From cad6d1eb7c0460ec96f44af3e6251ee851370229 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 14 Feb 2024 20:51:57 +0900 Subject: [PATCH 01/54] Fixed style of files --- .github/ISSUE_TEMPLATE | 2 +- .github/workflows/sonarcloud.yml | 2 +- .pre-commit-config.yaml | 61 +++++++++++++------ .../agent/windows/docker-entrypoint.ps1 | 10 +-- .../agent2/rhel/licenses/apache-2.0.txt | 2 +- .../agent2/windows/docker-entrypoint.ps1 | 10 +-- .../build-base/windows/modbus.vs16.sln | 2 +- .../build-base/windows/modbus.vs16.vcxproj | 2 +- .../windows/modbus.vs16.vcxproj.filters | 2 +- Dockerfiles/proxy-mysql/README.md | 2 +- .../server-pgsql/alpine/docker-entrypoint.sh | 2 +- .../server-pgsql/centos/docker-entrypoint.sh | 2 +- .../server-pgsql/ol/docker-entrypoint.sh | 2 +- .../server-pgsql/ubuntu/docker-entrypoint.sh | 2 +- .../conf/etc/httpd/conf.d/99-zabbix.conf | 2 +- .../ol/conf/etc/httpd/conf.d/99-zabbix.conf | 2 +- .../web-apache-mysql/ubuntu/Dockerfile | 2 +- .../conf/etc/httpd/conf.d/99-zabbix.conf | 2 +- .../ol/conf/etc/httpd/conf.d/99-zabbix.conf | 2 +- .../alpine/docker-entrypoint.sh | 2 +- .../rhel/conf/etc/yum.repo.d/nginx.repo | 1 - Dockerfiles/web-service/README.md | 2 +- .../conf/etc/apt/preferences.d/chromium.pref | 2 +- build.json | 48 +++++++-------- env_vars/mysql_init/init_proxy_db.sql | 2 +- kubernetes.yaml | 6 -- 26 files changed, 95 insertions(+), 81 deletions(-) diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE index 337bf9058..a57b6ed28 100644 --- a/.github/ISSUE_TEMPLATE +++ b/.github/ISSUE_TEMPLATE @@ -34,4 +34,4 @@ ```paste below -``` \ No newline at end of file +``` diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 252c73636..2fa6f8be5 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -47,7 +47,7 @@ jobs: uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit - + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0438c73dc..74989927d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,20 +1,41 @@ - - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.3 - hooks: - - id: gitleaks - - repo: https://github.com/jumanjihouse/pre-commit-hooks - rev: 3.0.0 - hooks: - - id: shellcheck - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 - hooks: - - id: end-of-file-fixer - - id: trailing-whitespace - - id: check-yaml - - id: check-symlinks - - id: pretty-format-json -- repo: https://github.com/asottile/setup-cfg-fmt - rev: v2.5.0 - hooks: - - id: setup-cfg-fmt +repos: +- repo: https://github.com/gitleaks/gitleaks + rev: v8.16.3 + hooks: + - id: gitleaks +- repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shellcheck +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: end-of-file-fixer + exclude: | + (?x)( + ^env_vars/\.MYSQL | + ^env_vars/\.POSTGRES + ) +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: trailing-whitespace + exclude: | + (?x)( + .*\.patch$ + ) + - id: check-yaml + args: [--allow-multiple-documents] + - id: check-symlinks +# - id: pretty-format-json + - id: check-added-large-files +#- repo: https://github.com/adrienverge/yamllint.git +# rev: v1.21.0 # or higher tag +# hooks: +# - id: yamllint +# args: [--format, parsable, --strict] +#- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt +# rev: 0.2.3 +# hooks: +# - id: yamlfmt +# args: [--mapping, '2', --sequence, '1', --offset, '0', --colons, --width, '400'] diff --git a/Dockerfiles/agent/windows/docker-entrypoint.ps1 b/Dockerfiles/agent/windows/docker-entrypoint.ps1 index ea526c194..c7a459b23 100644 --- a/Dockerfiles/agent/windows/docker-entrypoint.ps1 +++ b/Dockerfiles/agent/windows/docker-entrypoint.ps1 @@ -40,7 +40,7 @@ function Update-Config-Var { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { throw "**** Configuration file '$ConfigPath' does not exist" } - + if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." } @@ -50,12 +50,12 @@ function Update-Config-Var { if ([string]::IsNullOrWhitespace($VarValue)) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Where-Object {$_ -notmatch "^$VarName=" } | Set-Content $ConfigPath } - Write-Host "removed" + Write-Host "removed" return } @@ -64,7 +64,7 @@ function Update-Config-Var { Write-Host "undefined" return } - + if ($VarName -match '^TLS.*File$') { $VarValue="$ZabbixUserHomeDir\enc\$VarValue" } @@ -75,7 +75,7 @@ function Update-Config-Var { Write-Host updated } elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Foreach-Object { $_ if ($_ -match "^[#;] $VarName=") { diff --git a/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt b/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt index 39f57220f..9006b97b3 100644 --- a/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt +++ b/Dockerfiles/agent2/rhel/licenses/apache-2.0.txt @@ -199,4 +199,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 b/Dockerfiles/agent2/windows/docker-entrypoint.ps1 index 2d0736052..8777e39fc 100644 --- a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 +++ b/Dockerfiles/agent2/windows/docker-entrypoint.ps1 @@ -40,7 +40,7 @@ function Update-Config-Var { if (-not(Test-Path -Path $ConfigPath -PathType Leaf)) { throw "**** Configuration file '$ConfigPath' does not exist" } - + if ($MaskList.Contains($VarName) -eq $true -And [string]::IsNullOrWhitespace($VarValue) -ne $true) { Write-Host -NoNewline "** Updating '$ConfigPath' parameter ""$VarName"": '****'. Enable DEBUG_MODE to view value ..." } @@ -50,12 +50,12 @@ function Update-Config-Var { if ([string]::IsNullOrWhitespace($VarValue)) { if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Where-Object {$_ -notmatch "^$VarName=" } | Set-Content $ConfigPath } - Write-Host "removed" + Write-Host "removed" return } @@ -64,7 +64,7 @@ function Update-Config-Var { Write-Host "undefined" return } - + if ($VarName -match '^TLS.*File$') { $VarValue="$ZabbixUserHomeDir\enc\$VarValue" } @@ -75,7 +75,7 @@ function Update-Config-Var { Write-Host updated } elseif ((Get-Content $ConfigPath | select-string -pattern "^[#;] $VarName=").length -gt 0) { - (Get-Content $ConfigPath) | + (Get-Content $ConfigPath) | Foreach-Object { $_ if ($_ -match "^[#;] $VarName=") { diff --git a/Dockerfiles/build-base/windows/modbus.vs16.sln b/Dockerfiles/build-base/windows/modbus.vs16.sln index 19ce76466..5e593bcee 100644 --- a/Dockerfiles/build-base/windows/modbus.vs16.sln +++ b/Dockerfiles/build-base/windows/modbus.vs16.sln @@ -28,4 +28,4 @@ Global GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {6CF51673-664F-4C9F-B3FE-991FF423F3B6} EndGlobalSection -EndGlobal \ No newline at end of file +EndGlobal diff --git a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj index 9cf530ccf..e1d48e03c 100644 --- a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj +++ b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj @@ -262,4 +262,4 @@ - \ No newline at end of file + diff --git a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters index 819f877e5..19d40f654 100644 --- a/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters +++ b/Dockerfiles/build-base/windows/modbus.vs16.vcxproj.filters @@ -59,4 +59,4 @@ Resource Files - \ No newline at end of file + diff --git a/Dockerfiles/proxy-mysql/README.md b/Dockerfiles/proxy-mysql/README.md index 3bc4e3704..77abee817 100644 --- a/Dockerfiles/proxy-mysql/README.md +++ b/Dockerfiles/proxy-mysql/README.md @@ -113,7 +113,7 @@ This variable is port Zabbix server listening on. By default, value is `10051`. This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server' ### `DB_SERVER_PORT` - + This variable is port of MySQL server. By default, value is '3306'. ### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE` diff --git a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh index c2e7d941c..bd3ce7f9e 100755 --- a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh index 9e1be2ee9..bcede0389 100755 --- a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh @@ -331,7 +331,7 @@ apply_db_scripts() { } create_db_schema_postgresql() { - DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile index 2d0e119c5..270fdc2cb 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile @@ -104,7 +104,7 @@ RUN set -eux && \ rm -rf /var/lib/apt/lists/* EXPOSE 8080/TCP 8443/TCP - + WORKDIR /usr/share/zabbix COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf index 7b1080149..c28b761b9 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf @@ -1,3 +1,3 @@ PidFile "/tmp/httpd.pid" - \ No newline at end of file + diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh index f558c4d2f..a4368f121 100755 --- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -209,7 +209,7 @@ prepare_zbx_web_config() { export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} : ${ZBX_DB_VERIFY_HOST:="false"} export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,} - + export ZBX_VAULT=${ZBX_VAULT} export ZBX_VAULTURL=${ZBX_VAULTURL} export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH} diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo index 4a460fee8..d2d149230 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo @@ -5,4 +5,3 @@ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true - diff --git a/Dockerfiles/web-service/README.md b/Dockerfiles/web-service/README.md index 2f5be9784..b675422b3 100644 --- a/Dockerfiles/web-service/README.md +++ b/Dockerfiles/web-service/README.md @@ -103,7 +103,7 @@ Please use official documentation for [``zabbix_web_service.conf``](https://www. ## Allowed volumes for the Zabbix web service container ### ``/var/lib/zabbix/enc`` - + The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCERTFILE`` and ``ZBX_TLSKEY_FILE`` variables. # The image variants diff --git a/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref b/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref index 4c83dc746..48609ef42 100644 --- a/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref +++ b/Dockerfiles/web-service/ubuntu/conf/etc/apt/preferences.d/chromium.pref @@ -11,4 +11,4 @@ Pin-Priority: 300 # named dependencies: Package: chromium* Pin: origin "ftp.debian.org" -Pin-Priority: 700 \ No newline at end of file +Pin-Priority: 700 diff --git a/build.json b/build.json index 931d9aa08..4905c9bb5 100644 --- a/build.json +++ b/build.json @@ -8,43 +8,43 @@ "linux/s390x", "linux/ppc64le" ], + "centos": [ + "linux/amd64", + "linux/arm64", + "linux/ppc64le" + ], "ol": [ "linux/amd64", "linux/arm64" ], + "rhel": [ + "X64", + "ARM64" + ], "ubuntu": [ "linux/amd64", "linux/arm/v7", "linux/arm64", "linux/s390x" - ], - "centos": [ - "linux/amd64", - "linux/arm64", - "linux/ppc64le" - ], - "rhel": [ - "X64", - "ARM64" ] }, "os-windows": { - "windows-2022": "ltsc2022", - "windows-2019": "ltsc2019" + "windows-2019": "ltsc2019", + "windows-2022": "ltsc2022" }, "components": { - "agent": { "base" : "build-mysql", "rhel" : true }, - "agent2": { "base" : "build-mysql", "rhel" : true }, - "java-gateway": { "base" : "build-mysql", "rhel" : true }, - "proxy-mysql": { "base" : "build-mysql", "rhel" : true }, - "proxy-sqlite3": { "base" : "build-sqlite3", "rhel" : true }, - "server-mysql": { "base" : "build-mysql", "rhel" : true }, - "server-pgsql": { "base" : "build-pgsql", "rhel" : false }, - "snmptraps": { "base" : "", "rhel" : true }, - "web-apache-mysql": { "base" : "build-mysql", "rhel" : false }, - "web-apache-pgsql": { "base" : "build-pgsql", "rhel" : false }, - "web-nginx-mysql": { "base" : "build-mysql", "rhel" : true }, - "web-nginx-pgsql": { "base" : "build-mysql", "rhel" : false }, - "web-service": { "base" : "build-mysql", "rhel" : true } + "agent": { "base": "build-mysql", "rhel": true }, + "agent2": { "base": "build-mysql", "rhel": true }, + "java-gateway": { "base": "build-mysql", "rhel": true }, + "proxy-mysql": { "base": "build-mysql", "rhel": true }, + "proxy-sqlite3": { "base": "build-sqlite3", "rhel": true }, + "server-mysql": { "base": "build-mysql", "rhel": true }, + "server-pgsql": { "base": "build-pgsql", "rhel": false }, + "snmptraps": { "base": "", "rhel": true }, + "web-apache-mysql": { "base": "build-mysql", "rhel": false }, + "web-apache-pgsql": { "base": "build-pgsql", "rhel": false }, + "web-nginx-mysql": { "base": "build-mysql", "rhel": true }, + "web-nginx-pgsql": { "base": "build-mysql", "rhel": false }, + "web-service": { "base": "build-mysql", "rhel": true } } } diff --git a/env_vars/mysql_init/init_proxy_db.sql b/env_vars/mysql_init/init_proxy_db.sql index ca8c6e4c8..0f01f932a 100644 --- a/env_vars/mysql_init/init_proxy_db.sql +++ b/env_vars/mysql_init/init_proxy_db.sql @@ -1,2 +1,2 @@ CREATE DATABASE IF NOT EXISTS `zabbix_proxy`; -GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%'; \ No newline at end of file +GRANT ALL ON `zabbix_proxy`.* TO 'zabbix'@'%'; diff --git a/kubernetes.yaml b/kubernetes.yaml index 02a023716..4720823c4 100644 --- a/kubernetes.yaml +++ b/kubernetes.yaml @@ -603,12 +603,6 @@ spec: periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 40 - livenessProbe: - tcpSocket: - port: 10051 - timeoutSeconds: 3 - failureThreshold: 3 - periodSeconds: 10 securityContext: capabilities: {} privileged: false From 407052d10f29165655bb1790b0dc9141b657dd07 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 14 Feb 2024 21:16:21 +0900 Subject: [PATCH 02/54] Updated README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ed18e5470..a98d76d69 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8395/badge)](https://www.bestpractices.dev/projects/8395) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker) +[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/8395/badge)](https://bestpractices.coreinfrastructure.org/projects/8395) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker) [![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=6.4&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml) [![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=6.4&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml) From da2bf63b4819b4bc35cb2b67b2b339db18ff7b02 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 14 Feb 2024 21:25:58 +0900 Subject: [PATCH 03/54] Merge pull request #1179 from zabbix/rhel_image_trunk Pinned RHEL 9.3 image version --- Dockerfiles/agent/rhel/Dockerfile | 2 +- Dockerfiles/agent2/rhel/Dockerfile | 2 +- Dockerfiles/build-base/rhel/Dockerfile | 2 +- Dockerfiles/java-gateway/rhel/Dockerfile | 2 +- Dockerfiles/proxy-mysql/rhel/Dockerfile | 2 +- Dockerfiles/proxy-sqlite3/rhel/Dockerfile | 2 +- Dockerfiles/server-mysql/rhel/Dockerfile | 2 +- Dockerfiles/snmptraps/rhel/Dockerfile | 2 +- Dockerfiles/web-nginx-mysql/rhel/Dockerfile | 2 +- Dockerfiles/web-service/rhel/Dockerfile | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 2871f2fe7..5f09f7f05 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index e34f56cb6..f86a7d57e 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/build-base/rhel/Dockerfile b/Dockerfiles/build-base/rhel/Dockerfile index e94f8bcc1..f64600d3c 100644 --- a/Dockerfiles/build-base/rhel/Dockerfile +++ b/Dockerfiles/build-base/rhel/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION=6.4 ARG RELEASE=11 diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index 73de6b9d6..8bc095a3b 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 5aa089644..9d730ceb6 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index b4de92e7e..7079f35c8 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-sqlite3:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 49d5921f5..87539de11 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index 1c6f3a0f9..af8586cd8 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION=6.4 ARG RELEASE=11 diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 686cefdb2..e6eec6a87 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index cd889aded..7407bee16 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -6,7 +6,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:rhel-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM registry.access.redhat.com/ubi9/ubi-minimal:latest +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG MAJOR_VERSION ARG RELEASE From 6a087355e9316d4adf998498d92c5024035c901b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 06:45:58 +0000 Subject: [PATCH 04/54] Bump actions/dependency-review-action from 4.0.0 to 4.1.0 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4901385134134e04cec5fbe5ddfe3b2c5bd5d976...80f10bf419f34980065523f5efca7ebed17576aa) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 62b6f9151..42af9afce 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,4 +28,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0 From 8466fff1984e5b0383f10cb0e7ae64f5c6224f87 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 14:19:02 +0900 Subject: [PATCH 05/54] Merge pull request #1182 from zabbix/security_patches Security patches --- Dockerfiles/build-mysql/alpine/Dockerfile | 2 +- Dockerfiles/build-mysql/centos/Dockerfile | 2 +- Dockerfiles/build-mysql/ol/Dockerfile | 2 +- Dockerfiles/build-mysql/rhel/Dockerfile | 2 +- Dockerfiles/build-mysql/ubuntu/Dockerfile | 2 +- Dockerfiles/build-pgsql/alpine/Dockerfile | 2 +- Dockerfiles/build-pgsql/centos/Dockerfile | 2 +- Dockerfiles/build-pgsql/ol/Dockerfile | 2 +- Dockerfiles/build-pgsql/ubuntu/Dockerfile | 2 +- Dockerfiles/build-sqlite3/alpine/Dockerfile | 2 +- Dockerfiles/build-sqlite3/centos/Dockerfile | 2 +- Dockerfiles/build-sqlite3/ol/Dockerfile | 2 +- Dockerfiles/build-sqlite3/rhel/Dockerfile | 2 +- Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../rhel/conf/etc/yum.repo.d/nginx.repo | 2 +- .../rhel/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- 34 files changed, 1088 insertions(+), 340 deletions(-) diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 116806c6b..07105e777 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index 6b2c4bbcb..9d77eb98a 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index 8097cf3e2..4fefb7407 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index e468fb2b7..4f2f62578 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -82,7 +82,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index c0ba80413..05dc9c058 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 13a115e90..299f71728 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 833546c25..082acbb5d 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index fe463015e..aeef7feaa 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index 5a0164d67..faf9566c8 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 7828b51ef..1d231220c 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 33a1fdf15..b678a8d9c 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 7b0bdf78f..fc0155652 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index 334edd17a..6ac111b41 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -68,7 +68,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index e13bc94f3..1d244bad8 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo index d2d149230..03c98e3fa 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo @@ -1,6 +1,6 @@ [nginx-stable] name=nginx stable repo -baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/ +baseurl=https://nginx.org/packages/rhel/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index 220c6339c..547eabcb9 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -59,7 +59,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index 2357ea7e3..31df39c4c 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -59,7 +59,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a4..27bdc211d 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) { $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); From 2c3d1013ddfa4d0679327ed9dac534cdcd6a2fdf Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 14:22:44 +0900 Subject: [PATCH 06/54] Merge pull request #1183 from zabbix/security_patches Updated Zabbix web-frontend configuration file --- .../web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211d..734ff03ff 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ if (file_exists('/etc/zabbix/web/certs/vault.crt')) { $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; From 1812b53ea0f77653350397f3f6df1f7373109739 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 15:00:11 +0900 Subject: [PATCH 07/54] Updated Zabbix web-frontend configuration file --- .../web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 734ff03ff..b63116535 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -20,7 +20,7 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; From 9bac8adbf677ff9c33142eb136a161ae190debba Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 16:19:56 +0900 Subject: [PATCH 08/54] RHEL build workflow update --- .github/workflows/images_build_rhel.yml | 418 +++++++++++++++++------- 1 file changed, 308 insertions(+), 110 deletions(-) diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 465fb212b..fa803125f 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -47,6 +47,9 @@ env: PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable" PFLT_LOGLEVEL: "warn" PFLT_ARTIFACTS: "/tmp/artifacts" + IMAGE_DIR: "/tmp/images" + + RHEL_BUILD: "true" jobs: init_build: @@ -54,8 +57,10 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + actions: write outputs: platforms: ${{ steps.platform_list.outputs.list }} + database: ${{ steps.database.outputs.list }} components: ${{ steps.components.outputs.list }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }} @@ -68,12 +73,15 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + api.github.com:443 github.com:443 + objects.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 + sparse-checkout: ${{ env.MATRIX_FILE }} - name: Check ${{ env.MATRIX_FILE }} file id: build_exists @@ -98,12 +106,25 @@ jobs: echo "list=$platform_list" >> $GITHUB_OUTPUT + - name: Prepare Database engine list + id: database + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + database_list=$(jq -r '[.components | map_values(select(.rhel == true)) | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE") + + echo "::group::Database List" + echo "$database_list" + echo "::endgroup::" + + echo "list=$database_list" >> $GITHUB_OUTPUT + - name: Prepare Zabbix component list id: components env: MATRIX_FILE: ${{ env.MATRIX_FILE }} run: | - component_list=$(jq -r '.components |map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") + component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") echo "::group::Zabbix Component List" echo "$component_list" @@ -131,7 +152,7 @@ jobs: result=true fi - echo "::group::Branch data" + echo "::group::Branch metadata" echo "is_default_branch - $result" echo "current_branch - $github_ref" echo "secret_prefix=RHEL_${github_ref//.}" @@ -143,7 +164,27 @@ jobs: echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT echo "sha_short=$sha_short" >> $GITHUB_OUTPUT + - name: Cleanup cache + shell: bash + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ github.repository }} + BRANCH: ${{ steps.branch_info.outputs.current_branch }} + GH_RUN_ID: ${{ github.run_id }} + run: | + gh extension install actions/gh-actions-cache + cache_keys=$(gh actions-cache list -R "${REPO}" -B "${BRANCH}" -L 100 --sort created-at --order desc | cut -f 1) + + ## Setting this to not fail the workflow while deleting cache keys + set +e + echo "Deleting caches..." + for cache_key in $cache_keys + do + if [[ "$cache_key" == *"${GH_RUN_ID}" ]]; then + gh actions-cache delete $cache_key -R "${REPO}" -B "${BRANCH}" --confirm + fi + done build_base: timeout-minutes: 30 @@ -186,7 +227,7 @@ jobs: tags: | type=sha,suffix=-${{ steps.lc.outputs.arch }} - - name: Build Zabbix Build Base + - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: @@ -197,28 +238,83 @@ jobs: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile extra-args: | --pull + --iidfile=${{ github.workspace }}/iidfile - - name: Image digest + - name: Prepare image metadata + id: image_metadata env: - IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + GITHUB_WORKSPACE: ${{ github.workspace }} run: | - DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) - echo "::group::Image digest" - echo "$DIGEST" + TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile) + + echo "::group::Image tag" + echo "image_tag=$IMAGE_TAG" + echo "::endgroup::" + echo "::group::Image Tag ID" + echo "tag_id=$TAG_ID" echo "::endgroup::" echo "::group::Cache file name" echo "$CACHE_FILE_NAME" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id" + echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag" - - name: Cache image digest - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT + echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT + + - name: Cache image metadata + uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + - name: Push image to local storage + id: push_image + env: + IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + echo "Image ${IMAGE_TAG} location: \"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" + podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + + - name: Post build image + if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + + rm -rf "$GITHUB_WORKSPACE/iidfile" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + - name: Check on failures + if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} + env: + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + run: | + echo "::group::Removing orphaned image" + rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + build_base_database: timeout-minutes: 180 needs: [ "build_base", "init_build"] @@ -226,12 +322,11 @@ jobs: strategy: fail-fast: false matrix: - build: [build-mysql, build-sqlite3] + build: ${{ fromJson(needs.init_build.outputs.database) }} arch: ${{ fromJson(needs.init_build.outputs.platforms) }} runs-on: [self-hosted, linux, "${{ matrix.arch }}"] permissions: contents: read - id-token: write steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -245,6 +340,43 @@ jobs: run: | echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag + key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image + id: base_build + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id") + BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag") + + echo "::group::Pull image" + echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\"" + podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}" + echo "::endgroup::" + + echo "::group::Tag image" + echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\"" + podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}" + echo "::endgroup::" + + echo "::group::SHA256 tag" + DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}') + BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}" + + echo "base_build_image=${BASE_BUILD_IMAGE}" + echo "::endgroup::" + + echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT + - name: Generate tags id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 @@ -253,31 +385,7 @@ jobs: tags: | type=sha,suffix=-${{ steps.lc.outputs.arch }} - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} - key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag - id: base_build - env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} - run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" - echo "::endgroup::" - - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT - - - name: Build Zabbix Build Base + - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: @@ -287,28 +395,84 @@ jobs: containerfiles: | ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} + extra-args: | + --iidfile=${{ github.workspace }}/iidfile - - name: Image digest + - name: Prepare image metadata + id: image_metadata env: - IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} + GITHUB_WORKSPACE: ${{ github.workspace }} run: | - DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) - echo "::group::Image digest" - echo "$DIGEST" + TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile) + + echo "::group::Image tag" + echo "image_tag=$IMAGE_TAG" + echo "::endgroup::" + echo "::group::Image Tag ID" + echo "tag_id=$TAG_ID" echo "::endgroup::" echo "::group::Cache file name" echo "$CACHE_FILE_NAME" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id" + echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag" + + echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT + echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT - name: Cache image digest - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.arch }} + path: | + ${{ matrix.build }}_${{ matrix.arch }}_tag_id + ${{ matrix.build }}_${{ matrix.arch }}_tag key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} + - name: Push image to local storage + id: push_image + env: + IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + echo "podman push \"${IMAGE_TAG}\" dir:\"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" + podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + + - name: Post build image + if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} + run: | + echo "::group::Result" + + rm -rf "$GITHUB_WORKSPACE/iidfile" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + - name: Check on failures + if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} + env: + IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + run: | + echo "::group::Removing orphaned image" + rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" + echo "::endgroup::" + build_images: timeout-minutes: 90 needs: [ "build_base_database", "init_build"] @@ -321,7 +485,6 @@ jobs: runs-on: [self-hosted, linux, "${{ matrix.arch }}"] permissions: contents: read - id-token: write steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -335,6 +498,7 @@ jobs: run: | MATRIX_BUILD=${MATRIX_BUILD^^} MATRIX_BUILD=${MATRIX_BUILD//-/_} + echo "::group::Result" echo "matrix_build=${MATRIX_BUILD}" echo "::endgroup::" @@ -342,6 +506,7 @@ jobs: - name: Detect Build Base Image id: build_base_image + if: ${{ matrix.build != 'snmptraps' }} env: MATRIX_BUILD: ${{ matrix.build }} MATRIX_FILE: ${{ env.MATRIX_FILE }} @@ -354,6 +519,44 @@ jobs: echo "build_base=${BUILD_BASE}" >> $GITHUB_OUTPUT + - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} + if: ${{ matrix.build != 'snmptraps' }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + with: + path: | + ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id + ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag + key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Pull ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} image + id: base_build + if: ${{ matrix.build != 'snmptraps' }} + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id") + BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag") + + echo "::group::Pull image" + echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\"" + podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}" + echo "::endgroup::" + + echo "::group::Tag image" + echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\"" + podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}" + echo "::endgroup::" + + echo "::group::SHA256 tag" + DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}') + BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}" + echo "digest=${BASE_BUILD_IMAGE}" + echo "::endgroup::" + + echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT + - name: Remove smartmontools if: ${{ matrix.build == 'agent2' }} env: @@ -365,7 +568,7 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} + images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }} tags: | type=semver,pattern={{version}} type=sha @@ -373,32 +576,6 @@ jobs: latest=${{ github.event_name == 'release' }} suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true - - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} - if: ${{ matrix.build != 'snmptraps' }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }} - key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag - id: base_build - if: ${{ matrix.build != 'snmptraps' }} - env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} - run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" - echo "::endgroup::" - - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT - - name: Build image id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 @@ -413,7 +590,7 @@ jobs: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} - - name: Log in to Quay.io + - name: Log in to ${{ env.REGISTRY }} uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6 if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} with: @@ -429,7 +606,7 @@ jobs: with: tags: ${{ steps.meta.outputs.tags }} - - name: Preflight + - name: Preflight certification if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} @@ -441,7 +618,7 @@ jobs: PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} run: | mkdir -p $PFLT_ARTIFACTS - echo "::group::Pull preflight image" + echo "::group::Pull preflight \"$PREFLIGHT_IMAGE\" image" podman pull "$PREFLIGHT_IMAGE" echo "::endgroup::" @@ -462,70 +639,91 @@ jobs: podman rmi -i -f "$PREFLIGHT_IMAGE" echo "::endgroup::" - - name: Push to RedHat certification procedure (2nd) + - name: Push to RedHat certification procedure (all tags) id: push_to_registry_all_tags if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1 with: tags: ${{ steps.meta.outputs.tags }} - - name: Cleanup artifacts - if: ${{ always() }} + - name: Post Preflight certification + if: ${{ env.AUTO_PUSH_IMAGES == 'true' && (success() || failure()) }} env: PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} - TAGS: ${{ steps.meta.outputs.tags }} run: | - echo "::group::Post build actions" - echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done + echo "::group::Result" rm -rf "$PFLT_ARTIFACTS" podman rmi -i -f "$PREFLIGHT_IMAGE" echo "::endgroup::" - clean_artifacts: + - name: Post build image + if: ${{ success() || failure() }} + run: | + echo "::group::Result" + + echo "Removing working containers" + buildah rm -a 2>/dev/null || true + echo "Removing container data in storage not controlled by podman" + podman system prune --external 2>/dev/null + echo "Removing all unused container data with volumes" + podman system prune -a --volumes -f 2>/dev/null + echo "Reseting podman storage to default state" + podman system reset -f 2>/dev/null || true + + echo "::endgroup::" + + clear_artifacts: timeout-minutes: 90 needs: [ "build_images", "init_build"] - name: Build ${{ matrix.build }} image (${{ matrix.arch }}) + name: Clear ${{ matrix.build }} image cache (${{ matrix.arch }}) strategy: fail-fast: false matrix: - build: [build-mysql, build-sqlite3] - arch: [X64, ARM64] + build: ${{ fromJson(needs.init_build.outputs.database) }} + arch: ${{ fromJson(needs.init_build.outputs.platforms) }} runs-on: [self-hosted, linux, "${{ matrix.arch }}"] - if: ${{ always() && needs.build_base_database.result == 'success' }} + if: ${{ needs.build_base_database.result == 'success' }} permissions: {} steps: - - name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - name: Download metadata of ${{ matrix.build }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.arch }} + path: | + ${{ matrix.build }}_${{ matrix.arch }}_tag_id + ${{ matrix.build }}_${{ matrix.arch }}_tag key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} - - name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag + - name: Remove ${{ matrix.build }}:${{ matrix.arch }} cache env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ matrix.build }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + echo "::group::Result" - podman rmi -i -f "$BUILD_BASE_IMAGE" + BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id") + echo "Removing ${IMAGE_DIR}/${BASE_TAG}" + rm -rf "${IMAGE_DIR}/${BASE_TAG}" - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + echo "::endgroup::" + + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + path: | + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id + ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - - - name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag + - name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} cache env: - MATRIX_ARCH: ${{ matrix.arch }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") - BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + echo "::group::Result" - podman rmi -i -f "$BUILD_BASE_IMAGE" + BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id") + echo "Removing ${IMAGE_DIR}/${BASE_TAG}" + rm -rf "${IMAGE_DIR}/${BASE_TAG}" + + echo "::endgroup::" From d76647c02694d098f0f2ba23158aa853a747877a Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Sun, 18 Feb 2024 20:52:36 +0900 Subject: [PATCH 09/54] Use Centos 9 minimal instead of full image --- Dockerfiles/agent/centos/Dockerfile | 30 +++++++----- Dockerfiles/agent2/centos/Dockerfile | 26 ++++++---- Dockerfiles/build-base/centos/Dockerfile | 25 +++++++--- Dockerfiles/java-gateway/centos/Dockerfile | 17 ++++--- Dockerfiles/proxy-mysql/centos/Dockerfile | 31 +++++++----- Dockerfiles/proxy-sqlite3/centos/Dockerfile | 30 +++++++----- Dockerfiles/server-mysql/centos/Dockerfile | 49 +++++++++++-------- Dockerfiles/server-pgsql/centos/Dockerfile | 43 +++++++++------- Dockerfiles/snmptraps/centos/Dockerfile | 21 ++++---- .../web-apache-mysql/centos/Dockerfile | 37 +++++++++----- .../web-apache-pgsql/centos/Dockerfile | 37 +++++++++----- Dockerfiles/web-nginx-mysql/centos/Dockerfile | 37 +++++++++----- Dockerfiles/web-nginx-pgsql/centos/Dockerfile | 37 +++++++++----- Dockerfiles/web-service/centos/Dockerfile | 32 +++++++----- 14 files changed, 290 insertions(+), 162 deletions(-) diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index e391eb15b..9c68177d0 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -32,7 +32,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc/zabbix/zabbix_agentd.conf"] RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -40,15 +39,24 @@ RUN set -eux && \ pcre2 \ libcurl-minimal \ openssl-libs \ + shadow-utils \ zlib" && \ - dnf -y install epel-release && \ - dnf -y install \ - --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ - --best \ - ${INSTALL_PKGS} && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -68,7 +76,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - dnf -y clean all && \ + microdnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index c3db7f7e6..68ac734d5 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_BASE_IMAGE=zabbix-build-mysql:centos-${ZBX_VERSION} FROM ${BUILD_BASE_IMAGE} AS builder -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION ARG ZBX_VERSION @@ -37,7 +37,6 @@ COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/s COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] RUN set -eux && \ - REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -45,16 +44,25 @@ RUN set -eux && \ pcre2 \ libcurl-minimal \ smartmontools \ + shadow-utils \ sudo \ openssl-libs" && \ - dnf -y install epel-release && \ - dnf -y install \ + microdnf -y install \ --disablerepo "*" \ - --enablerepo "${REPOLIST}" \ - --setopt=tsflags=nodocs \ - --setopt=install_weak_deps=False \ + --enablerepo "extras-common" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ - ${INSTALL_PKGS} && \ + --nodocs epel-release && \ + microdnf -y install \ + --disablerepo "*" \ + --enablerepo "baseos" \ + --enablerepo "appstream" \ + --enablerepo="epel" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --nodocs ${INSTALL_PKGS} && \ groupadd \ --system \ --gid 1995 \ @@ -77,7 +85,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - dnf -y clean all && \ + microdnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki diff --git a/Dockerfiles/build-base/centos/Dockerfile b/Dockerfiles/build-base/centos/Dockerfile index f90ecc439..0558aa252 100644 --- a/Dockerfiles/build-base/centos/Dockerfile +++ b/Dockerfiles/build-base/centos/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -FROM quay.io/centos/centos:stream9 +FROM quay.io/centos/centos:stream9-minimal ARG MAJOR_VERSION=6.4 ARG ZBX_VERSION=${MAJOR_VERSION}.11 @@ -19,7 +19,6 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov Date: Sun, 18 Feb 2024 21:52:23 +0900 Subject: [PATCH 10/54] Added caching / avoid orphans mechanisms --- Dockerfiles/build-base/alpine/Dockerfile | 3 +-- Dockerfiles/build-base/centos/Dockerfile | 4 +++- Dockerfiles/build-base/ol/Dockerfile | 10 ++++++---- Dockerfiles/build-base/rhel/Dockerfile | 8 ++++---- Dockerfiles/build-base/ubuntu/Dockerfile | 6 +++--- Dockerfiles/build-mysql/alpine/Dockerfile | 10 +++++----- Dockerfiles/build-mysql/centos/Dockerfile | 10 +++++----- Dockerfiles/build-mysql/ol/Dockerfile | 10 +++++----- Dockerfiles/build-mysql/rhel/Dockerfile | 10 +++++----- Dockerfiles/build-mysql/ubuntu/Dockerfile | 10 +++++----- Dockerfiles/build-pgsql/alpine/Dockerfile | 10 +++++----- Dockerfiles/build-pgsql/centos/Dockerfile | 10 +++++----- Dockerfiles/build-pgsql/ol/Dockerfile | 10 +++++----- Dockerfiles/build-pgsql/ubuntu/Dockerfile | 10 +++++----- Dockerfiles/build-sqlite3/alpine/Dockerfile | 7 ++++--- Dockerfiles/build-sqlite3/centos/Dockerfile | 7 ++++--- Dockerfiles/build-sqlite3/ol/Dockerfile | 7 ++++--- Dockerfiles/build-sqlite3/rhel/Dockerfile | 7 ++++--- Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 7 ++++--- 19 files changed, 82 insertions(+), 74 deletions(-) diff --git a/Dockerfiles/build-base/alpine/Dockerfile b/Dockerfiles/build-base/alpine/Dockerfile index f63cb864d..970c9a367 100644 --- a/Dockerfiles/build-base/alpine/Dockerfile +++ b/Dockerfiles/build-base/alpine/Dockerfile @@ -61,5 +61,4 @@ RUN set -eux && \ apk add \ --no-cache \ --clean-protected \ - ${INSTALL_PKGS} && \ - rm -rf /var/cache/apk/* + ${INSTALL_PKGS} diff --git a/Dockerfiles/build-base/centos/Dockerfile b/Dockerfiles/build-base/centos/Dockerfile index 0558aa252..e4b514158 100644 --- a/Dockerfiles/build-base/centos/Dockerfile +++ b/Dockerfiles/build-base/centos/Dockerfile @@ -18,7 +18,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -67,8 +68,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10050/TCP diff --git a/Dockerfiles/agent2/alpine/Dockerfile b/Dockerfiles/agent2/alpine/Dockerfile index b03f7eb0e..7d77dcf46 100644 --- a/Dockerfiles/agent2/alpine/Dockerfile +++ b/Dockerfiles/agent2/alpine/Dockerfile @@ -71,8 +71,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/buffer && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index 68ac734d5..80864ba91 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -36,7 +36,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -85,9 +86,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index 5de842648..a8b1042a5 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/s COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -53,6 +54,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -78,9 +80,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index f86a7d57e..4149db27e 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -55,7 +55,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ tzdata \ @@ -73,12 +74,14 @@ RUN set -eux && \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -104,9 +107,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10050/TCP 31999/TCP diff --git a/Dockerfiles/agent2/ubuntu/Dockerfile b/Dockerfiles/agent2/ubuntu/Dockerfile index 432696bca..7f6c378d9 100644 --- a/Dockerfiles/agent2/ubuntu/Dockerfile +++ b/Dockerfiles/agent2/ubuntu/Dockerfile @@ -36,7 +36,8 @@ COPY --from=builder ["/tmp/postgresql_plugin/postgresql.conf", "/etc/zabbix/zabb COPY --from=builder ["/tmp/mongodb_plugin/zabbix-agent2-plugin-mongodb", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb"] COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", "/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="tini \ tzdata \ @@ -74,8 +75,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10050/TCP diff --git a/Dockerfiles/build-base/ubuntu/Dockerfile b/Dockerfiles/build-base/ubuntu/Dockerfile index e07ed1571..466776c42 100644 --- a/Dockerfiles/build-base/ubuntu/Dockerfile +++ b/Dockerfiles/build-base/ubuntu/Dockerfile @@ -17,7 +17,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ openjdk-17-jre-headless" && \ @@ -58,8 +59,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /usr/sbin/zabbix_java/ && \ chmod -R g=u /etc/zabbix/ /usr/sbin/zabbix_java/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10052/TCP diff --git a/Dockerfiles/proxy-mysql/alpine/Dockerfile b/Dockerfiles/proxy-mysql/alpine/Dockerfile index d51fc06e0..31f66627e 100644 --- a/Dockerfiles/proxy-mysql/alpine/Dockerfile +++ b/Dockerfiles/proxy-mysql/alpine/Dockerfile @@ -88,8 +88,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/centos/Dockerfile b/Dockerfiles/proxy-mysql/centos/Dockerfile index 6a0f11afd..3ca6cdfe1 100644 --- a/Dockerfiles/proxy-mysql/centos/Dockerfile +++ b/Dockerfiles/proxy-mysql/centos/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -101,9 +102,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/ol/Dockerfile b/Dockerfiles/proxy-mysql/ol/Dockerfile index 79ebbba10..9b9ff9b25 100644 --- a/Dockerfiles/proxy-mysql/ol/Dockerfile +++ b/Dockerfiles/proxy-mysql/ol/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -61,6 +62,7 @@ RUN set -eux && \ --enablerepo="ol9_codeready_builder" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -94,9 +96,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 9d730ceb6..52b1c7252 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -53,7 +53,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -86,6 +87,7 @@ RUN set -eux && \ --enablerepo "codeready-builder-for-rhel-9-$ARCH_SUFFIX-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -125,9 +127,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 5730780e0..3106c6961 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -92,8 +93,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile index 6328b4689..52d79da7e 100644 --- a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile @@ -85,8 +85,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/centos/Dockerfile b/Dockerfiles/proxy-sqlite3/centos/Dockerfile index c9ca37f7a..299f7691b 100644 --- a/Dockerfiles/proxy-sqlite3/centos/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/centos/Dockerfile @@ -33,7 +33,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -96,9 +97,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/ol/Dockerfile b/Dockerfiles/proxy-sqlite3/ol/Dockerfile index 76740ed00..f0c25342c 100644 --- a/Dockerfiles/proxy-sqlite3/ol/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ol/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="libevent \ tini \ traceroute \ @@ -56,6 +57,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -89,9 +91,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index 7079f35c8..c874e0de6 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -52,7 +52,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -82,12 +83,14 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -121,9 +124,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 105de5e40..fa122b0d6 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -33,7 +33,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_get/zabbix_get", "/u COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender", "/usr/bin/zabbix_sender"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -87,8 +88,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - apt-get -y autoremove && \ - rm -rf /var/lib/apt/lists/* + apt-get -y autoremove EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/alpine/Dockerfile b/Dockerfiles/server-mysql/alpine/Dockerfile index cfa463b4c..574705102 100644 --- a/Dockerfiles/server-mysql/alpine/Dockerfile +++ b/Dockerfiles/server-mysql/alpine/Dockerfile @@ -94,8 +94,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/centos/Dockerfile b/Dockerfiles/server-mysql/centos/Dockerfile index 7ab62c65c..70de83e94 100644 --- a/Dockerfiles/server-mysql/centos/Dockerfile +++ b/Dockerfiles/server-mysql/centos/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="fping \ tini \ traceroute \ @@ -117,9 +118,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index 191ae84b7..bc91f4115 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -35,7 +35,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ fping \ tini \ @@ -65,6 +66,7 @@ RUN set -eux && \ --enablerepo="ol9_codeready_builder" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 87539de11..575b07b78 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -53,7 +53,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tini \ traceroute \ @@ -90,12 +91,14 @@ RUN set -eux && \ --enablerepo "codeready-builder-for-rhel-9-$ARCH_SUFFIX-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y reinstall \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ tzdata && \ @@ -138,9 +141,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-mysql/ubuntu/Dockerfile b/Dockerfiles/server-mysql/ubuntu/Dockerfile index 1095edd1a..723d9efef 100644 --- a/Dockerfiles/server-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/server-mysql/ubuntu/Dockerfile @@ -34,7 +34,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc/zabbix/zabbix_server.conf"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -99,8 +100,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/alpine/Dockerfile b/Dockerfiles/server-pgsql/alpine/Dockerfile index e68e56151..24617a1e4 100644 --- a/Dockerfiles/server-pgsql/alpine/Dockerfile +++ b/Dockerfiles/server-pgsql/alpine/Dockerfile @@ -97,8 +97,7 @@ RUN set -eux && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index a53e1322e..f92aba04b 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/with-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/with-compression/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="fping \ file-libs \ @@ -118,9 +119,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 4bf8cfca1..fdaa7ffaa 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -38,7 +38,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="fping \ file-libs \ tini \ @@ -66,6 +67,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -104,9 +106,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10051/TCP diff --git a/Dockerfiles/server-pgsql/ubuntu/Dockerfile b/Dockerfiles/server-pgsql/ubuntu/Dockerfile index e025681d2..43ae52a8b 100644 --- a/Dockerfiles/server-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/server-pgsql/ubuntu/Dockerfile @@ -37,7 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/with-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/with-compression/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb/option-patches/without-compression/*.sql", "/usr/share/doc/zabbix-server-postgresql/option-patches/without-compression/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ @@ -102,8 +103,7 @@ RUN set -eux && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10051/TCP diff --git a/Dockerfiles/snmptraps/alpine/Dockerfile b/Dockerfiles/snmptraps/alpine/Dockerfile index d47798733..fca502aaa 100644 --- a/Dockerfiles/snmptraps/alpine/Dockerfile +++ b/Dockerfiles/snmptraps/alpine/Dockerfile @@ -48,8 +48,7 @@ RUN set -eux && \ touch /var/lib/net-snmp/snmptrapd.conf && \ chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ EXPOSE 1162/UDP diff --git a/Dockerfiles/snmptraps/centos/Dockerfile b/Dockerfiles/snmptraps/centos/Dockerfile index 0731a93be..b25525d97 100644 --- a/Dockerfiles/snmptraps/centos/Dockerfile +++ b/Dockerfiles/snmptraps/centos/Dockerfile @@ -21,7 +21,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tzdata \ @@ -49,8 +50,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix/mibs && \ chown --quiet -R zabbix:root /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ chgrp -R 0 /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ && \ - rm -rf /var/lib/apt/lists/* + chmod -R g=u /etc/snmp/ /var/lib/zabbix/ /var/tmp/ /var/run/ EXPOSE 1162/UDP diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile index 10a183936..6a8ab14af 100644 --- a/Dockerfiles/web-apache-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-mysql/alpine/Dockerfile @@ -100,8 +100,7 @@ RUN set -eux && \ chmod -R g=u /etc/zabbix/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php81/ && \ chgrp -R 0 /etc/apache2/ /etc/php81/ && \ - chmod -R g=u /etc/apache2/ /etc/php81/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/apache2/ /etc/php81/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/centos/Dockerfile b/Dockerfiles/web-apache-mysql/centos/Dockerfile index 8717411a6..fc6056c50 100644 --- a/Dockerfiles/web-apache-mysql/centos/Dockerfile +++ b/Dockerfiles/web-apache-mysql/centos/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ httpd \ @@ -117,9 +118,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/ol/Dockerfile b/Dockerfiles/web-apache-mysql/ol/Dockerfile index 9dd121692..5e5d1fe35 100644 --- a/Dockerfiles/web-apache-mysql/ol/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ httpd \ @@ -54,6 +55,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile index 270fdc2cb..6f3e87960 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ apache2 \ @@ -100,8 +101,7 @@ RUN set -eux && \ chgrp -R 0 /etc/apache2/ /etc/php/8.1/ && \ chmod -R g=u /etc/apache2/ /etc/php/8.1/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile index ad079fc2b..0052523a3 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile @@ -99,8 +99,7 @@ RUN set -eux && \ chmod -R g=u /etc/zabbix/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php81/ && \ chgrp -R 0 /etc/apache2/ /etc/php81/ && \ - chmod -R g=u /etc/apache2/ /etc/php81/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/apache2/ /etc/php81/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/centos/Dockerfile b/Dockerfiles/web-apache-pgsql/centos/Dockerfile index 0bbf82e87..dd74cb580 100644 --- a/Dockerfiles/web-apache-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/centos/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ httpd \ @@ -117,9 +118,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/ol/Dockerfile b/Dockerfiles/web-apache-pgsql/ol/Dockerfile index 91cf6991e..f4ab68347 100644 --- a/Dockerfiles/web-apache-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ httpd \ @@ -54,6 +55,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -103,9 +105,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile index 6fbfdd55d..6342ecca6 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ apache2 \ @@ -100,8 +101,7 @@ RUN set -eux && \ chgrp -R 0 /etc/apache2/ /etc/php/8.1/ && \ chmod -R g=u /etc/apache2/ /etc/php/8.1/ && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile index 801a772d2..ba77d4b29 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile @@ -98,8 +98,7 @@ RUN set -eux && \ chmod -R g=u /etc/nginx/ /etc/php81/php-fpm.d/ /etc/php81/php-fpm.conf && \ chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \ chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \ - chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/centos/Dockerfile b/Dockerfiles/web-nginx-mysql/centos/Dockerfile index ed5b56946..b4d32c62f 100644 --- a/Dockerfiles/web-nginx-mysql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/centos/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ mysql \ @@ -112,9 +113,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/ol/Dockerfile b/Dockerfiles/web-nginx-mysql/ol/Dockerfile index b3f7381a7..e98bb939c 100644 --- a/Dockerfiles/web-nginx-mysql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ mysql \ @@ -52,6 +53,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -98,9 +100,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index e6eec6a87..54f6be2db 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -48,7 +48,8 @@ COPY ["licenses", "/licenses"] COPY ["conf/etc/", "/etc/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ tzdata \ curl-minimal \ @@ -78,6 +79,7 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -86,6 +88,7 @@ RUN set -eux && \ --setopt=install_weak_deps=0 \ --best \ --setopt=tsflags=nodocs \ + --setopt=keepcache=0 \ tzdata && \ groupadd \ --system \ @@ -131,9 +134,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index 547eabcb9..57a7da913 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -121,8 +122,7 @@ RUN set -eux && \ dirmngr \ gpg-agent && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile index 7d78062e3..ba7109a29 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile @@ -97,8 +97,7 @@ RUN set -eux && \ chmod -R g=u /etc/nginx/ /etc/php81/php-fpm.d/ /etc/php81/php-fpm.conf && \ chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \ chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \ - chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile index 3912020cb..65a1b5314 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl-minimal \ findutils \ @@ -112,9 +113,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile index 3288a0b1c..f98c0e761 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ curl \ findutils \ @@ -52,6 +53,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -98,9 +100,7 @@ RUN set -eux && \ microdnf -y remove \ findutils \ glibc-locale-source && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index 31df39c4c..5deaf5f8b 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -29,7 +29,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY ["conf/etc/", "/etc/"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -121,8 +122,7 @@ RUN set -eux && \ dirmngr \ gpg-agent && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 8080/TCP 8443/TCP diff --git a/Dockerfiles/web-service/alpine/Dockerfile b/Dockerfiles/web-service/alpine/Dockerfile index b1138292a..36c1b8794 100644 --- a/Dockerfiles/web-service/alpine/Dockerfile +++ b/Dockerfiles/web-service/alpine/Dockerfile @@ -53,8 +53,7 @@ RUN set -eux && \ mkdir -p /var/lib/zabbix && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - rm -rf /var/cache/apk/* + chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/centos/Dockerfile b/Dockerfiles/web-service/centos/Dockerfile index f51a8af85..b8d9a360e 100644 --- a/Dockerfiles/web-service/centos/Dockerfile +++ b/Dockerfiles/web-service/centos/Dockerfile @@ -30,7 +30,8 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", "/usr/sbin/zabbix_web_service"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ chromium-headless \ shadow-utils" && \ @@ -68,9 +69,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/ol/Dockerfile b/Dockerfiles/web-service/ol/Dockerfile index e1aa84866..2db43d146 100644 --- a/Dockerfiles/web-service/ol/Dockerfile +++ b/Dockerfiles/web-service/ol/Dockerfile @@ -31,7 +31,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ chromium-headless" && \ microdnf -y install \ @@ -40,6 +41,7 @@ RUN set -eux && \ --enablerepo="ol9_appstream" \ --enablerepo="ol9_developer_EPEL" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --nodocs \ ${INSTALL_PKGS} && \ @@ -61,9 +63,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index 7407bee16..8c3eaa2ca 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -49,7 +49,8 @@ COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", "/usr/sbin/zabbix_web_service"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] -RUN set -eux && \ +RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ chromium-headless" && \ @@ -65,6 +66,7 @@ RUN set -eux && \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ @@ -73,6 +75,7 @@ RUN set -eux && \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ nss nss-sysinit && \ @@ -90,9 +93,7 @@ RUN set -eux && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki + microdnf -y clean all EXPOSE 10053/TCP diff --git a/Dockerfiles/web-service/ubuntu/Dockerfile b/Dockerfiles/web-service/ubuntu/Dockerfile index 29f72625c..ec3d18c64 100644 --- a/Dockerfiles/web-service/ubuntu/Dockerfile +++ b/Dockerfiles/web-service/ubuntu/Dockerfile @@ -30,7 +30,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] COPY ["conf/etc/apt/preferences.d/chromium.pref", "/etc/apt/preferences.d/chromium.pref"] -RUN set -eux && \ +RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ + set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ ca-certificates \ @@ -71,8 +72,7 @@ RUN set -eux && \ purge \ ${INSTALL_TEMP_PKGS} && \ apt-get -y autoremove && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* + apt-get -y clean EXPOSE 10053/TCP From 10eab8c17ca67ba788057a05fec0a2743bd376b2 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 19:36:01 +0900 Subject: [PATCH 12/54] Added caching / avoid orphans mechanisms --- Dockerfiles/build-base/centos/Dockerfile | 5 +---- Dockerfiles/build-base/ol/Dockerfile | 2 -- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/Dockerfiles/build-base/centos/Dockerfile b/Dockerfiles/build-base/centos/Dockerfile index e4b514158..a3c274b0e 100644 --- a/Dockerfiles/build-base/centos/Dockerfile +++ b/Dockerfiles/build-base/centos/Dockerfile @@ -61,7 +61,4 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --setopt=keepcache=0 \ --best \ --nodocs ${INSTALL_PKGS} && \ - microdnf -y clean all && \ - rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ - rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki - dnf -y clean all + microdnf -y clean all diff --git a/Dockerfiles/build-base/ol/Dockerfile b/Dockerfiles/build-base/ol/Dockerfile index 811d789e0..3ba2c88a5 100644 --- a/Dockerfiles/build-base/ol/Dockerfile +++ b/Dockerfiles/build-base/ol/Dockerfile @@ -17,8 +17,6 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov Date: Mon, 19 Feb 2024 14:57:53 +0900 Subject: [PATCH 14/54] Updated building images workflow --- .github/workflows/images_build.yml | 221 +++++++++++++++++------- .github/workflows/images_build_rhel.yml | 31 ++-- 2 files changed, 176 insertions(+), 76 deletions(-) diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index 7b997705e..fc9c20f77 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -36,12 +36,14 @@ env: IMAGES_PREFIX: "zabbix-" BASE_BUILD_NAME: "build-base" + BASE_CACHE_FILE_NAME: "base_image_metadata.json" + BUILD_CACHE_FILE_NAME: "base_build_image_metadata.json" MATRIX_FILE: "build.json" DOCKERFILES_DIRECTORY: "./Dockerfiles" OIDC_ISSUER: "https://token.actions.githubusercontent.com" - IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" + IDENTITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" jobs: init_build: @@ -313,7 +315,54 @@ jobs: type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + + - name: Prepare cache data + id: cache_data + env: + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + PUBLISH_IMAGES: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + run: | + cache_from=() + cache_to=() + + cache_from+=("type=gha,scope=${IMAGE_TAG}") + #cache_from+=("type=registry,ref=${IMAGE_TAG}") + + cache_to+=("type=gha,mode=max,scope=${IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" + echo "::endgroup::" + + echo "::group::Cache to data" + echo "${cache_to[*]}" + echo "::endgroup::" + + cache_from=$(printf '%s\n' "${cache_from[@]}") + cache_to=$(printf '%s\n' "${cache_to[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + echo 'cache_to<> "$GITHUB_OUTPUT" + echo "$cache_to" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to ${{ env.DOCKER_REGISTRY_TEST }} + if: ${{ env.AUTO_PUSH_IMAGES != 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.DOCKER_REGISTRY_TEST }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and publish image id: docker_build @@ -327,10 +376,8 @@ jobs: labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: | - type=gha,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} - type=registry,ref=docker.io/${{ fromJSON(steps.meta.outputs.json).tags[0] }} - cache-to: type=gha,mode=max,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} + cache-from: ${{ steps.cache_data.outputs.cache_from }} + cache-to: ${{ steps.cache_data.outputs.cache_to }} - name: Sign the images with GitHub OIDC Token env: @@ -351,10 +398,10 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | echo "::group::Image digest" echo "$DIGEST" @@ -365,10 +412,10 @@ jobs: echo "$DIGEST" > "$CACHE_FILE_NAME" - - name: Cache image digest + - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + path: ${{ env.BASE_CACHE_FILE_NAME }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} build_base_database: @@ -476,50 +523,95 @@ jobs: flavor: | latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} + - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }} + path: ${{ env.BASE_CACHE_FILE_NAME }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} SHA256 tag id: base_build env: - MATRIX_OS: ${{ matrix.os }} - DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }} - BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} run: | - BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_OS}") - BUILD_BASE_IMAGE="${DOCKER_REPOSITORY}/${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::group::Base image metadata" + cat "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + IMAGE_DIGEST=$(jq -r '."containerimage.digest"' "${CACHE_FILE_NAME}") + IMAGE_NAME=$(jq -r '."image.name"' "${CACHE_FILE_NAME}" | cut -d: -f1) + + echo "base_build_image=${IMAGE_NAME}@${IMAGE_DIGEST}" >> $GITHUB_OUTPUT - name: Verify ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} cosign env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} - IDENITY_REGEX: ${{ env.IDENITY_REGEX }} + IDENTITY_REGEX: ${{ env.IDENTITY_REGEX }} run: | echo "::group::Image sign data" echo "OIDC issuer=$OIDC_ISSUER" - echo "Identity=$IDENITY_REGEX" + echo "Identity=$IDENTITY_REGEX" echo "Image to verify=$BASE_IMAGE" echo "::endgroup::" echo "::group::Verify signature" cosign verify \ --certificate-oidc-issuer-regexp "$OIDC_ISSUER" \ - --certificate-identity-regexp "$IDENITY_REGEX" \ + --certificate-identity-regexp "$IDENTITY_REGEX" \ "$BASE_IMAGE" echo "::endgroup::" + - name: Prepare cache data + id: cache_data + env: + BASE_IMAGE_TAG: ${{ steps.base_build.outputs.base_build_image }} + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + PUBLISH_IMAGES: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + run: | + cache_from=() + cache_to=() + + cache_from+=("type=gha,scope=${BASE_IMAGE_TAG}") + cache_from+=("type=registry,ref=${BASE_IMAGE_TAG}") + cache_from+=("type=gha,scope=${IMAGE_TAG}") + cache_from+=("type=registry,ref=${IMAGE_TAG}") + + cache_to+=("type=gha,mode=max,scope=${IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" + echo "::endgroup::" + + echo "::group::Cache to data" + echo "${cache_to[*]}" + echo "::endgroup::" + + cache_from=$(printf '%s\n' "${cache_from[@]}") + cache_to=$(printf '%s\n' "${cache_to[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + echo 'cache_to<> "$GITHUB_OUTPUT" + echo "$cache_to" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES != 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build ${{ matrix.build }}/${{ matrix.os }} and push id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 @@ -533,10 +625,6 @@ jobs: labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: | - type=gha,scope=${{ steps.base_build.outputs.base_build_image }} - type=registry,ref=${{ steps.base_build.outputs.base_build_image }} - cache-to: type=gha,mode=max,scope=${{ fromJSON(steps.meta.outputs.json).tags[0] }} - name: Sign the images with GitHub OIDC Token env: @@ -557,10 +645,10 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.os }} + CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | echo "::group::Image digest" echo "$DIGEST" @@ -570,10 +658,10 @@ jobs: echo "::endgroup::" echo "$DIGEST" > $CACHE_FILE_NAME - - name: Caching SHA256 tag of the image + - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: - path: ${{ matrix.build }}_${{ matrix.os }} + path: ${{ env.BUILD_CACHE_FILE_NAME }} key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }} build_images: @@ -590,6 +678,7 @@ jobs: permissions: contents: read id-token: write + packages: read steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -716,11 +805,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -734,12 +825,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -793,29 +878,26 @@ jobs: tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} flavor: | latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} + - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 if: ${{ matrix.build != 'snmptraps' }} with: - path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }} + path: ${{ env.BUILD_CACHE_FILE_NAME }} key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.os }}-${{ github.run_id }} - - name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} SHA256 tag + - name: Process ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} image metadata id: base_build if: ${{ matrix.build != 'snmptraps' }} env: - BUILD_BASE: ${{ steps.build_base_image.outputs.build_base }} - MATRIX_OS: ${{ matrix.os }} - DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }} - IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} run: | BASE_TAG=$(cat "${BUILD_BASE}_${MATRIX_OS}") BUILD_BASE_IMAGE=${DOCKER_REPOSITORY}/${IMAGES_PREFIX}${BUILD_BASE}@${BASE_TAG} @@ -833,22 +915,23 @@ jobs: env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} - IDENITY_REGEX: ${{ env.IDENITY_REGEX }} + IDENTITY_REGEX: ${{ env.IDENTITY_REGEX }} run: | echo "::group::Image sign data" - echo "OIDC issuer=$OIDC_ISSUER" - echo "Identity=$IDENITY_REGEX" - echo "Image to verify=$BASE_IMAGE" + echo "OIDC issuer=${OIDC_ISSUER}" + echo "Identity=${IDENTITY_REGEX}" + echo "Image to verify=${BASE_IMAGE}" echo "::endgroup::" echo "::group::Verify signature" cosign verify \ - --certificate-oidc-issuer-regexp "$OIDC_ISSUER" \ - --certificate-identity-regexp "$IDENITY_REGEX" \ - "$BASE_IMAGE" + --certificate-oidc-issuer-regexp "${OIDC_ISSUER}" \ + --certificate-identity-regexp "${IDENTITY_REGEX}" \ + "${BASE_IMAGE}" echo "::endgroup::" - name: Prepare cache data + if: ${{ matrix.build != 'snmptraps' }} id: cache_data env: BASE_IMAGE_TAG: ${{ steps.base_build.outputs.base_build_image }} @@ -858,18 +941,27 @@ jobs: cache_images="type=gha,scope=$BASE_IMAGE_TAG"$'\n'"type=registry,ref=$BASE_IMAGE_TAG" fi - echo "::group::Base images cache" - echo "$cache_images" + cache_from+=("type=registry,ref=${BASE_IMAGE_TAG}") + + echo "::group::Cache from data" + echo "${cache_from[*]}" echo "::endgroup::" echo "cache_from=$cache_images" >> $GITHUB_OUTPUT + - name: Login to DockerHub + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and push image id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: ${{ env.AUTO_PUSH_IMAGES }} tags: ${{ steps.meta.outputs.tags }} @@ -898,7 +990,8 @@ jobs: cosign sign --yes ${images} echo "::endgroup::" - - name: Image digest + - name: Image metadata + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} run: | diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 95beaca32..6f84de1e1 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -29,6 +29,7 @@ permissions: contents: read env: + TRUNK_ONLY_EVENT: ${{ contains(fromJSON('["schedule"]'), github.event_name) }} AUTO_PUSH_IMAGES: ${{ ! contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name) && vars.AUTO_PUSH_IMAGES }} LATEST_BRANCH: ${{ github.event.repository.default_branch }} @@ -164,7 +165,7 @@ jobs: echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT echo "sha_short=$sha_short" >> $GITHUB_OUTPUT - - name: Cleanup cache + - name: Cleanup existing cache shell: bash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -205,11 +206,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Fix string case @@ -231,7 +234,7 @@ jobs: id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | @@ -240,7 +243,7 @@ jobs: --pull --iidfile=${{ github.workspace }}/iidfile - - name: Prepare image metadata + - name: Image metadata id: image_metadata env: IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} @@ -279,7 +282,6 @@ jobs: IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} IMAGE_DIR: ${{ env.IMAGE_DIR }} - GITHUB_WORKSPACE: ${{ github.workspace }} run: | echo "::group::Result" echo "Image ${IMAGE_TAG} location: \"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" @@ -310,13 +312,14 @@ jobs: if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} env: IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | echo "::group::Removing orphaned image" rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" echo "::endgroup::" build_base_database: - timeout-minutes: 180 + timeout-minutes: 90 needs: [ "build_base", "init_build"] name: Build ${{ matrix.build }} base (${{ matrix.arch }}) strategy: @@ -348,7 +351,7 @@ jobs: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image + - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image from local storage id: base_build env: MATRIX_ARCH: ${{ matrix.arch }} @@ -389,7 +392,7 @@ jobs: id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | @@ -423,7 +426,7 @@ jobs: echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT - - name: Cache image digest + - name: Cache image metadata uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: path: | @@ -437,7 +440,6 @@ jobs: IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }} IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} IMAGE_DIR: ${{ env.IMAGE_DIR }} - GITHUB_WORKSPACE: ${{ github.workspace }} run: | echo "::group::Result" echo "podman push \"${IMAGE_TAG}\" dir:\"${IMAGE_DIR}/${IMAGE_TAG_ID}\"" @@ -468,13 +470,14 @@ jobs: if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }} env: IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }} + IMAGE_DIR: ${{ env.IMAGE_DIR }} run: | echo "::group::Removing orphaned image" rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}" echo "::endgroup::" build_images: - timeout-minutes: 90 + timeout-minutes: 30 needs: [ "build_base_database", "init_build"] name: Build ${{ matrix.build }} image (${{ matrix.arch }}) strategy: @@ -580,7 +583,7 @@ jobs: id: build_image uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel + context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} layers: false tags: ${{ steps.meta.outputs.tags }} labels: | @@ -671,9 +674,13 @@ jobs: - name: Post build image if: ${{ success() || failure() }} + env: + GITHUB_WORKSPACE: ${{ github.workspace }} run: | echo "::group::Result" + rm -rf "$GITHUB_WORKSPACE/iidfile" + echo "Removing working containers" buildah rm -a 2>/dev/null || true echo "Removing container data in storage not controlled by podman" @@ -686,7 +693,7 @@ jobs: echo "::endgroup::" clear_artifacts: - timeout-minutes: 90 + timeout-minutes: 10 needs: [ "build_images", "init_build"] name: Clear ${{ matrix.build }} image cache (${{ matrix.arch }}) strategy: From 2c2f38a340d8a28f071b6131dbda5a8298d8f16e Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 18:28:42 +0900 Subject: [PATCH 15/54] Updated building images workflow --- .github/workflows/images_build.yml | 138 ++++++++++++++++------------- 1 file changed, 76 insertions(+), 62 deletions(-) diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index fc9c20f77..0f5635957 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -28,7 +28,7 @@ permissions: env: TRUNK_ONLY_EVENT: ${{ contains(fromJSON('["schedule"]'), github.event_name) }} - AUTO_PUSH_IMAGES: ${{ vars.AUTO_PUSH_IMAGES }} + AUTO_PUSH_IMAGES: ${{ ! contains(fromJSON('["workflow_dispatch"]'), github.event_name) && vars.AUTO_PUSH_IMAGES }} DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} LATEST_BRANCH: ${{ github.event.repository.default_branch }} @@ -45,6 +45,9 @@ env: OIDC_ISSUER: "https://token.actions.githubusercontent.com" IDENTITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" + DOCKER_REGISTRY_TEST: "ghcr.io" + DOCKER_REPOSITORY_TEST: "zabbix" + jobs: init_build: name: Initialize build @@ -65,7 +68,9 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > + api.github.com:443 github.com:443 + objects.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -165,6 +170,7 @@ jobs: permissions: contents: read id-token: write + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -195,6 +201,7 @@ jobs: ftpmirror.your.org:80 fulcio.sigstore.dev:443 github.com:443 + ghcr.io:443 iad.mirror.rackspace.com:443 iad.mirror.rackspace.com:80 index.docker.io:443 @@ -253,6 +260,7 @@ jobs: uvermont.mm.fcix.net:443 yum.oracle.com:443 ziply.mm.fcix.net:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -261,11 +269,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -279,12 +289,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -304,16 +308,18 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, env.BASE_BUILD_NAME ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, env.BASE_BUILD_NAME ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} @@ -368,10 +374,10 @@ jobs: id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: true tags: ${{ steps.meta.outputs.tags }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} @@ -380,6 +386,7 @@ jobs: cache-to: ${{ steps.cache_data.outputs.cache_to }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -403,14 +410,14 @@ jobs: CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" echo "::group::Cache file name" - echo "$CACHE_FILE_NAME" + echo "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "$DIGEST" > "$CACHE_FILE_NAME" + echo "${METADATA}" > "$CACHE_FILE_NAME" - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 @@ -427,11 +434,11 @@ jobs: matrix: build: ${{ fromJson(needs.init_build.outputs.database) }} os: ${{ fromJson(needs.init_build.outputs.os) }} - runs-on: ubuntu-latest permissions: contents: read id-token: write + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -448,6 +455,7 @@ jobs: golang.org:443 google.golang.org:443 gopkg.in:443 + ghcr.io:443 index.docker.io:443 noto-website.storage.googleapis.com:443 production.cloudflare.docker.com:443 @@ -459,6 +467,7 @@ jobs: objects.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 rekor.sigstore.dev:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -467,11 +476,13 @@ jobs: fetch-depth: 1 - name: Install cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 with: cosign-release: 'v2.2.3' - name: Check cosign version + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} run: cosign version - name: Set up QEMU @@ -485,12 +496,6 @@ jobs: with: driver-opts: image=moby/buildkit:master - - name: Login to DockerHub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Prepare Platform list id: platform env: @@ -510,18 +515,20 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ matrix.os }} - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest - type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ matrix.os }}-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) }},event=branch,prefix=${{ matrix.os }}-,suffix=-latest + type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 @@ -529,7 +536,7 @@ jobs: path: ${{ env.BASE_CACHE_FILE_NAME }} key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }} - - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} SHA256 tag + - name: Process ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} image metadata id: base_build env: CACHE_FILE_NAME: ${{ env.BASE_CACHE_FILE_NAME }} @@ -544,6 +551,7 @@ jobs: echo "base_build_image=${IMAGE_NAME}@${IMAGE_DIGEST}" >> $GITHUB_OUTPUT - name: Verify ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }} cosign + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} @@ -604,11 +612,11 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to DockerHub + - name: Login to ${{ env.DOCKER_REGISTRY_TEST }} if: ${{ env.AUTO_PUSH_IMAGES != 'true' }} uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: - registry: ghcr.io + registry: ${{ env.DOCKER_REGISTRY_TEST }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} @@ -616,10 +624,10 @@ jobs: id: docker_build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }} - file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile + context: ${{ format('{0}/{1}/{2}/', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} + file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: true tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | @@ -627,6 +635,7 @@ jobs: org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -650,13 +659,14 @@ jobs: CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" echo "::group::Cache file name" - echo "$CACHE_FILE_NAME" + echo "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "$DIGEST" > $CACHE_FILE_NAME + + echo "${METADATA}" > "$CACHE_FILE_NAME" - name: Cache image metadata uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 @@ -759,6 +769,7 @@ jobs: pubmirror1.math.uh.edu:443 pubmirror3.math.uh.edu:80 quay.io:443 + ghcr.io:443 registry-1.docker.io:443 repo.ialab.dsu.edu:80 repos.eggycrew.com:80 @@ -797,6 +808,7 @@ jobs: objects.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 rekor.sigstore.dev:443 + pkg-containers.githubusercontent.com:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -873,7 +885,9 @@ jobs: id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }} + images: | + ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY_TEST, env.DOCKER_REPOSITORY_TEST, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES != 'true' }} + ${{ format('{0}/{1}{2}', env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.build ) }},enable=${{ env.AUTO_PUSH_IMAGES == 'true' }} context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }} tags: | type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},prefix=${{ matrix.os }}- @@ -882,9 +896,9 @@ jobs: type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && !contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }}-latest type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{matrix.os}}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.os }}- - type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ matrix.os }} + type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' || contains(fromJSON('["workflow_dispatch"]'), github.event_name) }},event=branch,suffix=-${{ matrix.os }} flavor: | - latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }} + latest=${{ (matrix.os == 'alpine') && (!contains(fromJSON('["workflow_dispatch"]'), github.event_name)) && ( needs.init_build.outputs.is_default_branch == 'true' ) }} - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 @@ -899,19 +913,17 @@ jobs: env: CACHE_FILE_NAME: ${{ env.BUILD_CACHE_FILE_NAME }} run: | - BASE_TAG=$(cat "${BUILD_BASE}_${MATRIX_OS}") - BUILD_BASE_IMAGE=${DOCKER_REPOSITORY}/${IMAGES_PREFIX}${BUILD_BASE}@${BASE_TAG} - - echo "::group::Base build image information" - echo "base_tag=${BASE_TAG}" - echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::group::Base build image metadata" + cat "${CACHE_FILE_NAME}" echo "::endgroup::" - echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT - echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + IMAGE_DIGEST=$(jq -r '."containerimage.digest"' "${CACHE_FILE_NAME}") + IMAGE_NAME=$(jq -r '."image.name"' "${CACHE_FILE_NAME}" | cut -d: -f1) + + echo "base_build_image=${IMAGE_NAME}@${IMAGE_DIGEST}" >> $GITHUB_OUTPUT - name: Verify ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} cosign - if: ${{ matrix.build != 'snmptraps' }} + if: ${{ matrix.build != 'snmptraps' && env.AUTO_PUSH_IMAGES == 'true' }} env: BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} OIDC_ISSUER: ${{ env.OIDC_ISSUER }} @@ -936,10 +948,8 @@ jobs: env: BASE_IMAGE_TAG: ${{ steps.base_build.outputs.base_build_image }} run: | - cache_images="" - if [[ ! -z "$BASE_IMAGE_TAG" ]]; then - cache_images="type=gha,scope=$BASE_IMAGE_TAG"$'\n'"type=registry,ref=$BASE_IMAGE_TAG" - fi + cache_from=() + cache_to=() cache_from+=("type=registry,ref=${BASE_IMAGE_TAG}") @@ -947,7 +957,11 @@ jobs: echo "${cache_from[*]}" echo "::endgroup::" - echo "cache_from=$cache_images" >> $GITHUB_OUTPUT + cache_from=$(printf '%s\n' "${cache_from[@]}") + + echo 'cache_from<> "$GITHUB_OUTPUT" + echo "$cache_from" >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" - name: Login to DockerHub if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} @@ -963,15 +977,15 @@ jobs: context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES }} + push: ${{ env.AUTO_PUSH_IMAGES == 'true' }} tags: ${{ steps.meta.outputs.tags }} build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - cache-from: ${{ steps.cache_data.outputs.cache_from }} - name: Sign the images with GitHub OIDC Token + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: DIGEST: ${{ steps.docker_build.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} @@ -993,8 +1007,8 @@ jobs: - name: Image metadata if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: - DIGEST: ${{ steps.docker_build.outputs.digest }} + METADATA: ${{ steps.docker_build.outputs.metadata }} run: | - echo "::group::Image digest" - echo "$DIGEST" + echo "::group::Image metadata" + echo "${METADATA}" echo "::endgroup::" From d94f8ef9d390d44b466596d8dcf687eca4917fe0 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 22:15:38 +0900 Subject: [PATCH 16/54] Updated building images workflow --- .github/workflows/images_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index 0f5635957..ff816205a 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -688,7 +688,7 @@ jobs: permissions: contents: read id-token: write - packages: read + packages: write steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 From 0bbb83cd5490f4ab2fdca6bea85666c72c5b8f38 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 23:13:12 +0900 Subject: [PATCH 17/54] Added workflow to update Red Hat Container Catalog --- .../workflows/rhel_registry_description.yml | 122 ++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 .github/workflows/rhel_registry_description.yml diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml new file mode 100644 index 000000000..2fcae397b --- /dev/null +++ b/.github/workflows/rhel_registry_description.yml @@ -0,0 +1,122 @@ +name: Red Hat Catalog Description + +on: + push: + branches: + - 'trunk' + paths: + - 'Dockerfiles/*/*/README.html' + - '.github/workflows/rhel_registry_description.yml' + workflow_dispatch: + +env: + DOCKERFILES_DIRECTORY: "./Dockerfiles" + API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" + +defaults: + run: + shell: bash + +permissions: + contents: read + +jobs: + init: + name: Initialize build + runs-on: ubuntu-latest + permissions: + contents: read + strategy: + fail-fast: false + matrix: + component: + - agent + - agent2 + - java-gateway + - proxy-mysql + - proxy-sqlite3 + - server-mysql + - snmptraps + - web-nginx-mysql + - web-service + steps: + - name: Block egress traffic + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + disable-sudo: true + egress-policy: audit + allowed-endpoints: > + github.com:443 + hub.docker.com:443 + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 1 + + - name: Get branch info + id: branch_info + shell: bash + env: + github_ref: ${{ github.ref }} + run: | + result=false + sha_short=$(git rev-parse --short HEAD) + + github_ref=${github_ref##*/} + + echo "::group::Branch metadata" + echo "secret_prefix=RHEL_${github_ref//.}" + echo "::endgroup::" + + echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT + + - name: Prepare Zabbix component list + id: components + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE") + + echo "::group::Zabbix Component List" + echo "$component_list" + echo "::endgroup::" + + echo "list=$component_list" >> $GITHUB_OUTPUT + + - name: Variables formating + id: var_format + env: + MATRIX_BUILD: ${{ matrix.build }} + run: | + MATRIX_BUILD=${MATRIX_BUILD^^} + MATRIX_BUILD=${MATRIX_BUILD//-/_} + + echo "::group::Result" + echo "matrix_build=${MATRIX_BUILD}" + echo "::endgroup::" + echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT + + - name: Update Red Hat project description (zabbix-${{ matrix.component }}) + env: + DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README.html', env.DOCKERFILES_DIRECTORY, matrix.build) }} + PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} + PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} + API_URL: ${{ env.API_URL }} + run: | + import requests + import json + import os + + file = open(os.environ["DESCRIPTION_FILE"],mode='r') + repository_description = file.read() + file.close() + + data = dict() + data['container'] = dict() + data['container']['repository_description'] = repository_description[:32768] + + headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} + result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) + print(result) + print(json.loads(r.content)['last_update_date']) From 933171cb01a62f3940df33cf14772ee1620bdebf Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 23:30:29 +0900 Subject: [PATCH 18/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 2fcae397b..62f9c6552 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -12,6 +12,7 @@ on: env: DOCKERFILES_DIRECTORY: "./Dockerfiles" API_URL: "https://catalog.redhat.com/api/containers/v1/projects/certification/id/" + MATRIX_FILE: "build.json" defaults: run: @@ -71,6 +72,16 @@ jobs: echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT + - name: Check ${{ env.MATRIX_FILE }} file + id: build_exists + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + if [[ ! -f "$MATRIX_FILE" ]]; then + echo "::error::File $MATRIX_FILE is missing" + exit 1 + fi + - name: Prepare Zabbix component list id: components env: From 77faa9052f75fb6c29267753b2a88426afa3ebc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 14:31:41 +0000 Subject: [PATCH 19/54] Bump github/codeql-action from 3.24.1 to 3.24.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.1 to 3.24.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e675ced7a7522a761fc9c8eb26682c8b27c42b2b...379614612a29c9e28f31f39a59013eb8012a51f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3aa8ef685..273d6afeb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: sarif_file: results.sarif From 426ed0b1a4ea58d7e1f35ef55d3a2a67a233b2cc Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Mon, 19 Feb 2024 23:58:48 +0900 Subject: [PATCH 20/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 31 +++++++++++++++++++ .../workflows/rhel_registry_description.yml | 29 +++++++---------- 2 files changed, 43 insertions(+), 17 deletions(-) create mode 100644 .github/scripts/rhel_description.py diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py new file mode 100644 index 000000000..124b91343 --- /dev/null +++ b/.github/scripts/rhel_description.py @@ -0,0 +1,31 @@ +import sys +import requests +import json +import markdown +import os + +repository_description = '' + +if ("DESCRIPTION_FILE" not in os.environ): + print("Description file environment variable is not specified") + sys.exit(1) + +if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')): + repository_description=markdown.markdownFromFile(input=os.environ["DESCRIPTION_FILE"] + '.md') +elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): + file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r') + repository_description = file.read() + file.close() + +if (len(repository_description)) == 0: + print("No description") + sys.exit(1) + +data = dict() +data['container'] = dict() +data['container']['repository_description'] = repository_description[:32768] + +headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} +result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) +print(result) +print(json.loads(r.content)['last_update_date']) \ No newline at end of file diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 62f9c6552..e84406bf5 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -69,6 +69,7 @@ jobs: echo "::group::Branch metadata" echo "secret_prefix=RHEL_${github_ref//.}" echo "::endgroup::" + github_ref="64" echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT @@ -108,26 +109,20 @@ jobs: echo "::endgroup::" echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT + - uses: actions/setup-python@v4 + with: + python-version: '3.x' + + - name: install python packages + run: | + python -m pip install --upgrade pip + pip install markdown + - name: Update Red Hat project description (zabbix-${{ matrix.component }}) env: - DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README.html', env.DOCKERFILES_DIRECTORY, matrix.build) }} + DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.build) }} PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} - run: | - import requests - import json - import os + run: python ./github/scripts/rhel_description.py - file = open(os.environ["DESCRIPTION_FILE"],mode='r') - repository_description = file.read() - file.close() - - data = dict() - data['container'] = dict() - data['container']['repository_description'] = repository_description[:32768] - - headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} - result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) - print(result) - print(json.loads(r.content)['last_update_date']) From 6951f6b840d6fd6823645a12ff28d90f8eeb4653 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:19:49 +0900 Subject: [PATCH 21/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index e84406bf5..2dde1e07a 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -124,5 +124,5 @@ jobs: PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} - run: python ./github/scripts/rhel_description.py + run: python ./.github/scripts/rhel_description.py From e6bc802e1e406478a6e7720a4870b8f4ed1d06ff Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:30:31 +0900 Subject: [PATCH 22/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 2dde1e07a..4bc294d70 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -116,7 +116,7 @@ jobs: - name: install python packages run: | python -m pip install --upgrade pip - pip install markdown + pip install markdown requests - name: Update Red Hat project description (zabbix-${{ matrix.component }}) env: From 924691eb4806e6184e411404ab0b7671613b9314 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:32:42 +0900 Subject: [PATCH 23/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 4bc294d70..81291a03a 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -120,7 +120,7 @@ jobs: - name: Update Red Hat project description (zabbix-${{ matrix.component }}) env: - DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.build) }} + DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} From d70750efb653eb296f411d3bd220d8dfbffdee46 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:42:03 +0900 Subject: [PATCH 24/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index 124b91343..6165d7efb 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -4,20 +4,32 @@ import json import markdown import os -repository_description = '' +repository_description = None if ("DESCRIPTION_FILE" not in os.environ): print("Description file environment variable is not specified") sys.exit(1) +if ("PYXIS_API_TOKEN" not in os.environ): + print("API token environment variable is not specified") + sys.exit(1) +if ("API_URL" not in os.environ): + print("API URL environment variable is not specified") + sys.exit(1) +if ("PROJECT_ID" not in os.environ): + print("RedHat project ID environment variable is not specified") + sys.exit(1) if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')): - repository_description=markdown.markdownFromFile(input=os.environ["DESCRIPTION_FILE"] + '.md') + file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r') + markdown_data = file.read() + file.close() + repository_description=markdown.markdown(markdown_data) elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r') repository_description = file.read() file.close() -if (len(repository_description)) == 0: +if (repository_description is None or len(repository_description) == 0): print("No description") sys.exit(1) @@ -28,4 +40,4 @@ data['container']['repository_description'] = repository_description[:32768] headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) print(result) -print(json.loads(r.content)['last_update_date']) \ No newline at end of file +print(json.loads(r.content)['last_update_date']) From 130c2f1a3e8bf7d7f086e03f3dcb1f5400dcff83 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:43:05 +0900 Subject: [PATCH 25/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index 6165d7efb..26c40b8a2 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -40,4 +40,4 @@ data['container']['repository_description'] = repository_description[:32768] headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) print(result) -print(json.loads(r.content)['last_update_date']) +print(json.loads(result.content)['last_update_date']) From 3dec5564210485c24d4c48b61377e078bd95a7c1 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:45:50 +0900 Subject: [PATCH 26/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 81291a03a..f3461f08e 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -69,9 +69,9 @@ jobs: echo "::group::Branch metadata" echo "secret_prefix=RHEL_${github_ref//.}" echo "::endgroup::" - github_ref="64" - echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT + #echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT + echo "secret_prefix=RHEL_64" >> $GITHUB_OUTPUT - name: Check ${{ env.MATRIX_FILE }} file id: build_exists From 7d3c32db6f33dc2e57ed6f21ea3379f151a215ab Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:49:04 +0900 Subject: [PATCH 27/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index f3461f08e..f17e5f482 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -70,8 +70,8 @@ jobs: echo "secret_prefix=RHEL_${github_ref//.}" echo "::endgroup::" - #echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT - echo "secret_prefix=RHEL_64" >> $GITHUB_OUTPUT + echo "zabbix_release=64" >> $GITHUB_OUTPUT + echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT - name: Check ${{ env.MATRIX_FILE }} file id: build_exists @@ -99,7 +99,7 @@ jobs: - name: Variables formating id: var_format env: - MATRIX_BUILD: ${{ matrix.build }} + MATRIX_BUILD: ${{ matrix.component }} run: | MATRIX_BUILD=${MATRIX_BUILD^^} MATRIX_BUILD=${MATRIX_BUILD//-/_} @@ -118,7 +118,7 @@ jobs: python -m pip install --upgrade pip pip install markdown requests - - name: Update Red Hat project description (zabbix-${{ matrix.component }}) + - name: Update Red Hat project description (${{ matrix.component }}-${{ steps.branch_info.outputs.zabbix_release }}) env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} From 85e5ea0c43662089eca647cd29bcff1e559acd81 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:51:54 +0900 Subject: [PATCH 28/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index f17e5f482..8305bdbf0 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -65,6 +65,7 @@ jobs: sha_short=$(git rev-parse --short HEAD) github_ref=${github_ref##*/} + github_ref="6.4" echo "::group::Branch metadata" echo "secret_prefix=RHEL_${github_ref//.}" From 33e3dfaf44f3dbcd60e8c3757b5e2d7c311736b0 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 00:58:59 +0900 Subject: [PATCH 29/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 19 ++++++++++++------- .../workflows/rhel_registry_description.yml | 3 +-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index 26c40b8a2..e16220020 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -6,16 +6,16 @@ import os repository_description = None -if ("DESCRIPTION_FILE" not in os.environ): +if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0): print("Description file environment variable is not specified") sys.exit(1) -if ("PYXIS_API_TOKEN" not in os.environ): +if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0): print("API token environment variable is not specified") sys.exit(1) -if ("API_URL" not in os.environ): +if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0): print("API URL environment variable is not specified") sys.exit(1) -if ("PROJECT_ID" not in os.environ): +if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0): print("RedHat project ID environment variable is not specified") sys.exit(1) @@ -38,6 +38,11 @@ data['container'] = dict() data['container']['repository_description'] = repository_description[:32768] headers = {'accept' : 'application/json', 'X-API-KEY' : os.environ["PYXIS_API_TOKEN"], 'Content-Type' : 'application/json'} -result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], headers = headers, data = json.dumps(data)) -print(result) -print(json.loads(result.content)['last_update_date']) +result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], + headers = headers, + data = json.dumps(data)) + +print("::group::Result") +print("Response code: " + result) +print("Last update date: " + json.loads(result.content)['last_update_date']) +print("::endgroup::") diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 8305bdbf0..5ece50a38 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -65,13 +65,12 @@ jobs: sha_short=$(git rev-parse --short HEAD) github_ref=${github_ref##*/} - github_ref="6.4" echo "::group::Branch metadata" echo "secret_prefix=RHEL_${github_ref//.}" echo "::endgroup::" - echo "zabbix_release=64" >> $GITHUB_OUTPUT + echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT - name: Check ${{ env.MATRIX_FILE }} file From 6fe3e4c6d85a44c0efe9bba28f85421d63e9d28e Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:00:38 +0900 Subject: [PATCH 30/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 5ece50a38..6fe0af902 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -3,9 +3,10 @@ name: Red Hat Catalog Description on: push: branches: - - 'trunk' + - '[0-9]+.[0-9]+' paths: - 'Dockerfiles/*/*/README.html' + - 'Dockerfiles/*/*/README.md' - '.github/workflows/rhel_registry_description.yml' workflow_dispatch: From 02a6d1035ba3300bc5bf19fe536f790c28981fb4 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:02:17 +0900 Subject: [PATCH 31/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index e16220020..5c8bc238d 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -43,6 +43,6 @@ result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], data = json.dumps(data)) print("::group::Result") -print("Response code: " + result) +print("Response code: " + str(result)) print("Last update date: " + json.loads(result.content)['last_update_date']) print("::endgroup::") From 9062b722924d73b589909e18dc0d6b9edb165c43 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:07:02 +0900 Subject: [PATCH 32/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 6fe0af902..4b0ecb485 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -125,5 +125,9 @@ jobs: PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} - run: python ./.github/scripts/rhel_description.py + COMPONENT: ${{ matrix.component }} + ZABBIX_RELEASE: ${{ steps.branch_info.outputs.zabbix_release }} + run: | + python ./.github/scripts/rhel_description.py + echo "https://catalog.redhat.com/software/containers/zabbix/zabbix-${COMPONENT}-${ZABBIX_RELEASE}/${PROJECT_ID}" From 4e3bd6af7d4259f3d8af7d1d59a914c4764f080d Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:07:39 +0900 Subject: [PATCH 33/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index 5c8bc238d..aab8dd470 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -43,6 +43,6 @@ result = requests.patch(os.environ["API_URL"] + os.environ["PROJECT_ID"], data = json.dumps(data)) print("::group::Result") -print("Response code: " + str(result)) +print("Response code: " + str(result.status_code)) print("Last update date: " + json.loads(result.content)['last_update_date']) print("::endgroup::") From dbf1d65b405192e1209961ef0bf3c2a4caf9554e Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:20:28 +0900 Subject: [PATCH 34/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 4b0ecb485..8831451b2 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -46,10 +46,12 @@ jobs: uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: disable-sudo: true - egress-policy: audit + egress-policy: block allowed-endpoints: > + catalog.redhat.com:443 + files.pythonhosted.org:443 github.com:443 - hub.docker.com:443 + pypi.org:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -110,11 +112,12 @@ jobs: echo "::endgroup::" echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT - - uses: actions/setup-python@v4 + - name: Setup Python 3.x + uses: actions/setup-python@v4 with: python-version: '3.x' - - name: install python packages + - name: Install Python packages run: | python -m pip install --upgrade pip pip install markdown requests From 4d0255b5df29c8fa20cbab163a898d48385fa6d7 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 01:21:51 +0900 Subject: [PATCH 35/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 8831451b2..4c4115eae 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -49,7 +49,7 @@ jobs: egress-policy: block allowed-endpoints: > catalog.redhat.com:443 - files.pythonhosted.org:443 + files.pythonhosted.org:443 github.com:443 pypi.org:443 From 7f4f58928b2961b8cb7fcd41149134e4217a200d Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:00:36 +0900 Subject: [PATCH 36/54] Added workflow to update Red Hat Container Catalog --- .../workflows/rhel_registry_description.yml | 56 +++++++++++-------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 4c4115eae..8d1cb25f0 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -24,23 +24,13 @@ permissions: jobs: init: - name: Initialize build + name: Initialize workflow runs-on: ubuntu-latest permissions: contents: read - strategy: - fail-fast: false - matrix: - component: - - agent - - agent2 - - java-gateway - - proxy-mysql - - proxy-sqlite3 - - server-mysql - - snmptraps - - web-nginx-mysql - - web-service + outputs: + components: ${{ steps.components.outputs.list }} + zabbix_release: ${{ steps.branch_info.output.zabbix_release }} steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 @@ -48,10 +38,7 @@ jobs: disable-sudo: true egress-policy: block allowed-endpoints: > - catalog.redhat.com:443 - files.pythonhosted.org:443 github.com:443 - pypi.org:443 - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -74,7 +61,6 @@ jobs: echo "::endgroup::" echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT - echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT - name: Check ${{ env.MATRIX_FILE }} file id: build_exists @@ -99,6 +85,33 @@ jobs: echo "list=$component_list" >> $GITHUB_OUTPUT + publish: + name: Initialize build + runs-on: ubuntu-latest + needs: init + permissions: + contents: read + strategy: + fail-fast: false + matrix: + component: ${{ fromJson(needs.init_build.outputs.components) }} + steps: + - name: Block egress traffic + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + catalog.redhat.com:443 + files.pythonhosted.org:443 + github.com:443 + pypi.org:443 + + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 1 + - name: Variables formating id: var_format env: @@ -122,15 +135,14 @@ jobs: python -m pip install --upgrade pip pip install markdown requests - - name: Update Red Hat project description (${{ matrix.component }}-${{ steps.branch_info.outputs.zabbix_release }}) + - name: Update Red Hat project description (${{ matrix.component }}-${{ needs.branch_info.outputs.zabbix_release }}) env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} - PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', steps.branch_info.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }} + PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.branch_info.outputs.zabbix_release, needs.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} COMPONENT: ${{ matrix.component }} - ZABBIX_RELEASE: ${{ steps.branch_info.outputs.zabbix_release }} + ZABBIX_RELEASE: ${{ needs.branch_info.outputs.zabbix_release }} run: | python ./.github/scripts/rhel_description.py echo "https://catalog.redhat.com/software/containers/zabbix/zabbix-${COMPONENT}-${ZABBIX_RELEASE}/${PROJECT_ID}" - From 9719bcd9eab460e3df5572e1881e4f5f744126f5 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:02:19 +0900 Subject: [PATCH 37/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 8d1cb25f0..4476ffdda 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -94,7 +94,7 @@ jobs: strategy: fail-fast: false matrix: - component: ${{ fromJson(needs.init_build.outputs.components) }} + component: ${{ fromJson(needs.init.outputs.components) }} steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 From 43178fdb0007a4b51aaeae527b940884c68840db Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:04:49 +0900 Subject: [PATCH 38/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 4476ffdda..4b87dd6f7 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -30,7 +30,7 @@ jobs: contents: read outputs: components: ${{ steps.components.outputs.list }} - zabbix_release: ${{ steps.branch_info.output.zabbix_release }} + zabbix_release: ${{ steps.branch_info.outputs.zabbix_release }} steps: - name: Block egress traffic uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 From 20374c2ffea20b130e78d5138d3ccf43068fb8f6 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:09:53 +0900 Subject: [PATCH 39/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 4b87dd6f7..8d06bde51 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -52,12 +52,11 @@ jobs: github_ref: ${{ github.ref }} run: | result=false - sha_short=$(git rev-parse --short HEAD) github_ref=${github_ref##*/} echo "::group::Branch metadata" - echo "secret_prefix=RHEL_${github_ref//.}" + echo "zabbix_release=${github_ref//.}" echo "::endgroup::" echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT @@ -135,14 +134,14 @@ jobs: python -m pip install --upgrade pip pip install markdown requests - - name: Update Red Hat project description (${{ matrix.component }}-${{ needs.branch_info.outputs.zabbix_release }}) + - name: Update Red Hat project description (${{ matrix.component }}-${{ needs.init.outputs.zabbix_release }}) env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} - PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.branch_info.outputs.zabbix_release, needs.var_format.outputs.matrix_build)] }} + PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, needs.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} COMPONENT: ${{ matrix.component }} - ZABBIX_RELEASE: ${{ needs.branch_info.outputs.zabbix_release }} + ZABBIX_RELEASE: ${{ needs.init.outputs.zabbix_release }} run: | python ./.github/scripts/rhel_description.py echo "https://catalog.redhat.com/software/containers/zabbix/zabbix-${COMPONENT}-${ZABBIX_RELEASE}/${PROJECT_ID}" From 80c195bf13f392e909e4ed990b2c1ff1c2dd7358 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:14:58 +0900 Subject: [PATCH 40/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 8d06bde51..b6cb0f169 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -137,7 +137,7 @@ jobs: - name: Update Red Hat project description (${{ matrix.component }}-${{ needs.init.outputs.zabbix_release }}) env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} - PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, needs.var_format.outputs.matrix_build)] }} + PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} COMPONENT: ${{ matrix.component }} From c4d7a71eef1767acc9c1361015610c91d4764b76 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:28:00 +0900 Subject: [PATCH 41/54] Added workflow to update Red Hat Container Catalog --- .../workflows/rhel_registry_description.yml | 37 ++++++++++++------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index b6cb0f169..447ecf19b 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -44,6 +44,17 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 + sparse-checkout: ${{ env.MATRIX_FILE }} + + - name: Check ${{ env.MATRIX_FILE }} file + id: build_exists + env: + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + if [[ ! -f "$MATRIX_FILE" ]]; then + echo "::error::File $MATRIX_FILE is missing" + exit 1 + fi - name: Get branch info id: branch_info @@ -61,16 +72,6 @@ jobs: echo "zabbix_release=${github_ref//.}" >> $GITHUB_OUTPUT - - name: Check ${{ env.MATRIX_FILE }} file - id: build_exists - env: - MATRIX_FILE: ${{ env.MATRIX_FILE }} - run: | - if [[ ! -f "$MATRIX_FILE" ]]; then - echo "::error::File $MATRIX_FILE is missing" - exit 1 - fi - - name: Prepare Zabbix component list id: components env: @@ -134,14 +135,22 @@ jobs: python -m pip install --upgrade pip pip install markdown requests - - name: Update Red Hat project description (${{ matrix.component }}-${{ needs.init.outputs.zabbix_release }}) + - name: Update Red Hat project description env: DESCRIPTION_FILE: ${{ format('{0}/{1}/rhel/README', env.DOCKERFILES_DIRECTORY, matrix.component) }} PROJECT_ID: ${{ secrets[format('RHEL_{0}_{1}_PROJECT', needs.init.outputs.zabbix_release, steps.var_format.outputs.matrix_build)] }} PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} API_URL: ${{ env.API_URL }} - COMPONENT: ${{ matrix.component }} - ZABBIX_RELEASE: ${{ needs.init.outputs.zabbix_release }} run: | python ./.github/scripts/rhel_description.py - echo "https://catalog.redhat.com/software/containers/zabbix/zabbix-${COMPONENT}-${ZABBIX_RELEASE}/${PROJECT_ID}" + + - name: Red Hat Gatalog URL + env: + COMPONENT: ${{ matrix.component }} + MATRIX_FILE: ${{ env.MATRIX_FILE }} + run: | + PROJECT_ID=$(jq -r ".components.\"$COMPONENT\".rhel_project" "$MATRIX_FILE") + + echo "::group::URL" + echo "https://catalog.redhat.com/software/containers/${PROJECT_ID}" + echo "::endgroup::" From 625331fde15bb75612a592b548e11c85f987e398 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 06:29:44 +0000 Subject: [PATCH 42/54] Bump actions/dependency-review-action from 4.1.0 to 4.1.2 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.1.0 to 4.1.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/80f10bf419f34980065523f5efca7ebed17576aa...be8bc500ee15e96754d2a6f2d34be14e945a46f3) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 42af9afce..d56e334aa 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,4 +28,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0 + uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2 From 6137c2ae81aba5cf6e6ceb163204d9cb91944fe9 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:30:31 +0900 Subject: [PATCH 43/54] Added workflow to update Red Hat Container Catalog --- build.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/build.json b/build.json index 4905c9bb5..c965bf123 100644 --- a/build.json +++ b/build.json @@ -33,18 +33,18 @@ "windows-2022": "ltsc2022" }, "components": { - "agent": { "base": "build-mysql", "rhel": true }, - "agent2": { "base": "build-mysql", "rhel": true }, - "java-gateway": { "base": "build-mysql", "rhel": true }, - "proxy-mysql": { "base": "build-mysql", "rhel": true }, - "proxy-sqlite3": { "base": "build-sqlite3", "rhel": true }, - "server-mysql": { "base": "build-mysql", "rhel": true }, + "agent": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e7a9b0ca19f84ed9bad" }, + "agent2": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e0f0483afdd5e26f6f5" }, + "java-gateway": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e3c51aac3123e043e54" }, + "proxy-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e4f8f6bfc30cd1440d8" }, + "proxy-sqlite3": { "base": "build-sqlite3", "rhel": true, "rhel_project": "63f30e273f0b02a2e2cbdad1" }, + "server-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e629b0ca19f84ed9b80" }, "server-pgsql": { "base": "build-pgsql", "rhel": false }, - "snmptraps": { "base": "", "rhel": true }, + "snmptraps": { "base": "", "rhel": true, "rhel_project": "63f30e2d0ef1d13d82d39793" }, "web-apache-mysql": { "base": "build-mysql", "rhel": false }, "web-apache-pgsql": { "base": "build-pgsql", "rhel": false }, - "web-nginx-mysql": { "base": "build-mysql", "rhel": true }, + "web-nginx-mysql": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e478857871bae486514" }, "web-nginx-pgsql": { "base": "build-mysql", "rhel": false }, - "web-service": { "base": "build-mysql", "rhel": true } + "web-service": { "base": "build-mysql", "rhel": true, "rhel_project": "63f30e3a3854c988f07dacbe" } } } From 25fa398e91a6908b3b2aacf3a58bf05aadcd4fed Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:53:14 +0900 Subject: [PATCH 44/54] Added workflow to update Red Hat Container Catalog --- .github/scripts/rhel_description.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index aab8dd470..bafc3a271 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -7,13 +7,13 @@ import os repository_description = None if ("DESCRIPTION_FILE" not in os.environ or len(os.environ["DESCRIPTION_FILE"]) == 0): - print("Description file environment variable is not specified") + print("::error::Description file environment variable is not specified") sys.exit(1) if ("PYXIS_API_TOKEN" not in os.environ or len(os.environ["PYXIS_API_TOKEN"]) == 0): - print("API token environment variable is not specified") + print("::error::API token environment variable is not specified") sys.exit(1) if ("API_URL" not in os.environ or len(os.environ["API_URL"]) == 0): - print("API URL environment variable is not specified") + print("::error::API URL environment variable is not specified") sys.exit(1) if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0): print("RedHat project ID environment variable is not specified") @@ -30,7 +30,7 @@ elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): file.close() if (repository_description is None or len(repository_description) == 0): - print("No description") + print("::error::No description file found") sys.exit(1) data = dict() From 9943eb2590c59a299de04ea488d791b93814de6c Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 15:55:27 +0900 Subject: [PATCH 45/54] Added workflow to update Red Hat Container Catalog --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index 447ecf19b..dd979db32 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -126,7 +126,7 @@ jobs: echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT - name: Setup Python 3.x - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.x' From 5613018141f6501f3256e5c0cb42d7a5a1dd990d Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Tue, 20 Feb 2024 07:25:23 +0000 Subject: [PATCH 46/54] [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot --- .github/workflows/rhel_registry_description.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml index dd979db32..863928f28 100644 --- a/.github/workflows/rhel_registry_description.yml +++ b/.github/workflows/rhel_registry_description.yml @@ -126,7 +126,7 @@ jobs: echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT - name: Setup Python 3.x - uses: actions/setup-python@v5 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.x' From 2981ea136e948cece96faa744633c70b60631926 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 16:32:53 +0900 Subject: [PATCH 47/54] Updated building images workflow --- .github/workflows/dependency-review.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d56e334aa..7c40ff1d6 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,6 +11,7 @@ on: [pull_request] permissions: contents: read + pull-requests: write jobs: dependency-review: From 54370b7c7eb9e07fbf159ef501f1e8f09d02e3bc Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Tue, 20 Feb 2024 17:58:10 +0900 Subject: [PATCH 48/54] Prepared RHEL registry descriptions --- Dockerfiles/server-mysql/rhel/README.md | 279 +++++++++++++++++++++++- 1 file changed, 278 insertions(+), 1 deletion(-) mode change 120000 => 100644 Dockerfiles/server-mysql/rhel/README.md diff --git a/Dockerfiles/server-mysql/rhel/README.md b/Dockerfiles/server-mysql/rhel/README.md deleted file mode 120000 index 32d46ee88..000000000 --- a/Dockerfiles/server-mysql/rhel/README.md +++ /dev/null @@ -1 +0,0 @@ -../README.md \ No newline at end of file diff --git a/Dockerfiles/server-mysql/rhel/README.md b/Dockerfiles/server-mysql/rhel/README.md new file mode 100644 index 000000000..bad7cb9c4 --- /dev/null +++ b/Dockerfiles/server-mysql/rhel/README.md @@ -0,0 +1,278 @@ +![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) + +# What is Zabbix? + +Zabbix is an enterprise-class open source distributed monitoring solution. + +Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning. + +For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com + +# What is Zabbix server? + +Zabbix server is the central process of Zabbix software. + +The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks. + +# Zabbix server images + +Images are updated when new releases are published. + +The image uses MySQL database. It uses the next procedure to start: +- Checking database availability +- If ``MYSQL_ROOT_PASSWORD`` or ``MYSQL_ALLOW_EMPTY_PASSWORD`` are specified, the instance tries to create ``MYSQL_USER`` user with ``MYSQL_PASSWORD`` to use these credentials then for Zabbix server. +- Checking of having `MYSQL_DATABASE` database. Creating `MYSQL_DATABASE` database name if it does not exist +- Checking of having `dbversion` table. Creating Zabbix server database schema and upload initial data sample if no `dbversion` table + +# How to use this image + +## Start `zabbix-server-mysql` + +Start a Zabbix server container as follows: + + podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" --init -d zabbix/zabbix-server-mysql-trunk:tag + +Where `some-zabbix-server-mysql` is the name you want to assign to your container, `some-mysql-server` is IP or DNS name of MySQL server, `some-user` is user to connect to Zabbix database on MySQL server, `some-password` is the password to connect to MySQL server and `tag` is the tag specifying the version you want. + +> [!NOTE] +> Zabbix server has possibility to execute `fping` utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +> `fping: Operation not permitted` +> or +> lost all packets to all resources +> in this case add `--cap-add=net_raw` to `docker run` or `podman run` commands. +> Additionally fping executing in non-root environments can require sysctl modification: +> `net.ipv4.ping_group_range=0 1995` +> where 1995 is `zabbix` GID. + +## Container shell access and viewing Zabbix server logs + +The `podman exec` command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your `zabbix-server-mysql` container: + +```console +$ podman exec -ti some-zabbix-server-mysql /bin/bash +``` + +The Zabbix server log is available through Podman's container log: + +```console +$ podman logs some-zabbix-server-mysql +``` + +## Environment Variables + +When you start the `zabbix-server-mysql` image, you can adjust the configuration of the Zabbix server by passing one or more environment variables on the `podman run` command line. + +### `DB_SERVER_HOST` + +This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server' + +### `DB_SERVER_PORT` + +This variable is port of MySQL server. By default, value is '3306'. + +### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE` + +These variables are used by Zabbix server to connect to Zabbix database. With the `_FILE` variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either `MYSQL_USER` or `MYSQL_USER_FILE`! + +```console +podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag +``` + +With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster! + +```console +printf "zabbix" | docker secret create MYSQL_USER - +printf "zabbix" | docker secret create MYSQL_PASSWORD - +podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag +``` + +This method is also applicable for `MYSQL_ROOT_PASSWORD` with `MYSQL_ROOT_PASSWORD_FILE`. + +By default, values for `MYSQL_USER` and `MYSQL_PASSWORD` are `zabbix`, `zabbix`. + +### `MYSQL_DATABASE` + +The variable is Zabbix database name. By default, value is `zabbix`. + +### `ZBX_LOADMODULE` + +The variable is list of comma separated loadable Zabbix modules. It works with volume ``/var/lib/zabbix/modules``. The syntax of the variable is ``dummy1.so,dummy2.so``. + +### `ZBX_DEBUGLEVEL` + +The variable is used to specify debug level. By default, value is ``3``. It is ``DebugLevel`` parameter in ``zabbix_server.conf``. Allowed values are listed below: +- ``0`` - basic information about starting and stopping of Zabbix processes; +- ``1`` - critical information +- ``2`` - error information +- ``3`` - warnings +- ``4`` - for debugging (produces lots of information) +- ``5`` - extended debugging (produces even more information) + +### `ZBX_TIMEOUT` + +The variable is used to specify timeout for processing checks. By default, value is ``4``. + +### `ZBX_JAVAGATEWAY_ENABLE` + +The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is `false`. + +### Other variables + +Additionally the image allows to specify many other environment variables listed below: + +``` +ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0 +ZBX_DBTLSCONNECT= # Available since 5.0.0 +ZBX_DBTLSCAFILE= # Available since 5.0.0 +ZBX_DBTLSCERTFILE= # Available since 5.0.0 +ZBX_DBTLSKEYFILE= # Available since 5.0.0 +ZBX_DBTLSCIPHER= # Available since 5.0.0 +ZBX_DBTLSCIPHER13= # Available since 5.0.0 +ZBX_VAULTDBPATH= # Available since 5.2.0 +ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0 +VAULT_TOKEN= # Available since 5.2.0 +ZBX_LISTENIP= +ZBX_LISTENPORT=10051 +ZBX_LISTENBACKLOG= +ZBX_STARTREPORTWRITERS=0 # Available since 5.4.0 +ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # Available since 5.4.0 +ZBX_SERVICEMANAGERSYNCFREQUENCY=60 # Available since 6.0.0 +ZBX_HISTORYSTORAGEURL= # Available since 3.4.0 +ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0 +ZBX_STARTPOLLERS=5 +ZBX_IPMIPOLLERS=0 +ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0 +ZBX_STARTCONNECTORS=0 # Available since 6.4.0 +ZBX_STARTPOLLERSUNREACHABLE=1 +ZBX_STARTTRAPPERS=5 +ZBX_STARTPINGERS=1 +ZBX_STARTDISCOVERERS=1 +ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0 +ZBX_STARTHTTPPOLLERS=1 +ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0 +ZBX_STARTTIMERS=1 +ZBX_STARTESCALATORS=1 +ZBX_STARTALERTERS=3 # Available since 3.4.0 +ZBX_JAVAGATEWAY=zabbix-java-gateway +ZBX_JAVAGATEWAYPORT=10052 +ZBX_STARTJAVAPOLLERS=5 +ZBX_STARTLLDPROCESSORS=2 # Available since 4.2.0 +ZBX_STATSALLOWEDIP= # Available since 4.0.5 +ZBX_STARTVMWARECOLLECTORS=0 +ZBX_VMWAREFREQUENCY=60 +ZBX_VMWAREPERFFREQUENCY=60 +ZBX_VMWARECACHESIZE=8M +ZBX_VMWARETIMEOUT=10 +ZBX_ENABLE_SNMP_TRAPS=false +ZBX_SOURCEIP= +ZBX_HOUSEKEEPINGFREQUENCY=1 +ZBX_MAXHOUSEKEEPERDELETE=5000 +ZBX_PROBLEMHOUSEKEEPINGFREQUENCY=60 # Available since 6.0.0 +ZBX_SENDERFREQUENCY=30 # Depcrecated since 3.4.0 +ZBX_CACHESIZE=8M +ZBX_CACHEUPDATEFREQUENCY=10 +ZBX_STARTDBSYNCERS=4 +ZBX_EXPORTFILESIZE=1G # Available since 4.0.0 +ZBX_EXPORTTYPE= # Available since 5.0.10 and 5.2.6 +ZBX_AUTOHANODENAME=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0 +ZBX_HANODENAME= # Available since 6.0.0 +ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0 +ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0 +ZBX_NODEADDRESS=localhost # Available since 6.0.0 +ZBX_HISTORYCACHESIZE=16M +ZBX_HISTORYINDEXCACHESIZE=4M +ZBX_HISTORYSTORAGEDATEINDEX=0 # Available since 4.0.0 +ZBX_TRENDCACHESIZE=4M +ZBX_TRENDFUNCTIONCACHESIZE=4M +ZBX_VALUECACHESIZE=8M +ZBX_TRAPPERTIMEOUT=300 +ZBX_UNREACHABLEPERIOD=45 +ZBX_UNAVAILABLEDELAY=60 +ZBX_UNREACHABLEDELAY=15 +ZBX_LOGSLOWQUERIES=3000 +ZBX_STARTPROXYPOLLERS=1 +ZBX_PROXYCONFIGFREQUENCY=10 +ZBX_PROXYDATAFREQUENCY=1 +ZBX_TLSCAFILE= +ZBX_TLSCRLFILE= +ZBX_TLSCERTFILE= +ZBX_TLSKEYFILE= +ZBX_TLSCIPHERALL= # Available since 4.4.7 +ZBX_TLSCIPHERALL13= # Available since 4.4.7 +ZBX_TLSCIPHERCERT= # Available since 4.4.7 +ZBX_TLSCIPHERCERT13= # Available since 4.4.7 +ZBX_TLSCIPHERPSK= # Available since 4.4.7 +ZBX_TLSCIPHERPSK13= # Available since 4.4.7 + +``` + +Default values of these variables are specified after equal sign. + +The allowed variables are identical of parameters in official ``zabbix_server.conf``. For example, ``ZBX_LOGSLOWQUERIES`` = ``LogSlowQueries``. + +Please use official documentation for [``zabbix_server.conf``](https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server) to get more information about the variables. + +## Allowed volumes for the Zabbix server container + +### ``/usr/lib/zabbix/alertscripts`` + +The volume is used for custom alert scripts. It is `AlertScriptsPath` parameter in ``zabbix_server.conf``. + +### ``/usr/lib/zabbix/externalscripts`` + +The volume is used by External checks (type of items). It is `ExternalScripts` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/modules`` + +The volume allows load additional modules and extend Zabbix server using ``LoadModule`` feature. + +### ``/var/lib/zabbix/enc`` + +The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCRLFILE``, ``ZBX_TLSKEY_FILE`` and ``ZBX_TLSPSKFILE`` variables. + +### ``/var/lib/zabbix/ssh_keys`` + +The volume is used as location of public and private keys for SSH checks and actions. It is `SSHKeyLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/certs`` + +The volume is used as location of of SSL client certificate files for client authentication. It is `SSLCertLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/keys`` + +The volume is used as location of SSL private key files for client authentication. It is `SSLKeyLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/ssl_ca`` + +The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is `SSLCALocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/snmptraps`` + +The volume is used as location of ``snmptraps.log`` file. It could be shared by ``zabbix-snmptraps`` container and inherited using `volumes_from` Podman option while creating new instance of Zabbix server. +SNMP traps processing feature could be enabled using shared volume and switched ``ZBX_ENABLE_SNMP_TRAPS`` environment variable to `true`. + +### ``/var/lib/zabbix/mibs`` + +The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to ``/var/lib/zabbix/mibs``. + +### ``/var/lib/zabbix/export`` + +Directory for real-time export of events, history and trends in newline-delimited JSON format. Could be enabled using ``ZBX_EXPORTFILESIZE`` environment variable. + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-mysql/rhel/) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues). + +### Known issues + +## Contributing + +You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can. + +Before you start to code, we recommend discussing your plans through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing. From 9a75149824313d14977bb7cf9d239d2a7ded8ec7 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 21 Feb 2024 15:05:01 +0900 Subject: [PATCH 49/54] Merge pull request #1248 from zabbix/trunk_readme Updated documentation and prepared documentation for RHEL --- .github/scripts/rhel_description.py | 10 +- Dockerfiles/agent/README.md | 8 +- Dockerfiles/agent/rhel/README.html | 121 ++++++++++++ Dockerfiles/agent2/README.md | 4 +- Dockerfiles/agent2/rhel/README.html | 113 +++++++++++ Dockerfiles/build-base/README.md | 4 +- Dockerfiles/build-mysql/README.md | 6 +- Dockerfiles/build-pgsql/README.md | 6 +- Dockerfiles/build-sqlite3/README.md | 6 +- Dockerfiles/java-gateway/README.md | 8 +- Dockerfiles/java-gateway/rhel/README.html | 47 +++++ Dockerfiles/proxy-mysql/README.md | 8 +- Dockerfiles/proxy-mysql/rhel/README.html | 194 ++++++++++++++++++ Dockerfiles/proxy-sqlite3/README.md | 8 +- Dockerfiles/proxy-sqlite3/rhel/README.html | 163 ++++++++++++++++ Dockerfiles/server-mysql/README.md | 8 +- Dockerfiles/server-mysql/rhel/README.html | 195 +++++++++++++++++++ Dockerfiles/server-pgsql/README.md | 8 +- Dockerfiles/snmptraps/README.md | 8 +- Dockerfiles/snmptraps/rhel/README.html | 45 +++++ Dockerfiles/web-apache-mysql/README.md | 8 +- Dockerfiles/web-apache-pgsql/README.md | 8 +- Dockerfiles/web-nginx-mysql/README.md | 8 +- Dockerfiles/web-nginx-mysql/rhel/README.html | 143 ++++++++++++++ Dockerfiles/web-nginx-pgsql/README.md | 8 +- Dockerfiles/web-service/README.md | 6 +- Dockerfiles/web-service/rhel/README.html | 67 +++++++ 27 files changed, 1122 insertions(+), 96 deletions(-) create mode 100644 Dockerfiles/agent/rhel/README.html create mode 100644 Dockerfiles/agent2/rhel/README.html create mode 100644 Dockerfiles/java-gateway/rhel/README.html create mode 100644 Dockerfiles/proxy-mysql/rhel/README.html create mode 100644 Dockerfiles/proxy-sqlite3/rhel/README.html create mode 100644 Dockerfiles/server-mysql/rhel/README.html create mode 100644 Dockerfiles/snmptraps/rhel/README.html create mode 100644 Dockerfiles/web-nginx-mysql/rhel/README.html create mode 100644 Dockerfiles/web-service/rhel/README.html diff --git a/.github/scripts/rhel_description.py b/.github/scripts/rhel_description.py index bafc3a271..085285611 100644 --- a/.github/scripts/rhel_description.py +++ b/.github/scripts/rhel_description.py @@ -19,15 +19,15 @@ if ("PROJECT_ID" not in os.environ or len(os.environ["PROJECT_ID"]) == 0): print("RedHat project ID environment variable is not specified") sys.exit(1) -if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')): +if (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): + file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r') + repository_description = file.read() + file.close() +elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.md')): file = open(os.environ["DESCRIPTION_FILE"] + '.md', mode='r') markdown_data = file.read() file.close() repository_description=markdown.markdown(markdown_data) -elif (os.path.isfile(os.environ["DESCRIPTION_FILE"] + '.html')): - file = open(os.environ["DESCRIPTION_FILE"] + '.html', mode='r') - repository_description = file.read() - file.close() if (repository_description is None or len(repository_description) == 0): print("::error::No description file found") diff --git a/Dockerfiles/agent/README.md b/Dockerfiles/agent/README.md index 2fac6f7d5..f511a04e7 100644 --- a/Dockerfiles/agent/README.md +++ b/Dockerfiles/agent/README.md @@ -14,16 +14,12 @@ Zabbix agent is deployed on a monitoring target to actively monitor local resour # Zabbix agent images -These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8, Oracle Linux 8, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent are: +These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9, Oracle Linux 9, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent are: - Zabbix agent 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest, ltsc2019-4.0-latest, ltsc2022-4.0-latest) - Zabbix agent 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*, ltsc2019-4.0.*, ltsc2022-4.0.*) Zabbix agent 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest, ltsc2019-5.0-latest, ltsc2022-5.0-latest) Zabbix agent 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*, ltsc2019-5.0.*, ltsc2022-5.0.*) Zabbix agent 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix agent 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*, ltsc2019-6.0.*, ltsc2022-6.0.*) - Zabbix agent 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix agent 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix agent 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, ltsc2019-latest, ltsc2022-latest, latest) Zabbix agent 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix agent 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) @@ -222,7 +218,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/agent/rhel/README.html b/Dockerfiles/agent/rhel/README.html new file mode 100644 index 000000000..3de90838f --- /dev/null +++ b/Dockerfiles/agent/rhel/README.html @@ -0,0 +1,121 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix agent?

+

Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications (hard drives, memory, processor statistics etc).

+

Zabbix agent images

+

These are the only official Zabbix agent Docker images.

+

How to use this image

+

Start zabbix-agent

+

Start a Zabbix agent container as follows:

+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" --init -d zabbix/zabbix-agent:tag
+

Where some-zabbix-agent is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

+

Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

+

This image exposes the standard Zabbix agent port (10050) to perform passive checks, so container linking makes Zabbix agent instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent container:

+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent --init -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server or Zabbix proxy containers (Active checks)

+

This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent instance. Start your application container like this in order to link Zabbix agent to Zabbix server or Zabbix proxy containterns:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-agent:latest
+
+

Container shell access and viewing Zabbix agent logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent container:

+
$ podman exec -ti some-zabbix-agent /bin/bash
+
+

The Zabbix agent log is available through Podman's container log:

+
$ podman logs some-zabbix-agent
+
+

Privileged mode

+

By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent is designed to monitor system resources, to do that Zabbix agent container must be privileged or you may mount some system-wide volumes. For example:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged --init -d zabbix/zabbix-agent:latest
+
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc --init -d zabbix/zabbix-agent:latest
+
+

Environment Variables

+

When you start the zabbix-agent image, you can adjust the configuration of the Zabbix agent by passing one or more environment variables on the podman run command line.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is hostname of the container. It is Hostname parameter in zabbix_agentd.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_agentd.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_PASSIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of passive checks. By default, value is true.

+

ZBX_PASSIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container.

+

ZBX_ACTIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of active checks. By default, value is true.

+

ZBX_ACTIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent container. You may specify port of Zabbix server or Zabbix proxy in such syntax: zabbix-server:10061,zabbix-proxy:10072.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_agentd.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_SOURCEIP=
+ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
+ZBX_LOGREMOTECOMMANDS=0
+ZBX_HEARTBEAT_FREQUENCY=60 # Available since 6.2.0
+ZBX_HOSTINTERFACE= # Available since 4.4.0
+ZBX_HOSTINTERFACEITEM= # Available since 4.4.0
+ZBX_STARTAGENTS=3
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_METADATA=
+ZBX_METADATAITEM=
+ZBX_REFRESHACTIVECHECKS=120
+ZBX_BUFFERSEND=5
+ZBX_BUFFERSIZE=100
+ZBX_MAXLINESPERSECOND=20
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10050
+ZBX_LISTENBACKLOG=
+ZBX_UNSAFEUSERPARAMETERS=0
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+ZBX_DENYKEY=system.run[*] # Available since 5.0.0
+ZBX_ALLOWKEY= # Available since 5.0.0
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_agentd.conf configuration file. For example, ZBX_REFRESHACTIVECHECKS = RefreshActiveChecks.

+

Please use official documentation for zabbix_agentd.conf to get more information about the variables.

+

Allowed volumes for the Zabbix agent container

+

/etc/zabbix/zabbix_agentd.d

+

The volume allows include *.conf files and extend Zabbix agent using UserParameter feature.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix agent using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the agent/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Currently it is not allowed to specify ZBX_ALIAS environment variable. Please use /etc/zabbix/zabbix_agent.d volume with additional configuration files with Alias options.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/agent2/README.md b/Dockerfiles/agent2/README.md index 7235242df..cd9ae775b 100644 --- a/Dockerfiles/agent2/README.md +++ b/Dockerfiles/agent2/README.md @@ -14,14 +14,12 @@ Zabbix agent 2 is deployed on a monitoring target to actively monitor local reso # Zabbix agent 2 images -These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8, Oracle Linux 8, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent 2 are: +These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9, Oracle Linux 9, Windows 10 LTSC 2019 and Windows 11 LTSC 2022 images. The available versions of Zabbix agent 2 are: Zabbix agent 2 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest , ltsc2019-5.0-latest, ltsc2022-5.0-latest) Zabbix agent 2 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*, ltsc2019-5.0.*, ltsc2022-5.0.*) Zabbix agent 2 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix agent 2 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*, ltsc2019-6.0.*, ltsc2022-6.0.*) - Zabbix agent 2 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix agent 2 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix agent 2 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, ltsc2019-latest, ltsc2022-latest, latest) Zabbix agent 2 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix agent 2 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) diff --git a/Dockerfiles/agent2/rhel/README.html b/Dockerfiles/agent2/rhel/README.html new file mode 100644 index 000000000..a41f15006 --- /dev/null +++ b/Dockerfiles/agent2/rhel/README.html @@ -0,0 +1,113 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix agent 2?

+

Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications (hard drives, memory, processor statistics etc).

+

Zabbix agent 2 images

+

Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-agent2

+

Start a Zabbix agent 2 container as follows:

+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" --init -d zabbix/zabbix-agent2:tag
+

Where some-zabbix-agent2 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent 2 configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

+

Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

+

This image exposes the standard Zabbix agent 2 port (10050) to perform passive checks, so container linking makes Zabbix agent 2 instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent 2 container:

+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent2 --init -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server or Zabbix proxy containers (Active checks)

+

This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent 2 instance. Start your application container like this in order to link Zabbix agent 2 to Zabbix server or Zabbix proxy containterns:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-agent2:latest
+
+

Container shell access and viewing Zabbix agent 2 logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent2 container:

+
$ podman exec -ti some-zabbix-agent /bin/bash
+
+

The Zabbix agent 2 log is available through Podman's container log:

+
$ podman logs some-zabbix-agent
+
+

Privileged mode

+

By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent 2 is designed to monitor system resources, to do that Zabbix agent 2 container must be privileged or you may mount some system-wide volumes. For example:

+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged --init -d zabbix/zabbix-agent2:latest
+
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc --init -d zabbix/zabbix-agent2:latest
+
+

Environment Variables

+

When you start the zabbix-agent2 image, you can adjust the configuration of the Zabbix agent 2 by passing one or more environment variables on the podman run command line.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is hostname of the container. It is Hostname parameter in zabbix_agent2.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_agent2.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_PASSIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of passive checks. By default, value is true.

+

ZBX_PASSIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container.

+

ZBX_ACTIVE_ALLOW

+

This variable is boolean (true or false) and enables or disables feature of active checks. By default, value is true.

+

ZBX_ACTIVESERVERS

+

The variable is comma separated list of allowed Zabbix server or proxy hosts for connections to Zabbix agent 2 container. You may specify port of Zabbix server or Zabbix proxy in such syntax: zabbix-server:10061,zabbix-proxy:10072.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_agent2.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ENABLEPERSISTENTBUFFER=false # Available since 5.0.0
+ZBX_PERSISTENTBUFFERPERIOD=1h # Available since 5.0.0
+ZBX_ENABLESTATUSPORT=
+ZBX_SOURCEIP=
+ZBX_HEARTBEAT_FREQUENCY=60 # Available since 6.2.0
+ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
+ZBX_LOGREMOTECOMMANDS=0
+ZBX_STARTAGENTS=3
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_METADATA=
+ZBX_METADATAITEM=
+ZBX_REFRESHACTIVECHECKS=120
+ZBX_BUFFERSEND=5
+ZBX_BUFFERSIZE=100
+ZBX_MAXLINESPERSECOND=20
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_UNSAFEUSERPARAMETERS=0
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_DENYKEY=system.run[*] # Available since 5.0.0
+ZBX_ALLOWKEY= # Available since 5.0.0
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_agent2.conf configuration file. For example, ZBX_REFRESHACTIVECHECKS = RefreshActiveChecks.

+

Please use official documentation for zabbix_agent2.conf to get more information about the variables.

+

Allowed volumes for the Zabbix agent 2 container

+

/etc/zabbix/zabbix_agentd.d

+

The volume allows include *.conf files and extend Zabbix agent 2 using UserParameter feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/buffer

+

The volume is used to store the file, where Zabbix Agent2 should keep SQLite database. To enable the feature specify ZBX_ENABLEPERSISTENTBUFFER=true. Available since 5.0.0.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the agent2/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Currently it is not allowed to specify ZBX_ALIAS environment variable. Please use /etc/zabbix/zabbix_agent.d volume with additional configuration files with Alias options.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/build-base/README.md b/Dockerfiles/build-base/README.md index dc2fa5fd2..3f6afbc8f 100644 --- a/Dockerfiles/build-base/README.md +++ b/Dockerfiles/build-base/README.md @@ -14,14 +14,12 @@ Zabbix build base image is prepared build environment for building Zabbix compon # Zabbix build base images -These are the only official Zabbix build base Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*, ltsc2019-6.2.*, ltsc2022-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*, ltsc2019-6.4.*, ltsc2022-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk, ltsc2019-trunk, ltsc2022-trunk) diff --git a/Dockerfiles/build-mysql/README.md b/Dockerfiles/build-mysql/README.md index 61425ab30..4c655abb5 100644 --- a/Dockerfiles/build-mysql/README.md +++ b/Dockerfiles/build-mysql/README.md @@ -14,16 +14,12 @@ Zabbix build base (MySQL) image is used for building Zabbix components. It conta # Zabbix build base (MySQL) images -These are the only official Zabbix build base (MySQL) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (MySQL) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) diff --git a/Dockerfiles/build-pgsql/README.md b/Dockerfiles/build-pgsql/README.md index 53de14218..a9a528946 100644 --- a/Dockerfiles/build-pgsql/README.md +++ b/Dockerfiles/build-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix build base (PostgreSQL) image is used for building Zabbix components. It # Zabbix build base (PostgreSQL) images -These are the only official Zabbix build base (PostgreSQL) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (PostgreSQL) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) diff --git a/Dockerfiles/build-sqlite3/README.md b/Dockerfiles/build-sqlite3/README.md index d8889cf89..a3bc0367c 100644 --- a/Dockerfiles/build-sqlite3/README.md +++ b/Dockerfiles/build-sqlite3/README.md @@ -14,16 +14,12 @@ Zabbix build base (SQLite3) image is used for building Zabbix components. It con # Zabbix build base (SQLite3) images -These are the only official Zabbix build base (SQLite3) Docker images. They are based on Alpine Linux v3.15, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of the image are: +These are the only official Zabbix build base (SQLite3) Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of the image are: - Zabbix build base 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix build base 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix build base 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix build base 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix build base 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix build base 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix build base 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix build base 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix build base 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix build base 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix build base 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) diff --git a/Dockerfiles/java-gateway/README.md b/Dockerfiles/java-gateway/README.md index 0ca811e6b..bf37d80e1 100644 --- a/Dockerfiles/java-gateway/README.md +++ b/Dockerfiles/java-gateway/README.md @@ -14,16 +14,12 @@ Zabbix Java Gateway performs native support for monitoring JMX applications. Jav # Zabbix Java Gateway images -These are the only official Zabbix Java Gateway Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix Java Gateway are: +These are the only official Zabbix Java Gateway Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix Java Gateway are: - Zabbix Java Gateway 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix Java Gateway 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix Java Gateway 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix Java Gateway 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix Java Gateway 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix Java Gateway 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix Java Gateway 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix Java Gateway 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix Java Gateway 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix Java Gateway 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix Java Gateway 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -120,7 +116,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`java-gateway/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/java-gateway) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`java-gateway/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/java-gateway) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/java-gateway/rhel/README.html b/Dockerfiles/java-gateway/rhel/README.html new file mode 100644 index 000000000..359fe4949 --- /dev/null +++ b/Dockerfiles/java-gateway/rhel/README.html @@ -0,0 +1,47 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix Java Gateway?

+

Zabbix Java Gateway performs native support for monitoring JMX applications. Java gateway accepts incoming connection from Zabbix server or Zabbix proxy and can only be used as a "passive proxy".

+

Zabbix Java Gateway images

+

These are the only official Zabbix Java Gateway Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-java-gateway

+

Start a Zabbix Java Gateway container as follows:

+
podman run --name some-zabbix-java-gateway -d zabbix/zabbix-java-gateway:tag
+

Where some-zabbix-java-gateway is the name you want to assign to your container and tag is the tag specifying the version you want.

+

Linking the container to Zabbix server or Zabbix proxy

+
podman run --name some-zabbix-java-gateway --link some-zabbix-server:zabbix-server -d zabbix/zabbix-java-gateway:tag
+

Container shell access and viewing Zabbix Java Gateway logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-java-gateway container:

+
$ podman exec -ti some-zabbix-java-gateway /bin/bash
+
+

The Zabbix Java Gateway log is available through Podman's container log:

+
$ podman logs  some-zabbix-java-gateway
+
+

Environment Variables

+

When you start the zabbix-java-gateway image, you can adjust the configuration of the Zabbix Java Gateway by passing one or more environment variables on the podman run command line.

+

ZBX_START_POLLERS

+

This variable is specified amount of pollers. By default, value is 5.

+

ZBX_TIMEOUT

+

This variable is used to specify timeout for outgoing connections. By default, value is 3.

+

ZBX_DEBUGLEVEL

+

This variable is used to specify log level. By default, value is info. The variable allows next values: trace, debug, info, want, error, all, off

+

ZBX_PROPERTIES_FILE

+

Name of properties file. Can be used to set additional properties using a key-value format in such a way that they are not visible on a command line or to overwrite existing ones.

+

ZABBIX_OPTIONS

+

Additional arguments for Zabbix Java Gateway. Useful to enable additional libraries and features.

+

Allowed volumes for the Zabbix Java Gateway container

+

/usr/sbin/zabbix_java/ext_lib

+

The volume allows include additional JAR files to extend allowed protocols for Zabbix Java Gateway.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the java-gateway/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/proxy-mysql/README.md b/Dockerfiles/proxy-mysql/README.md index 77abee817..3fc71ba8e 100644 --- a/Dockerfiles/proxy-mysql/README.md +++ b/Dockerfiles/proxy-mysql/README.md @@ -14,16 +14,12 @@ Zabbix proxy is a process that may collect monitoring data from one or more moni # Zabbix proxy images -These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix proxy are: +These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix proxy are: - Zabbix proxy 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix proxy 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix proxy 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix proxy 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix proxy 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix proxy 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix proxy 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix proxy 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix proxy 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix proxy 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix proxy 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -315,7 +311,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-mysql/rhel/README.html b/Dockerfiles/proxy-mysql/rhel/README.html new file mode 100644 index 000000000..38fd1633b --- /dev/null +++ b/Dockerfiles/proxy-mysql/rhel/README.html @@ -0,0 +1,194 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix proxy?

+

Zabbix proxy is a process that may collect monitoring data from one or more monitored devices and send the information to the Zabbix server, essentially working on behalf of the server. All collected data is buffered locally and then transferred to the Zabbix server the proxy belongs to.

+

Zabbix proxy images

+

These are the only official Zabbix proxy Podman images. Images are updated when new releases are published. The image with latest tag is based on Alpine Linux.

+

The image uses MySQL database to store collected data before sending it to Zabbix server. It uses the next procedure to start:

+
    +
  • Checking database availability
    • +
  • If MYSQL_ROOT_PASSWORD or MYSQL_ALLOW_EMPTY_PASSWORD are specified, the instance tries to create MYSQL_USER user with MYSQL_PASSWORD to use these credentials then for Zabbix server.
    • +
  • Checking of having MYSQL_DATABASE database. Creating MYSQL_DATABASE database name if it does not exist
    • +
  • Checking of having dbversion table. Creating Zabbix proxy database schema if no dbversion table
    • +
+

How to use this image

+

Start zabbix-proxy-mysql

+

Start a Zabbix proxy container as follows:

+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+

Where some-zabbix-proxy-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Connects from Zabbix server (Passive proxy)

+

This image exposes the standard Zabbix proxy port (10051) and can operate as Passive proxy in case ZBX_PROXYMODE = 1. Start Zabbix server container like this in order to link it to the Zabbix proxy container:

+
$ podman run --name some-zabbix-server --link some-zabbix-proxy-mysql:zabbix-proxy-mysql --init -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server (Active proxy)

+

This image can operate as Active proxy (default mode). Start your application container like this in order to link Zabbix proxy to Zabbix server containters:

+
$ podman run --name some-zabbix-proxy-mysql --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-proxy-mysql:latest
+
+

Container shell access and viewing Zabbix proxy logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-proxy-mysql container:

+
$ podman exec -ti some-zabbix-proxy-mysql /bin/bash
+
+

The Zabbix proxy log is available through Podman's container log:

+
$ podman logs some-zabbix-proxy-mysql
+
+

Environment Variables

+

When you start the zabbix-proxy-mysql image, you can adjust the configuration of the Zabbix proxy by passing one or more environment variables on the podman run command line.

+

ZBX_PROXYMODE

+

The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is zabbix-proxy-mysql of the container. It is Hostname parameter in zabbix_proxy.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_proxy.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

Note: This parameter is no longer used in version 6.0 and above. Instead, add a colon : followed by the port number to the end of ZBX_SERVER_HOST.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix proxy to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+
+

This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix_proxy.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
+ZBX_DBTLSCONNECT= # Available since 5.0.0
+ZBX_DBTLSCAFILE= # Available since 5.0.0
+ZBX_DBTLSCERTFILE= # Available since 5.0.0
+ZBX_DBTLSKEYFILE= # Available since 5.0.0
+ZBX_DBTLSCIPHER= # Available since 5.0.0
+ZBX_DBTLSCIPHER13= # Available since 5.0.0
+ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_SOURCEIP=
+ZBX_PROXYLOCALBUFFER=0
+ZBX_PROXYOFFLINEBUFFER=1
+ZBX_PROXYHEARTBEATFREQUENCY=60 # Deprecated since 6.4.0
+ZBX_CONFIGFREQUENCY=3600 # Deprecated since 6.4.0
+ZBX_PROXYCONFIGFREQUENCY=10 # Available since 6.4.0
+ZBX_DATASENDERFREQUENCY=1
+ZBX_STARTPOLLERS=5
+ZBX_STARTPREPROCESSORS=3 # Available since 4.2.0
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=1 # Available since 5.4.0 till 6.0.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_CACHESIZE=8M
+ZBX_STARTDBSYNCERS=4
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_proxy.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_proxy.conf to get more information about the variables.

+

Allowed volumes for the Zabbix proxy container

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix proxy using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix proxy. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the proxy-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/proxy-sqlite3/README.md b/Dockerfiles/proxy-sqlite3/README.md index 7717b6ba0..f4fde77e2 100644 --- a/Dockerfiles/proxy-sqlite3/README.md +++ b/Dockerfiles/proxy-sqlite3/README.md @@ -14,16 +14,12 @@ Zabbix proxy is a process that may collect monitoring data from one or more moni # Zabbix proxy images -These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix proxy are: +These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix proxy are: - Zabbix proxy 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix proxy 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix proxy 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix proxy 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix proxy 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix proxy 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix proxy 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix proxy 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix proxy 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix proxy 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix proxy 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -273,7 +269,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-sqlite3/rhel/README.html b/Dockerfiles/proxy-sqlite3/rhel/README.html new file mode 100644 index 000000000..86e176eda --- /dev/null +++ b/Dockerfiles/proxy-sqlite3/rhel/README.html @@ -0,0 +1,163 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix proxy?

+

Zabbix proxy is a process that may collect monitoring data from one or more monitored devices and send the information to the Zabbix server, essentially working on behalf of the server. All collected data is buffered locally and then transferred to the Zabbix server the proxy belongs to.

+

Zabbix proxy images

+

These are the only official Zabbix proxy Podman images. Images are updated when new releases are published.

+

The image uses SQLite3 database to store collected data before sending it to Zabbix server.

+

How to use this image

+

Start zabbix-proxy-sqlite3

+

Start a Zabbix proxy container as follows:

+
podman run --name some-zabbix-proxy-sqlite3 -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-sqlite3:tag
+

Where some-zabbix-proxy-sqlite3 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Connects from Zabbix server (Passive proxy)

+

This image exposes the standard Zabbix proxy port (10051) and can operate as Passive proxy in case ZBX_PROXYMODE = 1. Start Zabbix server container like this in order to link it to the Zabbix proxy container:

+
$ podman run --name some-zabbix-server --link some-zabbix-proxy-sqlite3:zabbix-proxy-sqlite3 --init -d zabbix/zabbix-server:latest
+
+

Connect to Zabbix server (Active proxy)

+

This image can operate as Active proxy (default mode). Start your application container like this in order to link Zabbix proxy to Zabbix server containters:

+
$ podman run --name some-zabbix-proxy-sqlite3 --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-proxy-sqlite3:latest
+
+

Container shell access and viewing Zabbix proxy logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-proxy-sqlite3 container:

+
$ podman exec -ti some-zabbix-proxy-sqlite3 /bin/bash
+
+

The Zabbix proxy log is available through Podman's container log:

+
$ podman logs some-zabbix-proxy-sqlite3
+
+

Environment Variables

+

When you start the zabbix-proxy-sqlite3 image, you can adjust the configuration of the Zabbix proxy by passing one or more environment variables on the podman run command line.

+

ZBX_PROXYMODE

+

The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy.

+

ZBX_HOSTNAME

+

This variable is unique, case sensitive hostname. By default, value is zabbix-proxy-sqlite3 of the container. It is Hostname parameter in zabbix_proxy.conf.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server or Zabbix proxy. By default, value is zabbix-server. It is Server parameter in zabbix_proxy.conf. It is allowed to specify Zabbix server or Zabbix proxy port number using ZBX_SERVER_PORT variable. It make sense in case of non-default port for active checks.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

Note: This parameter is no longer used in version 6.0 and above. Instead, add a colon : followed by the port number to the end of ZBX_SERVER_HOST.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
+ZBX_SOURCEIP=
+ZBX_HOSTNAMEITEM=system.hostname
+ZBX_PROXYLOCALBUFFER=0
+ZBX_PROXYOFFLINEBUFFER=1
+ZBX_PROXYHEARTBEATFREQUENCY=60 # Deprecated since 6.4.0
+ZBX_CONFIGFREQUENCY=3600 # Deprecated since 6.4.0
+ZBX_PROXYCONFIGFREQUENCY=10 # Available since 6.4.0
+ZBX_DATASENDERFREQUENCY=1
+ZBX_STARTPOLLERS=5
+ZBX_STARTPREPROCESSORS=3 # Available since 4.2.0
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=1 # Available since 5.4.0 till 6.0.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_CACHESIZE=8M
+ZBX_STARTDBSYNCERS=4
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_TLSCONNECT=unencrypted
+ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSSERVERCERTISSUER=
+ZBX_TLSSERVERCERTSUBJECT=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSPSKIDENTITY=
+ZBX_TLSPSKFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_proxy.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_proxy.conf to get more information about the variables.

+

Allowed volumes for the Zabbix proxy container

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/db_data

+

The volume stores SQLite3 database file and could be used for external database file storage.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix proxy using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_proxy.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix proxy. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the proxy-sqlite3/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/server-mysql/README.md b/Dockerfiles/server-mysql/README.md index 0d1bbe4f6..fa9f9e07e 100644 --- a/Dockerfiles/server-mysql/README.md +++ b/Dockerfiles/server-mysql/README.md @@ -16,16 +16,12 @@ The server performs the polling and trapping of data, it calculates triggers, se # Zabbix server images -These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix server are: +These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix server are: - Zabbix server 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix server 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix server 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix server 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix server 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix server 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix server 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix server 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix server 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix server 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix server 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -305,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/server-mysql/rhel/README.html b/Dockerfiles/server-mysql/rhel/README.html new file mode 100644 index 000000000..3b18ffe82 --- /dev/null +++ b/Dockerfiles/server-mysql/rhel/README.html @@ -0,0 +1,195 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix server?

+

Zabbix server is the central process of Zabbix software.

+

The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks.

+

Zabbix server images

+

Images are updated when new releases are published.

+

The image uses MySQL database. It uses the next procedure to start:

+
    +
  • Checking database availability
    • +
  • If MYSQL_ROOT_PASSWORD or MYSQL_ALLOW_EMPTY_PASSWORD are specified, the instance tries to create MYSQL_USER user with MYSQL_PASSWORD to use these credentials then for Zabbix server.
    • +
  • Checking of having MYSQL_DATABASE database. Creating MYSQL_DATABASE database name if it does not exist
    • +
  • Checking of having dbversion table. Creating Zabbix server database schema and upload initial data sample if no dbversion table
    • +
+

How to use this image

+

Start zabbix-server-mysql

+

Start a Zabbix server container as follows:

+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" --init -d zabbix/zabbix-server-mysql-trunk:tag
+

Where some-zabbix-server-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server and tag is the tag specifying the version you want.

+
+

[!NOTE] +Zabbix server has possibility to execute fping utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping: +fping: Operation not permitted +or +lost all packets to all resources +in this case add --cap-add=net_raw to docker run or podman run commands. +Additionally fping executing in non-root environments can require sysctl modification: +net.ipv4.ping_group_range=0 1995 +where 1995 is zabbix GID.

+
+

Container shell access and viewing Zabbix server logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-server-mysql container:

+
$ podman exec -ti some-zabbix-server-mysql /bin/bash
+
+

The Zabbix server log is available through Podman's container log:

+
$ podman logs some-zabbix-server-mysql
+
+

Environment Variables

+

When you start the zabbix-server-mysql image, you can adjust the configuration of the Zabbix server by passing one or more environment variables on the podman run command line.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix server to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+
+

This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix.

+

ZBX_LOADMODULE

+

The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. The syntax of the variable is dummy1.so,dummy2.so.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_server.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing checks. By default, value is 4.

+

ZBX_JAVAGATEWAY_ENABLE

+

The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
+ZBX_DBTLSCONNECT= # Available since 5.0.0
+ZBX_DBTLSCAFILE= # Available since 5.0.0
+ZBX_DBTLSCERTFILE= # Available since 5.0.0
+ZBX_DBTLSKEYFILE= # Available since 5.0.0
+ZBX_DBTLSCIPHER= # Available since 5.0.0
+ZBX_DBTLSCIPHER13= # Available since 5.0.0
+ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+ZBX_LISTENIP=
+ZBX_LISTENPORT=10051
+ZBX_LISTENBACKLOG=
+ZBX_STARTREPORTWRITERS=0 # Available since 5.4.0
+ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # Available since 5.4.0
+ZBX_SERVICEMANAGERSYNCFREQUENCY=60 # Available since 6.0.0
+ZBX_HISTORYSTORAGEURL= # Available since 3.4.0
+ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0
+ZBX_STARTPOLLERS=5
+ZBX_IPMIPOLLERS=0
+ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
+ZBX_STARTCONNECTORS=0 # Available since 6.4.0
+ZBX_STARTPOLLERSUNREACHABLE=1
+ZBX_STARTTRAPPERS=5
+ZBX_STARTPINGERS=1
+ZBX_STARTDISCOVERERS=1
+ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0
+ZBX_STARTHTTPPOLLERS=1
+ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+ZBX_STARTTIMERS=1
+ZBX_STARTESCALATORS=1
+ZBX_STARTALERTERS=3 # Available since 3.4.0
+ZBX_JAVAGATEWAY=zabbix-java-gateway
+ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=5
+ZBX_STARTLLDPROCESSORS=2 # Available since 4.2.0
+ZBX_STATSALLOWEDIP= # Available since 4.0.5
+ZBX_STARTVMWARECOLLECTORS=0
+ZBX_VMWAREFREQUENCY=60
+ZBX_VMWAREPERFFREQUENCY=60
+ZBX_VMWARECACHESIZE=8M
+ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=false
+ZBX_SOURCEIP=
+ZBX_HOUSEKEEPINGFREQUENCY=1
+ZBX_MAXHOUSEKEEPERDELETE=5000
+ZBX_PROBLEMHOUSEKEEPINGFREQUENCY=60 # Available since 6.0.0
+ZBX_SENDERFREQUENCY=30 # Depcrecated since 3.4.0
+ZBX_CACHESIZE=8M
+ZBX_CACHEUPDATEFREQUENCY=10
+ZBX_STARTDBSYNCERS=4
+ZBX_EXPORTFILESIZE=1G # Available since 4.0.0
+ZBX_EXPORTTYPE= # Available since 5.0.10 and 5.2.6
+ZBX_AUTOHANODENAME=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+ZBX_HANODENAME= # Available since 6.0.0
+ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
+ZBX_NODEADDRESS=localhost # Available since 6.0.0
+ZBX_HISTORYCACHESIZE=16M
+ZBX_HISTORYINDEXCACHESIZE=4M
+ZBX_HISTORYSTORAGEDATEINDEX=0 # Available since 4.0.0
+ZBX_TRENDCACHESIZE=4M
+ZBX_TRENDFUNCTIONCACHESIZE=4M
+ZBX_VALUECACHESIZE=8M
+ZBX_TRAPPERTIMEOUT=300
+ZBX_UNREACHABLEPERIOD=45
+ZBX_UNAVAILABLEDELAY=60
+ZBX_UNREACHABLEDELAY=15
+ZBX_LOGSLOWQUERIES=3000
+ZBX_STARTPROXYPOLLERS=1
+ZBX_PROXYCONFIGFREQUENCY=10
+ZBX_PROXYDATAFREQUENCY=1
+ZBX_TLSCAFILE=
+ZBX_TLSCRLFILE=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_TLSCIPHERALL= # Available since 4.4.7
+ZBX_TLSCIPHERALL13= # Available since 4.4.7
+ZBX_TLSCIPHERCERT= # Available since 4.4.7
+ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+ZBX_TLSCIPHERPSK= # Available since 4.4.7
+ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+

Default values of these variables are specified after equal sign.

+

The allowed variables are identical of parameters in official zabbix_server.conf. For example, ZBX_LOGSLOWQUERIES = LogSlowQueries.

+

Please use official documentation for zabbix_server.conf to get more information about the variables.

+

Allowed volumes for the Zabbix server container

+

/usr/lib/zabbix/alertscripts

+

The volume is used for custom alert scripts. It is AlertScriptsPath parameter in zabbix_server.conf.

+

/usr/lib/zabbix/externalscripts

+

The volume is used by External checks (type of items). It is ExternalScripts parameter in zabbix_server.conf.

+

/var/lib/zabbix/modules

+

The volume allows load additional modules and extend Zabbix server using LoadModule feature.

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

+

/var/lib/zabbix/ssh_keys

+

The volume is used as location of public and private keys for SSH checks and actions. It is SSHKeyLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/certs

+

The volume is used as location of of SSL client certificate files for client authentication. It is SSLCertLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/keys

+

The volume is used as location of SSL private key files for client authentication. It is SSLKeyLocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/ssl/ssl_ca

+

The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is SSLCALocation parameter in zabbix_server.conf.

+

/var/lib/zabbix/snmptraps

+

The volume is used as location of snmptraps.log file. It could be shared by zabbix-snmptraps container and inherited using volumes_from Podman option while creating new instance of Zabbix server. +SNMP traps processing feature could be enabled using shared volume and switched ZBX_ENABLE_SNMP_TRAPS environment variable to true.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

/var/lib/zabbix/export

+

Directory for real-time export of events, history and trends in newline-delimited JSON format. Could be enabled using ZBX_EXPORTFILESIZE environment variable.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the server-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/server-pgsql/README.md b/Dockerfiles/server-pgsql/README.md index a94e2b9f1..60adcb6d0 100644 --- a/Dockerfiles/server-pgsql/README.md +++ b/Dockerfiles/server-pgsql/README.md @@ -16,16 +16,12 @@ The server performs the polling and trapping of data, it calculates triggers, se # Zabbix server images -These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix server are: +These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix server are: - Zabbix server 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix server 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix server 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix server 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix server 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix server 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix server 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix server 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix server 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix server 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix server 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -305,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/snmptraps/README.md b/Dockerfiles/snmptraps/README.md index 173f7312b..0050d71e8 100644 --- a/Dockerfiles/snmptraps/README.md +++ b/Dockerfiles/snmptraps/README.md @@ -14,16 +14,12 @@ The image is used to receive SNMP traps, store them to a log file and provide ac # Zabbix snmptraps images -These are the only official Zabbix snmptraps Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix snmptraps are: +These are the only official Zabbix snmptraps Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix snmptraps are: - Zabbix snmptraps 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix snmptraps 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix snmptraps 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix snmptraps 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix snmptraps 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix snmptraps 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix snmptraps 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix snmptraps 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix snmptraps 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix snmptraps 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix snmptraps 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -117,7 +113,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/snmptraps/rhel/README.html b/Dockerfiles/snmptraps/rhel/README.html new file mode 100644 index 000000000..3b56bf88a --- /dev/null +++ b/Dockerfiles/snmptraps/rhel/README.html @@ -0,0 +1,45 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is the image?

+

The image is used to receive SNMP traps, store them to a log file and provide access to Zabbix to collected SNMP trap messsages.

+

Zabbix snmptraps images

+

These are the only official Zabbix snmptraps Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-snmptraps

+

Start a Zabbix snmptraps container as follows:

+
podman run --name some-zabbix-snmptraps -p 162:1162/udp -d zabbix/zabbix-snmptraps:tag
+

Where some-zabbix-snmptraps is the name you want to assign to your container and tag is the tag specifying the version you want. See the list above for relevant tags, or look at the full list of tags.

+

Linking Zabbix server or Zabbix proxy with the container

+
podman run --name some-zabbix-server --link some-zabbix-snmptraps:zabbix-snmptraps --volumes-from some-zabbix-snmptraps -d zabbix/zabbix-server:tag
+

Container shell access and viewing Zabbix snmptraps logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-snmptraps container:

+
$ podman exec -ti some-zabbix-snmptraps /bin/bash
+
+

The Zabbix snmptraps log is available through Podman's container log:

+
$ podman logs  some-zabbix-snmptraps
+
+

Environment Variables

+

When you start the zabbix-snmptraps image, you can adjust the configuration by passing one or more environment variables on the podman run command line.

+

ZBX_SNMP_TRAP_DATE_FORMAT

+

This variable is represent date and time format in the output snmptraps.log file. By default, value is +%Y-%m-%dT%T%z. Please, refer to date command man for more details about date and time format.

+

ZBX_SNMP_TRAP_FORMAT

+

This variable is SNMP trap format in the output snmptraps.log file. By default, value is \n, in this case each new variable is placed on new line.

+

ZBX_SNMP_TRAP_USE_DNS

+

This variable manages source network address representation. It can be IP address or DNS of SNMP trap sender. The variable works only when container command is modified and "-n" command argument is removed from argument list. By default, value is false.

+

Allowed volumes for the Zabbix snmptraps container

+

/var/lib/zabbix/snmptraps

+

The volume contains log file snmptraps.log named with received SNMP traps.

+

/var/lib/zabbix/mibs

+

The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the snmptraps/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index b8f36ebd8..747bed00d 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index eca02da6b..f53bd92fe 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index 93b394993..795560c51 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -293,7 +289,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-mysql/rhel/README.html b/Dockerfiles/web-nginx-mysql/rhel/README.html new file mode 100644 index 000000000..3dd2beb4b --- /dev/null +++ b/Dockerfiles/web-nginx-mysql/rhel/README.html @@ -0,0 +1,143 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix web interface?

+

Zabbix web interface is a part of Zabbix software. It is used to manage resources under monitoring and view monitoring statistics.

+

Zabbix web interface images

+

These are the only official Zabbix web interface Podman images. Images are updated when new releases are published.

+

Zabbix web interface available in four editions, but only one as Red Hat Certified container:

+
    +
  • Zabbix web-interface based on Apache2 web server with MySQL database support
    • +
  • Zabbix web-interface based on Apache2 web server with PostgreSQL database support
    • +
  • Zabbix web-interface based on Nginx web server with MySQL database support
    • +
  • Zabbix web-interface based on Nginx web server with PostgreSQL database support
    • +
+

The image based on Nginx web server with MySQL database support.

+

How to use this image

+

Start zabbix-web-nginx-mysql

+

Start a Zabbix web-interface container as follows:

+
podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Where some-zabbix-web-nginx-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server, some-zabbix-server is IP or DNS name of Zabbix server or proxy, some-timezone is PHP like timezone name and tag is the tag specifying the version you want.

+

Linking the container to Zabbix server

+
podman run --name some-zabbix-web-nginx-mysql --link some-zabbix-server:zabbix-server -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Linking the container to MySQL database

+
podman run --name some-zabbix-web-nginx-mysql --link some-mysql-server:mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+

Container shell access and viewing Zabbix web interface logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-web-nginx-mysql container:

+
$ podman exec -ti some-zabbix-web-nginx-mysql /bin/bash
+
+

The Zabbix web interface log is available through Podman's container log:

+
$ podman logs  some-zabbix-web-nginx-mysql
+
+

Environment Variables

+

When you start the zabbix-web-nginx-mysql image, you can adjust the configuration of the Zabbix web interface by passing one or more environment variables on the podman run command line.

+

ZBX_SERVER_HOST

+

This variable is IP or DNS name of Zabbix server. By default, value is zabbix-server.

+

ZBX_SERVER_PORT

+

This variable is port Zabbix server listening on. By default, value is 10051.

+

DB_SERVER_HOST

+

This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'

+

DB_SERVER_PORT

+

This variable is port of MySQL server. By default, value is '3306'.

+

MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

+

These variables are used by Zabbix web-interface to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

+
podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+
+

With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

+
printf "zabbix" | podman secret create MYSQL_USER -
+printf "zabbix" | podman secret create MYSQL_PASSWORD -
+podman run --name some-zabbix-web-nginx-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e PHP_TZ="some-timezone" -d zabbix/zabbix-web-nginx-mysql:tag
+
+

By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

+

MYSQL_DATABASE

+

The variable is Zabbix database name. By default, value is zabbix.

+

ZBX_HISTORYSTORAGEURL

+

History storage HTTP[S] URL. This parameter is used for Elasticsearch setup. Available since 3.4.5.

+

ZBX_HISTORYSTORAGETYPES

+

Array of value types to be sent to the history storage. An example: ['uint', 'dbl']. This parameter is used for Elasticsearch setup. Available since 3.4.5.

+

PHP_TZ

+

The variable is timezone in PHP format. Full list of supported timezones are available on php.net. By default, value is 'Europe/Riga' and system timezone since Zabbix 5.2.0.

+

ZBX_SERVER_NAME

+

The variable is visible Zabbix installation name in right or left top corner of the web interface.

+

DB_DOUBLE_IEEE754

+

Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Available since 5.0.0. Enabled by default.

+

ENABLE_WEB_ACCESS_LOG

+

The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.

+

HTTP_INDEX_FILE

+

The variable controls default index page. By default, index.php.

+

EXPOSE_WEB_SERVER_INFO

+

The variable allows to hide Web server and PHP versions. By default, on.

+

ZBX_MAXEXECUTIONTIME

+

The varable is PHP max_execution_time option. By default, value is 300.

+

ZBX_MEMORYLIMIT

+

The varable is PHP memory_limit option. By default, value is 128M.

+

ZBX_POSTMAXSIZE

+

The varable is PHP post_max_size option. By default, value is 16M.

+

ZBX_UPLOADMAXFILESIZE

+

The varable is PHP upload_max_filesize option. By default, value is 2M.

+

ZBX_MAXINPUTTIME

+

The varable is PHP max_input_time option. By default, value is 300.

+

ZBX_SESSION_NAME

+

The variable is Zabbix frontend definition. String used as the name of the Zabbix frontend session cookie. By default, value is zbx_sessionid.

+

ZBX_DENY_GUI_ACCESS

+

Enable (true) maintenance mode for Zabbix web-interface.

+

ZBX_GUI_ACCESS_IP_RANGE

+

Array of IP addresses which are allowed for accessing to Zabbix web-interface during maintenance period.

+

ZBX_GUI_WARNING_MSG

+

Information message about maintenance period for Zabbix web-interface.

+

ZBX_DB_ENCRYPTION

+

The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if ZBX_DB_ENCRYPTION=true specified. Available since 5.0.0. Disabled by default.

+

ZBX_DB_KEY_FILE

+

The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.

+

ZBX_DB_CERT_FILE

+

The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.

+

ZBX_DB_CA_FILE

+

The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.

+

ZBX_DB_VERIFY_HOST

+

The variable allows to activate host verification. Available since 5.0.0.

+

ZBX_DB_CIPHER_LIST

+

The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.

+

ZBX_SSO_SP_KEY

+

The variable allows to specify a custom file path to the Serivce Provider (SP) private key file.

+

ZBX_SSO_SP_CERT

+

The variable allows to specify a custom file path to the Serivce Provider (SP) cert file.

+

ZBX_SSO_IDP_CERT

+

The variable allows to specify a custom file path to the SAML Certificate provided by the Identity Provider (ID) file.

+

ZBX_SSO_SETTINGS

+

The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.

+

Example of YAML Mapping to Sequences

+
....
+  environment:
+    ZBX_SSO_SETTINGS: "{'baseurl': 'https://zabbix-docker.mydomain.com', 'use_proxy_headers': true, 'strict': false}"
+    ....
+....
+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_VAULTDBPATH= # Available since 5.2.0
+ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+VAULT_TOKEN= # Available since 5.2.0
+
+Allowed PHP-FPM configuration options:
+PHP_FPM_PM=dynamic
+PHP_FPM_PM_MAX_CHILDREN=50
+PHP_FPM_PM_START_SERVERS=5
+PHP_FPM_PM_MIN_SPARE_SERVERS=5
+PHP_FPM_PM_MAX_SPARE_SERVERS=35
+PHP_FPM_PM_MAX_REQUESTS=0
+

Allowed volumes for the Zabbix web interface container

+

/etc/ssl/nginx

+

The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ssl.crt, ssl.key and dhparam.pem prepared for Nginx SSL connections.

+

Please follow official Nginx documentation to get more details about how to create certificate files.

+

/etc/zabbix/web/certs

+

The volume allows to use custom certificates for SAML authentification. The volume must contains three files sp.key, sp.crt and idp.crt. Available since 5.0.0.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the web-nginx-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index ef31b63e1..9344a8285 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -14,16 +14,12 @@ Zabbix web interface is a part of Zabbix software. It is used to manage resource # Zabbix web interface images -These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.12, Ubuntu 20.04 (focal), 22.04 (jammy), CentOS Stream 8 and Oracle Linux 8 images. The available versions of Zabbix web interface are: +These are the only official Zabbix web interface Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy), CentOS Stream 9 and Oracle Linux 9 images. The available versions of Zabbix web interface are: - Zabbix web interface 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) - Zabbix web interface 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) Zabbix web interface 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, ol-5.0-latest) Zabbix web interface 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, ol-5.0.*) Zabbix web interface 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web interface 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web interface 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest) - Zabbix web interface 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web interface 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web interface 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web interface 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -292,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-service/README.md b/Dockerfiles/web-service/README.md index b675422b3..8840b6ff6 100644 --- a/Dockerfiles/web-service/README.md +++ b/Dockerfiles/web-service/README.md @@ -14,12 +14,10 @@ Zabbix web service for performing various tasks using headless web browser (for # Zabbix web service images -These are the only official Zabbix web service Docker images. They are based on Alpine Linux v3.13, Ubuntu 20.04 (focal), 22.04 (jammy) and Oracle Linux 8 images. The available versions of Zabbix web service are: +These are the only official Zabbix web service Docker images. They are based on Alpine Linux v3.19, Ubuntu 22.04 (jammy) and Oracle Linux 9 images. The available versions of Zabbix web service are: Zabbix web service 6.0 (tags: alpine-6.0-latest, ubuntu-6.0-latest, ol-6.0-latest) Zabbix web service 6.0.* (tags: alpine-6.0.*, ubuntu-6.0.*, ol-6.0.*) - Zabbix web service 6.2 (tags: alpine-6.2-latest, ubuntu-6.2-latest, ol-6.2-latest, alpine-latest, ubuntu-latest, ol-latest, latest) - Zabbix web service 6.2.* (tags: alpine-6.2.*, ubuntu-6.2.*, ol-6.2.*) Zabbix web service 6.4 (tags: alpine-6.4-latest, ubuntu-6.4-latest, ol-6.4-latest, alpine-latest, ubuntu-latest, ol-latest, latest) Zabbix web service 6.4.* (tags: alpine-6.4.*, ubuntu-6.4.*, ol-6.4.*) Zabbix web service 7.0 (tags: alpine-trunk, ubuntu-trunk, ol-trunk) @@ -138,7 +136,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/5.4/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-service/rhel/README.html b/Dockerfiles/web-service/rhel/README.html new file mode 100644 index 000000000..545031f97 --- /dev/null +++ b/Dockerfiles/web-service/rhel/README.html @@ -0,0 +1,67 @@ +

logo

+

What is Zabbix?

+

Zabbix is an enterprise-class open source distributed monitoring solution.

+

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.

+

For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com

+

What is Zabbix web service?

+

Zabbix web service for performing various tasks using headless web browser (for example, reporting).

+

Zabbix web service images

+

These are the only official Zabbix web service Podman images. Images are updated when new releases are published.

+

How to use this image

+

Start zabbix-web-service

+

Start a Zabbix web service container as follows:

+
podman run --name some-zabbix-web-service -e ZBX_ALLOWEDIP="some-zabbix-server" --cap-add=SYS_ADMIN -d zabbix/zabbix-web-service:tag
+

Where some-zabbix-web-service is the name you want to assign to your container, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

+

Connects from Zabbix server in other containers

+

This image exposes the standard Zabbix web service port (10053) to perform communication, so container linking makes Zabbix web service instance available to Zabbix server containers. Start your application container like this in order to link it to the Zabbix web service container:

+
$ podman run --name some-zabbix-server --link some-zabbix-web-service:zabbix-web-service -e ZBX_STARTREPORTWRITERS="2" -e ZBX_WEBSERVICEURL="http://some-zabbix-web-service:10053/report" -d zabbix/zabbix-server:latest
+
+

Container shell access and viewing Zabbix web service logs

+

The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-web-service container:

+
$ podman exec -ti some-zabbix-web-service /bin/bash
+
+

The Zabbix web service log is available through Podman's container log:

+
$ podman logs some-zabbix-web-service
+
+

Environment Variables

+

When you start the zabbix-web-service image, you can adjust the configuration of the Zabbix web service by passing one or more environment variables on the podman run command line.

+

ZBX_ALLOWEDIP

+

This variable is IP or DNS name or list of IP / DNS names of Zabbix server. By default, value is zabbix-server.

+

ZBX_LISTENPORT

+

Listen port for incoming request. By default, value is 10053.

+

ZBX_DEBUGLEVEL

+

The variable is used to specify debug level. By default, value is 3. It is DebugLevel parameter in zabbix_web_service.conf. Allowed values are listed below:

+
    +
  • 0 - basic information about starting and stopping of Zabbix processes;
    • +
  • 1 - critical information
    • +
  • 2 - error information
    • +
  • 3 - warnings
    • +
  • 4 - for debugging (produces lots of information)
    • +
  • 5 - extended debugging (produces even more information)
    • +
+

ZBX_TIMEOUT

+

The variable is used to specify timeout for processing requests. By default, value is 3.

+

Other variables

+

Additionally the image allows to specify many other environment variables listed below:

+
ZBX_TLSACCEPT=unencrypted
+ZBX_TLSCAFILE=
+ZBX_TLSCERTFILE=
+ZBX_TLSKEYFILE=
+ZBX_IGNOREURLCERTERRORS=0
+

Default values of these variables are specified after equal sign.

+

Please use official documentation for zabbix_web_service.conf to get more information about the variables.

+

Allowed volumes for the Zabbix web service container

+

/var/lib/zabbix/enc

+

The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCERTFILE and ZBX_TLSKEY_FILE variables.

+

User Feedback

+

Documentation

+

Documentation for this image is stored in the web-service/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+

Issues

+

If you have any problems with or questions about this image, please contact us through a GitHub issue.

+

Known issues

+

Zabbix web services uses Google Chromium with headless mode. Because of restrictions you may see the following error during report generation:

+
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
+

To avoid the issue it is required to add SYS_ADMIN capability for Zabbix web service. The capability is redundant and allow too much.

+

Contributing

+

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

+

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

From 266ad11eafbc71e3d92095852a5a64393699ea57 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 21 Feb 2024 15:13:38 +0900 Subject: [PATCH 50/54] Updated documentation and prepared documentation for RHEL --- Dockerfiles/agent/README.md | 2 +- Dockerfiles/agent2/README.md | 2 +- Dockerfiles/build-base/README.md | 4 ++-- Dockerfiles/build-mysql/README.md | 4 ++-- Dockerfiles/build-pgsql/README.md | 4 ++-- Dockerfiles/build-sqlite3/README.md | 4 ++-- Dockerfiles/java-gateway/README.md | 2 +- Dockerfiles/proxy-mysql/README.md | 2 +- Dockerfiles/proxy-sqlite3/README.md | 2 +- Dockerfiles/server-mysql/README.md | 2 +- Dockerfiles/server-pgsql/README.md | 2 +- Dockerfiles/snmptraps/README.md | 2 +- Dockerfiles/web-apache-mysql/README.md | 2 +- Dockerfiles/web-apache-pgsql/README.md | 2 +- Dockerfiles/web-nginx-mysql/README.md | 2 +- Dockerfiles/web-nginx-pgsql/README.md | 2 +- Dockerfiles/web-service/README.md | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) diff --git a/Dockerfiles/agent/README.md b/Dockerfiles/agent/README.md index f511a04e7..07b075cbe 100644 --- a/Dockerfiles/agent/README.md +++ b/Dockerfiles/agent/README.md @@ -218,7 +218,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`agent/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/agent) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/agent2/README.md b/Dockerfiles/agent2/README.md index cd9ae775b..b8869becb 100644 --- a/Dockerfiles/agent2/README.md +++ b/Dockerfiles/agent2/README.md @@ -208,7 +208,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`agent2/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/agent2) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`agent2/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/agent2) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-base/README.md b/Dockerfiles/build-base/README.md index 3f6afbc8f..ed1d0b287 100644 --- a/Dockerfiles/build-base/README.md +++ b/Dockerfiles/build-base/README.md @@ -28,7 +28,7 @@ Images are updated when new releases are published. The image with ``latest`` ta # How to use this image -The image is required to build Zabbix components. It is base image for [MySQL](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-mysql), [PostgreSQL](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-pgsql) and [SQLite3](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-sqlite3) base images. While the image contains only required packages, MySQL, PostgreSQL and SQLite3 base images compile Zabbix component and prepare them for usage. +The image is required to build Zabbix components. It is base image for [MySQL](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-mysql), [PostgreSQL](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-pgsql) and [SQLite3](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-sqlite3) base images. While the image contains only required packages, MySQL, PostgreSQL and SQLite3 base images compile Zabbix component and prepare them for usage. # The image variants @@ -62,7 +62,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-mysql/README.md b/Dockerfiles/build-mysql/README.md index 4c655abb5..ee6615cb2 100644 --- a/Dockerfiles/build-mysql/README.md +++ b/Dockerfiles/build-mysql/README.md @@ -30,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. # The image variants @@ -64,7 +64,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-pgsql/README.md b/Dockerfiles/build-pgsql/README.md index a9a528946..a6a6e5ad3 100644 --- a/Dockerfiles/build-pgsql/README.md +++ b/Dockerfiles/build-pgsql/README.md @@ -30,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. # The image variants @@ -64,7 +64,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/build-sqlite3/README.md b/Dockerfiles/build-sqlite3/README.md index a3bc0367c..42dc04630 100644 --- a/Dockerfiles/build-sqlite3/README.md +++ b/Dockerfiles/build-sqlite3/README.md @@ -30,7 +30,7 @@ Images are updated when new releases are published. The image with ``latest`` ta The image is used to build / compile Zabbix components. Components are prepared for usage in any other images. -The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. +The image uses [Zabbix build base](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) image with prepared build environment as base image and build / compile Zabbix components only. It contains limited prepared Zabbix components while MySQL and PostgreSQL build base images contain all possible components: * zabbix-agent @@ -70,7 +70,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. +Documentation for this image is stored in the [`build-base/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/build-base) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/java-gateway/README.md b/Dockerfiles/java-gateway/README.md index bf37d80e1..ab22f55ac 100644 --- a/Dockerfiles/java-gateway/README.md +++ b/Dockerfiles/java-gateway/README.md @@ -116,7 +116,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`java-gateway/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/java-gateway) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`java-gateway/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/java-gateway) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-mysql/README.md b/Dockerfiles/proxy-mysql/README.md index 3fc71ba8e..2fa37d242 100644 --- a/Dockerfiles/proxy-mysql/README.md +++ b/Dockerfiles/proxy-mysql/README.md @@ -311,7 +311,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/proxy-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/proxy-sqlite3/README.md b/Dockerfiles/proxy-sqlite3/README.md index f4fde77e2..063977ca7 100644 --- a/Dockerfiles/proxy-sqlite3/README.md +++ b/Dockerfiles/proxy-sqlite3/README.md @@ -269,7 +269,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`proxy-sqlite3/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/proxy-sqlite3) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/server-mysql/README.md b/Dockerfiles/server-mysql/README.md index fa9f9e07e..5f10a4a1a 100644 --- a/Dockerfiles/server-mysql/README.md +++ b/Dockerfiles/server-mysql/README.md @@ -301,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/server-pgsql/README.md b/Dockerfiles/server-pgsql/README.md index 60adcb6d0..5cae0c745 100644 --- a/Dockerfiles/server-pgsql/README.md +++ b/Dockerfiles/server-pgsql/README.md @@ -301,7 +301,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`server-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/snmptraps/README.md b/Dockerfiles/snmptraps/README.md index 0050d71e8..e51807a30 100644 --- a/Dockerfiles/snmptraps/README.md +++ b/Dockerfiles/snmptraps/README.md @@ -113,7 +113,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`snmptraps/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/snmptraps) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index 747bed00d..dabc54eaf 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -288,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-apache-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index f53bd92fe..0b750eab6 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -288,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-apache-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-apache-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index 795560c51..f248167d7 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -289,7 +289,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-nginx-mysql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index 9344a8285..6a602b609 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -288,7 +288,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-nginx-pgsql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-nginx-pgsql) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues diff --git a/Dockerfiles/web-service/README.md b/Dockerfiles/web-service/README.md index 8840b6ff6..33ccf9cbd 100644 --- a/Dockerfiles/web-service/README.md +++ b/Dockerfiles/web-service/README.md @@ -136,7 +136,7 @@ Please see [the Docker installation documentation](https://docs.docker.com/insta ## Documentation -Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request. +Documentation for this image is stored in the [`web-service/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/web-service) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request. ## Issues From 0ac511fa4988518e626d007ccddf7e1f331a1500 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 21 Feb 2024 15:22:01 +0900 Subject: [PATCH 51/54] Updated documentation and prepared documentation for RHEL --- Dockerfiles/agent/rhel/README.html | 12 ++++++------ Dockerfiles/agent2/rhel/README.html | 12 ++++++------ Dockerfiles/java-gateway/rhel/README.html | 2 +- Dockerfiles/proxy-mysql/rhel/README.html | 12 ++++++------ Dockerfiles/proxy-sqlite3/rhel/README.html | 4 ++-- Dockerfiles/server-mysql/rhel/README.html | 8 ++++---- Dockerfiles/server-mysql/rhel/README.md | 8 ++++---- Dockerfiles/snmptraps/rhel/README.html | 2 +- Dockerfiles/web-nginx-mysql/rhel/README.html | 2 +- Dockerfiles/web-service/rhel/README.html | 2 +- 10 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Dockerfiles/agent/rhel/README.html b/Dockerfiles/agent/rhel/README.html index 3de90838f..9ae68852c 100644 --- a/Dockerfiles/agent/rhel/README.html +++ b/Dockerfiles/agent/rhel/README.html @@ -10,15 +10,15 @@

How to use this image

Start zabbix-agent

Start a Zabbix agent container as follows:

-
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" --init -d zabbix/zabbix-agent:tag
+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" -d zabbix/zabbix-agent:tag
 
Where some-zabbix-agent is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

 
Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

 
This image exposes the standard Zabbix agent port (10050) to perform passive checks, so container linking makes Zabbix agent instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent container:

-
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent --init -d zabbix/zabbix-server:latest
+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent -d zabbix/zabbix-server:latest
 

 
Connect to Zabbix server or Zabbix proxy containers (Active checks)

 
This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent instance. Start your application container like this in order to link Zabbix agent to Zabbix server or Zabbix proxy containterns:

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-agent:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -d zabbix/zabbix-agent:latest
 

 
Container shell access and viewing Zabbix agent logs

 
The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent container:

@@ -29,9 +29,9 @@
 

 
Privileged mode

 
By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent is designed to monitor system resources, to do that Zabbix agent container must be privileged or you may mount some system-wide volumes. For example:

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged --init -d zabbix/zabbix-agent:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged -d zabbix/zabbix-agent:latest
 

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc --init -d zabbix/zabbix-agent:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc -d zabbix/zabbix-agent:latest
 

 
Environment Variables

 
When you start the zabbix-agent image, you can adjust the configuration of the Zabbix agent by passing one or more environment variables on the podman run command line.

@@ -111,7 +111,7 @@
 
The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCRLFILE, ZBX_TLSKEY_FILE and ZBX_TLSPSKFILE variables.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the agent/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the agent/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/agent2/rhel/README.html b/Dockerfiles/agent2/rhel/README.html
index a41f15006..18f5d026b 100644
--- a/Dockerfiles/agent2/rhel/README.html
+++ b/Dockerfiles/agent2/rhel/README.html
@@ -10,15 +10,15 @@
 
How to use this image

 
Start zabbix-agent2

 
Start a Zabbix agent 2 container as follows:

-
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" --init -d zabbix/zabbix-agent2:tag
+
podman run --name some-zabbix-agent -e ZBX_HOSTNAME="some-hostname" -e ZBX_SERVER_HOST="some-zabbix-server" -d zabbix/zabbix-agent2:tag
 
Where some-zabbix-agent2 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix agent 2 configuration file, some-zabbix-server is IP or DNS name of Zabbix server or proxy and tag is the tag specifying the version you want.

 
Connects from Zabbix server or Zabbix proxy in other containers (Passive checks)

 
This image exposes the standard Zabbix agent 2 port (10050) to perform passive checks, so container linking makes Zabbix agent 2 instance available to Zabbix server and Zabbix proxy containers. Start your application container like this in order to link it to the Zabbix agent 2 container:

-
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent2 --init -d zabbix/zabbix-server:latest
+
$ podman run --name some-zabbix-server --link some-zabbix-agent:zabbix-agent2 -d zabbix/zabbix-server:latest
 

 
Connect to Zabbix server or Zabbix proxy containers (Active checks)

 
This image supports perform active checks, so container linking makes Zabbix server and Zabbix proxy containers available to Zabbix agent 2 instance. Start your application container like this in order to link Zabbix agent 2 to Zabbix server or Zabbix proxy containterns:

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-agent2:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -d zabbix/zabbix-agent2:latest
 

 
Container shell access and viewing Zabbix agent 2 logs

 
The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-agent2 container:

@@ -29,9 +29,9 @@
 

 
Privileged mode

 
By default, Podman containers are "unprivileged" and do not have access to the most of host resources. Zabbix agent 2 is designed to monitor system resources, to do that Zabbix agent 2 container must be privileged or you may mount some system-wide volumes. For example:

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged --init -d zabbix/zabbix-agent2:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server --privileged -d zabbix/zabbix-agent2:latest
 

-
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc --init -d zabbix/zabbix-agent2:latest
+
$ podman run --name some-zabbix-agent --link some-zabbix-server:zabbix-server -v /dev/sdc:/dev/sdc -d zabbix/zabbix-agent2:latest
 

 
Environment Variables

 
When you start the zabbix-agent2 image, you can adjust the configuration of the Zabbix agent 2 by passing one or more environment variables on the podman run command line.

@@ -103,7 +103,7 @@
 
The volume is used to store the file, where Zabbix Agent2 should keep SQLite database. To enable the feature specify ZBX_ENABLEPERSISTENTBUFFER=true. Available since 5.0.0.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the agent2/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the agent2/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/java-gateway/rhel/README.html b/Dockerfiles/java-gateway/rhel/README.html
index 359fe4949..de58ecb77 100644
--- a/Dockerfiles/java-gateway/rhel/README.html
+++ b/Dockerfiles/java-gateway/rhel/README.html
@@ -38,7 +38,7 @@
 
The volume allows include additional JAR files to extend allowed protocols for Zabbix Java Gateway.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the java-gateway/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the java-gateway/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/proxy-mysql/rhel/README.html b/Dockerfiles/proxy-mysql/rhel/README.html
index 38fd1633b..45dfa7d19 100644
--- a/Dockerfiles/proxy-mysql/rhel/README.html
+++ b/Dockerfiles/proxy-mysql/rhel/README.html
@@ -17,7 +17,7 @@
 
How to use this image

 
Start zabbix-proxy-mysql

 
Start a Zabbix proxy container as follows:

-
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
 
Where some-zabbix-proxy-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

 

 
[!NOTE]
@@ -32,11 +32,11 @@ where 1995 is zabbix GID.

 

 
Connects from Zabbix server (Passive proxy)

 
This image exposes the standard Zabbix proxy port (10051) and can operate as Passive proxy in case ZBX_PROXYMODE = 1. Start Zabbix server container like this in order to link it to the Zabbix proxy container:

-
$ podman run --name some-zabbix-server --link some-zabbix-proxy-mysql:zabbix-proxy-mysql --init -d zabbix/zabbix-server:latest
+
$ podman run --name some-zabbix-server --link some-zabbix-proxy-mysql:zabbix-proxy-mysql  -d zabbix/zabbix-server:latest
 

 
Connect to Zabbix server (Active proxy)

 
This image can operate as Active proxy (default mode). Start your application container like this in order to link Zabbix proxy to Zabbix server containters:

-
$ podman run --name some-zabbix-proxy-mysql --link some-zabbix-server:zabbix-server --init -d zabbix/zabbix-proxy-mysql:latest
+
$ podman run --name some-zabbix-proxy-mysql --link some-zabbix-server:zabbix-server -d zabbix/zabbix-proxy-mysql:latest
 

 
Container shell access and viewing Zabbix proxy logs

 
The podman exec command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your zabbix-proxy-mysql container:

@@ -62,12 +62,12 @@ where 1995 is zabbix GID.

 
This variable is port of MySQL server. By default, value is '3306'.

