From 5388e00b05dc435512621f1be217b7fa27d2876b Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 21 Mar 2016 18:16:25 +0100 Subject: [PATCH] Add support for TLS --- .../templates/etc/zabbix/zabbix_agentd.conf/85TLS | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS diff --git a/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS b/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS new file mode 100644 index 0000000..015557f --- /dev/null +++ b/root/etc/e-smith/templates/etc/zabbix/zabbix_agentd.conf/85TLS @@ -0,0 +1,33 @@ +{ + my @encryptions = (); + my $psk_file = ${'zabbix-agent'}{'TLSPSKFile'} || '/etc/zabbix/zabbix_agentd.psk'; + my $psk_id = ${'zabbix-agent'}{'TLSPSKIdentity'} || $SystemName . '.' . $DomainName . '-agent'; + if (-s $psk_file){ + push @encryptions, 'psk'; + $OUT .=<<_EOF; +TLSPSKFile=$psk_file +TLSPSKIdentity=$psk_id +_EOF + } + + my $cert = ${'zabbix-agent'}{'TLSCertFile'} || '/etc/zabbix/zabbix_agentd.crt'; + my $key = ${'zabbix-agent'}{'TLSKeyFile'} || '/etc/zabbix/zabbix_agentd.key'; + my $ca = ${'zabbix-agent'}{'TLSCAFile'} || '/etc/zabbix/zabbix_agentd.ca'; + if (-s $cert && -s $key && -s $ca){ + push @encryptions, 'cert'; + $OUT .=<<_EOF; +TLSCertFile=$cert +TLSKeyFile=$key +TLSCAFile=$ca +_EOF + my $issuer = ${'zabbix-agent'}{'TLSServerCertIssuer'} || ''; + my $subject = ${'zabbix-agent'}{'TLSServerCertSubject'} || ''; + $OUT .= "TLSServerCertIssuer=$issuer\n" if ($issuer ne ''); + $OUT .= "TLSServerCertSubject=$subject\n" if ($subject ne ''); + } + my $encryptions = (scalar @encryptions > 0) ? join(',', @encryptions) : 'unencrypted'; + $OUT .=<<_EOF; +TLSConnect=$encryptions +TLSAccept=$encryptions +_EOF +}