diff --git a/.gitignore b/.gitignore index 13a8bf47e..3d63db5ec 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ zbx_env/ +zbx_env*/ diff --git a/agent/alpine/Dockerfile b/agent/alpine/Dockerfile index 19c50d344..7acd963ad 100644 --- a/agent/alpine/Dockerfile +++ b/agent/alpine/Dockerfile @@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix agent" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ mkdir -p /etc/zabbix && \ @@ -21,7 +21,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ apk add --no-cache --clean-protected \ tini \ bash \ @@ -81,6 +80,9 @@ RUN set -eux && \ chown -R zabbix:zabbix /etc/zabbix/ && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -95,6 +97,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_agentd", "--foreground", "-c", "/etc/zabbix/zabbix_agentd.conf"] diff --git a/docker-compose_v3_alpine_mysql_latest.yaml b/docker-compose_v3_alpine_mysql_latest.yaml index 88d7dad5a..698e8df13 100644 --- a/docker-compose_v3_alpine_mysql_latest.yaml +++ b/docker-compose_v3_alpine_mysql_latest.yaml @@ -38,7 +38,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -98,7 +97,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -150,7 +148,6 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -173,8 +170,8 @@ services: zabbix-web-apache-mysql: image: zabbix/zabbix-web-apache-mysql:alpine-trunk ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server @@ -196,12 +193,11 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -227,8 +223,8 @@ services: zabbix-web-nginx-mysql: image: zabbix/zabbix-web-nginx-mysql:alpine-trunk ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server @@ -250,12 +246,11 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -302,7 +297,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -332,7 +326,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -348,7 +341,7 @@ services: zabbix-snmptraps: image: zabbix/zabbix-snmptraps:alpine-trunk ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -359,7 +352,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -383,7 +375,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/docker-compose_v3_alpine_mysql_local.yaml b/docker-compose_v3_alpine_mysql_local.yaml index ecd57d97a..e79c1e02c 100644 --- a/docker-compose_v3_alpine_mysql_local.yaml +++ b/docker-compose_v3_alpine_mysql_local.yaml @@ -42,7 +42,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -106,7 +105,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -162,7 +160,6 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -189,8 +186,8 @@ services: - alpine:3.10 image: zabbix-web-apache-mysql:alpine-local ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server @@ -212,12 +209,11 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -247,8 +243,8 @@ services: - alpine:3.10 image: zabbix-web-nginx-mysql:alpine-local ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server @@ -270,12 +266,11 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -326,7 +321,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -360,7 +354,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -380,7 +373,7 @@ services: - alpine:3.10 image: zabbix-snmptraps:alpine-local ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -391,7 +384,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -415,7 +407,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index ed71b599c..8ddf8a8ac 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -37,7 +37,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-java-gateway @@ -97,7 +96,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -153,7 +151,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -176,8 +173,8 @@ services: zabbix-web-apache-pgsql: image: zabbix/zabbix-web-apache-pgsql:alpine-trunk ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server @@ -199,12 +196,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -230,8 +226,8 @@ services: zabbix-web-nginx-pgsql: image: zabbix/zabbix-web-nginx-pgsql:alpine-trunk ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:80443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server @@ -253,12 +249,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -305,7 +300,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -335,7 +329,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -351,7 +344,7 @@ services: zabbix-snmptraps: image: zabbix/zabbix-snmptraps:alpine-trunk ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -362,7 +355,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -386,7 +378,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: @@ -404,7 +395,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/docker-compose_v3_alpine_pgsql_local.yaml b/docker-compose_v3_alpine_pgsql_local.yaml index 16e1c91c2..0017b60ea 100644 --- a/docker-compose_v3_alpine_pgsql_local.yaml +++ b/docker-compose_v3_alpine_pgsql_local.yaml @@ -41,7 +41,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-java-gateway @@ -105,7 +104,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -165,7 +163,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -193,8 +190,8 @@ services: - alpine:3.10 image: zabbix-web-apache-pgsql:alpine-local ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server @@ -216,12 +213,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -251,8 +247,8 @@ services: - alpine:3.10 image: zabbix-web-nginx-pgsql:alpine-local ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server @@ -274,12 +270,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -330,7 +325,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -364,7 +358,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -384,7 +377,7 @@ services: - alpine:3.10 image: zabbix-snmptraps:alpine-local ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -395,7 +388,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -419,7 +411,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: @@ -437,7 +428,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/java-gateway/alpine/Dockerfile b/java-gateway/alpine/Dockerfile index e7619135f..bb2459577 100644 --- a/java-gateway/alpine/Dockerfile +++ b/java-gateway/alpine/Dockerfile @@ -10,14 +10,13 @@ LABEL org.opencontainers.image.title="Zabbix Java Gateway" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ mkdir -p /etc/zabbix/ && \ - chown --quiet -R zabbix:root /etc/zabbix && \ apk add --clean-protected --no-cache \ bash \ openjdk8-jre-base && \ @@ -65,6 +64,9 @@ RUN set -eux && \ rm -rf /usr/sbin/zabbix_java/lib/*.xml && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ && \ + chmod -R g=u /etc/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -81,6 +83,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_java_gateway"] diff --git a/proxy-mysql/alpine/Dockerfile b/proxy-mysql/alpine/Dockerfile index c89b07f64..6582d2013 100644 --- a/proxy-mysql/alpine/Dockerfile +++ b/proxy-mysql/alpine/Dockerfile @@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix proxy (MySQL)" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ mkdir -p /etc/zabbix && \ @@ -28,7 +28,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/certs && \ mkdir -p /var/lib/zabbix/ssl/keys && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ apk add --clean-protected --no-cache \ tini \ @@ -108,12 +107,14 @@ RUN set -eux && \ cp src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \ cp src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \ cp conf/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf && \ - chown --quiet -R zabbix:root /etc/zabbix && \ cat database/mysql/schema.sql > database/mysql/create.sql && \ gzip database/mysql/create.sql && \ cp database/mysql/create.sql.gz /usr/share/doc/zabbix-proxy-mysql/ && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -129,6 +130,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_proxy", "--foreground", "-c", "/etc/zabbix/zabbix_proxy.conf"] diff --git a/proxy-sqlite3/alpine/Dockerfile b/proxy-sqlite3/alpine/Dockerfile index 998a54aef..1be524f25 100644 --- a/proxy-sqlite3/alpine/Dockerfile +++ b/proxy-sqlite3/alpine/Dockerfile @@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix proxy (SQLite3)" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ mkdir -p /etc/zabbix && \ @@ -28,7 +28,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/certs && \ mkdir -p /var/lib/zabbix/ssl/keys && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ apk add --clean-protected --no-cache \ tini \ bash \ @@ -107,9 +106,11 @@ RUN set -eux && \ cp src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \ cp src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \ cp conf/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf && \ - chown --quiet -R zabbix:root /etc/zabbix && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -125,6 +126,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_proxy", "--foreground", "-c", "/etc/zabbix/zabbix_proxy.conf"] diff --git a/server-mysql/alpine/Dockerfile b/server-mysql/alpine/Dockerfile index dbfab5174..b9779d981 100644 --- a/server-mysql/alpine/Dockerfile +++ b/server-mysql/alpine/Dockerfile @@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix server (MySQL)" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ adduser zabbix dialout && \ @@ -31,7 +31,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/certs && \ mkdir -p /var/lib/zabbix/ssl/keys && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ apk add --clean-protected --no-cache \ tini \ @@ -113,7 +112,6 @@ RUN set -eux && \ cp src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \ cp src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \ cp conf/zabbix_server.conf /etc/zabbix/zabbix_server.conf && \ - chown --quiet -R zabbix:root /etc/zabbix && \ cat database/mysql/schema.sql > database/mysql/create.sql && \ cat database/mysql/images.sql >> database/mysql/create.sql && \ cat database/mysql/data.sql >> database/mysql/create.sql && \ @@ -121,6 +119,9 @@ RUN set -eux && \ cp database/mysql/create.sql.gz /usr/share/doc/zabbix-server-mysql/ && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -137,6 +138,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_server", "--foreground", "-c", "/etc/zabbix/zabbix_server.conf"] diff --git a/server-pgsql/alpine/Dockerfile b/server-pgsql/alpine/Dockerfile index 2dfad2b54..57230891d 100644 --- a/server-pgsql/alpine/Dockerfile +++ b/server-pgsql/alpine/Dockerfile @@ -10,10 +10,10 @@ LABEL org.opencontainers.image.title="Zabbix server (PostgreSQL)" \ STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ adduser zabbix dialout && \ @@ -31,7 +31,6 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/certs && \ mkdir -p /var/lib/zabbix/ssl/keys && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ apk add --clean-protected --no-cache \ tini \ @@ -114,7 +113,6 @@ RUN set -eux && \ cp src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \ cp src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \ cp conf/zabbix_server.conf /etc/zabbix/zabbix_server.conf && \ - chown --quiet -R zabbix:root /etc/zabbix && \ cat database/postgresql/schema.sql > database/postgresql/create.sql && \ cat database/postgresql/images.sql >> database/postgresql/create.sql && \ cat database/postgresql/data.sql >> database/postgresql/create.sql && \ @@ -123,6 +121,9 @@ RUN set -eux && \ cp database/postgresql/timescaledb.sql /usr/share/doc/zabbix-server-postgresql/ && \ cd /tmp/ && \ rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ + chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* @@ -139,6 +140,6 @@ COPY ["docker-entrypoint.sh", "/usr/bin/"] ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/docker-entrypoint.sh"] -USER zabbix +USER 1997 CMD ["/usr/sbin/zabbix_server", "--foreground", "-c", "/etc/zabbix/zabbix_server.conf"] diff --git a/snmptraps/alpine/Dockerfile b/snmptraps/alpine/Dockerfile index 39bd9a876..ab07d3290 