From 461d07fa5acdc018128cc9eaea9a1b203f588edf Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Wed, 5 Aug 2020 17:21:01 -0400
Subject: [PATCH] Updated Zabbix agent2 information and allowed params

---
 agent2/alpine/Dockerfile           |  4 ++--
 agent2/alpine/README.md            | 19 +++++++++++++----
 agent2/alpine/docker-entrypoint.sh | 33 +++++++++++++++++++++++++++---
 3 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/agent2/alpine/Dockerfile b/agent2/alpine/Dockerfile
index c376f8a5d..d06176a81 100644
--- a/agent2/alpine/Dockerfile
+++ b/agent2/alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.11
+FROM alpine:3.12
 
 LABEL org.opencontainers.image.title="Zabbix agent 2" \
       org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@@ -84,7 +84,7 @@ RUN set -eux && \
             build-dependencies && \
     rm -rf /var/cache/apk/*
 
-EXPOSE 10050/TCP
+EXPOSE 10050/TCP 31999/TCP
 
 WORKDIR /var/lib/zabbix
 
diff --git a/agent2/alpine/README.md b/agent2/alpine/README.md
index 9e66e89c5..2df5ed256 100644
--- a/agent2/alpine/README.md
+++ b/agent2/alpine/README.md
@@ -14,11 +14,13 @@ Zabbix agent 2 is deployed on a monitoring target to actively monitor local reso
 
 # Zabbix agent 2 images
 
-These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.10 images. The available versions of Zabbix agent 2 are:
+These are the only official Zabbix agent 2 Docker images. They are based on Alpine Linux v3.12 images. The available versions of Zabbix agent 2 are:
 
-    Zabbix agent 2 4.4 (tags: alpine-4.4-latest, alpine-latest, latest)
+    Zabbix agent 2 4.4 (tags: alpine-4.4-latest, alpine-latest, latest) (unsupported)
     Zabbix agent 2 4.4.* (tags: alpine-4.4.*)
-    Zabbix agent 2 5.0 (tags: alpine-trunk)
+    Zabbix agent 2 5.0 (tags: alpine-5.0-latest)
+    Zabbix agent 2 5.0.* (tags: alpine-5.0.*)
+    Zabbix agent 2 5.2 (tags: alpine-trunk)
 
 Images are updated when new releases are published. The image with ``latest`` tag is based on Alpine Linux.
 
@@ -124,8 +126,11 @@ The variable is used to specify timeout for processing checks. By default, value
 Additionally the image allows to specify many other environment variables listed below:
 
 ```
+ZBX_ENABLEPERSISTENTBUFFER=false # Available since 5.0.0
+ZBX_PERSISTENTBUFFERPERIOD=1h # Available since 5.0.0
+ZBX_ENABLESTATUSPORT=
 ZBX_SOURCEIP=
-ZBX_ENABLEREMOTECOMMANDS=0
+ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
 ZBX_LOGREMOTECOMMANDS=0
 ZBX_STARTAGENTS=3
 ZBX_HOSTNAMEITEM=system.hostname
@@ -147,6 +152,8 @@ ZBX_TLSCERTFILE=
 ZBX_TLSKEYFILE=
 ZBX_TLSPSKIDENTITY=
 ZBX_TLSPSKFILE=
+ZBX_DENYKEY=system.run[*] # Available since 5.0.0
+ZBX_ALLOWKEY= # Available since 5.0.0
 ```
 
 Default values of these variables are specified after equal sign.
@@ -169,6 +176,10 @@ The volume allows load additional modules and extend Zabbix agent 2 using ``Load
 
 The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCRLFILE``, ``ZBX_TLSKEY_FILE`` and ``ZBX_TLSPSKFILE`` variables.
 
+### ``/var/lib/zabbix/buffer``
+
+The volume is used to store the file, where Zabbix Agent2 should keep SQLite database. To enable the feature specify ``ZBX_ENABLEPERSISTENTBUFFER=true``. Available since 5.0.0.
+
 # The image variants
 
 The `zabbix-agent2` images come in many flavors, each designed for a specific use case.
diff --git a/agent2/alpine/docker-entrypoint.sh b/agent2/alpine/docker-entrypoint.sh
index 45aa51a94..0646d101c 100755
--- a/agent2/alpine/docker-entrypoint.sh
+++ b/agent2/alpine/docker-entrypoint.sh
@@ -76,8 +76,9 @@ update_config_var() {
         var_value=$ZABBIX_USER_HOME_DIR/enc/$var_value
     fi
 
-    # Escaping characters in parameter value
+    # Escaping characters in parameter value and name
     var_value=$(escape_spec_char "$var_value")
+    var_name=$(escape_spec_char "$var_name")
 
     if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
         sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
@@ -85,9 +86,12 @@ update_config_var() {
     elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
         sed -i -e  "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
         echo "added first occurrence"
-    else
+    elif [ "$(grep -Ec "^[#;] $var_name=" $config_path)" -gt 0 ]; then
         sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
         echo "added"
+    else
+        sed -i -e '$a\' -e "$var_name=$var_value" "$config_path"
+        echo "added at the end"
     fi
 
 }
@@ -129,7 +133,6 @@ prepare_zbx_agent_config() {
     update_config_var $ZBX_AGENT_CONFIG "LogFileSize"
     update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
     update_config_var $ZBX_AGENT_CONFIG "SourceIP"
-    update_config_var $ZBX_AGENT_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
     update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
 
     : ${ZBX_PASSIVE_ALLOW:="true"}
@@ -152,6 +155,21 @@ prepare_zbx_agent_config() {
         update_config_var $ZBX_AGENT_CONFIG "ServerActive"
     fi
 
+    if [ "$ZBX_ENABLESTATUSPORT" == "true" ]; then
+        update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1"
+        update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/"
+        update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}"
+    else
+        update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0"
+    fi
+
+    if [ "$ZBX_ENABLESTATUSPORT" == "true" ]; then
+        update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999"
+    fi
+
+    update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}"
+    update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}"
+
     update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}"
     update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
     update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}"
@@ -174,10 +192,19 @@ prepare_zbx_agent_config() {
     update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
     update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
     update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
+    update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
     update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}"
     update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
     update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}"
 
+    update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}"
+    update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}"
+
     if [ "$(id -u)" != '0' ]; then
         update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)"
     else