diff --git a/zabbix/files/default/etc/zabbix/zabbix_agentd.conf.jinja b/zabbix/files/default/etc/zabbix/zabbix_agentd.conf.jinja index f516854..bd93360 100644 --- a/zabbix/files/default/etc/zabbix/zabbix_agentd.conf.jinja +++ b/zabbix/files/default/etc/zabbix/zabbix_agentd.conf.jinja @@ -3,7 +3,7 @@ {% set defaults = zabbix.get('agent', {}) -%} # Managed by saltstack. Do not edit this file. # This is a configuration file for Zabbix agent daemon (Unix) -# To get more information about Zabbix, visit http://www.zabbix.com +# To get more information about Zabbix, visit https://www.zabbix.com ############ GENERAL PARAMETERS ################# @@ -26,7 +26,7 @@ PidFile={{ settings.get('pidfile', defaults.pidfile) }} # Mandatory: no # Default: # LogType=file -{% if settings.get('logtype', defaults.get('logtype', 'file')) != 'file' -%} +{% if settings.get('logtype', defaults.get('logtype', 'file')) != 'file' %} LogType={{ settings['logtype'] }} {% endif %} ### Option: LogFile @@ -38,7 +38,7 @@ LogType={{ settings['logtype'] }} {% if settings.get('logtype', defaults.get('logtype', 'file')) == 'file' %} LogFile={{ settings.get('logfile', defaults.logfile) }} {% endif %} -{% else -%} +{% else %} ### Option: LogFile # Name of log file. # If not set, syslog is used. @@ -75,12 +75,12 @@ LogFileSize={{ settings.get('logfilesize', defaults.logfilesize)|int }} # Mandatory: no {% if zabbix.version_repo|float >= 3.0 -%} # Range: 0-5 -{% else %} +{% else -%} # Range: 0-4 -{% endif %} +{% endif -%} # Default: # DebugLevel=3 -{% if settings.get('debuglevel', defaults.get('debuglevel', False)) -%} +{% if settings.get('debuglevel', defaults.get('debuglevel', False)) %} DebugLevel={{ settings.get('debuglevel', defaults.debuglevel) }} {% endif %} ### Option: SourceIP @@ -89,9 +89,43 @@ DebugLevel={{ settings.get('debuglevel', defaults.debuglevel) }} # Mandatory: no # Default: # SourceIP= -{% if settings.get('sourceip', defaults.get('sourceip', False)) -%} +{% if settings.get('sourceip', defaults.get('sourceip', False)) %} SourceIP={{ settings.get('sourceip', defaults.sourceip) }} {% endif %} +{% if zabbix.version_repo|float >= 5.0 -%} +### Option: AllowKey +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# +# Mandatory: no +{% if 'allowkey' in settings and settings['allowkey'] is string -%} +{% do settings.update({'allowkeys': [settings['allowkey']]}) -%} +{% endif -%} +{% for allowkey in settings.get('allowkeys', defaults.get('allowkeys', [])) %} +AllowKey={{ allowkey }} +{%- endfor %} + +### Option: DenyKey +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. +# +# Mandatory: no +# Default: +# DenyKey=system.run[*] +{% if 'denykey' in settings and settings['denykey'] is string -%} +{% do settings.update({'denykeys': [settings['denykey']]}) -%} +{% endif -%} +{% for denykey in settings.get('denykeys', defaults.get('denykeys', [])) %} +DenyKey={{ denykey }} +{%- endfor %} +{% endif %} ### Option: EnableRemoteCommands # Whether remote commands from Zabbix server are allowed. # 0 - not allowed @@ -100,7 +134,7 @@ SourceIP={{ settings.get('sourceip', defaults.sourceip) }} # Mandatory: no # Default: # EnableRemoteCommands=0 -{% if settings.get('enableremotecommands', defaults.get('enableremotecommands', False)) -%} +{% if settings.get('enableremotecommands', defaults.get('enableremotecommands', False)) %} EnableRemoteCommands={{ settings.get('enableremotecommands', defaults.enableremotecommands) }} {% endif %} ### Option: LogRemoteCommands @@ -111,7 +145,7 @@ EnableRemoteCommands={{ settings.get('enableremotecommands', defaults.enableremo # Mandatory: no # Default: # LogRemoteCommands=0 -{% if settings.get('logremotecommands', defaults.get('logremotecommands', False)) -%} +{% if settings.get('logremotecommands', defaults.get('logremotecommands', False)) %} LogRemoteCommands={{ settings.get('logremotecommands', defaults.logremotecommands) }} {% endif %} ##### Passive checks related @@ -139,7 +173,7 @@ Server={{ settings.get('server', defaults.server) }} # Range: 1024-32767 # Default: # ListenPort=10050 -{% if settings.get('listenport', defaults.get('listenport', False)) -%} +{% if settings.get('listenport', defaults.get('listenport', False)) %} ListenPort={{ settings.get('listenport', defaults.listenport) }} {% endif %} ### Option: ListenIP @@ -149,7 +183,7 @@ ListenPort={{ settings.get('listenport', defaults.listenport) }} # Mandatory: no # Default: # ListenIP=0.0.0.0 -{% if settings.get('listenip', defaults.get('listenip', False)) -%} +{% if settings.get('listenip', defaults.get('listenip', False)) %} ListenIP={{ settings.get('listenip', defaults.listenip) }} {% endif %} ### Option: StartAgents @@ -159,19 +193,52 @@ ListenIP={{ settings.get('listenip', defaults.listenip) }} # Mandatory: no # Range: 0-100 # Default: +{% if zabbix.version_repo|float >= 7.0 -%} +# StartAgents=10 +{% else -%} # StartAgents=3 -{% if settings.get('startagents', defaults.get('startagents', False)) -%} +{% endif -%} +{% if settings.get('startagents', defaults.get('startagents', False)) %} StartAgents={{ settings.get('startagents', defaults.startagents) }} {% endif %} ##### Active checks related ### Option: ServerActive +{% if zabbix.version_repo|float >= 5.0 -%} +{% if zabbix.version_repo|float >= 6.0 -%} +# Zabbix server/proxy address or cluster configuration to get active checks from. +# Server/proxy address is IP address or DNS name and optional port separated by colon. +# Cluster configuration is one or more server addresses separated by semicolon. +# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma. +# More than one Zabbix proxy should not be specified from each Zabbix server/cluster. +# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified. +{% else -%} +# Zabbix server/proxy address to get active checks from. +# Server/proxy address is IP address or DNS name and optional port separated by colon. +# Multiple Zabbix servers and Zabbix proxies can be specified, separated by comma. +# More than one Zabbix proxy should not be specified from each Zabbix server. +# If Zabbix proxy is specified then Zabbix server for that proxy should not be specified. +# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed. +{% endif -%} +{% else -%} # List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks. +{% endif -%} # If port is not specified, default port is used. # IPv6 addresses must be enclosed in square brackets if port for that host is specified. # If port is not specified, square brackets for IPv6 addresses are optional. # If this parameter is not specified, active checks are disabled. +{% if zabbix.version_repo|float >= 6.0 -%} +# Example for Zabbix proxy: +# ServerActive=127.0.0.1:10051 +# Example for multiple servers: +# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# Example for high availability: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3 +# Example for high availability with two clusters and one server: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain +{% else -%} # Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +{% endif -%} # # Mandatory: no # Default: @@ -182,16 +249,21 @@ ServerActive={{ settings.get('serveractive', defaults.serveractive)|join(',') }} ServerActive={{ settings.get('serveractive', defaults.serveractive) }} {% endif %} ### Option: Hostname +{% if zabbix.version_repo|float >= 6.0 -%} +# List of comma delimited unique, case sensitive hostnames. +# Required for active checks and must match hostnames as configured on the server. +{% else -%} # Unique, case sensitive hostname. # Required for active checks and must match hostname as configured on the server. +{% endif -%} # Value is acquired from HostnameItem if undefined. # # Mandatory: no # Default: # Hostname= -{% if not settings.get('hostnameitem', defaults.get('hostnameitem', False)) %} + Hostname={{ settings.get('hostname', defaults.get('hostname', salt['grains.get']('id'))) }} -{% endif %} + ### Option: HostnameItem # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. # Does not support UserParameters or aliases. @@ -199,71 +271,61 @@ Hostname={{ settings.get('hostname', defaults.get('hostname', salt['grains.get'] # Mandatory: no # Default: # HostnameItem=system.hostname -{% if settings.get('hostnameitem', defaults.get('hostnameitem', False)) -%} +{% if settings.get('hostnameitem', defaults.get('hostnameitem', False)) %} HostnameItem={{ settings.get('hostnameitem', defaults.hostnameitem) }} {% endif %} ### Option: HostMetadata # Optional parameter that defines host metadata. # Host metadata is used at host auto-registration process. +{% if zabbix.version_repo|float >= 7.0 -%} +# An agent will issue an error and not start if the value is over limit of 2034 characters. +{% else -%} # An agent will issue an error and not start if the value is over limit of 255 characters. +{% endif -%} # If not defined, value will be acquired from HostMetadataItem. # # Mandatory: no +{% if zabbix.version_repo|float >= 7.0 -%} +# Range: 0-2034 characters +{% else -%} # Range: 0-255 characters +{% endif -%} # Default: # HostMetadata= -{% if settings.get('hostmetadata', defaults.get('hostmetadata', False)) -%} +{% if settings.get('hostmetadata', defaults.get('hostmetadata', False)) %} HostMetadata={{ settings.get('hostmetadata', defaults.hostmetadata) }} {% endif %} ### Option: HostMetadataItem # Optional parameter that defines an item used for getting host metadata. # Host metadata is used at host auto-registration process. # During an auto-registration request an agent will log a warning message if +{% if zabbix.version_repo|float >= 7.0 -%} +# the value returned by specified item is over limit of 65535 characters. +{% else -%} # the value returned by specified item is over limit of 255 characters. +{% endif -%} # This option is only used when HostMetadata is not defined. # # Mandatory: no # Default: # HostMetadataItem= -{% if settings.get('hostmetadataitem', defaults.get('hostmetadataitem', False)) -%} +{% if settings.get('hostmetadataitem', defaults.get('hostmetadataitem', False)) %} HostMetadataItem={{ settings.get('hostmetadataitem', defaults.hostmetadataitem) }} {% endif %} -{% if zabbix.version_repo|float >= 4.4 -%} -### Option: HostInterface -# Optional parameter that defines host interface. -# Host interface is used at host auto-registration process. -# An agent will issue an error and not start if the value is over limit of 255 characters. -# If not defined, value will be acquired from HostInterfaceItem. -# -# Mandatory: no -# Range: 0-255 characters -# Default: -# HostInterface= -{% if settings.get('hostinterface', defaults.get('hostinterface', False)) -%} -HostInterface={{ settings.get('hostinterface', defaults.hostinterface) }} -{% endif %} -### Option: HostInterfaceItem -# Optional parameter that defines an item used for getting host interface. -# Host interface is used at host auto-registration process. -# During an auto-registration request an agent will log a warning message if -# the value returned by specified item is over limit of 255 characters. -# This option is only used when HostInterface is not defined. -# -# Mandatory: no -# Default: -# HostInterfaceItem= -{% if settings.get('hostinterfaceitem', defaults.get('hostinterfaceitem', False)) -%} -HostInterfaceItem={{ settings.get('hostinterfaceitem', defaults.hostinterfaceitem) }} -{% endif %} -{% endif -%} ### Option: RefreshActiveChecks # How often list of active checks is refreshed, in seconds. # # Mandatory: no +{% if zabbix.version_repo|float >= 7.0 -%} +# Range: 1-86400 +# Default: +# RefreshActiveChecks=5 +{% else -%} # Range: 60-3600 # Default: # RefreshActiveChecks=120 -{% if settings.get('refreshactivechecks', defaults.get('refreshactivechecks', False)) -%} +{% endif -%} +{% if settings.get('refreshactivechecks', defaults.get('refreshactivechecks', False)) %} RefreshActiveChecks={{ settings.get('refreshactivechecks', defaults.refreshactivechecks) }} {% endif %} ### Option: BufferSend @@ -273,7 +335,7 @@ RefreshActiveChecks={{ settings.get('refreshactivechecks', defaults.refreshactiv # Range: 1-3600 # Default: # BufferSend=5 -{% if settings.get('buffersend', defaults.get('buffersend', False)) -%} +{% if settings.get('buffersend', defaults.get('buffersend', False)) %} BufferSend={{ settings.get('buffersend', defaults.buffersend) }} {% endif %} ### Option: BufferSize @@ -284,7 +346,7 @@ BufferSend={{ settings.get('buffersend', defaults.buffersend) }} # Range: 2-65535 # Default: # BufferSize=100 -{% if settings.get('buffersize', defaults.get('buffersize', False)) -%} +{% if settings.get('buffersize', defaults.get('buffersize', False)) %} BufferSize={{ settings.get('buffersize', defaults.buffersize) }} {% endif %} ### Option: MaxLinesPerSecond @@ -297,47 +359,65 @@ BufferSize={{ settings.get('buffersize', defaults.buffersize) }} # Range: 1-1000 # Default: # MaxLinesPerSecond=20 -{% if settings.get('maxlinespersecond', defaults.get('maxlinespersecond', False)) -%} +{% if settings.get('maxlinespersecond', defaults.get('maxlinespersecond', False)) %} MaxLinesPerSecond={{ settings.get('maxlinespersecond', defaults.maxlinespersecond) }} {% endif %} +{% if zabbix.version_repo|float >= 7.0 -%} +### Option: HeartbeatFrequency +# Frequency of heartbeat messages in seconds. +# Used for monitoring availability of active checks. +# 0 - heartbeat messages disabled. +# +# Mandatory: no +# Range: 0-3600 +# Default: 60 +# HeartbeatFrequency= +{% if settings.get('heartbeatfrequency', defaults.get('heartbeatfrequency', False)) %} +HeartbeatFrequency={{ settings.get('heartbeatfrequency', defaults.heartbeatfrequency) }} +{% endif %} +{% endif -%} ############ ADVANCED PARAMETERS ################# ### Option: Alias -# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. -# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. -# Different Alias keys may reference the same item key. -# For example, to retrieve the ID of user 'zabbix': -# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] -# Now shorthand key zabbix.userid may be used to retrieve data. -# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. +# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. +# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. +# Different Alias keys may reference the same item key. +# For example, to retrieve the ID of user 'zabbix': +# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] +# Now shorthand key zabbix.userid may be used to retrieve data. +# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. # # Mandatory: no # Range: # Default: -{% if settings.get('zabbix_alias', defaults.get('zabbix_alias', False)) -%} +{% if settings.get('zabbix_alias', defaults.get('zabbix_alias', False)) %} Alias={{ settings.get('zabbix_alias', defaults.zabbix_alias) }} {% endif %} ### Option: Timeout -# Spend no more than Timeout seconds on processing +{% if zabbix.version_repo|float >= 7.0 -%} +# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server. +{% else -%} +# Spend no more than Timeout seconds on processing +{% endif -%} # # Mandatory: no # Range: 1-30 # Default: # Timeout=3 -{% if settings.get('timeout', defaults.get('timeout', False)) -%} +{% if settings.get('timeout', defaults.get('timeout', False)) %} Timeout={{ settings.get('timeout', defaults.timeout) }} {% endif %} ### Option: AllowRoot -# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent -# will try to switch to the user specified by the User configuration option instead. -# Has no effect if started under a regular user. -# 0 - do not allow -# 1 - allow +# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow # # Mandatory: no # Default: # AllowRoot=0 -{% if settings.get('allowroot', defaults.get('allowroot', False)) -%} +{% if settings.get('allowroot', defaults.get('allowroot', False)) %} AllowRoot={{ settings.get('allowroot', defaults.allowroot) }} {% endif %} {% if zabbix.version_repo|float >= 2.4 -%} @@ -368,6 +448,7 @@ User={{ settings.get('user', defaults.user) }} {% for include in settings.get('includes', defaults.get('includes', [])) %} Include={{ include }} {%- endfor %} + ####### USER-DEFINED MONITORED PARAMETERS ####### ### Option: UnsafeUserParameters @@ -382,7 +463,7 @@ Include={{ include }} # Range: 0-1 # Default: # UnsafeUserParameters=0 -{% if settings.get('unsafeuserparameters', defaults.get('unsafeuserparameters', False)) -%} +{% if settings.get('unsafeuserparameters', defaults.get('unsafeuserparameters', False)) %} UnsafeUserParameters={{ settings.get('unsafeuserparameters', defaults.unsafeuserparameters) }} {% endif %} ### Option: UserParameter @@ -393,9 +474,23 @@ UnsafeUserParameters={{ settings.get('unsafeuserparameters', defaults.unsafeuser # Mandatory: no # Default: # UserParameter= -{% for userparameter in settings.get('userparameters', []) -%} +{% for userparameter in settings.get('userparameters', []) %} UserParameter={{ userparameter }} {% endfor %} +{% if zabbix.version_repo|float >= 6.2 -%} +### Option: UserParameterDir +# Directory to execute UserParameter commands from. Only one entry is allowed. +# When executing UserParameter commands the agent will change the working directory to the one +# specified in the UserParameterDir option. +# This way UserParameter commands can be specified using the relative ./ prefix. +# +# Mandatory: no +# Default: +# UserParameterDir= +{% if settings.get('userparameterdir', defaults.get('userparameterdir', False)) %} +UserParameterDir={{ settings.get('userparameterdir', defaults.userparameterdir) }} +{% endif %} +{% endif -%} ####### LOADABLE MODULES ####### ### Option: LoadModulePath @@ -406,19 +501,28 @@ UserParameter={{ userparameter }} # Mandatory: no # Default: # LoadModulePath=${libdir}/modules -{% if settings.get('loadmodulepath', defaults.get('loadmodulepath', False)) -%} +{% if settings.get('loadmodulepath', defaults.get('loadmodulepath', False)) %} LoadModulePath={{ settings.get('loadmodulepath', defaults.loadmodulepath) }} {% endif %} ### Option: LoadModule # Module to load at agent startup. Modules are used to extend functionality of the agent. +{% if zabbix.version_repo|float >= 5.0 -%} +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +{% else -%} # Format: LoadModule= # The modules must be located in directory specified by LoadModulePath. +{% endif -%} # It is allowed to include multiple LoadModule parameters. # # Mandatory: no # Default: # LoadModule= -{% for loadmodule in settings.get('loadmodules', []) -%} +{% for loadmodule in settings.get('loadmodules', []) %} LoadModule={{ loadmodule }} {% endfor %} {% if zabbix.version_repo|float >= 3.0 -%} @@ -434,7 +538,7 @@ LoadModule={{ loadmodule }} # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSConnect=unencrypted -{% if settings.get('tlsconnect', defaults.get('tlsconnect', False)) -%} +{% if settings.get('tlsconnect', defaults.get('tlsconnect', False)) %} TLSConnect={{ settings.get('tlsconnect', defaults.tlsconnect) }} {% endif %} ### Option: TLSAccept @@ -447,7 +551,7 @@ TLSConnect={{ settings.get('tlsconnect', defaults.tlsconnect) }} # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSAccept=unencrypted -{% if settings.get('tlsaccept', defaults.get('tlsaccept', False)) -%} +{% if settings.get('tlsaccept', defaults.get('tlsaccept', False)) %} TLSAccept={{ settings.get('tlsaccept', defaults.tlsaccept) }} {% endif %} ### Option: TLSCAFile @@ -457,7 +561,7 @@ TLSAccept={{ settings.get('tlsaccept', defaults.tlsaccept) }} # Mandatory: no # Default: # TLSCAFile= -{% if settings.get('tlscafile', defaults.get('tlscafile', False)) -%} +{% if settings.get('tlscafile', defaults.get('tlscafile', False)) %} TLSCAFile={{ settings.get('tlscafile', defaults.tlscafile) }} {% endif %} ### Option: TLSCRLFile @@ -466,7 +570,7 @@ TLSCAFile={{ settings.get('tlscafile', defaults.tlscafile) }} # Mandatory: no # Default: # TLSCRLFile= -{% if settings.get('tlscrlfile', defaults.get('tlscrlfile', False)) -%} +{% if settings.get('tlscrlfile', defaults.get('tlscrlfile', False)) %} TLSCRLFile={{ settings.get('tlscrlfile', defaults.tlscrlfile) }} {% endif %} ### Option: TLSServerCertIssuer @@ -475,7 +579,7 @@ TLSCRLFile={{ settings.get('tlscrlfile', defaults.tlscrlfile) }} # Mandatory: no # Default: # TLSServerCertIssuer= -{% if settings.get('tlsservercertissuer', defaults.get('tlsservercertissuer', False)) -%} +{% if settings.get('tlsservercertissuer', defaults.get('tlsservercertissuer', False)) %} TLSServerCertIssuer={{ settings.get('tlsservercertissuer', defaults.tlsservercertissuer) }} {% endif %} ### Option: TLSServerCertSubject @@ -484,7 +588,7 @@ TLSServerCertIssuer={{ settings.get('tlsservercertissuer', defaults.tlsservercer # Mandatory: no # Default: # TLSServerCertSubject= -{% if settings.get('tlsservercertsubject', defaults.get('tlsservercertsubject', False)) -%} +{% if settings.get('tlsservercertsubject', defaults.get('tlsservercertsubject', False)) %} TLSServerCertSubject={{ settings.get('tlsservercertsubject', defaults.tlsservercertsubject) }} {% endif %} ### Option: TLSCertFile @@ -493,7 +597,7 @@ TLSServerCertSubject={{ settings.get('tlsservercertsubject', defaults.tlsserverc # Mandatory: no # Default: # TLSCertFile= -{% if settings.get('tlscertfile', defaults.get('tlscertfile', False)) -%} +{% if settings.get('tlscertfile', defaults.get('tlscertfile', False)) %} TLSCertFile={{ settings.get('tlscertfile', defaults.tlscertfile) }} {% endif %} ### Option: TLSKeyFile @@ -502,7 +606,7 @@ TLSCertFile={{ settings.get('tlscertfile', defaults.tlscertfile) }} # Mandatory: no # Default: # TLSKeyFile= -{% if settings.get('tlskeyfile', defaults.get('tlskeyfile', False)) -%} +{% if settings.get('tlskeyfile', defaults.get('tlskeyfile', False)) %} TLSKeyFile={{ settings.get('tlskeyfile', defaults.tlskeyfile) }} {% endif %} ### Option: TLSPSKIdentity @@ -511,7 +615,7 @@ TLSKeyFile={{ settings.get('tlskeyfile', defaults.tlskeyfile) }} # Mandatory: no # Default: # TLSPSKIdentity= -{% if settings.get('tlspskidentity', defaults.get('tlspskidentity', False)) -%} +{% if settings.get('tlspskidentity', defaults.get('tlspskidentity', False)) %} TLSPSKIdentity={{ settings.get('tlspskidentity', defaults.tlspskidentity) }} {% endif %} ### Option: TLSPSKFile @@ -520,8 +624,101 @@ TLSPSKIdentity={{ settings.get('tlspskidentity', defaults.tlspskidentity) }} # Mandatory: no # Default: # TLSPSKFile= -{% if settings.get('tlspskfile', defaults.get('tlspskfile', False)) -%} +{% if settings.get('tlspskfile', defaults.get('tlspskfile', False)) %} TLSPSKFile={{ settings.get('tlspskfile', defaults.tlspskfile) }} {% endif %} +{% if zabbix.version_repo|float >= 5.0 -%} +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= +{% if settings.get('tlsciphercert13', defaults.get('tlsciphercert13', False)) %} +TLSCipherCert13={{ settings.get('tlsciphercert13', defaults.tlsciphercert13) }} +{% endif %} +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= +{% if settings.get('tlsciphercert', defaults.get('tlsciphercert', False)) %} +TLSCipherCert={{ settings.get('tlsciphercert', defaults.tlsciphercert) }} +{% endif %} +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= +{% if settings.get('tlscipherpsk13', defaults.get('tlscipherpsk13', False)) %} +TLSCipherPSK13={{ settings.get('tlscipherpsk13', defaults.tlscipherpsk13) }} +{% endif %} +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= +{% if settings.get('tlscipherpsk', defaults.get('tlscipherpsk', False)) %} +TLSCipherPSK={{ settings.get('tlscipherpsk', defaults.tlscipherpsk) }} +{% endif %} +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= +{% if settings.get('tlscipherall13', defaults.get('tlscipherall13', False)) %} +TLSCipherAll13={{ settings.get('tlscipherall13', defaults.tlscipherall13) }} +{% endif %} +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= +{% if settings.get('tlscipherall', defaults.get('tlscipherall', False)) %} +TLSCipherAll={{ settings.get('tlscipherall', defaults.tlscipherall) }} +{% endif %} +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= +{% if settings.get('listenbacklog', defaults.get('listenbacklog', False)) %} +ListenBacklog={{ settings.get('listenbacklog', defaults.listenbacklog) }} +{% endif %} +{% endif -%} {% endif -%} {{ settings.get('extra_conf','') }}