diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE index 337bf9058..a57b6ed28 100644 --- a/.github/ISSUE_TEMPLATE +++ b/.github/ISSUE_TEMPLATE @@ -34,4 +34,4 @@ ```paste below -``` \ No newline at end of file +``` diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py new file mode 100644 index 000000000..085285611 --- /dev/null +++ b/.github/scripts/rhel_description.py @@ -0,0 +1,48 @@ +import sys +import requests +import json +import markdown +import os + +repository_description = None + +if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0): + print("::error::Description file environment variable is not specified") + sys.exit(1) +if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0): + print("::error::API token environment variable is not specified") + sys.exit(1) +if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0): + print("::error::API URL environment variable is not specified") + sys.exit(1) +if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0): + print("RedHat project ID environment variable is not specified") + sys.exit(1) + +if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): + file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r') + repository_description = file.read() + file.close() +elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')): + file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r') + markdown_data = file.read() + file.close() + repository_description=markdown.markdown(markdown_data) + +if (repository_description is None or len(repository_description) == 0): + print("::error::No description file found") + sys.exit(1) + +data = dict() +data['container'] = dict() +data['container']['repository_description'] = repository_description[:32768] + +headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} +result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], + headers = headers, + data = json.dumps(data)) + +print("::group::Result") +print("Response code: " + str(result.status_code)) +print("Last update date: " + json.loads(result.content)['last_update_date']) +print("::endgroup::") diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 62b6f9151..7c40ff1d6 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,6 +11,7 @@ on: [pull_request] permissions: contents: read + pull-requests: write jobs: dependency-review: @@ -28,4 +29,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2 diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index 7b997705e..ff816205a 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -28,7 +28,7 @@ permissions: env: TRUNK_ONLY_EVENT: ${{ contains(fromJSON('["schedule"]'), github.event_name) }} - AUTO_PUSH_IMAGES: ${{ vars.AUTO_PUSH_IMAGES }} + AUTO_PUSH_IMAGES: ${{ ! contains(fromJSON('["workflow_dispatch"]'), github.event_name) && vars.AUTO_PUSH_IMAGES }} DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} LATEST_BRANCH: ${{ github.event.repository.default_branch }} @@ -36,12 +36,17 @@ env: IMAGES_PREFIX: "zabbix-" BASE_BUILD_NAME: "build-base" + BASE_CACHE_FILE_NAME: "base_image_metadata.json" + BUILD_CACHE_FILE_NAME: "base_build_image_metadata.json" MATRIX_FILE: "build.json" DOCKERFILES_DIRECTORY: "./Dockerfiles" OIDC_ISSUER: "https://token.actions.githubusercontent.com" - IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" + IDENTITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" + + DOCKER_REGISTRY_TEST: "ghcr.io" + DOCKER_REPOSITORY_TEST: "zabbix" jobs: init_build: @@ -63,7 +68,9 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + api.github.com:443 github.com:443 + objects.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -163,6 +170,7 @@ jobs: permissions: contents: read id-token: write + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -193,6 +201,7 @@ jobs: ftpmirror.your.org:80 fulcio.sigstore.dev:443 github.com:443 + ghcr.io:443 iad.mirror.rackspace.com:443 iad.mirror.rackspace.com:80 index.docker.io:443 @@ -251,6 +260,7 @@ jobs: uvermont.mm.fcix.net:443 yum.oracle.com:443 ziply.mm.fcix.net:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -259,11 +269,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -277,12 +289,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -302,37 +308,85 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, env.BASE_BUILD_NAME ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, env.BASE_BUILD_NAME ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + + - name: Prepare cache data + id: cache_data + env: + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + PUBLISH_IMAGES: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + run: | + cache_from=() + cache_to=() + + cache_from+=("type=gha,scope=${IMAGE_TAG}") + #cache_from+=("type=registry,ref=${IMAGE_TAG}") + + cache_to+=("type=gha,mode=max,scope=${IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" + echo "::endgroup::" + + echo "::group::Cache to data" + echo "${cache_to[*]}" + echo "::endgroup::" + + cache_from=$(printf '%s\n' "${cache_from[@]}") + cache_to=$(printf '%s\n' "${cache_to[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + echo 'cache_to<> "$GITHUB_OUTPUT" + echo "$cache_to" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to ${{ env.DOCKER_REGISTRY_TEST }} + if: ${{ env.AUTO_PUSH_IMAGES != 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.DOCKER_REGISTRY_TEST }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and publish image id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: true tags: ${{ steps.meta.outputs.tags }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: | - type=gha,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} - type=registry,ref=docker.io/${{ fromJSON(steps.meta.outputs.json).tags[0] }} - cache-to: type=gha,mode=max,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} + cache-from: ${{ steps.cache_data.outputs.cache_from }} + cache-to: ${{ steps.cache_data.outputs.cache_to }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -351,24 +405,24 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" echo "::group::Cache file name" - echo "$CACHE_FILE_NAME" + echo "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "${METADATA}" > "$CACHE_FILE_NAME" - - name: Cache image digest + - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + path: ${{ env.BASE_CACHE_FILE_NAME }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} build_base_database: @@ -380,11 +434,11 @@ jobs: matrix: build: ${{ fromJson(needs.init_build.outputs.database) }} os: ${{ fromJson(needs.init_build.outputs.os) }} - runs-on: ubuntu-latest permissions: contents: read id-token: write + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -401,6 +455,7 @@ jobs: golang.org:443 google.golang.org:443 gopkg.in:443 + ghcr.io:443 index.docker.io:443 noto-website.storage.googleapis.com:443 production.cloudflare.docker.com:443 @@ -412,6 +467,7 @@ jobs: objects.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 rekor.sigstore.dev:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -420,11 +476,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -438,12 +496,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -463,82 +515,127 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + path: ${{ env.BASE_CACHE_FILE_NAME }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} - - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} SHA256 tag + - name: Process ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} image metadata id: base_build env: - MATRIX_OS: ${{ matrix.os }} - DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_OS}") - BUILD_BASE_IMAGE="${DOCKER_REPOSITORY}/${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::group::Base image metadata" + cat "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + IMAGE_DIGEST=$(jq -r '."containerimage.digest"' "${CACHE_FILE_NAME}") + IMAGE_NAME=$(jq -r '."image.name"' "${CACHE_FILE_NAME}" | cut -d: -f1) + + echo "base_build_image=${IMAGE_NAME}@${IMAGE_DIGEST}" >> $GITHUB_OUTPUT - name: Verify ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} - IDENITY_REGEX: ${{ env.IDENITY_REGEX }} + IDENTITY_REGEX: ${{ env.IDENTITY_REGEX }} run: | echo "::group::Image sign data" echo "OIDC issuer=$OIDC_ISSUER" - echo "Identity=$IDENITY_REGEX" + echo "Identity=$IDENTITY_REGEX" echo "Image to verify=$BASE_IMAGE" echo "::endgroup::" echo "::group::Verify signature" cosign verify \ --certificate-oidc-issuer-regexp "$OIDC_ISSUER" \ - --certificate-identity-regexp "$IDENITY_REGEX" \ + --certificate-identity-regexp "$IDENTITY_REGEX" \ "$BASE_IMAGE" echo "::endgroup::" + - name: Prepare cache data + id: cache_data + env: + BASE_IMAGE_TAG: ${{ steps.base_build.outputs.base_build_image }} + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + PUBLISH_IMAGES: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + run: | + cache_from=() + cache_to=() + + cache_from+=("type=gha,scope=${BASE_IMAGE_TAG}") + cache_from+=("type=registry,ref=${BASE_IMAGE_TAG}") + cache_from+=("type=gha,scope=${IMAGE_TAG}") + cache_from+=("type=registry,ref=${IMAGE_TAG}") + + cache_to+=("type=gha,mode=max,scope=${IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" + echo "::endgroup::" + + echo "::group::Cache to data" + echo "${cache_to[*]}" + echo "::endgroup::" + + cache_from=$(printf '%s\n' "${cache_from[@]}") + cache_to=$(printf '%s\n' "${cache_to[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + echo 'cache_to<> "$GITHUB_OUTPUT" + echo "$cache_to" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to ${{ env.DOCKER_REGISTRY_TEST }} + if: ${{ env.AUTO_PUSH_IMAGES != 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.DOCKER_REGISTRY_TEST }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build ${{ matrix.build }}/${{ matrix.os }} and push id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}/', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: true tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: | - type=gha,scope=${{ steps.base_build.outputs.base_build_image }} - type=registry,ref=${{ steps.base_build.outputs.base_build_image }} - cache-to: type=gha,mode=max,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -557,23 +654,24 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.os }} + CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" echo "::group::Cache file name" - echo "$CACHE_FILE_NAME" + echo "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "$DIGEST" > $CACHE_FILE_NAME - - name: Caching SHA256 tag of the image + echo "${METADATA}" > "$CACHE_FILE_NAME" + + - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.os }} + path: ${{ env.BUILD_CACHE_FILE_NAME }} key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }} build_images: @@ -590,6 +688,7 @@ jobs: permissions: contents: read id-token: write + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -670,6 +769,7 @@ jobs: pubmirror1.math.uh.edu:443 pubmirror3.math.uh.edu:80 quay.io:443 + ghcr.io:443 registry-1.docker.io:443 repo.ialab.dsu.edu:80 repos.eggycrew.com:80 @@ -708,6 +808,7 @@ jobs: objects.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 rekor.sigstore.dev:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -716,11 +817,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -734,12 +837,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -788,98 +885,107 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} + - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 if: ${{ matrix.build != 'snmptraps' }} with: - path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }} + path: ${{ env.BUILD_CACHE_FILE_NAME }} key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.os }}-${{ github.run_id }} - - name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} SHA256 tag + - name: Process ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} image metadata id: base_build if: ${{ matrix.build != 'snmptraps' }} env: - BUILD_BASE: ${{ steps.build_base_image.outputs.build_base }} - MATRIX_OS: ${{ matrix.os }} - DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} run: | - BASE_TAG=$(cat "${BUILD_BASE}_${MATRIX_OS}") - BUILD_BASE_IMAGE=${DOCKER_REPOSITORY}/${IMAGES_PREFIX}${BUILD_BASE}@${BASE_TAG} - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::group::Base build image metadata" + cat "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + IMAGE_DIGEST=$(jq -r '."containerimage.digest"' "${CACHE_FILE_NAME}") + IMAGE_NAME=$(jq -r '."image.name"' "${CACHE_FILE_NAME}" | cut -d: -f1) + + echo "base_build_image=${IMAGE_NAME}@${IMAGE_DIGEST}" >> $GITHUB_OUTPUT - name: Verify ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} cosign - if: ${{ matrix.build != 'snmptraps' }} + if: ${{ matrix.build != 'snmptraps' && env.AUTO_PUSH_IMAGES == 'true' }} env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} - IDENITY_REGEX: ${{ env.IDENITY_REGEX }} + IDENTITY_REGEX: ${{ env.IDENTITY_REGEX }} run: | echo "::group::Image sign data" - echo "OIDC issuer=$OIDC_ISSUER" - echo "Identity=$IDENITY_REGEX" - echo "Image to verify=$BASE_IMAGE" + echo "OIDC issuer=${OIDC_ISSUER}" + echo "Identity=${IDENTITY_REGEX}" + echo "Image to verify=${BASE_IMAGE}" echo "::endgroup::" echo "::group::Verify signature" cosign verify \ - --certificate-oidc-issuer-regexp "$OIDC_ISSUER" \ - --certificate-identity-regexp "$IDENITY_REGEX" \ - "$BASE_IMAGE" + --certificate-oidc-issuer-regexp "${OIDC_ISSUER}" \ + --certificate-identity-regexp "${IDENTITY_REGEX}" \ + "${BASE_IMAGE}" echo "::endgroup::" - name: Prepare cache data + if: ${{ matrix.build != 'snmptraps' }} id: cache_data env: BASE_IMAGE_TAG: ${{ steps.base_build.outputs.base_build_image }} run: | - cache_images="" - if [[ ! -z "$BASE_IMAGE_TAG" ]]; then - cache_images="type=gha,scope=$BASE_IMAGE_TAG"$'\n'"type=registry,ref=$BASE_IMAGE_TAG" - fi + cache_from=() + cache_to=() - echo "::group::Base images cache" - echo "$cache_images" + cache_from+=("type=registry,ref=${BASE_IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" echo "::endgroup::" - echo "cache_from=$cache_images" >> $GITHUB_OUTPUT + cache_from=$(printf '%s\n' "${cache_from[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push image id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: ${{ env.AUTO_PUSH_IMAGES == 'true' }} tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: ${{ steps.cache_data.outputs.cache_from }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -898,10 +1004,11 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: - DIGEST: ${{ steps.docker_build.outputs.digest }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 465fb212b..6f84de1e1 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -29,7 +29,8 @@ permissions: contents: read env: - AUTO_PUSH_IMAGES: ${{ contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name) && 'false' || vars.AUTO_PUSH_IMAGES }} + TRUNK_ONLY_EVENT: ${{ contains(fromJSON('["schedule"]'), github.event_name) }} + AUTO_PUSH_IMAGES: ${{ ! contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name) && vars.AUTO_PUSH_IMAGES }} LATEST_BRANCH: ${{ github.event.repository.default_branch }} TRUNK_GIT_BRANCH: "refs/heads/trunk" @@ -47,6 +48,9 @@ env: PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable" PFLT_LOGLEVEL: "warn" PFLT_ARTIFACTS: "/tmp/artifacts" + IMAGE_DIR: "/tmp/images" + + RHEL_BUILD: "true" jobs: init_build: @@ -54,8 +58,10 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + actions: write outputs: platforms: ${{ steps.platform_list.outputs.list }} + database: ${{ steps.database.outputs.list }} components: ${{ steps.components.outputs.list }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }} @@ -68,12 +74,15 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + api.github.com:443 github.com:443 + objects.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 + sparse-checkout: ${{ env.MATRIX_FILE }} - name: Check ${{ env.MATRIX_FILE }} file id: build_exists @@ -98,12 +107,25 @@ jobs: echo "list=$platform_list" >> $GITHUB_OUTPUT + - name: Prepare Database engine list + id: database + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + database_list=$(jq -r '[.components | map_values(select(.rhel == true)) | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE") + + echo "::group::Database List" + echo "$database_list" + echo "::endgroup::" + + echo "list=$database_list" >> $GITHUB_OUTPUT + - name: Prepare Zabbix component list id: components env: MATRIX_FILE: ${{ env.MATRIX_FILE }} run: | - component_list=$(jq -r '.components |map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") + component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") echo "::group::Zabbix Component List" echo "$component_list" @@ -131,7 +153,7 @@ jobs: result=true fi - echo "::group::Branch data" + echo "::group::Branch metadata" echo "is_default_branch - $result" echo "current_branch - $github_ref" echo "secret_prefix=RHEL_${github_ref//.}" @@ -143,7 +165,27 @@ jobs: echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT echo "sha_short=$sha_short" >> $GITHUB_OUTPUT + - name: Cleanup existing cache + shell: bash + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ github.repository }} + BRANCH: ${{ steps.branch_info.outputs.current_branch }} + GH_RUN_ID: ${{ github.run_id }} + run: | + gh extension install actions/gh-actions-cache + cache_keys=$(gh actions-cache list -R "${REPO}" -B "${BRANCH}" -L 100 --sort created-at --order desc | cut -f 1) + + ## Setting this to not fail the workflow while deleting cache keys + set +e + echo "Deleting caches..." + for cache_key in $cache_keys + do + if [[ "$cache_key" == *"${GH_RUN_ID}" ]]; then + gh actions-cache delete $cache_key -R "${REPO}" -B "${BRANCH}" --confirm + fi + done build_base: timeout-minutes: 30 @@ -164,11 +206,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Fix string case @@ -186,52 +230,106 @@ jobs: tags: | type=sha,suffix=-${{ steps.lc.outputs.arch }} - - name: Build Zabbix Build Base + - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile extra-args: | --pull + --iidfile=${{ github.workspace }}/iidfile - - name: Image digest + - name: Image metadata + id: image_metadata env: - IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + GITHUB_WORKSPACE: ${{ github.workspace }} run: | - DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) - echo "::group::Image digest" - echo "$DIGEST" + TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile) + + echo "::group::Image tag" + echo "image_tag=$IMAGE_TAG" + echo "::endgroup::" + echo "::group::Image Tag ID" + echo "tag_id=$TAG_ID" echo "::endgroup::" echo "::group::Cache file name" echo "$CACHE_FILE_NAME" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id" + echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag" - - name: Cache image digest - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT + echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT + + - name: Cache image metadata + uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + - name: Push image to local storage + id: push_image + env: + IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + run: | + echo "::group::Result" + echo "Image ${IMAGE_TAG} location: \"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" + podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + + - name: Post build image + if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + + rm -rf "$GITHUB_WORKSPACE/iidfile" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + - name: Check on failures + if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} + env: + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + run: | + echo "::group::Removing orphaned image" + rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + build_base_database: - timeout-minutes: 180 + timeout-minutes: 90 needs: [ "build_base", "init_build"] name: Build ${{ matrix.build }} base (${{ matrix.arch }}) strategy: fail-fast: false matrix: - build: [build-mysql, build-sqlite3] + build: ${{ fromJson(needs.init_build.outputs.database) }} arch: ${{ fromJson(needs.init_build.outputs.platforms) }} runs-on: [self-hosted, linux, "${{ matrix.arch }}"] permissions: contents: read - id-token: write steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -245,6 +343,43 @@ jobs: run: | echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag + key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image from local storage + id: base_build + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id") + BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag") + + echo "::group::Pull image" + echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\"" + podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}" + echo "::endgroup::" + + echo "::group::Tag image" + echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\"" + podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}" + echo "::endgroup::" + + echo "::group::SHA256 tag" + DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}') + BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}" + + echo "base_build_image=${BASE_BUILD_IMAGE}" + echo "::endgroup::" + + echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT + - name: Generate tags id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 @@ -253,64 +388,96 @@ jobs: tags: | type=sha,suffix=-${{ steps.lc.outputs.arch }} - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} - key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag - id: base_build - env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} - run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" - echo "::endgroup::" - - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT - - - name: Build Zabbix Build Base + - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} + extra-args: | + --iidfile=${{ github.workspace }}/iidfile - - name: Image digest + - name: Prepare image metadata + id: image_metadata env: - IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} + GITHUB_WORKSPACE: ${{ github.workspace }} run: | - DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) - echo "::group::Image digest" - echo "$DIGEST" + TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile) + + echo "::group::Image tag" + echo "image_tag=$IMAGE_TAG" + echo "::endgroup::" + echo "::group::Image Tag ID" + echo "tag_id=$TAG_ID" echo "::endgroup::" echo "::group::Cache file name" echo "$CACHE_FILE_NAME" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id" + echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag" - - name: Cache image digest - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT + echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT + + - name: Cache image metadata + uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.arch }} + path: | + ${{ matrix.build }}_${{ matrix.arch }}_tag_id + ${{ matrix.build }}_${{ matrix.arch }}_tag key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} + - name: Push image to local storage + id: push_image + env: + IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + run: | + echo "::group::Result" + echo "podman push \"${IMAGE_TAG}\" dir:\"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" + podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + + - name: Post build image + if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + + rm -rf "$GITHUB_WORKSPACE/iidfile" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + - name: Check on failures + if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} + env: + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + run: | + echo "::group::Removing orphaned image" + rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + build_images: - timeout-minutes: 90 + timeout-minutes: 30 needs: [ "build_base_database", "init_build"] name: Build ${{ matrix.build }} image (${{ matrix.arch }}) strategy: @@ -321,7 +488,6 @@ jobs: runs-on: [self-hosted, linux, "${{ matrix.arch }}"] permissions: contents: read - id-token: write steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -335,6 +501,7 @@ jobs: run: | MATRIX_BUILD=${MATRIX_BUILD^^} MATRIX_BUILD=${MATRIX_BUILD//-/_} + echo "::group::Result" echo "matrix_build=${MATRIX_BUILD}" echo "::endgroup::" @@ -342,6 +509,7 @@ jobs: - name: Detect Build Base Image id: build_base_image + if: ${{ matrix.build != 'snmptraps' }} env: MATRIX_BUILD: ${{ matrix.build }} MATRIX_FILE: ${{ env.MATRIX_FILE }} @@ -354,6 +522,44 @@ jobs: echo "build_base=${BUILD_BASE}" >> $GITHUB_OUTPUT + - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} + if: ${{ matrix.build != 'snmptraps' }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + path: | + ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id + ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag + key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Pull ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} image + id: base_build + if: ${{ matrix.build != 'snmptraps' }} + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id") + BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag") + + echo "::group::Pull image" + echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\"" + podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}" + echo "::endgroup::" + + echo "::group::Tag image" + echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\"" + podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}" + echo "::endgroup::" + + echo "::group::SHA256 tag" + DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}') + BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}" + echo "digest=${BASE_BUILD_IMAGE}" + echo "::endgroup::" + + echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT + - name: Remove smartmontools if: ${{ matrix.build == 'agent2' }} env: @@ -365,7 +571,7 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} + images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }} tags: | type=semver,pattern={{version}} type=sha @@ -373,37 +579,11 @@ jobs: latest=${{ github.event_name == 'release' }} suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true - - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} - if: ${{ matrix.build != 'snmptraps' }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }} - key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag - id: base_build - if: ${{ matrix.build != 'snmptraps' }} - env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} - run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" - echo "::endgroup::" - - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT - - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} labels: | @@ -411,9 +591,12 @@ jobs: org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} containerfiles: | ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile + extra-args: | + --pull + --iidfile=${{ github.workspace }}/iidfile build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} - - name: Log in to Quay.io + - name: Log in to ${{ env.REGISTRY }} uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6 if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} with: @@ -429,7 +612,7 @@ jobs: with: tags: ${{ steps.meta.outputs.tags }} - - name: Preflight + - name: Preflight certification if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} @@ -441,7 +624,7 @@ jobs: PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} run: | mkdir -p $PFLT_ARTIFACTS - echo "::group::Pull preflight image" + echo "::group::Pull preflight \"$PREFLIGHT_IMAGE\" image" podman pull "$PREFLIGHT_IMAGE" echo "::endgroup::" @@ -462,70 +645,104 @@ jobs: podman rmi -i -f "$PREFLIGHT_IMAGE" echo "::endgroup::" - - name: Push to RedHat certification procedure (2nd) + - name: Push to RedHat certification procedure (all tags) id: push_to_registry_all_tags if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1 with: tags: ${{ steps.meta.outputs.tags }} - - name: Cleanup artifacts - if: ${{ always() }} + - name: Post Preflight certification + if: ${{ env.AUTO_PUSH_IMAGES == 'true' && (success() || failure()) }} env: PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} - TAGS: ${{ steps.meta.outputs.tags }} run: | - echo "::group::Post build actions" - echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done + echo "::group::Result" rm -rf "$PFLT_ARTIFACTS" podman rmi -i -f "$PREFLIGHT_IMAGE" echo "::endgroup::" - clean_artifacts: - timeout-minutes: 90 + - name: Image digest + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile) + echo "::group::Image digest" + echo "$TAG_ID" + echo "::endgroup::" + + - name: Post build image + if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + + rm -rf "$GITHUB_WORKSPACE/iidfile" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + clear_artifacts: + timeout-minutes: 10 needs: [ "build_images", "init_build"] - name: Build ${{ matrix.build }} image (${{ matrix.arch }}) + name: Clear ${{ matrix.build }} image cache (${{ matrix.arch }}) strategy: fail-fast: false matrix: - build: [build-mysql, build-sqlite3] - arch: [X64, ARM64] + build: ${{ fromJson(needs.init_build.outputs.database) }} + arch: ${{ fromJson(needs.init_build.outputs.platforms) }} runs-on: [self-hosted, linux, "${{ matrix.arch }}"] - if: ${{ always() && needs.build_base_database.result == 'success' }} + if: ${{ needs.build_base_database.result == 'success' }} permissions: {} steps: - - name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - name: Download metadata of ${{ matrix.build }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.arch }} + path: | + ${{ matrix.build }}_${{ matrix.arch }}_tag_id + ${{ matrix.build }}_${{ matrix.arch }}_tag key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} - - name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag + - name: Remove ${{ matrix.build }}:${{ matrix.arch }} cache env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ matrix.build }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + echo "::group::Result" - podman rmi -i -f "$BUILD_BASE_IMAGE" + BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id") + echo "Removing ${IMAGE_DIR}/${BASE_TAG}" + rm -rf "${IMAGE_DIR}/${BASE_TAG}" - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + echo "::endgroup::" + + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag + - name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} cache env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + echo "::group::Result" - podman rmi -i -f "$BUILD_BASE_IMAGE" + BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id") + echo "Removing ${IMAGE_DIR}/${BASE_TAG}" + rm -rf "${IMAGE_DIR}/${BASE_TAG}" + + echo "::endgroup::" diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml new file mode 100644 index 000000000..9349683bb --- /dev/null +++ b/.github/workflows/rhel_registry_description.yml @@ -0,0 +1,157 @@ +name: Red Hat Catalog Description + +on: + push: + branches: + - '[0-9]+.[0-9]+' + paths: + - 'Dockerfiles/*/rhel/README.html' + - 'Dockerfiles/*/README.md' + - 'Dockerfiles/*/rhel/README.md' + - '.github/workflows/rhel_registry_description.yml' + workflow_dispatch: + +env: + DOCKERFILES_DIRECTORY: "./Dockerfiles" + API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" + MATRIX_FILE: "build.json" + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + init: + name: Initialize workflow + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + components: ${{ steps.components.outputs.list }} + zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }} + steps: + - name: Block egress traffic + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 1 + sparse-checkout: ${{ env.MATRIX_FILE }} + + - name: Check ${{ env.MATRIX_FILE }} file + id: build_exists + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + if [[ ! -f "$MATRIX_FILE" ]]; then + echo "::error::File $MATRIX_FILE is missing" + exit 1 + fi + + - name: Get branch info + id: branch_info + shell: bash + env: + github_ref: ${{ github.ref }} + run: | + result=false + + github_ref=${github_ref##*/} + + echo "::group::Branch metadata" + echo "zabbix_release=${github_ref//.}" + echo "::endgroup::" + + echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT + + - name: Prepare Zabbix component list + id: components + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") + + echo "::group::Zabbix Component List" + echo "$component_list" + echo "::endgroup::" + + echo "list=$component_list" >> $GITHUB_OUTPUT + + publish: + name: Initialize build + runs-on: ubuntu-latest + needs: init + permissions: + contents: read + strategy: + fail-fast: false + matrix: + component: ${{ fromJson(needs.init.outputs.components) }} + steps: + - name: Block egress traffic + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + catalog.redhat.com:443 + files.pythonhosted.org:443 + github.com:443 + pypi.org:443 + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 1 + + - name: Variables formating + id: var_format + env: + MATRIX_BUILD: ${{ matrix.component }} + run: | + MATRIX_BUILD=${MATRIX_BUILD^^} + MATRIX_BUILD=${MATRIX_BUILD//-/_} + + echo "::group::Result" + echo "matrix_build=${MATRIX_BUILD}" + echo "::endgroup::" + echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT + + - name: Setup Python 3.x + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + with: + python-version: '3.x' + + - name: Install Python packages + run: | + python -m pip install --upgrade pip + pip install markdown requests + + - name: Update Red Hat project description + env: + DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} + PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }} + PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} + API_URL: ${{ env.API_URL }} + run: | + python ./.github/scripts/rhel_description.py + + - name: Red Hat Gatalog URL + env: + COMPONENT: ${{ matrix.component }} + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE") + + echo "::group::URL" + echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}" + echo "::endgroup::" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3aa8ef685..273d6afeb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: sarif_file: results.sarif diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 252c73636..2fa6f8be5 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -47,7 +47,7 @@ jobs: uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit - + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0438c73dc..74989927d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,20 +1,41 @@ - - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.3 - hooks: - - id: gitleaks - - repo: https://github.com/jumanjihouse/pre-commit-hooks - rev: 3.0.0 - hooks: - - id: shellcheck - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 - hooks: - - id: end-of-file-fixer - - id: trailing-whitespace - - id: check-yaml - - id: check-symlinks - - id: pretty-format-json -- repo: https://github.com/asottile/setup-cfg-fmt - rev: v2.5.0 - hooks: - - id: setup-cfg-fmt +repos: +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.3 + hooks: + - id: gitleaks +- repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shellcheck +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: end-of-file-fixer + exclude: | + (?x)( + ^env_vars/\.MYSQL | + ^env_vars/\.POSTGRES + ) +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: trailing-whitespace + exclude: | + (?x)( + .*\.patch$ + ) + - id: check-yaml + args: [--allow-multiple-documents] + - id: check-symlinks +# - id: pretty-format-json + - id: check-added-large-files +#- repo: https://github.com/adrienverge/yamllint.git +# rev: v1.21.0 # or higher tag +# hooks: +# - id: yamllint +# args: [--format, parsable, --strict] +#- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt +# rev: 0.2.3 +# hooks: +# - id: yamlfmt +# args: [--mapping, '2', --sequence, '1', --offset, '0', --colons, --width, '400'] diff --git a/Dockerfiles/agent/README.md b/Dockerfiles/agent/README.md index 2fac6f7d5..07b075cbe 100644 --- a/Dockerfiles/agent/README.md +++ b/Dockerfiles/agent/README.md @@ -14,16 +14,12 @@ Zabbix agent is deployed on a monitoring target to actively monitor local resour # Zabbix agent images -These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8, Oracle Linux 8, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent are: +These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9, Oracle Linux 9, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent are: - Zabbix agent 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest, ltsc2019-4.0-latest, ltsc2022-4.0-latest) - Zabbix agent 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*, ltsc2019-4.0.*, ltsc2022-4.0.*) Zabbix agent 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest, ltsc2019-5.0-latest, ltsc2022-5.0-latest) Zabbix agent 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*, ltsc2019-5.0.*, ltsc2022-5.0.*) Zabbix agent 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix agent 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*, ltsc2019-6.0.*, ltsc2022-6.0.*) - Zabbix agent 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix agent 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix agent 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, ltsc2019-latest, ltsc2022-latest, latest) Zabbix agent 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix agent 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) @@ -222,7 +218,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/agent/alpine/Dockerfile b/Dockerfiles/agent/alpine/Dockerfile index 82b4c804e..339334ae6 100644 --- a/Dockerfiles/agent/alpine/Dockerfile +++ b/Dockerfiles/agent/alpine/Dockerfile @@ -66,8 +66,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/modules && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 0099f37e5..6ef112f8c 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -31,8 +31,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc/zabbix/zabbix_agentd.conf"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -41,15 +41,24 @@ RUN set -eux && \ libcurl-minimal \ libmodbus \ openssl-libs \ + shadow-utils \ zlib" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -69,9 +78,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index 7d46795ef..9c0b2cb92 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -32,7 +32,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc/zabbix/zabbix_agentd.conf"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -48,6 +49,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -71,9 +73,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 91e1b0728..0a222653c 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -50,7 +50,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc/zabbix/zabbix_agentd.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -67,12 +68,14 @@ RUN set -eux && \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -96,9 +99,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/rhel/README.html b/Dockerfiles/agent/rhel/README.html new file mode 100644 index 000000000..9ae68852c --- /dev/null +++ b/Dockerfiles/agent/rhel/README.html @@ -0,0 +1,121 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix agent?

+

Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications (hard drives, memory, processor statistics etc).

+

Zabbix agent images

+

These are the only official Zabbix agent Docker images.

+

How to use this image

+

Start zabbix-agent

+

Start a Zabbix agent container as follows:

+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" -d zabbix/zabbix-agent:tag
+

Where some-zabbix-agent is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

+

Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

+

This image exposes the standard Zabbix agent port (10050) to perform passive checks, so container linking makes Zabbix agent instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent container:

+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server or Zabbix proxy containers (Active checks)

+

This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent instance. Start your application container like this in order to link Zabbix agent to Zabbix server or Zabbix proxy containterns:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -d zabbix/zabbix-agent:latest
+
+

Container shell access and viewing Zabbix agent logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent container:

+
$ podman exec -ti some-zabbix-agent /bin/bash
+
+

The Zabbix agent log is available through Podman's container log:

+
$ podman logs some-zabbix-agent
+
+

Privileged mode

+

By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent is designed to monitor system resources, to do that Zabbix agent container must be privileged or you may mount some system-wide volumes. For example:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged -d zabbix/zabbix-agent:latest
+
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc -d zabbix/zabbix-agent:latest
+
+

Environment Variables

+

When you start the zabbix-agent image, you can adjust the configuration of the Zabbix agent by passing one or more environment variables on the podman run command line.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is hostname of the container. It is Hostname parameter in zabbix_agentd.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_agentd.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_PASSIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of passive checks. By default, value is true.

+

ZBX_PASSIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container.

+

ZBX_ACTIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of active checks. By default, value is true.

+

ZBX_ACTIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container. You may specify port of Zabbix server or Zabbix proxy in such syntax: zabbix-server:10061,zabbix-proxy:10072.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_agentd.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_SOURCEIP=
+ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
+ZBX_LOGREMOTECOMMANDS=0
+ZBX_HEARTBEAT_FREQUENCY=60 # Available since 6.2.0
+ZBX_HOSTINTERFACE= # Available since 4.4.0
+ZBX_HOSTINTERFACEITEM= # Available since 4.4.0
+ZBX_STARTAGENTS=3
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_METADATA=
+ZBX_METADATAITEM=
+ZBX_REFRESHACTIVECHECKS=120
+ZBX_BUFFERSEND=5
+ZBX_BUFFERSIZE=100
+ZBX_MAXLINESPERSECOND=20
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10050
+ZBX_LISTENBACKLOG=
+ZBX_UNSAFEUSERPARAMETERS=0
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+ZBX_DENYKEY=system.run[*] # Available since 5.0.0
+ZBX_ALLOWKEY= # Available since 5.0.0
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_agentd.conf configuration file. For example, ZBX_REFRESHACTIVECHECKS = RefreshActiveChecks.

+

Please use official documentation for zabbix_agentd.conf to get more information about the variables.

+

Allowed volumes for the Zabbix agent container

+

/etc/zabbix/zabbix_agentd.d

+

The volume allows include *.conf files and extend Zabbix agent using UserParameter feature.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix agent using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the agent/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Currently it is not allowed to specify ZBX_ALIAS environment variable. Please use /etc/zabbix/zabbix_agent.d volume with additional configuration files with Alias options.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/agent/rhel/README.md b/Dockerfiles/agent/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/agent/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/agent/ubuntu/Dockerfile b/Dockerfiles/agent/ubuntu/Dockerfile index b9b9f3c24..544657b5c 100644 --- a/Dockerfiles/agent/ubuntu/Dockerfile +++ b/Dockerfiles/agent/ubuntu/Dockerfile @@ -31,7 +31,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc/zabbix/zabbix_agentd.conf"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -67,8 +68,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/windows/docker-entrypoint.ps1 b/Dockerfiles/agent/windows/docker-entrypoint.ps1 index ea526c194..c7a459b23 100644 --- a/Dockerfiles/agent/windows/docker-entrypoint.ps1 +++ b/Dockerfiles/agent/windows/docker-entrypoint.ps1 @@ -40,7 +40,7 @@ function Update-Config-Var { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { throw "**** Configuration file '$ConfigPath' does not exist" } - + if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." } @@ -50,12 +50,12 @@ function Update-Config-Var { if ([string]::IsNullOrWhitespace($VarValue)) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Where-Object {$_ -notmatch "^$VarName=" } | Set-Content $ConfigPath } - Write-Host "removed" + Write-Host "removed" return } @@ -64,7 +64,7 @@ function Update-Config-Var { Write-Host "undefined" return } - + if ($VarName -match '^TLS.*File$') { $VarValue="$ZabbixUserHomeDir\enc\$VarValue" } @@ -75,7 +75,7 @@ function Update-Config-Var { Write-Host updated } elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Foreach-Object { $_ if ($_ -match "^[#;] $VarName=") { diff --git a/Dockerfiles/agent2/README.md b/Dockerfiles/agent2/README.md index 7235242df..b8869becb 100644 --- a/Dockerfiles/agent2/README.md +++ b/Dockerfiles/agent2/README.md @@ -14,14 +14,12 @@ Zabbix agent 2 is deployed on a monitoring target to actively monitor local reso # Zabbix agent 2 images -These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8, Oracle Linux 8, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent 2 are: +These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9, Oracle Linux 9, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent 2 are: Zabbix agent 2 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest , ltsc2019-5.0-latest, ltsc2022-5.0-latest) Zabbix agent 2 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*, ltsc2019-5.0.*, ltsc2022-5.0.*) Zabbix agent 2 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix agent 2 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*, ltsc2019-6.0.*, ltsc2022-6.0.*) - Zabbix agent 2 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix agent 2 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix agent 2 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, ltsc2019-latest, ltsc2022-latest, latest) Zabbix agent 2 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix agent 2 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) @@ -210,7 +208,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`agent2/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/agent2) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`agent2/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/agent2) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/agent2/alpine/Dockerfile b/Dockerfiles/agent2/alpine/Dockerfile index b03f7eb0e..7d77dcf46 100644 --- a/Dockerfiles/agent2/alpine/Dockerfile +++ b/Dockerfiles/agent2/alpine/Dockerfile @@ -71,8 +71,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/buffer && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index 5128455bb..4098a34a3 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -36,8 +36,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -46,16 +46,25 @@ RUN set -eux && \ libcurl-minimal \ libmodbus \ smartmontools \ + shadow-utils \ sudo \ openssl-libs" && \ - dnf -y install epel-release && \ - dnf -y install \ + microdnf -y install \ --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -78,9 +87,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index 671ccc93f..80a9f9726 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/s COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -54,6 +55,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -79,9 +81,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index b155af91f..2682f1c92 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -55,7 +55,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -74,12 +75,14 @@ RUN set -eux && \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -105,9 +108,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/rhel/README.html b/Dockerfiles/agent2/rhel/README.html new file mode 100644 index 000000000..18f5d026b --- /dev/null +++ b/Dockerfiles/agent2/rhel/README.html @@ -0,0 +1,113 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix agent 2?

+

Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications (hard drives, memory, processor statistics etc).

+

Zabbix agent 2 images

+

Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-agent2

+

Start a Zabbix agent 2 container as follows:

+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" -d zabbix/zabbix-agent2:tag
+

Where some-zabbix-agent2 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent 2 configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

+

Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

+

This image exposes the standard Zabbix agent 2 port (10050) to perform passive checks, so container linking makes Zabbix agent 2 instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent 2 container:

+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent2 -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server or Zabbix proxy containers (Active checks)

+

This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent 2 instance. Start your application container like this in order to link Zabbix agent 2 to Zabbix server or Zabbix proxy containterns:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -d zabbix/zabbix-agent2:latest
+
+

Container shell access and viewing Zabbix agent 2 logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent2 container:

+
$ podman exec -ti some-zabbix-agent /bin/bash
+
+

The Zabbix agent 2 log is available through Podman's container log:

+
$ podman logs some-zabbix-agent
+
+

Privileged mode

+

By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent 2 is designed to monitor system resources, to do that Zabbix agent 2 container must be privileged or you may mount some system-wide volumes. For example:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged -d zabbix/zabbix-agent2:latest
+
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc -d zabbix/zabbix-agent2:latest
+
+

Environment Variables

+

When you start the zabbix-agent2 image, you can adjust the configuration of the Zabbix agent 2 by passing one or more environment variables on the podman run command line.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is hostname of the container. It is Hostname parameter in zabbix_agent2.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_agent2.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_PASSIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of passive checks. By default, value is true.

+

ZBX_PASSIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container.

+

ZBX_ACTIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of active checks. By default, value is true.

+

ZBX_ACTIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container. You may specify port of Zabbix server or Zabbix proxy in such syntax: zabbix-server:10061,zabbix-proxy:10072.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_agent2.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ENABLEPERSISTENTBUFFER=false # Available since 5.0.0
+ZBX_PERSISTENTBUFFERPERIOD=1h # Available since 5.0.0
+ZBX_ENABLESTATUSPORT=
+ZBX_SOURCEIP=
+ZBX_HEARTBEAT_FREQUENCY=60 # Available since 6.2.0
+ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
+ZBX_LOGREMOTECOMMANDS=0
+ZBX_STARTAGENTS=3
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_METADATA=
+ZBX_METADATAITEM=
+ZBX_REFRESHACTIVECHECKS=120
+ZBX_BUFFERSEND=5
+ZBX_BUFFERSIZE=100
+ZBX_MAXLINESPERSECOND=20
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_UNSAFEUSERPARAMETERS=0
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_DENYKEY=system.run[*] # Available since 5.0.0
+ZBX_ALLOWKEY= # Available since 5.0.0
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_agent2.conf configuration file. For example, ZBX_REFRESHACTIVECHECKS = RefreshActiveChecks.

+

Please use official documentation for zabbix_agent2.conf to get more information about the variables.

+

Allowed volumes for the Zabbix agent 2 container

+

/etc/zabbix/zabbix_agentd.d

+

The volume allows include *.conf files and extend Zabbix agent 2 using UserParameter feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/buffer

+

The volume is used to store the file, where Zabbix Agent2 should keep SQLite database. To enable the feature specify ZBX_ENABLEPERSISTENTBUFFER=true. Available since 5.0.0.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the agent2/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Currently it is not allowed to specify ZBX_ALIAS environment variable. Please use /etc/zabbix/zabbix_agent.d volume with additional configuration files with Alias options.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/agent2/rhel/README.md b/Dockerfiles/agent2/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/agent2/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt b/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt index 39f57220f..9006b97b3 100644 --- a/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt +++ b/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt @@ -199,4 +199,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/Dockerfiles/agent2/ubuntu/Dockerfile b/Dockerfiles/agent2/ubuntu/Dockerfile index 432696bca..7f6c378d9 100644 --- a/Dockerfiles/agent2/ubuntu/Dockerfile +++ b/Dockerfiles/agent2/ubuntu/Dockerfile @@ -36,7 +36,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="tini \ tzdata \ @@ -74,8 +75,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10050/TCP diff --git a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 b/Dockerfiles/agent2/windows/docker-entrypoint.ps1 index 2d0736052..8777e39fc 100644 --- a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 +++ b/Dockerfiles/agent2/windows/docker-entrypoint.ps1 @@ -40,7 +40,7 @@ function Update-Config-Var { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { throw "**** Configuration file '$ConfigPath' does not exist" } - + if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." } @@ -50,12 +50,12 @@ function Update-Config-Var { if ([string]::IsNullOrWhitespace($VarValue)) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Where-Object {$_ -notmatch "^$VarName=" } | Set-Content $ConfigPath } - Write-Host "removed" + Write-Host "removed" return } @@ -64,7 +64,7 @@ function Update-Config-Var { Write-Host "undefined" return } - + if ($VarName -match '^TLS.*File$') { $VarValue="$ZabbixUserHomeDir\enc\$VarValue" } @@ -75,7 +75,7 @@ function Update-Config-Var { Write-Host updated } elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Foreach-Object { $_ if ($_ -match "^[#;] $VarName=") { diff --git a/Dockerfiles/build-base/README.md b/Dockerfiles/build-base/README.md index dc2fa5fd2..ed1d0b287 100644 --- a/Dockerfiles/build-base/README.md +++ b/Dockerfiles/build-base/README.md @@ -14,14 +14,12 @@ Zabbix build base image is prepared build environment for building Zabbix compon # Zabbix build base images -These are the only official Zabbix build base Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) @@ -30,7 +28,7 @@ Images are updated when new releases are published. The image with ``latest`` ta # How to use this image -The image is required to build Zabbix components. It is base image for [MySQL](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-mysql), [PostgreSQL](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-pgsql) and [SQLite3](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-sqlite3) base images. While the image contains only required packages, MySQL, PostgreSQL and SQLite3 base images compile Zabbix component and prepare them for usage. +The image is required to build Zabbix components. It is base image for [MySQL](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-mysql), [PostgreSQL](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-pgsql) and [SQLite3](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-sqlite3) base images. While the image contains only required packages, MySQL, PostgreSQL and SQLite3 base images compile Zabbix component and prepare them for usage. # The image variants @@ -64,7 +62,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-base/alpine/Dockerfile b/Dockerfiles/build-base/alpine/Dockerfile index f63cb864d..970c9a367 100644 --- a/Dockerfiles/build-base/alpine/Dockerfile +++ b/Dockerfiles/build-base/alpine/Dockerfile @@ -61,5 +61,4 @@ RUN set -eux && \ apk add \ --no-cache \ --clean-protected \ - ${INSTALL_PKGS} && \ - rm -rf /var/cache/apk/* + ${INSTALL_PKGS} diff --git a/Dockerfiles/build-base/centos/Dockerfile b/Dockerfiles/build-base/centos/Dockerfile index 402f01d41..d4fb071a6 100644 --- a/Dockerfiles/build-base/centos/Dockerfile +++ b/Dockerfiles/build-base/centos/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION=6.4 ARG ZBX_VERSION=${MAJOR_VERSION}.11 @@ -18,8 +18,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov - \ No newline at end of file + diff --git a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters index 819f877e5..19d40f654 100644 --- a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters +++ b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters @@ -59,4 +59,4 @@ Resource Files - \ No newline at end of file + diff --git a/Dockerfiles/build-mysql/README.md b/Dockerfiles/build-mysql/README.md index 61425ab30..ee6615cb2 100644 --- a/Dockerfiles/build-mysql/README.md +++ b/Dockerfiles/build-mysql/README.md @@ -14,16 +14,12 @@ Zabbix build base (MySQL) image is used for building Zabbix components. It conta # Zabbix build base (MySQL) images -These are the only official Zabbix build base (MySQL) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (MySQL) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -34,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. # The image variants @@ -68,7 +64,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 116806c6b..4593e7cae 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index 26b21d291..08b4a67ca 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index 0b8fde5cf..ec5bbd614 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 1e1d1daa5..f9ac2e34c 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -32,9 +32,10 @@ LABEL description="Zabbix build base for MySQL based images" \ ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=${ZBX_VERSION} \ POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=${ZBX_VERSION} -COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"] - -RUN set -eux && \ +RUN --mount=type=cache,target=/root/.cache/go-build/ \ + --mount=type=cache,target=/root/go/ \ + --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + set -eux && \ cd /tmp/ && \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \ cd /tmp/zabbix-${ZBX_VERSION} && \ @@ -82,7 +83,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -106,5 +107,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index c0ba80413..67d392e18 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-pgsql/README.md b/Dockerfiles/build-pgsql/README.md index 53de14218..a6a6e5ad3 100644 --- a/Dockerfiles/build-pgsql/README.md +++ b/Dockerfiles/build-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix build base (PostgreSQL) image is used for building Zabbix components. It # Zabbix build base (PostgreSQL) images -These are the only official Zabbix build base (PostgreSQL) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (PostgreSQL) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -34,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. # The image variants @@ -68,7 +64,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 13a115e90..c4a076778 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 835c4a92f..3b4c12d06 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index e4477c1ca..fd584ed75 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index 5a0164d67..5a05eb26e 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -22,9 +22,10 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ @@ -96,5 +97,4 @@ RUN set -eux && \ git -c advice.detachedHead=false clone ${POSTGRESQL_PLUGIN_SOURCES} --branch ${POSTGRESQL_PLUGIN_VERSION} --depth 1 --single-branch /tmp/postgresql_plugin && \ cd /tmp/postgresql_plugin && \ make && \ - strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql && \ - rm -rf $(go env GOCACHE) + strip /tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql diff --git a/Dockerfiles/build-sqlite3/README.md b/Dockerfiles/build-sqlite3/README.md index d8889cf89..42dc04630 100644 --- a/Dockerfiles/build-sqlite3/README.md +++ b/Dockerfiles/build-sqlite3/README.md @@ -14,16 +14,12 @@ Zabbix build base (SQLite3) image is used for building Zabbix components. It con # Zabbix build base (SQLite3) images -These are the only official Zabbix build base (SQLite3) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (SQLite3) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -34,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. It contains limited prepared Zabbix components while MySQL and PostgreSQL build base images contain all possible components: * zabbix-agent @@ -74,7 +70,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 7828b51ef..f5697e406 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -22,7 +22,9 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix Java Gateway?

+

Zabbix Java Gateway performs native support for monitoring JMX applications. Java gateway accepts incoming connection from Zabbix server or Zabbix proxy and can only be used as a "passive proxy".

+

Zabbix Java Gateway images

+

These are the only official Zabbix Java Gateway Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-java-gateway

+

Start a Zabbix Java Gateway container as follows:

+
podman run --name some-zabbix-java-gateway -d zabbix/zabbix-java-gateway:tag
+

Where some-zabbix-java-gateway is the name you want to assign to your container and tag is the tag specifying the version you want.

+

Linking the container to Zabbix server or Zabbix proxy

+
podman run --name some-zabbix-java-gateway --link some-zabbix-server:zabbix-server -d zabbix/zabbix-java-gateway:tag
+

Container shell access and viewing Zabbix Java Gateway logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-java-gateway container:

+
$ podman exec -ti some-zabbix-java-gateway /bin/bash
+
+

The Zabbix Java Gateway log is available through Podman's container log:

+
$ podman logs  some-zabbix-java-gateway
+
+

Environment Variables

+

When you start the zabbix-java-gateway image, you can adjust the configuration of the Zabbix Java Gateway by passing one or more environment variables on the podman run command line.

+

ZBX_START_POLLERS

+

This variable is specified amount of pollers. By default, value is 5.

+

ZBX_TIMEOUT

+

This variable is used to specify timeout for outgoing connections. By default, value is 3.

+

ZBX_DEBUGLEVEL

+

This variable is used to specify log level. By default, value is info. The variable allows next values: trace, debug, info, want, error, all, off

+

ZBX_PROPERTIES_FILE

+

Name of properties file. Can be used to set additional properties using a key-value format in such a way that they are not visible on a command line or to overwrite existing ones.

+

ZABBIX_OPTIONS

+

Additional arguments for Zabbix Java Gateway. Useful to enable additional libraries and features.

+

Allowed volumes for the Zabbix Java Gateway container

+

/usr/sbin/zabbix_java/ext_lib

+

The volume allows include additional JAR files to extend allowed protocols for Zabbix Java Gateway.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the java-gateway/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/java-gateway/rhel/README.md b/Dockerfiles/java-gateway/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/java-gateway/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/java-gateway/ubuntu/Dockerfile b/Dockerfiles/java-gateway/ubuntu/Dockerfile index 7bee1041f..1aa543339 100644 --- a/Dockerfiles/java-gateway/ubuntu/Dockerfile +++ b/Dockerfiles/java-gateway/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_java/bin", "/usr/sbin/zabbix_java/bin"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_java/lib", "/usr/sbin/zabbix_java/lib"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ openjdk-17-jre-headless" && \ @@ -58,8 +59,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /usr/sbin/zabbix_java/ && \ chmod -R g=u /etc/zabbix/ /usr/sbin/zabbix_java/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10052/TCP diff --git a/Dockerfiles/proxy-mysql/README.md b/Dockerfiles/proxy-mysql/README.md index 3bc4e3704..2fa37d242 100644 --- a/Dockerfiles/proxy-mysql/README.md +++ b/Dockerfiles/proxy-mysql/README.md @@ -14,16 +14,12 @@ Zabbix proxy is a process that may collect monitoring data from one or more moni # Zabbix proxy images -These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix proxy are: +These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix proxy are: - Zabbix proxy 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix proxy 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix proxy 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix proxy 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix proxy 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix proxy 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix proxy 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix proxy 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix proxy 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix proxy 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix proxy 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -113,7 +109,7 @@ This variable is port Zabbix server listening on. By default, value is `10051`. This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server' ### `DB_SERVER_PORT` - + This variable is port of MySQL server. By default, value is '3306'. ### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE` @@ -315,7 +311,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-mysql/alpine/Dockerfile b/Dockerfiles/proxy-mysql/alpine/Dockerfile index d51fc06e0..31f66627e 100644 --- a/Dockerfiles/proxy-mysql/alpine/Dockerfile +++ b/Dockerfiles/proxy-mysql/alpine/Dockerfile @@ -88,8 +88,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/centos/Dockerfile b/Dockerfiles/proxy-mysql/centos/Dockerfile index f5bcfc36b..3ca6cdfe1 100644 --- a/Dockerfiles/proxy-mysql/centos/Dockerfile +++ b/Dockerfiles/proxy-mysql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -34,8 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ - REPOLIST="baseos,appstream,crb,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -52,16 +52,26 @@ RUN set -eux && \ openldap \ openssl-libs \ pcre2 \ + shadow-utils \ zlib \ unixODBC" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo "crb" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -92,9 +102,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/ol/Dockerfile b/Dockerfiles/proxy-mysql/ol/Dockerfile index 79ebbba10..9b9ff9b25 100644 --- a/Dockerfiles/proxy-mysql/ol/Dockerfile +++ b/Dockerfiles/proxy-mysql/ol/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -61,6 +62,7 @@ RUN set -eux && \ --enablerepo="ol9_codeready_builder" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -94,9 +96,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 5aa089644..52b1c7252 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -53,7 +53,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -86,6 +87,7 @@ RUN set -eux && \ --enablerepo "codeready-builder-for-rhel-9-$ARCH_SUFFIX-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -125,9 +127,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/rhel/README.html b/Dockerfiles/proxy-mysql/rhel/README.html new file mode 100644 index 000000000..45dfa7d19 --- /dev/null +++ b/Dockerfiles/proxy-mysql/rhel/README.html @@ -0,0 +1,194 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix proxy?

+

Zabbix proxy is a process that may collect monitoring data from one or more monitored devices and send the information to the Zabbix server, essentially working on behalf of the server. All collected data is buffered locally and then transferred to the Zabbix server the proxy belongs to.

+

Zabbix proxy images

+

These are the only official Zabbix proxy Podman images. Images are updated when new releases are published. The image with latest tag is based on Alpine Linux.

+

The image uses MySQL database to store collected data before sending it to Zabbix server. It uses the next procedure to start:

+
    +
  • Checking database availability
    • +
  • If MYSQL_ROOT_PASSWORD or MYSQL_ALLOW_EMPTY_PASSWORD are specified, the instance tries to create MYSQL_USER user with MYSQL_PASSWORD to use these credentials then for Zabbix server.
    • +
  • Checking of having MYSQL_DATABASE database. Creating MYSQL_DATABASE database name if it does not exist
    • +
  • Checking of having dbversion table. Creating Zabbix proxy database schema if no dbversion table
    • +
+

How to use this image

+

Start zabbix-proxy-mysql

+

Start a Zabbix proxy container as follows:

+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
+

Where some-zabbix-proxy-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Connects from Zabbix server (Passive proxy)

+

This image exposes the standard Zabbix proxy port (10051) and can operate as Passive proxy in case ZBX_PROXYMODE = 1. Start Zabbix server container like this in order to link it to the Zabbix proxy container:

+
$ podman run --name some-zabbix-server --link some-zabbix-proxy-mysql:zabbix-proxy-mysql  -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server (Active proxy)

+

This image can operate as Active proxy (default mode). Start your application container like this in order to link Zabbix proxy to Zabbix server containters:

+
$ podman run --name some-zabbix-proxy-mysql --link some-zabbix-server:zabbix-server -d zabbix/zabbix-proxy-mysql:latest
+
+

Container shell access and viewing Zabbix proxy logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-proxy-mysql container:

+
$ podman exec -ti some-zabbix-proxy-mysql /bin/bash
+
+

The Zabbix proxy log is available through Podman's container log:

+
$ podman logs some-zabbix-proxy-mysql
+
+

Environment Variables

+

When you start the zabbix-proxy-mysql image, you can adjust the configuration of the Zabbix proxy by passing one or more environment variables on the podman run command line.

+

ZBX_PROXYMODE

+

The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is zabbix-proxy-mysql of the container. It is Hostname parameter in zabbix_proxy.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_proxy.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

Note: This parameter is no longer used in version 6.0 and above. Instead, add a colon : followed by the port number to the end of ZBX_SERVER_HOST.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix proxy to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
+
+

This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix_proxy.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
+ZBX_DBTLSCONNECT= # Available since 5.0.0
+ZBX_DBTLSCAFILE= # Available since 5.0.0
+ZBX_DBTLSCERTFILE= # Available since 5.0.0
+ZBX_DBTLSKEYFILE= # Available since 5.0.0
+ZBX_DBTLSCIPHER= # Available since 5.0.0
+ZBX_DBTLSCIPHER13= # Available since 5.0.0
+ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_SOURCEIP=
+ZBX_PROXYLOCALBUFFER=0
+ZBX_PROXYOFFLINEBUFFER=1
+ZBX_PROXYHEARTBEATFREQUENCY=60 # Deprecated since 6.4.0
+ZBX_CONFIGFREQUENCY=3600 # Deprecated since 6.4.0
+ZBX_PROXYCONFIGFREQUENCY=10 # Available since 6.4.0
+ZBX_DATASENDERFREQUENCY=1
+ZBX_STARTPOLLERS=5
+ZBX_STARTPREPROCESSORS=3 # Available since 4.2.0
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=1 # Available since 5.4.0 till 6.0.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_CACHESIZE=8M
+ZBX_STARTDBSYNCERS=4
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_proxy.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_proxy.conf to get more information about the variables.

+

Allowed volumes for the Zabbix proxy container

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix proxy using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix proxy. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the proxy-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/proxy-mysql/rhel/README.md b/Dockerfiles/proxy-mysql/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/proxy-mysql/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 5730780e0..3106c6961 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -92,8 +93,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/README.md b/Dockerfiles/proxy-sqlite3/README.md index 7717b6ba0..063977ca7 100644 --- a/Dockerfiles/proxy-sqlite3/README.md +++ b/Dockerfiles/proxy-sqlite3/README.md @@ -14,16 +14,12 @@ Zabbix proxy is a process that may collect monitoring data from one or more moni # Zabbix proxy images -These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix proxy are: +These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix proxy are: - Zabbix proxy 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix proxy 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix proxy 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix proxy 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix proxy 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix proxy 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix proxy 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix proxy 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix proxy 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix proxy 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix proxy 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -273,7 +269,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile index 6328b4689..52d79da7e 100644 --- a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile @@ -85,8 +85,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/centos/Dockerfile b/Dockerfiles/proxy-sqlite3/centos/Dockerfile index 8eb51ac2c..299f7691b 100644 --- a/Dockerfiles/proxy-sqlite3/centos/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-sqlite3:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -33,8 +33,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -48,16 +48,25 @@ RUN set -eux && \ openldap \ openssl-libs \ pcre2 \ + shadow-utils \ zlib \ unixODBC" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -88,9 +97,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/ol/Dockerfile b/Dockerfiles/proxy-sqlite3/ol/Dockerfile index 76740ed00..f0c25342c 100644 --- a/Dockerfiles/proxy-sqlite3/ol/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ol/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -56,6 +57,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -89,9 +91,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index b4de92e7e..c874e0de6 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-sqlite3:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -52,7 +52,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -82,12 +83,14 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -121,9 +124,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/rhel/README.html b/Dockerfiles/proxy-sqlite3/rhel/README.html new file mode 100644 index 000000000..517396823 --- /dev/null +++ b/Dockerfiles/proxy-sqlite3/rhel/README.html @@ -0,0 +1,163 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix proxy?

+

Zabbix proxy is a process that may collect monitoring data from one or more monitored devices and send the information to the Zabbix server, essentially working on behalf of the server. All collected data is buffered locally and then transferred to the Zabbix server the proxy belongs to.

+

Zabbix proxy images

+

These are the only official Zabbix proxy Podman images. Images are updated when new releases are published.

+

The image uses SQLite3 database to store collected data before sending it to Zabbix server.

+

How to use this image

+

Start zabbix-proxy-sqlite3

+

Start a Zabbix proxy container as follows:

+
podman run --name some-zabbix-proxy-sqlite3 -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-sqlite3:tag
+

Where some-zabbix-proxy-sqlite3 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Connects from Zabbix server (Passive proxy)

+

This image exposes the standard Zabbix proxy port (10051) and can operate as Passive proxy in case ZBX_PROXYMODE = 1. Start Zabbix server container like this in order to link it to the Zabbix proxy container:

+
$ podman run --name some-zabbix-server --link some-zabbix-proxy-sqlite3:zabbix-proxy-sqlite3 --init -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server (Active proxy)

+

This image can operate as Active proxy (default mode). Start your application container like this in order to link Zabbix proxy to Zabbix server containters:

+
$ podman run --name some-zabbix-proxy-sqlite3 --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-proxy-sqlite3:latest
+
+

Container shell access and viewing Zabbix proxy logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-proxy-sqlite3 container:

+
$ podman exec -ti some-zabbix-proxy-sqlite3 /bin/bash
+
+

The Zabbix proxy log is available through Podman's container log:

+
$ podman logs some-zabbix-proxy-sqlite3
+
+

Environment Variables

+

When you start the zabbix-proxy-sqlite3 image, you can adjust the configuration of the Zabbix proxy by passing one or more environment variables on the podman run command line.

+

ZBX_PROXYMODE

+

The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is zabbix-proxy-sqlite3 of the container. It is Hostname parameter in zabbix_proxy.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_proxy.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

Note: This parameter is no longer used in version 6.0 and above. Instead, add a colon : followed by the port number to the end of ZBX_SERVER_HOST.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_SOURCEIP=
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_PROXYLOCALBUFFER=0
+ZBX_PROXYOFFLINEBUFFER=1
+ZBX_PROXYHEARTBEATFREQUENCY=60 # Deprecated since 6.4.0
+ZBX_CONFIGFREQUENCY=3600 # Deprecated since 6.4.0
+ZBX_PROXYCONFIGFREQUENCY=10 # Available since 6.4.0
+ZBX_DATASENDERFREQUENCY=1
+ZBX_STARTPOLLERS=5
+ZBX_STARTPREPROCESSORS=3 # Available since 4.2.0
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=1 # Available since 5.4.0 till 6.0.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_CACHESIZE=8M
+ZBX_STARTDBSYNCERS=4
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_proxy.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_proxy.conf to get more information about the variables.

