[Zabbix Agent] TLSPSKFile config is always set breaking configuration

[Kajot-dev]

SUMMARY

Zabbix agent role has a default value for zabbix_agent_tlspskfile set. Then when templating .conf file

community.zabbix/roles/zabbix_agent/templates/agent.conf.j2

Line 138 in 45ed88b

{{ (zabbix_agent_tlspskfile is defined and zabbix_agent_tlspskfile is not none) | ternary('', '# ') }}TLSPSKFile={{ zabbix_agent_tlspskfile | default('') }}

There is only check whether this variable is not defined or null. This leads to invalid configuration when using zabbix_agent_tlsconnect or zabbix_agent_tlsaccept is set to for example cert:

cannot use encryption configuration: TLSPSKFile configuration parameter set without PSK being used

ISSUE TYPE

• Bug Report

COMPONENT NAME

Zabbix agent role

ANSIBLE VERSION

2.17.0

OS / ENVIRONMENT / Zabbix Version

Zabbix 7.0

STEPS TO REPRODUCE

Try to configure zabbix agent with the role using "cert" mode. Role completes successfully but zabbix-agent2 service fails instantly

EXPECTED RESULTS

TLSPSKFile is not set when zabbix_agent_tlsconnect and/or zabbix_agent_tlsconnect is set to something different than psk.

ACTUAL RESULTS

cannot use encryption configuration: TLSPSKFile configuration parameter set without PSK being used

[Kajot-dev]

And using newest release 3.0.0

[Kajot-dev]

This is even worse. Situation where zabbix_agent_tlspskfile is undefined or None is not even possible because of:

community.zabbix/roles/zabbix_agent/tasks/psk_secret.yml

Line 21 in 45ed88b

path: "{{ zabbix_agent_tlspskfile }}"

Which will fail

[silveraignacio]

+1 to this!