Merge branch 'ent-4759-compatibilidad-ssl-y-certificados-conexiones-mysql' into 'develop'
Add SSL support for database connections. See merge request artica/pandorafms!4134
This commit is contained in:
Daniel Rodriguez
commit
35e889be15
|
|
@ -67,6 +67,18 @@ dbhost 127.0.0.1
|
|||
# Default value depends on the dbengine (mysql: 3306)
|
||||
#dbport 3306
|
||||
|
||||
# dbssl: Enable (1) or disable (0) SSL for the database connection.
|
||||
|
||||
dbssl 0
|
||||
|
||||
# dbsslcafile: Path to a file in PEM format that contains a list of trusted SSL certificate authorities.
|
||||
|
||||
# dbsslcafile
|
||||
|
||||
# dbsslcapath: Path to a directory that contains trusted SSL certificate authority certificates in PEM format.
|
||||
|
||||
# dbsslcapath
|
||||
|
||||
# By default, parent agent will not be updated
|
||||
|
||||
#update_parent 0
|
||||
|
|
|
|||
|
|
@ -233,6 +233,9 @@ sub pandora_load_config {
|
|||
$pa_config->{"dbhost"} = "localhost";
|
||||
$pa_config->{'dbport'} = undef; # set to standard port of "dbengine" later
|
||||
$pa_config->{"dbname"} = "pandora";
|
||||
$pa_config->{"dbssl"} = 0;
|
||||
$pa_config->{"dbsslcapath"} = "";
|
||||
$pa_config->{"dbsslcafile"} = "";
|
||||
$pa_config->{"basepath"} = $pa_config->{'pandora_path'}; # Compatibility with Pandora 1.1
|
||||
$pa_config->{"incomingdir"} = "/var/spool/pandora/data_in";
|
||||
$pa_config->{"user"} = "pandora"; # environment settings default user owner for files generated
|
||||
|
|
@ -704,6 +707,15 @@ sub pandora_load_config {
|
|||
elsif ($parametro =~ m/^dbname\s(.*)/i) {
|
||||
$pa_config->{'dbname'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^dbssl\s+([0-1])/i) {
|
||||
$pa_config->{'dbssl'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^dbsslcapath\s(.*)/i) {
|
||||
$pa_config->{'dbsslcapath'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^dbsslcafile\s(.*)/i) {
|
||||
$pa_config->{'dbsslcafile'}= clean_blank($1);
|
||||
}
|
||||
elsif ($parametro =~ m/^dbuser\s(.*)/i) {
|
||||
$pa_config->{'dbuser'}= clean_blank($1);
|
||||
}
|
||||
|
|
@ -1282,6 +1294,9 @@ sub pandora_load_config {
|
|||
}
|
||||
}
|
||||
|
||||
# Configure SSL.
|
||||
set_ssl_opts($pa_config);
|
||||
|
||||
if (($pa_config->{"verbosity"} > 4) && ($pa_config->{"quiet"} == 0)){
|
||||
if ($pa_config->{"PID"} ne ""){
|
||||
print " [*] PID File is written at ".$pa_config->{'PID'}."\n";
|
||||
|
|
|
|||
|
|
@ -109,6 +109,7 @@ our @EXPORT = qw(
|
|||
get_agentmodule_status
|
||||
get_agentmodule_status_str
|
||||
get_agentmodule_data
|
||||
set_ssl_opts
|
||||
$RDBMS
|
||||
$RDBMS_QUOTE
|
||||
$RDBMS_QUOTE_STRING
|
||||
|
|
@ -123,6 +124,9 @@ our $RDBMS_QUOTE = '';
|
|||
# For strings, Character used to quote in the current RDBMS
|
||||
our $RDBMS_QUOTE_STRING = '';
|
||||
|
||||
# SSL options.
|
||||
my $SSL_OPTS = '';
|
||||
|
||||
##########################################################################
|
||||
## Connect to the DB.
|
||||
##########################################################################
|
||||
|
|
@ -135,7 +139,7 @@ sub db_connect ($$$$$$) {
|
|||
$RDBMS_QUOTE_STRING = '"';
|
||||
|
||||
# Connect to MySQL
|
||||
my $dbh = DBI->connect("DBI:mysql:$db_name:$db_host:$db_port", $db_user, $db_pass, { RaiseError => 1, AutoCommit => 1 });
|
||||
my $dbh = DBI->connect("DBI:mysql:$db_name:$db_host:$db_port;$SSL_OPTS", $db_user, $db_pass, { RaiseError => 1, AutoCommit => 1 });
|
||||
return undef unless defined ($dbh);
|
||||
|
||||
# Enable auto reconnect
|
||||
|
|
@ -1542,6 +1546,29 @@ sub db_release_lock($$) {
|
|||
my ($lock) = $sth->fetchrow;
|
||||
}
|
||||
|
||||
########################################################################
|
||||
## Set SSL options globally for the module.
|
||||
########################################################################
|
||||
sub set_ssl_opts($) {
|
||||
my ($pa_config) = @_;
|
||||
|
||||
# SSL is disabled for the DB.
|
||||
if (!defined($pa_config->{'dbssl'}) || $pa_config->{'dbssl'} == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
# Enable SSL.
|
||||
$SSL_OPTS = "mysql_ssl=1;mysql_ssl_optional=1;mysql_ssl_verify_server_cert=1";
|
||||
|
||||
# Set additional SSL options.
|
||||
if (defined($pa_config->{'dbsslcapath'}) && $pa_config->{'dbsslcapath'} ne "") {
|
||||
$SSL_OPTS .= ";mysql_ssl_ca_path=" . $pa_config->{'dbsslcapath'};
|
||||
}
|
||||
if (defined($pa_config->{'dbsslcafile'}) && $pa_config->{'dbsslcafile'} ne "") {
|
||||
$SSL_OPTS .= ";mysql_ssl_ca_file=" . $pa_config->{'dbsslcafile'};
|
||||
}
|
||||
}
|
||||
|
||||
# End of function declaration
|
||||
# End of defined Code
|
||||
|
||||
|
|
|
|||
|
|
@ -629,6 +629,9 @@ sub pandora_load_config_pdb ($) {
|
|||
$conf->{'claim_back_snmp_modules'} = '1' unless defined ($conf->{'claim_back_snmp_modules'});
|
||||
$conf->{'verbosity'} = '3' unless defined ($conf->{'verbosity'});
|
||||
|
||||
# Configure SSL.
|
||||
set_ssl_opts($conf);
|
||||
|
||||
# Dynamic interval configuration.
|
||||
$conf->{"dynamic_constant"} = 0.10 unless defined($conf->{"dynamic_constant"});
|
||||
$conf->{"dynamic_warning"} = 0.10 unless defined($conf->{"dynamic_warning"});
|
||||
|
|
|
|||
Loading…
Reference in New Issue