diff options
author | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2022-04-12 14:19:08 +0300 |
---|---|---|
committer | Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> | 2022-04-12 14:19:08 +0300 |
commit | 8174ece0c3db277075f440154d7fc2f4389a246f (patch) | |
tree | d4fb2e935eecf193bf238dd34b66a78441b10a62 /conf | |
parent | 3f1077ee92315e0cc27fcb33336647d25576f135 (diff) | |
parent | 117f77119617c1fce8fd88e5c674c251b9b76ea0 (diff) |
.......... [ZBXNEXT-388] merge from upstream
Diffstat (limited to 'conf')
-rw-r--r-- | conf/zabbix_proxy.conf | 46 | ||||
-rw-r--r-- | conf/zabbix_server.conf | 38 |
2 files changed, 69 insertions, 15 deletions
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf index 562fad863bc..e5312dc160b 100644 --- a/conf/zabbix_proxy.conf +++ b/conf/zabbix_proxy.conf @@ -299,16 +299,6 @@ DBUser=zabbix # Default: # StartPollersUnreachable=1 -### Option: StartHistoryPollers -# Number of pre-forked instances of history pollers. -# Only required for internal checks. -# A database connection is required for each history poller instance. -# -# Mandatory: no -# Range: 0-1000 -# Default: -# StartHistoryPollers=1 - ### Option: StartTrappers # Number of pre-forked instances of trappers. # Trappers accept incoming connections from Zabbix sender and active agents. @@ -886,12 +876,22 @@ StatsAllowedIP=127.0.0.1 # Default: # DBTLSCipher13= +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path # specified in optional VaultDBPath configuration parameter. # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) # Default: # VaultToken= @@ -903,14 +903,36 @@ StatsAllowedIP=127.0.0.1 # VaultURL=https://127.0.0.1:8200 ### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no # Default: # VaultDBPath= +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + ####### For advanced users - TCP-related fine-tuning parameters ####### ## Option: ListenBacklog diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf index e213c17a866..82ccdd19de0 100644 --- a/conf/zabbix_server.conf +++ b/conf/zabbix_server.conf @@ -237,7 +237,7 @@ DBUser=zabbix ### Option: StartHistoryPollers # Number of pre-forked instances of history pollers. -# Only required for calculated and internal checks. +# Only required for calculated checks. # A database connection is required for each history poller instance. # # Mandatory: no @@ -885,6 +885,15 @@ StatsAllowedIP=127.0.0.1 # Default: # DBTLSCipher13= +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission # to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath @@ -892,6 +901,7 @@ StatsAllowedIP=127.0.0.1 # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) # Default: # VaultToken= @@ -903,14 +913,36 @@ StatsAllowedIP=127.0.0.1 # VaultURL=https://127.0.0.1:8200 ### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no # Default: # VaultDBPath= +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + ### Option: StartReportWriters # Number of pre-forked report writer instances. # |