This commit is contained in:
Alexey Pustovalov 2020-08-27 12:57:37 -04:00
commit 51804ec236
4 changed files with 88 additions and 63 deletions

View File

@ -33,7 +33,7 @@ RUN set -eux && \
mkdir -p /usr/lib/zabbix/externalscripts && \ mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /usr/share/doc/zabbix-server-postgresql && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \
dnf --quiet makecache && \ dnf --quiet makecache && \
dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/7/x86_64/fping-3.10-1.el7.x86_64.rpm && \ dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \
dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
iputils \ iputils \
traceroute \ traceroute \
@ -81,7 +81,7 @@ LABEL org.opencontainers.image.documentation="https://www.zabbix.com/documentati
RUN set -eux && \ RUN set -eux && \
sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \ sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/CentOS-PowerTools.repo && \
dnf --quiet makecache && \ dnf --quiet makecache && \
dnf -y install -setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
autoconf \ autoconf \
automake \ automake \
gcc \ gcc \

View File

@ -203,7 +203,6 @@ RUN set -eux && REPOLIST="rhel-8-for-x86_64-baseos-rpms,rhel-8-for-x86_64-appstr
chgrp -R 0 /var/lib/mysql/ /var/lib/php/session/ && \ chgrp -R 0 /var/lib/mysql/ /var/lib/php/session/ && \
chmod -R g=u /var/lib/mysql/ /var/lib/php/session/ && \ chmod -R g=u /var/lib/mysql/ /var/lib/php/session/ && \
dnf -y history undo `dnf history list last -q | sed -n 3p |column -t | cut -d' ' -f1` && \ dnf -y history undo `dnf history list last -q | sed -n 3p |column -t | cut -d' ' -f1` && \
dnf -y erase glibc-locale-source glibc-langpack-en && \
dnf -y clean all && \ dnf -y clean all && \
rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \
rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki rm -rf /var/cache/dnf /etc/udev/hwdb.bin /root/.pki

View File

@ -2,7 +2,7 @@
nodaemon = true nodaemon = true
[program:mysqld] [program:mysqld]
command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=zabbix --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --character-set-server=utf8 --collation-server=utf8_bin --console
;user = zabbix ;user = zabbix
auto_start = true auto_start = true
autorestart = true autorestart = true

View File

@ -16,6 +16,10 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default MySQL instance location
: ${DB_SERVER_HOST:="localhost"}
: ${DB_SERVER_PORT:="3306"}
# Default directories # Default directories
# User 'zabbix' home directory # User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
@ -55,49 +59,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
configure_db_mysql() {
[ "${DB_SERVER_HOST}" != "localhost" ] && return
echo "** Configuring local MySQL server"
MYSQL_ALLOW_EMPTY_PASSWORD=true
MYSQL_DATA_DIR="/var/lib/mysql"
MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf"
DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock"
MYSQLD=/usr/libexec/mysqld
sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE"
if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then
[ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR"
echo "** Installing initial MySQL database schemas"
mysql_install_db --datadir="$MYSQL_DATA_DIR" 2>&1
else
echo "**** MySQL data directory is not empty. Using already existing installation."
fi
echo "** Starting MySQL server in background mode"
if [ "$(id -u)" == '0' ]; then
mysql_user="--user=zabbix"
fi
nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \
--log-output=none --pid-file=/var/lib/mysql/mysqld.pid \
--port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user &
}
prepare_system() {
echo "** Preparing the system"
DB_SERVER_HOST=${DB_SERVER_HOST:-"localhost"}
configure_db_mysql
}
escape_spec_char() { escape_spec_char() {
local var_value=$1 local var_value=$1
@ -121,12 +82,18 @@ update_config_var() {
local var_value=$3 local var_value=$3
local is_multiple=$4 local is_multiple=$4
local masklist=("DBPassword TLSPSKIdentity")
if [ ! -f "$config_path" ]; then if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist" echo "**** Configuration file '$config_path' does not exist"
return return
fi fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " if [[ " ${masklist[@]} " =~ " $var_name " ]] && [ ! -z "$var_value" ]; then
echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..."
else
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..."
fi
# Remove configuration parameter definition in case of unset parameter value # Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then if [ -z "$var_value" ]; then
@ -180,18 +147,60 @@ update_config_multiple_var() {
done done
} }
configure_db_mysql() {
[ "${DB_SERVER_HOST}" != "localhost" ] && return
echo "** Configuring local MySQL server"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
echo "**** Encryption with local MySQL instance is not supported"
unset ZBX_DBTLSCONNECT
fi
MYSQL_ALLOW_EMPTY_PASSWORD=true
MYSQL_DATA_DIR="/var/lib/mysql"
MYSQL_CONF_FILE="/etc/my.cnf.d/mariadb-server.cnf"
DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock"
MYSQLD=/usr/libexec/mysqld
if [ "$(id -u)" == '0' ]; then
mysql_user="--user=zabbix"
fi
sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE"
if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then
[ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR"
echo "** Installing initial MySQL database schemas"
mysql_install_db $mysql_user --datadir="$MYSQL_DATA_DIR" 1>/dev/null
else
echo "**** MySQL data directory is not empty. Using already existing installation."
fi
echo "** Starting MySQL server in background mode"
nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \
--log-output=none --pid-file=/var/lib/mysql/mysqld.pid \
--port=3306 --character-set-server=utf8 --collation-server=utf8_bin $mysql_user &
}
prepare_system() {
echo "** Preparing the system"
configure_db_mysql
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables_mysql() { check_variables_mysql() {
DB_SERVER_HOST=${DB_SERVER_HOST:-"mysql-server"}
DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"}
USE_DB_ROOT_USER=false USE_DB_ROOT_USER=false
CREATE_ZBX_DB_USER=false CREATE_ZBX_DB_USER=false
file_env MYSQL_USER file_env MYSQL_USER
file_env MYSQL_PASSWORD file_env MYSQL_PASSWORD
if [ "$type" != "" ]; then file_env MYSQL_ROOT_PASSWORD
file_env MYSQL_ROOT_PASSWORD
fi
if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then
echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password"
@ -212,7 +221,7 @@ check_variables_mysql() {
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
# If root password is not specified use provided credentials # If root password is not specified use provided credentials
DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}} : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
@ -232,14 +241,16 @@ check_db_connect() {
fi fi
echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
echo "********************"
fi fi
echo "********************" echo "********************"
WAIT_TIMEOUT=5 WAIT_TIMEOUT=5
if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi fi
while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \
@ -254,7 +265,10 @@ mysql_query() {
local result="" local result=""
if [ -n "${ZBX_DBTLSCONNECT}" ]; then if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi fi
result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \
@ -304,7 +318,10 @@ create_db_schema_mysql() {
echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then if [ -n "${ZBX_DBTLSCONNECT}" ]; then
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" if [ "${ZBX_DBTLSCONNECT}" != "required" ]; then
verify_cert="--ssl-verify-server-cert"
fi
ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE} $verify_cert"
fi fi
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \
@ -338,17 +355,16 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
fi fi
if [ -d "/var/log/nginx/" ]; then
ln -sf /dev/fd/2 /var/log/nginx/error.log
fi
} }
stop_databases() { stop_databases() {
if [ "${DB_SERVER_HOST}" == "localhost" ]; then if [ "${DB_SERVER_HOST}" == "localhost" ]; then
echo "** Stopping MySQL instance after initial configuration"
mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null
kill -TERM $(cat /var/lib/mysql/mysqld.pid) kill -TERM $(cat /var/lib/mysql/mysqld.pid)
else
rm -f /etc/supervisor/conf.d/supervisord_mysql.conf
fi fi
} }
@ -480,6 +496,12 @@ update_zbx_config() {
update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}"
update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
@ -526,6 +548,10 @@ prepare_zbx_web_config() {
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \ sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \