Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit accfedf

Browse files
klandoc2main
klando
and
c2main
authored
Define a new var to handle tls_subject (ansible-collections#497)
Previously, the roles were incorrectly using the same parameter for tls_subject (for web form/API) and tlsserversubject, thus the setup ending up being incorrect. Co-authored-by: Cédric Villemain <[email protected]>
1 parent de23d73 commit accfedf

File tree

5 files changed

+12
-3
lines changed

5 files changed

+12
-3
lines changed

docs/UPGRADE.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,12 @@ This document provides an overview of all the changes that are needed to be appl
2424

2525
The following properties are added in the `zabbix_agent` role.
2626

27+
* `zabbix_agent_tls_subject = "{{ zabbix_agent_tlsservercertsubject }}"`
2728
* `zabbix_agent2_server = "{{ zabbix_agent_server }}"`
2829
* `zabbix_agent2_serveractive = "{{ zabbix_agent_serveractive }}"`
2930
* `zabbix_agent2_allow_key = "{{ zabbix_agent_allow_key }}"`
3031
* `zabbix_agent2_deny_key = "{{ zabbix_agent_deny_key }}"`
32+
* `zabbix_agent2_tls_subject = "{{ zabbix_agent2_tlsservercertsubject }}"`
3133

3234
NOTE: The original properties can still be used but it's suggested to update to
3335
use the new ones.
@@ -47,6 +49,10 @@ new ones.
4749

4850
#### Proxy
4951

52+
The following properties are added in the `zabbix_proxy` role.
53+
54+
* `zabbix_proxy_tls_subject = "{{ zabbix_proxy_tlsservercertsubject }}"`
55+
5056
The following properties are renamed in the `zabbix_proxy` role.
5157

5258
| From | To |

roles/zabbix_agent/defaults/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,7 @@ zabbix_agent_tlscafile:
148148
zabbix_agent_tlscrlfile:
149149
zabbix_agent_tlsservercertissuer:
150150
zabbix_agent_tlsservercertsubject:
151+
zabbix_agent_tls_subject: "{{ zabbix_agent_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
151152
zabbix_agent_tlscertfile:
152153
zabbix_agent_tlskeyfile:
153154
zabbix_agent_tlspskidentity:
@@ -201,6 +202,7 @@ zabbix_agent2_tlscafile:
201202
zabbix_agent2_tlscrlfile:
202203
zabbix_agent2_tlsservercertissuer:
203204
zabbix_agent2_tlsservercertsubject:
205+
zabbix_agent2_tls_subject: "{{ zabbix_agent2_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
204206
zabbix_agent2_tlscertfile:
205207
zabbix_agent2_tlskeyfile:
206208
zabbix_agent2_tlspskidentity:

roles/zabbix_agent/tasks/api.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@
5252
tls_psk: "{{ zabbix_agent_tlspsk_secret | default(omit) }}"
5353
tls_psk_identity: "{{ zabbix_agent_tlspskidentity | default(omit) }}"
5454
tls_issuer: "{{ zabbix_agent_tlsservercertissuer | default(omit) }}"
55-
tls_subject: "{{ zabbix_agent_tlsservercertsubject | default(omit) }}"
55+
tls_subject: "{{ zabbix_agent_tls_subject | default(omit) }}"
5656
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent_tlsaccept if zabbix_agent_tlsaccept else 'unencrypted'] }}"
5757
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent_tlsconnect if zabbix_agent_tlsconnect else 'unencrypted'] }}"
5858
validate_certs: "{{ zabbix_validate_certs | default(omit) }}"
@@ -92,7 +92,7 @@
9292
tls_psk: "{{ zabbix_agent2_tlspsk_secret | default(omit) }}"
9393
tls_psk_identity: "{{ zabbix_agent2_tlspskidentity | default(omit) }}"
9494
tls_issuer: "{{ zabbix_agent2_tlsservercertissuer | default(omit) }}"
95-
tls_subject: "{{ zabbix_agent2_tlsservercertsubject | default(omit) }}"
95+
tls_subject: "{{ zabbix_agent2_tls_subject | default(omit) }}"
9696
tls_accept: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsaccept if zabbix_agent2_tlsaccept else 'unencrypted'] }}"
9797
tls_connect: "{{ zabbix_agent_tls_config[zabbix_agent2_tlsconnect if zabbix_agent2_tlsconnect else 'unencrypted'] }}"
9898
validate_certs: "{{ zabbix_validate_certs | default(omit) }}"

roles/zabbix_proxy/defaults/main.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,7 @@ zabbix_proxy_tlscafile:
140140
zabbix_proxy_tlscrlfile:
141141
zabbix_proxy_tlsservercertissuer:
142142
zabbix_proxy_tlsservercertsubject:
143+
zabbix_proxy_tls_subject: "{{ zabbix_proxy_tlsservercertsubject }}" # FIXME this is not correct and should be removed with 2.0.0, here only to prevent regression
143144
zabbix_proxy_tlscertfile:
144145
zabbix_proxy_tlskeyfile:
145146
zabbix_proxy_tlspskidentity:

roles/zabbix_proxy/tasks/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@
124124
interface: "{{ zabbix_proxy_interface }}"
125125
tls_psk: "{{ zabbix_proxy_tlspsk_secret | default(omit) }}"
126126
tls_psk_identity: "{{ zabbix_proxy_tlspskidentity | default(omit) }}"
127-
tls_subject: "{{ zabbix_proxy_tlsservercertsubject | default(omit) }}"
127+
tls_subject: "{{ zabbix_proxy_tls_subject | default(omit) }}"
128128
tls_accept: "{{ zabbix_proxy_tls_config[zabbix_proxy_tlsaccept if zabbix_proxy_tlsaccept else 'no_encryption'] }}"
129129
tls_connect: "{{ zabbix_proxy_tls_config[zabbix_proxy_tlsconnect if zabbix_proxy_tlsconnect else 'no_encryption'] }}"
130130
validate_certs: "{{ zabbix_validate_certs | default(omit) }}"

0 commit comments

Comments
 (0)