100644 --- a/snmptraps/alpine/Dockerfile +++ b/snmptraps/alpine/Dockerfile @@ -1,8 +1,5 @@ FROM alpine:3.11 -ARG APK_FLAGS_PERSISTENT="--clean-protected --no-cache" -ARG APK_FLAGS_DEV="--no-cache" - ARG MAJOR_VERSION=5.0 ARG ZBX_VERSION=${MAJOR_VERSION} ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git @@ -25,16 +22,17 @@ STOPSIGNAL SIGTERM COPY ["snmptrapfmt_1.14+nmu1ubuntu2.tar.gz", "/tmp/"] RUN set -eux && \ - addgroup zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ zabbix && \ apk update && \ - apk add ${APK_FLAGS_PERSISTENT} \ + apk add --clean-protected --no-cache \ net-snmp \ supervisor && \ - apk add ${APK_FLAGS_DEV} --virtual build-dependencies \ + apk add --no-cache --virtual build-dependencies \ alpine-sdk \ autoconf \ automake \ @@ -43,11 +41,11 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/snmptraps && \ mkdir -p /var/lib/zabbix/mibs && \ - chown --quiet -R zabbix:root /var/lib/zabbix && \ cd /tmp/ && \ tar -zxvf snmptrapfmt_1.14+nmu1ubuntu2.tar.gz && \ cd /tmp/snmptrapfmt-1.14+nmu1ubuntu1/ && \ patch -p1 < ./patches/makefile.patch && \ + patch -p1 < ./patches/pid_location.patch && \ make -j"$(nproc)" -s && \ cp snmptrapfmthdlr /usr/sbin/snmptrapfmthdlr && \ cp snmptrapfmt /usr/sbin/snmptrapfmt && \ @@ -61,11 +59,14 @@ RUN set -eux && \ "/etc/snmp/snmptrapfmt.conf" && \ rm -rf /tmp/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz && \ rm -rf /tmp/snmptrapfmt-1.14+nmu1ubuntu1/ && \ + chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ + chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ + chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* -EXPOSE 162/UDP +EXPOSE 1162/UDP WORKDIR /var/lib/zabbix/snmptraps/ @@ -74,4 +75,6 @@ VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/mibs"] COPY ["conf/etc/supervisor/", "/etc/supervisor/"] COPY ["conf/etc/logrotate.d/zabbix_snmptraps", "/etc/logrotate.d/"] +USER 1997 + CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"] diff --git a/snmptraps/alpine/conf/etc/supervisor/conf.d/supervisord_snmptraps.conf b/snmptraps/alpine/conf/etc/supervisor/conf.d/supervisord_snmptraps.conf index 89b330246..e3fa91279 100644 --- a/snmptraps/alpine/conf/etc/supervisor/conf.d/supervisord_snmptraps.conf +++ b/snmptraps/alpine/conf/etc/supervisor/conf.d/supervisord_snmptraps.conf @@ -17,7 +17,7 @@ stdout_logfile = /dev/stdout stdout_logfile_maxbytes = 0 [program:snmptrapd] -command = /usr/sbin/%(program_name)s -m '+ALL' -M /usr/share/snmp/mibs/:/var/lib/zabbix/mibs -f -n -Lo -p /var/run/snmptrapd.pid -C -c /etc/snmp/%(program_name)s.conf +command = /usr/sbin/%(program_name)s -m '+ALL' -M /usr/share/snmp/mibs/:/var/lib/zabbix/mibs -f -n -Lo -p /tmp/snmptrapd.pid -C -c /etc/snmp/%(program_name)s.conf udp:0.0.0.0:1162 auto_start = true autorestart = true priority = 100 diff --git a/snmptraps/alpine/conf/etc/supervisor/supervisord.conf b/snmptraps/alpine/conf/etc/supervisor/supervisord.conf index 925bb1838..a1abd35a0 100644 --- a/snmptraps/alpine/conf/etc/supervisor/supervisord.conf +++ b/snmptraps/alpine/conf/etc/supervisor/supervisord.conf @@ -1,17 +1,17 @@ ; supervisor config file [unix_http_server] -file = /var/run/supervisor.sock ; (the path to the socket file) +file = /tmp/supervisor.sock ; (the path to the socket file) chmod = 0700 ; sockef file mode (default 0700) username = zbx password = password [supervisord] logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log) -pidfile = /var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP) critical = critical -user = root +;user = zabbix logfile_maxbytes = 0 logfile_backupcount = 0 loglevel = info @@ -23,7 +23,7 @@ loglevel = info supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] -serverurl = unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket +serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket ; The [include] section can just contain the "files" setting. This ; setting can list multiple files (separated by whitespace or @@ -33,3 +33,4 @@ serverurl = unix:///var/run/supervisor.sock ; use a unix:// URL for a unix sock [include] files = /etc/supervisor/conf.d/*.conf + diff --git a/snmptraps/alpine/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz b/snmptraps/alpine/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz index aef450e2c..92804eb30 100644 Binary files a/snmptraps/alpine/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz and b/snmptraps/alpine/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz differ diff --git a/snmptraps/centos/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz b/snmptraps/centos/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz index aef450e2c..92804eb30 100644 Binary files a/snmptraps/centos/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz and b/snmptraps/centos/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz differ diff --git a/snmptraps/ubuntu/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz b/snmptraps/ubuntu/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz index aef450e2c..92804eb30 100644 Binary files a/snmptraps/ubuntu/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz and b/snmptraps/ubuntu/snmptrapfmt_1.14+nmu1ubuntu2.tar.gz differ diff --git a/web-apache-mysql/alpine/Dockerfile b/web-apache-mysql/alpine/Dockerfile index 05d53e903..47a1d10fe 100644 --- a/web-apache-mysql/alpine/Dockerfile +++ b/web-apache-mysql/alpine/Dockerfile @@ -4,22 +4,21 @@ LABEL org.opencontainers.image.title="Zabbix web-interface (Apache, MySQL)" \ org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.vendor="Zabbix LLC" \ org.opencontainers.image.url="https://zabbix.com/" \ - org.opencontainers.image.description="abbix web-interface based on Apache2 web server with MySQL database support" \ + org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \ org.opencontainers.image.licenses="GPL v2.0" STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ -H \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ - chown --quiet -R zabbix:root /etc/zabbix && \ apk add --clean-protected --no-cache \ apache2 \ bash \ @@ -49,9 +48,10 @@ RUN set -eux && \ -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ "/etc/apache2/httpd.conf" && \ sed -ri \ - -e 's!^(\s*PidFile)\s+\S+!\1 "/var/run/httpd.pid"!g' \ + -e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \ "/etc/apache2/conf.d/mpm.conf" && \ - rm -f "/var/run/apache2/apache2.pid" && \ + sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \ + rm -rf "/var/run/apache2/" && \ rm -rf /var/cache/apk/* ARG MAJOR_VERSION=5.0 @@ -64,6 +64,8 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati org.opencontainers.image.version="${ZBX_VERSION}" \ org.opencontainers.image.source="${ZBX_SOURCES}" +COPY ["conf/etc/", "/etc/"] + RUN set -eux && \ apk add --no-cache --virtual build-dependencies \ gettext \ @@ -78,22 +80,26 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \ + chgrp -R 0 /etc/apache2/ /etc/php7/ && \ + chmod -R g=u /etc/apache2/ /etc/php7/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* -EXPOSE 80/TCP 443/TCP +EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix VOLUME ["/etc/ssl/apache2"] -COPY ["conf/etc/zabbix/apache.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/apache_ssl.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/web/zabbix.conf.php", "/etc/zabbix/web/"] -COPY ["conf/etc/php7/conf.d/99-zabbix.ini", "/etc/php7/conf.d/"] COPY ["docker-entrypoint.sh", "/usr/bin/"] +USER 1997 + ENTRYPOINT ["docker-entrypoint.sh"] CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"] diff --git a/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini b/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini index d5ae7adb9..b060e4689 100644 --- a/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini +++ b/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini @@ -6,4 +6,3 @@ max_input_time=300 ; always_populate_raw_post_data=-1 max_input_vars=10000 ; date.timezone=Europe/Riga -; session.save_path=/var/lib/php5 diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf index 2a5aedc30..36def0c29 100644 --- a/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf +++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf @@ -1,4 +1,4 @@ - + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf index 74fd226b5..63005b0e1 100644 --- a/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -1,10 +1,10 @@ LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -Listen 443 +Listen 8443 - + SSLEngine on DocumentRoot /usr/share/zabbix/ diff --git a/web-apache-mysql/alpine/docker-entrypoint.sh b/web-apache-mysql/alpine/docker-entrypoint.sh index aeb180f7f..58f478b55 100755 --- a/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/web-apache-mysql/alpine/docker-entrypoint.sh @@ -121,7 +121,7 @@ update_config_var() { } # Check prerequisites for MySQL database -check_variables_mysql() { +check_variables() { : ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_PORT:="3306"} USE_DB_ROOT_USER=false @@ -156,7 +156,7 @@ check_variables_mysql() { DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"} } -check_db_connect_mysql() { +check_db_connect() { echo "********************" echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" @@ -180,17 +180,7 @@ check_db_connect_mysql() { done } -mysql_query() { - query=$1 - local result="" - - result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") - - echo $result -} - -prepare_web_server_apache() { +prepare_web_server() { APACHE_SITES_DIR=/etc/apache2/conf.d echo "** Adding Zabbix virtual host (HTTP)" @@ -257,18 +247,34 @@ prepare_zbx_web_config() { prepare_web() { echo "** Preparing Zabbix web-interface" - check_variables_mysql - check_db_connect_mysql - prepare_web_server_apache + check_variables + check_db_connect + prepare_web_server prepare_zbx_web_config } + ################################################# -if [ "$1" == '/usr/sbin/httpd' ]; then - prepare_web +echo "** Deploying Zabbix web-interface (Apache) with MySQL database" + +prepare_system + +prepare_web + +clear_deploy + +echo "########################################################" + +if [ "$1" != "" ]; then + echo "** Executing '$@'" + exec "$@" +elif [ -f "/usr/bin/supervisord" ]; then + echo "** Executing supervisord" + exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +else + echo "Unknown instructions. Exiting..." + exit 1 fi -exec "$@" - ################################################# diff --git a/web-apache-pgsql/alpine/Dockerfile b/web-apache-pgsql/alpine/Dockerfile index 3c90d8665..c10f45471 100644 --- a/web-apache-pgsql/alpine/Dockerfile +++ b/web-apache-pgsql/alpine/Dockerfile @@ -4,22 +4,21 @@ LABEL org.opencontainers.image.title="Zabbix web-interface (Apache, PostgreSQL)" org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.vendor="Zabbix LLC" \ org.opencontainers.image.url="https://zabbix.com/" \ - org.opencontainers.image.description="abbix web-interface based on Apache2 web server with PostgreSQL database support" \ + org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \ org.opencontainers.image.licenses="GPL v2.0" STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup -S -g 1000 zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ - -u 999 \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ -H \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ - chown --quiet -R zabbix:root /etc/zabbix && \ apk add --clean-protected --no-cache \ apache2 \ bash \ @@ -48,9 +47,10 @@ RUN set -eux && \ -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ "/etc/apache2/httpd.conf" && \ sed -ri \ - -e 's!^(\s*PidFile)\s+\S+!\1 "/var/run/httpd.pid"!g' \ + -e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \ "/etc/apache2/conf.d/mpm.conf" && \ - rm -f "/var/run/apache2/apache2.pid" && \ + sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \ + rm -rf "/var/run/apache2/" && \ rm -rf /var/cache/apk/* ARG MAJOR_VERSION=5.0 @@ -63,6 +63,8 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati org.opencontainers.image.version="${ZBX_VERSION}" \ org.opencontainers.image.source="${ZBX_SOURCES}" +COPY ["conf/etc/", "/etc/"] + RUN set -eux && \ apk add --no-cache --virtual build-dependencies \ gettext \ @@ -77,22 +79,26 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \ + chgrp -R 0 /etc/apache2/ /etc/php7/ && \ + chmod -R g=u /etc/apache2/ /etc/php7/ && \ apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* -EXPOSE 80/TCP 443/TCP +EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix VOLUME ["/etc/ssl/apache2"] -COPY ["conf/etc/zabbix/apache.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/apache_ssl.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/web/zabbix.conf.php", "/etc/zabbix/web/"] -COPY ["conf/etc/php7/conf.d/99-zabbix.ini", "/etc/php7/conf.d/"] COPY ["docker-entrypoint.sh", "/usr/bin/"] +USER 1997 + ENTRYPOINT ["docker-entrypoint.sh"] CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"] diff --git a/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini b/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini index d5ae7adb9..b060e4689 100644 --- a/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini +++ b/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini @@ -6,4 +6,3 @@ max_input_time=300 ; always_populate_raw_post_data=-1 max_input_vars=10000 ; date.timezone=Europe/Riga -; session.save_path=/var/lib/php5 diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf index 2a5aedc30..36def0c29 100644 --- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf +++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf @@ -1,4 +1,4 @@ - + DocumentRoot /usr/share/zabbix/ ServerName zabbix DirectoryIndex index.php diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf index 74fd226b5..63005b0e1 100644 --- a/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -1,10 +1,10 @@ LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -Listen 443 +Listen 8443 - + SSLEngine on DocumentRoot /usr/share/zabbix/ diff --git a/web-apache-pgsql/alpine/docker-entrypoint.sh b/web-apache-pgsql/alpine/docker-entrypoint.sh index e78f1aa24..ece56a242 100755 --- a/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -123,7 +123,7 @@ update_config_var() { } # Check prerequisites for PostgreSQL database -check_variables_postgresql() { +check_variables() { file_env POSTGRES_USER file_env POSTGRES_PASSWORD @@ -142,7 +142,7 @@ check_variables_postgresql() { DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} } -check_db_connect_postgresql() { +check_db_connect() { echo "********************" echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" @@ -183,31 +183,7 @@ check_db_connect_postgresql() { unset PGOPTIONS } -psql_query() { - query=$1 - db=$2 - - local result="" - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); - - unset PGPASSWORD - unset PGOPTIONS - - echo $result -} - -prepare_web_server_apache() { +prepare_web_server() { APACHE_SITES_DIR=/etc/apache2/conf.d echo "** Adding Zabbix virtual host (HTTP)" @@ -273,19 +249,35 @@ prepare_zbx_web_config() { prepare_web() { echo "** Preparing Zabbix web-interface" - - check_variables_postgresql - check_db_connect_postgresql - prepare_web_server_apache + + check_variables + check_db_connect + prepare_web_server prepare_zbx_web_config } + ################################################# -if [ "$1" == '/usr/sbin/httpd' ]; then - prepare_web +echo "** Deploying Zabbix web-interface (Apache) with MySQL database" + +prepare_system + +prepare_web + +clear_deploy + +echo "########################################################" + +if [ "$1" != "" ]; then + echo "** Executing '$@'" + exec "$@" +elif [ -f "/usr/bin/supervisord" ]; then + echo "** Executing supervisord" + exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +else + echo "Unknown instructions. Exiting..." + exit 1 fi -exec "$@" - ################################################# diff --git a/web-nginx-mysql/alpine/Dockerfile b/web-nginx-mysql/alpine/Dockerfile index 3a22af6de..53a6f838d 100644 --- a/web-nginx-mysql/alpine/Dockerfile +++ b/web-nginx-mysql/alpine/Dockerfile @@ -1,38 +1,25 @@ FROM alpine:3.11 -LABEL maintainer="Alexey Pustovalov " -ARG BUILD_DATE -ARG VCS_REF - -ARG APK_FLAGS_COMMON="" -ARG APK_FLAGS_PERSISTENT="${APK_FLAGS_COMMON} --clean-protected --no-cache" -ARG APK_FLAGS_DEV="${APK_FLAGS_COMMON} --no-cache" -ENV TERM=xterm \ - ZBX_TYPE=frontend ZBX_DB_TYPE=mysql ZBX_OPT_TYPE=nginx - -LABEL org.label-schema.name="zabbix-web-${ZBX_OPT_TYPE}-${ZBX_DB_TYPE}-alpine" \ - org.label-schema.vendor="Zabbix LLC" \ - org.label-schema.url="https://zabbix.com/" \ - org.label-schema.description="Zabbix web-interface based on Nginx web server with MySQL database support" \ - org.label-schema.vcs-ref="${VCS_REF}" \ - org.label-schema.build-date="${BUILD_DATE}" \ - org.label-schema.schema-version="1.0" \ - org.label-schema.license="GPL v2.0" +LABEL org.opencontainers.image.title="Zabbix web-interface (Nginx, MySQL)" \ + org.opencontainers.image.authors="Alexey Pustovalov " \ + org.opencontainers.image.vendor="Zabbix LLC" \ + org.opencontainers.image.url="https://zabbix.com/" \ + org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \ + org.opencontainers.image.licenses="GPL v2.0" STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ -H \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ - chown --quiet -R zabbix:root /etc/zabbix && \ - apk update && \ - apk add ${APK_FLAGS_PERSISTENT} \ + apk add --clean-protected --no-cache \ bash \ curl \ mariadb-client \ @@ -54,21 +41,24 @@ RUN set -eux && \ php7-xmlreader \ php7-xmlwriter \ supervisor && \ + rm -rf /etc/php7/php-fpm.d/www.conf && \ rm -f /etc/nginx/conf.d/*.conf && \ rm -rf /var/cache/apk/* ARG MAJOR_VERSION=5.0 ARG ZBX_VERSION=${MAJOR_VERSION} ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git -ENV ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} -LABEL org.label-schema.usage="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ - org.label-schema.version="${ZBX_VERSION}" \ - org.label-schema.vcs-url="${ZBX_SOURCES}" \ - org.label-schema.docker.cmd="docker run --name zabbix-web-${ZBX_OPT_TYPE}-${ZBX_DB_TYPE} --link mysql-server:mysql --link zabbix-server:zabbix-server -p 80:80 -d zabbix-web-${ZBX_OPT_TYPE}-${ZBX_DB_TYPE}:alpine-${ZBX_VERSION}" +ENV TERM=xterm ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + +LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ + org.opencontainers.image.version="${ZBX_VERSION}" \ + org.opencontainers.image.source="${ZBX_SOURCES}" + +COPY ["conf/etc/", "/etc/"] RUN set -eux && \ - apk add ${APK_FLAGS_DEV} --virtual build-dependencies \ + apk add --no-cache --virtual build-dependencies \ coreutils \ gettext \ git && \ @@ -81,24 +71,28 @@ RUN set -eux && \ rm -f conf/zabbix.conf.php && \ rm -rf tests && \ ./locale/make_mo.sh && \ - chown --quiet -R nginx:nginx /usr/share/zabbix/ && \ - apk del ${APK_FLAGS_COMMON} --purge --no-network \ + ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/ && \ + chgrp -R 0 /etc/nginx/ /etc/php7/ && \ + chmod -R g=u /etc/nginx/ /etc/php7/ && \ + chown --quiet -R zabbix:root /var/log/nginx/ /var/lib/nginx/ && \ + chgrp -R 0 /var/log/nginx/ /var/lib/nginx/ && \ + chmod -R g=u /var/log/nginx/ /var/lib/nginx/ && \ + apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* -EXPOSE 80/TCP 443/TCP +EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix VOLUME ["/etc/ssl/nginx"] -COPY ["conf/etc/supervisor/", "/etc/supervisor/"] -COPY ["conf/etc/zabbix/nginx.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/nginx_ssl.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/web/zabbix.conf.php", "/etc/zabbix/web/"] -COPY ["conf/etc/nginx/nginx.conf", "/etc/nginx/"] -COPY ["conf/etc/php7/php-fpm.conf", "/etc/php7/"] -COPY ["conf/etc/php7/conf.d/99-zabbix.ini", "/etc/php7/conf.d/"] COPY ["docker-entrypoint.sh", "/usr/bin/"] +USER 1997 + ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf b/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf index 6e1ae33ce..98bd9afaa 100644 --- a/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf +++ b/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf @@ -1,10 +1,10 @@ -user nginx; +#user nginx; worker_processes 5; worker_rlimit_nofile 256000; error_log /dev/fd/2 warn; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; events { worker_connections 5120; diff --git a/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.conf b/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.conf index 19e557456..b88fd8295 100644 --- a/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.conf +++ b/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.conf @@ -12,7 +12,6 @@ ; Relative path can also be used. They will be prefixed by: ; - the global prefix if it's been set (-p argument) ; - /usr otherwise -include = /etc/php7/php-fpm.d/*.conf ;;;;;;;;;;;;;;;;;; ; Global Options ; @@ -29,7 +28,7 @@ include = /etc/php7/php-fpm.d/*.conf ; in a local file. ; Note: the default prefix is /var ; Default Value: log/php-fpm.log -error_log = /var/log/php-fpm.log +error_log = /dev/fd/2 ; syslog_facility is used to specify what type of program is logging the ; message. This lets syslogd specify that messages from different facilities @@ -146,8 +145,8 @@ error_log = /var/log/php-fpm.log ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nginx -group = nginx +;user = nginx +;group = nginx ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -161,7 +160,7 @@ group = nginx ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php7-fpm.sock +listen = /tmp/php-fpm.sock ; Set listen(2) backlog. ; Default Value: 65535 (-1 on FreeBSD and OpenBSD) @@ -172,8 +171,8 @@ listen = /var/run/php7-fpm.sock ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 -listen.owner = nginx -listen.group = nginx +;listen.owner = nginx +;listen.group = nginx ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. diff --git a/web-nginx-mysql/alpine/conf/etc/supervisor/supervisord.conf b/web-nginx-mysql/alpine/conf/etc/supervisor/supervisord.conf index 925bb1838..f8d80e461 100644 --- a/web-nginx-mysql/alpine/conf/etc/supervisor/supervisord.conf +++ b/web-nginx-mysql/alpine/conf/etc/supervisor/supervisord.conf @@ -1,17 +1,17 @@ ; supervisor config file [unix_http_server] -file = /var/run/supervisor.sock ; (the path to the socket file) +file = /tmp/supervisor.sock ; (the path to the socket file) chmod = 0700 ; sockef file mode (default 0700) username = zbx password = password [supervisord] logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log) -pidfile = /var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP) critical = critical -user = root +;user = zabbix logfile_maxbytes = 0 logfile_backupcount = 0 loglevel = info @@ -23,7 +23,7 @@ loglevel = info supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] -serverurl = unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket +serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket ; The [include] section can just contain the "files" setting. This ; setting can list multiple files (separated by whitespace or diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf index cd77db528..62c9be112 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; server_name zabbix; index index.php; @@ -51,7 +51,7 @@ server { } location ~ .php$ { - fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index e3c3e0243..1d636bad7 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -75,7 +75,7 @@ server { } location ~ .php$ { - fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; diff --git a/web-nginx-mysql/alpine/docker-entrypoint.sh b/web-nginx-mysql/alpine/docker-entrypoint.sh index 268921f46..415a314fc 100755 --- a/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -eo