diff --git a/zabbix-appliance/rhel/.dockerignore b/zabbix-appliance/rhel/.dockerignore new file mode 100644 index 000000000..88a84e55a --- /dev/null +++ b/zabbix-appliance/rhel/.dockerignore @@ -0,0 +1 @@ +build.sh diff --git a/zabbix-appliance/rhel/Dockerfile b/zabbix-appliance/rhel/Dockerfile new file mode 100644 index 000000000..ce1e94a72 --- /dev/null +++ b/zabbix-appliance/rhel/Dockerfile @@ -0,0 +1,224 @@ +FROM registry.access.redhat.com/rhel7 +MAINTAINER Alexey Pustovalov + +ARG YUM_FLAGS_COMMON="--quiet -y" +ARG YUM_FLAGS_PERSISTANT="${YUM_FLAGS_COMMON}" +ARG YUM_FLAGS_DEV="${YUM_FLAGS_COMMON}" +ENV TERM=xterm MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + ZBX_TYPE=server ZBX_DB_TYPE=mysql ZBX_OPT_TYPE=nginx \ + MYSQL_ALLOW_EMPTY_PASSWORD=true ZBX_ADD_SERVER=true ZBX_ADD_WEB=true DB_SERVER_HOST=localhost MYSQL_USER=zabbix ZBX_ADD_JAVA_GATEWAY=true ZBX_JAVAGATEWAY_ENABLE=true ZBX_JAVAGATEWAY=localhost + +ARG BUILD_DATE +ARG VCS_REF + +ARG MAJOR_VERSION=master +ARG RELEASE= +ARG ZBX_VERSION=${MAJOR_VERSION}.${RELEASE} + +ARG ZBX_SOURCES=svn://svn.zabbix.com/tags/${ZBX_VERSION}/ +ENV ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + +LABEL name="zabbix/zabbix-appliance" \ + maintainer="alexey.pustovalov@zabbix.com" \ + vendor="Zabbix LLC" \ + version="${MAJOR_VERSION}" \ + release="${RELEASE}" \ + summary="Zabbix appliance with MySQL database support and ${ZBX_OPT_TYPE} web-server" \ + description="Zabbix appliance contains MySQL database server, Zabbix server, Zabbix Java Gateway and Zabbix frontend based on Nginx web-server." \ + url="https://www.zabbix.com/" \ + run='docker run --name zabbix-appliance -p 80:80 -p 10051:10051 -d zabbix/zabbix-appliance:${ZBX_VERSION}' \ + io.k8s.description="Zabbix appliance with MySQL database support and ${ZBX_OPT_TYPE} web-server" \ + io.k8s.display-name="Zabbix Appliance" \ + io.openshift.expose-services="http:http,https:https,10051:10051" \ + io.openshift.tags="zabbix,zabbix-appliance,mysql,nginx" \ + org.label-schema.name="zabbix-appliance-rhel" \ + org.label-schema.vendor="Zabbix LLC" \ + org.label-schema.url="https://zabbix.com/" \ + org.label-schema.description="Zabbix appliance with MySQL database support and ${ZBX_OPT_TYPE} web-server" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.license="GPL 2.0" \ + org.label-schema.usage="https://www.zabbix.com/documentation/${MAJOR_VERSION}/manual/installation/containers" \ + org.label-schema.version="${ZBX_VERSION}" \ + org.label-schema.vcs-url="${ZBX_SOURCES}" \ + org.label-schema.docker.cmd="docker run --name zabbix-appliance -p 80:80 -p 10051:10051 -d zabbix/zabbix-appliance:${ZBX_VERSION}" + +STOPSIGNAL SIGTERM + +COPY ["conf/etc/yum.repo.d/nginx.repo", "/etc/yum.repos.d/nginx.repo"] + +### add licenses to this directory +COPY ["licenses", "/licenses"] + +### Add necessary Red Hat repos here +RUN INSTALL_PKGS="OpenIPMI-libs \ + dejavu-sans-fonts \ + fping \ + iksemel \ + java-1.8.0-openjdk-headless \ + libcurl \ + libevent \ + libxml2 \ + mariadb \ + mariadb-server \ + net-snmp-libs \ + nginx \ + openldap \ + openssl-libs \ + pcre \ + php-bcmath \ + php-fpm \ + php-gd \ + php-ldap \ + php-mbstring \ + python-setuptools \ + php-mysql \ + php-xml \ + unixODBC" && \ + rpm -ivh http://repo.zabbix.com/zabbix/${MAJOR_VERSION}/rhel/7/x86_64/zabbix-release-${MAJOR_VERSION}-2.el7.noarch.rpm && \ + REPOLIST="rhel-7-server-rpms,rhel-7-server-optional-rpms,zabbix-non-supported,nginx" && \ + yum -y update-minimal --disablerepo "*" --enablerepo rhel-7-server-rpms --setopt=tsflags=nodocs \ + --security --sec-severity=Important --sec-severity=Critical && \ + echo ${REPOLIST} && \ + yum -y install --disablerepo "*" --enablerepo "${REPOLIST}" --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + groupadd --system zabbix && \ + adduser -r --shell /sbin/nologin \ + -g zabbix -G dialout \ + -d /var/lib/zabbix/ \ + zabbix && \ + mkdir -p /etc/zabbix && \ + mkdir -p /var/lib/zabbix && \ + mkdir -p /usr/lib/zabbix/alertscripts && \ + mkdir -p /var/lib/zabbix/enc && \ + mkdir -p /usr/lib/zabbix/externalscripts && \ + mkdir -p /var/lib/zabbix/mibs && \ + mkdir -p /var/lib/zabbix/modules && \ + mkdir -p /var/lib/zabbix/snmptraps && \ + mkdir -p /var/lib/zabbix/ssh_keys && \ + mkdir -p /var/lib/zabbix/ssl && \ + mkdir -p /var/lib/zabbix/ssl/certs && \ + mkdir -p /var/lib/zabbix/ssl/keys && \ + mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + chown --quiet -R zabbix:root /var/lib/zabbix && \ + mkdir -p /usr/share/doc/zabbix-${ZBX_TYPE}-${ZBX_DB_TYPE}/ && \ + rm -f /etc/php-fpm.d/www.conf && \ + mkdir -p /var/lib/php/ && \ + chown --quiet -R nginx:nginx /var/lib/php/ && \ + easy_install supervisor && \ + mkdir -p /etc/supervisor/conf.d/ && \ + yum ${YUM_FLAGS_COMMON} clean all && \ + rm -rf /var/cache/yum && \ + rm -rf /var/lib/yum/yumdb/* && \ + rm -rf /usr/lib/udev/hwdb.d/* + +COPY ["conf/tmp/font-config", "/tmp/font-config"] + +RUN REPOLIST="rhel-7-server-rpms,rhel-7-server-optional-rpms,zabbix-non-supported" && \ + INSTALL_PKGS="autoconf \ + automake \ + gcc \ + gettext \ + iksemel-devel \ + java-1.8.0-openjdk-devel \ + libcurl-devel \ + libevent-devel \ + libssh2-devel \ + libxml2-devel \ + make \ + mariadb-devel \ + net-snmp-devel \ + OpenIPMI-devel \ + openldap-devel \ + patch \ + subversion \ + unixODBC-devel" && \ + yum -y install --disablerepo "*" --enablerepo "${REPOLIST}" --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + cd /tmp/ && \ + svn --quiet export ${ZBX_SOURCES} zabbix-${ZBX_VERSION} 1>/dev/null && \ + cd /tmp/zabbix-${ZBX_VERSION} && \ + zabbix_revision=`svn info ${ZBX_SOURCES} |grep "Last Changed Rev"|awk '{print $4;}'` && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ + sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ + ./bootstrap.sh 1>/dev/null && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + ./configure \ + --datadir=/usr/lib \ + --libdir=/usr/lib/zabbix \ + --prefix=/usr \ + --sysconfdir=/etc/zabbix \ + --enable-agent \ + --enable-${ZBX_TYPE} \ + --with-${ZBX_DB_TYPE} \ + --with-jabber \ + --with-ldap \ + --with-libcurl \ + --with-libxml2 \ + --enable-java \ + --with-net-snmp \ + --with-openipmi \ + --with-openssl \ + --with-ssh2 \ + --with-unixodbc \ + --enable-ipv6 \ + --silent && \ + make -j"$(nproc)" -s dbschema 1>/dev/null && \ + make -j"$(nproc)" -s 1>/dev/null && \ + cp src/zabbix_${ZBX_TYPE}/zabbix_${ZBX_TYPE} /usr/sbin/zabbix_${ZBX_TYPE} && \ + cp src/zabbix_get/zabbix_get /usr/bin/zabbix_get && \ + cp src/zabbix_sender/zabbix_sender /usr/bin/zabbix_sender && \ + cp conf/zabbix_${ZBX_TYPE}.conf /etc/zabbix/zabbix_${ZBX_TYPE}.conf && \ + chown --quiet -R zabbix:root /etc/zabbix && \ + cat database/${ZBX_DB_TYPE}/schema.sql > database/${ZBX_DB_TYPE}/create.sql && \ + cat database/${ZBX_DB_TYPE}/images.sql >> database/${ZBX_DB_TYPE}/create.sql && \ + cat database/${ZBX_DB_TYPE}/data.sql >> database/${ZBX_DB_TYPE}/create.sql && \ + gzip database/${ZBX_DB_TYPE}/create.sql && \ + cp database/${ZBX_DB_TYPE}/create.sql.gz /usr/share/doc/zabbix-${ZBX_TYPE}-${ZBX_DB_TYPE}/ && \ + mkdir -p /usr/sbin/zabbix_java/ && \ + cp -r src/zabbix_java/bin /usr/sbin/zabbix_java/ && \ + cp -r src/zabbix_java/lib /usr/sbin/zabbix_java/ && \ + rm -rf /usr/sbin/zabbix_java/lib/*.xml && \ + cd /tmp/ && \ + rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \ + cd /usr/share/ && \ + svn --quiet export ${ZBX_SOURCES}/frontends/php/ zabbix 1>/dev/null && \ + cd /usr/share/zabbix/ && \ + patch -p3 < /tmp/font-config && \ + rm /tmp/font-config && \ + rm -f conf/zabbix.conf.php && \ + rm -rf tests && \ + rm /usr/share/zabbix/fonts/DejaVuSans.ttf && \ + ./locale/make_mo.sh 2>/dev/null && \ + ln -s /usr/share/fonts/ttf-dejavu/DejaVuSans.ttf /usr/share/zabbix/fonts/graphfont.ttf && \ + yum ${YUM_FLAGS_COMMON} history undo `yum history | sed -n 4p |column -t | cut -d' ' -f1` 1>/dev/null && \ + yum ${YUM_FLAGS_COMMON} clean all && \ + rm -rf /var/cache/yum && \ + rm -rf /var/lib/yum/yumdb/* && \ + rm -rf /usr/lib/udev/hwdb.d/* && \ + rm -rf /etc/udev/hwdb.bin && \ + rm -rf /root/.pki && \ + rm -rf /root/.subversion + +EXPOSE 80/TCP 443/TCP 10051/TCP + +WORKDIR /var/lib/zabbix + +VOLUME ["/etc/ssl/nginx"] +VOLUME ["/usr/lib/zabbix/alertscripts", "/usr/lib/zabbix/externalscripts", "/var/lib/zabbix/enc", "/var/lib/zabbix/mibs", "/var/lib/zabbix/modules"] +VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/ssh_keys", "/var/lib/zabbix/ssl/certs", "/var/lib/zabbix/ssl/keys", "/var/lib/zabbix/ssl/ssl_ca"] + +COPY ["conf/etc/supervisor/", "/etc/supervisor/"] +COPY ["conf/etc/zabbix/nginx.conf", "/etc/zabbix/"] +COPY ["conf/etc/zabbix/nginx_ssl.conf", "/etc/zabbix/"] +COPY ["conf/etc/zabbix/web/zabbix.conf.php", "/etc/zabbix/web/"] +COPY ["conf/etc/nginx/nginx.conf", "/etc/nginx/"] +COPY ["conf/etc/php-fpm.conf", "/etc/php-fpm.conf"] +COPY ["conf/etc/php.d/99-zabbix.ini", "/etc/php.d/99-zabbix.ini"] +COPY ["conf/etc/zabbix/zabbix_java_gateway_logback.xml", "/etc/zabbix/"] +COPY ["conf/usr/sbin/zabbix_java_gateway", "/usr/sbin/"] +COPY ["docker-entrypoint.sh", "/usr/bin/"] + +ENV ZBX_TYPE=appliance + +ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/zabbix-appliance/rhel/README.md b/zabbix-appliance/rhel/README.md new file mode 100644 index 000000000..14209e426 --- /dev/null +++ b/zabbix-appliance/rhel/README.md @@ -0,0 +1,248 @@ +![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) + +# What is Zabbix? + +Zabbix is an enterprise-class open source distributed monitoring solution. + +Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning. + +For more information and related downloads for Zabbix components, please visit https://hub.docker.com/u/zabbix/ and https://zabbix.com + +# What is Zabbix appliance? + +Zabbix appliance contains MySQL database server, Zabbix server, Zabbix Java Gateway and Zabbix frontend based on Nginx web-server. + +# Zabbix appliance images + +These are the only official Zabbix appliance Docker images. They are based on Alpine Linux v3.4, Ubuntu 14.04 (trusty) and CentOS 7 images. The available versions of Zabbix appliance are: + + Zabbix appliance 3.0 (tags: alpine-3.0-latest, ubuntu-3.0-latest, centos-3.0-latest) + Zabbix appliance 3.0.* (tags: alpine-3.0.*, ubuntu-3.0.*, centos-3.0.*) + Zabbix appliance 3.2 (tags: alpine-3.2-latest, ubuntu-3.2-latest, centos-3.2-latest) + Zabbix appliance 3.2.* (tags: alpine-3.2.*, ubuntu-3.2.*, centos-3.2.*) + Zabbix appliance 3.4 (tags: alpine-3.4-latest, ubuntu-3.4-latest, centos-3.4-latest, alpine-latest, ubuntu-latest, centos-latest, latest) + Zabbix appliance 3.4.* (tags: alpine-3.4.*, ubuntu-3.4.*, centos-3.4.*) + Zabbix appliance 4.0 (tags: alpine-trunk, ubuntu-trunk) + +Images are updated when new releases are published. The image with ``latest`` tag is based on Alpine Linux. + +The image uses MySQL database. The image is very useful for testing purposes. + +# How to use this image + +## Start `zabbix-appliance` + +Start a Zabbix server container as follows: + + docker run --name some-zabbix-appliance -p 80:80 -p 10051:10051 -d zabbix/zabbix-appliance:tag + +Where `some-zabbix-server-mysql` is the name you want to assign to your container. See the list above for relevant tags, or look at the [full list of tags](https://hub.docker.com/r/zabbix/zabbix-appliance/tags/). + +## Container shell access and viewing Zabbix appliance logs + +The `docker exec` command allows you to run commands inside a Docker container. The following command line will give you a bash shell inside your `zabbix-appliance` container: + +```console +$ docker exec -ti some-zabbix-appliance /bin/bash +``` + +The Zabbix appliance logs is available through Docker's container log: + +```console +$ docker logs some-zabbix-appliance +``` + +## Environment Variables + +When you start the `zabbix-appliance` image, you can adjust the configuration of the Zabbix appliance by passing one or more environment variables on the `docker run` command line. + +### `PHP_TZ` + +The variable is timezone in PHP format. Full list of supported timezones are available on [`php.net`](http://php.net/manual/en/timezones.php). By default, value is 'Europe/Riga'. + +### `ZBX_LOADMODULE` + +The variable is list of comma separated loadable Zabbix modules. It works with volume ``/var/lib/zabbix/modules``. The syntax of the variable is ``dummy1.so,dummy2.so``. + +### `ZBX_DEBUGLEVEL` + +The variable is used to specify debug level. By default, value is ``3``. It is ``DebugLevel`` parameter in ``zabbix_server.conf``. Allowed values are listed below: +- ``0`` - basic information about starting and stopping of Zabbix processes; +- ``1`` - critical information +- ``2`` - error information +- ``3`` - warnings +- ``4`` - for debugging (produces lots of information) +- ``5`` - extended debugging (produces even more information) + +### `ZBX_TIMEOUT` + +The variable is used to specify timeout for processing checks. By default, value is ``4``. + +### `ZBX_SERVER_NAME` + +The variable is visible Zabbix installation name in right top corner of the web interface. + +### `ZBX_MAXEXECUTIONTIME` + +The varable is PHP ``max_execution_time`` option. By default, value is `300`. + +### `ZBX_MEMORYLIMIT` + +The varable is PHP ``memory_limit`` option. By default, value is `128M`. + +### `ZBX_POSTMAXSIZE` + +The varable is PHP ``post_max_size`` option. By default, value is `16M`. + +### `ZBX_UPLOADMAXFILESIZE` + +The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. + +### `ZBX_MAXINPUTTIME` + +The varable is PHP ``max_input_time`` option. By default, value is `300`. + +### Other variables + +Additionally the image allows to specify many other environment variables listed below: + +``` +ZBX_LISTENIP= +ZBX_STARTPOLLERS=5 +ZBX_IPMIPOLLERS=0 +ZBX_STARTPOLLERSUNREACHABLE=1 +ZBX_STARTTRAPPERS=5 +ZBX_STARTPINGERS=1 +ZBX_STARTDISCOVERERS=1 +ZBX_STARTHTTPPOLLERS=1 +ZBX_STARTTIMERS=1 +ZBX_STARTESCALATORS=1 +ZBX_STARTJAVAPOLLERS=5 +ZBX_STARTVMWARECOLLECTORS=0 +ZBX_VMWAREFREQUENCY=60 +ZBX_VMWAREPERFFREQUENCY=60 +ZBX_VMWARECACHESIZE=8M +ZBX_VMWARETIMEOUT=10 +ZBX_ENABLE_SNMP_TRAPS=false +ZBX_SOURCEIP= +ZBX_HOUSEKEEPINGFREQUENCY=1 +ZBX_MAXHOUSEKEEPERDELETE=5000 +ZBX_SENDERFREQUENCY=30 +ZBX_CACHESIZE=8M +ZBX_CACHEUPDATEFREQUENCY=60 +ZBX_STARTDBSYNCERS=4 +ZBX_HISTORYCACHESIZE=16M +ZBX_HISTORYINDEXCACHESIZE=4M +ZBX_TRENDCACHESIZE=4M +ZBX_VALUECACHESIZE=8M +ZBX_TRAPPERIMEOUT=300 +ZBX_UNREACHABLEPERIOD=45 +ZBX_UNAVAILABLEDELAY=60 +ZBX_UNREACHABLEDELAY=15 +ZBX_LOGSLOWQUERIES=3000 +ZBX_STARTPROXYPOLLERS=1 +ZBX_PROXYCONFIGFREQUENCY=3600 +ZBX_PROXYDATAFREQUENCY=1 +ZBX_TLSCAFILE= +ZBX_TLSCRLFILE= +ZBX_TLSCERTFILE= +ZBX_TLSKEYFILE= +``` + +Default values of these variables are specified after equal sign. + +The allowed variables are identical of parameters in official ``zabbix_server.conf``. For example, ``ZBX_LOGSLOWQUERIES`` = ``LogSlowQueries``. + +Please use official documentation for [``zabbix_server.conf``](https://www.zabbix.com/documentation/3.0/manual/appendix/config/zabbix_server) to get more information about the variables. + +## Allowed volumes for the Zabbix server container + +### ``/usr/lib/zabbix/alertscripts`` + +The volume is used for custom alert scripts. It is `AlertScriptsPath` parameter in ``zabbix_server.conf``. + +### ``/usr/lib/zabbix/externalscripts`` + +The volume is used by External checks (type of items). It is `ExternalScripts` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/modules`` + +The volume allows load additional modules and extend Zabbix server using ``LoadModule`` feature. + +### ``/var/lib/zabbix/enc`` + +The volume is used to store TLS related files. These file names are specified using ``ZBX_TLSCAFILE``, ``ZBX_TLSCRLFILE``, ``ZBX_TLSKEY_FILE`` and ``ZBX_TLSPSKFILE`` variables. + +### ``/var/lib/zabbix/ssh_keys`` + +The volume is used as location of public and private keys for SSH checks and actions. It is `SSHKeyLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/certs`` + +The volume is used as location of of SSL client certificate files for client authentication. It is `SSLCertLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/keys`` + +The volume is used as location of SSL private key files for client authentication. It is `SSLKeyLocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/ssl/ssl_ca`` + +The volume is used as location of certificate authority (CA) files for SSL server certificate verification. It is `SSLCALocation` parameter in ``zabbix_server.conf``. + +### ``/var/lib/zabbix/snmptraps`` + +The volume is used as location of ``snmptraps.log`` file. It could be shared by ``zabbix-snmptraps`` container and inherited using `volumes_from` Docker option while creating new instance of Zabbix server. +SNMP traps processing feature could be enabled using shared volume and switched ``ZBX_ENABLE_SNMP_TRAPS`` environment variable to `true`. + +### ``/var/lib/zabbix/mibs`` + +The volume allows to add new MIB files. It does not support subdirectories, all MIBs must be placed to ``/var/lib/zabbix/mibs``. + +### ``/etc/ssl/nginx`` + +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. + +Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. + +# The image variants + +The `zabbix-appliance` images come in many flavors, each designed for a specific use case. + +## `zabbix-appliance:ubuntu-` + +This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of. + +## `zabbix-appliance:alpine-` + +This image is based on the popular [Alpine Linux project](http://alpinelinux.org), available in [the `alpine` official image](https://hub.docker.com/_/alpine). Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. + +This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use [musl libc](http://www.musl-libc.org) instead of [glibc and friends](http://www.etalabs.net/compare_libcs.html), so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. + +To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [`alpine` image description](https://hub.docker.com/_/alpine/) for examples of how to install packages if you are unfamiliar). + +# Supported Docker versions + +This image is officially supported on Docker version 1.12.0. + +Support for older versions (down to 1.6) is provided on a best-effort basis. + +Please see [the Docker installation documentation](https://docs.docker.com/installation/) for details on how to upgrade your Docker daemon. + +# User Feedback + +## Documentation + +Documentation for this image is stored in the [`zabbix-appliance/` directory](https://github.com/zabbix/zabbix-docker/tree/3.0/zabbix-appliance) of the [`zabbix/zabbix-docker` GitHub repo](https://github.com/zabbix/zabbix-docker/). Be sure to familiarize yourself with the [repository's `README.md` file](https://github.com/zabbix/zabbix-docker/blob/master/README.md) before attempting a pull request. + +## Issues + +If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues). + +### Known issues +Some configuration environment variables are the same between multiple Zabbix components. Be careful when change these variables. + +## Contributing + +You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can. + +Before you start to code, we recommend discussing your plans through a [GitHub issue](https://github.com/zabbix/zabbix-docker/issues), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing. diff --git a/zabbix-appliance/rhel/build.sh b/zabbix-appliance/rhel/build.sh new file mode 100755 index 000000000..dd70f7e6c --- /dev/null +++ b/zabbix-appliance/rhel/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +os=${PWD##*/} + +version=$1 +version=${version:-"latest"} + +cd ../ +app_component="" +cd $os/ + +if [[ ! $version =~ ^[0-9]*\.[0-9]*\.[0-9]*$ ]] && [ "$version" != "latest" ]; then + echo "Incorrect syntax of the version" + exit 1 +fi + +if [ "$version" != "latest" ]; then + VCS_REF=`svn info svn://svn.zabbix.com/tags/$version |grep "Last Changed Rev"|awk '{print $4;}'` +fi + +docker build -t zabbix-appliance:$os-$version --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` -f Dockerfile . + +#docker rm -f zabbix-appliance + +#sleep 5 +#docker run --name zabbix-appliance -t -d -p 80:80 zabbix-appliance:$os-$version diff --git a/zabbix-appliance/rhel/conf/etc/nginx/nginx.conf b/zabbix-appliance/rhel/conf/etc/nginx/nginx.conf new file mode 100644 index 000000000..6e1ae33ce --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/nginx/nginx.conf @@ -0,0 +1,64 @@ +user nginx; +worker_processes 5; +worker_rlimit_nofile 256000; + +error_log /dev/fd/2 warn; + +pid /var/run/nginx.pid; + +events { + worker_connections 5120; + use epoll; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/fd/1 main; + + client_body_timeout 5m; + send_timeout 5m; + + connection_pool_size 4096; + client_header_buffer_size 4k; + large_client_header_buffers 4 4k; + request_pool_size 4k; + reset_timedout_connection on; + + + gzip on; + gzip_min_length 100; + gzip_buffers 4 8k; + gzip_comp_level 5; + gzip_types text/plain; + gzip_types application/x-javascript; + gzip_types text/css; + + output_buffers 128 512k; + postpone_output 1460; + aio on; + directio 512; + + sendfile on; + client_max_body_size 8m; + client_body_buffer_size 256k; + fastcgi_intercept_errors on; + + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 75 20; + + ignore_invalid_headers on; + + index index.php; + server_tokens off; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/zabbix-appliance/rhel/conf/etc/php-fpm.conf b/zabbix-appliance/rhel/conf/etc/php-fpm.conf new file mode 100644 index 000000000..801c1ae13 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/php-fpm.conf @@ -0,0 +1,537 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include = /etc/php-fpm.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +;pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = /var/log/php-fpm.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been design to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +; process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nginx +group = nginx + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all IPv4 addresses on a +; specific port; +; '[::]:port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm.sock + +; Set listen(2) backlog. +; Default Value: 65535 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 65535 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nginx +listen.group = nginx +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/zabbix-appliance/rhel/conf/etc/php.d/99-zabbix.ini b/zabbix-appliance/rhel/conf/etc/php.d/99-zabbix.ini new file mode 100644 index 000000000..6b058fc48 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/php.d/99-zabbix.ini @@ -0,0 +1,8 @@ +max_execution_time=300 +memory_limit=128M +post_max_size=16M +upload_max_filesize=2M +max_input_time=300 +always_populate_raw_post_data=-1 +; date.timezone=Europe/Riga +session.save_path=/var/lib/php/ diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_java_gateway.conf b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_java_gateway.conf new file mode 100644 index 000000000..df9514bd1 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_java_gateway.conf @@ -0,0 +1,17 @@ +[supervisord] +nodaemon = true + +[program:zabbix_java_gateway] +command = /bin/bash /usr/sbin/%(program_name)s +user = zabbix +auto_start = true +autorestart = true + +startsecs=3 +startretries=3 +stopsignal=INT +stopwaitsecs=2 + +redirect_stderr=true +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf new file mode 100644 index 000000000..7860463bd --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_mysql.conf @@ -0,0 +1,14 @@ +[supervisord] +nodaemon = true + +[program:mysqld] +command = /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 --console +user = mysql +auto_start = true +autorestart = true +priority = 1 + +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 +stderr_logfile = /dev/stderr +stderr_logfile_maxbytes = 0 diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_server.conf b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_server.conf new file mode 100644 index 000000000..b11628eb2 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_server.conf @@ -0,0 +1,18 @@ +[supervisord] +nodaemon = true + +[program:zabbix_server] +command = /usr/sbin/%(program_name)s --foreground -c /etc/zabbix/%(program_name)s.conf +user = zabbix +auto_start = true +autorestart = true + +startsecs=10 +startretries=3 +stopsignal=INT +stopwaitsecs=10 + +redirect_stderr=true + +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_web_nginx.conf b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_web_nginx.conf new file mode 100644 index 000000000..134b95140 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/supervisor/conf.d/supervisord_web_nginx.conf @@ -0,0 +1,30 @@ +[supervisord] +nodaemon = true + +[program:nginx] +command = /usr/sbin/%(program_name)s -g "daemon off;" -c /etc/nginx/%(program_name)s.conf +auto_start = true +autorestart = true + +startsecs=2 +startretries=3 +stopsignal=TERM +stopwaitsecs=2 + +redirect_stderr=true +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 + +[program:php-fpm] +command = /usr/sbin/%(program_name)s -F -c /etc/%(program_name)s.conf +auto_start = true +autorestart = true + +startsecs=2 +startretries=3 +stopsignal=TERM +stopwaitsecs=2 + +redirect_stderr=true +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 diff --git a/zabbix-appliance/rhel/conf/etc/supervisor/supervisord.conf b/zabbix-appliance/rhel/conf/etc/supervisor/supervisord.conf new file mode 100644 index 000000000..925bb1838 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/supervisor/supervisord.conf @@ -0,0 +1,35 @@ +; supervisor config file + +[unix_http_server] +file = /var/run/supervisor.sock ; (the path to the socket file) +chmod = 0700 ; sockef file mode (default 0700) +username = zbx +password = password + +[supervisord] +logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log) +pidfile = /var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP) +critical = critical +user = root +logfile_maxbytes = 0 +logfile_backupcount = 0 +loglevel = info + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl = unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = /etc/supervisor/conf.d/*.conf diff --git a/zabbix-appliance/rhel/conf/etc/yum.repo.d/nginx.repo b/zabbix-appliance/rhel/conf/etc/yum.repo.d/nginx.repo new file mode 100644 index 000000000..09cab6812 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/yum.repo.d/nginx.repo @@ -0,0 +1,5 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/rhel/7/$basearch/ +gpgcheck=0 +enabled=1 diff --git a/zabbix-appliance/rhel/conf/etc/zabbix/nginx.conf b/zabbix-appliance/rhel/conf/etc/zabbix/nginx.conf new file mode 100644 index 000000000..3bde42701 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/zabbix/nginx.conf @@ -0,0 +1,74 @@ +server { + listen 80; + server_name zabbix; + index index.php; + + access_log /dev/fd/1 main; + error_log /dev/fd/2 notice; + + set $webroot '/usr/share/zabbix'; + + root $webroot; + + large_client_header_buffers 8 8k; + client_max_body_size 10M; + + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + # caching of files + location ~* \.(ico|pdf|flv)$ { + expires 1y; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + expires 14d; + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ .php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + + fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } +} diff --git a/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf b/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf new file mode 100644 index 000000000..b38103186 --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -0,0 +1,98 @@ +server { + listen 443 ssl http2; + server_name zabbix; + server_name_in_redirect off; + + index index.php; + access_log /dev/fd/1 main; + error_log /dev/fd/2 error; + + set $webroot '/usr/share/zabbix'; + + root $webroot; + + large_client_header_buffers 8 8k; + + client_max_body_size 10M; + + + ssl on; +# ssl_stapling on; + ssl_certificate /etc/ssl/nginx/ssl.crt; + ssl_certificate_key /etc/ssl/nginx/ssl.key; + ssl_dhparam /etc/ssl/nginx/dhparam.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_verify_depth 3; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_prefer_server_ciphers on; + + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; + + location =/nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + # caching of files + location ~* \.(ico|pdf|flv)$ { + expires 1y; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + expires 14d; + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ .php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + + fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; + + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } +} diff --git a/zabbix-appliance/rhel/conf/etc/zabbix/web/zabbix.conf.php b/zabbix-appliance/rhel/conf/etc/zabbix/web/zabbix.conf.php new file mode 100644 index 000000000..4e6eb414e --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -0,0 +1,20 @@ + diff --git a/zabbix-appliance/rhel/conf/etc/zabbix/zabbix_java_gateway_logback.xml b/zabbix-appliance/rhel/conf/etc/zabbix/zabbix_java_gateway_logback.xml new file mode 100644 index 000000000..750f3506f --- /dev/null +++ b/zabbix-appliance/rhel/conf/etc/zabbix/zabbix_java_gateway_logback.xml @@ -0,0 +1,15 @@ + + + + + + %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + + + + + + + + + diff --git a/zabbix-appliance/rhel/conf/tmp/font-config b/zabbix-appliance/rhel/conf/tmp/font-config new file mode 100644 index 000000000..f28ef2e17 --- /dev/null +++ b/zabbix-appliance/rhel/conf/tmp/font-config @@ -0,0 +1,21 @@ +diff -Nru zabbix-2.5.0.orig/frontends/php/include/defines.inc.php zabbix-2.5.0/frontends/php/include/defines.inc.php +--- zabbix-2.5.0.orig/frontends/php/include/defines.inc.php 2015-08-19 17:27:39.000000000 +0900 ++++ zabbix-2.5.0/frontends/php/include/defines.inc.php 2015-08-22 15:20:12.000000000 +0900 +@@ -42,7 +42,7 @@ + define('ZBX_WIDGET_ROWS', 20); + + define('ZBX_FONTPATH', realpath('fonts')); // where to search for font (GD > 2.0.18) +-define('ZBX_GRAPH_FONT_NAME', 'DejaVuSans'); // font file name ++define('ZBX_GRAPH_FONT_NAME', 'graphfont'); // font file name + define('ZBX_GRAPH_LEGEND_HEIGHT', 120); // when graph height is less then this value, some legend will not show up + + define('ZBX_SCRIPT_TIMEOUT', 60); // in seconds +@@ -90,7 +90,7 @@ + define('EVENTS_OPTION_ALL', 2); + define('EVENTS_OPTION_NOT_ACK', 3); + +-define('ZBX_FONT_NAME', 'DejaVuSans'); ++define('ZBX_FONT_NAME', 'graphfont'); + + define('ZBX_AUTH_INTERNAL', 0); + define('ZBX_AUTH_LDAP', 1); diff --git a/zabbix-appliance/rhel/conf/usr/sbin/zabbix_java_gateway b/zabbix-appliance/rhel/conf/usr/sbin/zabbix_java_gateway new file mode 100755 index 000000000..2da696885 --- /dev/null +++ b/zabbix-appliance/rhel/conf/usr/sbin/zabbix_java_gateway @@ -0,0 +1,27 @@ +JAVA=${JAVA:-"/usr/bin/java"} +DAEMON=${DAEMON:-"/usr/sbin/zabbix_java"} + +JAVA_OPTIONS="-server $JAVA_OPTIONS" +JAVA_OPTIONS="$JAVA_OPTIONS -Dlogback.configurationFile=/etc/zabbix/zabbix_java_gateway_logback.xml" + +cd $DAEMON + +CLASSPATH="$DAEMON/lib" +for jar in `find lib bin -name "*.jar"`; do + if [ $jar != *junit* ]; then + CLASSPATH="$CLASSPATH:$DAEMON/$jar" + fi +done + +ZABBIX_OPTIONS="" +if [ -n "$ZBX_START_POLLERS" ]; then + ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.startPollers=$ZBX_START_POLLERS" +fi +if [ -n "$ZBX_TIMEOUT" ]; then + ZABBIX_OPTIONS="$ZABBIX_OPTIONS -Dzabbix.timeout=$ZBX_TIMEOUT -Dsun.rmi.transport.tcp.responseTimeout=${ZBX_TIMEOUT}000" +fi + + +COMMAND_LINE="$JAVA $JAVA_OPTIONS -classpath $CLASSPATH $ZABBIX_OPTIONS com.zabbix.gateway.JavaGateway" + +exec $COMMAND_LINE diff --git a/zabbix-appliance/rhel/docker-entrypoint.sh b/zabbix-appliance/rhel/docker-entrypoint.sh new file mode 100755 index 000000000..9aa65cf60 --- /dev/null +++ b/zabbix-appliance/rhel/docker-entrypoint.sh @@ -0,0 +1,1076 @@ +#!/bin/bash + +set -eo pipefail + +set +e + +# Script trace mode +if [ "${DEBUG_MODE}" == "true" ]; then + set -o xtrace +fi + +# Type of Zabbix component +# Possible values: [server, proxy, agent, frontend, java-gateway, appliance] +zbx_type=${ZBX_TYPE} +# Type of Zabbix database +# Possible values: [mysql, postgresql] +zbx_db_type=${ZBX_DB_TYPE} +# Type of web-server. Valid only with zbx_type = frontend +# Possible values: [apache, nginx] +zbx_opt_type=${ZBX_OPT_TYPE} + +# Default Zabbix installation name +# Used only by Zabbix web-interface +ZBX_SERVER_NAME=${ZBX_SERVER_NAME:-"Zabbix docker"} +# Default Zabbix server host +ZBX_SERVER_HOST=${ZBX_SERVER_HOST:-"zabbix-server"} +# Default Zabbix server port number +ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + +# Default timezone for web interface +PHP_TZ=${PHP_TZ:-"Europe/Riga"} + +# Default directories +# User 'zabbix' home directory +ZABBIX_USER_HOME_DIR="/var/lib/zabbix" +# Configuration files directory +ZABBIX_ETC_DIR="/etc/zabbix" +# Web interface www-root directory +ZBX_FRONTEND_PATH="/usr/share/zabbix" + +configure_db_mysql() { + [ "${DB_SERVER_HOST}" != "localhost" ] && return + + echo "** Configuring local MySQL server" + + MYSQL_ALLOW_EMPTY_PASSWORD=true + MYSQL_DATA_DIR="/var/lib/mysql" + + if [ -f "/etc/mysql/my.cnf" ]; then + MYSQL_CONF_FILE="/etc/mysql/my.cnf" + elif [ -f "/etc/my.cnf.d/server.cnf" ]; then + MYSQL_CONF_FILE="/etc/my.cnf.d/server.cnf" + DB_SERVER_SOCKET="/var/lib/mysql/mysql.sock" + else + echo "**** Could not found MySQL configuration file" + exit 1 + fi + + if [ -f "/usr/bin/mysqld" ]; then + MYSQLD=/usr/bin/mysqld + elif [ -f "/usr/sbin/mysqld" ]; then + MYSQLD=/usr/sbin/mysqld + elif [ -f "/usr/libexec/mysqld" ]; then + MYSQLD=/usr/libexec/mysqld + else + echo "**** Could