Define the zabbix proxy version, the postgresql database version and the zabbix user database password:
zabbix_version: 7.4
pg_version: 17
If you are on Debian, you will also need to activate the non-free repository for the snmp-mibs-downloader package. To do this, define this variable and re-run the "common" role:
debian_apt_sources_list_additional_component: [ 'non-free' ]
By default, this role makes the zabbix proxy in active mode. This means that the proxy will connect itself to the server on the port 10051. If this is not possible and the server must connect itself to the proxy, the proxy need to be in passive mode instead.
To activate passive mode, set this variable to "passive" (the default is "active"):
zabbix_proxy_ProxyMode: "passive"
In passive mode, the server will connect itself to the proxy on port 10051.
In active mode, you can also modify the port used by the proxy to connect to the server via this variable:
zabbix_proxy_ServerPort: "10051"
The connection between the Zabbix Proxy and the Zabbix Server is now always encrypted.
The zabbix_proxy_psk is now generated automatically with an hex password of 128 characters. You'll find the generated password in hashicorp vault.
(!) You need to configure the Zabbix frontend to use the PSK, you need to go to the "Encryption" tab and select PSK in either "Connections to proxy" (for a passive proxy) or "Connections from proxy" (for an active proxy) . The "PSK identity" is generated by ansible and is simply "PSK {{ ansible_hostname }}", and the "PSK" is of course the generated one.
You can define any additional configuration settings using this dictonnary:
zabbix_proxy_addional_config:
ProxyOfflineBuffer: 2
StartPollersUnreachable: 5
CacheSize: 50M
JavaGateway: localhost
StartJavaPollers: 20
You can override StartPingers:
zabbix_proxy_StartPingers: 10