Use SSL for database connection when zabbix_server_dbtlsconnect is set

[ChandlerSwift]

SUMMARY

I am setting up Zabbix with a database where SSL is enforced. Zabbix itself works fine with this, thanks to the zabbix_server_dbtlsconnect parameter, but a few of the playbook's setup tasks try to connect without TLS, which fails. This adds a parameter to enable TLS if the server would also be set to use it.

This isn't a perfect solution, but the community.mysql collection doesn't provide a way to use a TLS connection without setting one of check_hostname, ca_cert, client_key, or client_hostname, and we don't (can't, in our case) specify a cert/key. This will potentially fail when the host presents a cert with the wrong hostname (which can happen if zabbix_server_dbtlsconnect is set to required rather than verify_ca or verify_full). However, there's not a way to enable TLS without setting one of these options without also changing the MySQL collection.

There's some more background on this issue in the community.mysql collection: ansible-collections/community.mysql#90

(I'm not convinced this is the right approach, though it does fix our particular use case! If there's another way to fix this that would be better, I'd appreciate the feedback and can try to update the PR if desired.)

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

zabbix_server role

[ChandlerSwift]

Hey @pyrodie18, is there anything I can do to help get this moved towards being merged? Thanks!

[pyrodie18]

It's not ready to be merged. It failed the checks and looks like it was based on a pre 2.0 release. Need to rebase and update your code and make sure that it passes the checks before we can merge it.

[BGmot]

@pyrodie18 should we close it without merging?

[pyrodie18]

Closed due to lack of corrections. Please feel free to make the required changes and create a new PR.