[ZBX-22060] PgSQL plugin is not able to start TLS encryption for official template - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Problem report
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.0.30, 6.0.12, 6.2.6, 6.4.0beta4
Fix Version/s: 6.0.22rc1, 6.4.7rc1, 7.0.0alpha4, 7.0 (plan)
Component/s: None
Labels:
None
Environment:
RHEL 8.7
LTS 6.0
PgSQL 14.6
TSDB 2.8.1
OpenSSL 1.1.1 series
Agent2 6.0.14

Team:
Team INT
Sprint:
Sprint 103 (Aug 2023)
Story Points:
1

Description

Steps to reproduce:

Follow: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/db/postgresql_agent2/README.md?at=refs%2Fheads%2Frelease%2F6.2
Setup PgSQL server to use optional TLS (with mandatory we will just fail);
Check PgSQL stats:

SELECT datname,usename, ssl, client_addr 
  FROM pg_stat_ssl
  JOIN pg_stat_activity
  ON pg_stat_ssl.pid = pg_stat_activity.pid;

Result:
Suggested user will not use encryption.

Expected:
Able to set tls options for the plugin like:

Plugins.PostgreSQL.TLSConnect=required

This is not a feature request, this is a bug in design. Create official template, implement encryption, and they are cannot be used until you manually re-create the template to support {$PG.SESSION} variable in all keys.

Attachments

Issue Links

depends on

ZBXNEXT-8157 Accept both: session name and key parameters

Closed

Sub-Tasks

Faulty TLSConnect parameter functionality in PostgreSQL plugin

Closed

Eriks Sneiders

Activity

People

Assignee:: Denis Rasikhov

Reporter:: Edgar Akhmetshin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022 Dec 09 17:49

Updated:: 2023 Aug 25 21:24

Resolved:: 2023 Aug 25 21:24