not found mysqld binary file" + exit 1 + fi + + sed -Ei 's/^(bind-address|log)/#&/' "$MYSQL_CONF_FILE" + + if [ ! -d "$MYSQL_DATA_DIR/mysql" ]; then + [ -d "$MYSQL_DATA_DIR" ] || mkdir -p "$MYSQL_DATA_DIR" + + chown -R mysql:mysql "$MYSQL_DATA_DIR" + + echo "** Instaling initial MySQL database schemas" + mysql_install_db --user=mysql 2>&1 1>/dev/null + else + echo "**** MySQL data directory is not empty. Using already existsing installation." + chown -R mysql:mysql "$MYSQL_DATA_DIR" + fi + + mkdir -p /var/run/mysqld + ln -s /var/run/mysqld /run/mysqld + chown -R mysql:mysql /var/run/mysqld + chown -R mysql:mysql /run/mysqld + + echo "** Starting MySQL server in background mode" + + nohup $MYSQLD --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin \ + --user=mysql --log-output=none --pid-file=/var/lib/mysql/mysqld.pid \ + --port=3306 --character-set-server=utf8 --collation-server=utf8_bin & +} + +prepare_system() { + local type=$1 + local web_server=$2 + + echo "** Preparing the system" + + if [ "$type" != "appliance" ]; then + return + fi + + ZBX_ADD_AGENT=${ZBX_ADD_AGENT:-"false"} + ZBX_ADD_JAVA_GATEWAY=${ZBX_ADD_JAVA_GATEWAY:-"false"} + ZBX_ADD_SERVER=${ZBX_ADD_SERVER:-"true"} + [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_HOST="localhost" + [ "${ZBX_ADD_SERVER}" == "true" ] && ZBX_SERVER_PORT="10051" + ZBX_MAIN_DB=${ZBX_MAIN_DB:-"mysql"} + ZBX_ADD_PROXY=${ZBX_ADD_PROXY:-"false"} + ZBX_PROXY_DB=${ZBX_PROXY_DB:-"sqlite3"} + ZBX_ADD_WEB=${ZBX_ADD_WEB:-"true"} + ZBX_WEB_SERVER=${ZBX_WEB_SERVER:-"nginx"} + DB_SERVER_HOST=${DB_SERVER_HOST:-"localhost"} + [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY_ENABLE="true" + [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAY="localhost" + [ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && ZBX_JAVAGATEWAYPORT="10052" + + [ "${ZBX_ADD_SERVER}" == "true" ] && configure_db_${ZBX_MAIN_DB} +} + +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//[$'\n']/}" + var_value="${var_value//\//\\/}" + var_value="${var_value//./\\.}" + var_value="${var_value//\*/\\*}" + var_value="${var_value//^/\\^}" + var_value="${var_value//\$/\\\$}" + var_value="${var_value//\&/\\\&}" + var_value="${var_value//\[/\\[}" + var_value="${var_value//\[/\\]}" + + echo $var_value +} + +update_config_var() { + local config_path=$1 + local var_name=$2 + local var_value=$3 + local is_multiple=$4 + + if [ ! -f "$config_path" ]; then + echo "**** Configuration file '$config_path' does not exist" + return + fi + + echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " + + # Remove configuration parameter definition in case of unset parameter value + if [ -z "$var_value" ]; then + sed -i -e "/^$var_name=/d" "$config_path" + echo "removed" + return + fi + + # Remove value from configuration parameter in case of double quoted parameter value + if [ "$var_value" == '""' ]; then + sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" + echo "undefined" + return + fi + + # Use full path to a file for TLS related configuration parameters + if [[ $var_name =~ ^TLS.*File$ ]]; then + var_value=$ZABBIX_USER_HOME_DIR/enc/$var_value + fi + + # Escaping characters in parameter value + var_value=$(escape_spec_char "$var_value") + + if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then + sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" + echo "updated" + elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then + sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" + echo "added first occurrence" + else + sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" + echo "added" + fi + +} + +update_config_multiple_var() { + local config_path=$1 + local var_name=$2 + local var_value=$3 + + var_value="${var_value%\"}" + var_value="${var_value#\"}" + + local IFS=, + local OPT_LIST=($var_value) + + for value in "${OPT_LIST[@]}"; do + update_config_var $config_path $var_name $value true + done +} + +# Check prerequisites for MySQL database +check_variables_mysql() { + local type=$1 + + DB_SERVER_HOST=${DB_SERVER_HOST:-"mysql-server"} + DB_SERVER_PORT=${DB_SERVER_PORT:-"3306"} + USE_DB_ROOT_USER=false + CREATE_ZBX_DB_USER=false + + if [ ! -n "${MYSQL_USER}" ] && [ "${MYSQL_RANDOM_ROOT_PASSWORD}" == "true" ]; then + echo "**** Impossible to use MySQL server because of unknown Zabbix user and random 'root' password" + exit 1 + fi + + if [ ! -n "${MYSQL_USER}" ] && [ ! -n "${MYSQL_ROOT_PASSWORD}" ] && [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" != "true" ]; then + echo "*** Impossible to use MySQL server because 'root' password is not defined and it is not empty" + exit 1 + fi + + if [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || [ -n "${MYSQL_ROOT_PASSWORD}" ]; then + USE_DB_ROOT_USER=true + DB_SERVER_ROOT_USER="root" + DB_SERVER_ROOT_PASS=${MYSQL_ROOT_PASSWORD:-""} + fi + + [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true + + # If root password is not specified use provided credentials + DB_SERVER_ROOT_USER=${DB_SERVER_ROOT_USER:-${MYSQL_USER}} + [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} + DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} + + if [ "$type" == "proxy" ]; then + DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix_proxy"} + else + DB_SERVER_DBNAME=${MYSQL_DATABASE:-"zabbix"} + fi +} + +# Check prerequisites for PostgreSQL database +check_variables_postgresql() { + local type=$1 + + DB_SERVER_HOST=${DB_SERVER_HOST:-"postgres-server"} + DB_SERVER_PORT=${DB_SERVER_PORT:-"5432"} + CREATE_ZBX_DB_USER=${CREATE_ZBX_DB_USER:-"false"} + + DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"} + DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""} + + DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} + DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} + + if [ "$type" == "proxy" ]; then + DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix_proxy"} + else + DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} + fi +} + +check_db_connect_mysql() { + echo "********************" + echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" + echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" + echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" + if [ "${USE_DB_ROOT_USER}" == "true" ]; then + echo "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}" + echo "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}" + fi + echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" + echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" + echo "********************" + + WAIT_TIMEOUT=5 + + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done +} + +check_db_connect_postgresql() { + echo "********************" + echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" + echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" + echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" + if [ "${USE_DB_ROOT_USER}" == "true" ]; then + echo "* DB_SERVER_ROOT_USER: ${DB_SERVER_ROOT_USER}" + echo "* DB_SERVER_ROOT_PASS: ${DB_SERVER_ROOT_PASS}" + else + DB_SERVER_ROOT_USER=${DB_SERVER_ZBX_USER} + DB_SERVER_ROOT_PASS=${DB_SERVER_ZBX_PASS} + fi + echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" + echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" + echo "********************" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + WAIT_TIMEOUT=5 + + while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do + echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." + sleep $WAIT_TIMEOUT + done + + unset PGPASSWORD +} + + +mysql_query() { + query=$1 + local result="" + + result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") + + echo $result +} + +psql_query() { + query=$1 + db=$2 + + local result="" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ + -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); + + unset PGPASSWORD + + echo $result +} + +create_db_user_mysql() { + [ "${CREATE_ZBX_DB_USER}" == "true" ] || return + + echo "** Creating '${DB_SERVER_ZBX_USER}' user in MySQL database" + + USER_EXISTS=$(mysql_query "SELECT 1 FROM mysql.user WHERE user = '${DB_SERVER_ZBX_USER}' AND host = '%'") + + if [ -z "$USER_EXISTS" ]; then + mysql_query "CREATE USER '${DB_SERVER_ZBX_USER}'@'%' IDENTIFIED BY '${DB_SERVER_ZBX_PASS}'" 1>/dev/null + else + mysql_query "SET PASSWORD FOR '${DB_SERVER_ZBX_USER}'@'%' = PASSWORD('${DB_SERVER_ZBX_PASS}');" 1>/dev/null + fi + + mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null +} + +create_db_user_postgresql() { + [ "${CREATE_ZBX_DB_USER}" == "true" ] || return + + echo "** Creating '${DB_SERVER_ZBX_USER}' user in PostgreSQL database" + + USER_EXISTS=$(psql_query "SELECT 1 FROM pg_roles WHERE rolname='${DB_SERVER_ZBX_USER}'") + + if [ -z "$USER_EXISTS" ]; then + psql_query "CREATE USER ${DB_SERVER_ZBX_USER} WITH PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null + else + psql_query "ALTER USER ${DB_SERVER_ZBX_USER} WITH ENCRYPTED PASSWORD '${DB_SERVER_ZBX_PASS}'" 1>/dev/null + fi +} + +create_db_database_mysql() { + DB_EXISTS=$(mysql_query "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${DB_SERVER_DBNAME}'") + + if [ -z ${DB_EXISTS} ]; then + echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." + mysql_query "CREATE DATABASE ${DB_SERVER_DBNAME} CHARACTER SET utf8 COLLATE utf8_bin" 1>/dev/null + # better solution? + mysql_query "GRANT ALL PRIVILEGES ON $DB_SERVER_DBNAME. * TO '${DB_SERVER_ZBX_USER}'@'%'" 1>/dev/null + else + echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database COLLATE!" + fi +} + +create_db_database_postgresql() { + DB_EXISTS=$(psql_query "SELECT 1 AS result FROM pg_database WHERE datname='${DB_SERVER_DBNAME}'") + + if [ -z ${DB_EXISTS} ]; then + echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..." + psql_query "CREATE DATABASE ${DB_SERVER_DBNAME} WITH OWNER ${DB_SERVER_ZBX_USER} ENCODING='UTF8' LC_CTYPE='en_US.utf8' LC_COLLATE='en_US.utf8'" 1>/dev/null + else + echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database owner!" + fi +} + +create_db_schema_mysql() { + local type=$1 + + DBVERSION_TABLE_EXISTS=$(mysql_query "SELECT 1 FROM information_schema.tables WHERE table_schema='${DB_SERVER_DBNAME}' and table_name = 'dbversion'") + + if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then + echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." + ZBX_DB_VERSION=$(mysql_query "SELECT mandatory FROM ${DB_SERVER_DBNAME}.dbversion") + fi + + if [ -z "${ZBX_DB_VERSION}" ]; then + echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" + + zcat /usr/share/doc/zabbix-$type-mysql/create.sql.gz | mysql --silent --skip-column-names \ + -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ + ${DB_SERVER_DBNAME} 1>/dev/null + fi +} + +create_db_schema_postgresql() { + local type=$1 + + DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid = + c.relnamespace WHERE n.nspname = 'public' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}") + + if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then + echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists." + ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM public.dbversion" "${DB_SERVER_DBNAME}") + fi + + if [ -z "${ZBX_DB_VERSION}" ]; then + echo "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL" + + if [ -n "${DB_SERVER_ZBX_PASS}" ]; then + export PGPASSWORD="${DB_SERVER_ZBX_PASS}" + fi + + zcat /usr/share/doc/zabbix-$type-postgresql/create.sql.gz | psql -q \ + -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ + -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null + + unset PGPASSWORD + fi +} + +prepare_web_server_apache() { + if [ -d "/etc/apache2/sites-available" ]; then + APACHE_SITES_DIR=/etc/apache2/sites-available + elif [ -d "/etc/apache2/conf.d" ]; then + APACHE_SITES_DIR=/etc/apache2/conf.d + elif [ -d "/etc/httpd/conf.d" ]; then + APACHE_SITES_DIR=/etc/httpd/conf.d + else + echo "**** Apache is not available" + exit 1 + fi + + if [ -f "/usr/sbin/a2dissite" ]; then + echo "** Disable default site" + /usr/sbin/a2dissite 000-default 1>/dev/null + rm -rf "$APACHE_SITES_DIR/*" + elif [ -f "/etc/apache2/conf.d/default.conf" ]; then + echo "** Disable default site" + rm -f "/etc/apache2/conf.d/default.conf" + rm -f "/etc/httpd/conf.d/welcome.conf" + fi + + echo "** Adding Zabbix virtual host (HTTP)" + if [ -f "$ZABBIX_ETC_DIR/apache.conf" ]; then + ln -s "$ZABBIX_ETC_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf" + if [ -f "/usr/sbin/a2dissite" ]; then + /usr/sbin/a2ensite zabbix.conf 1>/dev/null + fi + else + echo "**** Impossible to enable HTTP virtual host" + fi + + if [ -f "/etc/apache2/conf.d/ssl.conf" ]; then + rm -f "/etc/apache2/conf.d/ssl.conf" + fi + + if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then + echo "** Enable SSL support for Apache2" + if [ -f "/usr/sbin/a2enmod" ]; then + /usr/sbin/a2enmod ssl 1>/dev/null + fi + + echo "** Adding Zabbix virtual host (HTTPS)" + if [ -f "$ZABBIX_ETC_DIR/apache_ssl.conf" ]; then + ln -s "$ZABBIX_ETC_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" + if [ -f "/usr/sbin/a2dissite" ]; then + /usr/sbin/a2ensite zabbix_ssl.conf 1>/dev/null + fi + else + echo "**** Impossible to enable HTTPS virtual host" + fi + else + echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." + fi + + # Change Apache2 logging to stdout and stderr + if [ -f "/etc/apache2/apache2.conf" ]; then + sed -ri \ + -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ + -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ + "/etc/apache2/apache2.conf" + fi + + if [ -f "/etc/httpd/conf/httpd.conf" ]; then + sed -ri \ + -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ + -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ + "/etc/httpd/conf/httpd.conf" + fi + + if [ -f "/etc/apache2/httpd.conf" ]; then + sed -ri \ + -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ + -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ + "/etc/apache2/httpd.conf" + fi + + if [ -f "/etc/apache2/conf-available/other-vhosts-access-log.conf" ]; then + sed -ri \ + -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ + -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ + "/etc/apache2/conf-available/other-vhosts-access-log.conf" + fi + + if [ -f "/etc/apache2/conf.d/mpm.conf" ]; then + sed -ri \ + -e 's!^(\s*PidFile)\s+\S+!\1 "/var/run/httpd.pid"!g' \ + "/etc/apache2/conf.d/mpm.conf" + fi + + if [ -f "/var/run/apache2/apache2.pid" ]; then + rm -f "/var/run/apache2/apache2.pid" + fi + + if [ -f "/var/run/httpd/httpd.pid" ]; then + rm -f "/var/run/httpd/httpd.pid" + fi +} + +prepare_web_server_nginx() { + NGINX_CONFD_DIR="/etc/nginx/conf.d" + NGINX_SSL_CONFIG="/etc/ssl/nginx" + PHP_SESSIONS_DIR="/var/lib/php5" + + echo "** Disable default vhosts" + rm -f $NGINX_CONFD_DIR/*.conf + + echo "** Adding Zabbix virtual host (HTTP)" + if [ -f "$ZABBIX_ETC_DIR/nginx.conf" ]; then + ln -s "$ZABBIX_ETC_DIR/nginx.conf" "$NGINX_CONFD_DIR" + else + echo "**** Impossible to enable HTTP virtual host" + fi + + if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then + echo "** Enable SSL support for Nginx" + if [ -f "$ZABBIX_ETC_DIR/nginx_ssl.conf" ]; then + ln -s "$ZABBIX_ETC_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR" + else + echo "**** Impossible to enable HTTPS virtual host" + fi + else + echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." + fi + + if [ -d "/var/log/nginx/" ]; then + ln -sf /dev/fd/2 /var/log/nginx/error.log + fi + + ln -sf /dev/fd/2 /var/log/php5-fpm.log +} + +stop_databases() { + if ([ "${ZBX_MAIN_DB}" == "mysql" ] || [ "${ZBX_PROXY_DB}" == "mysql" ]) && [ "${DB_SERVER_HOST}" == "localhost" ]; then + mysql_query "DELETE FROM mysql.user WHERE host = 'localhost' AND user != 'root'" 1>/dev/null + + if [ -f "/var/lib/mysql/mysqld.pid" ]; then + kill -TERM $(cat /var/lib/mysql/mysqld.pid) + elif [ -f "/var/run/mysqld/mysqld.pid" ]; then + kill -TERM $(cat /var/run/mysqld/mysqld.pid) + fi + fi + + if [ "${ZBX_MAIN_DB}" == "postgresql" ] && [ "${DB_SERVER_HOST}" == "localhost" ]; then + if [ "${OS_CODENAME}" == "alpine" ]; then + PGDATA=/var/lib/postgresql + BINDIR=/usr/bin + else + PGDATA=/var/lib/postgresql/9.3/main + BINDIR=/usr/lib/postgresql/9.3/bin + fi + su -c "$BINDIR/pg_ctl -D \"$PGDATA\" -m fast -w stop --silent" postgres 1>/dev/null 2>/dev/null + fi +} + +clear_deploy() { + local type=$1 + echo "** Cleaning the system" + + [ "$type" != "appliance" ] && return + + stop_databases +} + +update_zbx_config() { + local type=$1 + local db_type=$2 + + echo "** Preparing Zabbix $type configuration file" + + ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_$type.conf + + if [ "$type" == "proxy" ]; then + update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" + update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" + update_config_var $ZBX_CONFIG "ServerPort" "${ZBX_SERVER_PORT}" + if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then + update_config_var $ZBX_CONFIG "Hostname" "" + update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + else + update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-"$db_type}" + update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + fi + fi + + if [ $type == "proxy" ] && [ "${ZBX_ADD_SERVER}" = "true" ]; then + update_config_var $ZBX_CONFIG "ListenPort" "10061" + else + update_config_var $ZBX_CONFIG "ListenPort" + fi + update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" + update_config_var $ZBX_CONFIG "LogType" "console" + update_config_var $ZBX_CONFIG "LogFile" + update_config_var $ZBX_CONFIG "LogFileSize" + update_config_var $ZBX_CONFIG "PidFile" + + update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + + if [ $type == "proxy" ]; then + update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" + update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + fi + + if [ "$db_type" == "sqlite3" ]; then + update_config_var $ZBX_CONFIG "DBHost" + update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/zabbix_proxy_db" + update_config_var $ZBX_CONFIG "DBUser" + update_config_var $ZBX_CONFIG "DBPort" + update_config_var $ZBX_CONFIG "DBPassword" + else + update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" + update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" + update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" + update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" + update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" + fi + + if [ $type == "server" ]; then + update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" + update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" + fi + + update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" + + if [ "$type" == "proxy" ]; then + update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" + update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" + update_config_var $ZBX_CONFIG "HeartbeatFrequency" "${ZBX_PROXYHEARTBEATFREQUENCY}" + update_config_var $ZBX_CONFIG "ConfigFrequency" "${ZBX_CONFIGFREQUENCY}" + update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" + fi + + update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" + update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_IPMIPOLLERS}" + update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" + update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" + update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" + update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" + update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" + + if [ "$type" == "server" ]; then + update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" + update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" + update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" + update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" + fi + + ZBX_JAVAGATEWAY_ENABLE=${ZBX_JAVAGATEWAY_ENABLE:-"false"} + if [ "${ZBX_JAVAGATEWAY_ENABLE}" == "true" ]; then + update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" + update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" + update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + else + update_config_var $ZBX_CONFIG "JavaGateway" + update_config_var $ZBX_CONFIG "JavaGatewayPort" + update_config_var $ZBX_CONFIG "StartJavaPollers" + fi + + update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" + update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" + update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" + update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" + update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + + ZBX_ENABLE_SNMP_TRAPS=${ZBX_ENABLE_SNMP_TRAPS:-"false"} + if [ "${ZBX_ENABLE_SNMP_TRAPS}" == "true" ]; then + update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" + update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" + else + update_config_var $ZBX_CONFIG "SNMPTrapperFile" + update_config_var $ZBX_CONFIG "StartSNMPTrapper" + fi + + update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + if [ "$type" == "server" ]; then + update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" + update_config_var $ZBX_CONFIG "SenderFrequency" "${ZBX_SENDERFREQUENCY}" + fi + + update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + + if [ "$type" == "server" ]; then + update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" + fi + + update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" + update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" + update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + + if [ "$type" == "server" ]; then + update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" + update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" + fi + + update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" + update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERIMEOUT}" + update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" + update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" + update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" + + update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" + update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" + + # Possible few fping locations + if [ -f "/usr/bin/fping" ]; then + update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" + else + update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" + fi + if [ -f "/usr/bin/fping6" ]; then + update_config_var $ZBX_CONFIG "Fping6Location" "/usr/bin/fping6" + else + update_config_var $ZBX_CONFIG "Fping6Location" "/usr/sbin/fping6" + fi + + update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" + update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" + + if [ "$type" == "server" ]; then + update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" + update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" + update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" + fi + + update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" + update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" + update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" + update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" + update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" + + if [ "$type" == "proxy" ]; then + update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" + update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" + fi + update_config_var $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" + update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" + + if [ "$type" == "proxy" ]; then + update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" + update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" + fi + + update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" + + if [ "$type" == "proxy" ]; then + update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" + update_config_var $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" + fi +} + + +prepare_zbx_web_config() { + local db_type=$1 + local server_name="" + + echo "** Preparing Zabbix frontend configuration file" + + ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" + + if [ -f "/usr/share/zabbix/conf/zabbix.conf.php" ]; then + rm -f "/usr/share/zabbix/conf/zabbix.conf.php" + fi + + ln -s "$ZBX_WEB_CONFIG" "/usr/share/zabbix/conf/zabbix.conf.php" + + # Different places of PHP configuration file + if [ -f "/etc/php5/conf.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php5/conf.d/99-zabbix.ini" + elif [ -f "/etc/php5/fpm/conf.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php5/fpm/conf.d/99-zabbix.ini" + elif [ -f "/etc/php5/apache2/conf.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php5/apache2/conf.d/99-zabbix.ini" + elif [ -f "/etc/php/7.0/apache2/conf.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php/7.0/apache2/conf.d/99-zabbix.ini" + elif [ -f "/etc/php/7.0/fpm/conf.