Adding support for deploying without certificates

README.md

@@ -38,11 +38,15 @@ Role Variables
 | `zba_api_port`                               | `443`                        | false    | port of the Zabbix server API                                                  |
 | `zba_api_use_ssl`                            | `true`                       | false    | whether to connect to the Zabbix API via SSL                                   |
 | `zba_api_validate_certs`                     | `true`                       | false    | whether to validate certificates when connecting to the API                    |
+| `zba_no_cert`                                | `false`                      | false    | whether to not deploy certification validation (usually not needed to be set)  |
 | `zba_cert_path`                              | unset                        | false    | path to the certificate to extract issuer and subject from                     |
 | `zba_api_url`                                | unset                        | false    | use when Zabbix is served via a non-default path, e.g. `/zbx`                  |
 | `zba_http_login`                             | unset                        | false    | HTTP basic authentication user name                                            |
 | `zba_http_password`                          | unset                        | false    | HTTP basic authentication password                                             |
 
+**Note** on `zba_no_cert`: I merely introduced this variable for myself, as I don't want to make use of two different roles, as I have some devices, which I cannot set
+up with certificate validation.
+
 Additionally, all variables of the module [`zabbix.zabbix.zabbix_host`](https://console.redhat.com/ansible/automation-hub/repo/published/zabbix/zabbix/content/module/zabbix_host/)
 can be used (see example below).
 

defaults/main.yml

@@ -7,4 +7,8 @@ _def_zba_api_use_ssl: true
 
 # whether to validate certificates when connecting to the API
 _def_zba_api_validate_certs: true
+
+# specifies whether not to deploy certificate validation
+# (usually, not needed)
+_def_zba_no_cert: false
 ...

tasks/main.yml

@@ -1,31 +1,50 @@
 ---
-- name: 'Load OS dependent variables'
-  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
-  vars:
-    params:
-      files:
-        - >-
-          {{
-            ansible_distribution ~ '-' ~
-            ansible_distribution_major_version ~ '.yml'
-          }}
-        - '{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml'
-        - '{{ ansible_distribution }}.yml'
-        - '{{ ansible_os_family }}.yml'
-        - 'main.yml'  # fallback, vars/main.yml is always loaded by Ansible
-      paths:
-        - '{{ role_path }}/vars'
-        - '{{ playbook_dir }}/vars'
+- name: 'Block: Handling gathering of facts and loading OS dependent variables'
+  when: >-
+    _zba_no_cert is not defined
+    or not _zba_no_cert
+  block:
+    - name: 'Ensure facts are gathered'
+      ansible.builtin.setup: {}
+
+    - name: 'Load OS dependent variables'
+      ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+      vars:
+        params:
+          files:
+            - >-
+              {{
+                ansible_distribution ~ '-' ~
+                ansible_distribution_major_version ~ '.yml'
+              }}
+            - >-
+              {{
+                ansible_os_family ~ '_' ~
+                ansible_distribution_major_version ~ '.yml'
+              }}
+            - '{{ ansible_distribution }}.yml'
+            - '{{ ansible_os_family }}.yml'
+            - 'main.yml'  # fallback, vars/main.yml is always loaded by Ansible
+          paths:
+            - '{{ role_path }}/vars'
+            - '{{ playbook_dir }}/vars'
 
 - name: 'Block: Handle reading certificate information'
   become: true
   when: >
-    tls_subject is not defined
-    or tls_subject == ''
-    or tls_subject == None
-    or tls_issuer is not defined
-    or tls_issuer == ''
-    or tls_isser == None
+    (
+      tls_subject is not defined
+      or tls_subject == ''
+      or tls_subject == None
+      or tls_issuer is not defined
+      or tls_issuer == ''
+      or tls_isser == None
+    )
+    and
+    (
+      _zba_no_cert is not defined
+      or not _zba_no_cert
+    )
   block:
     - name: 'Ensure required packages are installed'
       ansible.builtin.package:
@@ -39,9 +58,16 @@
 
 - name: 'Block: Handle setting certificate issuer'
   when: >
-    tls_issuer is not defined
-    or tls_issuer == ''
-    or tls_isser == None
+    (
+      tls_issuer is not defined
+      or tls_issuer == ''
+      or tls_isser == None
+    )
+    and
+    (
+      _zba_no_cert is not defined
+      or not _zba_no_cert
+    )
   block:
 
     - name: 'Set issuer facts'
@@ -67,9 +93,16 @@
 
 - name: 'Block: Handle setting certificate subject'
   when: >
-    tls_subject is not defined
-    or tls_subject == ''
-    or tls_isser == None
+    (
+      tls_subject is not defined
+      or tls_subject == ''
+      or tls_isser == None
+    )
+    and
+    (
+      _zba_no_cert is not defined
+      or not _zba_no_cert
+    )
   block:
 
     - name: 'Set subject facts'

vars/main.yml

@@ -28,6 +28,9 @@ _zba_api_validate_certs: >-
     zba_api_validate_certs |
     default(_def_zba_validate_certs)
   }}
+# specifies whether not to deploy certificate validation
+# (usually, not needed)
+_zba_no_cert: '{{ zba_no_cert | default(_def_zba_no_cert) }}'
 
 #
 # optional variables without defaults