github-mirrors/zabbix-docker
1
0
Fork 0
mirror of https://mirror.skon.top/github.com/zabbix/zabbix-docker synced 2026-04-20 21:00:35 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Updated docker entrypoint structure. Using libraries for common functions
Some checks failed
Build images (DockerHub) / Initialize build (push) Has been cancelled
Details
Build images (RedHat) / Initialize build (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
SonarCloud analysis / Analysis (push) Has been cancelled
Details
Build images (DockerHub) / Build base on ${{ matrix.os }} (push) Has been cancelled
Details
Build images (DockerHub) / Build ${{ matrix.build }} base on ${{ matrix.os }} (push) Has been cancelled
Details
Build images (DockerHub) / Build ${{ matrix.build }} on ${{ matrix.os }} (push) Has been cancelled
Details
Build images (RedHat) / Build ${{ matrix.build }} base (${{ matrix.arch }}) (push) Has been cancelled
Details
Build images (RedHat) / Build ${{ matrix.build }} image (${{ matrix.arch }}) (push) Has been cancelled
Details
Build images (RedHat) / Clear images cache (${{ matrix.arch }}) (push) Has been cancelled
Details
Build images (DockerHub, Windows) / Initialize build (push) Has been cancelled
Details
Build images (DockerHub, Windows) / Build ${{ matrix.component }} base on ${{ matrix.os }} (push) Has been cancelled
Details
Build images (DockerHub, Windows) / Build ${{ matrix.component }} sources on ${{ matrix.os }} (push) Has been cancelled
Details
Build images (DockerHub, Windows) / Build ${{ matrix.component }} on ${{ matrix.os }} (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alexey Pustovalov
2026-04-04 11:17:28 +09:00
parent af8a481177
commit 128fb7b3a9
10 changed files with 113 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfiles/server-mysql/ol/Dockerfile
View File

@@ -20,7 +20,8 @@ ENV TERM=xterm \
ZABBIX_USER_HOME_DIR=/var/lib/zabbix \
ZABBIX_CONF_DIR=/etc/zabbix
ENV ZBX_DB_NAME=dummy_db_name \
ENV DB_ENGINE=mysql \
ZBX_DB_NAME=dummy_db_name \
ZBX_FPINGLOCATION=/usr/sbin/fping \
ZBX_LOADMODULEPATH=${ZABBIX_USER_HOME_DIR}/modules \
ZBX_SNMPTRAPPERFILE=${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log \

3
Dockerfiles/server-mysql/rhel/Dockerfile
View File

@@ -22,7 +22,8 @@ ENV TERM=xterm \
ZABBIX_USER_HOME_DIR=/var/lib/zabbix \
ZABBIX_CONF_DIR=/etc/zabbix
ENV ZBX_DB_NAME=dummy_db_name \
ENV DB_ENGINE=mysql \
ZBX_DB_NAME=dummy_db_name \
ZBX_FPINGLOCATION=/usr/sbin/fping \
ZBX_LOADMODULEPATH=${ZABBIX_USER_HOME_DIR}/modules \
ZBX_SNMPTRAPPERFILE=${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log \

3
Dockerfiles/server-mysql/ubuntu/Dockerfile
View File

@@ -20,7 +20,8 @@ ENV TERM=xterm \
ZABBIX_USER_HOME_DIR=/var/lib/zabbix \
ZABBIX_CONF_DIR=/etc/zabbix
ENV ZBX_DB_NAME=dummy_db_name \
ENV DB_ENGINE=mysql \
ZBX_DB_NAME=dummy_db_name \
ZBX_FPINGLOCATION=/usr/bin/fping \
ZBX_LOADMODULEPATH=${ZABBIX_USER_HOME_DIR}/modules \
ZBX_SNMPTRAPPERFILE=${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log \

280
templates/entrypoints/lib/mariadb.sh
View File

@@ -1,280 +0,0 @@
: "${DB_CHARACTER_SET:=utf8mb4}"
: "${DB_CHARACTER_COLLATE:=utf8mb4_bin}"
source "${ENTRYPOINT_LIBS}/logging.sh"
source "${ENTRYPOINT_LIBS}/config.sh"
set_mysql_tls_args() {
MYSQL_TLS_ARGS=()
if [ -n "${ZBX_DBTLSCONNECT:-}" ]; then
MYSQL_TLS_ARGS+=(--ssl)
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
MYSQL_TLS_ARGS+=(--ssl-verify-server-cert)
fi
[ -n "${ZBX_DBTLSCAFILE:-}" ] && MYSQL_TLS_ARGS+=("--ssl-ca=${ZBX_DBTLSCAFILE}")
[ -n "${ZBX_DBTLSKEYFILE:-}" ] && MYSQL_TLS_ARGS+=("--ssl-key=${ZBX_DBTLSKEYFILE}")
[ -n "${ZBX_DBTLSCERTFILE:-}" ] && MYSQL_TLS_ARGS+=("--ssl-cert=${ZBX_DBTLSCERTFILE}")
fi
}
set_mysql_auth_env() {
export MYSQL_PWD="${DB_SERVER_ROOT_PASS:-}"
}
clear_mysql_auth_env() {
unset MYSQL_PWD
}
# Check prerequisites for MySQL database
check_db_variables() {
local default_db_name="${1:-}"
if [ -n "${DB_SERVER_SOCKET:-}" ]; then
mysql_connect_args=("-S" "${DB_SERVER_SOCKET}")
else
: "${DB_SERVER_HOST:=mysql-server}"
: "${DB_SERVER_PORT:=3306}"
mysql_connect_args=("-h" "${DB_SERVER_HOST}" "-P" "${DB_SERVER_PORT}")
fi
USE_DB_ROOT_USER=false
CREATE_ZBX_DB_USER=false
file_env MYSQL_USER
file_env MYSQL_PASSWORD
file_env MYSQL_ROOT_USER
file_env MYSQL_ROOT_PASSWORD
if [ -z "${MYSQL_USER:-}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD:-}" = "true" ]; then
error "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password"
fi
if [ -z "${MYSQL_USER:-}" ] && [ -z "${MYSQL_ROOT_PASSWORD:-}" ] && [ "${MYSQL_ALLOW_EMPTY_PASSWORD:-}" != "true" ]; then
error "*** Impossible to use MySQL server because 'root' password is not defined and it is not empty"
fi
if [ "${MYSQL_ALLOW_EMPTY_PASSWORD:-}" = "true" ] || [ -n "${MYSQL_ROOT_PASSWORD:-}" ]; then
USE_DB_ROOT_USER=true
DB_SERVER_ROOT_USER="${MYSQL_ROOT_USER:-root}"
DB_SERVER_ROOT_PASS="${MYSQL_ROOT_PASSWORD:-}"
fi
[ -n "${MYSQL_USER:-}" ] && [ "${USE_DB_ROOT_USER}" = "true" ] && CREATE_ZBX_DB_USER=true
# If root password is not specified use provided credentials
: "${DB_SERVER_ROOT_USER:=${MYSQL_USER:-}}"
if [ "${MYSQL_ALLOW_EMPTY_PASSWORD:-}" != "true" ]; then
DB_SERVER_ROOT_PASS="${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD:-}}"
fi
DB_SERVER_ZBX_USER="${MYSQL_USER:-zabbix}"
DB_SERVER_ZBX_PASS="${MYSQL_PASSWORD:-zabbix}"
DB_SERVER_DBNAME="${MYSQL_DATABASE:-$default_db_name}"
}
get_vault_secrets() {
WAIT_TIMEOUT=5
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
curl_opts=(-s -m 10 -k)
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
error "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
fi
if [ "${ZBX_VAULT:-}" == "HashiCorp" ]; then
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
done
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
if [ -n "${errors}" ]; then
error "Error getting secrets from vault: $errors"
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
elif [ "${ZBX_VAULT:-}" == "CyberArk" ]; then
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
# if key is defined use it
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
fi
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
done
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
if [ -n "${errors}" ]; then
info "Error getting secrets from vault: $errors"
exit 1
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
else
error "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
fi
}
check_db_connect() {
local use_vault="${1:-false}"
local wait_timeout=5
info "********************"
if [ -z "${DB_SERVER_SOCKET:-}" ]; then
info "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
info "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
else
info "* DB_SERVER_SOCKET: ${DB_SERVER_SOCKET}"
fi
info "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}"
if [ "${DEBUG_MODE:-}" = "true" ]; then
if [ "${USE_DB_ROOT_USER}" = "true" ]; then
info "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}"
info "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}"
fi
info "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
info "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
fi
info "********************"
if [ -n "${ZBX_VAULT:-}" ] && [ "$use_vault" = "true" ]; then
unset DB_SERVER_ZBX_USER
unset DB_SERVER_ZBX_PASS
info "***** Connecting to vault... ******"
info "***** VAULT URL: $ZBX_VAULTURL"
get_vault_secrets
fi
set_mysql_tls_args
set_mysql_auth_env
while ! mariadb-admin ping \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
--silent \
--skip-ssl-verify-server-cert \
--connect_timeout=10 \
"${MYSQL_TLS_ARGS[@]}" >/dev/null 2>&1; do
info "**** MySQL server is not available. Waiting ${wait_timeout} seconds..."
sleep "${wait_timeout}"
done
clear_mysql_auth_env
}
mysql_query() {
local query="${1:-}"
local result=""
set_mysql_tls_args
set_mysql_auth_env
result="$({
mariadb \
--silent \
--skip-column-names \
--skip-ssl-verify-server-cert \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
-e "$query" \
"${MYSQL_TLS_ARGS[@]}"
})"
clear_mysql_auth_env
printf '%s\n' "$result"
}
exec_sql_file() {
local sql_script="${1:-}"
local command="cat"
set_mysql_tls_args
set_mysql_auth_env
[ "${sql_script: -3}" = ".gz" ] && command="zcat"
"$command" "$sql_script" | mariadb \
--silent \
--skip-column-names \
--skip-ssl-verify-server-cert \
--default-character-set="${DB_CHARACTER_SET}" \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
"${MYSQL_TLS_ARGS[@]}" \
"${DB_SERVER_DBNAME}" >/dev/null
clear_mysql_auth_env
}
create_db_user() {
local user_exists=""
[ "${CREATE_ZBX_DB_USER}" = "true" ] || return 0
info "** Creating '${DB_SERVER_ZBX_USER}' user in MySQL database"
user_exists="$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'" )"
if [ -z "$user_exists" ]; then
mysql_query "CREATE USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" >/dev/null
else
mysql_query "ALTER USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" >/dev/null
fi
mysql_query "GRANT ALL PRIVILEGES ON ${DB_SERVER_DBNAME}.* TO '${DB_SERVER_ZBX_USER}'@'%'" >/dev/null
}
create_db_database() {
local db_exists=""
db_exists="$(mysql_query "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${DB_SERVER_DBNAME}'")"
if [ -z "${db_exists}" ]; then
info "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..."
mysql_query "CREATE DATABASE ${DB_SERVER_DBNAME} CHARACTER SET ${DB_CHARACTER_SET} COLLATE ${DB_CHARACTER_COLLATE}" >/dev/null
mysql_query "GRANT ALL PRIVILEGES ON ${DB_SERVER_DBNAME}.* TO '${DB_SERVER_ZBX_USER}'@'%'" >/dev/null
else
info "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database COLLATE!"
fi
}
apply_db_scripts() {
local db_scripts="${1:-}"
local sql_script
shopt -s nullglob
for sql_script in $db_scripts; do
info "** Processing additional '${sql_script}' SQL script"
exec_sql_file "$sql_script"
done
shopt -u nullglob
}
create_db_schema() {
local db_schema_file="${1:-}"
local dbversion_table_exists=""
dbversion_table_exists="$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name = 'dbversion'")"
if [ -n "${dbversion_table_exists}" ]; then
warn "** Table '${DB_SERVER_DBNAME}.dbversion' already exists."
ZBX_DB_VERSION="$(mysql_query "SELECT mandatory FROM ${DB_SERVER_DBNAME}.dbversion")"
fi
if [ -z "${ZBX_DB_VERSION:-}" ]; then
info "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
exec_sql_file "${db_schema_file}"
info "** Database schema successfully created!"
apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql"
fi
}

127
templates/entrypoints/lib/mysql.sh
View File

@@ -1,15 +1,43 @@
: "${DB_CHARACTER_SET:=utf8mb4}"
: "${DB_CHARACTER_COLLATE:=utf8mb4_bin}"
[ -n "${DB_ENGINE:-}" ] || error "DB_ENGINE is not set. Expected 'mysql' or 'mariadb'"
source "${ENTRYPOINT_LIBS}/logging.sh"
source "${ENTRYPOINT_LIBS}/config.sh"
set_mysql_cli() {
case "${DB_ENGINE}" in
mysql)
MYSQL_CLI_BIN="mysql"
MYSQL_ADMIN_BIN="mysqladmin"
MYSQL_EXTRA_ARGS=()
;;
mariadb)
MYSQL_CLI_BIN="mariadb"
MYSQL_ADMIN_BIN="mariadb-admin"
MYSQL_EXTRA_ARGS=(--skip-ssl-verify-server-cert)
;;
*)
error "Unsupported DB_ENGINE: '${DB_ENGINE}'. Expected 'mysql' or 'mariadb'"
;;
esac
}
set_mysql_tls_args() {
MYSQL_TLS_ARGS=()
if [ -n "${ZBX_DBTLSCONNECT:-}" ]; then
local ssl_mode=${ZBX_DBTLSCONNECT//verify_full/verify_identity}
MYSQL_TLS_ARGS+=(--ssl=$ssl_mode)
if [ "${DB_ENGINE}" = "mariadb" ]; then
MYSQL_TLS_ARGS+=(--ssl)
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
MYSQL_TLS_ARGS+=(--ssl-verify-server-cert)
fi
else
local ssl_mode="${ZBX_DBTLSCONNECT//verify_full/verify_identity}"
MYSQL_TLS_ARGS+=("--ssl=${ssl_mode}")
fi
[ -n "${ZBX_DBTLSCAFILE:-}" ] && MYSQL_TLS_ARGS+=("--ssl-ca=${ZBX_DBTLSCAFILE}")
[ -n "${ZBX_DBTLSKEYFILE:-}" ] && MYSQL_TLS_ARGS+=("--ssl-key=${ZBX_DBTLSKEYFILE}")
@@ -25,7 +53,7 @@ clear_mysql_auth_env() {
unset MYSQL_PWD
}
# Check prerequisites for MySQL database
# Check prerequisites for MySQL-compatible database
check_db_variables() {
local default_db_name="${1:-}"
@@ -70,70 +98,73 @@ check_db_variables() {
DB_SERVER_ZBX_USER="${MYSQL_USER:-zabbix}"
DB_SERVER_ZBX_PASS="${MYSQL_PASSWORD:-zabbix}"
DB_SERVER_DBNAME="${MYSQL_DATABASE:-$default_db_name}"
set_mysql_cli
}
get_vault_secrets() {
WAIT_TIMEOUT=5
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
curl_opts=(-s -m 10 -k)
local wait_timeout=5
local curl_opts=(-s -m 10 -k)
local vaultdata errors
local cyberark_opts
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
if [ -z "${ZBX_VAULTURL:-}" ] || [ -z "${ZBX_VAULTPREFIX:-}" ] || [ -z "${ZBX_VAULTDBPATH:-}" ]; then
error "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
fi
local vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
if [ "${ZBX_VAULT:-}" == "HashiCorp" ]; then
if [ "${ZBX_VAULT:-}" = "HashiCorp" ]; then
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
info "**** Vault is not available. Waiting ${wait_timeout} seconds... ****"
sleep "$wait_timeout"
done
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
errors="$(printf '%s' "$vaultdata" | jq -r '.errors // empty')"
if [ -n "${errors}" ]; then
error "Error getting secrets from vault: $errors"
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
elif [ "${ZBX_VAULT:-}" == "CyberArk" ]; then
elif [ "${ZBX_VAULT:-}" = "CyberArk" ]; then
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
# if key is defined use it
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
if [ -n "${ZBX_VAULTKEYFILE:-}" ]; then
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
fi
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
while ! vaultdata="$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url")"; do
info "**** Vault is not available. Waiting ${wait_timeout} seconds... ****"
sleep "$wait_timeout"
done
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
if [ -n "${errors}" ]; then
info "Error getting secrets from vault: $errors"
exit 1
error "Error getting secrets from vault: $errors"
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
else
else
error "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
fi
}
check_db_connect() {
local use_vault="${1:-false}"
local wait_timeout=5
