Merge pull request #1188 from zabbix/merge_6.0

Merge 6.0
This commit is contained in:
Alexey Pustovalov 2024-02-16 19:01:13 +09:00 committed by Alexey Pustovalov
parent db666d1e40
commit 0d8623bf04
65 changed files with 1462 additions and 634 deletions

View File

@ -1,13 +0,0 @@
- repo: https://github.com/gitleaks/gitleaks
rev: v8.16.3
hooks:
- id: gitleaks
- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 3.0.0
hooks:
- id: shellcheck
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace

1
.github/CODEOWNERS vendored Normal file
View File

@ -0,0 +1 @@
* @dotneft

View File

@ -34,4 +34,4 @@
<!--- Paste verbatim command output between quotes --> <!--- Paste verbatim command output between quotes -->
```paste below ```paste below
``` ```

31
.github/workflows/dependency-review.yml vendored Normal file
View File

@ -0,0 +1,31 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0

View File

@ -0,0 +1,70 @@
name: DockerHub Description
on:
push:
branches:
- 'trunk'
paths:
- 'Dockerfiles/*/README.md'
- '.github/workflows/dockerhub_description.yml'
workflow_dispatch:
env:
DOCKER_REPOSITORY: "zabbix"
IMAGES_PREFIX: "zabbix-"
DOCKERFILES_DIRECTORY: "./Dockerfiles"
permissions:
contents: read
jobs:
main:
name: Update description
runs-on: ubuntu-latest
env:
DOCKER_REPOSITORY: "zabbix"
permissions:
contents: read
strategy:
fail-fast: false
matrix:
component:
- build-base
- build-mysql
- build-pgsql
- build-sqlite3
- agent
- agent2
- java-gateway
- proxy-mysql
- proxy-sqlite3
- server-mysql
- server-pgsql
- snmptraps
- web-apache-mysql
- web-apache-pgsql
- web-nginx-mysql
- web-nginx-pgsql
- web-service
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
hub.docker.com:443
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 1
- name: Update DockerHub repo description (zabbix-${{ matrix.component }})
uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
readme-filepath: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.component }}/README.md

View File

@ -66,7 +66,7 @@ jobs:
github.com:443 github.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -87,7 +87,7 @@ jobs:
env: env:
MATRIX_FILE: ${{ env.MATRIX_FILE }} MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: | run: |
os_list=$(jq -r '.["os-linux"] | keys | [ .[] | tostring ] | @json' "$MATRIX_FILE") os_list=$(jq -r '.["os-linux"] | keys | map(select(. != "rhel")) | [ .[] | tostring ] | @json' "$MATRIX_FILE")
echo "::group::Operating System List" echo "::group::Operating System List"
echo "$os_list" echo "$os_list"
@ -95,25 +95,12 @@ jobs:
echo "list=$os_list" >> $GITHUB_OUTPUT echo "list=$os_list" >> $GITHUB_OUTPUT
- name: Prepare Platform list
id: platform_list
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
platform_list=$(jq -r '.["os-linux"] | tostring | @json' "$MATRIX_FILE")
echo "::group::Platform List"
echo "$platform_list"
echo "::endgroup::"
echo "list=$platform_list" >> $GITHUB_OUTPUT
- name: Prepare Database engine list - name: Prepare Database engine list
id: database id: database
env: env:
MATRIX_FILE: ${{ env.MATRIX_FILE }} MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: | run: |
database_list=$(jq -r '[.components | values[] ] | sort | unique | del(.. | select ( . == "" ) ) | [ .[] | tostring ] | @json' "$MATRIX_FILE") database_list=$(jq -r '[.components | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE")
echo "::group::Database List" echo "::group::Database List"
echo "$database_list" echo "$database_list"
@ -126,7 +113,7 @@ jobs:
env: env:
MATRIX_FILE: ${{ env.MATRIX_FILE }} MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: | run: |
component_list=$(jq -r '.components | keys | [ .[] | tostring ] | @json' "$MATRIX_FILE") component_list=$(jq -r '.components | keys | @json' "$MATRIX_FILE")
echo "::group::Zabbix Component List" echo "::group::Zabbix Component List"
echo "$component_list" echo "$component_list"
@ -184,16 +171,13 @@ jobs:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
api.github.com:443 api.github.com:443
archive.ubuntu.com:443
archive.ubuntu.com:80 archive.ubuntu.com:80
atl.mirrors.knownhost.com:443 atl.mirrors.knownhost.com:443
atl.mirrors.knownhost.com:80 atl.mirrors.knownhost.com:80
auth.docker.io:443 auth.docker.io:443
cdn03.quay.io:443 cdn03.quay.io:443
centos-distro.1gservers.com:80
centos-stream-distro.1gservers.com:443 centos-stream-distro.1gservers.com:443
centos-stream-distro.1gservers.com:80 centos-stream-distro.1gservers.com:80
centos.mirror.shastacoe.net:80
dfw.mirror.rackspace.com:443 dfw.mirror.rackspace.com:443
dfw.mirror.rackspace.com:80 dfw.mirror.rackspace.com:80
dl-cdn.alpinelinux.org:443 dl-cdn.alpinelinux.org:443
@ -205,8 +189,6 @@ jobs:
ftp-nyc.osuosl.org:80 ftp-nyc.osuosl.org:80
ftp-osl.osuosl.org:443 ftp-osl.osuosl.org:443
ftp-osl.osuosl.org:80 ftp-osl.osuosl.org:80
ftp.agdsn.de:443
ftp.osuosl.org:80
ftp.plusline.net:443 ftp.plusline.net:443
ftp.plusline.net:80 ftp.plusline.net:80
ftpmirror.your.org:80 ftpmirror.your.org:80
@ -221,17 +203,13 @@ jobs:
mirror-mci.yuki.net.uk:80 mirror-mci.yuki.net.uk:80
mirror.arizona.edu:443 mirror.arizona.edu:443
mirror.arizona.edu:80 mirror.arizona.edu:80
mirror.ash.fastserv.com:80
mirror.dogado.de:443 mirror.dogado.de:443
mirror.dogado.de:80 mirror.dogado.de:80
mirror.ette.biz:80
mirror.facebook.net:443 mirror.facebook.net:443
mirror.facebook.net:80 mirror.facebook.net:80
mirror.fcix.net:443 mirror.fcix.net:443
mirror.hoobly.com:443 mirror.hoobly.com:443
mirror.hoobly.com:80
mirror.math.princeton.edu:443 mirror.math.princeton.edu:443
mirror.metrocast.net:80
mirror.netzwerge.de:443 mirror.netzwerge.de:443
mirror.pilotfiber.com:443 mirror.pilotfiber.com:443
mirror.pilotfiber.com:80 mirror.pilotfiber.com:80
@ -241,14 +219,12 @@ jobs:
mirror.scaleuptech.com:80 mirror.scaleuptech.com:80
mirror.servaxnet.com:443 mirror.servaxnet.com:443
mirror.servaxnet.com:80 mirror.servaxnet.com:80
mirror.sfo12.us.leaseweb.net:80
mirror.siena.edu:80 mirror.siena.edu:80
mirror.stream.centos.org:443 mirror.stream.centos.org:443
mirror.stream.centos.org:80 mirror.stream.centos.org:80
mirror.team-cymru.com:443 mirror.team-cymru.com:443
mirror.team-cymru.com:80 mirror.team-cymru.com:80
mirror1.hs-esslingen.de:443 mirror1.hs-esslingen.de:443
mirrorlist.centos.org:80
mirrors.centos.org:443 mirrors.centos.org:443
mirrors.fedoraproject.org:443 mirrors.fedoraproject.org:443
mirrors.fedoraproject.org:80 mirrors.fedoraproject.org:80
@ -259,38 +235,27 @@ jobs:
mirrors.sonic.net:443 mirrors.sonic.net:443
mirrors.wcupa.edu:443 mirrors.wcupa.edu:443
mirrors.wcupa.edu:80 mirrors.wcupa.edu:80
mirrors.xtom.com:80
mirrors.xtom.de:443
mirrors.xtom.de:80 mirrors.xtom.de:80
na.edge.kernel.org:443 na.edge.kernel.org:443
nocix.mm.fcix.net:443 nocix.mm.fcix.net:443
oauth2.sigstore.dev:443 oauth2.sigstore.dev:443
objects.githubusercontent.com:443 objects.githubusercontent.com:443
ports.ubuntu.com:443
ports.ubuntu.com:80 ports.ubuntu.com:80
production.cloudflare.docker.com:443 production.cloudflare.docker.com:443
quay.io:443 quay.io:443
registry-1.docker.io:443 registry-1.docker.io:443
rekor.sigstore.dev:443 rekor.sigstore.dev:443
repo.ialab.dsu.edu:443 repo.ialab.dsu.edu:443
repo1.sea.innoscale.net:80
repos.eggycrew.com:443 repos.eggycrew.com:443
repos.eggycrew.com:80 repos.eggycrew.com:80
scientificlinux.physik.uni-muenchen.de:80
security.ubuntu.com:443
security.ubuntu.com:80 security.ubuntu.com:80
southfront.mm.fcix.net:80
tuf-repo-cdn.sigstore.dev:443 tuf-repo-cdn.sigstore.dev:443
tx-mirror.tier.net:80
uvermont.mm.fcix.net:443 uvermont.mm.fcix.net:443
volico.mm.fcix.net:80
www.gtlib.gatech.edu:80
yum.oracle.com:443 yum.oracle.com:443
ziply.mm.fcix.net:443 ziply.mm.fcix.net:443
ziply.mm.fcix.net:80
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -304,18 +269,18 @@ jobs:
run: cosign version run: cosign version
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with: with:
image: tonistiigi/binfmt:latest image: tonistiigi/binfmt:latest
platforms: all platforms: all
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with: with:
driver-opts: image=moby/buildkit:master driver-opts: image=moby/buildkit:master
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -337,7 +302,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -354,7 +319,7 @@ jobs:
- name: Build and publish image - name: Build and publish image
id: docker_build id: docker_build
uses: docker/build-push-action@v5 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile
@ -403,7 +368,7 @@ jobs:
echo "$DIGEST" > "$CACHE_FILE_NAME" echo "$DIGEST" > "$CACHE_FILE_NAME"
- name: Cache image digest - name: Cache image digest
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -451,7 +416,7 @@ jobs:
rekor.sigstore.dev:443 rekor.sigstore.dev:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -465,18 +430,18 @@ jobs:
run: cosign version run: cosign version
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with: with:
image: tonistiigi/binfmt:latest image: tonistiigi/binfmt:latest
platforms: all platforms: all
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with: with:
driver-opts: image=moby/buildkit:master driver-opts: image=moby/buildkit:master
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -498,7 +463,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -514,7 +479,7 @@ jobs:
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }}
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -559,7 +524,7 @@ jobs:
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push - name: Build ${{ matrix.build }}/${{ matrix.os }} and push
id: docker_build id: docker_build
uses: docker/build-push-action@v5 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
@ -608,7 +573,7 @@ jobs:
echo "$DIGEST" > $CACHE_FILE_NAME echo "$DIGEST" > $CACHE_FILE_NAME
- name: Caching SHA256 tag of the image - name: Caching SHA256 tag of the image
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ matrix.build }}_${{ matrix.os }} path: ${{ matrix.build }}_${{ matrix.os }}
key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }}
@ -635,63 +600,45 @@ jobs:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
api.github.com:443 api.github.com:443
archive.ubuntu.com:443 auth.docker.io:443
archive.ubuntu.com:80 dl-cdn.alpinelinux.org:443
github.com:443
index.docker.io:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
fulcio.sigstore.dev:443
objects.githubusercontent.com:443
tuf-repo-cdn.sigstore.dev:443
rekor.sigstore.dev:443
api.github.com:443
atl.mirrors.knownhost.com:443 atl.mirrors.knownhost.com:443
atl.mirrors.knownhost.com:80 atl.mirrors.knownhost.com:80
auth.docker.io:443 auth.docker.io:443
cdn03.quay.io:443 cdn03.quay.io:443
centos-distro.1gservers.com:80
centos-stream-distro.1gservers.com:443 centos-stream-distro.1gservers.com:443
centos-stream-distro.1gservers.com:80 centos-stream-distro.1gservers.com:80
centos.mirror.shastacoe.net:80
d2lzkl7pfhq30w.cloudfront.net:443 d2lzkl7pfhq30w.cloudfront.net:443
deb.debian.org:80
dfw.mirror.rackspace.com:443
dfw.mirror.rackspace.com:80
dl-cdn.alpinelinux.org:443
dl.google.com:443
download.cf.centos.org:443
download.cf.centos.org:80
epel.mirror.constant.com:443
epel.mirror.constant.com:80 epel.mirror.constant.com:80
forksystems.mm.fcix.net:80 forksystems.mm.fcix.net:80
ftp-nyc.osuosl.org:443 ftp-nyc.osuosl.org:443
ftp-nyc.osuosl.org:80 ftp-nyc.osuosl.org:80
ftp-osl.osuosl.org:443 ftp-osl.osuosl.org:443
ftp-osl.osuosl.org:80 ftp-osl.osuosl.org:80
ftp.agdsn.de:443
ftp.osuosl.org:80
ftp.plusline.net:443
ftp.plusline.net:80 ftp.plusline.net:80
ftpmirror.your.org:80 ftpmirror.your.org:80
fulcio.sigstore.dev:443
github.com:443 github.com:443
iad.mirror.rackspace.com:443 iad.mirror.rackspace.com:443
iad.mirror.rackspace.com:80
index.docker.io:443 index.docker.io:443
ix-denver.mm.fcix.net:443 ix-denver.mm.fcix.net:443
keyserver.ubuntu.com:11371
lesnet.mm.fcix.net:443
mirror-mci.yuki.net.uk:443 mirror-mci.yuki.net.uk:443
mirror-mci.yuki.net.uk:80
mirror.23m.com:80 mirror.23m.com:80
mirror.arizona.edu:443
mirror.arizona.edu:80 mirror.arizona.edu:80
mirror.ash.fastserv.com:80
mirror.dal.nexril.net:80 mirror.dal.nexril.net:80
mirror.de.leaseweb.net:80 mirror.de.leaseweb.net:80
mirror.dogado.de:443
mirror.dogado.de:80 mirror.dogado.de:80
mirror.ette.biz:80
mirror.facebook.net:443
mirror.facebook.net:80 mirror.facebook.net:80
mirror.fcix.net:443
mirror.hoobly.com:443
mirror.hoobly.com:80 mirror.hoobly.com:80
mirror.math.princeton.edu:443
mirror.math.princeton.edu:80 mirror.math.princeton.edu:80
mirror.metrocast.net:80
mirror.netcologne.de:443 mirror.netcologne.de:443
mirror.netzwerge.de:443 mirror.netzwerge.de:443
mirror.pilotfiber.com:443 mirror.pilotfiber.com:443
@ -699,77 +646,74 @@ jobs:
mirror.rackspace.com:443 mirror.rackspace.com:443
mirror.rackspace.com:80 mirror.rackspace.com:80
mirror.scaleuptech.com:443 mirror.scaleuptech.com:443
mirror.scaleuptech.com:80
mirror.servaxnet.com:443 mirror.servaxnet.com:443
mirror.servaxnet.com:80 mirror.servaxnet.com:80
mirror.sfo12.us.leaseweb.net:80 mirror.sfo12.us.leaseweb.net:80
mirror.siena.edu:80 mirror.siena.edu:80
mirror.steadfastnet.com:80 mirror.steadfastnet.com:80
mirror.stream.centos.org:443
mirror.stream.centos.org:80
mirror.team-cymru.com:443 mirror.team-cymru.com:443
mirror.team-cymru.com:80 mirror.team-cymru.com:80
mirror.umd.edu:443 mirror.umd.edu:443
mirror1.hs-esslingen.de:443 mirror1.hs-esslingen.de:443
mirrorlist.centos.org:80
mirrors.centos.org:443 mirrors.centos.org:443
mirrors.fedoraproject.org:443 mirrors.fedoraproject.org:443
mirrors.fedoraproject.org:80
mirrors.iu13.net:443 mirrors.iu13.net:443
mirrors.iu13.net:80 mirrors.iu13.net:80
mirrors.mit.edu:443
mirrors.ocf.berkeley.edu:443 mirrors.ocf.berkeley.edu:443
mirrors.ocf.berkeley.edu:80
mirrors.sonic.net:443
mirrors.sonic.net:80 mirrors.sonic.net:80
mirrors.syringanetworks.net:80 mirrors.syringanetworks.net:80
mirrors.vcea.wsu.edu:80 mirrors.vcea.wsu.edu:80
mirrors.wcupa.edu:443
mirrors.wcupa.edu:80 mirrors.wcupa.edu:80
mirrors.xtom.com:80
mirrors.xtom.de:443
mirrors.xtom.de:80 mirrors.xtom.de:80
na.edge.kernel.org:443 na.edge.kernel.org:443
nginx.org:443
nginx.org:80
nnenix.mm.fcix.net:80 nnenix.mm.fcix.net:80
nocix.mm.fcix.net:443
oauth2.sigstore.dev:443
objects.githubusercontent.com:443
ohioix.mm.fcix.net:80 ohioix.mm.fcix.net:80
ports.ubuntu.com:443
ports.ubuntu.com:80
production.cloudflare.docker.com:443 production.cloudflare.docker.com:443
pubmirror1.math.uh.edu:443 pubmirror1.math.uh.edu:443
pubmirror3.math.uh.edu:80 pubmirror3.math.uh.edu:80
quay.io:443 quay.io:443
registry-1.docker.io:443 registry-1.docker.io:443
rekor.sigstore.dev:443
repo.ialab.dsu.edu:443
repo.ialab.dsu.edu:80 repo.ialab.dsu.edu:80
repo1.sea.innoscale.net:80
repos.eggycrew.com:443
repos.eggycrew.com:80 repos.eggycrew.com:80
scientificlinux.physik.uni-muenchen.de:80
security.ubuntu.com:443
security.ubuntu.com:80
southfront.mm.fcix.net:80
tuf-repo-cdn.sigstore.dev:443
tx-mirror.tier.net:80
uvermont.mm.fcix.net:443
uvermont.mm.fcix.net:80 uvermont.mm.fcix.net:80
volico.mm.fcix.net:80
www.gtlib.gatech.edu:80
yum.oracle.com:443
ziply.mm.fcix.net:443 ziply.mm.fcix.net:443
ziply.mm.fcix.net:80 fulcio.sigstore.dev:443
keyserver.ubuntu.com:80 objects.githubusercontent.com:443
p80.pool.sks-keyservers.net:80 tuf-repo-cdn.sigstore.dev:443
pgp.mit.edu:11371 rekor.sigstore.dev:443
ha.pool.sks-keyservers.net:11371 oauth2.sigstore.dev:443
api.github.com:443
auth.docker.io:443
github.com:443
index.docker.io:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
yum.oracle.com:443
fulcio.sigstore.dev:443
objects.githubusercontent.com:443
tuf-repo-cdn.sigstore.dev:443
rekor.sigstore.dev:443
api.github.com:443
archive.ubuntu.com:80
auth.docker.io:443
deb.debian.org:80
github.com:443
index.docker.io:443
keyserver.ubuntu.com:11371
nginx.org:443
nginx.org:80
ports.ubuntu.com:80
production.cloudflare.docker.com:443
registry-1.docker.io:443
security.ubuntu.com:80
fulcio.sigstore.dev:443
objects.githubusercontent.com:443
tuf-repo-cdn.sigstore.dev:443
rekor.sigstore.dev:443
>>>>>>> 05d38ba67 (Merge pull request #1188 from zabbix/merge_6.0)
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -783,18 +727,18 @@ jobs:
run: cosign version run: cosign version
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with: with:
image: tonistiigi/binfmt:latest image: tonistiigi/binfmt:latest
platforms: all platforms: all
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with: with:
driver-opts: image=moby/buildkit:master driver-opts: image=moby/buildkit:master
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -835,7 +779,7 @@ jobs:
MATRIX_BUILD: ${{ matrix.build }} MATRIX_BUILD: ${{ matrix.build }}
MATRIX_FILE: ${{ env.MATRIX_FILE }} MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: | run: |
BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\"" "$MATRIX_FILE") BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\".base" "$MATRIX_FILE")
echo "::group::Base Build Image" echo "::group::Base Build Image"
echo "$BUILD_BASE" echo "$BUILD_BASE"
@ -845,7 +789,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -861,7 +805,7 @@ jobs:
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }}
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
if: ${{ matrix.build != 'snmptraps' }} if: ${{ matrix.build != 'snmptraps' }}
with: with:
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }} path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }}
@ -925,7 +869,7 @@ jobs:
- name: Build and push image - name: Build and push image
id: docker_build id: docker_build
uses: docker/build-push-action@v5 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile

View File

@ -4,7 +4,22 @@ on:
release: release:
types: types:
- published - published
push:
branches:
- '[0-9]+.[0-9]+'
- 'trunk'
paths:
- 'Dockerfiles/*/rhel/*'
- 'build.json'
- '!**/README.md'
- '.github/workflows/images_build_rhel.yml'
workflow_dispatch: workflow_dispatch:
inputs:
publish_images:
description: 'Publish images'
required: true
default: false
type: boolean
defaults: defaults:
run: run:
@ -14,13 +29,14 @@ permissions:
contents: read contents: read
env: env:
AUTO_PUSH_IMAGES: ${{ contains(fromJSON('["workflow_dispatch"]'), github.event_name) && 'false' || vars.AUTO_PUSH_IMAGES }} AUTO_PUSH_IMAGES: ${{ contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name) && 'false' || vars.AUTO_PUSH_IMAGES }}
LATEST_BRANCH: ${{ github.event.repository.default_branch }} LATEST_BRANCH: ${{ github.event.repository.default_branch }}
TRUNK_GIT_BRANCH: "refs/heads/trunk" TRUNK_GIT_BRANCH: "refs/heads/trunk"
IMAGES_PREFIX: "zabbix-" IMAGES_PREFIX: "zabbix-"
BASE_BUILD_NAME: "build-base" BASE_BUILD_NAME: "build-base"
MATRIX_FILE: "build.json"
DOCKERFILES_DIRECTORY: "Dockerfiles" DOCKERFILES_DIRECTORY: "Dockerfiles"
OIDC_ISSUER: "https://token.actions.githubusercontent.com" OIDC_ISSUER: "https://token.actions.githubusercontent.com"
@ -31,6 +47,9 @@ env:
PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable" PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable"
PFLT_LOGLEVEL: "warn" PFLT_LOGLEVEL: "warn"
PFLT_ARTIFACTS: "/tmp/artifacts" PFLT_ARTIFACTS: "/tmp/artifacts"
IMAGE_DIR: "/tmp/images"
RHEL_BUILD: "true"
jobs: jobs:
init_build: init_build:
@ -38,11 +57,15 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
actions: write
outputs: outputs:
platforms: ${{ steps.platform_list.outputs.list }}
database: ${{ steps.database.outputs.list }}
components: ${{ steps.components.outputs.list }} components: ${{ steps.components.outputs.list }}
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
current_branch: ${{ steps.branch_info.outputs.current_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }}
sha_short: ${{ steps.branch_info.outputs.sha_short }} sha_short: ${{ steps.branch_info.outputs.sha_short }}
secret_prefix: ${{ steps.branch_info.outputs.secret_prefix }}
steps: steps:
- name: Block egress traffic - name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
@ -50,12 +73,64 @@ jobs:
disable-sudo: true disable-sudo: true
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
api.github.com:443
github.com:443 github.com:443
objects.githubusercontent.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 1 fetch-depth: 1
sparse-checkout: ${{ env.MATRIX_FILE }}
- name: Check ${{ env.MATRIX_FILE }} file
id: build_exists
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
if [[ ! -f "$MATRIX_FILE" ]]; then
echo "::error::File $MATRIX_FILE is missing"
exit 1
fi
- name: Prepare Platform list
id: platform_list
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
platform_list=$(jq -r '.["os-linux"].rhel | @json' "$MATRIX_FILE")
echo "::group::Platform List"
echo "$platform_list"
echo "::endgroup::"
echo "list=$platform_list" >> $GITHUB_OUTPUT
- name: Prepare Database engine list
id: database
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
database_list=$(jq -r '[.components | map_values(select(.rhel == true)) | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE")
echo "::group::Database List"
echo "$database_list"
echo "::endgroup::"
echo "list=$database_list" >> $GITHUB_OUTPUT
- name: Prepare Zabbix component list
id: components
env:
MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: |
component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE")
echo "::group::Zabbix Component List"
echo "$component_list"
echo "::endgroup::"
echo "list=$component_list" >> $GITHUB_OUTPUT
- name: Get branch info - name: Get branch info
id: branch_info id: branch_info
@ -77,30 +152,39 @@ jobs:
result=true result=true
fi fi
echo "::group::Branch data" echo "::group::Branch metadata"
echo "is_default_branch - $result" echo "is_default_branch - $result"
echo "current_branch - $github_ref" echo "current_branch - $github_ref"
echo "secret_prefix=RHEL_${github_ref//.}"
echo "sha_short - $sha_short" echo "sha_short - $sha_short"
echo "::endgroup::" echo "::endgroup::"
echo "is_default_branch=$result" >> $GITHUB_OUTPUT echo "is_default_branch=$result" >> $GITHUB_OUTPUT
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
- name: Cleanup cache
- name: Prepare Zabbix component list shell: bash
id: components
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }} REPO: ${{ github.repository }}
BRANCH: ${{ steps.branch_info.outputs.current_branch }}
GH_RUN_ID: ${{ github.run_id }}
run: | run: |
component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components | keys | @json") gh extension install actions/gh-actions-cache
echo "::group::Zabbix Component List" cache_keys=$(gh actions-cache list -R "${REPO}" -B "${BRANCH}" -L 100 --sort created-at --order desc | cut -f 1)
echo "$component_list"
echo "::endgroup::"
echo "list=$component_list" >> $GITHUB_OUTPUT ## Setting this to not fail the workflow while deleting cache keys
set +e
echo "Deleting caches..."
for cache_key in $cache_keys
do
if [[ "$cache_key" == *"${GH_RUN_ID}" ]]; then
gh actions-cache delete $cache_key -R "${REPO}" -B "${BRANCH}" --confirm
fi
done
build_base: build_base:
timeout-minutes: 30 timeout-minutes: 30
@ -110,13 +194,13 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
build: [build-base] build: [build-base]
arch: [X64, ARM64] arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
runs-on: [self-hosted, linux, "${{ matrix.arch }}"] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
permissions: permissions:
contents: read contents: read
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 1 fetch-depth: 1
@ -137,15 +221,15 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }} images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: | tags: |
type=sha,suffix=-${{ steps.lc.outputs.arch }} type=sha,suffix=-${{ steps.lc.outputs.arch }}
- name: Build Zabbix Build Base - name: Build image
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
@ -154,28 +238,83 @@ jobs:
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
extra-args: | extra-args: |
--pull --pull
--iidfile=${{ github.workspace }}/iidfile
- name: Image digest - name: Prepare image metadata
id: image_metadata
env: env:
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }}
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
GITHUB_WORKSPACE: ${{ github.workspace }}
run: | run: |
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile)
echo "::group::Image digest"
echo "$DIGEST" echo "::group::Image tag"
echo "image_tag=$IMAGE_TAG"
echo "::endgroup::"
echo "::group::Image Tag ID"
echo "tag_id=$TAG_ID"
echo "::endgroup::" echo "::endgroup::"
echo "::group::Cache file name" echo "::group::Cache file name"
echo "$CACHE_FILE_NAME" echo "$CACHE_FILE_NAME"
echo "::endgroup::" echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME" echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id"
echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag"
- name: Cache image digest echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT
uses: actions/cache@v4 echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Cache image metadata
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} path: |
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Push image to local storage
id: push_image
env:
IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }}
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
IMAGE_DIR: ${{ env.IMAGE_DIR }}
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Result"
echo "Image ${IMAGE_TAG} location: \"${IMAGE_DIR}/${IMAGE_TAG_ID}\""
podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}"
echo "::endgroup::"
- name: Post build image
if: ${{ success() || failure() }}
env:
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Result"
rm -rf "$GITHUB_WORKSPACE/iidfile"
echo "Removing working containers"
buildah rm -a 2>/dev/null || true
echo "Removing container data in storage not controlled by podman"
podman system prune --external 2>/dev/null
echo "Removing all unused container data with volumes"
podman system prune -a --volumes -f 2>/dev/null
echo "Reseting podman storage to default state"
podman system reset -f 2>/dev/null || true
echo "::endgroup::"
- name: Check on failures
if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }}
env:
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
run: |
echo "::group::Removing orphaned image"
rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}"
echo "::endgroup::"
build_base_database: build_base_database:
timeout-minutes: 180 timeout-minutes: 180
needs: [ "build_base", "init_build"] needs: [ "build_base", "init_build"]
@ -183,15 +322,14 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
build: [build-mysql, build-sqlite3] build: ${{ fromJson(needs.init_build.outputs.database) }}
arch: [X64, ARM64] arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
runs-on: [self-hosted, linux, "${{ matrix.arch }}"] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
permissions: permissions:
contents: read contents: read
id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 1 fetch-depth: 1
@ -202,41 +340,54 @@ jobs:
run: | run: |
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
- name: Generate tags - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
id: meta uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
uses: docker/metadata-action@v5
with: with:
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }} path: |
tags: | ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
type=sha,suffix=-${{ steps.lc.outputs.arch }} ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache@v4
with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image
id: base_build id: base_build
env: env:
MATRIX_ARCH: ${{ matrix.arch }} MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: | run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag")
echo "::group::Base build image information" echo "::group::Pull image"
echo "base_tag=${BASE_TAG}" echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\""
echo "base_build_image=${BUILD_BASE_IMAGE}" podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}"
echo "::endgroup::" echo "::endgroup::"
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT echo "::group::Tag image"
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\""
podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}"
echo "::endgroup::"
- name: Build Zabbix Build Base echo "::group::SHA256 tag"
DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}')
BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}"
echo "base_build_image=${BASE_BUILD_IMAGE}"
echo "::endgroup::"
echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT
- name: Generate tags
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
tags: |
type=sha,suffix=-${{ steps.lc.outputs.arch }}
- name: Build image
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
@ -244,28 +395,84 @@ jobs:
containerfiles: | containerfiles: |
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
extra-args: |
--iidfile=${{ github.workspace }}/iidfile
- name: Image digest - name: Prepare image metadata
id: image_metadata
env: env:
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }}
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
GITHUB_WORKSPACE: ${{ github.workspace }}
run: | run: |
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile)
echo "::group::Image digest"
echo "$DIGEST" echo "::group::Image tag"
echo "image_tag=$IMAGE_TAG"
echo "::endgroup::"
echo "::group::Image Tag ID"
echo "tag_id=$TAG_ID"
echo "::endgroup::" echo "::endgroup::"
echo "::group::Cache file name" echo "::group::Cache file name"
echo "$CACHE_FILE_NAME" echo "$CACHE_FILE_NAME"
echo "::endgroup::" echo "::endgroup::"
echo "$DIGEST" > "$CACHE_FILE_NAME" echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id"
echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag"
echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
- name: Cache image digest - name: Cache image digest
uses: actions/cache@v4 uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ matrix.build }}_${{ matrix.arch }} path: |
${{ matrix.build }}_${{ matrix.arch }}_tag_id
${{ matrix.build }}_${{ matrix.arch }}_tag
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Push image to local storage
id: push_image
env:
IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }}
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
IMAGE_DIR: ${{ env.IMAGE_DIR }}
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Result"
echo "podman push \"${IMAGE_TAG}\" dir:\"${IMAGE_DIR}/${IMAGE_TAG_ID}\""
podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}"
echo "::endgroup::"
- name: Post build image
if: ${{ success() || failure() }}
env:
GITHUB_WORKSPACE: ${{ github.workspace }}
run: |
echo "::group::Result"
rm -rf "$GITHUB_WORKSPACE/iidfile"
echo "Removing working containers"
buildah rm -a 2>/dev/null || true
echo "Removing container data in storage not controlled by podman"
podman system prune --external 2>/dev/null
echo "Removing all unused container data with volumes"
podman system prune -a --volumes -f 2>/dev/null
echo "Reseting podman storage to default state"
podman system reset -f 2>/dev/null || true
echo "::endgroup::"
- name: Check on failures
if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }}
env:
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
run: |
echo "::group::Removing orphaned image"
rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}"
echo "::endgroup::"
build_images: build_images:
timeout-minutes: 90 timeout-minutes: 90
needs: [ "build_base_database", "init_build"] needs: [ "build_base_database", "init_build"]
@ -274,79 +481,81 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
build: ${{ fromJson(needs.init_build.outputs.components) }} build: ${{ fromJson(needs.init_build.outputs.components) }}
arch: [X64, ARM64] arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
runs-on: [self-hosted, linux, "${{ matrix.arch }}"] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
permissions: permissions:
contents: read contents: read
id-token: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 1 fetch-depth: 1
- name: Fix string case - name: Variables formating
id: lc id: var_format
env: env:
ARCH: ${{ matrix.arch }} MATRIX_BUILD: ${{ matrix.build }}
run: | run: |
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT MATRIX_BUILD=${MATRIX_BUILD^^}
MATRIX_BUILD=${MATRIX_BUILD//-/_}
echo "::group::Result"
echo "matrix_build=${MATRIX_BUILD}"
echo "::endgroup::"
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
- name: Detect Build Base Image - name: Detect Build Base Image
id: build_base_image id: build_base_image
if: ${{ matrix.build != 'snmptraps' }}
env: env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }} MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }} MATRIX_FILE: ${{ env.MATRIX_FILE }}
run: | run: |
BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".build_base") BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\".base" "$MATRIX_FILE")
echo "::group::Build base image" echo "::group::Base Build Image"
echo "build_base=$BUILD_BASE" echo "$BUILD_BASE"
echo "::endgroup::" echo "::endgroup::"
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT echo "build_base=${BUILD_BASE}" >> $GITHUB_OUTPUT
- name: Generate image name - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
id: image_name if: ${{ matrix.build != 'snmptraps' }}
env: uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
run: |
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
echo "::add-mask::$IMAGE_NAME"
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
- name: Generate credentials
id: login_credentials
env:
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
MATRIX_BUILD: ${{ matrix.build }}
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
run: |
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".secret")
echo "::add-mask::$IMAGE_NAME"
echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot"
echo "::add-mask::$REGISTRY_PASSWORD"
echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
- name: Log in to Quay.io
uses: redhat-actions/podman-login@v1.6
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
env:
LOGIN: ${{ steps.login_credentials.outputs.username }}
PASSWORD: ${{ steps.login_credentials.outputs.password }}
with: with:
username: redhat-isv-containers+${{ env.LOGIN }}-robot path: |
password: ${{ env.PASSWORD }} ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id
registry: ${{ env.REGISTRY }} ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Pull ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} image
id: base_build
if: ${{ matrix.build != 'snmptraps' }}
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id")
BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag")
echo "::group::Pull image"
echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\""
podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}"
echo "::endgroup::"
echo "::group::Tag image"
echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\""
podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}"
echo "::endgroup::"
echo "::group::SHA256 tag"
DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}')
BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}"
echo "digest=${BASE_BUILD_IMAGE}"
echo "::endgroup::"
echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT
- name: Remove smartmontools - name: Remove smartmontools
if: ${{ matrix.build == 'agent2' }} if: ${{ matrix.build == 'agent2' }}
@ -357,9 +566,9 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }} images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }}
tags: | tags: |
type=semver,pattern={{version}} type=semver,pattern={{version}}
type=sha type=sha
@ -367,33 +576,9 @@ jobs:
latest=${{ github.event_name == 'release' }} latest=${{ github.event_name == 'release' }}
suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} - name: Build image
uses: actions/cache@v4
with:
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}
key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag
id: base_build
env:
MATRIX_ARCH: ${{ matrix.arch }}
BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
echo "::group::Base build image information"
echo "base_tag=${BASE_TAG}"
echo "base_build_image=${BUILD_BASE_IMAGE}"
echo "::endgroup::"
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
- name: Build ${{ matrix.build }}
id: build_image id: build_image
uses: redhat-actions/buildah-build@v2 uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
with: with:
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
layers: false layers: false
@ -405,18 +590,27 @@ jobs:
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
- name: Push to RedHat certification procedure - name: Log in to ${{ env.REGISTRY }}
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
with:
username: ${{ format('redhat-isv-containers+{0}-robot', secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)]) }}
password: ${{ secrets[format('{0}_{1}_SECRET', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
registry: ${{ env.REGISTRY }}
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
- name: Push to RedHat certification procedure (1st)
id: push_to_registry id: push_to_registry
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
with: with:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
- name: Preflight - name: Preflight certification
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
env: env:
PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} PFLT_CERTIFICATION_PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
@ -424,7 +618,7 @@ jobs:
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
run: | run: |
mkdir -p $PFLT_ARTIFACTS mkdir -p $PFLT_ARTIFACTS
echo "::group::Pull preflight image" echo "::group::Pull preflight \"$PREFLIGHT_IMAGE\" image"
podman pull "$PREFLIGHT_IMAGE" podman pull "$PREFLIGHT_IMAGE"
echo "::endgroup::" echo "::endgroup::"
@ -445,70 +639,91 @@ jobs:
podman rmi -i -f "$PREFLIGHT_IMAGE" podman rmi -i -f "$PREFLIGHT_IMAGE"
echo "::endgroup::" echo "::endgroup::"
- name: Push to RedHat certification procedure - name: Push to RedHat certification procedure (all tags)
id: push_to_registry_all_tags id: push_to_registry_all_tags
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
with: with:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
- name: Cleanup artifacts - name: Post Preflight certification
if: ${{ always() }} if: ${{ env.AUTO_PUSH_IMAGES == 'true' && (success() || failure()) }}
env: env:
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
TAGS: ${{ steps.meta.outputs.tags }}
run: | run: |
echo "::group::Post build actions" echo "::group::Result"
echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done
rm -rf "$PFLT_ARTIFACTS" rm -rf "$PFLT_ARTIFACTS"
podman rmi -i -f "$PREFLIGHT_IMAGE" podman rmi -i -f "$PREFLIGHT_IMAGE"
echo "::endgroup::" echo "::endgroup::"
clean_artifacts: - name: Post build image
if: ${{ success() || failure() }}
run: |
echo "::group::Result"
echo "Removing working containers"
buildah rm -a 2>/dev/null || true
echo "Removing container data in storage not controlled by podman"
podman system prune --external 2>/dev/null
echo "Removing all unused container data with volumes"
podman system prune -a --volumes -f 2>/dev/null
echo "Reseting podman storage to default state"
podman system reset -f 2>/dev/null || true
echo "::endgroup::"
clear_artifacts:
timeout-minutes: 90 timeout-minutes: 90
needs: [ "build_images", "init_build"] needs: [ "build_images", "init_build"]
name: Build ${{ matrix.build }} image (${{ matrix.arch }}) name: Clear ${{ matrix.build }} image cache (${{ matrix.arch }})
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
build: [build-mysql, build-sqlite3] build: ${{ fromJson(needs.init_build.outputs.database) }}
arch: [X64, ARM64] arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
runs-on: [self-hosted, linux, "${{ matrix.arch }}"] runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
if: ${{ always() && needs.build_base_database.result == 'success' }} if: ${{ needs.build_base_database.result == 'success' }}
permissions: {} permissions: {}
steps: steps:
- name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }} - name: Download metadata of ${{ matrix.build }}:${{ matrix.arch }}
uses: actions/cache@v4 uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ matrix.build }}_${{ matrix.arch }} path: |
${{ matrix.build }}_${{ matrix.arch }}_tag_id
${{ matrix.build }}_${{ matrix.arch }}_tag
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag - name: Remove ${{ matrix.build }}:${{ matrix.arch }} cache
env: env:
MATRIX_ARCH: ${{ matrix.arch }} CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
BASE_IMAGE: ${{ matrix.build }} IMAGE_DIR: ${{ env.IMAGE_DIR }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: | run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") echo "::group::Result"
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
podman rmi -i -f "$BUILD_BASE_IMAGE" BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id")
echo "Removing ${IMAGE_DIR}/${BASE_TAG}"
rm -rf "${IMAGE_DIR}/${BASE_TAG}"
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} echo "::endgroup::"
uses: actions/cache@v4
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} path: |
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} cache
- name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
env: env:
MATRIX_ARCH: ${{ matrix.arch }} CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} IMAGE_DIR: ${{ env.IMAGE_DIR }}
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
run: | run: |
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") echo "::group::Result"
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
podman rmi -i -f "$BUILD_BASE_IMAGE" BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id")
echo "Removing ${IMAGE_DIR}/${BASE_TAG}"
rm -rf "${IMAGE_DIR}/${BASE_TAG}"
echo "::endgroup::"

