From b72b334a031bd70ad275d9690a67ca7909613c5a Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Thu, 27 Aug 2020 14:02:32 -0400
Subject: [PATCH] More flexible DB TLS params usage

---
 zabbix-appliance/rhel/docker-entrypoint.sh | 47 +++++++++++++---------
 1 file changed, 29 insertions(+), 18 deletions(-)

diff --git a/zabbix-appliance/rhel/docker-entrypoint.sh b/zabbix-appliance/rhel/docker-entrypoint.sh
index 60a9712fc..3dfa2d7f1 100755
--- a/zabbix-appliance/rhel/docker-entrypoint.sh
+++ b/zabbix-appliance/rhel/docker-entrypoint.sh
@@ -229,6 +229,32 @@ check_variables_mysql() {
     DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
 }
 
+db_tls_params() {
+    local result=""
+
+    if [ -n "${ZBX_DBTLSCONNECT}" ]; then
+        result="--ssl"
+
+        if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
+            result="${result} --ssl-verify-server-cert"
+        fi
+
+        if [ -n "${ZBX_DBTLSCAFILE}" ]; then
+            result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
+        fi
+
+        if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
+            result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
+        fi
+
+        if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
+            result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
+        fi
+    fi
+
+    echo $result
+}
+
 check_db_connect() {
     echo "********************"
     echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@@ -246,12 +272,7 @@ check_db_connect() {
 
     WAIT_TIMEOUT=5
 
-    if [ -n "${ZBX_DBTLSCONNECT}" ]; then
-        if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
-            verify_cert="--ssl-verify-server-cert"
-        fi
-        ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
-    fi
+    ssl_opts="$(db_tls_params)"
 
     while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
                 --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@@ -264,12 +285,7 @@ mysql_query() {
     query=$1
     local result=""
 
-    if [ -n "${ZBX_DBTLSCONNECT}" ]; then
-        if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
-            verify_cert="--ssl-verify-server-cert"
-        fi
-        ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
-    fi
+    ssl_opts="$(db_tls_params)"
 
     result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
              -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@@ -317,12 +333,7 @@ create_db_schema_mysql() {
     if [ -z "${ZBX_DB_VERSION}" ]; then
         echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
 
-        if [ -n "${ZBX_DBTLSCONNECT}" ]; then
-            if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
-                verify_cert="--ssl-verify-server-cert"
-            fi
-            ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
-        fi
+        ssl_opts="$(db_tls_params)"
 
         zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
                     -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \