From 9dcf47191a82002825fb5ce157a54f055859b9aa Mon Sep 17 00:00:00 2001 From: root Date: Wed, 26 Aug 2020 22:20:29 +0300 Subject: [PATCH] Added new configuratio options to Zabbix appliance (RHEL) --- .../supervisor/conf.d/supervisord_mysql.conf | 2 +- zabbix-appliance/rhel/docker-entrypoint.sh | 122 ++++++++++-------- 2 files changed, 72 insertions(+), 52 deletions(-) diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf index 608676811..4c3fd6bc5 100644 --- a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf +++ b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf @@ -2,7 +2,7 @@ nodaemon = true [program:mysqld] -command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console +command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=zabbix --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console ;user = zabbix auto_start = true autorestart = true diff --git a/zabbix-appliance/rhel/docker-entrypoint.sh b/zabbix-appliance/rhel/docker-entrypoint.sh index bb5a50cdb..60a9712fc 100755 --- a/zabbix-appliance/rhel/docker-entrypoint.sh +++ b/zabbix-appliance/rhel/docker-entrypoint.sh @@ -76,59 +76,24 @@ escape_spec_char() { echo "$var_value" } -configure_db_mysql() { - [ "${DB_SERVER_HOST}" != "localhost" ] && return - - echo "** Configuring local MySQL server" - - MYSQL_ALLOW_EMPTY_PASSWORD=true - MYSQL_DATA_DIR="/var/lib/mysql" - - MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf" - DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock" - - MYSQLD=/usr/libexec/mysqld - - sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE" - - if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then - [ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR" - - echo "** Installing initial MySQL database schemas" - mysql_install_db --datadir="$MYSQL_DATA_DIR" 2>&1 - else - echo "**** MySQL data directory is not empty. Using already existing installation." - fi - - echo "** Starting MySQL server in background mode" - - if [ "$(id -u)" == '0' ]; then - mysql_user="--user=zabbix" - fi - - nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \ - --log-output=none --pid-file=/var/lib/mysql/mysqld.pid \ - --port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user & -} - -prepare_system() { - echo "** Preparing the system" - - configure_db_mysql -} - update_config_var() { local config_path=$1 local var_name=$2 local var_value=$3 local is_multiple=$4 + local masklist=("DBPassword TLSPSKIdentity") + if [ ! -f "$config_path" ]; then echo "**** Configuration file '$config_path' does not exist" return fi - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + if [[ " ${masklist[@]} " =~ " $var_name " ]] && [ ! -z "$var_value" ]; then + echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..." + else + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." + fi # Remove configuration parameter definition in case of unset parameter value if [ -z "$var_value" ]; then @@ -182,6 +147,52 @@ update_config_multiple_var() { done } +configure_db_mysql() { + [ "${DB_SERVER_HOST}" != "localhost" ] && return + + echo "** Configuring local MySQL server" + + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + echo "**** Encryption with local MySQL instance is not supported" + unset ZBX_DBTLSCONNECT + fi + + MYSQL_ALLOW_EMPTY_PASSWORD=true + MYSQL_DATA_DIR="/var/lib/mysql" + + MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf" + DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock" + + MYSQLD=/usr/libexec/mysqld + + if [ "$(id -u)" == '0' ]; then + mysql_user="--user=zabbix" + fi + + sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE" + + if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then + [ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR" + + echo "** Installing initial MySQL database schemas" + mysql_install_db $mysql_user --datadir="$MYSQL_DATA_DIR" 1>/dev/null + else + echo "**** MySQL data directory is not empty. Using already existing installation." + fi + + echo "** Starting MySQL server in background mode" + + nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \ + --log-output=none --pid-file=/var/lib/mysql/mysqld.pid \ + --port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user & +} + +prepare_system() { + echo "** Preparing the system" + + configure_db_mysql +} + # Check prerequisites for MySQL database check_variables_mysql() { USE_DB_ROOT_USER=false @@ -189,9 +200,7 @@ check_variables_mysql() { file_env MYSQL_USER file_env MYSQL_PASSWORD - if [ "$type" != "" ]; then - file_env MYSQL_ROOT_PASSWORD - fi + file_env MYSQL_ROOT_PASSWORD if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" @@ -212,7 +221,7 @@ check_variables_mysql() { [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true # If root password is not specified use provided credentials - DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}} + : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -232,14 +241,16 @@ check_db_connect() { fi echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" - echo "********************" fi echo "********************" WAIT_TIMEOUT=5 - if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ @@ -254,7 +265,10 @@ mysql_query() { local result="" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ @@ -304,7 +318,10 @@ create_db_schema_mysql() { echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" if [ -n "${ZBX_DBTLSCONNECT}" ]; then - ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then + verify_cert="--ssl-verify-server-cert" + fi + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert" fi zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ @@ -342,9 +359,12 @@ prepare_web_server() { stop_databases() { if [ "${DB_SERVER_HOST}" == "localhost" ]; then + echo "** Stopping MySQL instance after initial configuration" mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null kill -TERM $(cat /var/lib/mysql/mysqld.pid) + else + rm -f /etc/supervisor/conf.d/supervisord_mysql.conf fi }