info "********************"
if [ -z "${DB_SERVER_SOCKET:-}" ]; then
if [ -n "${DB_SERVER_SOCKET:-}" ]; then
info "* DB_SERVER_SOCKET: ${DB_SERVER_SOCKET}"
else
info "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
info "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
else
info "* DB_SERVER_SOCKET: ${DB_SERVER_SOCKET}"
fi
info "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}"
if [ "${DEBUG_MODE:-}" = "true" ]; then
if [ "${USE_DB_ROOT_USER}" = "true" ]; then
if [ "${USE_DB_ROOT_USER:-}" = "true" ]; then
info "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}"
info "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}"
fi
@@ -154,14 +185,15 @@ check_db_connect() {
set_mysql_tls_args
set_mysql_auth_env
while ! mysqladmin ping \
while ! "$MYSQL_ADMIN_BIN" ping \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
--silent \
"${MYSQL_EXTRA_ARGS[@]}" \
--connect_timeout=10 \
"${MYSQL_TLS_ARGS[@]}" >/dev/null 2>&1; do
info "**** MySQL server is not available. Waiting ${wait_timeout} seconds..."
sleep "${wait_timeout}"
sleep "$wait_timeout"
done
clear_mysql_auth_env
@@ -174,15 +206,18 @@ mysql_query() {
set_mysql_tls_args
set_mysql_auth_env
result="$({
mysql \
--silent \
--skip-column-names \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
-e "$query" \
"${MYSQL_TLS_ARGS[@]}"
})"
result="$(
{
"$MYSQL_CLI_BIN" \
--silent \
--skip-column-names \
"${MYSQL_EXTRA_ARGS[@]}" \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
-e "$query" \
"${MYSQL_TLS_ARGS[@]}"
} 2>/dev/null
)"
clear_mysql_auth_env
printf '%s\n' "$result"
@@ -197,9 +232,10 @@ exec_sql_file() {
[ "${sql_script: -3}" = ".gz" ] && command="zcat"
"$command" "$sql_script" | mysql \
"$command" "$sql_script" | "$MYSQL_CLI_BIN" \
--silent \
--skip-column-names \
"${MYSQL_EXTRA_ARGS[@]}" \
--default-character-set="${DB_CHARACTER_SET}" \
"${mysql_connect_args[@]}" \
-u "${DB_SERVER_ROOT_USER}" \
@@ -210,13 +246,12 @@ exec_sql_file() {
}
create_db_user() {
local user_exists=""
[ "${CREATE_ZBX_DB_USER}" = "true" ] || return 0
info "** Creating '${DB_SERVER_ZBX_USER}' user in MySQL database"
user_exists="$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'" )"
local user_exists
user_exists="$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'")"
if [ -z "$user_exists" ]; then
mysql_query "CREATE USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" >/dev/null
@@ -228,8 +263,7 @@ create_db_user() {
}
create_db_database() {
local db_exists=""
local db_exists
db_exists="$(mysql_query "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${DB_SERVER_DBNAME}'")"
if [ -z "${db_exists}" ]; then
@@ -242,11 +276,10 @@ create_db_database() {
}
apply_db_scripts() {
local db_scripts="${1:-}"
local sql_script
shopt -s nullglob
for sql_script in $db_scripts; do
for sql_script in "${ZABBIX_USER_HOME_DIR}"/dbscripts/*.sql; do
info "** Processing additional '${sql_script}' SQL script"
exec_sql_file "$sql_script"
done
@@ -255,9 +288,9 @@ apply_db_scripts() {
create_db_schema() {
local db_schema_file="${1:-}"
local dbversion_table_exists=""
local dbversion_table_exists
dbversion_table_exists="$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name = 'dbversion'")"
dbversion_table_exists="$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name='dbversion'")"
if [ -n "${dbversion_table_exists}" ]; then
warn "** Table '${DB_SERVER_DBNAME}.dbversion' already exists."
@@ -269,6 +302,6 @@ create_db_schema() {
exec_sql_file "${db_schema_file}"
info "** Database schema successfully created!"
apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql"
apply_db_scripts
fi
}

