Skip to content

Commit 892e593

Browse files
author
DEFERME Bert
committed
Add sensitive support
1 parent 7a0bed1 commit 892e593

File tree

14 files changed

+830
-385
lines changed

14 files changed

+830
-385
lines changed

manifests/database.pp

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -64,23 +64,23 @@
6464
# the zabbix_server and zabbix_web parameter.
6565
# @author Werner Dijkerman [email protected]
6666
class zabbix::database (
67-
$zabbix_type = 'server',
68-
$zabbix_web = $zabbix::params::zabbix_web,
69-
$zabbix_web_ip = $zabbix::params::zabbix_web_ip,
70-
$zabbix_server = $zabbix::params::zabbix_server,
71-
$zabbix_server_ip = $zabbix::params::zabbix_server_ip,
72-
$zabbix_proxy = $zabbix::params::zabbix_proxy,
73-
$zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip,
74-
$manage_database = $zabbix::params::manage_database,
75-
Zabbix::Databases $database_type = $zabbix::params::database_type,
76-
$database_schema_path = $zabbix::params::database_schema_path,
77-
$database_name = $zabbix::params::server_database_name,
78-
$database_user = $zabbix::params::server_database_user,
79-
$database_password = $zabbix::params::server_database_password,
80-
$database_host = $zabbix::params::server_database_host,
81-
$database_host_ip = $zabbix::params::server_database_host_ip,
82-
$database_charset = $zabbix::params::server_database_charset,
83-
$database_collate = $zabbix::params::server_database_collate,
67+
$zabbix_type = 'server',
68+
$zabbix_web = $zabbix::params::zabbix_web,
69+
$zabbix_web_ip = $zabbix::params::zabbix_web_ip,
70+
$zabbix_server = $zabbix::params::zabbix_server,
71+
$zabbix_server_ip = $zabbix::params::zabbix_server_ip,
72+
$zabbix_proxy = $zabbix::params::zabbix_proxy,
73+
$zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip,
74+
$manage_database = $zabbix::params::manage_database,
75+
Zabbix::Databases $database_type = $zabbix::params::database_type,
76+
$database_schema_path = $zabbix::params::database_schema_path,
77+
$database_name = $zabbix::params::server_database_name,
78+
$database_user = $zabbix::params::server_database_user,
79+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password,
80+
$database_host = $zabbix::params::server_database_host,
81+
$database_host_ip = $zabbix::params::server_database_host_ip,
82+
$database_charset = $zabbix::params::server_database_charset,
83+
$database_collate = $zabbix::params::server_database_collate,
8484
Optional[String[1]] $database_tablespace = $zabbix::params::server_database_tablespace,
8585
) inherits zabbix::params {
8686
# So lets create the databases and load all files. This can only be

manifests/database/mysql.pp

Lines changed: 24 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,24 @@
1111
# @param database_path Path to the database executable
1212
# @author Werner Dijkerman <[email protected]>
1313
class zabbix::database::mysql (
14-
$zabbix_type = '',
15-
$zabbix_version = $zabbix::params::zabbix_version,
16-
$database_schema_path = '',
17-
$database_name = '',
18-
$database_user = '',
19-
$database_password = '',
20-
$database_host = '',
21-
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22-
$database_path = $zabbix::params::database_path,
14+
$zabbix_type = '',
15+
$zabbix_version = $zabbix::params::zabbix_version,
16+
$database_schema_path = '',
17+
$database_name = '',
18+
$database_user = '',
19+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = '',
20+
$database_host = '',
21+
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22+
$database_path = $zabbix::params::database_path,
2323
) inherits zabbix::params {
2424
assert_private()
2525

26+
$database_password_unsensitive = if $database_password =~ Sensitive[String] {
27+
$database_password.unwrap
28+
} else {
29+
$database_password
30+
}
31+
2632
if ($database_schema_path == false) or ($database_schema_path == '') {
2733
if versioncmp($zabbix_version, '6.0') >= 0 {
2834
$schema_path = '/usr/share/zabbix-sql-scripts/mysql/'
@@ -45,28 +51,30 @@
4551
case $zabbix_type {
4652
'proxy': {
4753
$zabbix_proxy_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? {
48-
true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done",
49-
false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done"
54+
true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done",
55+
false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done"
5056
}
5157
}
5258
default: {
5359
$zabbix_server_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? {
54-
true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done",
55-
false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done"
60+
true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done",
61+
false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done"
5662
}
5763
$zabbix_server_images_sql = 'touch /etc/zabbix/.images.done'
5864
$zabbix_server_data_sql = 'touch /etc/zabbix/.data.done'
5965
}
6066
}
6167

6268
# Loading the sql files.
69+
$_mysql_env = [ "database_password=${database_password_unsensitive}" ]
6370
case $zabbix_type {
6471
'proxy' : {
6572
exec { 'zabbix_proxy_create.sql':
6673
command => $zabbix_proxy_create_sql,
6774
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
6875
unless => 'test -f /etc/zabbix/.schema.done',
6976
provider => 'shell',
77+
environment => $_mysql_env,
7078
}
7179
}
7280
'server' : {
@@ -75,18 +83,21 @@
7583
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
7684
unless => 'test -f /etc/zabbix/.schema.done',
7785
provider => 'shell',
86+
environment => $_mysql_env,
7887
}
7988
-> exec { 'zabbix_server_images.sql':
8089
command => $zabbix_server_images_sql,
8190
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
8291
unless => 'test -f /etc/zabbix/.images.done',
8392
provider => 'shell',
93+
environment => $_mysql_env,
8494
}
8595
-> exec { 'zabbix_server_data.sql':
8696
command => $zabbix_server_data_sql,
8797
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
8898
unless => 'test -f /etc/zabbix/.data.done',
8999
provider => 'shell',
100+
environment => $_mysql_env,
90101
}
91102
}
92103
default : {

