web-apache-mysql docker container, improve vault connection

XMLWordPrintable

    • Type: Problem report
    • Resolution: Unresolved
    • Priority: Minor
    • None
    • Affects Version/s: 7.0.22
    • Component/s: Packages (C)
    • None

      From page
      https://www.zabbix.com/documentation/7.0/en/manual/config/secrets/hashicorp
      Enabling HashiCorp Vault depends on setting up Vault characteristics:

      Vault - which vault provider should be used;
VaultToken - vault authentication token (see Zabbix server/proxy configuration file for details);
VaultURL - vault server HTTP[S] URL;
VaultDBPath - path to the vault secret containing database credentials (*this option can only be used if DBUser and DBPassword are not specified*); Zabbix server or proxy will retrieve the credentials by keys "password" and "username";
VaultPrefix - custom prefix for the vault path or query, depending on the vault; if not specified, the most suitable default will be used.

      One important part is VaultDBPath, which expects the DBUser and DBPassword fields to be empty.

      If no DB values are specified, Docker container "zabbix-web-apache-mysql:7.0.19-alpine" will default to:

      MYSQL_USER=zabbix
MYSQL_PASSWORD=zabbix

      This makes it cumbersome to read DB credentials from the vault.

      The direction of the solution can be to identify the vault connection before supplying default values for MYSQL_USER, MYSQL_USER

      Related file:
      https://github.com/zabbix/zabbix-docker/blob/7.0/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh

            Assignee:
            Zabbix Development Team
            Reporter:
            Aigars Kadikis
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: