extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-02-16 18:00:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

More flexible DB TLS params usage

Browse Source
This commit is contained in:
Alexey Pustovalov 2020-08-27 12:58:54 -04:00
parent 4cb8a75def
commit d5ed6498dd
13 changed files with 308 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.env_web
View File

@ -4,7 +4,7 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_DB_ENCRYPTION=true # Available since 5.0.0
# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0
# ZBX_DB_CA_FILE=/run/secrets/pgsql-ca.pem # Available since 5.0.0
# ZBX_DB_CA_FILE=/run/secrets/root-ca.pem # Available since 5.0.0
# ZBX_DB_VERIFY_HOST=false # Available since 5.0.0
# ZBX_DB_CIPHER_LIST= # Available since 5.0.0
# ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5

38
proxy-mysql/alpine/docker-entrypoint.sh
View File

@ -177,6 +177,32 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,9 +220,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -209,9 +233,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -259,9 +281,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

39
proxy-mysql/centos/docker-entrypoint.sh
View File

@ -177,6 +177,33 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,9 +221,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -209,9 +234,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -259,9 +282,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

38
proxy-mysql/ubuntu/docker-entrypoint.sh
View File

@ -177,6 +177,29 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
result="--ssl-mode=$ssl_mode"
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,10 +217,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -210,10 +230,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -261,10 +278,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

38
server-mysql/alpine/docker-entrypoint.sh
View File

@ -172,6 +172,32 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -189,9 +215,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -204,9 +228,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -254,9 +276,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

47
server-mysql/centos/docker-entrypoint.sh
View File

@ -172,6 +172,32 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -189,12 +215,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -207,12 +228,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -260,12 +276,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

38
server-mysql/ubuntu/docker-entrypoint.sh
View File

@ -172,6 +172,29 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
result="--ssl-mode=$ssl_mode"
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -189,10 +212,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -205,10 +225,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -256,10 +273,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

26
web-apache-mysql/alpine/docker-entrypoint.sh
View File

@ -154,6 +154,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -171,9 +193,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do

26
web-apache-mysql/centos/docker-entrypoint.sh
View File

@ -154,6 +154,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -171,9 +193,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do

26
web-apache-mysql/ubuntu/docker-entrypoint.sh
View File

@ -154,6 +154,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl-mode=required"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -171,9 +193,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl-mode=required --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do

26
web-nginx-mysql/alpine/docker-entrypoint.sh
View File

@ -172,6 +172,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -190,9 +212,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do

26
web-nginx-mysql/centos/docker-entrypoint.sh
View File

@ -172,6 +172,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -190,9 +212,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do

26
web-nginx-mysql/ubuntu/docker-entrypoint.sh
View File

@ -172,6 +172,28 @@ check_variables() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"}
}
db_tls_params() {
local result=""
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
result="--ssl-mode=required"
if [ -n "${ZBX_DB_CA_FILE}" ]; then
result="${result} --ssl-ca=${ZBX_DB_CA_FILE}"
fi
if [ -n "${ZBX_DB_KEY_FILE}" ]; then
result="${result} --ssl-key=${ZBX_DB_KEY_FILE}"
fi
if [ -n "${ZBX_DB_CERT_FILE}" ]; then
result="${result} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
fi
echo $result
}
check_db_connect() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -190,9 +212,7 @@ check_db_connect() {
WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
ssl_opts="--ssl-mode=required --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do