View File

@ -67,7 +67,7 @@ jobs:
github.com:443 github.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -155,7 +155,7 @@ jobs:
component: ${{ fromJson(needs.init_build.outputs.components) }} component: ${{ fromJson(needs.init_build.outputs.components) }}
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -169,7 +169,7 @@ jobs:
run: cosign version run: cosign version
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -190,7 +190,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_IMAGE_NAME }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_IMAGE_NAME }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -324,7 +324,7 @@ jobs:
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME $Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
- name: Cache image digest - name: Cache image digest
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }} path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -344,7 +344,7 @@ jobs:
component: ${{ fromJson(needs.init_build.outputs.components) }} component: ${{ fromJson(needs.init_build.outputs.components) }}
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -358,7 +358,7 @@ jobs:
run: cosign version run: cosign version
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -379,7 +379,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_IMAGE_NAME }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_IMAGE_NAME }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -395,7 +395,7 @@ jobs:
latest=false latest=false
- name: Download SHA256 tag of ${{ env.BASE_IMAGE_NAME }}:${{ matrix.os }} - name: Download SHA256 tag of ${{ env.BASE_IMAGE_NAME }}:${{ matrix.os }}
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }} path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -551,7 +551,7 @@ jobs:
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME $Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
- name: Cache image digest - name: Cache image digest
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }} path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
@ -571,7 +571,7 @@ jobs:
component: ${{ fromJson(needs.init_build.outputs.components) }} component: ${{ fromJson(needs.init_build.outputs.components) }}
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
fetch-depth: 1 fetch-depth: 1
@ -585,7 +585,7 @@ jobs:
run: cosign version run: cosign version
- name: Login to DockerHub - name: Login to DockerHub
uses: docker/login-action@v3 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
@ -606,7 +606,7 @@ jobs:
- name: Generate tags - name: Generate tags
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }} images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
@ -622,7 +622,7 @@ jobs:
latest=false latest=false
- name: Download SHA256 tag of ${{ env.BASE_BUILD_IMAGE_NAME }}:${{ matrix.os }} - name: Download SHA256 tag of ${{ env.BASE_BUILD_IMAGE_NAME }}:${{ matrix.os }}
uses: actions/cache@v4 uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with: with:
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }} path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }} key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}

