community.zabbix
community.zabbix copied to clipboard
ansible-collections
zabbix_proxy_tlspskfile fails silently if the file does not exist.
SUMMARY
If you specify zabbix_proxy_tlspskfile variable, there is nothing in the roles to actually create this file. There is a check to make sure the directory exists, but nothing to make sure the file itself exists. The role will complete and even restarts the service, but then the service will fail shortly after startup with the error below. I've specifically seen this on the Zabbix Proxy role, but would expect this can probably happen on any role that does PSK configuration.
cannot open file "/var/lib/zabbix/zabbix.psk": [2] No such file or directory
The only work around I've found is to manually create this file before running the Zabbix role. The better solution would be to have the role create the file, if it doesn't already exist. Doing something like openssl rand -hex 32 is sufficient for the content of this file.
I'm currently using the 2.4.0 release of the collection, but looking at the relevant tasks on the current main branch and I don't see anything for this issue. I do have a work around in our usage currently, but it sure would be nice if the collection would fix this eventually.
ISSUE TYPE
- Bug Report
COMPONENT NAME
Zabbix Proxy role, possibly others as well.
ANSIBLE VERSION
ansible [core 2.15.12]
config file = /home/kshutt/projects/iaas/ansible.cfg
configured module search path = ['/home/kshutt/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/kshutt/venv39/lib64/python3.9/site-packages/ansible
ansible collection location = /home/kshutt/.ansible/collections:/usr/share/ansible/collections
executable location = /home/kshutt/venv39/bin/ansible
python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] (/home/kshutt/venv39/bin/python3.9)
jinja version = 3.1.4
libyaml = True
CONFIGURATION
ANSIBLE_PIPELINING(/home/kshutt/projects/iaas/ansible.cfg) = True
CALLBACKS_ENABLED(/home/kshutt/projects/iaas/ansible.cfg) = ['profile_tasks', 'profile_roles']
CONFIG_FILE() = /home/kshutt/projects/iaas/ansible.cfg
DEFAULT_HASH_BEHAVIOUR(/home/kshutt/projects/iaas/ansible.cfg) = merge
DEFAULT_HOST_LIST(/home/kshutt/projects/iaas/ansible.cfg) = ['/home/kshutt/projects/iaas/inventory']
DEFAULT_JINJA2_EXTENSIONS(/home/kshutt/projects/iaas/ansible.cfg) = jinja2.ext.loopcontrols
DEFAULT_TIMEOUT(/home/kshutt/projects/iaas/ansible.cfg) = 120
DEFAULT_VAULT_PASSWORD_FILE(/home/kshutt/projects/iaas/ansible.cfg) = /home/kshutt/projects/iaas/tools/vault.txt
GALAXY_SERVER_LIST(/home/kshutt/projects/iaas/ansible.cfg) = ['automation_hub', 'release_galaxy']
HOST_KEY_CHECKING(/home/kshutt/projects/iaas/ansible.cfg) = False
INTERPRETER_PYTHON(/home/kshutt/projects/iaas/ansible.cfg) = auto
SHOW_CUSTOM_STATS(/home/kshutt/projects/iaas/ansible.cfg) = True
OS / ENVIRONMENT / Zabbix Version
We are currently targeting latest RedHat 8 and 9 releases, and the same issue appears in both.
STEPS TO REPRODUCE
Just set `zabbix_proxy_tlspskfile` to a file name, but don't create the file ahead of time.
EXPECTED RESULTS
If the file doesn't exist, the role should just create a reasonable default based on a random hash. In our case we set this variable to /var/lib/zabbix/zabbix.psk.
ACTUAL RESULTS
The community.zabbix.zabbix_proxy role will run to successful completion, but then the zabbix proxy service will fail after startup with error:
cannot open file "/var/lib/zabbix/zabbix.psk": [2] No such file or directory
