community.zabbix.zabbix_mfa module – Create/update/delete Zabbix MFA method

Note

This module is part of the community.zabbix collection (version 3.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.zabbix. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.zabbix.zabbix_mfa.

New in community.zabbix 3.1.0

Synopsis

  • This module allows you to create, update and delete Zabbix MFA method.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.11

Parameters

Parameter

Comments

api_hostname

string

API hostname provided by the Duo authentication service.

Required when method_type=duo_universal_prompt.

client_secret

string

Client secret provided by the Duo authentication service.

Required when method_type=duo_universal_prompt.

clientid

string

Client ID provided by the Duo authentication service.

Required when method_type=duo_universal_prompt.

code_length

integer

Verification code length.

Required when method_type=totp.

Choices:

  • 6

  • 8

hash_function

string

Type of the hash function for generating TOTP codes.

Required when method_type=totp.

Choices:

  • "sha-1"

  • "sha-256"

  • "sha-512"

http_login_password

string

Basic Auth password

http_login_user

string

Basic Auth login

method_type

string

A type of this MFA method

Choices:

  • "totp"

  • "duo_universal_prompt"

name

string / required

Name of this MFA method

state

string

State of this MFA.

Choices:

  • "present" ← (default)

  • "absent"

Notes

Note

  • Only Zabbix >= 7.0 is supported.

  • This module returns changed=true when method_type is duo_universal_prompt as Zabbix API will not return any sensitive information back for module to compare.

Examples

# If you want to use Username and Password to be authenticated by Zabbix Server
- name: Set credentials to access Zabbix Server API
  ansible.builtin.set_fact:
    ansible_user: Admin
    ansible_httpapi_pass: zabbix

# If you want to use API token to be authenticated by Zabbix Server
# https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens
- name: Set API token
  ansible.builtin.set_fact:
    ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895

- name: Create a 'Zabbix TOTP' MFA method
  # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_mfa:
    name: Zabbix TOTP
    method_type: totp
    hash_function: sha-1
    code_length: 6

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

msg

string

The result of the creating operation

Returned: success

Sample: "Successfully created MFA method"

Authors

  • ONODERA Masaru(@masa-orca)