pipefail +set -o pipefail set +e @@ -9,16 +9,6 @@ if [ "${DEBUG_MODE}" == "true" ]; then set -o xtrace fi -# Type of Zabbix component -# Possible values: [server, proxy, agent, frontend, java-gateway, appliance] -zbx_type=${ZBX_TYPE} -# Type of Zabbix database -# Possible values: [mysql, postgresql] -zbx_db_type=${ZBX_DB_TYPE} -# Type of web-server. Valid only with zbx_type = frontend -# Possible values: [apache, nginx] -zbx_opt_type=${ZBX_OPT_TYPE} - # Default Zabbix installation name # Used only by Zabbix web-interface ZBX_SERVER_NAME=${ZBX_SERVER_NAME:-"Zabbix docker"} @@ -72,90 +62,8 @@ file_env() { unset "$fileVar" } -configure_db_mysql() { - [ "${DB_SERVER_HOST}" != "localhost" ] && return - - echo "** Configuring local MySQL server" - - MYSQL_ALLOW_EMPTY_PASSWORD=true - MYSQL_DATA_DIR="/var/lib/mysql" - - if [ -f "/etc/mysql/my.cnf" ]; then - MYSQL_CONF_FILE="/etc/mysql/my.cnf" - elif [ -f "/etc/my.cnf.d/server.cnf" ]; then - MYSQL_CONF_FILE="/etc/my.cnf.d/server.cnf" - DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock" - elif [ -f "/etc/my.cnf.d/mariadb-server.cnf" ]; then - MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf" - DB_SERVER_SOCKET="/var/run/mysqld/mysqld.sock" - else - echo "**** Could not found MySQL configuration file" - exit 1 - fi - - if [ -f "/usr/bin/mysqld" ]; then - MYSQLD=/usr/bin/mysqld - elif [ -f "/usr/sbin/mysqld" ]; then - MYSQLD=/usr/sbin/mysqld - elif [ -f "/usr/libexec/mysqld" ]; then - MYSQLD=/usr/libexec/mysqld - else - echo "**** Could not found mysqld binary file" - exit 1 - fi - - sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE" - - if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then - [ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR" - - chown -R mysql:mysql "$MYSQL_DATA_DIR" - - echo "** Installing initial MySQL database schemas" - mysql_install_db --user=mysql --datadir="$MYSQL_DATA_DIR" 2>&1 - else - echo "**** MySQL data directory is not empty. Using already existing installation." - chown -R mysql:mysql "$MYSQL_DATA_DIR" - fi - - mkdir -p /var/run/mysqld - ln -s /var/run/mysqld /run/mysqld - chown -R mysql:mysql /var/run/mysqld - chown -R mysql:mysql /run/mysqld - - echo "** Starting MySQL server in background mode" - - nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \ - --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid \ - --port=3306 --character-set-server=utf8 --collation-server=utf8_bin & -} - prepare_system() { - local type=$1 - local web_server=$2 - echo "** Preparing the system" - - if [ "$type" != "appliance" ]; then - return - fi - - ZBX_ADD_AGENT=${ZBX_ADD_AGENT:-"false"} - ZBX_ADD_JAVA_GATEWAY=${ZBX_ADD_JAVA_GATEWAY:-"false"} - ZBX_ADD_SERVER=${ZBX_ADD_SERVER:-"true"} - [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_HOST="localhost" - [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_PORT="10051" - ZBX_MAIN_DB=${ZBX_MAIN_DB:-"mysql"} - ZBX_ADD_PROXY=${ZBX_ADD_PROXY:-"false"} - ZBX_PROXY_DB=${ZBX_PROXY_DB:-"sqlite3"} - ZBX_ADD_WEB=${ZBX_ADD_WEB:-"true"} - ZBX_WEB_SERVER=${ZBX_WEB_SERVER:-"nginx"} - DB_SERVER_HOST=${DB_SERVER_HOST:-"localhost"} - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY_ENABLE="true" - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY="localhost" - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAYPORT="10052" - - [ "${ZBX_ADD_SERVER}" == "true" ] && configure_db_${ZBX_MAIN_DB} } escape_spec_char() { @@ -240,20 +148,14 @@ update_config_multiple_var() { } # Check prerequisites for MySQL database -check_variables_mysql() { - local type=$1 - - DB_SERVER_HOST=${DB_SERVER_HOST:-"mysql-server"} - DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} +check_variables() { + : ${DB_SERVER_HOST:="mysql-server"} + : ${DB_SERVER_PORT:="3306"} USE_DB_ROOT_USER=false CREATE_ZBX_DB_USER=false file_env MYSQL_USER file_env MYSQL_PASSWORD - if [ "$type" != "" ]; then - file_env MYSQL_ROOT_PASSWORD - fi - if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" exit 1 @@ -273,45 +175,15 @@ check_variables_mysql() { [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true # If root password is not specified use provided credentials - DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}} + : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}.... [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} - if [ "$type" == "proxy" ]; then - DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"} - else - DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"} - fi + DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"} } -# Check prerequisites for PostgreSQL database -check_variables_postgresql() { - local type=$1 - - file_env POSTGRES_USER - file_env POSTGRES_PASSWORD - - DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} - DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} - CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} - - DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"} - DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""} - - DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} - DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} - - DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA:-"public"} - - if [ "$type" == "proxy" ]; then - DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix_proxy"} - else - DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} - fi -} - -check_db_connect_mysql() { +check_db_connect() { echo "********************" echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" @@ -336,307 +208,9 @@ check_db_connect_mysql() { done } -check_db_connect_postgresql() { - echo "********************" - echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" - echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" - echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" - echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}" - if [ "${DEBUG_MODE}" == "true" ]; then - if [ "${USE_DB_ROOT_USER}" == "true" ]; then - echo "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}" - echo "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}" - fi - echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" - echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" - fi - echo "********************" - - if [ "${USE_DB_ROOT_USER}" != "true" ]; then - DB_SERVER_ROOT_USER=${DB_SERVER_ZBX_USER} - DB_SERVER_ROOT_PASS=${DB_SERVER_ZBX_PASS} - fi - - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - WAIT_TIMEOUT=5 - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do - echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." - sleep $WAIT_TIMEOUT - done - - unset PGPASSWORD - unset PGOPTIONS -} - - -mysql_query() { - query=$1 - local result="" - - result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") - - echo $result -} - -psql_query() { - query=$1 - db=$2 - - local result="" - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); - - unset PGPASSWORD - unset PGOPTIONS - - echo $result -} - -create_db_user_mysql() { - [ "${CREATE_ZBX_DB_USER}" == "true" ] || return - - echo "** Creating '${DB_SERVER_ZBX_USER}' user in MySQL database" - - USER_EXISTS=$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'") - - if [ -z "$USER_EXISTS" ]; then - mysql_query "CREATE USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - else - mysql_query "ALTER USER ${DB_SERVER_ZBX_USER} IDENTIFIED BY '${DB_SERVER_ZBX_PASS}';" 1>/dev/null - fi - - mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null -} - -create_db_user_postgresql() { - [ "${CREATE_ZBX_DB_USER}" == "true" ] || return - - echo "** Creating '${DB_SERVER_ZBX_USER}' user in PostgreSQL database" - - USER_EXISTS=$(psql_query "SELECT 1 FROM pg_roles WHERE rolname='${DB_SERVER_ZBX_USER}'") - - if [ -z "$USER_EXISTS" ]; then - psql_query "CREATE USER ${DB_SERVER_ZBX_USER} WITH PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - else - psql_query "ALTER USER ${DB_SERVER_ZBX_USER} WITH ENCRYPTED PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - fi -} - -create_db_database_mysql() { - DB_EXISTS=$(mysql_query "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${DB_SERVER_DBNAME}'") - - if [ -z ${DB_EXISTS} ]; then - echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." - mysql_query "CREATE DATABASE ${DB_SERVER_DBNAME} CHARACTER SET utf8 COLLATE utf8_bin" 1>/dev/null - # better solution? - mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null - else - echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database COLLATE!" - fi -} - -create_db_database_postgresql() { - DB_EXISTS=$(psql_query "SELECT 1 AS result FROM pg_database WHERE datname='${DB_SERVER_DBNAME}'") - - if [ -z ${DB_EXISTS} ]; then - echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." - psql_query "CREATE DATABASE ${DB_SERVER_DBNAME} WITH OWNER ${DB_SERVER_ZBX_USER} ENCODING='UTF8' LC_CTYPE='en_US.utf8' LC_COLLATE='en_US.utf8'" 1>/dev/null - else - echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database owner!" - fi - - psql_query "CREATE SCHEMA IF NOT EXISTS ${DB_SERVER_SCHEMA}" -} - -create_db_schema_mysql() { - local type=$1 - - DBVERSION_TABLE_EXISTS=$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name = 'dbversion'") - - if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then - echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." - ZBX_DB_VERSION=$(mysql_query "SELECT mandatory FROM ${DB_SERVER_DBNAME}.dbversion") - fi - - if [ -z "${ZBX_DB_VERSION}" ]; then - echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" - - zcat /usr/share/doc/zabbix-$type-mysql/create.sql.gz | mysql --silent --skip-column-names \ - -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ - ${DB_SERVER_DBNAME} 1>/dev/null - fi -} - -create_db_schema_postgresql() { - local type=$1 - - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = - c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") - - if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then - echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." - ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}") - fi - - if [ -z "${ZBX_DB_VERSION}" ]; then - echo "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL" - - if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" - fi - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - zcat /usr/share/doc/zabbix-$type-postgresql/create.sql.gz | psql -q \ - -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null - - if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - cat /usr/share/doc/zabbix-$type-postgresql/timescaledb.sql | psql -q \ - -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null - fi - - unset PGPASSWORD - unset PGOPTIONS - fi -} - -prepare_web_server_apache() { - if [ -d "/etc/apache2/sites-available" ]; then - APACHE_SITES_DIR=/etc/apache2/sites-available - elif [ -d "/etc/apache2/conf.d" ]; then - APACHE_SITES_DIR=/etc/apache2/conf.d - elif [ -d "/etc/httpd/conf.d" ]; then - APACHE_SITES_DIR=/etc/httpd/conf.d - else - echo "**** Apache is not available" - exit 1 - fi - - if [ -f "/usr/sbin/a2dissite" ]; then - echo "** Disable default site" - /usr/sbin/a2dissite 000-default 1>/dev/null - rm -rf "$APACHE_SITES_DIR/*" - elif [ -f "/etc/apache2/conf.d/default.conf" ]; then - echo "** Disable default site" - rm -f "/etc/apache2/conf.d/default.conf" - elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then - echo "** Disable default site" - rm -f "/etc/httpd/conf.d/welcome.conf" - rm -f "/etc/httpd/conf.d/ssl.conf" - fi - - echo "** Adding Zabbix virtual host (HTTP)" - if [ -f "$ZABBIX_ETC_DIR/apache.conf" ]; then - ln -s "$ZABBIX_ETC_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf" - if [ -f "/usr/sbin/a2dissite" ]; then - /usr/sbin/a2ensite zabbix.conf 1>/dev/null - fi - else - echo "**** Impossible to enable HTTP virtual host" - fi - - if [ -f "/etc/apache2/conf.d/ssl.conf" ]; then - rm -f "/etc/apache2/conf.d/ssl.conf" - fi - - if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then - echo "** Enable SSL support for Apache2" - if [ -f "/usr/sbin/a2enmod" ]; then - /usr/sbin/a2enmod ssl 1>/dev/null - fi - - echo "** Adding Zabbix virtual host (HTTPS)" - if [ -f "$ZABBIX_ETC_DIR/apache_ssl.conf" ]; then - ln -s "$ZABBIX_ETC_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" - if [ -f "/usr/sbin/a2dissite" ]; then - /usr/sbin/a2ensite zabbix_ssl.conf 1>/dev/null - fi - else - echo "**** Impossible to enable HTTPS virtual host" - fi - else - echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." - fi - - # Change Apache2 logging to stdout and stderr - if [ -f "/etc/apache2/apache2.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/apache2.conf" - fi - - if [ -f "/etc/httpd/conf/httpd.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/httpd/conf/httpd.conf" - fi - - if [ -f "/etc/apache2/httpd.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/httpd.conf" - fi - - if [ -f "/etc/apache2/conf-available/other-vhosts-access-log.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/conf-available/other-vhosts-access-log.conf" - fi - - if [ -f "/etc/apache2/conf.d/mpm.conf" ]; then - sed -ri \ - -e 's!^(\s*PidFile)\s+\S+!\1 "/var/run/httpd.pid"!g' \ - "/etc/apache2/conf.d/mpm.conf" - fi - - if [ -f "/var/run/apache2/apache2.pid" ]; then - rm -f "/var/run/apache2/apache2.pid" - fi - - if [ -f "/var/run/httpd/httpd.pid" ]; then - rm -f "/var/run/httpd/httpd.pid" - fi -} - -prepare_web_server_nginx() { +prepare_web_server() { NGINX_CONFD_DIR="/etc/nginx/conf.d" NGINX_SSL_CONFIG="/etc/ssl/nginx" - PHP_SESSIONS_DIR="/var/lib/php5" echo "** Adding Zabbix virtual host (HTTP)" if [ -f "$ZABBIX_ETC_DIR/nginx.conf" ]; then @@ -656,240 +230,14 @@ prepare_web_server_nginx() { echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." fi - if [ -d "/var/log/nginx/" ]; then - ln -sf /dev/fd/2 /var/log/nginx/error.log - fi - - ln -sf /dev/fd/2 /var/log/php5-fpm.log - ln -sf /dev/fd/2 /var/log/php7.2-fpm.log -} - -stop_databases() { - if ([ "${ZBX_MAIN_DB}" == "mysql" ] || [ "${ZBX_PROXY_DB}" == "mysql" ]) && [ "${DB_SERVER_HOST}" == "localhost" ]; then - mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null - - if [ -f "/var/lib/mysql/mysqld.pid" ]; then - kill -TERM $(cat /var/lib/mysql/mysqld.pid) - elif [ -f "/var/run/mysqld/mysqld.pid" ]; then - kill -TERM $(cat /var/run/mysqld/mysqld.pid) - fi - fi - - if [ "${ZBX_MAIN_DB}" == "postgresql" ] && [ "${DB_SERVER_HOST}" == "localhost" ]; then - if [ "${OS_CODENAME}" == "alpine" ]; then - PGDATA=/var/lib/postgresql - BINDIR=/usr/bin - else - PGDATA=/var/lib/postgresql/9.3/main - BINDIR=/usr/lib/postgresql/9.3/bin - fi - su -c "$BINDIR/pg_ctl -D \"$PGDATA\" -m fast -w stop --silent" postgres 1>/dev/null 2>/dev/null - fi + ln -sf /dev/fd/2 /var/log/nginx/error.log } clear_deploy() { - local type=$1 echo "** Cleaning the system" - - [ "$type" != "appliance" ] && return - - stop_databases } -update_zbx_config() { - local type=$1 - local db_type=$2 - - echo "** Preparing Zabbix $type configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_$type.conf - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - update_config_var $ZBX_CONFIG "ServerPort" "${ZBX_SERVER_PORT}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-"$db_type}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - fi - - if [ $type == "proxy" ] && [ "${ZBX_ADD_SERVER}" = "true" ]; then - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_PROXY_LISTENPORT:-"10061"}" - else - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - fi - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ $type == "proxy" ]; then - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - fi - - if [ "$db_type" == "sqlite3" ]; then - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/zabbix_proxy_db" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - if [ $type == "server" ]; then - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - fi - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "HeartbeatFrequency" "${ZBX_PROXYHEARTBEATFREQUENCY}" - update_config_var $ZBX_CONFIG "ConfigFrequency" "${ZBX_CONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_IPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - fi - - ZBX_JAVAGATEWAY_ENABLE=${ZBX_JAVAGATEWAY_ENABLE:-"false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - - ZBX_ENABLE_SNMP_TRAPS=${ZBX_ENABLE_SNMP_TRAPS:-"false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi - - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "SenderFrequency" "${ZBX_SENDERFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - fi - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - # Possible few fping locations - if [ -f "/usr/bin/fping" ]; then - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - else - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - fi - if [ -f "/usr/bin/fping6" ]; then - update_config_var $ZBX_CONFIG "Fping6Location" "/usr/bin/fping6" - else - update_config_var $ZBX_CONFIG "Fping6Location" "/usr/sbin/fping6" - fi - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - fi - update_config_var $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" - update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - fi - - update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" - update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - update_config_var $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" - fi -} - - prepare_zbx_web_config() { - local db_type=$1 local server_name="" echo "** Preparing Zabbix frontend configuration file" @@ -903,37 +251,14 @@ prepare_zbx_web_config() { ln -s "$ZBX_WEB_CONFIG" "$ZBX_WWW_ROOT/conf/zabbix.conf.php" - # Different places of PHP configuration file - if [ -f "/etc/php5/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/conf.d/99-zabbix.ini" - elif [ -f "/etc/php5/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php5/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/apache2/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.0/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.0/apache2/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.0/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.0/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php.d/99-zabbix.ini" - elif [ -f "/etc/php7/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.2/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.2/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.2/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.2/apache2/conf.d/99-zabbix.ini" - fi + PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" - if [ -n "$PHP_CONFIG_FILE" ]; then - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" - else - echo "**** Zabbix related PHP configuration file not found" - fi + update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" + update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" + update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" + update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" + update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" + update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} @@ -958,221 +283,34 @@ prepare_zbx_web_config() { -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ "$ZBX_WEB_CONFIG" - [ "$db_type" = "postgresql" ] && sed -i "s/MYSQL/POSTGRESQL/g" "$ZBX_WEB_CONFIG" - [ -n "${ZBX_SESSION_NAME}" ] && sed -i "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "$ZBX_WWW_ROOT/include/defines.inc.php" } -prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf - - ZBX_PASSIVESERVERS=${ZBX_PASSIVESERVERS:-""} - ZBX_ACTIVESERVERS=${ZBX_ACTIVESERVERS:-""} - - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - ZBX_PASSIVE_ALLOW=${ZBX_PASSIVE_ALLOW:-"true"} - if [ "$ZBX_PASSIVE_ALLOW" == "true" ]; then - echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" - else - update_config_var $ZBX_AGENT_CONFIG "Server" - fi - - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - - ZBX_ACTIVE_ALLOW=${ZBX_ACTIVE_ALLOW:-"true"} - if [ "$ZBX_ACTIVE_ALLOW" == "true" ]; then - echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" - else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" - fi - - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" -} - -prepare_java_gateway_config() { - echo "** Preparing Zabbix Java Gateway log configuration file" - - ZBX_GATEWAY_CONFIG=$ZABBIX_ETC_DIR/zabbix_java_gateway_logback.xml - - if [ -n "${ZBX_DEBUGLEVEL}" ]; then - echo "Updating $ZBX_GATEWAY_CONFIG 'DebugLevel' parameter: '${ZBX_DEBUGLEVEL}'... updated" - if [ -f "$ZBX_GATEWAY_CONFIG" ]; then - sed -i -e "/^.*/" "$ZBX_GATEWAY_CONFIG" - else - echo "**** Zabbix Java Gateway log configuration file '$ZBX_GATEWAY_CONFIG' not found" - fi - fi -} - -prepare_agent() { - echo "** Preparing Zabbix agent" - prepare_zbx_agent_config -} - -prepare_server() { - local db_type=$1 - - echo "** Preparing Zabbix server" - - check_variables_$db_type "server" - check_db_connect_$db_type - create_db_user_$db_type - create_db_database_$db_type - create_db_schema_$db_type "server" - - update_zbx_config "server" "$db_type" -} - -prepare_proxy() { - local db_type=$1 - - echo "Preparing Zabbix proxy" - - if [ "$db_type" != "sqlite3" ]; then - check_variables_$db_type "proxy" - check_db_connect_$db_type - create_db_user_$db_type - create_db_database_$db_type - create_db_schema_$db_type "proxy" - fi - - update_zbx_config "proxy" $db_type -} - prepare_web() { - local web_server=$1 - local db_type=$2 - echo "** Preparing Zabbix web-interface" - check_variables_$db_type - check_db_connect_$db_type - prepare_web_server_$web_server - prepare_zbx_web_config $db_type + check_variables + check_db_connect + prepare_web_server + prepare_zbx_web_config } -prepare_java_gateway() { - echo "** Preparing Zabbix Java Gateway" - - prepare_java_gateway_config -} ################################################# -if [ ! -n "$zbx_type" ]; then - echo "**** Type of Zabbix component is not specified" - exit 1 -elif [ "$zbx_type" == "dev" ]; then - echo "** Deploying Zabbix installation from SVN" -else - if [ ! -n "$zbx_db_type" ]; then - echo "**** Database type of Zabbix $zbx_type is not specified" - exit 1 - fi +echo "** Deploying Zabbix web-interface (Nginx) with MySQL database" - if [ "$zbx_db_type" != "none" ]; then - if [ "$zbx_opt_type" != "none" ]; then - echo "** Deploying Zabbix $zbx_type ($zbx_opt_type) with $zbx_db_type database" - else - echo "** Deploying Zabbix $zbx_type with $zbx_db_type database" - fi - else - echo "** Deploying Zabbix $zbx_type" - fi -fi +prepare_system -prepare_system "$zbx_type" "$zbx_opt_type" +prepare_web -[ "$zbx_type" == "server" ] && prepare_server $zbx_db_type -[ "${ZBX_ADD_SERVER}" == "true" ] && prepare_server ${ZBX_MAIN_DB} - -[ "$zbx_type" == "proxy" ] && prepare_proxy $zbx_db_type -[ "${ZBX_ADD_PROXY}" == "true" ] && prepare_proxy ${ZBX_PROXY_DB} - -[ "$zbx_type" == "frontend" ] && prepare_web $zbx_opt_type $zbx_db_type -[ "${ZBX_ADD_WEB}" == "true" ] && prepare_web ${ZBX_WEB_SERVER} ${ZBX_MAIN_DB} - -[ "$zbx_type" == "agent" ] && prepare_agent -[ "${ZBX_ADD_AGENT}" == "true" ] && prepare_agent - -[ "$zbx_type" == "java-gateway" ] && prepare_java_gateway -[ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && prepare_java_gateway - -clear_deploy "$zbx_type" +clear_deploy echo "########################################################" if [ "$1" != "" ]; then echo "** Executing '$@'" exec "$@" -elif [ "$zbx_type" == "agent" ]; then - echo "** Starting Zabbix agent" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_agentd --foreground -c /etc/zabbix/zabbix_agentd.conf" -elif [ "$zbx_type" == "proxy" ]; then - echo "** Starting Zabbix proxy" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_proxy --foreground -c /etc/zabbix/zabbix_proxy.conf" -elif [ "$zbx_type" == "server" ]; then - echo "** Starting Zabbix server" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_server --foreground -c /etc/zabbix/zabbix_server.conf" -elif [ "$zbx_type" == "java-gateway" ]; then - echo "** Starting Zabbix Java Gateway" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_java_gateway" -elif [ "$zbx_type" == "frontend" ] && [ "$zbx_opt_type" == "apache" ]; then - echo "** Starting Zabbix frontend" - if [ -f "/usr/sbin/httpd" ]; then - exec /usr/sbin/httpd -D FOREGROUND - elif [ -f "/usr/sbin/apache2ctl" ]; then - exec /bin/bash -c "source /etc/apache2/envvars && /usr/sbin/apache2ctl -D FOREGROUND" - else - echo "Unknown Web-server. Exiting..." - exit 1 - fi elif [ -f "/usr/bin/supervisord" ]; then echo "** Executing supervisord" exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/web-nginx-pgsql/alpine/Dockerfile b/web-nginx-pgsql/alpine/Dockerfile index 121d164c1..d42776a9d 100644 --- a/web-nginx-pgsql/alpine/Dockerfile +++ b/web-nginx-pgsql/alpine/Dockerfile @@ -1,38 +1,25 @@ FROM alpine:3.11 -LABEL maintainer="Alexey Pustovalov " -ARG BUILD_DATE -ARG VCS_REF - -ARG APK_FLAGS_COMMON="" -ARG APK_FLAGS_PERSISTENT="${APK_FLAGS_COMMON} --clean-protected --no-cache" -ARG APK_FLAGS_DEV="${APK_FLAGS_COMMON} --no-cache" -ENV TERM=xterm \ - ZBX_TYPE=frontend ZBX_DB_TYPE=postgresql ZBX_OPT_TYPE=nginx - -LABEL org.label-schema.name="zabbix-web-${ZBX_OPT_TYPE}-${ZBX_DB_TYPE}-alpine" \ - org.label-schema.vendor="Zabbix LLC" \ - org.label-schema.url="https://zabbix.com/" \ - org.label-schema.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \ - org.label-schema.vcs-ref="${VCS_REF}" \ - org.label-schema.build-date="${BUILD_DATE}" \ - org.label-schema.schema-version="1.0" \ - org.label-schema.license="GPL v2.0" +LABEL org.opencontainers.image.title="Zabbix web-interface (Nginx, PostgreSQL)" \ + org.opencontainers.image.authors="Alexey Pustovalov " \ + org.opencontainers.image.vendor="Zabbix LLC" \ + org.opencontainers.image.url="https://zabbix.com/" \ + org.opencontainers.image.description="abbix web-interface based on Nginx web server with PostgreSQL database support" \ + org.opencontainers.image.licenses="GPL v2.0" STOPSIGNAL SIGTERM RUN set -eux && \ - addgroup zabbix && \ + addgroup -S -g 1995 zabbix && \ adduser -S \ - -D -G zabbix \ + -D -G zabbix -G root \ + -u 1997 \ -h /var/lib/zabbix/ \ -H \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ - chown --quiet -R zabbix:root /etc/zabbix && \ - apk update && \ - apk add ${APK_FLAGS_PERSISTENT} \ + apk add --clean-protected --no-cache \ bash \ curl \ nginx \ @@ -53,21 +40,24 @@ RUN set -eux && \ php7-xmlwriter \ postgresql-client \ supervisor && \ + rm -rf /etc/php7/php-fpm.d/www.conf && \ rm -f /etc/nginx/conf.d/*.conf && \ rm -rf /var/cache/apk/* ARG MAJOR_VERSION=5.0 ARG ZBX_VERSION=${MAJOR_VERSION} ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git -ENV ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} -LABEL org.label-schema.usage="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ - org.label-schema.version="${ZBX_VERSION}" \ - org.label-schema.vcs-url="${ZBX_SOURCES}" \ - org.label-schema.docker.cmd="docker run --name zabbix-web-${ZBX_OPT_TYPE}-pgsql --link postgres-server:postgres --link zabbix-server:zabbix-server -p 80:80 -d zabbix-web-${ZBX_OPT_TYPE}-pgsql:alpine-${ZBX_VERSION}" +ENV TERM=xterm ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + +LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ + org.opencontainers.image.version="${ZBX_VERSION}" \ + org.opencontainers.image.source="${ZBX_SOURCES}" + +COPY ["conf/etc/", "/etc/"] RUN set -eux && \ - apk add ${APK_FLAGS_DEV} --virtual build-dependencies \ + apk add --no-cache --virtual build-dependencies \ coreutils \ gettext \ git && \ @@ -80,24 +70,28 @@ RUN set -eux && \ rm -f conf/zabbix.conf.php && \ rm -rf tests && \ ./locale/make_mo.sh && \ - chown --quiet -R nginx:nginx /usr/share/zabbix/ && \ - apk del ${APK_FLAGS_COMMON} --purge --no-network \ + ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/ && \ + chgrp -R 0 /etc/nginx/ /etc/php7/ && \ + chmod -R g=u /etc/nginx/ /etc/php7/ && \ + chown --quiet -R zabbix:root /var/log/nginx/ /var/lib/nginx/ && \ + chgrp -R 0 /var/log/nginx/ /var/lib/nginx/ && \ + chmod -R g=u /var/log/nginx/ /var/lib/nginx/ && \ + apk del --purge --no-network \ build-dependencies && \ rm -rf /var/cache/apk/* -EXPOSE 80/TCP 443/TCP +EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix VOLUME ["/etc/ssl/nginx"] -COPY ["conf/etc/supervisor/", "/etc/supervisor/"] -COPY ["conf/etc/zabbix/nginx.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/nginx_ssl.conf", "/etc/zabbix/"] -COPY ["conf/etc/zabbix/web/zabbix.conf.php", "/etc/zabbix/web/"] -COPY ["conf/etc/nginx/nginx.conf", "/etc/nginx/"] -COPY ["conf/etc/php7/php-fpm.conf", "/etc/php7/"] -COPY ["conf/etc/php7/conf.d/99-zabbix.ini", "/etc/php7/conf.d/"] COPY ["docker-entrypoint.sh", "/usr/bin/"] +USER 1997 + ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf b/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf index 6e1ae33ce..98bd9afaa 100644 --- a/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf +++ b/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf @@ -1,10 +1,10 @@ -user nginx; +#user nginx; worker_processes 5; worker_rlimit_nofile 256000; error_log /dev/fd/2 warn; -pid /var/run/nginx.pid; +pid /tmp/nginx.pid; events { worker_connections 5120; diff --git a/web-nginx-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini b/web-nginx-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini index 332ad1c5f..b060e4689 100644 --- a/web-nginx-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini +++ b/web-nginx-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini @@ -6,4 +6,3 @@ max_input_time=300 ; always_populate_raw_post_data=-1 max_input_vars=10000 ; date.timezone=Europe/Riga -; session.save_path=/var/lib/php7 diff --git a/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.conf b/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.conf index 19e557456..b88fd8295 100644 --- a/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.conf +++ b/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.conf @@ -12,7 +12,6 @@ ; Relative path can also be used. They will be prefixed by: ; - the global prefix if it's been set (-p argument) ; - /usr otherwise -include = /etc/php7/php-fpm.d/*.conf ;;;;;;;;;;;;;;;;;; ; Global Options ; @@ -29,7 +28,7 @@ include = /etc/php7/php-fpm.d/*.conf ; in a local file. ; Note: the default prefix is /var ; Default Value: log/php-fpm.log -error_log = /var/log/php-fpm.log +error_log = /dev/fd/2 ; syslog_facility is used to specify what type of program is logging the ; message. This lets syslogd specify that messages from different facilities @@ -146,8 +145,8 @@ error_log = /var/log/php-fpm.log ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nginx -group = nginx +;user = nginx +;group = nginx ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -161,7 +160,7 @@ group = nginx ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php7-fpm.sock +listen = /tmp/php-fpm.sock ; Set listen(2) backlog. ; Default Value: 65535 (-1 on FreeBSD and OpenBSD) @@ -172,8 +171,8 @@ listen = /var/run/php7-fpm.sock ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 -listen.owner = nginx -listen.group = nginx +;listen.owner = nginx +;listen.group = nginx ;listen.mode = 0660 ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. diff --git a/web-nginx-pgsql/alpine/conf/etc/supervisor/supervisord.conf b/web-nginx-pgsql/alpine/conf/etc/supervisor/supervisord.conf index 925bb1838..f8d80e461 100644 --- a/web-nginx-pgsql/alpine/conf/etc/supervisor/supervisord.conf +++ b/web-nginx-pgsql/alpine/conf/etc/supervisor/supervisord.conf @@ -1,17 +1,17 @@ ; supervisor config file [unix_http_server] -file = /var/run/supervisor.sock ; (the path to the socket file) +file = /tmp/supervisor.sock ; (the path to the socket file) chmod = 0700 ; sockef file mode (default 0700) username = zbx password = password [supervisord] logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log) -pidfile = /var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP) critical = critical -user = root +;user = zabbix logfile_maxbytes = 0 logfile_backupcount = 0 loglevel = info @@ -23,7 +23,7 @@ loglevel = info supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] -serverurl = unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket +serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket ; The [include] section can just contain the "files" setting. This ; setting can list multiple files (separated by whitespace or diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf index cd77db528..62c9be112 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; server_name zabbix; index index.php; @@ -51,7 +51,7 @@ server { } location ~ .php$ { - fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index e3c3e0243..844ff0f07 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -1,5 +1,5 @@ server { - listen 443 ssl http2; + listen 8443 ssl http2; server_name zabbix; server_name_in_redirect off; @@ -75,7 +75,7 @@ server { } location ~ .php$ { - fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 1c20c250b..19e3833ac 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -2,7 +2,7 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; +$DB['TYPE'] = 'POSTGRESQL'; $DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['PORT'] = '{DB_SERVER_PORT}'; $DB['DATABASE'] = '{DB_SERVER_DBNAME}'; diff --git a/web-nginx-pgsql/alpine/docker-entrypoint.sh b/web-nginx-pgsql/alpine/docker-entrypoint.sh index 268921f46..543054e26 100755 --- a/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -eo pipefail +set -o pipefail set +e @@ -9,16 +9,6 @@ if [ "${DEBUG_MODE}" == "true" ]; then set -o xtrace fi -# Type of Zabbix component -# Possible values: [server, proxy, agent, frontend, java-gateway, appliance] -zbx_type=${ZBX_TYPE} -# Type of Zabbix database -# Possible values: [mysql, postgresql] -zbx_db_type=${ZBX_DB_TYPE} -# Type of web-server. Valid only with zbx_type = frontend -# Possible values: [apache, nginx] -zbx_opt_type=${ZBX_OPT_TYPE} - # Default Zabbix installation name # Used only by Zabbix web-interface ZBX_SERVER_NAME=${ZBX_SERVER_NAME:-"Zabbix docker"} @@ -72,90 +62,8 @@ file_env() { unset "$fileVar" } -configure_db_mysql() { - [ "${DB_SERVER_HOST}" != "localhost" ] && return - - echo "** Configuring local MySQL server" - - MYSQL_ALLOW_EMPTY_PASSWORD=true - MYSQL_DATA_DIR="/var/lib/mysql" - - if [ -f "/etc/mysql/my.cnf" ]; then - MYSQL_CONF_FILE="/etc/mysql/my.cnf" - elif [ -f "/etc/my.cnf.d/server.cnf" ]; then - MYSQL_CONF_FILE="/etc/my.cnf.d/server.cnf" - DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock" - elif [ -f "/etc/my.cnf.d/mariadb-server.cnf" ]; then - MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf" - DB_SERVER_SOCKET="/var/run/mysqld/mysqld.sock" - else - echo "**** Could not found MySQL configuration file" - exit 1 - fi - - if [ -f "/usr/bin/mysqld" ]; then - MYSQLD=/usr/bin/mysqld - elif [ -f "/usr/sbin/mysqld" ]; then - MYSQLD=/usr/sbin/mysqld - elif [ -f "/usr/libexec/mysqld" ]; then - MYSQLD=/usr/libexec/mysqld - else - echo "**** Could not found mysqld binary file" - exit 1 - fi - - sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE" - - if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then - [ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR" - - chown -R mysql:mysql "$MYSQL_DATA_DIR" - - echo "** Installing initial MySQL database schemas" - mysql_install_db --user=mysql --datadir="$MYSQL_DATA_DIR" 2>&1 - else - echo "**** MySQL data directory is not empty. Using already existing installation." - chown -R mysql:mysql "$MYSQL_DATA_DIR" - fi - - mkdir -p /var/run/mysqld - ln -s /var/run/mysqld /run/mysqld - chown -R mysql:mysql /var/run/mysqld - chown -R mysql:mysql /run/mysqld - - echo "** Starting MySQL server in background mode" - - nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \ - --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid \ - --port=3306 --character-set-server=utf8 --collation-server=utf8_bin & -} - prepare_system() { - local type=$1 - local web_server=$2 - echo "** Preparing the system" - - if [ "$type" != "appliance" ]; then - return - fi - - ZBX_ADD_AGENT=${ZBX_ADD_AGENT:-"false"} - ZBX_ADD_JAVA_GATEWAY=${ZBX_ADD_JAVA_GATEWAY:-"false"} - ZBX_ADD_SERVER=${ZBX_ADD_SERVER:-"true"} - [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_HOST="localhost" - [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_PORT="10051" - ZBX_MAIN_DB=${ZBX_MAIN_DB:-"mysql"} - ZBX_ADD_PROXY=${ZBX_ADD_PROXY:-"false"} - ZBX_PROXY_DB=${ZBX_PROXY_DB:-"sqlite3"} - ZBX_ADD_WEB=${ZBX_ADD_WEB:-"true"} - ZBX_WEB_SERVER=${ZBX_WEB_SERVER:-"nginx"} - DB_SERVER_HOST=${DB_SERVER_HOST:-"localhost"} - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY_ENABLE="true" - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY="localhost" - [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAYPORT="10052" - - [ "${ZBX_ADD_SERVER}" == "true" ] && configure_db_${ZBX_MAIN_DB} } escape_spec_char() { @@ -239,62 +147,14 @@ update_config_multiple_var() { done } -# Check prerequisites for MySQL database -check_variables_mysql() { - local type=$1 - - DB_SERVER_HOST=${DB_SERVER_HOST:-"mysql-server"} - DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} - USE_DB_ROOT_USER=false - CREATE_ZBX_DB_USER=false - file_env MYSQL_USER - file_env MYSQL_PASSWORD - - if [ "$type" != "" ]; then - file_env MYSQL_ROOT_PASSWORD - fi - - if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then - echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" - exit 1 - fi - - if [ ! -n "${MYSQL_USER}" ] && [ ! -n "${MYSQL_ROOT_PASSWORD}" ] && [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" != "true" ]; then - echo "*** Impossible to use MySQL server because 'root' password is not defined and it is not empty" - exit 1 - fi - - if [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || [ -n "${MYSQL_ROOT_PASSWORD}" ]; then - USE_DB_ROOT_USER=true - DB_SERVER_ROOT_USER="root" - DB_SERVER_ROOT_PASS=${MYSQL_ROOT_PASSWORD:-""} - fi - - [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true - - # If root password is not specified use provided credentials - DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}} - [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} - DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} - DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} - - if [ "$type" == "proxy" ]; then - DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"} - else - DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"} - fi -} - # Check prerequisites for PostgreSQL database -check_variables_postgresql() { - local type=$1 - +check_variables() { file_env POSTGRES_USER file_env POSTGRES_PASSWORD - DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} - DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} - CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} + : ${DB_SERVER_HOST:="postgres-server"} + : ${DB_SERVER_PORT:="5432"} + : ${CREATE_ZBX_DB_USER:="false"} DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"} DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""} @@ -302,41 +162,12 @@ check_variables_postgresql() { DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} - DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA:-"public"} + : ${DB_SERVER_SCHEMA:="public"} - if [ "$type" == "proxy" ]; then - DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix_proxy"} - else - DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} - fi + DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} } -check_db_connect_mysql() { - echo "********************" - echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" - echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" - echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" - if [ "${DEBUG_MODE}" == "true" ]; then - if [ "${USE_DB_ROOT_USER}" == "true" ]; then - echo "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}" - echo "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}" - fi - echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" - echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" - echo "********************" - fi - echo "********************" - - WAIT_TIMEOUT=5 - - while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do - echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." - sleep $WAIT_TIMEOUT - done -} - -check_db_connect_postgresql() { +check_db_connect() { echo "********************" echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" @@ -357,7 +188,6 @@ check_db_connect_postgresql() { DB_SERVER_ROOT_PASS=${DB_SERVER_ZBX_PASS} fi - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then export PGPASSWORD="${DB_SERVER_ZBX_PASS}" fi @@ -378,265 +208,9 @@ check_db_connect_postgresql() { unset PGOPTIONS } - -mysql_query() { - query=$1 - local result="" - - result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") - - echo $result -} - -psql_query() { - query=$1 - db=$2 - - local result="" - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); - - unset PGPASSWORD - unset PGOPTIONS - - echo $result -} - -create_db_user_mysql() { - [ "${CREATE_ZBX_DB_USER}" == "true" ] || return - - echo "** Creating '${DB_SERVER_ZBX_USER}' user in MySQL database" - - USER_EXISTS=$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'") - - if [ -z "$USER_EXISTS" ]; then - mysql_query "CREATE USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - else - mysql_query "ALTER USER ${DB_SERVER_ZBX_USER} IDENTIFIED BY '${DB_SERVER_ZBX_PASS}';" 1>/dev/null - fi - - mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null -} - -create_db_user_postgresql() { - [ "${CREATE_ZBX_DB_USER}" == "true" ] || return - - echo "** Creating '${DB_SERVER_ZBX_USER}' user in PostgreSQL database" - - USER_EXISTS=$(psql_query "SELECT 1 FROM pg_roles WHERE rolname='${DB_SERVER_ZBX_USER}'") - - if [ -z "$USER_EXISTS" ]; then - psql_query "CREATE USER ${DB_SERVER_ZBX_USER} WITH PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - else - psql_query "ALTER USER ${DB_SERVER_ZBX_USER} WITH ENCRYPTED PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null - fi -} - -create_db_database_mysql() { - DB_EXISTS=$(mysql_query "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${DB_SERVER_DBNAME}'") - - if [ -z ${DB_EXISTS} ]; then - echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." - mysql_query "CREATE DATABASE ${DB_SERVER_DBNAME} CHARACTER SET utf8 COLLATE utf8_bin" 1>/dev/null - # better solution? - mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null - else - echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database COLLATE!" - fi -} - -create_db_database_postgresql() { - DB_EXISTS=$(psql_query "SELECT 1 AS result FROM pg_database WHERE datname='${DB_SERVER_DBNAME}'") - - if [ -z ${DB_EXISTS} ]; then - echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." - psql_query "CREATE DATABASE ${DB_SERVER_DBNAME} WITH OWNER ${DB_SERVER_ZBX_USER} ENCODING='UTF8' LC_CTYPE='en_US.utf8' LC_COLLATE='en_US.utf8'" 1>/dev/null - else - echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database owner!" - fi - - psql_query "CREATE SCHEMA IF NOT EXISTS ${DB_SERVER_SCHEMA}" -} - -create_db_schema_mysql() { - local type=$1 - - DBVERSION_TABLE_EXISTS=$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name = 'dbversion'") - - if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then - echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." - ZBX_DB_VERSION=$(mysql_query "SELECT mandatory FROM ${DB_SERVER_DBNAME}.dbversion") - fi - - if [ -z "${ZBX_DB_VERSION}" ]; then - echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" - - zcat /usr/share/doc/zabbix-$type-mysql/create.sql.gz | mysql --silent --skip-column-names \ - -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ - ${DB_SERVER_DBNAME} 1>/dev/null - fi -} - -create_db_schema_postgresql() { - local type=$1 - - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = - c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") - - if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then - echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." - ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}") - fi - - if [ -z "${ZBX_DB_VERSION}" ]; then - echo "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL" - - if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" - fi - - if [ -n "${DB_SERVER_ZBX_PASS}" ]; then - export PGPASSWORD="${DB_SERVER_ZBX_PASS}" - fi - - if [ -n "${DB_SERVER_SCHEMA}" ]; then - PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" - export PGOPTIONS - fi - - zcat /usr/share/doc/zabbix-$type-postgresql/create.sql.gz | psql -q \ - -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null - - if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - cat /usr/share/doc/zabbix-$type-postgresql/timescaledb.sql | psql -q \ - -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ - -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null - fi - - unset PGPASSWORD - unset PGOPTIONS - fi -} - -prepare_web_server_apache() { - if [ -d "/etc/apache2/sites-available" ]; then - APACHE_SITES_DIR=/etc/apache2/sites-available - elif [ -d "/etc/apache2/conf.d" ]; then - APACHE_SITES_DIR=/etc/apache2/conf.d - elif [ -d "/etc/httpd/conf.d" ]; then - APACHE_SITES_DIR=/etc/httpd/conf.d - else - echo "**** Apache is not available" - exit 1 - fi - - if [ -f "/usr/sbin/a2dissite" ]; then - echo "** Disable default site" - /usr/sbin/a2dissite 000-default 1>/dev/null - rm -rf "$APACHE_SITES_DIR/*" - elif [ -f "/etc/apache2/conf.d/default.conf" ]; then - echo "** Disable default site" - rm -f "/etc/apache2/conf.d/default.conf" - elif [ -f "/etc/httpd/conf.d/welcome.conf" ]; then - echo "** Disable default site" - rm -f "/etc/httpd/conf.d/welcome.conf" - rm -f "/etc/httpd/conf.d/ssl.conf" - fi - - echo "** Adding Zabbix virtual host (HTTP)" - if [ -f "$ZABBIX_ETC_DIR/apache.conf" ]; then - ln -s "$ZABBIX_ETC_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf" - if [ -f "/usr/sbin/a2dissite" ]; then - /usr/sbin/a2ensite zabbix.conf 1>/dev/null - fi - else - echo "**** Impossible to enable HTTP virtual host" - fi - - if [ -f "/etc/apache2/conf.d/ssl.conf" ]; then - rm -f "/etc/apache2/conf.d/ssl.conf" - fi - - if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then - echo "** Enable SSL support for Apache2" - if [ -f "/usr/sbin/a2enmod" ]; then - /usr/sbin/a2enmod ssl 1>/dev/null - fi - - echo "** Adding Zabbix virtual host (HTTPS)" - if [ -f "$ZABBIX_ETC_DIR/apache_ssl.conf" ]; then - ln -s "$ZABBIX_ETC_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" - if [ -f "/usr/sbin/a2dissite" ]; then - /usr/sbin/a2ensite zabbix_ssl.conf 1>/dev/null - fi - else - echo "**** Impossible to enable HTTPS virtual host" - fi - else - echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." - fi - - # Change Apache2 logging to stdout and stderr - if [ -f "/etc/apache2/apache2.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/apache2.conf" - fi - - if [ -f "/etc/httpd/conf/httpd.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/httpd/conf/httpd.conf" - fi - - if [ -f "/etc/apache2/httpd.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/httpd.conf" - fi - - if [ -f "/etc/apache2/conf-available/other-vhosts-access-log.conf" ]; then - sed -ri \ - -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ - -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ - "/etc/apache2/conf-available/other-vhosts-access-log.conf" - fi - - if [ -f "/etc/apache2/conf.d/mpm.conf" ]; then - sed -ri \ - -e 's!