search

ansible-collections / community.zabbix

Zabbix Ansible modules
http://galaxy.ansible.com/community/zabbix
Other
322 stars 284 forks source link

tls values not updating on zabbix 6.2 if host is already present #739

Closed maximko closed 2 years ago

maximko commented 2 years ago
SUMMARY

If zabbix host is already present and has encryption enabled tls_psk_identity and/or tls_psk values seems to stay the same and won't update.

ISSUE TYPE
COMPONENT NAME

community.zabbix.zabbix_host

ANSIBLE VERSION
ansible [core 2.13.1]
  config file = /Users/maxi/.ansible.cfg
  configured module search path = ['/Users/maxi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/6.0.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/maxi/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.5 (main, Jun 23 2022, 17:18:49) [Clang 12.0.0 (clang-1200.0.32.29)]
  jinja version = 3.1.2
  libyaml = True
CONFIGURATION
OS / ENVIRONMENT / Zabbix Version

Zabbix 6.2 community.zabbix a3df0f1

STEPS TO REPRODUCE

Run playbook to add host and then run playbook again to generate new psk values and update host.

    - name: generate psk identity string
      set_fact:
        psk_identity: "{{ query('community.general.random_string', override_all=hex_chars, length=16)[0] }}"
      vars:
        hex_chars: '0123456789abcdef'

    - name: generate psk string
      set_fact:
        psk: "{{ query('community.general.random_string', override_all=hex_chars, length=64)[0] }}"
      vars:
        hex_chars: '0123456789abcdef'

    - name: copy zabbix config
      template:
        src: templates/zabbix_agent2.conf.tpl
        dest: /etc/zabbix/zabbix_agent2.conf

    - name: create psk file
      copy:
        content: "{{ psk }}"
        dest: "/etc/zabbix/psk.key"

    - name: enable zabbix-agent2 service
      systemd:
        name: zabbix-agent2
        enabled: yes
        masked: no
        state: restarted

    - name: add host to zabbix
      local_action:
        module: community.zabbix.zabbix_host
        server_url: "{{ zbx_url }}"
        login_user: "{{ zbx_user }}"
        login_password: "{{ zbx_pass }}"
        host_name: "{{ DATACENTER }}.{{ ansible_nodename }}"
        visible_name: "{{ ansible_nodename }} {{ DATACENTER }}"
        host_groups:
          - Linux servers
        link_templates:
          - SSH Service
          - ICMP Ping
          - Linux by Zabbix agent
          - MD Soft RAID
          - SMART by Zabbix agent 2
        status: enabled
        state: present
        interfaces:
          - type: 1
            main: 1
            useip: 1
            ip: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}"
            dns: ""
            port: "10050"
        tls_accept: 2
        tls_connect: 2
        tls_psk_identity: "{{ psk_identity }}"
        tls_psk: "{{ psk }}"
EXPECTED RESULTS

Host psk values will be updated.

ACTUAL RESULTS

Host psk values wasn't updated so host becomes unreachable. I have to manually look up for generated psk identity and key from config and update it using web UI.

mu1f407 commented 2 years ago

Strange, because this is covered by tests. And _zabbixhost tests runs fine for 6.2 (after #740).

Just to be sure, the module returns changed: true in your case?

maximko commented 2 years ago

No, it returns "changed": false,.

mu1f407 commented 2 years ago

I see now. This behavior was introduced in #481. There should be the else part in version check like @D3DeFi proposed. I will send a PR with fix and new tests specifically for this case when only write-only parameters are changed.