48
templates/entrypoints/lib/pgsql.sh
View File

@@ -47,44 +47,45 @@ check_db_variables() {
}
get_vault_secrets() {
WAIT_TIMEOUT=5
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
curl_opts=(-s -m 10 -k)
local wait_timeout=5
local curl_opts=(-s -m 10 -k)
local vaultdata errors
local cyberark_opts
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
if [ -z "${ZBX_VAULTURL:-}" ] || [ -z "${ZBX_VAULTPREFIX:-}" ] || [ -z "${ZBX_VAULTDBPATH:-}" ]; then
error "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
fi
local vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
if [ "${ZBX_VAULT:-}" == "HashiCorp" ]; then
if [ "${ZBX_VAULT:-}" = "HashiCorp" ]; then
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
info "**** Vault is not available. Waiting ${wait_timeout} seconds... ****"
sleep "$wait_timeout"
done
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
errors="$(printf '%s' "$vaultdata" | jq -r '.errors // empty')"
if [ -n "${errors}" ]; then
error "Error getting secrets from vault: $errors"
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
elif [ "${ZBX_VAULT:-}" == "CyberArk" ]; then
elif [ "${ZBX_VAULT:-}" = "CyberArk" ]; then
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
# if key is defined use it
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
if [ -n "${ZBX_VAULTKEYFILE:-}" ]; then
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
fi
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
info "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
sleep $WAIT_TIMEOUT
while ! vaultdata="$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url")"; do
info "**** Vault is not available. Waiting ${wait_timeout} seconds... ****"
sleep "$wait_timeout"
done
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
if [ -n "${errors}" ]; then
info "Error getting secrets from vault: $errors"
exit 1
error "Error getting secrets from vault: $errors"
fi
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
@@ -196,14 +197,14 @@ create_db_database() {
}
apply_db_scripts() {
local db_scripts="${1:-}"
local sql_script
for sql_script in $db_scripts; do
[ -e "$sql_script" ] || continue
info "** Processing additional '$sql_script' SQL script"
shopt -s nullglob
for sql_script in "${ZABBIX_USER_HOME_DIR}"/dbscripts/*.sql; do
info "** Processing additional '${sql_script}' SQL script"
exec_sql_file "$sql_script"
done
shopt -u nullglob
}
create_db_schema() {
@@ -221,16 +222,13 @@ create_db_schema() {
if [ -z "${ZBX_DB_VERSION:-}" ]; then
info "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL"
if [ "${ENABLE_TIMESCALEDB,,}" = "true" ]; then
psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" "${DB_SERVER_DBNAME}" >/dev/null
fi
exec_sql_file "${db_schema_file}"
if [ "${ENABLE_TIMESCALEDB,,}" = "true" ]; then
psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" "${DB_SERVER_DBNAME}" >/dev/null
exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql"
fi
apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql"
apply_db_scripts
fi
}

2
templates/entrypoints/proxy-mysql.sh
View File

@@ -5,7 +5,7 @@ set -euo pipefail
readonly ENTRYPOINT_LIBS="/usr/lib/docker-entrypoint"
source "${ENTRYPOINT_LIBS}/bootstrap.sh"
source "${ENTRYPOINT_LIBS}/${DB_ENGINE}.sh"
source "${ENTRYPOINT_LIBS}/mysql.sh"
source "${ENTRYPOINT_LIBS}/proxy-config.sh"
update_config() {

2
templates/entrypoints/server-mysql.sh
View File

@@ -5,7 +5,7 @@ set -euo pipefail
readonly ENTRYPOINT_LIBS="/usr/lib/docker-entrypoint"
source "${ENTRYPOINT_LIBS}/bootstrap.sh"
source "${ENTRYPOINT_LIBS}/${DB_ENGINE}.sh"
source "${ENTRYPOINT_LIBS}/mysql.sh"
source "${ENTRYPOINT_LIBS}/server-config.sh"
source "${ENTRYPOINT_LIBS}/openssl.sh"

2
templates/entrypoints/web-apache-mysql.sh
View File

@@ -5,7 +5,7 @@ set -euo pipefail
readonly ENTRYPOINT_LIBS="/usr/lib/docker-entrypoint"
source "${ENTRYPOINT_LIBS}/bootstrap.sh"
source "${ENTRYPOINT_LIBS}/${DB_ENGINE}.sh"
source "${ENTRYPOINT_LIBS}/mysql.sh"
source "${ENTRYPOINT_LIBS}/php.sh"
source "${ENTRYPOINT_LIBS}/web.sh"
source "${ENTRYPOINT_LIBS}/apache.sh"

2
templates/entrypoints/web-nginx-mysql.sh
View File

@@ -5,7 +5,7 @@ set -euo pipefail
readonly ENTRYPOINT_LIBS="/usr/lib/docker-entrypoint"
source "${ENTRYPOINT_LIBS}/bootstrap.sh"
source "${ENTRYPOINT_LIBS}/${DB_ENGINE}.sh"
source "${ENTRYPOINT_LIBS}/mysql.sh"
source "${ENTRYPOINT_LIBS}/php.sh"
source "${ENTRYPOINT_LIBS}/web.sh"
source "${ENTRYPOINT_LIBS}/nginx.sh"