+

Allowed volumes for the Zabbix proxy container

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/db_data

+

The volume stores SQLite3 database file and could be used for external database file storage.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix proxy using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix proxy. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the proxy-sqlite3/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/proxy-sqlite3/rhel/README.md b/Dockerfiles/proxy-sqlite3/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/proxy-sqlite3/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 105de5e40..fa122b0d6 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -33,7 +33,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -87,8 +88,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - apt-get -y autoremove && \ - rm -rf /var/lib/apt/lists/* + apt-get -y autoremove EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/README.md b/Dockerfiles/server-mysql/README.md index 0d1bbe4f6..5f10a4a1a 100644 --- a/Dockerfiles/server-mysql/README.md +++ b/Dockerfiles/server-mysql/README.md @@ -16,16 +16,12 @@ The server performs the polling and trapping of data, it calculates triggers, se # Zabbix server images -These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix server are: +These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix server are: - Zabbix server 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix server 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix server 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix server 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix server 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix server 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix server 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix server 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix server 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix server 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix server 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -305,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/server-mysql/alpine/Dockerfile b/Dockerfiles/server-mysql/alpine/Dockerfile index cfa463b4c..574705102 100644 --- a/Dockerfiles/server-mysql/alpine/Dockerfile +++ b/Dockerfiles/server-mysql/alpine/Dockerfile @@ -94,8 +94,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/centos/Dockerfile b/Dockerfiles/server-mysql/centos/Dockerfile index 32a0c019c..70de83e94 100644 --- a/Dockerfiles/server-mysql/centos/Dockerfile +++ b/Dockerfiles/server-mysql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -34,8 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ - REPOLIST="baseos,appstream,crb,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="fping \ tini \ traceroute \ @@ -44,9 +44,13 @@ RUN set -eux && \ tzdata \ iputils \ traceroute \ + libpsl \ + libbrotli \ libevent \ - libxml2 \ libssh \ + libpsl \ + libbrotli \ + libxml2 \ mysql \ mysql-libs \ net-snmp-libs \ @@ -54,25 +58,31 @@ RUN set -eux && \ openldap \ openssl-libs \ pcre2 \ + shadow-utils \ zlib \ gzip \ unixODBC" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --allowerasing \ - --best \ - libcurl && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo "crb" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf download libcurl && \ + rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" && \ + microdnf remove -y libcurl-minimal && \ + rm -rf "*curl*$( uname -i ).rpm" && \ groupadd \ --system \ --gid 1995 \ @@ -108,9 +118,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index 191ae84b7..bc91f4115 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ fping \ tini \ @@ -65,6 +66,7 @@ RUN set -eux && \ --enablerepo="ol9_codeready_builder" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 49d5921f5..575b07b78 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -53,7 +53,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -90,12 +91,14 @@ RUN set -eux && \ --enablerepo "codeready-builder-for-rhel-9-$ARCH_SUFFIX-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -138,9 +141,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/rhel/README.html b/Dockerfiles/server-mysql/rhel/README.html new file mode 100644 index 000000000..16d319419 --- /dev/null +++ b/Dockerfiles/server-mysql/rhel/README.html @@ -0,0 +1,195 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix server?

+

Zabbix server is the central process of Zabbix software.

+

The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks.

+

Zabbix server images

+

Images are updated when new releases are published.

+

The image uses MySQL database. It uses the next procedure to start:

+
    +
  • Checking database availability
    • +
  • If MYSQL_ROOT_PASSWORD or MYSQL_ALLOW_EMPTY_PASSWORD are specified, the instance tries to create MYSQL_USER user with MYSQL_PASSWORD to use these credentials then for Zabbix server.
    • +
  • Checking of having MYSQL_DATABASE database. Creating MYSQL_DATABASE database name if it does not exist
    • +
  • Checking of having dbversion table. Creating Zabbix server database schema and upload initial data sample if no dbversion table
    • +
+

How to use this image

+

Start zabbix-server-mysql

+

Start a Zabbix server container as follows:

+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -d zabbix/zabbix-server-mysql:tag
+

Where some-zabbix-server-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Container shell access and viewing Zabbix server logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-server-mysql container:

+
$ podman exec -ti some-zabbix-server-mysql /bin/bash
+
+

The Zabbix server log is available through Podman's container log:

+
$ podman logs some-zabbix-server-mysql
+
+

Environment Variables

+

When you start the zabbix-server-mysql image, you can adjust the configuration of the Zabbix server by passing one or more environment variables on the podman run command line.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix server to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
+
+

This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
+ZBX_DBTLSCONNECT= # Available since 5.0.0
+ZBX_DBTLSCAFILE= # Available since 5.0.0
+ZBX_DBTLSCERTFILE= # Available since 5.0.0
+ZBX_DBTLSKEYFILE= # Available since 5.0.0
+ZBX_DBTLSCIPHER= # Available since 5.0.0
+ZBX_DBTLSCIPHER13= # Available since 5.0.0
+ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_STARTREPORTWRITERS=0 # Available since 5.4.0
+ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # Available since 5.4.0
+ZBX_SERVICEMANAGERSYNCFREQUENCY=60 # Available since 6.0.0
+ZBX_HISTORYSTORAGEURL= # Available since 3.4.0
+ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0
+ZBX_STARTPOLLERS=5
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
+ZBX_STARTCONNECTORS=0 # Available since 6.4.0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_STARTTIMERS=1
+ZBX_STARTESCALATORS=1
+ZBX_STARTALERTERS=3 # Available since 3.4.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=5
+ZBX_STARTLLDPROCESSORS=2 # Available since 4.2.0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_SOURCEIP=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_MAXHOUSEKEEPERDELETE=5000
+ZBX_PROBLEMHOUSEKEEPINGFREQUENCY=60 # Available since 6.0.0
+ZBX_SENDERFREQUENCY=30 # Depcrecated since 3.4.0
+ZBX_CACHESIZE=8M
+ZBX_CACHEUPDATEFREQUENCY=10
+ZBX_STARTDBSYNCERS=4
+ZBX_EXPORTFILESIZE=1G # Available since 4.0.0
+ZBX_EXPORTTYPE= # Available since 5.0.10 and 5.2.6
+ZBX_AUTOHANODENAME=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+ZBX_HANODENAME= # Available since 6.0.0
+ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
+ZBX_NODEADDRESS=localhost # Available since 6.0.0
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_HISTORYSTORAGEDATEINDEX=0 # Available since 4.0.0
+ZBX_TRENDCACHESIZE=4M
+ZBX_TRENDFUNCTIONCACHESIZE=4M
+ZBX_VALUECACHESIZE=8M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_STARTPROXYPOLLERS=1
+ZBX_PROXYCONFIGFREQUENCY=10
+ZBX_PROXYDATAFREQUENCY=1
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_server.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_server.conf to get more information about the variables.

+

Allowed volumes for the Zabbix server container

+

/usr/lib/zabbix/alertscripts

+

The volume is used for custom alert scripts. It is AlertScriptsPath parameter in zabbix_server.conf.

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_server.conf.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix server using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix server. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

/var/lib/zabbix/export

+

Directory for real-time export of events, history and trends in newline-delimited JSON format. Could be enabled using ZBX_EXPORTFILESIZE environment variable.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the server-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/server-mysql/rhel/README.md b/Dockerfiles/server-mysql/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/server-mysql/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/server-mysql/ubuntu/Dockerfile b/Dockerfiles/server-mysql/ubuntu/Dockerfile index 1095edd1a..723d9efef 100644 --- a/Dockerfiles/server-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/server-mysql/ubuntu/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -99,8 +100,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/README.md b/Dockerfiles/server-pgsql/README.md index a94e2b9f1..5cae0c745 100644 --- a/Dockerfiles/server-pgsql/README.md +++ b/Dockerfiles/server-pgsql/README.md @@ -16,16 +16,12 @@ The server performs the polling and trapping of data, it calculates triggers, se # Zabbix server images -These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix server are: +These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix server are: - Zabbix server 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix server 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix server 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix server 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix server 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix server 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix server 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix server 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix server 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix server 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix server 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -305,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/server-pgsql/alpine/Dockerfile b/Dockerfiles/server-pgsql/alpine/Dockerfile index e68e56151..24617a1e4 100644 --- a/Dockerfiles/server-pgsql/alpine/Dockerfile +++ b/Dockerfiles/server-pgsql/alpine/Dockerfile @@ -97,8 +97,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index 6aedcf9f9..f92aba04b 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-pgsql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/with-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/with-compression/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="fping \ file-libs \ @@ -49,6 +50,8 @@ RUN set -eux && \ traceroute \ libevent \ libssh \ + libpsl \ + libbrotli \ libxml2 \ net-snmp-libs \ OpenIPMI-libs \ @@ -57,25 +60,30 @@ RUN set -eux && \ pcre2 \ postgresql \ postgresql-libs \ + shadow-utils \ zlib \ gzip \ unixODBC" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --allowerasing \ - --best \ - libcurl && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf download libcurl && \ + rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" && \ + microdnf remove -y libcurl-minimal && \ + rm -rf "*curl*$( uname -i ).rpm" && \ groupadd \ --system \ --gid 1995 \ @@ -111,9 +119,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 4bf8cfca1..fdaa7ffaa 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -38,7 +38,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="fping \ file-libs \ tini \ @@ -66,6 +67,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -104,9 +106,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/ubuntu/Dockerfile b/Dockerfiles/server-pgsql/ubuntu/Dockerfile index e025681d2..43ae52a8b 100644 --- a/Dockerfiles/server-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/server-pgsql/ubuntu/Dockerfile @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/with-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/with-compression/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -102,8 +103,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh index 9e1be2ee9..bcede0389 100755 --- a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/snmptraps/README.md b/Dockerfiles/snmptraps/README.md index 173f7312b..e51807a30 100644 --- a/Dockerfiles/snmptraps/README.md +++ b/Dockerfiles/snmptraps/README.md @@ -14,16 +14,12 @@ The image is used to receive SNMP traps, store them to a log file and provide ac # Zabbix snmptraps images -These are the only official Zabbix snmptraps Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix snmptraps are: +These are the only official Zabbix snmptraps Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix snmptraps are: - Zabbix snmptraps 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix snmptraps 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix snmptraps 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix snmptraps 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix snmptraps 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix snmptraps 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix snmptraps 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix snmptraps 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix snmptraps 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix snmptraps 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix snmptraps 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -117,7 +113,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/snmptraps/alpine/Dockerfile b/Dockerfiles/snmptraps/alpine/Dockerfile index d47798733..fca502aaa 100644 --- a/Dockerfiles/snmptraps/alpine/Dockerfile +++ b/Dockerfiles/snmptraps/alpine/Dockerfile @@ -48,8 +48,7 @@ RUN set -eux && \ touch /var/lib/net-snmp/snmptrapd.conf && \ chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ EXPOSE 1162/UDP diff --git a/Dockerfiles/snmptraps/centos/Dockerfile b/Dockerfiles/snmptraps/centos/Dockerfile index 22f15cba0..b25525d97 100644 --- a/Dockerfiles/snmptraps/centos/Dockerfile +++ b/Dockerfiles/snmptraps/centos/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION=6.4 ARG ZBX_VERSION=${MAJOR_VERSION}.11 @@ -21,18 +21,20 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is the image?

+

The image is used to receive SNMP traps, store them to a log file and provide access to Zabbix to collected SNMP trap messsages.

+

Zabbix snmptraps images

+

These are the only official Zabbix snmptraps Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-snmptraps

+

Start a Zabbix snmptraps container as follows:

+
podman run --name some-zabbix-snmptraps -p 162:1162/udp -d zabbix/zabbix-snmptraps:tag
+

Where some-zabbix-snmptraps is the name you want to assign to your container and tag is the tag specifying the version you want. See the list above for relevant tags, or look at the full list of tags.

+

Linking Zabbix server or Zabbix proxy with the container

+
podman run --name some-zabbix-server --link some-zabbix-snmptraps:zabbix-snmptraps --volumes-from some-zabbix-snmptraps -d zabbix/zabbix-server:tag
+

Container shell access and viewing Zabbix snmptraps logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-snmptraps container:

+
$ podman exec -ti some-zabbix-snmptraps /bin/bash
+
+

The Zabbix snmptraps log is available through Podman's container log:

+
$ podman logs  some-zabbix-snmptraps
+
+

Environment Variables

+

When you start the zabbix-snmptraps image, you can adjust the configuration by passing one or more environment variables on the podman run command line.