 
MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

 
These variables are used by Zabbix proxy to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

-
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+
podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
 

 
With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

 
printf "zabbix" | podman secret create MYSQL_USER -
 printf "zabbix" | podman secret create MYSQL_PASSWORD -
-podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-mysql:tag
+podman run --name some-zabbix-proxy-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -e ZBX_SERVER_HOST="some-zabbix-server" -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-mysql:tag
 

 
This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

 
By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

@@ -185,7 +185,7 @@ SNMP traps processing feature could be enabled using shared volume and switched
 
The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the proxy-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the proxy-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/proxy-sqlite3/rhel/README.html b/Dockerfiles/proxy-sqlite3/rhel/README.html
index 86e176eda..517396823 100644
--- a/Dockerfiles/proxy-sqlite3/rhel/README.html
+++ b/Dockerfiles/proxy-sqlite3/rhel/README.html
@@ -11,7 +11,7 @@
 
How to use this image

 
Start zabbix-proxy-sqlite3

 
Start a Zabbix proxy container as follows:

-
podman run --name some-zabbix-proxy-sqlite3 -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server --init -d zabbix/zabbix-proxy-sqlite3:tag
+
podman run --name some-zabbix-proxy-sqlite3 -e ZBX_HOSTNAME=some-hostname -e ZBX_SERVER_HOST=some-zabbix-server -d zabbix/zabbix-proxy-sqlite3:tag
 
Where some-zabbix-proxy-sqlite3 is the name you want to assign to your container, some-hostname is the hostname, it is Hostname parameter in Zabbix proxy configuration file, some-zabbix-server is IP or DNS name of Zabbix server and tag is the tag specifying the version you want.

 

 
[!NOTE]
@@ -154,7 +154,7 @@ SNMP traps processing feature could be enabled using shared volume and switched
 
The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the proxy-sqlite3/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the proxy-sqlite3/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/server-mysql/rhel/README.html b/Dockerfiles/server-mysql/rhel/README.html
index 3b18ffe82..16d319419 100644
--- a/Dockerfiles/server-mysql/rhel/README.html
+++ b/Dockerfiles/server-mysql/rhel/README.html
@@ -18,7 +18,7 @@
 
How to use this image

 
Start zabbix-server-mysql

 
Start a Zabbix server container as follows:

-
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" --init -d zabbix/zabbix-server-mysql-trunk:tag
+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -d zabbix/zabbix-server-mysql:tag
 
Where some-zabbix-server-mysql is the name you want to assign to your container, some-mysql-server is IP or DNS name of MySQL server, some-user is user to connect to Zabbix database on MySQL server, some-password is the password to connect to MySQL server and tag is the tag specifying the version you want.

 

 
[!NOTE]
@@ -46,12 +46,12 @@ where 1995 is zabbix GID.

 
This variable is port of MySQL server. By default, value is '3306'.

 
MYSQL_USER, MYSQL_PASSWORD, MYSQL_USER_FILE, MYSQL_PASSWORD_FILE

 
These variables are used by Zabbix server to connect to Zabbix database. With the _FILE variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either MYSQL_USER or MYSQL_USER_FILE!

-
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+
podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
 

 
With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!

 
printf "zabbix" | podman secret create MYSQL_USER -
 printf "zabbix" | podman secret create MYSQL_PASSWORD -
-podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
 

 
This method is also applicable for MYSQL_ROOT_PASSWORD with MYSQL_ROOT_PASSWORD_FILE.

 
By default, values for MYSQL_USER and MYSQL_PASSWORD are zabbix, zabbix.

@@ -186,7 +186,7 @@ SNMP traps processing feature could be enabled using shared volume and switched
 
Directory for real-time export of events, history and trends in newline-delimited JSON format. Could be enabled using ZBX_EXPORTFILESIZE environment variable.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the server-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the server-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/server-mysql/rhel/README.md b/Dockerfiles/server-mysql/rhel/README.md
index bad7cb9c4..00001a3c1 100644
--- a/Dockerfiles/server-mysql/rhel/README.md
+++ b/Dockerfiles/server-mysql/rhel/README.md
@@ -30,7 +30,7 @@ The image uses MySQL database. It uses the next procedure to start:
 
 Start a Zabbix server container as follows:
 
-    podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" --init -d zabbix/zabbix-server-mysql-trunk:tag
+    podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -d zabbix/zabbix-server-mysql:tag
 
 Where `some-zabbix-server-mysql` is the name you want to assign to your container, `some-mysql-server` is IP or DNS name of MySQL server, `some-user` is user to connect to Zabbix database on MySQL server, `some-password` is the password to connect to MySQL server and `tag` is the tag specifying the version you want.
 
@@ -75,7 +75,7 @@ This variable is port of MySQL server. By default, value is '3306'.
 These variables are used by Zabbix server to connect to Zabbix database. With the `_FILE` variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either `MYSQL_USER` or `MYSQL_USER_FILE`!
 
 ```console
-podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
 ```
 
 With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!
@@ -83,7 +83,7 @@ With Docker Swarm or Kubernetes this works with secrets. That way it is replicat
 ```console
 printf "zabbix" | docker secret create MYSQL_USER -
 printf "zabbix" | docker secret create MYSQL_PASSWORD -
-podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD --init -d zabbix/zabbix-server-mysql:tag
+podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
 ```
 
 This method is also applicable for `MYSQL_ROOT_PASSWORD` with `MYSQL_ROOT_PASSWORD_FILE`.
@@ -263,7 +263,7 @@ Directory for real-time export of events, history and trends in newline-delimite
 
 ## Documentation
 
-Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/trunk/Dockerfiles/server-mysql/rhel/) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/trunk/README.md) before attempting a pull request.
+Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-mysql/rhel/) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request.
 
 ## Issues
 
diff --git a/Dockerfiles/snmptraps/rhel/README.html b/Dockerfiles/snmptraps/rhel/README.html
index 3b56bf88a..4caa38c8b 100644
--- a/Dockerfiles/snmptraps/rhel/README.html
+++ b/Dockerfiles/snmptraps/rhel/README.html
@@ -36,7 +36,7 @@
 
The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to /var/lib/zabbix/mibs.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the snmptraps/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the snmptraps/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/web-nginx-mysql/rhel/README.html b/Dockerfiles/web-nginx-mysql/rhel/README.html
index 3dd2beb4b..55b4e20d9 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/README.html
+++ b/Dockerfiles/web-nginx-mysql/rhel/README.html
@@ -134,7 +134,7 @@ Allowed PHP-FPM configuration options:
 
The volume allows to use custom certificates for SAML authentification. The volume must contains three files sp.key, sp.crt and idp.crt. Available since 5.0.0.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the web-nginx-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the web-nginx-mysql/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues

diff --git a/Dockerfiles/web-service/rhel/README.html b/Dockerfiles/web-service/rhel/README.html
index 545031f97..82f33b76c 100644
--- a/Dockerfiles/web-service/rhel/README.html
+++ b/Dockerfiles/web-service/rhel/README.html
@@ -55,7 +55,7 @@
 
The volume is used to store TLS related files. These file names are specified using ZBX_TLSCAFILE, ZBX_TLSCERTFILE and ZBX_TLSKEY_FILE variables.

 
User Feedback

 
Documentation

-
Documentation for this image is stored in the web-service/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

+
Documentation for this image is stored in the web-service/ directory of the zabbix/zabbix-docker GitHub repo. Be sure to familiarize yourself with the repository's README.md file before attempting a pull request.

 
Issues

 
If you have any problems with or questions about this image, please contact us through a GitHub issue.

 
Known issues


From 34445ec7f91933291868c8471f127eb030991b38 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov 
Date: Wed, 21 Feb 2024 15:31:32 +0900
Subject: [PATCH 52/54] Updated documentation and prepared documentation for
 RHEL

---
 Dockerfiles/agent/rhel/README.md           |   1 -
 Dockerfiles/agent2/rhel/README.md          |   1 -
 Dockerfiles/build-base/rhel/README.md      |   1 -
 Dockerfiles/build-mysql/rhel/README.md     |   1 -
 Dockerfiles/build-sqlite3/rhel/README.md   |   1 -
 Dockerfiles/java-gateway/rhel/README.md    |   1 -
 Dockerfiles/proxy-mysql/rhel/README.md     |   1 -
 Dockerfiles/proxy-sqlite3/rhel/README.md   |   1 -
 Dockerfiles/server-mysql/rhel/README.md    | 278 ---------------------
 Dockerfiles/snmptraps/rhel/README.md       |   1 -
 Dockerfiles/web-nginx-mysql/rhel/README.md |   1 -
 Dockerfiles/web-service/rhel/README.md     |   1 -
 12 files changed, 289 deletions(-)
 delete mode 120000 Dockerfiles/agent/rhel/README.md
 delete mode 120000 Dockerfiles/agent2/rhel/README.md
 delete mode 120000 Dockerfiles/build-base/rhel/README.md
 delete mode 120000 Dockerfiles/build-mysql/rhel/README.md
 delete mode 120000 Dockerfiles/build-sqlite3/rhel/README.md
 delete mode 120000 Dockerfiles/java-gateway/rhel/README.md
 delete mode 120000 Dockerfiles/proxy-mysql/rhel/README.md
 delete mode 120000 Dockerfiles/proxy-sqlite3/rhel/README.md
 delete mode 100644 Dockerfiles/server-mysql/rhel/README.md
 delete mode 120000 Dockerfiles/snmptraps/rhel/README.md
 delete mode 120000 Dockerfiles/web-nginx-mysql/rhel/README.md
 delete mode 120000 Dockerfiles/web-service/rhel/README.md

diff --git a/Dockerfiles/agent/rhel/README.md b/Dockerfiles/agent/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/agent/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/agent2/rhel/README.md b/Dockerfiles/agent2/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/agent2/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/build-base/rhel/README.md b/Dockerfiles/build-base/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/build-base/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/build-mysql/rhel/README.md b/Dockerfiles/build-mysql/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/build-mysql/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/build-sqlite3/rhel/README.md b/Dockerfiles/build-sqlite3/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/build-sqlite3/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/java-gateway/rhel/README.md b/Dockerfiles/java-gateway/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/java-gateway/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/proxy-mysql/rhel/README.md b/Dockerfiles/proxy-mysql/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/proxy-mysql/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/proxy-sqlite3/rhel/README.md b/Dockerfiles/proxy-sqlite3/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/proxy-sqlite3/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/server-mysql/rhel/README.md b/Dockerfiles/server-mysql/rhel/README.md
deleted file mode 100644
index 00001a3c1..000000000
--- a/Dockerfiles/server-mysql/rhel/README.md
+++ /dev/null
@@ -1,278 +0,0 @@
-![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png)
-
-# What is Zabbix?
-
-Zabbix is an enterprise-class open source distributed monitoring solution.
-
-Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning.
-
-For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com
-
-# What is Zabbix server?
-
-Zabbix server is the central process of Zabbix software.
-
-The server performs the polling and trapping of data, it calculates triggers, sends notifications to users. It is the central component to which Zabbix agents and proxies report data on availability and integrity of systems. The server can itself remotely check networked services (such as web servers and mail servers) using simple service checks.
-
-# Zabbix server images
-
-Images are updated when new releases are published.
-
-The image uses MySQL database. It uses the next procedure to start:
-- Checking database availability
-- If ``MYSQL_ROOT_PASSWORD`` or ``MYSQL_ALLOW_EMPTY_PASSWORD`` are specified, the instance tries to create ``MYSQL_USER`` user with ``MYSQL_PASSWORD`` to use these credentials then for Zabbix server.
-- Checking of having `MYSQL_DATABASE` database. Creating `MYSQL_DATABASE` database name if it does not exist
-- Checking of having `dbversion` table. Creating Zabbix server database schema and upload initial data sample if no `dbversion` table
-
-# How to use this image
-
-## Start `zabbix-server-mysql`
-
-Start a Zabbix server container as follows:
-
-    podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER="some-user" -e MYSQL_PASSWORD="some-password" -d zabbix/zabbix-server-mysql:tag
-
-Where `some-zabbix-server-mysql` is the name you want to assign to your container, `some-mysql-server` is IP or DNS name of MySQL server, `some-user` is user to connect to Zabbix database on MySQL server, `some-password` is the password to connect to MySQL server and `tag` is the tag specifying the version you want.
-
-> [!NOTE]
-> Zabbix server has possibility to execute `fping` utility to perform ICMP checks. When containers are running in rootless mode or with specific restrictions environment, you may face errors related to fping:
-> `fping: Operation not permitted`
-> or
-> lost all packets to all resources
-> in this case add `--cap-add=net_raw` to `docker run` or `podman run` commands.
-> Additionally fping executing in non-root environments can require sysctl modification:
-> `net.ipv4.ping_group_range=0 1995`
-> where 1995 is `zabbix` GID.
-
-## Container shell access and viewing Zabbix server logs
-
-The `podman exec` command allows you to run commands inside a Podman container. The following command line will give you a bash shell inside your `zabbix-server-mysql` container:
-
-```console
-$ podman exec -ti some-zabbix-server-mysql /bin/bash
-```
-
-The Zabbix server log is available through Podman's container log:
-
-```console
-$ podman logs some-zabbix-server-mysql
-```
-
-## Environment Variables
-
-When you start the `zabbix-server-mysql` image, you can adjust the configuration of the Zabbix server by passing one or more environment variables on the `podman run` command line.
-
-### `DB_SERVER_HOST`
-
-This variable is IP or DNS name of MySQL server. By default, value is 'mysql-server'
-
-### `DB_SERVER_PORT`
-
-This variable is port of MySQL server. By default, value is '3306'.
-
-### `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_USER_FILE`, `MYSQL_PASSWORD_FILE`
-
-These variables are used by Zabbix server to connect to Zabbix database. With the `_FILE` variables you can instead provide the path to a file which contains the user / the password instead. Without Docker Swarm or Kubernetes you also have to map the files. Those are exclusive so you can just provide one type - either `MYSQL_USER` or `MYSQL_USER_FILE`!
-
-```console
-podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -v ./.MYSQL_USER:/run/secrets/MYSQL_USER -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -v ./.MYSQL_PASSWORD:/run/secrets/MYSQL_PASSWORD -e MYSQL_PASSWORD_FILE=/var/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
-```
-
-With Docker Swarm or Kubernetes this works with secrets. That way it is replicated in your cluster!
-
-```console
-printf "zabbix" | docker secret create MYSQL_USER -
-printf "zabbix" | docker secret create MYSQL_PASSWORD -
-podman run --name some-zabbix-server-mysql -e DB_SERVER_HOST="some-mysql-server" -e MYSQL_USER_FILE=/run/secrets/MYSQL_USER -e MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD -d zabbix/zabbix-server-mysql:tag
-```
-
-This method is also applicable for `MYSQL_ROOT_PASSWORD` with `MYSQL_ROOT_PASSWORD_FILE`.
-
-By default, values for `MYSQL_USER` and `MYSQL_PASSWORD` are `zabbix`, `zabbix`.
-
-### `MYSQL_DATABASE`
-
-The variable is Zabbix database name. By default, value is `zabbix`.
-
-### `ZBX_LOADMODULE`
-
-The variable is list of comma separated loadable Zabbix modules. It works with  volume ``/var/lib/zabbix/modules``. The syntax of the variable is ``dummy1.so,dummy2.so``.
-
-### `ZBX_DEBUGLEVEL`
-
-The variable is used to specify debug level. By default, value is ``3``. It is ``DebugLevel`` parameter in ``zabbix_server.conf``. Allowed values are listed below:
-- ``0`` - basic information about starting and stopping of Zabbix processes;
-- ``1`` - critical information
-- ``2`` - error information
-- ``3`` - warnings
-- ``4`` - for debugging (produces lots of information)
-- ``5`` - extended debugging (produces even more information)
-
-### `ZBX_TIMEOUT`
-
-The variable is used to specify timeout for processing checks. By default, value is ``4``.
-
-### `ZBX_JAVAGATEWAY_ENABLE`
-
-The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is `false`.
-
-### Other variables
-
-Additionally the image allows to specify many other environment variables listed below:
-
-```
-ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
-ZBX_DBTLSCONNECT= # Available since 5.0.0
-ZBX_DBTLSCAFILE= # Available since 5.0.0
-ZBX_DBTLSCERTFILE= # Available since 5.0.0
-ZBX_DBTLSKEYFILE= # Available since 5.0.0
-ZBX_DBTLSCIPHER= # Available since 5.0.0
-ZBX_DBTLSCIPHER13= # Available since 5.0.0
-ZBX_VAULTDBPATH= # Available since 5.2.0
-ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
-VAULT_TOKEN= # Available since 5.2.0
-ZBX_LISTENIP=
-ZBX_LISTENPORT=10051
-ZBX_LISTENBACKLOG=
-ZBX_STARTREPORTWRITERS=0 # Available since 5.4.0
-ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # Available since 5.4.0
-ZBX_SERVICEMANAGERSYNCFREQUENCY=60 # Available since 6.0.0
-ZBX_HISTORYSTORAGEURL= # Available since 3.4.0
-ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0
-ZBX_STARTPOLLERS=5
-ZBX_IPMIPOLLERS=0
-ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
-ZBX_STARTCONNECTORS=0 # Available since 6.4.0
-ZBX_STARTPOLLERSUNREACHABLE=1
-ZBX_STARTTRAPPERS=5
-ZBX_STARTPINGERS=1
-ZBX_STARTDISCOVERERS=1
-ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0
-ZBX_STARTHTTPPOLLERS=1
-ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
-ZBX_STARTTIMERS=1
-ZBX_STARTESCALATORS=1
-ZBX_STARTALERTERS=3 # Available since 3.4.0
-ZBX_JAVAGATEWAY=zabbix-java-gateway
-ZBX_JAVAGATEWAYPORT=10052
-ZBX_STARTJAVAPOLLERS=5
-ZBX_STARTLLDPROCESSORS=2 # Available since 4.2.0
-ZBX_STATSALLOWEDIP= # Available since 4.0.5
-ZBX_STARTVMWARECOLLECTORS=0
-ZBX_VMWAREFREQUENCY=60
-ZBX_VMWAREPERFFREQUENCY=60
-ZBX_VMWARECACHESIZE=8M
-ZBX_VMWARETIMEOUT=10
-ZBX_ENABLE_SNMP_TRAPS=false
-ZBX_SOURCEIP=
-ZBX_HOUSEKEEPINGFREQUENCY=1
-ZBX_MAXHOUSEKEEPERDELETE=5000
-ZBX_PROBLEMHOUSEKEEPINGFREQUENCY=60 # Available since 6.0.0
-ZBX_SENDERFREQUENCY=30 # Depcrecated since 3.4.0
-ZBX_CACHESIZE=8M
-ZBX_CACHEUPDATEFREQUENCY=10
-ZBX_STARTDBSYNCERS=4
-ZBX_EXPORTFILESIZE=1G # Available since 4.0.0
-ZBX_EXPORTTYPE= # Available since 5.0.10 and 5.2.6
-ZBX_AUTOHANODENAME=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
-ZBX_HANODENAME= # Available since 6.0.0
-ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
-ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
-ZBX_NODEADDRESS=localhost # Available since 6.0.0
-ZBX_HISTORYCACHESIZE=16M
-ZBX_HISTORYINDEXCACHESIZE=4M
-ZBX_HISTORYSTORAGEDATEINDEX=0 # Available since 4.0.0
-ZBX_TRENDCACHESIZE=4M
-ZBX_TRENDFUNCTIONCACHESIZE=4M
-ZBX_VALUECACHESIZE=8M
-ZBX_TRAPPERTIMEOUT=300
-ZBX_UNREACHABLEPERIOD=45
-ZBX_UNAVAILABLEDELAY=60
-ZBX_UNREACHABLEDELAY=15
-ZBX_LOGSLOWQUERIES=3000
-ZBX_STARTPROXYPOLLERS=1
-ZBX_PROXYCONFIGFREQUENCY=10
-ZBX_PROXYDATAFREQUENCY=1
-ZBX_TLSCAFILE=
-ZBX_TLSCRLFILE=
-ZBX_TLSCERTFILE=
-ZBX_TLSKEYFILE=
-ZBX_TLSCIPHERALL= # Available since 4.4.7
-ZBX_TLSCIPHERALL13= # Available since 4.4.7
-ZBX_TLSCIPHERCERT= # Available since 4.4.7
-ZBX_TLSCIPHERCERT13= # Available since 4.4.7
-ZBX_TLSCIPHERPSK= # Available since 4.4.7
-ZBX_TLSCIPHERPSK13= # Available since 4.4.7
-
-```
-
-Default values of these variables are specified after equal sign.
-
-The allowed variables are identical of parameters in official ``zabbix_server.conf``. For example, ``ZBX_LOGSLOWQUERIES`` = ``LogSlowQueries``.
-
-Please use official documentation for [``zabbix_server.conf``](https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server) to get more information about the variables.
-
-## Allowed volumes for the Zabbix server container
-
-### ``/usr/lib/zabbix/alertscripts``
-
-The volume is used for custom alert scripts. It is `AlertScriptsPath` parameter in ``zabbix_server.conf``.
-
-### ``/usr/lib/zabbix/externalscripts``
-
-The volume is used by External checks (type of items). It is `ExternalScripts` parameter in ``zabbix_server.conf``.
-
-### ``/var/lib/zabbix/modules``
-
-The volume allows load additional modules and extend Zabbix server using ``LoadModule`` feature.
-
-### ``/var/lib/zabbix/enc``
-
-The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCRLFILE``, ``ZBX_TLSKEY_FILE`` and ``ZBX_TLSPSKFILE`` variables.
-
-### ``/var/lib/zabbix/ssh_keys``
-
-The volume is used as location of public and private keys for SSH checks and actions. It is `SSHKeyLocation` parameter in ``zabbix_server.conf``.
-
-### ``/var/lib/zabbix/ssl/certs``
-
-The volume is used as location of of SSL client certificate files for client authentication. It is `SSLCertLocation` parameter in ``zabbix_server.conf``.
-
-### ``/var/lib/zabbix/ssl/keys``
-
-The volume is used as location of SSL private key files for client authentication. It is `SSLKeyLocation` parameter in ``zabbix_server.conf``.
-
-### ``/var/lib/zabbix/ssl/ssl_ca``
-
-The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is `SSLCALocation` parameter in ``zabbix_server.conf``.
-
-### ``/var/lib/zabbix/snmptraps``
-
-The volume is used as location of ``snmptraps.log`` file. It could be shared by ``zabbix-snmptraps`` container and inherited using `volumes_from` Podman option while creating new instance of Zabbix server.
-SNMP traps processing feature could be enabled using shared volume and switched ``ZBX_ENABLE_SNMP_TRAPS`` environment variable to `true`.
-
-### ``/var/lib/zabbix/mibs``
-
-The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to ``/var/lib/zabbix/mibs``.
-
-### ``/var/lib/zabbix/export``
-
-Directory for real-time export of events, history and trends in newline-delimited JSON format. Could be enabled using ``ZBX_EXPORTFILESIZE`` environment variable.
-
-# User Feedback
-
-## Documentation
-
-Documentation for this image is stored in the [`server-mysql/` directory](https://github.com/zabbix/zabbix-docker/tree/6.4/Dockerfiles/server-mysql/rhel/) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/6.4/README.md) before attempting a pull request.
-
-## Issues
-
-If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues).
-
-### Known issues
-
-## Contributing
-
-You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.
-
-Before you start to code, we recommend discussing your plans through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
diff --git a/Dockerfiles/snmptraps/rhel/README.md b/Dockerfiles/snmptraps/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/snmptraps/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/web-nginx-mysql/rhel/README.md b/Dockerfiles/web-nginx-mysql/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/web-nginx-mysql/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file
diff --git a/Dockerfiles/web-service/rhel/README.md b/Dockerfiles/web-service/rhel/README.md
deleted file mode 120000
index 32d46ee88..000000000
--- a/Dockerfiles/web-service/rhel/README.md
+++ /dev/null
@@ -1 +0,0 @@
-../README.md
\ No newline at end of file

From 43593940c5c60542bf2bc526a78d3c58632ff902 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov 
Date: Wed, 21 Feb 2024 15:35:26 +0900
Subject: [PATCH 53/54] Updated documentation and prepared documentation for
 RHEL

---
 .github/workflows/rhel_registry_description.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/rhel_registry_description.yml b/.github/workflows/rhel_registry_description.yml
index 863928f28..9349683bb 100644
--- a/.github/workflows/rhel_registry_description.yml
+++ b/.github/workflows/rhel_registry_description.yml
@@ -5,8 +5,9 @@ on:
     branches:
       - '[0-9]+.[0-9]+'
     paths:
-      - 'Dockerfiles/*/*/README.html'
-      - 'Dockerfiles/*/*/README.md'
+      - 'Dockerfiles/*/rhel/README.html'
+      - 'Dockerfiles/*/README.md'
+      - 'Dockerfiles/*/rhel/README.md'
       - '.github/workflows/rhel_registry_description.yml'
   workflow_dispatch:
 

From e7d3dbe7ac1967e6bde8435a0343c35511458089 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov 
Date: Wed, 21 Feb 2024 15:38:35 +0900
Subject: [PATCH 54/54] Updated documentation and prepared documentation for
 RHEL

---
 Dockerfiles/build-base/rhel/README.md    | 1 +
 Dockerfiles/build-mysql/rhel/README.md   | 1 +
 Dockerfiles/build-sqlite3/rhel/README.md | 1 +
 3 files changed, 3 insertions(+)
 create mode 120000 Dockerfiles/build-base/rhel/README.md
 create mode 120000 Dockerfiles/build-mysql/rhel/README.md
 create mode 120000 Dockerfiles/build-sqlite3/rhel/README.md

diff --git a/Dockerfiles/build-base/rhel/README.md b/Dockerfiles/build-base/rhel/README.md
new file mode 120000
index 000000000..32d46ee88
--- /dev/null
+++ b/Dockerfiles/build-base/rhel/README.md
@@ -0,0 +1 @@
+../README.md
\ No newline at end of file
diff --git a/Dockerfiles/build-mysql/rhel/README.md b/Dockerfiles/build-mysql/rhel/README.md
new file mode 120000
index 000000000..32d46ee88
--- /dev/null
+++ b/Dockerfiles/build-mysql/rhel/README.md
@@ -0,0 +1 @@
+../README.md
\ No newline at end of file
diff --git a/Dockerfiles/build-sqlite3/rhel/README.md b/Dockerfiles/build-sqlite3/rhel/README.md
new file mode 120000
index 000000000..32d46ee88
--- /dev/null
+++ b/Dockerfiles/build-sqlite3/rhel/README.md
@@ -0,0 +1 @@
+../README.md
\ No newline at end of file