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php/7.0/fpm/conf.d/99-zabbix.ini" + elif [ -f "/etc/php.d/99-zabbix.ini" ]; then + PHP_CONFIG_FILE="/etc/php.d/99-zabbix.ini" + fi + + if [ -n "$PHP_CONFIG_FILE" ]; then + update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" + update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" + update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" + update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" + update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" + update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" + else + echo "**** Zabbix related PHP configuration file not found" + fi + + # Escaping characters in parameter value + server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") + server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") + server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") + + sed -i \ + -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ + -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ + -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ + -e "s/{DB_SERVER_USER}/$server_user/g" \ + -e "s/{DB_SERVER_PASS}/$server_pass/g" \ + -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ + -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ + -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ + "$ZBX_WEB_CONFIG" + + [ "$db_type" = "postgresql" ] && sed -i "s/MYSQL/POSTGRESQL/g" "$ZBX_WEB_CONFIG" +} + +prepare_zbx_agent_config() { + echo "** Preparing Zabbix agent configuration file" + + ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + + ZBX_PASSIVESERVERS=${ZBX_PASSIVESERVERS:-""} + ZBX_ACTIVESERVERS=${ZBX_ACTIVESERVERS:-""} + + [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS + + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS + + [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS + + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS + + update_config_var $ZBX_AGENT_CONFIG "PidFile" + update_config_var $ZBX_AGENT_CONFIG "LogType" "console" + update_config_var $ZBX_AGENT_CONFIG "LogFile" + update_config_var $ZBX_AGENT_CONFIG "LogFileSize" + update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + update_config_var $ZBX_AGENT_CONFIG "SourceIP" + update_config_var $ZBX_AGENT_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" + update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + + ZBX_PASSIVE_ALLOW=${ZBX_PASSIVE_ALLOW:-"true"} + if [ "$ZBX_PASSIVE_ALLOW" == "true" ]; then + echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" + update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + else + update_config_var $ZBX_AGENT_CONFIG "Server" + fi + + update_config_var $ZBX_AGENT_CONFIG "ListenPort" + update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" + update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" + + ZBX_ACTIVE_ALLOW=${ZBX_ACTIVE_ALLOW:-"true"} + if [ "$ZBX_ACTIVE_ALLOW" == "true" ]; then + echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" + update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + else + update_config_var $ZBX_AGENT_CONFIG "ServerActive" + fi + + update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" + update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" + update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" + update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" + update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" + update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" + update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" + # Please use include to enable Alias feature +# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} + update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" + update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/" + update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" + update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" + update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" + update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" + update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" + update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" + update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" +} + +prepare_java_gateway_config() { + echo "** Preparing Zabbix Java Gateway log configuration file" + + ZBX_GATEWAY_CONFIG=$ZABBIX_ETC_DIR/zabbix_java_gateway_logback.xml + + if [ -n "${ZBX_DEBUGLEVEL}" ]; then + echo "Updating $ZBX_GATEWAY_CONFIG 'DebugLevel' parameter: '${ZBX_DEBUGLEVEL}'... updated" + if [ -f "$ZBX_GATEWAY_CONFIG" ]; then + sed -i -e "/^.*/" "$ZBX_GATEWAY_CONFIG" + else + echo "**** Zabbix Java Gateway log configuration file '$ZBX_GATEWAY_CONFIG' not found" + fi + fi +} + +prepare_agent() { + echo "** Preparing Zabbix agent" + prepare_zbx_agent_config +} + +prepare_server() { + local db_type=$1 + + echo "** Preparing Zabbix server" + + check_variables_$db_type "server" + check_db_connect_$db_type + create_db_user_$db_type + create_db_database_$db_type + create_db_schema_$db_type "server" + + update_zbx_config "server" "$db_type" +} + +prepare_proxy() { + local db_type=$1 + + echo "Preparing Zabbix proxy" + + if [ "$db_type" != "sqlite3" ]; then + check_variables_$db_type "proxy" + check_db_connect_$db_type + create_db_user_$db_type + create_db_database_$db_type + create_db_schema_$db_type "proxy" + fi + + update_zbx_config "proxy" $db_type +} + +prepare_web() { + local web_server=$1 + local db_type=$2 + + echo "** Preparing Zabbix web-interface" + + check_variables_$db_type + check_db_connect_$db_type + prepare_web_server_$web_server + prepare_zbx_web_config $db_type +} + +prepare_java_gateway() { + echo "** Preparing Zabbix Java Gateway" + + prepare_java_gateway_config +} + +################################################# + +if [ ! -n "$zbx_type" ]; then + echo "**** Type of Zabbix component is not specified" + exit 1 +elif [ "$zbx_type" == "dev" ]; then + echo "** Deploying Zabbix installation from SVN" +else + if [ ! -n "$zbx_db_type" ]; then + echo "**** Database type of Zabbix $zbx_type is not specified" + exit 1 + fi + + if [ "$zbx_db_type" != "none" ]; then + if [ "$zbx_opt_type" != "none" ]; then + echo "** Deploying Zabbix $zbx_type ($zbx_opt_type) with $zbx_db_type database" + else + echo "** Deploying Zabbix $zbx_type with $zbx_db_type database" + fi + else + echo "** Deploying Zabbix $zbx_type" + fi +fi + +prepare_system "$zbx_type" "$zbx_opt_type" + +[ "$zbx_type" == "server" ] && prepare_server $zbx_db_type +[ "${ZBX_ADD_SERVER}" == "true" ] && prepare_server ${ZBX_MAIN_DB} + +[ "$zbx_type" == "proxy" ] && prepare_proxy $zbx_db_type +[ "${ZBX_ADD_PROXY}" == "true" ] && prepare_proxy ${ZBX_PROXY_DB} + +[ "$zbx_type" == "frontend" ] && prepare_web $zbx_opt_type $zbx_db_type +[ "${ZBX_ADD_WEB}" == "true" ] && prepare_web ${ZBX_WEB_SERVER} ${ZBX_MAIN_DB} + +[ "$zbx_type" == "agent" ] && prepare_agent +[ "${ZBX_ADD_AGENT}" == "true" ] && prepare_agent + +[ "$zbx_type" == "java-gateway" ] && prepare_java_gateway +[ "${ZBX_ADD_JAVA_GATEWAY}" == "true" ] && prepare_java_gateway + +clear_deploy "$zbx_type" + +echo "########################################################" + +if [ "$1" != "" ]; then + echo "** Executing '$@'" + exec "$@" +elif [ "$zbx_type" == "agent" ]; then + echo "** Starting Zabbix agent" + exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_agentd --foreground -c /etc/zabbix/zabbix_agentd.conf" +elif [ "$zbx_type" == "proxy" ]; then + echo "** Starting Zabbix proxy" + exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_proxy --foreground -c /etc/zabbix/zabbix_proxy.conf" +elif [ "$zbx_type" == "server" ]; then + echo "** Starting Zabbix server" + exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_server --foreground -c /etc/zabbix/zabbix_server.conf" +elif [ "$zbx_type" == "java-gateway" ]; then + echo "** Starting Zabbix Java Gateway" + exec su zabbix -s "/bin/bash" -c "/usr/sbin/zabbix_java_gateway" +elif [ "$zbx_type" == "frontend" ] && [ "$zbx_opt_type" == "apache" ]; then + echo "** Starting Zabbix frontend" + if [ -f "/usr/sbin/httpd" ]; then + exec /usr/sbin/httpd -D FOREGROUND + elif [ -f "/usr/sbin/apache2ctl" ]; then + exec /bin/bash -c "source /etc/apache2/envvars && /usr/sbin/apache2ctl -D FOREGROUND" + else + echo "Unknown Web-server. Exiting..." + exit 1 + fi +elif [ -f "/usr/bin/supervisord" ]; then + echo "** Executing supervisord" + exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +else + echo "Unknown instructions. Exiting..." + exit 1 +fi + +################################################# diff --git a/zabbix-appliance/rhel/licenses/gpl-2.0.txt b/zabbix-appliance/rhel/licenses/gpl-2.0.txt new file mode 100644 index 000000000..d159169d1 --- /dev/null +++ b/zabbix-appliance/rhel/licenses/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License.