extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-06-30 14:51:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

More flexible DB TLS params usage

Browse Source
This commit is contained in:
Alexey Pustovalov
2020-08-27 12:58:54 -04:00
parent 4cb8a75def
commit d5ed6498dd
13 changed files with 308 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
proxy-mysql/alpine/docker-entrypoint.sh
View File

@ -177,6 +177,32 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,9 +220,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -209,9 +233,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -259,9 +281,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

39
proxy-mysql/centos/docker-entrypoint.sh
View File

@ -177,6 +177,33 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
result="--ssl"
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
result="${result} --ssl-verify-server-cert"
fi
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,9 +221,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -209,9 +234,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -259,9 +282,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \

38
proxy-mysql/ubuntu/docker-entrypoint.sh
View File

@ -177,6 +177,29 @@ check_variables_mysql() {
DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"}
}
db_tls_params() {
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
result="--ssl-mode=$ssl_mode"
if [ -n "${ZBX_DBTLSCAFILE}" ]; then
result="${result} --ssl-ca=${ZBX_DBTLSCAFILE}"
fi
if [ -n "${ZBX_DBTLSKEYFILE}" ]; then
result="${result} --ssl-key=${ZBX_DBTLSKEYFILE}"
fi
if [ -n "${ZBX_DBTLSCERTFILE}" ]; then
result="${result} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
fi
echo $result
}
check_db_connect_mysql() {
echo "********************"
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
@ -194,10 +217,7 @@ check_db_connect_mysql() {
WAIT_TIMEOUT=5
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
--password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do
@ -210,10 +230,7 @@ mysql_query() {
query=$1
local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
-u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts)
@ -261,10 +278,7 @@ create_db_schema_mysql() {
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
ssl_opts="--ssl-mode=$ssl_mode --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
fi
ssl_opts="$(db_tls_params)"
zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \
-h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \