mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 16:24:54 +02:00
Merge branch 'ent-4759-compatibilidad-ssl-y-certificados-conexiones-mysql' into 'develop'
Add SSL support for database connections. See merge request artica/pandorafms!4134
This commit is contained in:
Daniel Rodriguez
commit
35e889be15
@ -67,6 +67,18 @@ dbhost 127.0.0.1
|
|||||||
# Default value depends on the dbengine (mysql: 3306)
|
# Default value depends on the dbengine (mysql: 3306)
|
||||||
#dbport 3306
|
#dbport 3306
|
||||||
|
|
||||||
|
# dbssl: Enable (1) or disable (0) SSL for the database connection.
|
||||||
|
|
||||||
|
dbssl 0
|
||||||
|
|
||||||
|
# dbsslcafile: Path to a file in PEM format that contains a list of trusted SSL certificate authorities.
|
||||||
|
|
||||||
|
# dbsslcafile
|
||||||
|
|
||||||
|
# dbsslcapath: Path to a directory that contains trusted SSL certificate authority certificates in PEM format.
|
||||||
|
|
||||||
|
# dbsslcapath
|
||||||
|
|
||||||
# By default, parent agent will not be updated
|
# By default, parent agent will not be updated
|
||||||
|
|
||||||
#update_parent 0
|
#update_parent 0
|
||||||
|
|||||||
@ -233,6 +233,9 @@ sub pandora_load_config {
|
|||||||
$pa_config->{"dbhost"} = "localhost";
|
$pa_config->{"dbhost"} = "localhost";
|
||||||
$pa_config->{'dbport'} = undef; # set to standard port of "dbengine" later
|
$pa_config->{'dbport'} = undef; # set to standard port of "dbengine" later
|
||||||
$pa_config->{"dbname"} = "pandora";
|
$pa_config->{"dbname"} = "pandora";
|
||||||
|
$pa_config->{"dbssl"} = 0;
|
||||||
|
$pa_config->{"dbsslcapath"} = "";
|
||||||
|
$pa_config->{"dbsslcafile"} = "";
|
||||||
$pa_config->{"basepath"} = $pa_config->{'pandora_path'}; # Compatibility with Pandora 1.1
|
$pa_config->{"basepath"} = $pa_config->{'pandora_path'}; # Compatibility with Pandora 1.1
|
||||||
$pa_config->{"incomingdir"} = "/var/spool/pandora/data_in";
|
$pa_config->{"incomingdir"} = "/var/spool/pandora/data_in";
|
||||||
$pa_config->{"user"} = "pandora"; # environment settings default user owner for files generated
|
$pa_config->{"user"} = "pandora"; # environment settings default user owner for files generated
|
||||||
@ -704,6 +707,15 @@ sub pandora_load_config {
|
|||||||
elsif ($parametro =~ m/^dbname\s(.*)/i) {
|
elsif ($parametro =~ m/^dbname\s(.*)/i) {
|
||||||
$pa_config->{'dbname'}= clean_blank($1);
|
$pa_config->{'dbname'}= clean_blank($1);
|
||||||
}
|
}
|
||||||
|
elsif ($parametro =~ m/^dbssl\s+([0-1])/i) {
|
||||||
|
$pa_config->{'dbssl'}= clean_blank($1);
|
||||||
|
}
|
||||||
|
elsif ($parametro =~ m/^dbsslcapath\s(.*)/i) {
|
||||||
|
$pa_config->{'dbsslcapath'}= clean_blank($1);
|
||||||
|
}
|
||||||
|
elsif ($parametro =~ m/^dbsslcafile\s(.*)/i) {
|
||||||
|
$pa_config->{'dbsslcafile'}= clean_blank($1);
|
||||||
|
}
|
||||||
elsif ($parametro =~ m/^dbuser\s(.*)/i) {
|
elsif ($parametro =~ m/^dbuser\s(.*)/i) {
|
||||||
$pa_config->{'dbuser'}= clean_blank($1);
|
$pa_config->{'dbuser'}= clean_blank($1);
|
||||||
}
|
}
|
||||||
@ -1282,6 +1294,9 @@ sub pandora_load_config {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Configure SSL.