^(\s*PidFile)\s+\S+!\1 "/var/run/httpd.pid"!g' \ - "/etc/apache2/conf.d/mpm.conf" - fi - - if [ -f "/var/run/apache2/apache2.pid" ]; then - rm -f "/var/run/apache2/apache2.pid" - fi - - if [ -f "/var/run/httpd/httpd.pid" ]; then - rm -f "/var/run/httpd/httpd.pid" - fi -} - -prepare_web_server_nginx() { +prepare_web_server() { NGINX_CONFD_DIR="/etc/nginx/conf.d" NGINX_SSL_CONFIG="/etc/ssl/nginx" - PHP_SESSIONS_DIR="/var/lib/php5" echo "** Adding Zabbix virtual host (HTTP)" if [ -f "$ZABBIX_ETC_DIR/nginx.conf" ]; then @@ -656,240 +230,14 @@ prepare_web_server_nginx() { echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." fi - if [ -d "/var/log/nginx/" ]; then - ln -sf /dev/fd/2 /var/log/nginx/error.log - fi - - ln -sf /dev/fd/2 /var/log/php5-fpm.log - ln -sf /dev/fd/2 /var/log/php7.2-fpm.log -} - -stop_databases() { - if ([ "${ZBX_MAIN_DB}" == "mysql" ] || [ "${ZBX_PROXY_DB}" == "mysql" ]) && [ "${DB_SERVER_HOST}" == "localhost" ]; then - mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null - - if [ -f "/var/lib/mysql/mysqld.pid" ]; then - kill -TERM $(cat /var/lib/mysql/mysqld.pid) - elif [ -f "/var/run/mysqld/mysqld.pid" ]; then - kill -TERM $(cat /var/run/mysqld/mysqld.pid) - fi - fi - - if [ "${ZBX_MAIN_DB}" == "postgresql" ] && [ "${DB_SERVER_HOST}" == "localhost" ]; then - if [ "${OS_CODENAME}" == "alpine" ]; then - PGDATA=/var/lib/postgresql - BINDIR=/usr/bin - else - PGDATA=/var/lib/postgresql/9.3/main - BINDIR=/usr/lib/postgresql/9.3/bin - fi - su -c "$BINDIR/pg_ctl -D \"$PGDATA\" -m fast -w stop --silent" postgres 1>/dev/null 2>/dev/null - fi + ln -sf /dev/fd/2 /var/log/nginx/error.log } clear_deploy() { - local type=$1 echo "** Cleaning the system" - - [ "$type" != "appliance" ] && return - - stop_databases } -update_zbx_config() { - local type=$1 - local db_type=$2 - - echo "** Preparing Zabbix $type configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_$type.conf - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - update_config_var $ZBX_CONFIG "ServerPort" "${ZBX_SERVER_PORT}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-"$db_type}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - fi - - if [ $type == "proxy" ] && [ "${ZBX_ADD_SERVER}" = "true" ]; then - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_PROXY_LISTENPORT:-"10061"}" - else - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - fi - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ $type == "proxy" ]; then - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - fi - - if [ "$db_type" == "sqlite3" ]; then - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/zabbix_proxy_db" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - if [ $type == "server" ]; then - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - fi - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "HeartbeatFrequency" "${ZBX_PROXYHEARTBEATFREQUENCY}" - update_config_var $ZBX_CONFIG "ConfigFrequency" "${ZBX_CONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_IPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - fi - - ZBX_JAVAGATEWAY_ENABLE=${ZBX_JAVAGATEWAY_ENABLE:-"false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - - ZBX_ENABLE_SNMP_TRAPS=${ZBX_ENABLE_SNMP_TRAPS:-"false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi - - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "SenderFrequency" "${ZBX_SENDERFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - fi - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - # Possible few fping locations - if [ -f "/usr/bin/fping" ]; then - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - else - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - fi - if [ -f "/usr/bin/fping6" ]; then - update_config_var $ZBX_CONFIG "Fping6Location" "/usr/bin/fping6" - else - update_config_var $ZBX_CONFIG "Fping6Location" "/usr/sbin/fping6" - fi - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - if [ "$type" == "server" ]; then - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - fi - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - fi - update_config_var $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" - update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - fi - - update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" - update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" - - if [ "$type" == "proxy" ]; then - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - update_config_var $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" - fi -} - - prepare_zbx_web_config() { - local db_type=$1 local server_name="" echo "** Preparing Zabbix frontend configuration file" @@ -903,37 +251,14 @@ prepare_zbx_web_config() { ln -s "$ZBX_WEB_CONFIG" "$ZBX_WWW_ROOT/conf/zabbix.conf.php" - # Different places of PHP configuration file - if [ -f "/etc/php5/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/conf.d/99-zabbix.ini" - elif [ -f "/etc/php5/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php5/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php5/apache2/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.0/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.0/apache2/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.0/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.0/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php.d/99-zabbix.ini" - elif [ -f "/etc/php7/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.2/fpm/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.2/fpm/conf.d/99-zabbix.ini" - elif [ -f "/etc/php/7.2/apache2/conf.d/99-zabbix.ini" ]; then - PHP_CONFIG_FILE="/etc/php/7.2/apache2/conf.d/99-zabbix.ini" - fi + PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" - if [ -n "$PHP_CONFIG_FILE" ]; then - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" - else - echo "**** Zabbix related PHP configuration file not found" - fi + update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" + update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" + update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" + update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" + update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" + update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} @@ -958,221 +283,34 @@ prepare_zbx_web_config() { -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ "$ZBX_WEB_CONFIG" - [ "$db_type" = "postgresql" ] && sed -i "s/MYSQL/POSTGRESQL/g" "$ZBX_WEB_CONFIG" - [ -n "${ZBX_SESSION_NAME}" ] && sed -i "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "$ZBX_WWW_ROOT/include/defines.inc.php" } -prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf - - ZBX_PASSIVESERVERS=${ZBX_PASSIVESERVERS:-""} - ZBX_ACTIVESERVERS=${ZBX_ACTIVESERVERS:-""} - - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - ZBX_PASSIVE_ALLOW=${ZBX_PASSIVE_ALLOW:-"true"} - if [ "$ZBX_PASSIVE_ALLOW" == "true" ]; then - echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" - else - update_config_var $ZBX_AGENT_CONFIG "Server" - fi - - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - - ZBX_ACTIVE_ALLOW=${ZBX_ACTIVE_ALLOW:-"true"} - if [ "$ZBX_ACTIVE_ALLOW" == "true" ]; then - echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" - else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" - fi - - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" -} - -prepare_java_gateway_config() { - echo "** Preparing Zabbix Java Gateway log configuration file" - - ZBX_GATEWAY_CONFIG=$ZABBIX_ETC_DIR/zabbix_java_gateway_logback.xml - - if [ -n "${ZBX_DEBUGLEVEL}" ]; then - echo "Updating $ZBX_GATEWAY_CONFIG 'DebugLevel' parameter: '${ZBX_DEBUGLEVEL}'... updated" - if [ -f "$ZBX_GATEWAY_CONFIG" ]; then - sed -i -e "/^.*/" "$ZBX_GATEWAY_CONFIG" - else - echo "**** Zabbix Java Gateway log configuration file '$ZBX_GATEWAY_CONFIG' not found" - fi - fi -} - -prepare_agent() { - echo "** Preparing Zabbix agent" - prepare_zbx_agent_config -} - -prepare_server() { - local db_type=$1 - - echo "** Preparing Zabbix server" - - check_variables_$db_type "server" - check_db_connect_$db_type - create_db_user_$db_type - create_db_database_$db_type - create_db_schema_$db_type "server" - - update_zbx_config "server" "$db_type" -} - -prepare_proxy() { - local db_type=$1 - - echo "Preparing Zabbix proxy" - - if [ "$db_type" != "sqlite3" ]; then - check_variables_$db_type "proxy" - check_db_connect_$db_type - create_db_user_$db_type - create_db_database_$db_type - create_db_schema_$db_type "proxy" - fi - - update_zbx_config "proxy" $db_type -} - prepare_web() { - local web_server=$1 - local db_type=$2 - echo "** Preparing Zabbix web-interface" - check_variables_$db_type - check_db_connect_$db_type - prepare_web_server_$web_server - prepare_zbx_web_config $db_type + check_variables + check_db_connect + prepare_web_server + prepare_zbx_web_config } -prepare_java_gateway() { - echo "** Preparing Zabbix Java Gateway" - - prepare_java_gateway_config -} ################################################# -if [ ! -n "$zbx_type" ]; then - echo "**** Type of Zabbix component is not specified" - exit 1 -elif [ "$zbx_type" == "dev" ]; then - echo "** Deploying Zabbix installation from SVN" -else - if [ ! -n "$zbx_db_type" ]; then - echo "**** Database type of Zabbix $zbx_type is not specified" - exit 1 - fi +echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database" - if [ "$zbx_db_type" != "none" ]; then - if [ "$zbx_opt_type" != "none" ]; then - echo "** Deploying Zabbix $zbx_type ($zbx_opt_type) with $zbx_db_type database" - else - echo "** Deploying Zabbix $zbx_type with $zbx_db_type database" - fi - else - echo "** Deploying Zabbix $zbx_type" - fi -fi +prepare_system -prepare_system "$zbx_type" "$zbx_opt_type" +prepare_web -[ "$zbx_type" == "server" ] && prepare_server $zbx_db_type -[ "${ZBX_ADD_SERVER}" == "true" ] && prepare_server ${ZBX_MAIN_DB} - -[ "$zbx_type" == "proxy" ] && prepare_proxy $zbx_db_type -[ "${ZBX_ADD_PROXY}" == "true" ] && prepare_proxy ${ZBX_PROXY_DB} - -[ "$zbx_type" == "frontend" ] && prepare_web $zbx_opt_type $zbx_db_type -[ "${ZBX_ADD_WEB}" == "true" ] && prepare_web ${ZBX_WEB_SERVER} ${ZBX_MAIN_DB} - -[ "$zbx_type" == "agent" ] && prepare_agent -[ "${ZBX_ADD_AGENT}" == "true" ] && prepare_agent - -[ "$zbx_type" == "java-gateway" ] && prepare_java_gateway -[ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && prepare_java_gateway - -clear_deploy "$zbx_type" +clear_deploy echo "########################################################" if [ "$1" != "" ]; then echo "** Executing '$@'" exec "$@" -elif [ "$zbx_type" == "agent" ]; then - echo "** Starting Zabbix agent" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_agentd --foreground -c /etc/zabbix/zabbix_agentd.conf" -elif [ "$zbx_type" == "proxy" ]; then - echo "** Starting Zabbix proxy" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_proxy --foreground -c /etc/zabbix/zabbix_proxy.conf" -elif [ "$zbx_type" == "server" ]; then - echo "** Starting Zabbix server" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_server --foreground -c /etc/zabbix/zabbix_server.conf" -elif [ "$zbx_type" == "java-gateway" ]; then - echo "** Starting Zabbix Java Gateway" - exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_java_gateway" -elif [ "$zbx_type" == "frontend" ] && [ "$zbx_opt_type" == "apache" ]; then - echo "** Starting Zabbix frontend" - if [ -f "/usr/sbin/httpd" ]; then - exec /usr/sbin/httpd -D FOREGROUND - elif [ -f "/usr/sbin/apache2ctl" ]; then - exec /bin/bash -c "source /etc/apache2/envvars && /usr/sbin/apache2ctl -D FOREGROUND" - else - echo "Unknown Web-server. Exiting..." - exit 1 - fi elif [ -f "/usr/bin/supervisord" ]; then echo "** Executing supervisord" exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf