mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-11-29 03:03:10 +01:00
:Merge branch '5.0' of https://github.com/zabbix/zabbix-docker into 5.0
This commit is contained in:
commit
51804ec236
@ -33,7 +33,7 @@ RUN set -eux && \
|
|||||||
mkdir -p /usr/lib/zabbix/externalscripts && \
|
mkdir -p /usr/lib/zabbix/externalscripts && \
|
||||||
mkdir -p /usr/share/doc/zabbix-server-postgresql && \
|
mkdir -p /usr/share/doc/zabbix-server-postgresql && \
|
||||||
dnf --quiet makecache && \
|
dnf --quiet makecache && \
|
||||||
dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/7/x86_64/fping-3.10-1.el7.x86_64.rpm && \
|
dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \
|
||||||
dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
|
dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
|
||||||
iputils \
|
iputils \
|
||||||
traceroute \
|
traceroute \
|
||||||
@ -81,7 +81,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati
|
|||||||
RUN set -eux && \
|
RUN set -eux && \
|
||||||
sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \
|
sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \
|
||||||
dnf --quiet makecache && \
|
dnf --quiet makecache && \
|
||||||
dnf -y install -setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
|
dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
|
||||||
autoconf \
|
autoconf \
|
||||||
automake \
|
automake \
|
||||||
gcc \
|
gcc \
|
||||||
|
@ -203,7 +203,6 @@ RUN set -eux && REPOLIST="rhel-8-for-x86_64-baseos-rpms,rhel-8-for-x86_64-appstr
|
|||||||
chgrp -R 0 /var/lib/mysql/ /var/lib/php/session/ && \
|
chgrp -R 0 /var/lib/mysql/ /var/lib/php/session/ && \
|
||||||
chmod -R g=u /var/lib/mysql/ /var/lib/php/session/ && \
|
chmod -R g=u /var/lib/mysql/ /var/lib/php/session/ && \
|
||||||
dnf -y history undo `dnf history list last -q | sed -n 3p |column -t | cut -d' ' -f1` && \
|
dnf -y history undo `dnf history list last -q | sed -n 3p |column -t | cut -d' ' -f1` && \
|
||||||
dnf -y erase glibc-locale-source glibc-langpack-en && \
|
|
||||||
dnf -y clean all && \
|
dnf -y clean all && \
|
||||||
rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \
|
rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \
|
||||||
rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki
|
rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
nodaemon = true
|
nodaemon = true
|
||||||
|
|
||||||
[program:mysqld]
|
[program:mysqld]
|
||||||
command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console
|
command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=zabbix --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console
|
||||||
;user = zabbix
|
;user = zabbix
|
||||||
auto_start = true
|
auto_start = true
|
||||||
autorestart = true
|
autorestart = true
|
||||||
|
@ -16,6 +16,10 @@ fi
|
|||||||
# Default timezone for web interface
|
# Default timezone for web interface
|
||||||
: ${PHP_TZ:="Europe/Riga"}
|
: ${PHP_TZ:="Europe/Riga"}
|
||||||
|
|
||||||
|
# Default MySQL instance location
|
||||||
|
: ${DB_SERVER_HOST:="localhost"}
|
||||||
|
: ${DB_SERVER_PORT:="3306"}
|
||||||
|
|
||||||
# Default directories
|
# Default directories
|
||||||
# User 'zabbix' home directory
|
# User 'zabbix' home directory
|
||||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
|
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
|
||||||
@ -55,49 +59,6 @@ file_env() {
|
|||||||
unset "$fileVar"
|
unset "$fileVar"
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_db_mysql() {
|
|
||||||
[ "${DB_SERVER_HOST}" != "localhost" ] && return
|
|
||||||
|
|
||||||
echo "** Configuring local MySQL server"
|
|
||||||
|
|
||||||
MYSQL_ALLOW_EMPTY_PASSWORD=true
|
|
||||||
MYSQL_DATA_DIR="/var/lib/mysql"
|
|
||||||
|
|
||||||
MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf"
|
|
||||||
DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock"
|
|
||||||
|
|
||||||
MYSQLD=/usr/libexec/mysqld
|
|
||||||
|
|
||||||
sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE"
|
|
||||||
|
|
||||||
if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then
|
|
||||||
[ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR"
|
|
||||||
|
|
||||||
echo "** Installing initial MySQL database schemas"
|
|
||||||
mysql_install_db --datadir="$MYSQL_DATA_DIR" 2>&1
|
|
||||||
else
|
|
||||||
echo "**** MySQL data directory is not empty. Using already existing installation."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "** Starting MySQL server in background mode"
|
|
||||||
|
|
||||||
if [ "$(id -u)" == '0' ]; then
|
|
||||||
mysql_user="--user=zabbix"
|
|
||||||
fi
|
|
||||||
|
|
||||||
nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \
|
|
||||||
--log-output=none --pid-file=/var/lib/mysql/mysqld.pid \
|
|
||||||
--port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user &
|
|
||||||
}
|
|
||||||
|
|
||||||
prepare_system() {
|
|
||||||
echo "** Preparing the system"
|
|
||||||
|
|
||||||
DB_SERVER_HOST=${DB_SERVER_HOST:-"localhost"}
|
|
||||||
|
|
||||||
configure_db_mysql
|
|
||||||
}
|
|
||||||
|
|
||||||
escape_spec_char() {
|
escape_spec_char() {
|
||||||
local var_value=$1
|
local var_value=$1
|
||||||
|
|
||||||
@ -121,12 +82,18 @@ update_config_var() {
|
|||||||
local var_value=$3
|
local var_value=$3
|
||||||
local is_multiple=$4
|
local is_multiple=$4
|
||||||
|
|
||||||
|
local masklist=("DBPassword TLSPSKIdentity")
|
||||||
|
|
||||||
if [ ! -f "$config_path" ]; then
|
if [ ! -f "$config_path" ]; then
|
||||||
echo "**** Configuration file '$config_path' does not exist"
|
echo "**** Configuration file '$config_path' does not exist"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
if [[ " ${masklist[@]} " =~ " $var_name " ]] && [ ! -z "$var_value" ]; then
|
||||||
|
echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..."
|
||||||
|
else
|
||||||
|
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..."
|
||||||
|
fi
|
||||||
|
|
||||||
# Remove configuration parameter definition in case of unset parameter value
|
# Remove configuration parameter definition in case of unset parameter value
|
||||||
if [ -z "$var_value" ]; then
|
if [ -z "$var_value" ]; then
|
||||||
@ -180,18 +147,60 @@ update_config_multiple_var() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
configure_db_mysql() {
|
||||||
|
[ "${DB_SERVER_HOST}" != "localhost" ] && return
|
||||||
|
|
||||||
|
echo "** Configuring local MySQL server"
|
||||||
|
|
||||||
|
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
||||||
|
echo "**** Encryption with local MySQL instance is not supported"
|
||||||
|
unset ZBX_DBTLSCONNECT
|
||||||
|
fi
|
||||||
|
|
||||||
|
MYSQL_ALLOW_EMPTY_PASSWORD=true
|
||||||
|
MYSQL_DATA_DIR="/var/lib/mysql"
|
||||||
|
|
||||||
|
MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf"
|
||||||
|
DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock"
|
||||||
|
|
||||||
|
MYSQLD=/usr/libexec/mysqld
|
||||||
|
|
||||||
|
if [ "$(id -u)" == '0' ]; then
|
||||||
|
mysql_user="--user=zabbix"
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE"
|
||||||
|
|
||||||
|
if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then
|
||||||
|
[ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR"
|
||||||
|
|
||||||
|
echo "** Installing initial MySQL database schemas"
|
||||||
|
mysql_install_db $mysql_user --datadir="$MYSQL_DATA_DIR" 1>/dev/null
|
||||||
|
else
|
||||||
|
echo "**** MySQL data directory is not empty. Using already existing installation."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "** Starting MySQL server in background mode"
|
||||||
|
|
||||||
|
nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \
|
||||||
|
--log-output=none --pid-file=/var/lib/mysql/mysqld.pid \
|
||||||
|
--port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user &
|
||||||
|
}
|
||||||
|
|
||||||
|
prepare_system() {
|
||||||
|
echo "** Preparing the system"
|
||||||
|
|
||||||
|
configure_db_mysql
|
||||||
|
}
|
||||||
|
|
||||||
# Check prerequisites for MySQL database
|
# Check prerequisites for MySQL database
|
||||||
check_variables_mysql() {
|
check_variables_mysql() {
|
||||||
DB_SERVER_HOST=${DB_SERVER_HOST:-"mysql-server"}
|
|
||||||
DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"}
|
|
||||||
USE_DB_ROOT_USER=false
|
USE_DB_ROOT_USER=false
|
||||||
CREATE_ZBX_DB_USER=false
|
CREATE_ZBX_DB_USER=false
|
||||||
file_env MYSQL_USER
|
file_env MYSQL_USER
|
||||||
file_env MYSQL_PASSWORD
|
file_env MYSQL_PASSWORD
|
||||||
|
|
||||||
if [ "$type" != "" ]; then
|
file_env MYSQL_ROOT_PASSWORD
|
||||||
file_env MYSQL_ROOT_PASSWORD
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then
|
if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then
|
||||||
echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password"
|
echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password"
|
||||||
@ -212,7 +221,7 @@ check_variables_mysql() {
|
|||||||
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
|
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
|
||||||
|
|
||||||
# If root password is not specified use provided credentials
|
