>
+#       Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#       If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#       It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#       How the agent should connect to server or proxy. Used for active checks.
+#       Only one value can be specified:
+#               unencrypted - connect without encryption
+#               psk         - connect using TLS and a pre-shared key
+#               cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#       What incoming connections to accept.
+#       Multiple values can be specified, separated by comma:
+#               unencrypted - accept connections without encryption
+#               psk         - accept connections secured with TLS and a pre-shared key
+#               cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#       Full pathname of a file containing the top-level CA(s) certificates for
+#       peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#       Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#               Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#               Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#       Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#       Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#       Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#       Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#       Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#       Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#       GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#       Override the default ciphersuite selection criteria for certificate-based encryption.
+#       Example for GnuTLS:
+#               NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#       Example for OpenSSL:
+#               EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#       Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#       Override the default ciphersuite selection criteria for PSK-based encryption.
+#       Example:
+#               TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#       GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#       Override the default ciphersuite selection criteria for PSK-based encryption.
+#       Example for GnuTLS:
+#               NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#       Example for OpenSSL:
+#               kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#       Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#       Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#       Example:
+#               TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#       GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#       Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#       Example for GnuTLS:
+#               NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#       Example for OpenSSL:
+#               EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
+

Ansible/roles/zabbix-server/defaults/main.yml

+---
+# DB
+ZABBIX_DBNAME: 'zabbix'
+ZABBIX_DBUSER: 'zabbix'
+ZABBIX_DBPASS: 'zabbix'
+ZABBIX_DBHOST: 'localhost'
+
+ZABBIX_HOSTGROUP_NAME: 'vapormap'
\ No newline at end of file

Ansible/roles/zabbix-server/handlers/main.yml

+---
+- name: zabbix-server restarted
+  become: true
+  ansible.builtin.service:
+    name: zabbix-server
+    state: restarted
+    enabled: true
+- name: zabbix-agent restarted
+  become: true
+  ansible.builtin.service:
+    name: zabbix-agent
+    state: restarted
+    enabled: true
+- name: apache2 restarted
+  become: true
+  ansible.builtin.service:
+    name: apache2
+    state: restarted
+    enabled: true

Ansible/roles/zabbix-server/tasks/destroy.yml

+---

Ansible/roles/zabbix-server/tasks/main.yml

+---
+- name: Update apt repo and cache
+  become: true
+  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+- name: Upgrade all packages on servers
+  become: true
+  apt: upgrade=dist force_apt_get=yes
+- name: Check if a reboot is needed on all servers
+  become: true
+  register: reboot_required_file
+  stat: path=/var/run/reboot-required get_md5=no
+- name: Reboot the box if kernel updated
+  become: true
+  reboot:
+    msg: "Reboot initiated by Ansible for kernel updates"
+    connect_timeout: 5
+    reboot_timeout: 300
+    pre_reboot_delay: 0
+    post_reboot_delay: 30
+    test_command: uptime
+  when: reboot_required_file.stat.exists
+- name: Installation des pré-requis
+  become: true
+  ansible.builtin.apt:
+    name:
+      - git
+      - vim
+      - nano
+      - python3
+      - python3-pip
+    state: latest
+- name: Téléchargement zabbix dépôt APT
+  become: true
+  ansible.builtin.get_url:
+    url: https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
+    dest: "/home/ubuntu/zabbix-release_6.4-1+ubuntu22.04_all.deb"
+- name: Installation des packages zabbix dépôt APT / Mise à jour du système
+  become: true
+  ansible.builtin.shell: dpkg -i zabbix-release_6.4-1+ubuntu22.04_all.deb && apt update
+- name: Installation des composants Zabbix
+  become: true
+  ansible.builtin.apt:
+    name:
+      - zabbix-server-mysql
+      - zabbix-frontend-php
+      - zabbix-apache-conf
+      - zabbix-sql-scripts
+      - zabbix-agent
+    state: latest
+- name: Installation de MySQL
+  become: true
+  ansible.builtin.apt:
+    name:
+      - mysql-server
+      - php-mysql
+    state: latest
+- name: Installation pymysql
+  become: true
+  ansible.builtin.pip:
+    name:
+      - pymysql
+    state: present
+- name: Démarrage du service mysql
+  become: true
+  ansible.builtin.service:
+    name: mysql
+    state: started
+- name: Création du script mysql pour zabbix-server
+  become: true
+  ansible.builtin.template:
+    src: init_db.bash.j2
+    dest: "/home/ubuntu/init_db.bash"
+    mode: "755"
+- name: Création de la base de données / user pour zabbix-server
+  become: true
+  ansible.builtin.command: bash "/home/ubuntu/init_db.bash"
+- name: Initialisation de la DB zabbix-server
+  become: true
+  ansible.builtin.shell: zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -u {{ZABBIX_DBUSER}} -p{{ZABBIX_DBPASS}} -h {{ZABBIX_DBHOST}} zabbix
+  ignore_errors: true
+- name: Configuration Zabbix/MySQL
+  become: true
+  ansible.builtin.template:
+    src: zabbix_server.conf.j2
+    dest: "/etc/zabbix/zabbix_server.conf"
+    mode: "755"
+  notify:
+    - zabbix-server restarted
+- name: Configuration php.ini
+  become: true
+  ansible.builtin.template:
+    src: php.ini.j2
+    dest: "/etc/php/8.1/apache2/php.ini"
+    mode: "644"
+- name: Configuration Zabbix/Frontend/PHP
+  become: true
+  ansible.builtin.template:
+    src: apache.conf.j2
+    dest: "/etc/zabbix/apache.conf"
+    mode: "755"
+  notify:
+    - zabbix-server restarted
+    - zabbix-agent restarted
+    - apache2 restarted
+# - name: Creation du host group sur zabbix
+#   become: true
+#   community.zabbix.zabbix_group:
+#     state: present
+#     host_groups:
+#       - "{{ZABBIX_HOSTGROUP_NAME}}"
+#     server_url: "http://{{ansible_host}}/zabbix"
+#     login_user: admin
+#     login_password: zabbix
+# - name: Creation des hosts sur zabbix
+#   become: true
+#   community.zabbix.zabbix_host:
+#     host_name: "{{item}}"
+#     loop:
+#       - node01
+#       - node02
+#       - node03
+#     visible_name: ExampleName
+#     description: Hosts vapormap cluster
+#     host_groups:
+#       - "{{ZABBIX_HOSTGROUP_NAME}}"
+#     link_templates:
+#       - Template Linux by Zabbix agent
+#     status: enabled
+#     state: present
+#     interfaces:
+#       - type: 1
+#         ip: "{{groups['nodes'][0:][ansible_host]}}"