|
||||||
|
set_ssl_opts($pa_config);
|
||||||
|
|
||||||
if (($pa_config->{"verbosity"} > 4) && ($pa_config->{"quiet"} == 0)){
|
if (($pa_config->{"verbosity"} > 4) && ($pa_config->{"quiet"} == 0)){
|
||||||
if ($pa_config->{"PID"} ne ""){
|
if ($pa_config->{"PID"} ne ""){
|
||||||
print " [*] PID File is written at ".$pa_config->{'PID'}."\n";
|
print " [*] PID File is written at ".$pa_config->{'PID'}."\n";
|
||||||
|
|||||||
@ -109,6 +109,7 @@ our @EXPORT = qw(
|
|||||||
get_agentmodule_status
|
get_agentmodule_status
|
||||||
get_agentmodule_status_str
|
get_agentmodule_status_str
|
||||||
get_agentmodule_data
|
get_agentmodule_data
|
||||||
|
set_ssl_opts
|
||||||
$RDBMS
|
$RDBMS
|
||||||
$RDBMS_QUOTE
|
$RDBMS_QUOTE
|
||||||
$RDBMS_QUOTE_STRING
|
$RDBMS_QUOTE_STRING
|
||||||
@ -123,6 +124,9 @@ our $RDBMS_QUOTE = '';
|
|||||||
# For strings, Character used to quote in the current RDBMS
|
# For strings, Character used to quote in the current RDBMS
|
||||||
our $RDBMS_QUOTE_STRING = '';
|
our $RDBMS_QUOTE_STRING = '';
|
||||||
|
|
||||||
|
# SSL options.
|
||||||
|
my $SSL_OPTS = '';
|
||||||
|
|
||||||
##########################################################################
|
##########################################################################
|
||||||
## Connect to the DB.
|
## Connect to the DB.
|
||||||
##########################################################################
|
##########################################################################
|
||||||
@ -135,7 +139,7 @@ sub db_connect ($$$$$$) {
|
|||||||
$RDBMS_QUOTE_STRING = '"';
|
$RDBMS_QUOTE_STRING = '"';
|
||||||
|
|
||||||
# Connect to MySQL
|
# Connect to MySQL
|
||||||
my $dbh = DBI->connect("DBI:mysql:$db_name:$db_host:$db_port", $db_user, $db_pass, { RaiseError => 1, AutoCommit => 1 });
|
my $dbh = DBI->connect("DBI:mysql:$db_name:$db_host:$db_port;$SSL_OPTS", $db_user, $db_pass, { RaiseError => 1, AutoCommit => 1 });
|
||||||
return undef unless defined ($dbh);
|
return undef unless defined ($dbh);
|
||||||
|
|
||||||
# Enable auto reconnect
|
# Enable auto reconnect
|
||||||
@ -1542,6 +1546,29 @@ sub db_release_lock($$) {
|
|||||||
my ($lock) = $sth->fetchrow;
|
my ($lock) = $sth->fetchrow;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
## Set SSL options globally for the module.
|
||||||
|
########################################################################
|
||||||
|
sub set_ssl_opts($) {
|
||||||
|
my ($pa_config) = @_;
|
||||||
|
|
||||||
|
# SSL is disabled for the DB.
|
||||||
|
if (!defined($pa_config->{'dbssl'}) || $pa_config->{'dbssl'} == 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Enable SSL.
|
||||||
|
$SSL_OPTS = "mysql_ssl=1;mysql_ssl_optional=1;mysql_ssl_verify_server_cert=1";
|
||||||
|
|
||||||
|
# Set additional SSL options.
|
||||||
|
if (defined($pa_config->{'dbsslcapath'}) && $pa_config->{'dbsslcapath'} ne "") {
|
||||||
|
$SSL_OPTS .= ";mysql_ssl_ca_path=" . $pa_config->{'dbsslcapath'};
|
||||||
|
}
|
||||||
|
if (defined($pa_config->{'dbsslcafile'}) && $pa_config->{'dbsslcafile'} ne "") {
|
||||||
|
$SSL_OPTS .= ";mysql_ssl_ca_file=" . $pa_config->{'dbsslcafile'};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# End of function declaration
|
# End of function declaration
|
||||||
# End of defined Code
|
# End of defined Code
|
||||||
|
|
||||||
|
|||||||
@ -629,6 +629,9 @@ sub pandora_load_config_pdb ($) {
|
|||||||
$conf->{'claim_back_snmp_modules'} = '1' unless defined ($conf->{'claim_back_snmp_modules'});
|
$conf->{'claim_back_snmp_modules'} = '1' unless defined ($conf->{'claim_back_snmp_modules'});
|
||||||
$conf->{'verbosity'} = '3' unless defined ($conf->{'verbosity'});
|
$conf->{'verbosity'} = '3' unless defined ($conf->{'verbosity'});
|
||||||
|
|
||||||
|
# Configure SSL.
|
||||||
|
set_ssl_opts($conf);
|
||||||
|
|
||||||
# Dynamic interval configuration.
|
# Dynamic interval configuration.
|
||||||
$conf->{"dynamic_constant"} = 0.10 unless defined($conf->{"dynamic_constant"});
|
$conf->{"dynamic_constant"} = 0.10 unless defined($conf->{"dynamic_constant"});
|
||||||
$conf->{"dynamic_warning"} = 0.10 unless defined($conf->{"dynamic_warning"});
|
$conf->{"dynamic_warning"} = 0.10 unless defined($conf->{"dynamic_warning"});
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user