From 20cfe04184472bdaeecf9caf74bb4a5684312396 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Sun, 14 Jul 2019 00:50:22 +0300 Subject: [PATCH] Added secrets for Zabbix images --- .MYSQL_PASSWORD | 1 + .MYSQL_ROOT_PASSWORD | 1 + .MYSQL_USER | 1 + .POSTGRES_PASSWORD | 1 + .POSTGRES_USER | 1 + .env_db_mysql | 9 ++-- .env_db_mysql_proxy | 3 ++ .env_db_pgsql | 2 + agent/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- agent/centos/docker-entrypoint.sh | 42 ++++++++++++++++- agent/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- docker-compose_v3_alpine_mysql_latest.yaml | 38 ++++++++++++---- docker-compose_v3_alpine_mysql_local.yaml | 38 ++++++++++++---- docker-compose_v3_alpine_pgsql_latest.yaml | 48 ++++++++++++++++---- docker-compose_v3_alpine_pgsql_local.yaml | 48 ++++++++++++++++---- docker-compose_v3_centos_mysql_latest.yaml | 38 ++++++++++++---- docker-compose_v3_centos_mysql_local.yaml | 38 ++++++++++++---- docker-compose_v3_centos_pgsql_latest.yaml | 48 ++++++++++++++++---- docker-compose_v3_centos_pgsql_local.yaml | 48 ++++++++++++++++---- docker-compose_v3_ubuntu_mysql_latest.yaml | 22 +++++++++ docker-compose_v3_ubuntu_mysql_local.yaml | 22 +++++++++ docker-compose_v3_ubuntu_pgsql_latest.yaml | 48 ++++++++++++++++---- docker-compose_v3_ubuntu_pgsql_local.yaml | 48 ++++++++++++++++---- java-gateway/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- java-gateway/centos/docker-entrypoint.sh | 42 ++++++++++++++++- java-gateway/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-mysql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-mysql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-mysql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-sqlite3/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-sqlite3/centos/docker-entrypoint.sh | 42 ++++++++++++++++- proxy-sqlite3/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- server-mysql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- server-mysql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- server-mysql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- server-pgsql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- server-pgsql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- server-pgsql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-mysql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-mysql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-mysql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-pgsql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-pgsql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- web-apache-pgsql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-mysql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-mysql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-mysql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-pgsql/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-pgsql/centos/docker-entrypoint.sh | 42 ++++++++++++++++- web-nginx-pgsql/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- zabbix-appliance/alpine/docker-entrypoint.sh | 42 ++++++++++++++++- zabbix-appliance/centos/docker-entrypoint.sh | 42 ++++++++++++++++- zabbix-appliance/rhel/docker-entrypoint.sh | 42 ++++++++++++++++- zabbix-appliance/ubuntu/docker-entrypoint.sh | 42 ++++++++++++++++- 54 files changed, 1814 insertions(+), 117 deletions(-) create mode 100644 .MYSQL_PASSWORD create mode 100644 .MYSQL_ROOT_PASSWORD create mode 100644 .MYSQL_USER create mode 100644 .POSTGRES_PASSWORD create mode 100644 .POSTGRES_USER diff --git a/.MYSQL_PASSWORD b/.MYSQL_PASSWORD new file mode 100644 index 000000000..c0a588667 --- /dev/null +++ b/.MYSQL_PASSWORD @@ -0,0 +1 @@ +zabbix \ No newline at end of file diff --git a/.MYSQL_ROOT_PASSWORD b/.MYSQL_ROOT_PASSWORD new file mode 100644 index 000000000..4023e5837 --- /dev/null +++ b/.MYSQL_ROOT_PASSWORD @@ -0,0 +1 @@ +root_pwd \ No newline at end of file diff --git a/.MYSQL_USER b/.MYSQL_USER new file mode 100644 index 000000000..c0a588667 --- /dev/null +++ b/.MYSQL_USER @@ -0,0 +1 @@ +zabbix \ No newline at end of file diff --git a/.POSTGRES_PASSWORD b/.POSTGRES_PASSWORD new file mode 100644 index 000000000..c0a588667 --- /dev/null +++ b/.POSTGRES_PASSWORD @@ -0,0 +1 @@ +zabbix \ No newline at end of file diff --git a/.POSTGRES_USER b/.POSTGRES_USER new file mode 100644 index 000000000..c0a588667 --- /dev/null +++ b/.POSTGRES_USER @@ -0,0 +1 @@ +zabbix \ No newline at end of file diff --git a/.env_db_mysql b/.env_db_mysql index c75c87522..b99a8d009 100644 --- a/.env_db_mysql +++ b/.env_db_mysql @@ -1,11 +1,14 @@ # DB_SERVER_HOST=mysql-server # DB_SERVER_PORT=3306 # MYSQL_USER=zabbix -MYSQL_USER=zabbix +# MYSQL_USER=zabbix +MYSQL_USER_FILE=/run/secrets/MYSQL_USER # MYSQL_PASSWORD=zabbix -MYSQL_PASSWORD=zabbix +# MYSQL_PASSWORD=zabbix +MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD # MYSQL_ROOT_PASSWORD= -MYSQL_ROOT_PASSWORD=root_pwd +# MYSQL_ROOT_PASSWORD=root_pwd +MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD # MYSQL_ALLOW_EMPTY_PASSWORD=false # MYSQL_DATABASE=zabbix MYSQL_DATABASE=zabbix diff --git a/.env_db_mysql_proxy b/.env_db_mysql_proxy index cd600e3b6..1a12b5bf8 100644 --- a/.env_db_mysql_proxy +++ b/.env_db_mysql_proxy @@ -2,10 +2,13 @@ # DB_SERVER_PORT=3306 # MYSQL_USER=zabbix MYSQL_USER=zabbix +# MYSQL_USER_FILE=/run/secrets/MYSQL_USER # MYSQL_PASSWORD=zabbix MYSQL_PASSWORD=zabbix +# MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD # MYSQL_ROOT_PASSWORD= MYSQL_ROOT_PASSWORD=root_pwd +# MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD # MYSQL_ALLOW_EMPTY_PASSWORD=false # MYSQL_DATABASE=zabbix_proxy MYSQL_DATABASE=zabbix_proxy diff --git a/.env_db_pgsql b/.env_db_pgsql index 6cef2214a..e9916f98a 100644 --- a/.env_db_pgsql +++ b/.env_db_pgsql @@ -2,8 +2,10 @@ # DB_SERVER_PORT=5432 # POSTGRES_USER=zabbix POSTGRES_USER=zabbix +# POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER # POSTGRES_PASSWORD=zabbix POSTGRES_PASSWORD=zabbix +# POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD # POSTGRES_DB=zabbix POSTGRES_DB=zabbix # DB_SERVER_SCHEMA=public diff --git a/agent/alpine/docker-entrypoint.sh b/agent/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/agent/alpine/docker-entrypoint.sh +++ b/agent/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/agent/centos/docker-entrypoint.sh b/agent/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/agent/centos/docker-entrypoint.sh +++ b/agent/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/agent/ubuntu/docker-entrypoint.sh b/agent/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/agent/ubuntu/docker-entrypoint.sh +++ b/agent/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/docker-compose_v3_alpine_mysql_latest.yaml b/docker-compose_v3_alpine_mysql_latest.yaml index 55fe677c3..93b3fffa6 100644 --- a/docker-compose_v3_alpine_mysql_latest.yaml +++ b/docker-compose_v3_alpine_mysql_latest.yaml @@ -33,6 +33,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -56,7 +60,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -107,7 +111,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "alpine" @@ -160,7 +164,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -188,6 +192,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -210,7 +217,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -239,6 +246,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -261,7 +271,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -303,7 +313,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "alpine" @@ -330,7 +340,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "alpine" @@ -357,7 +367,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -368,6 +378,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -400,3 +414,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_alpine_mysql_local.yaml b/docker-compose_v3_alpine_mysql_local.yaml index da8b4b01f..17cd913ee 100644 --- a/docker-compose_v3_alpine_mysql_local.yaml +++ b/docker-compose_v3_alpine_mysql_local.yaml @@ -37,6 +37,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -60,7 +64,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -115,7 +119,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "alpine" @@ -172,7 +176,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -204,6 +208,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -226,7 +233,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -259,6 +266,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -281,7 +291,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -327,7 +337,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "alpine" @@ -358,7 +368,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "alpine" @@ -389,7 +399,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -400,6 +410,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -432,3 +446,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index 2eb4471a5..88c43486a 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -33,6 +33,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -56,7 +59,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "alpine" @@ -107,7 +110,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "alpine" @@ -145,6 +148,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -160,7 +167,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -188,6 +195,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -210,7 +220,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -239,6 +249,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -261,7 +274,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -303,7 +316,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "alpine" @@ -330,7 +343,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "alpine" @@ -357,7 +370,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -368,6 +381,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -383,6 +400,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -420,3 +440,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/docker-compose_v3_alpine_pgsql_local.yaml b/docker-compose_v3_alpine_pgsql_local.yaml index 85c5d765d..592d5c7ca 100644 --- a/docker-compose_v3_alpine_pgsql_local.yaml +++ b/docker-compose_v3_alpine_pgsql_local.yaml @@ -37,6 +37,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -60,7 +63,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "alpine" @@ -115,7 +118,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "alpine" @@ -157,6 +160,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -172,7 +179,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" @@ -205,6 +212,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -227,7 +237,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -260,6 +270,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -282,7 +295,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -328,7 +341,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "alpine" @@ -359,7 +372,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "alpine" @@ -390,7 +403,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -401,6 +414,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -416,6 +433,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -453,3 +473,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/docker-compose_v3_centos_mysql_latest.yaml b/docker-compose_v3_centos_mysql_latest.yaml index 1fd90a270..180b746bb 100644 --- a/docker-compose_v3_centos_mysql_latest.yaml +++ b/docker-compose_v3_centos_mysql_latest.yaml @@ -33,6 +33,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -56,7 +60,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -107,7 +111,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "centos" @@ -160,7 +164,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -188,6 +192,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -210,7 +217,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -239,6 +246,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -261,7 +271,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -303,7 +313,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "centos" @@ -330,7 +340,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "centos" @@ -357,7 +367,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -368,6 +378,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -400,3 +414,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_centos_mysql_local.yaml b/docker-compose_v3_centos_mysql_local.yaml index d61f46bad..a76f142bd 100644 --- a/docker-compose_v3_centos_mysql_local.yaml +++ b/docker-compose_v3_centos_mysql_local.yaml @@ -37,6 +37,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -60,7 +64,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -115,7 +119,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "centos" @@ -172,7 +176,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -204,6 +208,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -226,7 +233,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -259,6 +266,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -281,7 +291,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -327,7 +337,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "centos" @@ -358,7 +368,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "centos" @@ -389,7 +399,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -400,6 +410,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -432,3 +446,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_centos_pgsql_latest.yaml b/docker-compose_v3_centos_pgsql_latest.yaml index 5ce7a0c2c..1a38b6bb4 100644 --- a/docker-compose_v3_centos_pgsql_latest.yaml +++ b/docker-compose_v3_centos_pgsql_latest.yaml @@ -33,6 +33,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -56,7 +59,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "centos" @@ -107,7 +110,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "centos" @@ -145,6 +148,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -160,7 +167,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -188,6 +195,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -210,7 +220,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -239,6 +249,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -261,7 +274,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -303,7 +316,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "centos" @@ -330,7 +343,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "centos" @@ -357,7 +370,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -368,6 +381,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -383,6 +400,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -420,3 +440,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/docker-compose_v3_centos_pgsql_local.yaml b/docker-compose_v3_centos_pgsql_local.yaml index 0955e5b45..e85a7316f 100644 --- a/docker-compose_v3_centos_pgsql_local.yaml +++ b/docker-compose_v3_centos_pgsql_local.yaml @@ -34,6 +34,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -57,7 +60,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "centos" @@ -109,7 +112,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "centos" @@ -148,6 +151,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -163,7 +170,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" @@ -193,6 +200,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -215,7 +225,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -245,6 +255,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -267,7 +280,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -310,7 +323,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "centos" @@ -338,7 +351,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "centos" @@ -369,7 +382,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -380,6 +393,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -395,6 +412,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -432,3 +452,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/docker-compose_v3_ubuntu_mysql_latest.yaml b/docker-compose_v3_ubuntu_mysql_latest.yaml index cab4013fc..72425def2 100644 --- a/docker-compose_v3_ubuntu_mysql_latest.yaml +++ b/docker-compose_v3_ubuntu_mysql_latest.yaml @@ -32,6 +32,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -184,6 +188,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -234,6 +241,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -362,6 +372,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -394,3 +408,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_ubuntu_mysql_local.yaml b/docker-compose_v3_ubuntu_mysql_local.yaml index 1693630f9..90efb5f09 100644 --- a/docker-compose_v3_ubuntu_mysql_local.yaml +++ b/docker-compose_v3_ubuntu_mysql_local.yaml @@ -36,6 +36,10 @@ services: env_file: - .env_db_mysql - .env_srv + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -200,6 +204,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -254,6 +261,9 @@ services: env_file: - .env_db_mysql - .env_web + secrets: + - MYSQL_USER + - MYSQL_PASSWORD user: root depends_on: - mysql-server @@ -394,6 +404,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -426,3 +440,11 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD diff --git a/docker-compose_v3_ubuntu_pgsql_latest.yaml b/docker-compose_v3_ubuntu_pgsql_latest.yaml index 34a5686f5..03078c108 100644 --- a/docker-compose_v3_ubuntu_pgsql_latest.yaml +++ b/docker-compose_v3_ubuntu_pgsql_latest.yaml @@ -32,6 +32,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -55,7 +58,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "ubuntu" @@ -105,7 +108,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "ubuntu" @@ -142,6 +145,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -157,7 +164,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -184,6 +191,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -206,7 +216,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -234,6 +244,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -256,7 +269,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -297,7 +310,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "ubuntu" @@ -324,7 +337,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "ubuntu" @@ -351,7 +364,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -362,6 +375,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -377,6 +394,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -414,3 +434,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/docker-compose_v3_ubuntu_pgsql_local.yaml b/docker-compose_v3_ubuntu_pgsql_local.yaml index 064e7180f..6d5804926 100644 --- a/docker-compose_v3_ubuntu_pgsql_local.yaml +++ b/docker-compose_v3_ubuntu_pgsql_local.yaml @@ -33,6 +33,9 @@ services: env_file: - .env_db_pgsql - .env_srv + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -56,7 +59,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "pgsql" com.zabbix.os: "ubuntu" @@ -107,7 +110,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "ubuntu" @@ -145,6 +148,10 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root depends_on: - mysql-server @@ -160,7 +167,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -189,6 +196,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -211,7 +221,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "pgsql" @@ -240,6 +250,9 @@ services: env_file: - .env_db_pgsql - .env_web + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root depends_on: - postgres-server @@ -262,7 +275,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "pgsql" @@ -304,7 +317,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "ubuntu" @@ -332,7 +345,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "ubuntu" @@ -360,7 +373,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" @@ -371,6 +384,10 @@ services: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: - .env_db_mysql + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD user: root stop_grace_period: 1m networks: @@ -386,6 +403,9 @@ services: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw env_file: - .env_db_pgsql + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD user: root stop_grace_period: 1m networks: @@ -423,3 +443,15 @@ networks: driver: default config: - subnet: 172.16.239.0/24 + +secrets: + MYSQL_USER: + file: ./.MYSQL_USER + MYSQL_PASSWORD: + file: ./.MYSQL_PASSWORD + MYSQL_ROOT_PASSWORD: + file: ./.MYSQL_ROOT_PASSWORD + POSTGRES_USER: + file: ./.POSTGRES_USER + POSTGRES_PASSWORD: + file: ./.POSTGRES_PASSWORD diff --git a/java-gateway/alpine/docker-entrypoint.sh b/java-gateway/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/java-gateway/alpine/docker-entrypoint.sh +++ b/java-gateway/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/java-gateway/centos/docker-entrypoint.sh b/java-gateway/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/java-gateway/centos/docker-entrypoint.sh +++ b/java-gateway/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/java-gateway/ubuntu/docker-entrypoint.sh b/java-gateway/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/java-gateway/ubuntu/docker-entrypoint.sh +++ b/java-gateway/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-mysql/alpine/docker-entrypoint.sh b/proxy-mysql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-mysql/alpine/docker-entrypoint.sh +++ b/proxy-mysql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-mysql/centos/docker-entrypoint.sh b/proxy-mysql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-mysql/centos/docker-entrypoint.sh +++ b/proxy-mysql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-mysql/ubuntu/docker-entrypoint.sh b/proxy-mysql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-sqlite3/alpine/docker-entrypoint.sh b/proxy-sqlite3/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-sqlite3/alpine/docker-entrypoint.sh +++ b/proxy-sqlite3/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-sqlite3/centos/docker-entrypoint.sh