Skip to content

Commit d3b8e7e

Browse files
author
DEFERME Bert
committed
Add sensitive support
1 parent a122643 commit d3b8e7e

File tree

14 files changed

+830
-385
lines changed

14 files changed

+830
-385
lines changed

manifests/database.pp

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -64,23 +64,23 @@
6464
# the zabbix_server and zabbix_web parameter.
6565
# @author Werner Dijkerman [email protected]
6666
class zabbix::database (
67-
$zabbix_type = 'server',
68-
$zabbix_web = $zabbix::params::zabbix_web,
69-
$zabbix_web_ip = $zabbix::params::zabbix_web_ip,
70-
$zabbix_server = $zabbix::params::zabbix_server,
71-
$zabbix_server_ip = $zabbix::params::zabbix_server_ip,
72-
$zabbix_proxy = $zabbix::params::zabbix_proxy,
73-
$zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip,
74-
$manage_database = $zabbix::params::manage_database,
75-
Zabbix::Databases $database_type = $zabbix::params::database_type,
76-
$database_schema_path = $zabbix::params::database_schema_path,
77-
$database_name = $zabbix::params::server_database_name,
78-
$database_user = $zabbix::params::server_database_user,
79-
$database_password = $zabbix::params::server_database_password,
80-
$database_host = $zabbix::params::server_database_host,
81-
$database_host_ip = $zabbix::params::server_database_host_ip,
82-
$database_charset = $zabbix::params::server_database_charset,
83-
$database_collate = $zabbix::params::server_database_collate,
67+
$zabbix_type = 'server',
68+
$zabbix_web = $zabbix::params::zabbix_web,
69+
$zabbix_web_ip = $zabbix::params::zabbix_web_ip,
70+
$zabbix_server = $zabbix::params::zabbix_server,
71+
$zabbix_server_ip = $zabbix::params::zabbix_server_ip,
72+
$zabbix_proxy = $zabbix::params::zabbix_proxy,
73+
$zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip,
74+
$manage_database = $zabbix::params::manage_database,
75+
Zabbix::Databases $database_type = $zabbix::params::database_type,
76+
$database_schema_path = $zabbix::params::database_schema_path,
77+
$database_name = $zabbix::params::server_database_name,
78+
$database_user = $zabbix::params::server_database_user,
79+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password,
80+
$database_host = $zabbix::params::server_database_host,
81+
$database_host_ip = $zabbix::params::server_database_host_ip,
82+
$database_charset = $zabbix::params::server_database_charset,
83+
$database_collate = $zabbix::params::server_database_collate,
8484
Optional[String[1]] $database_tablespace = $zabbix::params::server_database_tablespace,
8585
) inherits zabbix::params {
8686
# So lets create the databases and load all files. This can only be

manifests/database/mysql.pp

Lines changed: 24 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,24 @@
1111
# @param database_path Path to the database executable
1212
# @author Werner Dijkerman <[email protected]>
1313
class zabbix::database::mysql (
14-
$zabbix_type = '',
15-
$zabbix_version = $zabbix::params::zabbix_version,
16-
$database_schema_path = '',
17-
$database_name = '',
18-
$database_user = '',
19-
$database_password = '',
20-
$database_host = '',
21-
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22-
$database_path = $zabbix::params::database_path,
14+
$zabbix_type = '',
15+
$zabbix_version = $zabbix::params::zabbix_version,
16+
$database_schema_path = '',
17+
$database_name = '',
18+
$database_user = '',
19+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = '',
20+
$database_host = '',
21+
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22+
$database_path = $zabbix::params::database_path,
2323
) inherits zabbix::params {
2424
assert_private()
2525

26+
$database_password_unsensitive = if $database_password =~ Sensitive[String] {
27+
$database_password.unwrap
28+
} else {
29+
$database_password
30+
}
31+
2632
if ($database_schema_path == false) or ($database_schema_path == '') {
2733
if versioncmp($zabbix_version, '5.4') >= 0 {
2834
$schema_path = '/usr/share/doc/zabbix-sql-scripts/mysql/'
@@ -43,28 +49,30 @@
4349
case $zabbix_type {
4450
'proxy': {
4551
$zabbix_proxy_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? {
46-
true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done",
47-
false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done"
52+
true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done",
53+
false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done"
4854
}
4955
}
5056
default: {
5157
$zabbix_server_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? {
52-
true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done",
53-
false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done"
58+
true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done",
59+
false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done"
5460
}
5561
$zabbix_server_images_sql = 'touch /etc/zabbix/.images.done'
5662
$zabbix_server_data_sql = 'touch /etc/zabbix/.data.done'
5763
}
5864
}
5965

6066
# Loading the sql files.
67+
$_mysql_env = [ "database_password=${database_password_unsensitive}" ]
6168
case $zabbix_type {
6269
'proxy' : {
6370
exec { 'zabbix_proxy_create.sql':
6471
command => $zabbix_proxy_create_sql,
6572
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
6673
unless => 'test -f /etc/zabbix/.schema.done',
6774
provider => 'shell',
75+
environment => $_mysql_env,
6876
}
6977
}
7078
'server' : {
@@ -73,18 +81,21 @@
7381
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
7482
unless => 'test -f /etc/zabbix/.schema.done',
7583
provider => 'shell',
84+
environment => $_mysql_env,
7685
}
7786
-> exec { 'zabbix_server_images.sql':
7887
command => $zabbix_server_images_sql,
7988
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
8089
unless => 'test -f /etc/zabbix/.images.done',
8190
provider => 'shell',
91+
environment => $_mysql_env,
8292
}
8393
-> exec { 'zabbix_server_data.sql':
8494
command => $zabbix_server_data_sql,
8595
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
8696
unless => 'test -f /etc/zabbix/.data.done',
8797
provider => 'shell',
98+
environment => $_mysql_env,
8899
}
89100
}
90101
default : {

