point release 3.0.4 breaks AutoPSK

[krauthosting]

SUMMARY

@pyrodie18 @BGmot Hey bros, this again breaks stuff in a minor release 🙀
FYI We originally contributed the whole logic behind zabbix_agent_tlspsk_auto
Again goal was security by default and avoid Zabbix's unencrypted by default.
Breaking commits came for issue #1338 via PR #1343 and released as 3.0.4

ISSUE TYPE

• Bug Report

COMPONENT NAME

zabbix_agent role

ANSIBLE VERSION

ansible [core 2.16.8]
  config file = /home/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Mar 22 2024, 16:50:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

OS / ENVIRONMENT / Zabbix Version

Ubuntu 22.04 LTS / Ansible Conroller / Zabbix 6.0 LTS>

STEPS TO REPRODUCE

Enabling zabbix_agent_tlspsk_auto leads now to TLSAccept=psk,unencrypted

Beside insecure defaults it also functionally breaks the zabbix_agent role:

[andrew-landsverk-win]

I notice this issue still affects 3.1.0.

[pyrodie18]

Yep, no one has submitted a PR for it yet and me and all of the other maintainers are busy on various other things.

[iwan-usn]

As of 3.1.2 the issue is still apparent.

[Thulium-Drake]

You can workaround it by adding the following to your inventory variables:

zabbix_agent_tlsaccept: 'psk'
zabbix_agent_tlsconnect: 'psk'

I'll try to make some time next week to investigate this and make a PR :-)