extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2024-11-25 01:04:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Using env variables for certs

Browse Source
This commit is contained in:
Alexey Pustovalov 2020-07-29 23:02:03 -04:00
parent 5f5d18be25
commit fca79b28ac
9 changed files with 139 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
server-pgsql/alpine/docker-entrypoint.sh
View File

@ -190,8 +190,10 @@ check_db_connect_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 2>/dev/null)" ]; do
@ -201,6 +203,10 @@ check_db_connect_postgresql() {
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
psql_query() {
@ -219,15 +225,21 @@ psql_query() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
result=$(psql "$ssl_opts" --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
result=$(psql --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
--username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null);
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
echo $result
}
@ -285,22 +297,28 @@ create_db_schema_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" --quiet \
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null || exit 1
if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" --quiet \
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null || exit 1
fi
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
fi
}

38
server-pgsql/centos/docker-entrypoint.sh
View File

@ -190,17 +190,23 @@ check_db_connect_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
psql_query() {
@ -219,15 +225,21 @@ psql_query() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
result=$(psql "$ssl_opts" --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
result=$(psql --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
--username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null);
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
echo $result
}
@ -285,22 +297,28 @@ create_db_schema_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" --quiet \
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" --quiet \
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
fi
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
fi
}

38
server-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -190,17 +190,23 @@ check_db_connect_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
psql_query() {
@ -219,15 +225,21 @@ psql_query() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
result=$(psql "$ssl_opts" --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
result=$(psql --no-align --quiet --tuples-only --host "${DB_SERVER_HOST}" --port "${DB_SERVER_PORT}" \
--username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null);
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
echo $result
}
@ -285,22 +297,28 @@ create_db_schema_postgresql() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" --quiet \
zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" --quiet \
cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql --quiet \
--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} \
--username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} 1>/dev/null
fi
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
fi
}

12
web-apache-pgsql/alpine/docker-entrypoint.sh
View File

@ -171,17 +171,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {

12
web-apache-pgsql/centos/docker-entrypoint.sh
View File

@ -174,17 +174,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {

12
web-apache-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -175,17 +175,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {

12
web-nginx-pgsql/alpine/docker-entrypoint.sh
View File

@ -192,17 +192,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {

12
web-nginx-pgsql/centos/docker-entrypoint.sh
View File

@ -192,17 +192,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {

12
web-nginx-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -192,17 +192,23 @@ check_db_connect() {
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
dbtlsconnect=${ZBX_DBTLSCONNECT//_/-}
ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}"
export PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while [ ! "$(psql "$ssl_opts" --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ROOT_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
prepare_web_server() {