ansible add

roles/zabbix-agent/tasks/tlspsk_auto_common.yml

@@ -0,0 +1,52 @@
+---
+# Process PSK Secret
+- name: AutoPSK | Save existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}"
+  when: zabbix_agent_tlspskcheck.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Use existing TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}"
+  when:
+    - zabbix_agent_tlspskcheck.stat.exists
+    - zabbix_agent_tlspsk_read|length >= 32
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK secret
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
+  when:
+    - (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32)
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+# Process PSK Identity
+- name: AutoPSK | Use existing TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}"
+  when:
+    - zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config
+
+- name: AutoPSK | Generate new TLS PSK identity
+  ansible.builtin.set_fact:
+    zabbix_agent_tlspskidentity: >-
+      {{
+        zabbix_agent_visible_hostname
+        | default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname)))
+        + '_'
+        + lookup('password', '/dev/null chars=hexdigits length=4')
+      }}
+  when: not zabbix_agent_tlspskidentity_check.stat.exists
+  no_log: "{{ ansible_verbosity < 3 }}"
+  tags:
+    - config