b/proxy-sqlite3/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-sqlite3/centos/docker-entrypoint.sh +++ b/proxy-sqlite3/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/proxy-sqlite3/ubuntu/docker-entrypoint.sh b/proxy-sqlite3/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/proxy-sqlite3/ubuntu/docker-entrypoint.sh +++ b/proxy-sqlite3/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-mysql/alpine/docker-entrypoint.sh b/server-mysql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-mysql/alpine/docker-entrypoint.sh +++ b/server-mysql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-mysql/ubuntu/docker-entrypoint.sh b/server-mysql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-mysql/ubuntu/docker-entrypoint.sh +++ b/server-mysql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-pgsql/alpine/docker-entrypoint.sh b/server-pgsql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-pgsql/alpine/docker-entrypoint.sh +++ b/server-pgsql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-pgsql/centos/docker-entrypoint.sh b/server-pgsql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-pgsql/centos/docker-entrypoint.sh +++ b/server-pgsql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/server-pgsql/ubuntu/docker-entrypoint.sh b/server-pgsql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/server-pgsql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-mysql/alpine/docker-entrypoint.sh b/web-apache-mysql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/web-apache-mysql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-mysql/centos/docker-entrypoint.sh b/web-apache-mysql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-mysql/centos/docker-entrypoint.sh +++ b/web-apache-mysql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-mysql/ubuntu/docker-entrypoint.sh b/web-apache-mysql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-pgsql/alpine/docker-entrypoint.sh b/web-apache-pgsql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-pgsql/centos/docker-entrypoint.sh b/web-apache-pgsql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/web-apache-pgsql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/web-apache-pgsql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-mysql/alpine/docker-entrypoint.sh b/web-nginx-mysql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-mysql/centos/docker-entrypoint.sh b/web-nginx-mysql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/web-nginx-mysql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/web-nginx-mysql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-pgsql/alpine/docker-entrypoint.sh b/web-nginx-pgsql/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-pgsql/centos/docker-entrypoint.sh b/web-nginx-pgsql/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/zabbix-appliance/alpine/docker-entrypoint.sh b/zabbix-appliance/alpine/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/zabbix-appliance/alpine/docker-entrypoint.sh +++ b/zabbix-appliance/alpine/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/zabbix-appliance/centos/docker-entrypoint.sh b/zabbix-appliance/centos/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/zabbix-appliance/centos/docker-entrypoint.sh +++ b/zabbix-appliance/centos/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/zabbix-appliance/rhel/docker-entrypoint.sh b/zabbix-appliance/rhel/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/zabbix-appliance/rhel/docker-entrypoint.sh +++ b/zabbix-appliance/rhel/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} diff --git a/zabbix-appliance/ubuntu/docker-entrypoint.sh b/zabbix-appliance/ubuntu/docker-entrypoint.sh index 57ef1054e..c9922ed9f 100755 --- a/zabbix-appliance/ubuntu/docker-entrypoint.sh +++ b/zabbix-appliance/ubuntu/docker-entrypoint.sh @@ -38,6 +38,37 @@ ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZBX_FRONTEND_PATH="/usr/share/zabbix" +# usage: file_env VAR [DEFAULT] +# as example: file_env 'MYSQL_PASSWORD' 'zabbix' +# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) +# unsets the VAR_FILE afterwards and just leaving VAR +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local defaultValue="${2:-}" + + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo "**** Both variables $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$defaultValue" + + if [ "${!var:-}" ]; then + val="${!var}" + echo "** Using ${var} variable from ENV" + elif [ "${!fileVar:-}" ]; then + if [ ! -f "${!fileVar}" ]; then + echo "**** Secret file \"${!fileVar}\" is not found" + exit 1 + fi + val="$(< "${!fileVar}")" + echo "** Using ${var} variable from secret file" + fi + export "$var"="$val" + unset "$fileVar" +} + configure_db_mysql() { [ "${DB_SERVER_HOST}" != "localhost" ] && return @@ -138,7 +169,7 @@ escape_spec_char() { var_value="${var_value//\[/\\[}" var_value="${var_value//\]/\\]}" - echo $var_value + echo "$var_value" } update_config_var() { @@ -213,6 +244,12 @@ check_variables_mysql() { DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false + file_env MYSQL_USER + file_env MYSQL_PASSWORD + + if [ "$type" != "" ]; then + file_env MYSQL_ROOT_PASSWORD + fi if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -249,6 +286,9 @@ check_variables_mysql() { check_variables_postgresql() { local type=$1 + file_env POSTGRES_USER + file_env POSTGRES_PASSWORD + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"}