View File

@ -32,13 +32,18 @@ jobs:
# actions: read # actions: read
steps: steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: "Checkout code" - name: "Checkout code"
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
persist-credentials: false persist-credentials: false
- name: "Run analysis" - name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
@ -60,7 +65,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab. # format to the repository Actions tab.
- name: "Upload artifact" - name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
@ -68,6 +73,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard. # Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning" - name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1
with: with:
sarif_file: results.sarif sarif_file: results.sarif

79
.github/workflows/sonarcloud.yml vendored Normal file
View File

@ -0,0 +1,79 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow helps you trigger a SonarCloud analysis of your code and populates
# GitHub Code Scanning alerts with the vulnerabilities found.
# Free for open source project.
# 1. Login to SonarCloud.io using your GitHub account
# 2. Import your project on SonarCloud
# * Add your GitHub organization first, then add your repository as a new project.
# * Please note that many languages are eligible for automatic analysis,
# which means that the analysis will start automatically without the need to set up GitHub Actions.
# * This behavior can be changed in Administration > Analysis Method.
#
# 3. Follow the SonarCloud in-product tutorial
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
#
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
# (On SonarCloud, click on your avatar on top-right > My account > Security
# or go directly to https://sonarcloud.io/account/security/)
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
name: SonarCloud analysis
on:
push:
branches: [ "6.4" ]
pull_request:
branches: [ "6.4" ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
jobs:
Analysis:
runs-on: ubuntu-latest
steps:
- name: Block egress traffic
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # v2.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=zabbix_zabbix-docker
-Dsonar.organization=zabbix
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false

41
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,41 @@
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.16.3
hooks:
- id: gitleaks
- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 3.0.0
hooks:
- id: shellcheck
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: end-of-file-fixer
exclude: |
(?x)(
^env_vars/\.MYSQL |
^env_vars/\.POSTGRES
)
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
exclude: |
(?x)(
.*\.patch$
)
- id: check-yaml
args: [--allow-multiple-documents]
- id: check-symlinks
# - id: pretty-format-json
- id: check-added-large-files
#- repo: https://github.com/adrienverge/yamllint.git
# rev: v1.21.0 # or higher tag
# hooks:
# - id: yamllint
# args: [--format, parsable, --strict]
#- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
# rev: 0.2.3
# hooks:
# - id: yamlfmt
# args: [--mapping, '2', --sequence, '1', --offset, '0', --colons, --width, '400']

View File

@ -58,7 +58,7 @@ RUN set -eux && \
shadow-utils \ shadow-utils \
pcre \ pcre \
libcurl" && \ libcurl" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \ microdnf -y install \

View File

@ -40,7 +40,7 @@ function Update-Config-Var {
if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) {
throw "**** Configuration file '$ConfigPath' does not exist" throw "**** Configuration file '$ConfigPath' does not exist"
} }
if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) {
Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..."
} }
@ -50,12 +50,12 @@ function Update-Config-Var {
if ([string]::IsNullOrWhitespace($VarValue)) { if ([string]::IsNullOrWhitespace($VarValue)) {
if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) {
(Get-Content $ConfigPath) | (Get-Content $ConfigPath) |
Where-Object {$_ -notmatch "^$VarName=" } | Where-Object {$_ -notmatch "^$VarName=" } |
Set-Content $ConfigPath Set-Content $ConfigPath
} }
Write-Host "removed" Write-Host "removed"
return return
} }
@ -64,7 +64,7 @@ function Update-Config-Var {
Write-Host "undefined" Write-Host "undefined"
return return
} }
if ($VarName -match '^TLS.*File$') { if ($VarName -match '^TLS.*File$') {
$VarValue="$ZabbixUserHomeDir\enc\$VarValue" $VarValue="$ZabbixUserHomeDir\enc\$VarValue"
} }
@ -75,7 +75,7 @@ function Update-Config-Var {
Write-Host updated Write-Host updated
} }
elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) {
(Get-Content $ConfigPath) | (Get-Content $ConfigPath) |
Foreach-Object { Foreach-Object {
$_ $_
if ($_ -match "^[#;] $VarName=") { if ($_ -match "^[#;] $VarName=") {

View File

@ -60,7 +60,7 @@ RUN set -eux && \
smartmontools \ smartmontools \
sudo \ sudo \
libcurl" && \ libcurl" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \ microdnf -y install \

View File

@ -40,7 +40,7 @@ function Update-Config-Var {
if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) {
throw "**** Configuration file '$ConfigPath' does not exist" throw "**** Configuration file '$ConfigPath' does not exist"
} }
if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) {
Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..."
} }
@ -50,12 +50,12 @@ function Update-Config-Var {
if ([string]::IsNullOrWhitespace($VarValue)) { if ([string]::IsNullOrWhitespace($VarValue)) {
if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) {
(Get-Content $ConfigPath) | (Get-Content $ConfigPath) |
Where-Object {$_ -notmatch "^$VarName=" } | Where-Object {$_ -notmatch "^$VarName=" } |
Set-Content $ConfigPath Set-Content $ConfigPath
} }
Write-Host "removed" Write-Host "removed"
return return
} }
@ -64,7 +64,7 @@ function Update-Config-Var {
Write-Host "undefined" Write-Host "undefined"
return return
} }
if ($VarName -match '^TLS.*File$') { if ($VarName -match '^TLS.*File$') {
$VarValue="$ZabbixUserHomeDir\enc\$VarValue" $VarValue="$ZabbixUserHomeDir\enc\$VarValue"
} }
@ -75,7 +75,7 @@ function Update-Config-Var {
Write-Host updated Write-Host updated
} }
elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) {
(Get-Content $ConfigPath) | (Get-Content $ConfigPath) |
Foreach-Object { Foreach-Object {
$_ $_
if ($_ -match "^[#;] $VarName=") { if ($_ -match "^[#;] $VarName=") {

View File

@ -82,7 +82,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \ rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -76,7 +76,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \ rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -63,7 +63,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \ rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -86,7 +86,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \ rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -82,7 +82,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \ rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -82,7 +82,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \ rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -76,7 +76,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \ rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -63,7 +63,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \ rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -82,7 +82,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \ rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -72,7 +72,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \ make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -66,7 +66,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \ make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -53,7 +53,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \ make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -76,7 +76,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \ make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -72,7 +72,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \ make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \ mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

View File

@ -113,7 +113,7 @@ This variable is port Zabbix server listening on. By default, value is `10051`.
This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server' This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'
### `DB_SERVER_PORT` ### `DB_SERVER_PORT`
This variable is port of MySQL server. By default, value is '3306'. This variable is port of MySQL server. By default, value is '3306'.
### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE` ### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`

View File

@ -73,7 +73,7 @@ RUN set -eux && \
pcre \ pcre \
gzip \ gzip \
unixODBC" && \ unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \ microdnf -y module enable mysql && \

View File

@ -70,7 +70,7 @@ RUN set -eux && \
pcre \ pcre \
sqlite-libs \ sqlite-libs \
unixODBC" && \ unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y install \ microdnf -y install \

View File

@ -74,7 +74,7 @@ RUN set -eux && \
pcre \ pcre \
gzip \ gzip \
unixODBC" && \ unixODBC" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \ microdnf -y module enable mysql && \

View File

@ -331,7 +331,7 @@ apply_db_scripts() {
} }
create_db_schema_postgresql() { create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then

