Added CyberArk vault

This commit is contained in:
Alexey Pustovalov
2023-01-22 17:11:51 +09:00
parent 2d2ef681c2
commit 700558ecd7
51 changed files with 244 additions and 14 deletions

View File

@ -27,9 +27,14 @@ $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.

View File

@ -195,9 +195,12 @@ prepare_zbx_web_config() {
: ${ZBX_DB_VERIFY_HOST:="false"}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
export ZBX_VAULT=${ZBX_VAULT}
export ZBX_VAULTURL=${ZBX_VAULTURL}
export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}

View File

@ -27,9 +27,14 @@ $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.

View File

@ -195,9 +195,12 @@ prepare_zbx_web_config() {
: ${ZBX_DB_VERIFY_HOST:="false"}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
export ZBX_VAULT=${ZBX_VAULT}
export ZBX_VAULTURL=${ZBX_VAULTURL}
export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}

View File

@ -27,9 +27,14 @@ $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.

View File

@ -195,9 +195,12 @@ prepare_zbx_web_config() {
: ${ZBX_DB_VERIFY_HOST:="false"}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
export ZBX_VAULT=${ZBX_VAULT}
export ZBX_VAULTURL=${ZBX_VAULTURL}
export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}

View File

@ -27,9 +27,14 @@ $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.

View File

@ -195,9 +195,12 @@ prepare_zbx_web_config() {
: ${ZBX_DB_VERIFY_HOST:="false"}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
export ZBX_VAULT=${ZBX_VAULT}
export ZBX_VAULTURL=${ZBX_VAULTURL}
export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}

View File

@ -27,9 +27,14 @@ $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.

View File

@ -195,9 +195,12 @@ prepare_zbx_web_config() {
: ${ZBX_DB_VERIFY_HOST:="false"}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
export ZBX_VAULT=${ZBX_VAULT}
export ZBX_VAULTURL=${ZBX_VAULTURL}
export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}