Kajot-dev
commented
2 weeks ago And using newest release 3.0.0
Closed Kajot-dev closed 1 week ago
Kajot-dev
commented
2 weeks ago And using newest release 3.0.0
Kajot-dev
commented
2 weeks ago This is even worse. Situation where zabbix_agent_tlspskfile is undefined or None is not even possible because of:
https://github.com/ansible-collections/community.zabbix/blob/45ed88b2abbaffb8869bcb102ac2ce5ed6694769/roles/zabbix_agent/tasks/psk_secret.yml#L21
Which will fail
silveraignacio
commented
2 weeks ago +1 to this!
SUMMARY
Zabbix agent role has a default value for
zabbix_agent_tlspskfileset. Then when templating.conffile https://github.com/ansible-collections/community.zabbix/blob/45ed88b2abbaffb8869bcb102ac2ce5ed6694769/roles/zabbix_agent/templates/agent.conf.j2#L138There is only check whether this variable is not defined or null. This leads to invalid configuration when using
zabbix_agent_tlsconnectorzabbix_agent_tlsacceptis set to for examplecert:ISSUE TYPE
COMPONENT NAME
Zabbix agent role
ANSIBLE VERSION
OS / ENVIRONMENT / Zabbix Version
Zabbix 7.0
STEPS TO REPRODUCE
Try to configure zabbix agent with the role using "cert" mode. Role completes successfully but zabbix-agent2 service fails instantly
EXPECTED RESULTS
TLSPSKFile is not set when
zabbix_agent_tlsconnectand/orzabbix_agent_tlsconnectis set to something different thanpsk.ACTUAL RESULTS