Update to 2022-03-21 17:00

roles/zabbix_server/tasks/conf.yml

@@ -1,5 +1,30 @@
 ---
 
+- name: Create a selfsigned cert for SAML auth
+  import_tasks: ../includes/create_selfsigned_cert.yml
+  vars:
+    - cert_path: /etc/zabbix/ssl/sp.crt
+    - cert_key_path: /etc/zabbix/ssl/sp.key
+    - cert_key_group: apache
+    - cert_key_mode: '640'
+  tags: zabbix
+
+- name: Read SAML certificate
+  shell: cat /etc/zabbix/ssl/sp.crt | perl -e 'my $out; while (<STDIN>){ next if /^\-\-\-\-\-(END|BEGIN) CERTIFICATE/; chomp; $out .= $_; }; print $out'
+  changed_when: False
+  register: zabbix_server_saml_sp_cert
+  tags: zabbix
+
+- name: Deploy SAML IDP certificate
+  copy: content={{ zabbix_server_saml_idp_cert }} dest=/etc/zabbix/ssl/idp.crt mode=644
+  when: zabbix_server_saml_idp_cert is defined
+  tags: zabbix
+
+- name: Deploy SAML metadata
+  template: src=saml_metadata.xml.j2 dest=/usr/share/zabbix/saml-metadata.xml
+  when: zabbix_server_public_url is defined
+  tags: zabbix
+
 - name: Deploy patrix configuration file
   template: src=patrixrc.j2 dest=/var/lib/zabbix/.patrixrc owner=zabbix group=zabbix mode=600
   when: (zabbix_server_matrix_user is defined and zabbix_server_matrix_pass is defined) or zabbix_server_matrix_access_token is defined

roles/zabbix_server/tasks/directories.yml

@@ -10,6 +10,10 @@
       owner: apache
       group: apache
       mode: 700
+    - dir: /etc/zabbix/ssl
+      owner: root
+      group: apache
+      mode: 750
   tags: zabbix
 
   #- name: Ensure proper permission on the web config dir