parent
592e3d1a37
commit
b19c5f776c
4 changed files with 31 additions and 28 deletions
@ -1,21 +1,12 @@ |
||||
--- |
||||
|
||||
- name: Check if a TLS PSK key exists |
||||
stat: path=/etc/zabbix/zabbix_agentd.psk |
||||
register: zbx_psk |
||||
tags: zabbix |
||||
|
||||
- name: Generate random PSK key for TLS encryption |
||||
shell: openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk |
||||
when: |
||||
- not zbx_psk.stat.exists |
||||
- zabbix_agent_encryption == "psk" |
||||
args: |
||||
creates: /etc/zabbix/zabbix_agentd.psk |
||||
tags: zabbix |
||||
|
||||
- name: Restrict permission on PSK file |
||||
file: path=/etc/zabbix/zabbix_agentd.psk owner=root group=zabbix mode=0640 |
||||
when: |
||||
- not zbx_psk.stat.exists |
||||
- zabbix_agent_encryption == "psk" |
||||
tags: zabbix |
||||
|
||||
|
@ -1,13 +1,3 @@ |
||||
PidFile=/var/run/zabbix/zabbix_agentd.pid |
||||
Server={{ zabbix_agent_servers | join(',') }} |
||||
ServerActive= |
||||
HostnameItem=system.hostname |
||||
Timeout=30 |
||||
LogType=system |
||||
Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf |
||||
{% if zabbix_agent_encryption == "psk" %} |
||||
TLSPSKFile=/etc/zabbix/zabbix_agentd.psk |
||||
TLSPSKIdentity={{ inventory_hostname }}-agent |
||||
TLSConnect=psk |
||||
TLSAccept=unencrypted,psk |
||||
{% endif %} |
||||
{% for key in zabbix_agent_conf.keys() | list %} |
||||
{{ key }}={{ zabbix_agent_conf[key] }} |
||||
{% endfor %} |
||||
|
Loading…
Reference in new issue