View File

@ -331,7 +331,7 @@ apply_db_scripts() {
} }
create_db_schema_postgresql() { create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then

View File

@ -331,7 +331,7 @@ apply_db_scripts() {
} }
create_db_schema_postgresql() { create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then

View File

@ -331,7 +331,7 @@ apply_db_scripts() {
} }
create_db_schema_postgresql() { create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -1,3 +1,3 @@
<IfModule !mpm_netware_module> <IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid" PidFile "/tmp/httpd.pid"
</IfModule> </IfModule>

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -1,3 +1,3 @@
<IfModule !mpm_netware_module> <IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid" PidFile "/tmp/httpd.pid"
</IfModule> </IfModule>

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -104,7 +104,7 @@ RUN set -eux && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR /usr/share/zabbix
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -1,3 +1,3 @@
<IfModule !mpm_netware_module> <IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid" PidFile "/tmp/httpd.pid"
</IfModule> </IfModule>

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -1,3 +1,3 @@
<IfModule !mpm_netware_module> <IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid" PidFile "/tmp/httpd.pid"
</IfModule> </IfModule>

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -66,7 +66,7 @@ RUN set -eux && \
php-mbstring \ php-mbstring \
php-mysqlnd \ php-mysqlnd \
php-xml" && \ php-xml" && \
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \ curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \ rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \ rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
microdnf -y module enable mysql && \ microdnf -y module enable mysql && \

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -17,20 +17,20 @@ $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication. // Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); }
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

View File

@ -1,9 +1,10 @@
![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) ![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png)
[![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=release)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker)
[![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml) <a href="https://bestpractices.coreinfrastructure.org/projects/8395" style="display: inline;"><img src="https://bestpractices.coreinfrastructure.org/projects/8395/badge" style="display: inline;"></a>
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker)
[![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=5.0&event=release)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml) [![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml)
[![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml) [![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml)
# What is Zabbix? # What is Zabbix?

32
SECURITY.md Normal file
View File

@ -0,0 +1,32 @@
# Disclosure policy
In Zabbix we use the term "**responsible disclosure**", which means we have a policy on how we are disclosing all security issues that come to our attention, but only after the issues has been resolved and all customers with support contracts are given time to upgrade or patch their installations.
We kindly ask that when you are reporting a security issue, you follow the same guidelines and share the details only with the Zabbix Security team.
# Before reporting the issue:
Make sure that the issue you are submitting is not related to server configuration, 3rd party scripts and utilities. In order to avoid any possible issues with server configuration we advise Zabbix users to read [Best practices for secure Zabbix setup](https://www.zabbix.com/documentation/current/manual/installation/requirements/best_practices).
# How to report a security issue?
[Create a new issue](https://support.zabbix.com/secure/CreateIssue.jspa) in the Zabbix Security Reports (ZBXSEC) section of the public bug tracker describing the problem (and a proposed solution if possible) in detail. This way we can ensure that only Zabbix security team and the reporter have access to the case.
The following information will be helpful for Zabbix Security team:
- Date and time when you identified the security defect.
- Affected Zabbix version range.
- Type of security issue you are reporting, e.g.: XSS, CSRF, SQLi, RCE.
- Affected components, e.g.: Image, Frontend, Server, Agent, API.
- Any details you can provide, e.g. screenshots, screen recordings, http(s) transaction logs, POC exploits (please do not share any evidence via unauthenticated file sharing services and avoid sharing sensitive information, as if Zabbix Security team decides that this issue does not fit Security defect description it might be moved to ZBX project and the issue will be visible to all users).
- Step by step instructions to reproduce the issue as the problem might not be easily identifiable.
# How Zabbix deals with reported security issues:
1. Zabbix Security team reviews the issue and evaluates its potential impact.
2. If the security issue is found not to be related to security then the issue will be moved to ZBX project.
3. Zabbix security team works on the issue to provide a solution and keeps all details on the problem until the next version of Zabbix is out.
4. New images are created and made available for download on [https://www.zabbix.com/container_images](https://www.zabbix.com/container_images), [https://hub.docker.com/u/zabbix](http://hub.docker.com/r/zabbix/) and [Red Hat Certified Container Catalog](https://catalog.redhat.com/software/containers/search?vendor_name=Zabbix%20Sia&p=1)
5. Zabbix requests [CVE identifiers](https://cve.mitre.org/) for the security issue.
6. Clients with valid support agreements are emailed giving a period of time when it is possible to upgrade before the issue becomes known to the public.
7. A public announcement for the community is made.

View File

@ -6,38 +6,41 @@
"linux/arm64", "linux/arm64",
"linux/s390x" "linux/s390x"
], ],
"ol": [
"linux/amd64",
"linux/arm64"
],
"ubuntu": [
"linux/amd64",
"linux/arm/v7",
"linux/arm64",
"linux/s390x"
],
"centos": [ "centos": [
"linux/amd64", "linux/amd64",
"linux/arm64", "linux/arm64",
"linux/ppc64le" "linux/ppc64le"
],
"ol": [
"linux/amd64",
"linux/arm64"
],
"rhel": [
"X64"
],
"ubuntu": [
"linux/amd64",
"linux/arm/v7",
"linux/arm64",
"linux/s390x"
] ]
}, },
"os-windows": { "os-windows": {
"windows-2022": "ltsc2022", "windows-2019": "ltsc2019",
"windows-2019": "ltsc2019" "windows-2022": "ltsc2022"
}, },
"components": { "components": {
"agent": "build-mysql", "agent": { "base": "build-mysql", "rhel": true },
"agent2": "build-mysql", "agent2": { "base": "build-mysql", "rhel": true },
"java-gateway": "build-mysql", "java-gateway": { "base": "build-mysql", "rhel": true },
"proxy-mysql": "build-mysql", "proxy-mysql": { "base": "build-mysql", "rhel": true },
"proxy-sqlite3": "build-sqlite3", "proxy-sqlite3": { "base": "build-sqlite3", "rhel": true },
"server-mysql": "build-mysql", "server-mysql": { "base": "build-mysql", "rhel": true },
"server-pgsql": "build-pgsql", "server-pgsql": { "base": "build-pgsql", "rhel": false },
"snmptraps": "", "snmptraps": { "base": "", "rhel": true },
"web-apache-mysql": "build-mysql", "web-apache-mysql": { "base": "build-mysql", "rhel": false },
"web-apache-pgsql": "build-pgsql", "web-apache-pgsql": { "base": "build-pgsql", "rhel": false },
"web-nginx-mysql": "build-mysql", "web-nginx-mysql": { "base": "build-mysql", "rhel": true },
"web-nginx-pgsql": "build-mysql" "web-nginx-pgsql": { "base": "build-mysql", "rhel": false }
} }
} }

View File

@ -1,2 +1,2 @@
CREATE DATABASE IF NOT EXISTS `zabbix_proxy`; CREATE DATABASE IF NOT EXISTS `zabbix_proxy`;
GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%'; GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%';

View File

@ -586,12 +586,6 @@ spec:
periodSeconds: 5 periodSeconds: 5
timeoutSeconds: 3 timeoutSeconds: 3
failureThreshold: 40 failureThreshold: 40
livenessProbe:
tcpSocket:
port: 10051
timeoutSeconds: 3
failureThreshold: 3
periodSeconds: 10
securityContext: securityContext:
capabilities: {} capabilities: {}
privileged: false privileged: false