[ZBXNEXT-4574] Zabbix Sender as Proxy with TLS support Created: 2018 May 28 Updated: 2018 May 29 |
|
Status: | Open |
Project: | ZABBIX FEATURE REQUESTS |
Component/s: | Proxy (P) |
Affects Version/s: | 3.4.8 |
Fix Version/s: | None |
Type: | Change Request | Priority: | Minor |
Reporter: | Onno Steenbergen | Assignee: | Andris Zeila |
Resolution: | Unresolved | Votes: | 1 |
Labels: | encryption, proxy, sender | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently zabbix_sender with TLS requires you to set PSK/CA on each host. For proxies you are allowed to configure a single PSK/CA as they execute instructions received from the server. As a feature request I would like zabbix_sender to have an option to act like a proxy (single psk/ca for the machine sending the data) Detailed use-case: We are running a configuration system which also gathers statistics and uploads them to a customer specific zabbix installation. If device A of customer A reports its statistics it gets uploaded via zabbix_sender to zabbix instance A, if device B of customer B it goes to zabbix B, etc. To enable TLS for this communication would require all hosts to have the PSK/CA set to the same value at least on the same server. Assigning each host a unique value will require complex a complex administration system (more than 100.000 hosts on less than 100 servers) |
Comments |
Comment by Onno Steenbergen [ 2018 May 29 ] |
I build a proof-of-concept version of zabbix_sender that uses the proxy "history data" call and the TLS part works. I could share a patch file if needed, however the PoC version didn't solve my use-case. A proxy can only add data to specific hosts and must execute all items. One a hosts is marked as monitored by a proxy the server will not execute checks like icmpping. So the feature request would require a server change to allow a 'trapper proxy' to be able to write to all hosts without requiring all proxy features. In summary: I would like to be able to use Zabbix Sender as I currently do but with TLS without hosts specific configuration. |