Improved password usage in MySQL tools

proxy-mysql/alpine/docker-entrypoint.sh

@@ -222,11 +222,15 @@ check_db_connect_mysql() {
 
     ssl_opts="$(db_tls_params)"
 
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
     while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
-                --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
+                --silent --connect_timeout=10 $ssl_opts)" ]; do
         echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
         sleep $WAIT_TIMEOUT
     done
+
+    unset MYSQL_PWD
 }
 
 mysql_query() {
@@ -235,8 +239,12 @@ mysql_query() {
 
     ssl_opts="$(db_tls_params)"
 
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
     result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-             -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
+             -u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
+
+    unset MYSQL_PWD
 
     echo $result
 }
@@ -283,10 +291,14 @@ create_db_schema_mysql() {
 
         ssl_opts="$(db_tls_params)"
 
+        export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
         zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
                     -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-                    -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
+                    -u ${DB_SERVER_ROOT_USER} $ssl_opts \
                     ${DB_SERVER_DBNAME} 1>/dev/null
+
+        unset MYSQL_PWD
     fi
 }
 

proxy-mysql/centos/docker-entrypoint.sh

@@ -181,11 +181,8 @@ db_tls_params() {
     local result=""
 
     if [ -n "${ZBX_DBTLSCONNECT}" ]; then
-        result="--ssl"
-
-        if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
-            result="${result} --ssl-verify-server-cert"
-        fi
+        ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
+        result="--ssl-mode=$ssl_mode"
 
         if [ -n "${ZBX_DBTLSCAFILE}" ]; then
             result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
@@ -223,11 +220,15 @@ check_db_connect_mysql() {
 
     ssl_opts="$(db_tls_params)"
 
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
     while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
-                --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
+                --silent --connect_timeout=10 $ssl_opts)" ]; do
         echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
         sleep $WAIT_TIMEOUT
     done
+
+    unset MYSQL_PWD
 }
 
 mysql_query() {
@@ -236,8 +237,12 @@ mysql_query() {
 
     ssl_opts="$(db_tls_params)"
 
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
     result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-             -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
+             -u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
+
+    unset MYSQL_PWD
 
     echo $result
 }
@@ -284,10 +289,14 @@ create_db_schema_mysql() {
 
         ssl_opts="$(db_tls_params)"
 
+        export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
         zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
                     -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-                    -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \
+                    -u ${DB_SERVER_ROOT_USER} $ssl_opts \
                     ${DB_SERVER_DBNAME} 1>/dev/null
+
+        unset MYSQL_PWD
     fi
 }
 

proxy-mysql/ubuntu/docker-entrypoint.sh

@@ -218,12 +218,16 @@ check_db_connect_mysql() {
     WAIT_TIMEOUT=5
 
     ssl_opts="$(db_tls_params)"
+    
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
 
     while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
-                --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
+                --silent --connect_timeout=10 $ssl_opts)" ]; do
         echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
         sleep $WAIT_TIMEOUT
     done
+
+    unset MYSQL_PWD
 }
 
 mysql_query() {
@@ -232,8 +236,12 @@ mysql_query() {
 
     ssl_opts="$(db_tls_params)"
 
+    export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
     result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-             -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
+             -u ${DB_SERVER_ROOT_USER} -e "$query" $ssl_opts)
+
+    unset MYSQL_PWD
 
     echo $result
 }
@@ -280,10 +288,14 @@ create_db_schema_mysql() {
 
         ssl_opts="$(db_tls_params)"
 
+        export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
         zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
                     -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-                    -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts  \
+                    -u ${DB_SERVER_ROOT_USER} $ssl_opts  \
                     ${DB_SERVER_DBNAME} 1>/dev/null
+
+        unset MYSQL_PWD
     fi
 }