# If root password is not specified use provided credentials
|
||||||
DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}}
|
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
|
||||||
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
|
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
|
||||||
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
|
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
|
||||||
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
|
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
|
||||||
@ -232,14 +241,16 @@ check_db_connect() {
|
|||||||
fi
|
fi
|
||||||
echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
|
echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
|
||||||
echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
|
echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
|
||||||
echo "********************"
|
|
||||||
fi
|
fi
|
||||||
echo "********************"
|
echo "********************"
|
||||||
|
|
||||||
WAIT_TIMEOUT=5
|
WAIT_TIMEOUT=5
|
||||||
|
|
||||||
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then
|
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
||||||
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}"
|
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
|
||||||
|
verify_cert="--ssl-verify-server-cert"
|
||||||
|
fi
|
||||||
|
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
|
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
|
||||||
@ -254,7 +265,10 @@ mysql_query() {
|
|||||||
local result=""
|
local result=""
|
||||||
|
|
||||||
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
||||||
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
|
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
|
||||||
|
verify_cert="--ssl-verify-server-cert"
|
||||||
|
fi
|
||||||
|
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
|
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
|
||||||
@ -304,7 +318,10 @@ create_db_schema_mysql() {
|
|||||||
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
|
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
|
||||||
|
|
||||||
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
|
||||||
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}"
|
if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
|
||||||
|
verify_cert="--ssl-verify-server-cert"
|
||||||
|
fi
|
||||||
|
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
|
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
|
||||||
@ -338,17 +355,16 @@ prepare_web_server() {
|
|||||||
else
|
else
|
||||||
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
|
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d "/var/log/nginx/" ]; then
|
|
||||||
ln -sf /dev/fd/2 /var/log/nginx/error.log
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
stop_databases() {
|
stop_databases() {
|
||||||
if [ "${DB_SERVER_HOST}" == "localhost" ]; then
|
if [ "${DB_SERVER_HOST}" == "localhost" ]; then
|
||||||
|
echo "** Stopping MySQL instance after initial configuration"
|
||||||
mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null
|
mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null
|
||||||
|
|
||||||
kill -TERM $(cat /var/lib/mysql/mysqld.pid)
|
kill -TERM $(cat /var/lib/mysql/mysqld.pid)
|
||||||
|
else
|
||||||
|
rm -f /etc/supervisor/conf.d/supervisord_mysql.conf
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -480,6 +496,12 @@ update_zbx_config() {
|
|||||||
update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}"
|
update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}"
|
||||||
|
|
||||||
update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}"
|
update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
|
||||||
|
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
|
||||||
update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}"
|
update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}"
|
||||||
|
|
||||||
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
|
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
|
||||||
@ -526,6 +548,10 @@ prepare_zbx_web_config() {
|
|||||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||||
|
|
||||||
|
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||||
|
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||||
|
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||||
|
|
||||||
sed -i \
|
sed -i \
|
||||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||||
|
Loading…
Reference in New Issue
Block a user