53 lines
1.7 KiB
YAML
53 lines
1.7 KiB
YAML
---
|
|
# Process PSK Secret
|
|
- name: AutoPSK | Save existing TLS PSK secret
|
|
ansible.builtin.set_fact:
|
|
zabbix_agent_tlspsk_read: "{{ zabbix_agent_tlspsk_base64['content'] | b64decode | trim }}"
|
|
when: zabbix_agent_tlspskcheck.stat.exists
|
|
no_log: "{{ ansible_verbosity < 3 }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: AutoPSK | Use existing TLS PSK secret
|
|
ansible.builtin.set_fact:
|
|
zabbix_agent_tlspsk_secret: "{{ zabbix_agent_tlspsk_read }}"
|
|
when:
|
|
- zabbix_agent_tlspskcheck.stat.exists
|
|
- zabbix_agent_tlspsk_read|length >= 32
|
|
no_log: "{{ ansible_verbosity < 3 }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: AutoPSK | Generate new TLS PSK secret
|
|
ansible.builtin.set_fact:
|
|
zabbix_agent_tlspsk_secret: "{{ lookup('password', '/dev/null chars=hexdigits length=64') }}"
|
|
when:
|
|
- (not zabbix_agent_tlspskcheck.stat.exists) or (zabbix_agent_tlspsk_read|length < 32)
|
|
no_log: "{{ ansible_verbosity < 3 }}"
|
|
tags:
|
|
- config
|
|
|
|
# Process PSK Identity
|
|
- name: AutoPSK | Use existing TLS PSK identity
|
|
ansible.builtin.set_fact:
|
|
zabbix_agent_tlspskidentity: "{{ zabbix_agent_tlspskidentity_base64['content'] | b64decode | trim }}"
|
|
when:
|
|
- zabbix_agent_tlspskidentity_check.stat.exists
|
|
no_log: "{{ ansible_verbosity < 3 }}"
|
|
tags:
|
|
- config
|
|
|
|
- name: AutoPSK | Generate new TLS PSK identity
|
|
ansible.builtin.set_fact:
|
|
zabbix_agent_tlspskidentity: >-
|
|
{{
|
|
zabbix_agent_visible_hostname
|
|
| default(((zabbix_agent2 != True) | ternary(zabbix_agent_hostname, zabbix_agent_hostname)))
|
|
+ '_'
|
|
+ lookup('password', '/dev/null chars=hexdigits length=4')
|
|
}}
|
|
when: not zabbix_agent_tlspskidentity_check.stat.exists
|
|
no_log: "{{ ansible_verbosity < 3 }}"
|
|
tags:
|
|
- config
|