We are still using v6 (yes, I know, but that is another discussion). I am trying to add a zabbix proxy using ansible and the default community role (zabbix-api 0.5.6). This is a role that has been working for us for quite a long time and neither did we change the ansible version used, nor the zabbix server version in the mean time.
However I am now encountering a very strange error when trying to add a new passive proxy with PSK encryption, using this task:
when I run the task i get this error (redacted for host names and sensitive information):
msg: 'Failed to create proxy gateway: (''Error -32602: Invalid params., Invalid parameter "/1/tls_accept": value must be 1. while sending {"jsonrpc": "2.0", "method": "proxy.create", "params": {"host": "gateway", "status": "6", "tls_connect": "2", "tls_accept": "2", "tls_psk_identity": "psk_gateway", "tls_psk": "xxxxxxcensored", "interface": {"dns": "gateway.foo.bar", "useip": 0, "ip": "", "port": "10051"}}, "auth": "really_secret", "id": 4}'', -32602)'
For me it looks like the module properly translates the tls_accept: PSK to the value "2" in zabbix_proxy.py before sending the API request - exactly as requested in the Zabbix 6.0 API documentation
However, the API now always responds with "no, the value must be set to '1'", which would translate to "no encryption". No encryption is not an option for us here, though.
What I checked so far is:
I would appreciate any hint!
However I am now encountering a very strange error when trying to add a new passive proxy with PSK encryption, using this task:
Code:
- name: Add Proxy to Zabbix with FQDN
become: False
community.zabbix.zabbix_proxy:
login_user: "{{ zabbix_username }}"
login_password: "{{ zabbix_password }}"
http_login_user: "{{ zabbix_htaccess_username }}"
http_login_password: "{{ zabbix_htaccess_password }}"
proxy_name: "{{ zabbix_proxy_hostname }}"
server_url: "{{ zabbix_proxy_master_uri }}://{{ zabbix_proxy_master }}"
status: "{{ zabbix_proxy_mode }}"
interface:
dns: "{{ zabbix_proxy_hostname }}"
tls_accept: >-
{%- if zabbix_proxy_psk is defined -%}
PSK
{%- else -%}
no_encryption
{%- endif -%}
tls_connect: >-
{%- if zabbix_proxy_psk is defined -%}
PSK
{%- else -%}
no_encryption
{%- endif -%}
tls_psk: "{{ zabbix_proxy_psk }}"
tls_psk_identity: "psk_{{ zabbix_proxy_hostname }}"
delegate_to: localhost
ignore_errors: "{{ ansible_check_mode }}"
when: not valid_ip
msg: 'Failed to create proxy gateway: (''Error -32602: Invalid params., Invalid parameter "/1/tls_accept": value must be 1. while sending {"jsonrpc": "2.0", "method": "proxy.create", "params": {"host": "gateway", "status": "6", "tls_connect": "2", "tls_accept": "2", "tls_psk_identity": "psk_gateway", "tls_psk": "xxxxxxcensored", "interface": {"dns": "gateway.foo.bar", "useip": 0, "ip": "", "port": "10051"}}, "auth": "really_secret", "id": 4}'', -32602)'
For me it looks like the module properly translates the tls_accept: PSK to the value "2" in zabbix_proxy.py before sending the API request - exactly as requested in the Zabbix 6.0 API documentation
However, the API now always responds with "no, the value must be set to '1'", which would translate to "no encryption". No encryption is not an option for us here, though.
What I checked so far is:
- usernames and passwords are correct (otherwise I would not get to an API error message like this I presume)
- All variables are filled in correctly and the PSK is a string of more than 32 hex characters
- the proxy_hostname (the real one anyway) is properly resolvable via DNS.
I would appreciate any hint!