Add support for TLS

2016-03-21 18:16:25 +01:00 · 2016-03-21 18:16:25 +01:00 · 5388e00b05
parent 738268d20e
commit 5388e00b05
1 changed files with 33 additions and 0 deletions
--- a/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS
+++ b/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS
@ -0,0 +1,33 @@
+{
+  my @encryptions = ();
+  my $psk_file = ${'zabbix-agent'}{'TLSPSKFile'} || '/etc/zabbix/zabbix_agentd.psk';
+  my $psk_id   = ${'zabbix-agent'}{'TLSPSKIdentity'} || $SystemName . '.' . $DomainName . '-agent';
+  if (-s $psk_file){
+    push @encryptions, 'psk';
+    $OUT .=<<_EOF;
+TLSPSKFile=$psk_file
+TLSPSKIdentity=$psk_id
+_EOF
+  }
+
+  my $cert = ${'zabbix-agent'}{'TLSCertFile'} || '/etc/zabbix/zabbix_agentd.crt';
+  my $key  = ${'zabbix-agent'}{'TLSKeyFile'}  || '/etc/zabbix/zabbix_agentd.key';
+  my $ca   = ${'zabbix-agent'}{'TLSCAFile'}   || '/etc/zabbix/zabbix_agentd.ca';
+  if (-s $cert && -s $key && -s $ca){
+    push @encryptions, 'cert';
+    $OUT .=<<_EOF;
+TLSCertFile=$cert
+TLSKeyFile=$key
+TLSCAFile=$ca
+_EOF
+    my $issuer  = ${'zabbix-agent'}{'TLSServerCertIssuer'} || '';
+    my $subject = ${'zabbix-agent'}{'TLSServerCertSubject'} || '';
+    $OUT .= "TLSServerCertIssuer=$issuer\n"   if ($issuer ne '');
+    $OUT .= "TLSServerCertSubject=$subject\n" if ($subject ne '');
+  }
+  my $encryptions = (scalar @encryptions > 0) ? join(',', @encryptions) : 'unencrypted';
+  $OUT .=<<_EOF;
+TLSConnect=$encryptions
+TLSAccept=$encryptions
+_EOF
+}