+

ZBX_SNMP_TRAP_DATE_FORMAT

+

This variable is represent date and time format in the output snmptraps.log file. By default, value is +%Y-%m-%dT%T%z. Please, refer to date command man for more details about date and time format.

+

ZBX_SNMP_TRAP_FORMAT

+

This variable is SNMP trap format in the output snmptraps.log file. By default, value is \n, in this case each new variable is placed on new line.

+

ZBX_SNMP_TRAP_USE_DNS

+

This variable manages source network address representation. It can be IP address or DNS of SNMP trap sender. The variable works only when container command is modified and "-n" command argument is removed from argument list. By default, value is false.

+

Allowed volumes for the Zabbix snmptraps container

+

/var/lib/zabbix/snmptraps

+

The volume contains log file snmptraps.log named with received SNMP traps.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the snmptraps/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/snmptraps/rhel/README.md b/Dockerfiles/snmptraps/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/snmptraps/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/snmptraps/ubuntu/Dockerfile b/Dockerfiles/snmptraps/ubuntu/Dockerfile index a3208dd3f..68a0f34ff 100644 --- a/Dockerfiles/snmptraps/ubuntu/Dockerfile +++ b/Dockerfiles/snmptraps/ubuntu/Dockerfile @@ -21,7 +21,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tzdata \ @@ -49,8 +50,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/mibs && \ chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - rm -rf /var/lib/apt/lists/* + chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ EXPOSE 1162/UDP diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index b8f36ebd8..dabc54eaf 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile index 10a183936..6a8ab14af 100644 --- a/Dockerfiles/web-apache-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-mysql/alpine/Dockerfile @@ -100,8 +100,7 @@ RUN set -eux && \ chmod -R g=u /etc/zabbix/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php81/ && \ chgrp -R 0 /etc/apache2/ /etc/php81/ && \ - chmod -R g=u /etc/apache2/ /etc/php81/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/apache2/ /etc/php81/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/centos/Dockerfile b/Dockerfiles/web-apache-mysql/centos/Dockerfile index fe4c567fc..fc6056c50 100644 --- a/Dockerfiles/web-apache-mysql/centos/Dockerfile +++ b/Dockerfiles/web-apache-mysql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -29,8 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ httpd \ @@ -47,15 +47,31 @@ RUN set -eux && \ php-xml \ findutils \ glibc-locale-source \ + shadow-utils \ supervisor" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf -y reinstall \ + --enablerepo "baseos" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ @@ -99,12 +115,10 @@ RUN set -eux && \ chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \ chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \ chmod -R g=u /run/httpd/ /var/lib/php/session/ && \ - dnf -y remove \ + microdnf -y remove \ findutils \ glibc-locale-source && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ol/Dockerfile b/Dockerfiles/web-apache-mysql/ol/Dockerfile index 9dd121692..5e5d1fe35 100644 --- a/Dockerfiles/web-apache-mysql/ol/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ httpd \ @@ -54,6 +55,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile index 2d0e119c5..6f3e87960 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ apache2 \ @@ -100,11 +101,10 @@ RUN set -eux && \ chgrp -R 0 /etc/apache2/ /etc/php/8.1/ && \ chmod -R g=u /etc/apache2/ /etc/php/8.1/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP - + WORKDIR /usr/share/zabbix COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index eca02da6b..0b750eab6 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile index ad079fc2b..0052523a3 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile @@ -99,8 +99,7 @@ RUN set -eux && \ chmod -R g=u /etc/zabbix/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php81/ && \ chgrp -R 0 /etc/apache2/ /etc/php81/ && \ - chmod -R g=u /etc/apache2/ /etc/php81/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/apache2/ /etc/php81/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/centos/Dockerfile b/Dockerfiles/web-apache-pgsql/centos/Dockerfile index e21593264..dd74cb580 100644 --- a/Dockerfiles/web-apache-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -29,8 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ httpd \ @@ -47,15 +47,31 @@ RUN set -eux && \ postgresql \ findutils \ glibc-locale-source \ + shadow-utils \ supervisor" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf -y reinstall \ + --enablerepo "baseos" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ @@ -99,12 +115,10 @@ RUN set -eux && \ chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \ chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \ chmod -R g=u /run/httpd/ /var/lib/php/session/ && \ - dnf -y remove \ + microdnf -y remove \ findutils \ glibc-locale-source && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ol/Dockerfile b/Dockerfiles/web-apache-pgsql/ol/Dockerfile index 91cf6991e..f4ab68347 100644 --- a/Dockerfiles/web-apache-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ httpd \ @@ -54,6 +55,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile index 6fbfdd55d..6342ecca6 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ apache2 \ @@ -100,8 +101,7 @@ RUN set -eux && \ chgrp -R 0 /etc/apache2/ /etc/php/8.1/ && \ chmod -R g=u /etc/apache2/ /etc/php/8.1/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index 93b394993..f248167d7 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -293,7 +289,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile index 801a772d2..ba77d4b29 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile @@ -98,8 +98,7 @@ RUN set -eux && \ chmod -R g=u /etc/nginx/ /etc/php81/php-fpm.d/ /etc/php81/php-fpm.conf && \ chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \ chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \ - chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh index f558c4d2f..a4368f121 100755 --- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -209,7 +209,7 @@ prepare_zbx_web_config() { export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} : ${ZBX_DB_VERIFY_HOST:="false"} export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,} - + export ZBX_VAULT=${ZBX_VAULT} export ZBX_VAULTURL=${ZBX_VAULTURL} export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH} diff --git a/Dockerfiles/web-nginx-mysql/centos/Dockerfile b/Dockerfiles/web-nginx-mysql/centos/Dockerfile index aec519580..b4d32c62f 100644 --- a/Dockerfiles/web-nginx-mysql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -29,8 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ mysql \ @@ -45,15 +45,31 @@ RUN set -eux && \ php-xml \ findutils \ glibc-locale-source \ + shadow-utils \ supervisor" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf -y reinstall \ + --enablerepo "baseos" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ @@ -94,12 +110,10 @@ RUN set -eux && \ chown --quiet -R zabbix:root /var/lib/php/session/ && \ chgrp -R 0 /var/lib/php/session/ && \ chmod -R g=u /var/lib/php/session/ && \ - dnf -y remove \ + microdnf -y remove \ findutils \ glibc-locale-source && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ol/Dockerfile b/Dockerfiles/web-nginx-mysql/ol/Dockerfile index b3f7381a7..e98bb939c 100644 --- a/Dockerfiles/web-nginx-mysql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ mysql \ @@ -52,6 +53,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -98,9 +100,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 686cefdb2..54f6be2db 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -48,7 +48,8 @@ COPY ["licenses", "/licenses"] COPY ["conf/etc/", "/etc/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tzdata \ curl-minimal \ @@ -78,6 +79,7 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -86,6 +88,7 @@ RUN set -eux && \ --setopt=install_weak_deps=0 \ --best \ --setopt=tsflags=nodocs \ + --setopt=keepcache=0 \ tzdata && \ groupadd \ --system \ @@ -131,9 +134,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/rhel/README.html b/Dockerfiles/web-nginx-mysql/rhel/README.html new file mode 100644 index 000000000..55b4e20d9 --- /dev/null +++ b/Dockerfiles/web-nginx-mysql/rhel/README.html @@ -0,0 +1,143 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix web interface?

+

Zabbix web interface is a part of Zabbix software. It is used to manage resources under monitoring and view monitoring statistics.

+

Zabbix web interface images

+

These are the only official Zabbix web interface Podman images. Images are updated when new releases are published.

+

Zabbix web interface available in four editions, but only one as Red Hat Certified container:

+
    +
  • Zabbix web-interface based on Apache2 web server with MySQL database support
    • +
  • Zabbix web-interface based on Apache2 web server with PostgreSQL database support
    • +
  • Zabbix web-interface based on Nginx web server with MySQL database support
    • +
  • Zabbix web-interface based on Nginx web server with PostgreSQL database support
    • +
+

The image based on Nginx web server with MySQL database support.

+

How to use this image

+

Start zabbix-web-nginx-mysql

+

Start a Zabbix web-interface container as follows:

+
podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Where some-zabbix-web-nginx-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server, some-zabbix-server is IP or DNS name of Zabbix server or proxy, some-timezone is PHP like timezone name and tag is the tag specifying the version you want.

+

Linking the container to Zabbix server

+
podman run --name some-zabbix-web-nginx-mysql --link some-zabbix-server:zabbix-server -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Linking the container to MySQL database

+
podman run --name some-zabbix-web-nginx-mysql --link some-mysql-server:mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Container shell access and viewing Zabbix web interface logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-web-nginx-mysql container:

+
$ podman exec -ti some-zabbix-web-nginx-mysql /bin/bash
+
+

The Zabbix web interface log is available through Podman's container log:

+
$ podman logs  some-zabbix-web-nginx-mysql
+
+

Environment Variables

+

When you start the zabbix-web-nginx-mysql image, you can adjust the configuration of the Zabbix web interface by passing one or more environment variables on the podman run command line.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server. By default, value is zabbix-server.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix web-interface to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+
+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix.

+

ZBX_HISTORYSTORAGEURL

+

History storage HTTP[S] URL. This parameter is used for Elasticsearch setup. Available since 3.4.5.

+

ZBX_HISTORYSTORAGETYPES

+

Array of value types to be sent to the history storage. An example: ['uint', 'dbl']. This parameter is used for Elasticsearch setup. Available since 3.4.5.

+

PHP_TZ

+

The variable is timezone in PHP format. Full list of supported timezones are available on php.net. By default, value is 'Europe/Riga' and system timezone since Zabbix 5.2.0.

+

ZBX_SERVER_NAME

+

The variable is visible Zabbix installation name in right or left top corner of the web interface.

+

DB_DOUBLE_IEEE754

+

Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Available since 5.0.0. Enabled by default.

+

ENABLE_WEB_ACCESS_LOG

+

The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.

+

HTTP_INDEX_FILE

+

The variable controls default index page. By default, index.php.

+

EXPOSE_WEB_SERVER_INFO

+

The variable allows to hide Web server and PHP versions. By default, on.

+

ZBX_MAXEXECUTIONTIME

+

The varable is PHP max_execution_time option. By default, value is 300.

+

ZBX_MEMORYLIMIT

+

The varable is PHP memory_limit option. By default, value is 128M.

+

ZBX_POSTMAXSIZE

+

The varable is PHP post_max_size option. By default, value is 16M.

+

ZBX_UPLOADMAXFILESIZE

+

The varable is PHP upload_max_filesize option. By default, value is 2M.

+

ZBX_MAXINPUTTIME

+

The varable is PHP max_input_time option. By default, value is 300.

+

ZBX_SESSION_NAME

+

The variable is Zabbix frontend definition. String used as the name of the Zabbix frontend session cookie. By default, value is zbx_sessionid.

+

ZBX_DENY_GUI_ACCESS

+

Enable (true) maintenance mode for Zabbix web-interface.

+

ZBX_GUI_ACCESS_IP_RANGE

+

Array of IP addresses which are allowed for accessing to Zabbix web-interface during maintenance period.

+

ZBX_GUI_WARNING_MSG

+

Information message about maintenance period for Zabbix web-interface.

+

ZBX_DB_ENCRYPTION

+

The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if ZBX_DB_ENCRYPTION=true specified. Available since 5.0.0. Disabled by default.

+

ZBX_DB_KEY_FILE

+

The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.

+

ZBX_DB_CERT_FILE

+

The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.

+

ZBX_DB_CA_FILE

+

The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.

+

ZBX_DB_VERIFY_HOST

+

The variable allows to activate host verification. Available since 5.0.0.

+

ZBX_DB_CIPHER_LIST

+

The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.

+

ZBX_SSO_SP_KEY

+

The variable allows to specify a custom file path to the Serivce Provider (SP) private key file.

+

ZBX_SSO_SP_CERT

+

The variable allows to specify a custom file path to the Serivce Provider (SP) cert file.

+

ZBX_SSO_IDP_CERT

+

The variable allows to specify a custom file path to the SAML Certificate provided by the Identity Provider (ID) file.

+

ZBX_SSO_SETTINGS

+

The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.

+

Example of YAML Mapping to Sequences

+
....
+  environment:
+    ZBX_SSO_SETTINGS: "{'baseurl': 'https://zabbix-docker.mydomain.com', 'use_proxy_headers': true, 'strict': false}"
+    ....
+....
+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+
+Allowed PHP-FPM configuration options:
+PHP_FPM_PM=dynamic
+PHP_FPM_PM_MAX_CHILDREN=50
+PHP_FPM_PM_START_SERVERS=5
+PHP_FPM_PM_MIN_SPARE_SERVERS=5
+PHP_FPM_PM_MAX_SPARE_SERVERS=35
+PHP_FPM_PM_MAX_REQUESTS=0
+

Allowed volumes for the Zabbix web interface container

+

/etc/ssl/nginx

+

The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ssl.crt, ssl.key and dhparam.pem prepared for Nginx SSL connections.

+

Please follow official Nginx documentation to get more details about how to create certificate files.

+

/etc/zabbix/web/certs

+

The volume allows to use custom certificates for SAML authentification. The volume must contains three files sp.key, sp.crt and idp.crt. Available since 5.0.0.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the web-nginx-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/web-nginx-mysql/rhel/README.md b/Dockerfiles/web-nginx-mysql/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/web-nginx-mysql/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo index 4a460fee8..03c98e3fa 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo @@ -1,8 +1,7 @@ [nginx-stable] name=nginx stable repo -baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/ +baseurl=https://nginx.org/packages/rhel/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true - diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index 220c6339c..57a7da913 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -59,7 +60,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ @@ -121,8 +122,7 @@ RUN set -eux && \ dirmngr \ gpg-agent && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index ef31b63e1..6a602b609 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile index 7d78062e3..ba7109a29 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile @@ -97,8 +97,7 @@ RUN set -eux && \ chmod -R g=u /etc/nginx/ /etc/php81/php-fpm.d/ /etc/php81/php-fpm.conf && \ chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \ chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \ - chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile index 781794e7a..65a1b5314 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-pgsql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -29,8 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ findutils \ @@ -45,15 +45,31 @@ RUN set -eux && \ php-pgsql \ php-xml \ postgresql \ + shadow-utils \ supervisor" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ + microdnf -y reinstall \ + --enablerepo "baseos" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ @@ -94,12 +110,10 @@ RUN set -eux && \ chown --quiet -R zabbix:root /var/lib/php/session/ && \ chgrp -R 0 /var/lib/php/session/ && \ chmod -R g=u /var/lib/php/session/ && \ - dnf -y remove \ + microdnf -y remove \ findutils \ glibc-locale-source && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile index 3288a0b1c..f98c0e761 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ findutils \ @@ -52,6 +53,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -98,9 +100,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index 2357ea7e3..5deaf5f8b 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -59,7 +60,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ @@ -121,8 +122,7 @@ RUN set -eux && \ dirmngr \ gpg-agent && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-service/README.md b/Dockerfiles/web-service/README.md index 2f5be9784..33ccf9cbd 100644 --- a/Dockerfiles/web-service/README.md +++ b/Dockerfiles/web-service/README.md @@ -14,12 +14,10 @@ Zabbix web service for performing various tasks using headless web browser (for # Zabbix web service images -These are the only official Zabbix web service Docker images. They are based on Alpine Linux v3.13, Ubuntu 20.04 (focal), 22.04 (jammy) and Oracle Linux 8 images. The available versions of Zabbix web service are: +These are the only official Zabbix web service Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy) and Oracle Linux 9 images. The available versions of Zabbix web service are: Zabbix web service 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web service 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web service 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest, alpine-latest, ubuntu-latest, ol-latest, latest) - Zabbix web service 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web service 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web service 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web service 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -103,7 +101,7 @@ Please use official documentation for [``zabbix_web_service.conf``](https://www. ## Allowed volumes for the Zabbix web service container ### ``/var/lib/zabbix/enc`` - + The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCERTFILE`` and ``ZBX_TLSKEY_FILE`` variables. # The image variants @@ -138,7 +136,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/5.4/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-service/alpine/Dockerfile b/Dockerfiles/web-service/alpine/Dockerfile index b1138292a..36c1b8794 100644 --- a/Dockerfiles/web-service/alpine/Dockerfile +++ b/Dockerfiles/web-service/alpine/Dockerfile @@ -53,8 +53,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/centos/Dockerfile b/Dockerfiles/web-service/centos/Dockerfile index fa0ef2ce7..b8d9a360e 100644 --- a/Dockerfiles/web-service/centos/Dockerfile +++ b/Dockerfiles/web-service/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -30,18 +30,27 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", "/usr/sbin/zabbix_web_service"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] -RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ - chromium-headless" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ + chromium-headless \ + shadow-utils" && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -60,9 +69,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/ol/Dockerfile b/Dockerfiles/web-service/ol/Dockerfile index e1aa84866..2db43d146 100644 --- a/Dockerfiles/web-service/ol/Dockerfile +++ b/Dockerfiles/web-service/ol/Dockerfile @@ -31,7 +31,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ chromium-headless" && \ microdnf -y install \ @@ -40,6 +41,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -61,9 +63,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index cd889aded..8c3eaa2ca 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE @@ -49,7 +49,8 @@ COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", "/usr/sbin/zabbix_web_service"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ chromium-headless" && \ @@ -65,6 +66,7 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -73,6 +75,7 @@ RUN set -eux && \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ nss nss-sysinit && \ @@ -90,9 +93,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/rhel/README.html b/Dockerfiles/web-service/rhel/README.html new file mode 100644 index 000000000..82f33b76c --- /dev/null +++ b/Dockerfiles/web-service/rhel/README.html @@ -0,0 +1,67 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix web service?

+

Zabbix web service for performing various tasks using headless web browser (for example, reporting).

+

Zabbix web service images

+

These are the only official Zabbix web service Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-web-service

+

Start a Zabbix web service container as follows:

+
podman run --name some-zabbix-web-service -e ZBX_ALLOWEDIP="some-zabbix-server" --cap-add=SYS_ADMIN -d zabbix/zabbix-web-service:tag
+

Where some-zabbix-web-service is the name you want to assign to your container, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+

Connects from Zabbix server in other containers

+

This image exposes the standard Zabbix web service port (10053) to perform communication, so container linking makes Zabbix web service instance available to Zabbix server containers. Start your application container like this in order to link it to the Zabbix web service container:

+
$ podman run --name some-zabbix-server --link some-zabbix-web-service:zabbix-web-service -e ZBX_STARTREPORTWRITERS="2" -e ZBX_WEBSERVICEURL="http://some-zabbix-web-service:10053/report" -d zabbix/zabbix-server:latest
+
+

Container shell access and viewing Zabbix web service logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-web-service container:

+
$ podman exec -ti some-zabbix-web-service /bin/bash
+
+

The Zabbix web service log is available through Podman's container log:

+
$ podman logs some-zabbix-web-service
+
+

Environment Variables

+

When you start the zabbix-web-service image, you can adjust the configuration of the Zabbix web service by passing one or more environment variables on the podman run command line.

+

ZBX_ALLOWEDIP

+

This variable is IP or DNS name or list of IP / DNS names of Zabbix server. By default, value is zabbix-server.

+

ZBX_LISTENPORT

+

Listen port for incoming request. By default, value is 10053.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_web_service.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing requests. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_IGNOREURLCERTERRORS=0
+

Default values of these variables are specified after equal sign.

+

Please use official documentation for zabbix_web_service.conf to get more information about the variables.

+

Allowed volumes for the Zabbix web service container

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCERTFILE and ZBX_TLSKEY_FILE variables.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the web-service/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Zabbix web services uses Google Chromium with headless mode. Because of restrictions you may see the following error during report generation:

+
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
+

To avoid the issue it is required to add SYS_ADMIN capability for Zabbix web service. The capability is redundant and allow too much.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/web-service/rhel/README.md b/Dockerfiles/web-service/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/web-service/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/web-service/ubuntu/Dockerfile b/Dockerfiles/web-service/ubuntu/Dockerfile index 29f72625c..ec3d18c64 100644 --- a/Dockerfiles/web-service/ubuntu/Dockerfile +++ b/Dockerfiles/web-service/ubuntu/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] COPY ["conf/etc/apt/preferences.d/chromium.pref", "/etc/apt/preferences.d/chromium.pref"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -71,8 +72,7 @@ RUN set -eux && \ purge \ ${INSTALL_TEMP_PKGS} && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref b/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref index 4c83dc746..48609ef42 100644 --- a/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref +++ b/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref @@ -11,4 +11,4 @@ Pin-Priority: 300 # named dependencies: Package: chromium* Pin: origin "ftp.debian.org" -Pin-Priority: 700 \ No newline at end of file +Pin-Priority: 700 diff --git a/README.md b/README.md index ed18e5470..a98d76d69 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8395/badge)](https://www.bestpractices.dev/projects/8395) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker) +[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/8395/badge)](https://bestpractices.coreinfrastructure.org/projects/8395) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker) [![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=6.4&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml) [![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=6.4&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml) diff --git a/build.json b/build.json index 931d9aa08..c965bf123 100644 --- a/build.json +++ b/build.json @@ -8,43 +8,43 @@ "linux/s390x", "linux/ppc64le" ], + "centos": [ + "linux/amd64", + "linux/arm64", + "linux/ppc64le" + ], "ol": [ "linux/amd64", "linux/arm64" ], + "rhel": [ + "X64", + "ARM64" + ], "ubuntu": [ "linux/amd64", "linux/arm/v7", "linux/arm64", "linux/s390x" - ], - "centos": [ - "linux/amd64", - "linux/arm64", - "linux/ppc64le" - ], - "rhel": [ - "X64", - "ARM64" ] }, "os-windows": { - "windows-2022": "ltsc2022", - "windows-2019": "ltsc2019" + "windows-2019": "ltsc2019", + "windows-2022": "ltsc2022" }, "components": { - "agent": { "base" : "build-mysql", "rhel" : true }, - "agent2": { "base" : "build-mysql", "rhel" : true }, - "java-gateway": { "base" : "build-mysql", "rhel" : true }, - "proxy-mysql": { "base" : "build-mysql", "rhel" : true }, - "proxy-sqlite3": { "base" : "build-sqlite3", "rhel" : true }, - "server-mysql": { "base" : "build-mysql", "rhel" : true }, - "server-pgsql": { "base" : "build-pgsql", "rhel" : false }, - "snmptraps": { "base" : "", "rhel" : true }, - "web-apache-mysql": { "base" : "build-mysql", "rhel" : false }, - "web-apache-pgsql": { "base" : "build-pgsql", "rhel" : false }, - "web-nginx-mysql": { "base" : "build-mysql", "rhel" : true }, - "web-nginx-pgsql": { "base" : "build-mysql", "rhel" : false }, - "web-service": { "base" : "build-mysql", "rhel" : true } + "agent": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e7a9b0ca19f84ed9bad" }, + "agent2": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e0f0483afdd5e26f6f5" }, + "java-gateway": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e3c51aac3123e043e54" }, + "proxy-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e4f8f6bfc30cd1440d8" }, + "proxy-sqlite3": { "base": "build-sqlite3", "rhel": true, "rhel_project": "63f30e273f0b02a2e2cbdad1" }, + "server-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e629b0ca19f84ed9b80" }, + "server-pgsql": { "base": "build-pgsql", "rhel": false }, + "snmptraps": { "base": "", "rhel": true, "rhel_project": "63f30e2d0ef1d13d82d39793" }, + "web-apache-mysql": { "base": "build-mysql", "rhel": false }, + "web-apache-pgsql": { "base": "build-pgsql", "rhel": false }, + "web-nginx-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e478857871bae486514" }, + "web-nginx-pgsql": { "base": "build-mysql", "rhel": false }, + "web-service": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e3a3854c988f07dacbe" } } } diff --git a/env_vars/mysql_init/init_proxy_db.sql b/env_vars/mysql_init/init_proxy_db.sql index ca8c6e4c8..0f01f932a 100644 --- a/env_vars/mysql_init/init_proxy_db.sql +++ b/env_vars/mysql_init/init_proxy_db.sql @@ -1,2 +1,2 @@ CREATE DATABASE IF NOT EXISTS `zabbix_proxy`; -GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%'; \ No newline at end of file +GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%'; diff --git a/kubernetes.yaml b/kubernetes.yaml index 02a023716..4720823c4 100644 --- a/kubernetes.yaml +++ b/kubernetes.yaml @@ -603,12 +603,6 @@ spec: periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 40 - livenessProbe: - tcpSocket: - port: 10051 - timeoutSeconds: 3 - failureThreshold: 3 - periodSeconds: 10 securityContext: capabilities: {} privileged: false