From 62555ae78b5e02ac6a1817c7fc8041987f82960a Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 25 Aug 2020 07:36:59 -0400 Subject: [PATCH] Fixed MySQL SSL options parsing for MySQL 8.0 client --- .env_srv | 2 +- agent/centos/Dockerfile | 4 ++-- java-gateway/centos/Dockerfile | 4 ++-- proxy-mysql/centos/Dockerfile | 6 +++--- proxy-mysql/ubuntu/docker-entrypoint.sh | 9 ++++++--- proxy-sqlite3/centos/Dockerfile | 4 ++-- server-mysql/centos/Dockerfile | 6 +++--- server-mysql/centos/docker-entrypoint.sh | 15 ++++++++++++--- server-mysql/rhel/docker-entrypoint.sh | 15 ++++++++++++--- server-mysql/ubuntu/docker-entrypoint.sh | 9 ++++++--- server-pgsql/centos/Dockerfile | 4 ++-- web-apache-mysql/centos/Dockerfile | 2 +- web-apache-mysql/ubuntu/docker-entrypoint.sh | 6 +++++- web-apache-pgsql/centos/Dockerfile | 2 +- web-nginx-mysql/centos/Dockerfile | 2 +- web-nginx-mysql/ubuntu/docker-entrypoint.sh | 6 +++++- web-nginx-pgsql/centos/Dockerfile | 2 +- zabbix-appliance/rhel/Dockerfile | 2 +- 18 files changed, 66 insertions(+), 34 deletions(-) diff --git a/.env_srv b/.env_srv index 8a6ddbb3b..45b034064 100644 --- a/.env_srv +++ b/.env_srv @@ -1,7 +1,7 @@ # ZBX_LISTENIP= # ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5 # ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.5 -# ZBX_DBTLSCONNECT=require # Available since 5.0.0 +# ZBX_DBTLSCONNECT=required # Available since 5.0.0 # ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0 # ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0 # ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0 diff --git a/agent/centos/Dockerfile b/agent/centos/Dockerfile index e64f37600..34e2b7e9b 100644 --- a/agent/centos/Dockerfile +++ b/agent/centos/Dockerfile @@ -23,7 +23,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/enc && \ mkdir -p /var/lib/zabbix/modules && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ libcurl-minimal \ openssl-libs && \ curl -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" -o /sbin/tini && \ @@ -56,7 +56,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati RUN set -eux && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ pcre-devel \ diff --git a/java-gateway/centos/Dockerfile b/java-gateway/centos/Dockerfile index 0f5bd4962..567c6eadc 100644 --- a/java-gateway/centos/Dockerfile +++ b/java-gateway/centos/Dockerfile @@ -18,7 +18,7 @@ RUN set -eux && \ mkdir -p /etc/zabbix/ && \ mkdir -p /usr/sbin/zabbix_java/ && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ java-1.8.0-openjdk-headless && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ @@ -38,7 +38,7 @@ COPY ["conf/etc/", "/etc/"] RUN set -eux && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ java-1.8.0-openjdk-devel \ diff --git a/proxy-mysql/centos/Dockerfile b/proxy-mysql/centos/Dockerfile index e58afa509..e1eb0878f 100644 --- a/proxy-mysql/centos/Dockerfile +++ b/proxy-mysql/centos/Dockerfile @@ -32,7 +32,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ dnf --quiet makecache && \ dnf -y install http://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm --setopt=tsflags=nodocs && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ libcurl-minimal \ libevent \ libssh \ @@ -76,7 +76,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati RUN set -eux && \ sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ gcc \ @@ -86,7 +86,7 @@ RUN set -eux && \ libssh-devel \ libxml2-devel \ make \ - mariadb-devel \ + mariadb-connector-c-devel \ net-snmp-devel \ OpenIPMI-devel \ openldap-devel \ diff --git a/proxy-mysql/ubuntu/docker-entrypoint.sh b/proxy-mysql/ubuntu/docker-entrypoint.sh index ba066f813..3ff1f5c28 100755 --- a/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -195,7 +195,8 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ @@ -210,7 +211,8 @@ mysql_query() { local result="" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ @@ -260,7 +262,8 @@ create_db_schema_mysql() { echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \ diff --git a/proxy-sqlite3/centos/Dockerfile b/proxy-sqlite3/centos/Dockerfile index 9119ecb55..0f49680bc 100644 --- a/proxy-sqlite3/centos/Dockerfile +++ b/proxy-sqlite3/centos/Dockerfile @@ -32,7 +32,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-proxy-sqlite3 && \ dnf --quiet makecache && \ dnf -y install http://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm --setopt=tsflags=nodocs && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ libcurl-minimal \ libevent \ libssh \ @@ -75,7 +75,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati RUN set -eux && \ sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ gcc \ diff --git a/server-mysql/centos/Dockerfile b/server-mysql/centos/Dockerfile index 8f0816e56..9385850a8 100644 --- a/server-mysql/centos/Dockerfile +++ b/server-mysql/centos/Dockerfile @@ -34,7 +34,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ dnf --quiet makecache && \ dnf -y install --setopt=tsflags=nodocs http://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ iputils \ traceroute \ libcurl-minimal \ @@ -80,7 +80,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati RUN set -eux && \ sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \ dnf --quiet makecache && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ gcc \ @@ -90,7 +90,7 @@ RUN set -eux && \ libssh-devel \ libxml2-devel \ make \ - mariadb-devel \ + mariadb-connector-c-devel \ net-snmp-devel \ OpenIPMI-devel \ openldap-devel \ diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index 755c64913..475135635 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -190,7 +190,10 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ @@ -205,7 +208,10 @@ mysql_query() { local result="" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ @@ -255,7 +261,10 @@ create_db_schema_mysql() { echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ diff --git a/server-mysql/rhel/docker-entrypoint.sh b/server-mysql/rhel/docker-entrypoint.sh index 755c64913..475135635 100755 --- a/server-mysql/rhel/docker-entrypoint.sh +++ b/server-mysql/rhel/docker-entrypoint.sh @@ -190,7 +190,10 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ @@ -205,7 +208,10 @@ mysql_query() { local result="" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ @@ -255,7 +261,10 @@ create_db_schema_mysql() { echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ diff --git a/server-mysql/ubuntu/docker-entrypoint.sh b/server-mysql/ubuntu/docker-entrypoint.sh index 22b595854..94aaef87d 100755 --- a/server-mysql/ubuntu/docker-entrypoint.sh +++ b/server-mysql/ubuntu/docker-entrypoint.sh @@ -190,7 +190,8 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ @@ -205,7 +206,8 @@ mysql_query() { local result="" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ @@ -255,7 +257,8 @@ create_db_schema_mysql() { echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity} + ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" fi zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ diff --git a/server-pgsql/centos/Dockerfile b/server-pgsql/centos/Dockerfile index e2b498aba..10591ff12 100644 --- a/server-pgsql/centos/Dockerfile +++ b/server-pgsql/centos/Dockerfile @@ -34,7 +34,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ dnf --quiet makecache && \ dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/7/x86_64/fping-3.10-1.el7.x86_64.rpm && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ iputils \ traceroute \ libcurl-minimal \ @@ -81,7 +81,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati RUN set -eux && \ sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \ dnf --quiet makecache && \ - dnf -y install \ + dnf -y install -setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ autoconf \ automake \ gcc \ diff --git a/web-apache-mysql/centos/Dockerfile b/web-apache-mysql/centos/Dockerfile index ce7106ba2..9f1748924 100644 --- a/web-apache-mysql/centos/Dockerfile +++ b/web-apache-mysql/centos/Dockerfile @@ -63,7 +63,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ glibc-locale-source && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ gettext \ git && \ cd /usr/share/ && \ diff --git a/web-apache-mysql/ubuntu/docker-entrypoint.sh b/web-apache-mysql/ubuntu/docker-entrypoint.sh index 153a87292..1e31fb18c 100755 --- a/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -171,8 +171,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl-mode=required --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done diff --git a/web-apache-pgsql/centos/Dockerfile b/web-apache-pgsql/centos/Dockerfile index 8c12110e1..c9ffce407 100644 --- a/web-apache-pgsql/centos/Dockerfile +++ b/web-apache-pgsql/centos/Dockerfile @@ -63,7 +63,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ glibc-locale-source && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ gettext \ git && \ cd /usr/share/ && \ diff --git a/web-nginx-mysql/centos/Dockerfile b/web-nginx-mysql/centos/Dockerfile index ccc96ec0d..8835d638b 100644 --- a/web-nginx-mysql/centos/Dockerfile +++ b/web-nginx-mysql/centos/Dockerfile @@ -55,7 +55,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ glibc-locale-source && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ gettext \ git && \ cd /usr/share/ && \ diff --git a/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/web-nginx-mysql/ubuntu/docker-entrypoint.sh index f4731c7d7..09c0fc988 100755 --- a/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -190,8 +190,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl-mode=required --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done diff --git a/web-nginx-pgsql/centos/Dockerfile b/web-nginx-pgsql/centos/Dockerfile index 1d311d210..041a6ab9c 100644 --- a/web-nginx-pgsql/centos/Dockerfile +++ b/web-nginx-pgsql/centos/Dockerfile @@ -55,7 +55,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ glibc-locale-source && \ - dnf -y install --setopt=tsflags=nodocs \ + dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ gettext \ git && \ cd /usr/share/ && \ diff --git a/zabbix-appliance/rhel/Dockerfile b/zabbix-appliance/rhel/Dockerfile index c63f4e882..67edb9019 100644 --- a/zabbix-appliance/rhel/Dockerfile +++ b/zabbix-appliance/rhel/Dockerfile @@ -131,7 +131,7 @@ RUN set -eux && REPOLIST="rhel-8-for-x86_64-baseos-rpms,rhel-8-for-x86_64-appstr libssh-devel \ libxml2-devel \ make \ - mariadb-devel \ + mariadb-connector-c-devel \ pcre-devel \ net-snmp-devel \ # OpenIPMI-devel \