Try SpotterUpdate Zabbix authentication
| "added in version" 1.6.0 of community.zabbix"
Authors: ONODERA Masaru(@masa-orca)
Install with ansible-galaxy collection install community.zabbix:==2.3.1
collections:
- name: community.zabbix
version: 2.3.1This module allows you to modify Zabbix authentication setting.
# If you want to use Username and Password to be authenticated by Zabbix Server
- name: Set credentials to access Zabbix Server API
ansible.builtin.set_fact:
ansible_user: Admin
ansible_httpapi_pass: zabbix
# If you want to use API token to be authenticated by Zabbix Server
# https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens
- name: Set API token
ansible.builtin.set_fact:
ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895
- name: Update all authentication setting (Zabbix <= 6.0)
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_authentication:
authentication_type: internal
http_auth_enabled: true
http_login_form: zabbix_login_form
http_strip_domains:
- comp
- any
http_case_sensitive: true
ldap_configured: true
ldap_host: "ldap://localhost"
ldap_port: 389
ldap_base_dn: "ou=Users,ou=system"
ldap_search_attribute: "uid"
ldap_bind_dn: "uid=ldap_search,ou=system"
ldap_case_sensitive: true
ldap_bind_password: "password"
saml_auth_enabled: true
saml_idp_entityid: ""
saml_sso_url: "https://localhost/SAML2/SSO"
saml_slo_url: "https://localhost/SAML2/SLO"
saml_username_attribute: "uid"
saml_sp_entityid: "https://localhost"
saml_nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
saml_sign_messages: true
saml_sign_assertions: true
saml_sign_authn_requests: true
saml_sign_logout_requests: true
saml_sign_logout_responses: true
saml_encrypt_nameid: true
saml_encrypt_assertions: true
saml_case_sensitive: true
passwd_min_length: 70
passwd_check_rules:
- contain_uppercase_and_lowercase_letters
- contain_digits
- contain_special_characters
- avoid_easy_to_guess
- name: Update all authentication setting (Zabbix = 6.2)
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_authentication:
authentication_type: internal
http_auth_enabled: true
http_login_form: zabbix_login_form
http_strip_domains:
- comp
- any
http_case_sensitive: true
ldap_configured: true
ldap_case_sensitive: true
saml_auth_enabled: true
saml_idp_entityid: ""
saml_sso_url: "https://localhost/SAML2/SSO"
saml_slo_url: "https://localhost/SAML2/SLO"
saml_username_attribute: "uid"
saml_sp_entityid: "https://localhost"
saml_nameid_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
saml_sign_messages: true
saml_sign_assertions: true
saml_sign_authn_requests: true
saml_sign_logout_requests: true
saml_sign_logout_responses: true
saml_encrypt_nameid: true
saml_encrypt_assertions: true
saml_case_sensitive: true
passwd_min_length: 70
passwd_check_rules:
- contain_uppercase_and_lowercase_letters
- contain_digits
- contain_special_characters
- avoid_easy_to_guess
- name: Update all authentication setting (Zabbix >= 6.4)
# set task level variables as we change ansible_connection plugin here
vars:
ansible_network_os: community.zabbix.zabbix
ansible_connection: httpapi
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
ansible_host: zabbix-example-fqdn.org
community.zabbix.zabbix_authentication:
authentication_type: internal
http_auth_enabled: true
http_login_form: zabbix_login_form
http_strip_domains:
- comp
- any
http_case_sensitive: true
ldap_auth_enabled: true
ldap_userdirectory: TestUserDirectory
ldap_case_sensitive: true
saml_auth_enabled: true
saml_case_sensitive: true
ldap_jit_status: true
saml_jit_status: true
jit_provision_interval: 1h
disabled_usrgrp: Disabled
passwd_min_length: 70
passwd_check_rules:
- contain_uppercase_and_lowercase_letters
- contain_digits
- contain_special_characters
- avoid_easy_to_guess
ldap_host:
description:
- LDAP server name.
- e.g. C(ldap://ldap.zabbix.com)
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_port:
description:
- A port number of LDAP server.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: int
ldap_base_dn:
description:
- Base DN of LDAP.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_bind_dn:
description:
- Bind DN of LDAP.
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
saml_slo_url:
description:
- URL for SAML single logout service.
