zabbix_server: fix saml setting + extract idp cert

2023-08-14 21:25:59 +02:00 · 2023-08-14 21:25:59 +02:00 · e264bc8cae
commit e264bc8cae
parent 8f6a5122ce
2 changed files with 5 additions and 2 deletions
--- a/roles/zabbix/zabbix_server/tasks/install.yml
+++ b/roles/zabbix/zabbix_server/tasks/install.yml
@ -66,7 +66,10 @@

 - name: Install IDP certificate
  ansible.builtin.copy:
-    src: "{{ private }}/files/saml2/{{ env }}/keys/idp.crt"
+    content: "{{ lookup('ansible.builtin.file',
+            private + '/files/saml2/' + env + '/keys/idp.crt')
+            | regex_search('-----BEGIN CERTIFICATE-----\n[^-]*\n-----END CERTIFICATE-----',
+            multiline=True) }}\n"
    dest: /usr/share/zabbix/conf/certs/idp.crt
    mode: 0644
    owner: nginx
--- a/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2
+++ b/roles/zabbix/zabbix_server/templates/zabbix.conf.php.j2
@ -52,4 +52,4 @@ $IMAGE_FORMAT_DEFAULT   = IMAGE_FORMAT_PNG;
 //$SSO['SP_CERT']                       = 'conf/certs/sp.crt';
 //$SSO['IDP_CERT']              = 'conf/certs/idp.crt';
 //$SSO['SETTINGS']              = [];
-$SSO_SETTINGS=['strict' => false, 'baseurl' => "https://zabbix{{ env_suffix }}.fedoraproject.org", 'use_proxy_headers' => true]
+$SSO['SETTINGS'] = ['strict' => false, 'baseurl' => "https://zabbix{{ env_suffix }}.fedoraproject.org", 'use_proxy_headers' => true];