mirror of
https://mirror.skon.top/github.com/zabbix/zabbix-docker
synced 2026-04-20 21:00:35 +08:00
Merge pull request #1869 from zabbix/fix/ZBX-27410
Some checks failed
Build images (DockerHub) / Initialize build (push) Has been cancelled
Build images (RedHat) / Initialize build (push) Has been cancelled
Build images (DockerHub) / Build base on ${{ matrix.os }} (push) Has been cancelled
Build images (DockerHub) / Build ${{ matrix.build }} base on ${{ matrix.os }} (push) Has been cancelled
Build images (DockerHub) / Build ${{ matrix.build }} on ${{ matrix.os }} (push) Has been cancelled
Build images (RedHat) / Build ${{ matrix.build }} base (${{ matrix.arch }}) (push) Has been cancelled
Build images (RedHat) / Build ${{ matrix.build }} image (${{ matrix.arch }}) (push) Has been cancelled
Build images (RedHat) / Clear images cache (${{ matrix.arch }}) (push) Has been cancelled
Some checks failed
Build images (DockerHub) / Initialize build (push) Has been cancelled
Build images (RedHat) / Initialize build (push) Has been cancelled
Build images (DockerHub) / Build base on ${{ matrix.os }} (push) Has been cancelled
Build images (DockerHub) / Build ${{ matrix.build }} base on ${{ matrix.os }} (push) Has been cancelled
Build images (DockerHub) / Build ${{ matrix.build }} on ${{ matrix.os }} (push) Has been cancelled
Build images (RedHat) / Build ${{ matrix.build }} base (${{ matrix.arch }}) (push) Has been cancelled
Build images (RedHat) / Build ${{ matrix.build }} image (${{ matrix.arch }}) (push) Has been cancelled
Build images (RedHat) / Clear images cache (${{ matrix.arch }}) (push) Has been cancelled
added option to get DB username and password from vault
This commit is contained in:
Alexey Pustovalov
@@ -50,6 +50,7 @@ RUN set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
tzdata \
|
||||
curl \
|
||||
jq \
|
||||
mariadb-client \
|
||||
mariadb-connector-c \
|
||||
apache2 \
|
||||
|
||||
@@ -128,6 +128,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -144,13 +195,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... ******"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mariadb-admin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --skip-ssl-verify-server-cert --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
glibc-locale-source \
|
||||
shadow-utils \
|
||||
gzip \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -128,6 +128,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -144,13 +195,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
php-xml \
|
||||
findutils \
|
||||
glibc-locale-source \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -128,6 +128,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -144,13 +195,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
php8.5-mbstring \
|
||||
php8.5-mysql \
|
||||
php8.5-xml \
|
||||
jq \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
|
||||
@@ -128,6 +128,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -144,13 +195,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -50,6 +50,7 @@ RUN set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
tzdata \
|
||||
curl \
|
||||
jq \
|
||||
apache2 \
|
||||
apache2-proxy \
|
||||
php85-bcmath \
|
||||
|
||||
@@ -109,6 +109,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -127,12 +178,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
export PGOPTIONS
|
||||
@@ -147,7 +207,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
glibc-locale-source \
|
||||
shadow-utils \
|
||||
gzip \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -109,6 +109,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -127,12 +178,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
export PGOPTIONS
|
||||
@@ -147,7 +207,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
postgresql \
|
||||
findutils \
|
||||
glibc-locale-source \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -109,6 +109,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -127,12 +178,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... ******"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
export PGOPTIONS
|
||||
@@ -147,7 +207,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
php8.5-xml \
|
||||
php8.5-pgsql \
|
||||
postgresql-client \
|
||||
jq \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
|
||||
@@ -109,6 +109,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -127,12 +178,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
export PGOPTIONS
|
||||
@@ -147,7 +207,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -50,6 +50,7 @@ RUN set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
tzdata \
|
||||
curl \
|
||||
jq \
|
||||
mariadb-client \
|
||||
mariadb-connector-c \
|
||||
nginx \
|
||||
|
||||
@@ -134,6 +134,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -150,13 +201,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mariadb-admin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --skip-ssl-verify-server-cert --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -66,6 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
php-xml \
|
||||
shadow-utils \
|
||||
gzip \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -134,6 +134,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -150,13 +201,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -66,6 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
php-xml \
|
||||
findutils \
|
||||
glibc-locale-source \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -134,6 +134,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -150,13 +201,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -70,6 +70,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
curl-minimal \
|
||||
jq \
|
||||
supervisor \
|
||||