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
saml_sso_url:
description:
- URL for single sign on service of SAML.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
http_login_form:
choices:
- zabbix_login_form
- http_login_form
description:
- Choose default login form.
required: false
type: str
http_login_user:
description:
- Basic Auth login
required: false
type: str
ldap_configured:
description:
- LDAP authentication will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
- Removed in Zabbix 6.4
required: false
type: bool
ldap_jit_status:
description:
- Status of LDAP provisioning.
- This parameter is available since Zabbix 6.4.
required: false
type: bool
saml_jit_status:
description:
- Status of SAML provisioning.
- This parameter is available since Zabbix 6.4.
required: false
type: bool
saml_sp_entityid:
description:
- Entity ID of SAML service provider.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
disabled_usrgroup:
description:
- User group name to assign the deprovisioned user to.
- The user group must be disabled and cannot be enabled or deleted when configured.
- Required if C(ldap_jit_status) for C(saml_jit_status) enabled.
- This parameter is available since Zabbix 6.4.
required: false
type: str
http_auth_enabled:
description:
- HTTP authentication will be enabled if C(true).
required: false
type: bool
ldap_auth_enabled:
description:
- LDAP authentication will be enabled if C(true).
- This parameter is available since Zabbix 6.4.
required: false
type: bool
passwd_min_length:
description:
- Minimal length of password.
- Choose from 1-70.
- This parameter is available since Zabbix 6.0.
required: false
type: int
saml_auth_enabled:
description:
- SAML authentication will be enabled if C(true).
required: false
type: bool
saml_idp_entityid:
description:
- SAML identify provider's entity ID.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
http_strip_domains:
description:
- A list of domain names that should be removed from the username.
elements: str
required: false
type: list
ldap_bind_password:
description:
- Bind password of LDAP.
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
ldap_userdirectory:
description:
- LDAP authentication default user directory name for user groups with gui_access
set to LDAP or System default.
- Required to be set when C(ldap_configured) / C(ldap_auth_enabled) is set to 1.
required: false
type: str
passwd_check_rules:
description:
- Checking password rules.
- Select multiple from C(contain_uppercase_and_lowercase_letters), C(contain_digits).
C(contain_special_characters) and C(avoid_easy_to_guess).
- This parameter is available since Zabbix 6.0.
elements: str
required: false
type: list
saml_nameid_format:
description:
- Name identifier format of SAML service provider.
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
saml_sign_messages:
description:
- SAML sign messages will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
authentication_type:
choices:
- internal
- ldap
description:
- Choose default authentication type.
required: false
type: str
http_case_sensitive:
description:
- Case sensitive login for HTTP authentication will be enabled if C(true).
required: false
type: bool
http_login_password:
description:
- Basic Auth password
required: false
type: str
ldap_case_sensitive:
description:
- case sensitive login for LDAP authentication will be enabled if C(true).
required: false
type: bool
saml_case_sensitive:
description:
- Case sensitive login for SAML authentication will be enabled if C(true).
required: false
type: bool
saml_encrypt_nameid:
description:
- SAML encrypt name ID will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
saml_sign_assertions:
description:
- SAML sign assertions will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
ldap_search_attribute:
description:
- Search attribute of LDAP.
- This setting is required if current value of I(ldap_configured) is C(false).
- Works only with Zabbix <= 6.0 and is silently ignored in higher versions.
required: false
type: str
jit_provision_interval:
default: 1h
description:
- Time interval between JIT provision requests for logged-in user.
- Accepts seconds and time unit with suffix with month and year support (3600s,60m,1h,1d,1M,1y).
Minimum value 1h.
- Available only for LDAP provisioning.
- This parameter is available since Zabbix 6.4.
required: false
type: str
saml_encrypt_assertions:
description:
- SAML encrypt assertions will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
saml_username_attribute:
description:
- User name attribute of SAML.
- This setting is required if current value of I(saml_auth_enabled) is C(false).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: str
saml_sign_authn_requests:
description:
- SAML sign AuthN requests will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
saml_sign_logout_requests:
description:
- SAML sign logout requests will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
saml_sign_logout_responses:
description:
- SAML sign logout responses will be enabled if C(true).
- Works only with Zabbix <= 6.2 and is silently ignored in higher versions.
required: false
type: bool
msg: description: The result of the operation returned: success sample: Successfully update authentication setting type: str