Improved password usage in MySQL tools

2025-08-14 02:38:37 +02:00 · 2020-09-08 17:24:29 -04:00
parent 01fe85c395 9af188f2f6
commit 9afb8412c0
15 changed files with 133 additions and 49 deletions
--- a/server-mysql/rhel/docker-entrypoint.sh
+++ b/server-mysql/rhel/docker-entrypoint.sh
@ -176,11 +176,8 @@ db_tls_params() {
    local result=""

    if [ -n "${ZBX_DBTLSCONNECT}" ]; then
-        result="--ssl"
-
-        if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
-            result="${result} --ssl-verify-server-cert"
-        fi
+        ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
+        result="--ssl-mode=$ssl_mode"

        if [ -n "${ZBX_DBTLSCAFILE}" ]; then
            result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
@ -287,10 +284,12 @@ create_db_schema_mysql() {
        ssl_opts="$(db_tls_params)"

        export MYSQL_PWD="${DB_SERVER_ROOT_PASS}"
+
        zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
                    -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
                    -u ${DB_SERVER_ROOT_USER} $ssl_opts  \
                    ${DB_SERVER_DBNAME} 1>/dev/null
+
        unset MYSQL_PWD
    fi
 }