deploy zabbix files to monitor certificates

README.md

@@ -19,6 +19,7 @@ apache_access_log: {{ apache_base_dir}}/logs/access_log
 apache_php_socket: {{ apache_base_dir }}/php-fpm.sock
 apache_use_php: true
 apache_use_ssl: true
+apache_use_zabbix: true - wether we install script to monitor certificate expiry date
 apache_use_certbot: true
 apache_stats: true
 apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem

defaults/main.yml

@@ -6,6 +6,7 @@ apache_access_log: "{{ apache_base_dir}}/logs/access_log"
 apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock"
 apache_use_php: true
 apache_use_ssl: true
+apache_use_zabbix: true
 apache_use_certbot: true
 apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
 apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"

handlers/main.yml

@@ -11,3 +11,8 @@
     name: php73-php-fpm
     state: restarted
   when: apache_restart
+
+- name: restart zabbix_agentd
+  service:
+    name: zabbix-agent
+    state: restarted

tasks/main.yml

@@ -53,3 +53,8 @@
   import_tasks: goaccess.yml
   when: apache_stats
   tags: stats
+
+- name: zabbix setup
+  import_tasks: zabbix.yml
+  when: apache_use_zabbix and apache_use_ssl
+  tags: zabbix, ssl

tasks/zabbix.yml

@@ -0,0 +1,13 @@
+---
+- name: deploy zabbix lld script
+  copy:
+    src: lld_certlist.py
+    dest: /etc/zabbix/scripts
+    group: zabbix
+    mode: 0750
+
+- name: deploy zabbix userparameter
+  copy:
+    dest: /etc/zabbix/zabbix_agentd.d/user_parameter_certificate_discovery.conf
+    content: "UserParameter=certificate.discovery,/etc/zabbix/scripts/lld_certlist.py"
+  notify: restart zabbix_agentd