search

ansible-collections / community.zabbix

Zabbix Ansible modules
http://galaxy.ansible.com/community/zabbix
Other
319 stars 276 forks source link

point release 3.0.4 breaks AutoPSK #1350

Open krauthosting opened 1 month ago

krauthosting commented 1 month ago
SUMMARY

@pyrodie18 @BGmot Hey bros, this again breaks stuff in a minor release :scream_cat:
FYI We originally contributed the whole logic behind zabbix_agent_tlspsk_auto
Again goal was security by default and avoid Zabbix's unencrypted by default.
Breaking commits came for issue #1338 via PR #1343 and released as 3.0.4

ISSUE TYPE
COMPONENT NAME

zabbix_agent role

ANSIBLE VERSION
ansible [core 2.16.8]
  config file = /home/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Mar 22 2024, 16:50:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True
OS / ENVIRONMENT / Zabbix Version

Ubuntu 22.04 LTS / Ansible Conroller / Zabbix 6.0 LTS>

STEPS TO REPRODUCE

Enabling zabbix_agent_tlspsk_auto leads now to TLSAccept=psk,unencrypted
Screenshot from 2024-07-23 16-29-31
Beside insecure defaults it also functionally breaks the zabbix_agent role:
Screenshot from 2024-07-23 16-08-56

andrew-landsverk-win commented 1 month ago

I notice this issue still affects 3.1.0.

pyrodie18 commented 1 month ago

Yep, no one has submitted a PR for it yet and me and all of the other maintainers are busy on various other things.