From b157e43772137bdc99851ebb246f4f2d96732a21 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 18 Jul 2017 13:17:06 +0200
Subject: [PATCH] ansible-inventories/knime#110 Zabbix config files

---
 defaults/main.yml            |  5 +++++
 tasks/config.yml             | 10 ++++++++++
 templates/zabbix_agentd.conf | 16 ++++++++++++----
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 021d092..68d1052 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,6 +4,11 @@ zabbix_agent_logfile_size: 0
 zabbix_agent_server: '127.0.0.1'
 zabbix_agent_server_active: '127.0.0.1'
 zabbix_agent_hostname: 'Zabbix server'
+zabbix_tls_connect: 'unencrypted'
+zabbix_tls_accept: 'unencrypted'
+zabbix_tls_psk_identity: ''
+zabbix_tls_psk_file: ''
+
 zabbix_agent_userparameter:
   mysql:
     - mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/var/lib/zabbix mysql -N | awk '{print $$2}'
diff --git a/tasks/config.yml b/tasks/config.yml
index 353b454..e680025 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -7,6 +7,16 @@
     dest: '/etc/zabbix/zabbix_agentd.conf'
   notify: "Restart Zabbix Agent"
 
+- name: "Copy TLS PSK File"
+  copy:
+    src: '{{ inventory_dir }}/files/zabbix/{{ zabbix_tls_psk_file }}'
+    dest: '/etc/zabbix/{{ zabbix_tls_psk_file }}'
+    owner: 'zabbix'
+    group: 'root'
+    mode: '0600'
+  when: zabbix_tls_psk_file != ''
+  notify: "Restart Zabbix Agent"
+
 - name: "Agent User Config"
   template:
     src: 'userparameter.conf'
diff --git a/templates/zabbix_agentd.conf b/templates/zabbix_agentd.conf
index 1ee2a62..03f2a8e 100644
--- a/templates/zabbix_agentd.conf
+++ b/templates/zabbix_agentd.conf
@@ -327,7 +327,7 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
-# TLSConnect=unencrypted
+TLSConnect={{ zabbix_tls_connect }}
 
 ### Option: TLSAccept
 #	What incoming connections to accept.
@@ -338,7 +338,7 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
-# TLSAccept=unencrypted
+TLSAccept={{ zabbix_tls_accept }}
 
 ### Option: TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for
@@ -388,11 +388,19 @@ Include=/etc/zabbix/zabbix_agentd.d/
 #
 # Mandatory: no
 # Default:
-# TLSPSKIdentity=
+{% if zabbix_tls_psk_identity == '' %}
+#TLSPSKIdentity=
+{% else %}
+TLSPSKIdentity={{ zabbix_tls_psk_identity }}
+{% endif %}
 
 ### Option: TLSPSKFile
 #	Full pathname of a file containing the pre-shared key.
 #
 # Mandatory: no
 # Default:
-# TLSPSKFile=
+{% if zabbix_tls_psk_file == '' %}
+#TLSPSKFile=
+{% else %}
+TLSPSKFile=/etc/zabbix/{{ zabbix_tls_psk_file }}
+{% endif %}
-- 
GitLab