Description of PR
Heavily inspired by our precious work on integrating Let's Encrypt and pushing certbot backporting this aims to be a dead simple solutions aiming for security KISSes. We basically use local filesystem where the Zabbix agent runs to store there two individual files with PSK and ID so the credentials stay only where they are needed anyway. But on every run we parse them for distributing them to the Zabbix server via the zabbix_host module.
This way the user of this rule just needs to toggle zabbix_agent_tlspsk_auto for enabling encryption between all the agents and the server. Ansible delivers here we're currently fail with Zabbix as both auto registration and network discovery are not usable with encryption.
Description of PR Heavily inspired by our precious work on integrating Let's Encrypt and pushing certbot backporting this aims to be a dead simple solutions aiming for security KISSes. We basically use local filesystem where the Zabbix agent runs to store there two individual files with PSK and ID so the credentials stay only where they are needed anyway. But on every run we parse them for distributing them to the Zabbix server via the
zabbix_host
module.This way the user of this rule just needs to toggle
zabbix_agent_tlspsk_auto
for enabling encryption between all the agents and the server. Ansible delivers here we're currently fail with Zabbix as both auto registration and network discovery are not usable with encryption.Type of change Feature Pull Request
Fixes an issue dj-wasabi/ansible-zabbix-agent#250