[ZBX-14600] [PSK] Unable to send data via zabbix_sender for other encrypted hosts Created: 2018 Jul 12 Updated: 2018 Aug 06 Resolved: 2018 Aug 06 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Server (S) |
Affects Version/s: | 3.4.11 |
Fix Version/s: | None |
Type: | Incident report | Priority: | Major |
Reporter: | Dmitry Verkhoturov | Assignee: | Unassigned |
Resolution: | Won't fix | Votes: | 0 |
Labels: | encryption, zabbix_sender, zabbix_server | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I have host A and B, and Zabbix server Z, everything version 3.4.11. Host B have item trapper_item_key with type Zabbix Trapper, Allowed hosts might be set to Z or stay unset, it doesn't affect anything at all. Scenarios:
All scenarios with processed: 0 items are actual problems. It seems to me what Zabbix Server incorrectly checking PSK for trapper items on host with enabled PSK encryption when data coming from some other host without encryption or with other PSK key. |
Comments |
Comment by Glebs Ivanovskis [ 2018 Jul 13 ] | ||||||||||||
Are you using same PSK value with different PKS identities on hosts A and B? | ||||||||||||
Comment by Dmitry Verkhoturov [ 2018 Jul 14 ] | ||||||||||||
Different PSK with different values. Both hosts can send data for themselves with enabled encryption. Problem is PSK check is made in situations where it should not. | ||||||||||||
Comment by Glebs Ivanovskis [ 2018 Jul 14 ] | ||||||||||||
Please correct me if I'm wrong. Here is your configuration:
You are sending values for host B from host A using PSK identity and PSK of host A. And Zabbix server rejects them, right? | ||||||||||||
Comment by Dmitry Verkhoturov [ 2018 Jul 14 ] | ||||||||||||
Yes, that's correct. Gleb, are you back? | ||||||||||||
Comment by Glebs Ivanovskis [ 2018 Jul 17 ] | ||||||||||||
Sort of. There is a slight difference between glebs.ivanovskis and me – I am a regular community member just like you. Even though Zabbix server can decipher values for host B using credentials of host A does not mean that it should process them as if it is a normal situation. While it may work when both A and B are monitored by server directly, this will inevitably break when A and B will be moved to different proxies. Such "accidental" breakage with no visible reason would produce a really bad user experience. | ||||||||||||
Comment by Dmitry Verkhoturov [ 2018 Jul 18 ] | ||||||||||||
Sounds reasonable, if that's company position as well - I think it could be closed as "Won't fix". |