manifests/database/postgresql.pp

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,24 @@
1111
# @param database_path Path to the database executable
1212
# @author Werner Dijkerman <[email protected]>
1313
class zabbix::database::postgresql (
14-
$zabbix_type = '',
15-
$zabbix_version = $zabbix::params::zabbix_version,
16-
$database_schema_path = '',
17-
$database_name = '',
18-
$database_user = '',
19-
$database_password = '',
20-
$database_host = '',
21-
Stdlib::Port::Unprivileged $database_port = 5432,
22-
$database_path = $zabbix::params::database_path,
14+
$zabbix_type = '',
15+
$zabbix_version = $zabbix::params::zabbix_version,
16+
$database_schema_path = '',
17+
$database_name = '',
18+
$database_user = '',
19+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = undef,
20+
$database_host = '',
21+
Stdlib::Port::Unprivileged $database_port = 5432,
22+
$database_path = $zabbix::params::database_path,
2323
) inherits zabbix::params {
2424
assert_private()
2525

26+
$database_password_unsensitive = if $database_password =~ Sensitive[String] {
27+
$database_password.unwrap
28+
} else {
29+
$database_password
30+
}
31+
2632
if ($database_schema_path == false) or ($database_schema_path == '') {
2733
if member(['CentOS', 'RedHat', 'OracleLinux', 'VirtuozzoLinux'], $facts['os']['name']) {
2834
if versioncmp($zabbix_version, '6.0') >= 0 {
@@ -63,9 +69,9 @@
6369
}
6470

6571
exec { 'update_pgpass':
66-
command => "echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password} >> /root/.pgpass",
72+
command => "echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass",
6773
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
68-
unless => "grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password}\" /root/.pgpass",
74+
unless => "grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass",
6975
require => File['/root/.pgpass'],
7076
}
7177

manifests/init.pp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -249,7 +249,7 @@
249249
Optional[Stdlib::Absolutepath] $ldap_clientkey = $zabbix::params::ldap_clientkey,
250250
Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert,
251251
$zabbix_api_user = $zabbix::params::server_api_user,
252-
$zabbix_api_pass = $zabbix::params::server_api_pass,
252+
Optional[Variant[String[1], Sensitive[String[1]]]] $zabbix_api_pass = $zabbix::params::server_api_pass,
253253
$listenport = $zabbix::params::server_listenport,
254254
$sourceip = $zabbix::params::server_sourceip,
255255
Enum['console', 'file', 'system'] $logtype = $zabbix::params::server_logtype,
@@ -262,7 +262,7 @@
262262
$database_schema = $zabbix::params::server_database_schema,
263263
Boolean $database_double_ieee754 = $zabbix::params::server_database_double_ieee754,
264264
$database_user = $zabbix::params::server_database_user,
265-
$database_password = $zabbix::params::server_database_password,
265+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password,
266266
$database_socket = $zabbix::params::server_database_socket,
267267
$database_port = $zabbix::params::server_database_port,
268268
$database_charset = $zabbix::params::server_database_charset,

manifests/params.pp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@
182182
$ldap_clientcert = undef
183183
$ldap_clientkey = undef
184184
$ldap_reqcert = undef
185-
$server_api_pass = 'zabbix'
185+
$server_api_pass = Sensitive('zabbix')
186186
$server_api_user = 'Admin'
187187
$server_database_double_ieee754 = false
188188
$saml_sp_key = undef
@@ -203,7 +203,7 @@
203203
$server_database_host = 'localhost'
204204
$server_database_host_ip = '127.0.0.1'
205205
$server_database_name = 'zabbix_server'
206-
$server_database_password = 'zabbix_server'
206+
$server_database_password = Sensitive('zabbix_server')
207207
$server_database_port = undef
208208
$server_database_schema = undef
209209
$server_database_socket = undef
@@ -240,6 +240,7 @@
240240
$server_snmptrapperfile = '/tmp/zabbix_traps.tmp'
241241
$server_sourceip = undef
242242
$server_sshkeylocation = undef
243+
$server_sslcalocation = undef
243244
$server_sslcertlocation = '/usr/lib/zabbix/ssl/certs'
244245
$server_sslkeylocation = '/usr/lib/zabbix/ssl/keys'
245246
$server_startdbsyncers = '4'
@@ -288,6 +289,7 @@
288289
$server_vaulturl = 'https://127.0.0.1:8200'
289290
$server_vmwarecachesize = '8M'
290291
$server_vmwarefrequency = '60'
292+
$server_vmwareperffrequency = undef
291293
$server_vmwaretimeout = undef
292294
$server_socketdir = undef
293295

@@ -369,7 +371,7 @@
369371
$proxy_configfrequency = '3600'
370372
$proxy_database_host = 'localhost'
371373
$proxy_database_name = 'zabbix_proxy'
372-
$proxy_database_password = 'zabbix-proxy'
374+
$proxy_database_password = Sensitive('zabbix-proxy')
373375
$proxy_database_port = undef
374376
$proxy_database_schema = undef
375377
$proxy_database_socket = undef

0 commit comments

Comments
 (0)