Add TLS support of Zabbix 3.0

2016-03-21 18:24:12 +01:00 · 2016-03-21 18:24:12 +01:00 · 1d093fd18a
parent 098f6a7b46
commit 1d093fd18a
1 changed files with 33 additions and 0 deletions
--- a/root/etc/e-smith/templates/etc/zabbix/zabbix_proxy.conf/85TLS
+++ b/root/etc/e-smith/templates/etc/zabbix/zabbix_proxy.conf/85TLS
@ -0,0 +1,33 @@
+{
+  my @encryptions = ();
+  my $psk_file = ${'zabbix-proxy'}{'TLSPSKFile'} || '/etc/zabbix/zabbix_proxy.psk';
+  my $psk_id   = ${'zabbix-proxy'}{'TLSPSKIdentity'} || $SystemName . '.' . $DomainName . '-proxy';
+  if (-s $psk_file){
+    push @encryptions, 'psk';
+    $OUT .=<<_EOF;
+TLSPSKFile=$psk_file
+TLSPSKIdentity=$psk_id
+_EOF
+  }
+
+  my $cert = ${'zabbix-proxy'}{'TLSCertFile'} || '/etc/zabbix/zabbix_proxy.crt';
+  my $key  = ${'zabbix-proxy'}{'TLSKeyFile'}  || '/etc/zabbix/zabbix_proxy.key';
+  my $ca   = ${'zabbix-proxy'}{'TLSCAFile'}   || '/etc/zabbix/zabbix_proxy.ca';
+  if (-s $cert && -s $key && -s $ca){
+    push @encryptions, 'cert';
+    $OUT .=<<_EOF;
+TLSCertFile=$cert
+TLSKeyFile=$key
+TLSCAFile=$ca
+_EOF
+    my $issuer  = ${'zabbix-proxy'}{'TLSServerCertIssuer'} || '';
+    my $subject = ${'zabbix-proxy'}{'TLSServerCertSubject'} || '';
+    $OUT .= "TLSServerCertIssuer=$issuer\n"   if ($issuer ne '');
+    $OUT .= "TLSServerCertSubject=$subject\n" if ($subject ne '');
+  }
+  my $encryptions = (scalar @encryptions > 0) ? join(',', @encryptions) : 'unencrypted';
+  $OUT .=<<_EOF;
+TLSConnect=$encryptions
+TLSAccept=$encryptions
+_EOF
+}