Ansible/roles/zabbix-server/templates/apache.conf.j2

+# Define /zabbix alias, this is the default
+<IfModule mod_alias.c>
+    Alias /zabbix /usr/share/zabbix
+</IfModule>
+
+<Directory "/usr/share/zabbix">
+    Options FollowSymLinks
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+
+    <IfModule mod_php5.c>
+        php_value max_execution_time 300
+        php_value memory_limit 128M
+        php_value post_max_size 16M
+        php_value upload_max_filesize 2M
+        php_value max_input_time 300
+        php_value max_input_vars 10000
+        php_value always_populate_raw_post_data -1
+        # php_value date.timezone Europe/Riga
+    </IfModule>
+    <IfModule mod_php7.c>
+        php_value max_execution_time 300
+        php_value memory_limit 128M
+        php_value post_max_size 16M
+        php_value upload_max_filesize 2M
+        php_value max_input_time 300
+        php_value max_input_vars 10000
+        php_value always_populate_raw_post_data -1
+        php_value date.timezone Europe/Paris
+    </IfModule>
+</Directory>
+
+<Directory "/usr/share/zabbix/conf">
+    Order deny,allow
+    Deny from all
+    <files *.php>
+        Order deny,allow
+        Deny from all
+    </files>
+</Directory>
+
+<Directory "/usr/share/zabbix/app">
+    Order deny,allow
+    Deny from all
+    <files *.php>
+        Order deny,allow
+        Deny from all
+    </files>
+</Directory>
+
+<Directory "/usr/share/zabbix/include">
+    Order deny,allow
+    Deny from all
+    <files *.php>
+        Order deny,allow
+        Deny from all
+    </files>
+</Directory>
+
+<Directory "/usr/share/zabbix/local">
+    Order deny,allow
+    Deny from all
+    <files *.php>
+        Order deny,allow
+        Deny from all
+    </files>
+</Directory>
+
+<Directory "/usr/share/zabbix/vendor">
+    Order deny,allow
+    Deny from all
+    <files *.php>
+        Order deny,allow
+        Deny from all
+    </files>
+</Directory>

Ansible/roles/zabbix-server/templates/init_db.bash.j2

+#!/bin/bash
+
+mysql -e "create database zabbix character set utf8mb4 collate utf8mb4_bin;"
+mysql -e "create user zabbix@localhost identified by 'zabbix';"
+mysql -e "grant all privileges on zabbix.* to zabbix@localhost;"
+mysql -e "set global log_bin_trust_function_creators = 1;"