Improved password usage in MySQL tools

This commit is contained in:
Alexey Pustovalov 2020-09-08 17:41:01 -04:00
commit 0d9c30f10c
13 changed files with 142 additions and 50 deletions

View File

@ -6,10 +6,10 @@ on:
- published
push:
branches:
- 3.0
- 4.0
- 5.0
- trunk
- '3.0'
- '4.0'
- '5.0'
- 'trunk'
paths-ignore:
- '.env*'
- 'docker-compose*.yaml'
@ -23,7 +23,7 @@ defaults:
jobs:
build:
env:
LATEST_BRANCH: "${{ github.event.repository.master_branch }}"
LATEST_BRANCH: "${{ github.event.repository.default_branch }}"
DOCKER_REPOSITORY: "zabbix"
strategy:
fail-fast: false
@ -108,7 +108,7 @@ jobs:
GIT_BRANCH="${{ github.ref }}"
GIT_BRANCH=${GIT_BRANCH:11}
echo "::warning Branch - ${GIT_BRANCH}"
echo "::debug::Branch - ${GIT_BRANCH}"
if [ "${GIT_BRANCH}" == "trunk" ]; then
TAGS_ARRAY+=("$IMAGE_NAME:${{ matrix.os }}-${GIT_BRANCH}")
@ -126,7 +126,7 @@ jobs:
TAGS=$(printf -- "--tag %s " "${TAGS_ARRAY[@]}")
echo "::warning Tags - ${TAGS}"
echo "::debug::Tags - ${TAGS}"
echo ::set-output name=image_name::${IMAGE_NAME}
echo ::set-output name=image_tag_versions::$(printf -- "|%s" "${TAGS_ARRAY[@]}")
@ -137,7 +137,7 @@ jobs:
--file ./${{ matrix.build }}/${{ matrix.os }}/Dockerfile ./${{ matrix.build }}/${{ matrix.os }}
- name: Prepare environment (release)
if: github.event_name == 'release' && github.event.action == 'created'
if: github.event_name == 'release' && github.event.action == 'published'
id: prepare_release
run: |
TAGS_ARRAY=()
@ -147,7 +147,7 @@ jobs:
RELEASE_VERSION=${RELEASE_VERSION:10}
GIT_BRANCH=${RELEASE_VERSION%.*}
echo "::warning Release version ${RELEASE_VERSION}. Branch ${GIT_BRANCH}"
echo "::debug::Release version ${RELEASE_VERSION}. Branch ${GIT_BRANCH}"
TAGS_ARRAY+=("$IMAGE_NAME:${{ matrix.os }}-${RELEASE_VERSION}")
@ -173,6 +173,8 @@ jobs:
BUILDX_ARGS="${{ steps.prepare_push.outputs.buildx_args }}"
elif [ ! -z "${{ steps.prepare_release.outputs.buildx_args }}" ]; then
BUILDX_ARGS="${{ steps.prepare_release.outputs.buildx_args }}"
else
exit 1
fi
docker buildx build --cache-to "type=local,dest=/tmp/.buildx-cache" \
@ -198,20 +200,20 @@ jobs:
fi
docker buildx build --cache-from "type=local,src=/tmp/.buildx-cache" \
--output "type=image,push=true" \
--output "type=image,push=${{ secrets.AUTO_PUSH_IMAGES }}" \
${BUILDX_ARGS}
- name: Inspect images
run: |
echo "::warning push - ${{ steps.prepare_push.outputs.buildx_args }}"
echo "::warning release - ${{ steps.prepare_release.outputs.buildx_args }}"
echo "::debug::push - ${{ steps.prepare_push.outputs.buildx_args }}"
echo "::debug::release - ${{ steps.prepare_release.outputs.buildx_args }}"
if [ ! -z "${{ steps.prepare_push.outputs.image_tag_versions }}" ]; then
IMAGE_TAG_VERSIONS="${{ steps.prepare_push.outputs.image_tag_versions }}"
echo "::warning tags push raw - $IMAGE_TAG_VERSIONS"
echo "::debug::tags push raw - $IMAGE_TAG_VERSIONS"
elif [ ! -z "${{ steps.prepare_release.outputs.image_tag_versions }}" ]; then
IMAGE_TAG_VERSIONS="${{ steps.prepare_release.outputs.image_tag_versions }}"
echo "::warning tags release raw - $IMAGE_TAG_VERSIONS"
echo "::debug::tags release raw - $IMAGE_TAG_VERSIONS"
fi
IMAGE_TAG_VERSIONS=${IMAGE_TAG_VERSIONS%%+(|)}

View File

@ -222,11 +222,15 @@ check_db_connect_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -235,8 +239,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -283,10 +291,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -181,11 +181,8 @@ db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
result="--ssl-mode=$ssl_mode"
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
@ -223,11 +220,15 @@ check_db_connect_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -236,8 +237,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -284,10 +289,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -218,12 +218,16 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -232,8 +236,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -280,10 +288,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -217,11 +217,15 @@ check_db_connect_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -230,8 +234,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -278,10 +286,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -176,11 +176,8 @@ db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
result="--ssl-mode=$ssl_mode"
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
@ -217,11 +214,15 @@ check_db_connect_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -230,8 +231,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -278,10 +283,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -214,11 +214,15 @@ check_db_connect_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
mysql_query() {
@ -227,8 +231,12 @@ mysql_query() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
-u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
unset MYSQL_PWD
echo $result
}
@ -275,10 +283,14 @@ create_db_schema_mysql() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
-u ${DB_SERVER_ROOT_USER} $ssl_opts \
${DB_SERVER_DBNAME} 1>/dev/null
unset MYSQL_PWD
fi
}

View File

@ -195,11 +195,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {

View File

@ -158,7 +158,7 @@ db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
result="--ssl-mode=required"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
@ -195,11 +195,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {

View File

@ -195,11 +195,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {

View File

@ -214,11 +214,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {

View File

@ -176,7 +176,7 @@ db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
result="--ssl-mode=required"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
@ -214,11 +214,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {

View File

@ -214,11 +214,15 @@ check_db_connect() {
ssl_opts="$(db_tls_params)"
export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
--silent --connect_timeout=10 $ssl_opts)" ]; do
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset MYSQL_PWD
}
prepare_web_server() {