shadow-utils \
|
||||
findutils \
|
||||
|
||||
@@ -134,6 +134,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -150,13 +201,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
php8.5-mbstring \
|
||||
php8.5-mysql \
|
||||
php8.5-xml \
|
||||
jq \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
|
||||
@@ -134,6 +134,57 @@ db_tls_params() {
|
||||
echo $result
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
|
||||
@@ -150,13 +201,22 @@ check_db_connect() {
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
ssl_opts="$(db_tls_params)"
|
||||
|
||||
export MYSQL_PWD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
while [ ! "$(mysqladmin ping $mysql_connect_args -u ${DB_SERVER_ZBX_USER} \
|
||||
--silent --connect_timeout=10 $ssl_opts)" ]; do
|
||||
echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** MySQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -50,6 +50,7 @@ RUN set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
tzdata \
|
||||
curl \
|
||||
jq \
|
||||
nginx \
|
||||
php85-bcmath \
|
||||
php85-ctype \
|
||||
|
||||
@@ -115,6 +115,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -133,11 +184,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
|
||||
@@ -66,6 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
postgresql18 \
|
||||
shadow-utils \
|
||||
gzip \
|
||||
jq \
|
||||
supervisor" && \
|
||||
microdnf -y install \
|
||||
--disablerepo="*" \
|
||||
|
||||
@@ -115,6 +115,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -133,11 +184,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "*************** Connecting to vault... ***************************************"
|
||||
echo "*************** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
@@ -153,7 +214,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -64,6 +64,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
php-json \
|
||||
php-xml \
|
||||
postgresql \
|
||||
jq \
|
||||
findutils \
|
||||
glibc-locale-source \
|
||||
supervisor" && \
|
||||
|
||||
@@ -115,6 +115,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -133,11 +184,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
@@ -153,7 +214,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -70,6 +70,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
curl-minimal \
|
||||
jq \
|
||||
supervisor \
|
||||
shadow-utils \
|
||||
findutils \
|
||||
|
||||
@@ -115,6 +115,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -133,11 +184,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
@@ -153,7 +214,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
php8.5-xml \
|
||||
php8.5-pgsql \
|
||||
postgresql-client \
|
||||
jq \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
|
||||
@@ -115,6 +115,57 @@ check_variables() {
|
||||
fi
|
||||
}
|
||||
|
||||
get_vault_secrets() {
|
||||
WAIT_TIMEOUT=5
|
||||
vault_url="${ZBX_VAULTURL}${ZBX_VAULTPREFIX}${ZBX_VAULTDBPATH}"
|
||||
curl_opts=(-s -m 10 -k)
|
||||
|
||||
|
||||
if [ -z "${ZBX_VAULTURL}" ] || [ -z "${ZBX_VAULTPREFIX}" ] || [ -z "${ZBX_VAULTDBPATH}" ]; then
|
||||
echo "Missing variables! If ZBX_VAULT is used then ZBX_VAULTURL, ZBX_VAULTPREFIX and ZBX_VAULTDBPATH must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ZBX_VAULT}" == "HashiCorp" ]; then
|
||||
while ! vaultdata="$(curl "${curl_opts[@]}" -H "X-Vault-Token: $VAULT_TOKEN" "$vault_url")"; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.errors // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.data.data.username')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.data.data.password')"
|
||||
|
||||
elif [ "${ZBX_VAULT}" == "CyberArk" ]; then
|
||||
cyberark_opts=(-H "Content-type: application/json" --cert "$ZBX_VAULTCERTFILE")
|
||||
|
||||
# if key is defined use it
|
||||
if [ -n "${ZBX_VAULTKEYFILE}" ]; then
|
||||
cyberark_opts+=(--key "$ZBX_VAULTKEYFILE")
|
||||
fi
|
||||
while ! vaultdata=$(curl "${curl_opts[@]}" "${cyberark_opts[@]}" "$vault_url") ; do
|
||||
echo "**** Vault is not available. Waiting ${WAIT_TIMEOUT} seconds... ****"
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
errors=$(printf '%s' "$vaultdata" | jq -r '.ErrorCode // empty')
|
||||
if [ -n "${errors}" ]; then
|
||||
echo "Error getting secrets from vault: $errors"
|
||||
exit 1
|
||||
fi
|
||||
DB_SERVER_ZBX_USER="$(printf '%s' "$vaultdata" | jq -r '.UserName')"
|
||||
DB_SERVER_ZBX_PASS="$(printf '%s' "$vaultdata" | jq -r '.Content')"
|
||||
|
||||
else
|
||||
echo "ZBX_VAULT has wrong value. HashiCorp or CyberArk are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
check_db_connect() {
|
||||
echo "********************"
|
||||
if [ -n "${DB_SERVER_HOST}" ]; then
|
||||
@@ -133,11 +184,21 @@ check_db_connect() {
|
||||
fi
|
||||
echo "********************"
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ -n "${ZBX_VAULT}" ]; then
|
||||
unset DB_SERVER_ZBX_USER
|
||||
unset DB_SERVER_ZBX_PASS
|
||||
|
||||
echo "***** Connecting to vault... *****"
|
||||
echo "***** VAULT URL: $ZBX_VAULTURL"
|
||||
get_vault_secrets
|
||||
fi
|
||||
|
||||
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
|
||||
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
fi
|
||||
|
||||
WAIT_TIMEOUT=5
|
||||
|
||||
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
|
||||
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
|
||||
@@ -153,7 +214,7 @@ check_db_connect() {
|
||||
fi
|
||||
|
||||
while [ ! "$(psql $psql_connect_args --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do
|
||||
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
|
||||
echo "**** PostgreSQL server is not available. Waiting ${WAIT_TIMEOUT} seconds..."
|
||||
sleep $WAIT_TIMEOUT
|
||||
done
|
||||
|
||||
|
||||
Reference in New Issue
Block a user