manifests/database/postgresql.pp

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,24 @@
1111
# @param database_path Path to the database executable
1212
# @author Werner Dijkerman <[email protected]>
1313
class zabbix::database::postgresql (
14-
$zabbix_type = '',
15-
$zabbix_version = $zabbix::params::zabbix_version,
16-
$database_schema_path = '',
17-
$database_name = '',
18-
$database_user = '',
19-
$database_password = '',
20-
$database_host = '',
21-
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22-
$database_path = $zabbix::params::database_path,
14+
$zabbix_type = '',
15+
$zabbix_version = $zabbix::params::zabbix_version,
16+
$database_schema_path = '',
17+
$database_name = '',
18+
$database_user = '',
19+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = undef,
20+
$database_host = '',
21+
Optional[Stdlib::Port::Unprivileged] $database_port = undef,
22+
$database_path = $zabbix::params::database_path,
2323
) inherits zabbix::params {
2424
assert_private()
2525

26+
$database_password_unsensitive = if $database_password =~ Sensitive[String] {
27+
$database_password.unwrap
28+
} else {
29+
$database_password
30+
}
31+
2632
if ($database_schema_path == false) or ($database_schema_path == '') {
2733
if member(['CentOS', 'RedHat', 'OracleLinux', 'VirtuozzoLinux'], $facts['os']['name']) {
2834
if versioncmp($zabbix_version, '5.4') >= 0 {
@@ -65,9 +71,9 @@
6571
}
6672

6773
exec { 'update_pgpass':
68-
command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password} >> /root/.pgpass",
74+
command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass",
6975
path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
70-
unless => "grep \"${database_host}:5432:${database_name}:${database_user}:${database_password}\" /root/.pgpass",
76+
unless => "grep \"${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass",
7177
require => File['/root/.pgpass'],
7278
}
7379

manifests/init.pp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -249,7 +249,7 @@
249249
Optional[Stdlib::Absolutepath] $ldap_clientkey = $zabbix::params::ldap_clientkey,
250250
Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert,
251251
$zabbix_api_user = $zabbix::params::server_api_user,
252-
$zabbix_api_pass = $zabbix::params::server_api_pass,
252+
Optional[Variant[String[1], Sensitive[String[1]]]] $zabbix_api_pass = $zabbix::params::server_api_pass,
253253
$listenport = $zabbix::params::server_listenport,
254254
$sourceip = $zabbix::params::server_sourceip,
255255
Enum['console', 'file', 'system'] $logtype = $zabbix::params::server_logtype,
@@ -262,7 +262,7 @@
262262
$database_schema = $zabbix::params::server_database_schema,
263263
Boolean $database_double_ieee754 = $zabbix::params::server_database_double_ieee754,
264264
$database_user = $zabbix::params::server_database_user,
265-
$database_password = $zabbix::params::server_database_password,
265+
Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password,
266266
$database_socket = $zabbix::params::server_database_socket,
267267
$database_port = $zabbix::params::server_database_port,
268268
$database_charset = $zabbix::params::server_database_charset,

manifests/params.pp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,7 @@
182182
$ldap_clientcert = undef
183183
$ldap_clientkey = undef
184184
$ldap_reqcert = undef
185-
$server_api_pass = 'zabbix'
185+
$server_api_pass = Sensitive('zabbix')
186186
$server_api_user = 'Admin'
187187
$server_database_double_ieee754 = false
188188
$saml_sp_key = undef
@@ -203,7 +203,7 @@
203203
$server_database_host = 'localhost'
204204
$server_database_host_ip = '127.0.0.1'
205205
$server_database_name = 'zabbix_server'
206-
$server_database_password = 'zabbix_server'
206+
$server_database_password = Sensitive('zabbix_server')
207207
$server_database_port = undef
208208
$server_database_schema = undef
209209
$server_database_socket = undef
@@ -240,6 +240,7 @@
240240
$server_snmptrapperfile = '/tmp/zabbix_traps.tmp'
241241
$server_sourceip = undef
242242
$server_sshkeylocation = undef
243+
$server_sslcalocation = undef
243244
$server_sslcertlocation = '/usr/lib/zabbix/ssl/certs'
244245
$server_sslkeylocation = '/usr/lib/zabbix/ssl/keys'
245246
$server_startdbsyncers = '4'
@@ -288,6 +289,7 @@
288289
$server_vaulturl = 'https://127.0.0.1:8200'
289290
$server_vmwarecachesize = '8M'
290291
$server_vmwarefrequency = '60'
292+
$server_vmwareperffrequency = undef
291293
$server_vmwaretimeout = undef
292294
$server_socketdir = undef
293295

@@ -369,7 +371,7 @@
369371
$proxy_configfrequency = '3600'
370372
$proxy_database_host = 'localhost'
371373
$proxy_database_name = 'zabbix_proxy'
372-
$proxy_database_password = 'zabbix-proxy'
374+
$proxy_database_password = Sensitive('zabbix-proxy')
373375
$proxy_database_port = undef
374376
$proxy_database_schema = undef
375377
$proxy_database_socket = undef

0 commit comments

Comments
 (0)