parent
592e3d1a37
commit
b19c5f776c
4 changed files with 31 additions and 28 deletions
@ -1,21 +1,12 @@ |
|||||||
--- |
--- |
||||||
|
|
||||||
- name: Check if a TLS PSK key exists |
|
||||||
stat: path=/etc/zabbix/zabbix_agentd.psk |
|
||||||
register: zbx_psk |
|
||||||
tags: zabbix |
|
||||||
|
|
||||||
- name: Generate random PSK key for TLS encryption |
- name: Generate random PSK key for TLS encryption |
||||||
shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk |
shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk |
||||||
when: |
args: |
||||||
- not zbx_psk.stat.exists |
creates: /etc/zabbix/zabbix_agentd.psk |
||||||
- zabbix_agent_encryption == "psk" |
|
||||||
tags: zabbix |
tags: zabbix |
||||||
|
|
||||||
- name: Restrict permission on PSK file |
- name: Restrict permission on PSK file |
||||||
file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640 |
file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640 |
||||||
when: |
|
||||||
- not zbx_psk.stat.exists |
|
||||||
- zabbix_agent_encryption == "psk" |
|
||||||
tags: zabbix |
tags: zabbix |
||||||
|
|
||||||
|
@ -1,13 +1,3 @@ |
|||||||
PidFile=/var/run/zabbix/zabbix_agentd.pid |
{% for key in zabbix_agent_conf.keys() | list %} |
||||||
Server={{ zabbix_agent_servers | join(',') }} |
{{ key }}={{ zabbix_agent_conf[key] }} |
||||||
ServerActive= |
{% endfor %} |
||||||
HostnameItem=system.hostname |
|
||||||
Timeout=30 |
|
||||||
LogType=system |
|
||||||
Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf |
|
||||||
{% if zabbix_agent_encryption == "psk" %} |
|
||||||
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk |
|
||||||
TLSPSKIdentity={{ inventory_hostname }}-agent |
|
||||||
TLSConnect=psk |
|
||||||
TLSAccept=unencrypted,psk |
|
||||||
{% endif %} |
|
||||||
|
Loading…
Reference in new issue