diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index 45083afd1..22d9bda79 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -644,6 +644,8 @@ jobs: uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 with: context: ${{ format('{0}/{1}/{2}/', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} + build-contexts: | + config_templates=./config_templates/ file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: true diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index e66c5821d..24c425124 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -405,6 +405,8 @@ jobs: uses: redhat-actions/buildah-build@v2.13 with: context: ${{ format('{0}/{1}/rhel', env.DOCKERFILES_DIRECTORY, matrix.build) }} + extra-args: | + --build-context config_templates=./config_templates/ layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | diff --git a/Dockerfiles/agent/alpine/Dockerfile b/Dockerfiles/agent/alpine/Dockerfile index c857e9af4..3344b0cb8 100644 --- a/Dockerfiles/agent/alpine/Dockerfile +++ b/Dockerfiles/agent/alpine/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] RUN set -eux && \ INSTALL_PKGS="bash \ @@ -56,21 +60,33 @@ RUN set -eux && \ --uid 1997 \ --ingroup zabbix \ --shell /sbin/nologin \ - --home /var/lib/zabbix/ \ + --home ${ZABBIX_USER_HOME_DIR}/ \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} EXPOSE 10050/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent/alpine/docker-entrypoint.sh b/Dockerfiles/agent/alpine/docker-entrypoint.sh index c888baf51..17e8e4e68 100755 --- a/Dockerfiles/agent/alpine/docker-entrypoint.sh +++ b/Dockerfiles/agent/alpine/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +ZBX_SERVER_HOST=${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +ZBX_SERVER_PORT=${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -115,118 +111,90 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_AGENT_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } prepare_agent() { echo "** Preparing Zabbix agent" + prepare_zbx_agent_config clear_zbx_env } diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index d3ab5d615..e9a5da30e 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ @@ -72,17 +76,29 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/centos/docker-entrypoint.sh b/Dockerfiles/agent/centos/docker-entrypoint.sh index c888baf51..17e8e4e68 100755 --- a/Dockerfiles/agent/centos/docker-entrypoint.sh +++ b/Dockerfiles/agent/centos/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +ZBX_SERVER_HOST=${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +ZBX_SERVER_PORT=${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -115,118 +111,90 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_AGENT_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } prepare_agent() { echo "** Preparing Zabbix agent" + prepare_zbx_agent_config clear_zbx_env } diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index 236596836..1e8255bed 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -60,22 +64,34 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10050/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent/ol/docker-entrypoint.sh b/Dockerfiles/agent/ol/docker-entrypoint.sh index c888baf51..17e8e4e68 100755 --- a/Dockerfiles/agent/ol/docker-entrypoint.sh +++ b/Dockerfiles/agent/ol/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +ZBX_SERVER_HOST=${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +ZBX_SERVER_PORT=${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -115,118 +111,90 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_AGENT_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } prepare_agent() { echo "** Preparing Zabbix agent" + prepare_zbx_agent_config clear_zbx_env } diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index bb4584d6d..4528ada71 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -14,7 +14,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" LABEL description="Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -47,7 +51,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ @@ -98,17 +102,29 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10050/TCP diff --git a/Dockerfiles/agent/rhel/docker-entrypoint.sh b/Dockerfiles/agent/rhel/docker-entrypoint.sh index c888baf51..17e8e4e68 100755 --- a/Dockerfiles/agent/rhel/docker-entrypoint.sh +++ b/Dockerfiles/agent/rhel/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +ZBX_SERVER_HOST=${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +ZBX_SERVER_PORT=${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -115,118 +111,90 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_AGENT_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } prepare_agent() { echo "** Preparing Zabbix agent" + prepare_zbx_agent_config clear_zbx_env } diff --git a/Dockerfiles/agent/ubuntu/Dockerfile b/Dockerfiles/agent/ubuntu/Dockerfile index 844f56e04..96798b9e7 100644 --- a/Dockerfiles/agent/ubuntu/Dockerfile +++ b/Dockerfiles/agent/ubuntu/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/sbin/zabbix_agentd", "/usr/sbin/zabbix_agentd"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ set -eux && \ @@ -56,23 +60,35 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agentd.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agentd.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ apt-get -y autoremove && \ apt-get -y clean EXPOSE 10050/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent/ubuntu/docker-entrypoint.sh b/Dockerfiles/agent/ubuntu/docker-entrypoint.sh index c888baf51..17e8e4e68 100755 --- a/Dockerfiles/agent/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/agent/ubuntu/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +ZBX_SERVER_HOST=${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +ZBX_SERVER_PORT=${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -115,118 +111,90 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agentd.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" - update_config_var $ZBX_AGENT_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_AGENT_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - update_config_var $ZBX_AGENT_CONFIG "StartAgents" "${ZBX_STARTAGENTS}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - update_config_var $ZBX_AGENT_CONFIG "MaxLinesPerSecond" "${ZBX_MAXLINESPERSECOND}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_AGENT_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_AGENT_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_AGENT_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } prepare_agent() { echo "** Preparing Zabbix agent" + prepare_zbx_agent_config clear_zbx_env } diff --git a/Dockerfiles/agent2/alpine/Dockerfile b/Dockerfiles/agent2/alpine/Dockerfile index 776061ca9..70441d6ea 100644 --- a/Dockerfiles/agent2/alpine/Dockerfile +++ b/Dockerfiles/agent2/alpine/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_PERSISTENTBUFFERFILE="$ZABBIX_USER_HOME_DIR/buffer/agent2.db" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/sbin/", "/usr/sbin/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "${ZABBIX_CONF_DIR}/"] RUN set -eux && \ INSTALL_PKGS="bash \ @@ -53,23 +57,31 @@ RUN set -eux && \ --uid 1997 \ --ingroup zabbix \ --shell /sbin/nologin \ - --home /var/lib/zabbix/ \ + --home ${ZABBIX_USER_HOME_DIR}/ \ zabbix && \ echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/buffer && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agent2.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/buffer && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} EXPOSE 10050/TCP 31999/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent2/alpine/docker-entrypoint.sh b/Dockerfiles/agent2/alpine/docker-entrypoint.sh index 60867594c..2b66ee89e 100755 --- a/Dockerfiles/agent2/alpine/docker-entrypoint.sh +++ b/Dockerfiles/agent2/alpine/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +: ${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +: ${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -124,112 +120,90 @@ file_process_from_env() { echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agent2.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" - update_config_var $ZBX_AGENT_CONFIG "ForceActiveChecksOnStart" "${ZBX_FORCEACTIVECHECKSONSTART}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT if [ "${ZBX_ENABLEPERSISTENTBUFFER,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/agent2.db" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}" - else - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0" + export ZBX_ENABLEPERSISTENTBUFFER=1 fi if [ "${ZBX_ENABLESTATUSPORT,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999" + export ZBX_STATUSPORT=${ZBX_STATUSPORT="31999"} + else + unset ZBX_PERSISTENTBUFFERFILE fi - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" "true" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" - - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" } prepare_zbx_agent_plugin_config() { echo "** Preparing Zabbix agent plugin configuration files" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" if command -v nvidia-smi 2>&1 >/dev/null then - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index 8b292cac4..3dac4dc0c 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_PERSISTENTBUFFERFILE="$ZABBIX_USER_HOME_DIR/buffer/agent2.db" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/sbin/", "/usr/sbin/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ @@ -73,24 +77,32 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/buffer && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agent2.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/buffer && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10050/TCP 31999/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent2/centos/docker-entrypoint.sh b/Dockerfiles/agent2/centos/docker-entrypoint.sh index 60867594c..2b66ee89e 100755 --- a/Dockerfiles/agent2/centos/docker-entrypoint.sh +++ b/Dockerfiles/agent2/centos/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +: ${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +: ${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -124,112 +120,90 @@ file_process_from_env() { echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agent2.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" - update_config_var $ZBX_AGENT_CONFIG "ForceActiveChecksOnStart" "${ZBX_FORCEACTIVECHECKSONSTART}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT if [ "${ZBX_ENABLEPERSISTENTBUFFER,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/agent2.db" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}" - else - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0" + export ZBX_ENABLEPERSISTENTBUFFER=1 fi if [ "${ZBX_ENABLESTATUSPORT,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999" + export ZBX_STATUSPORT=${ZBX_STATUSPORT="31999"} + else + unset ZBX_PERSISTENTBUFFERFILE fi - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" "true" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" - - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" } prepare_zbx_agent_plugin_config() { echo "** Preparing Zabbix agent plugin configuration files" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" if command -v nvidia-smi 2>&1 >/dev/null then - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index b1ea5c87c..afd06399f 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_PERSISTENTBUFFERFILE="$ZABBIX_USER_HOME_DIR/buffer/agent2.db" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/sbin/", "/usr/sbin/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "${ZABBIX_CONF_DIR}/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -60,24 +64,32 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/buffer && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agent2.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/buffer && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10050/TCP 31999/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent2/ol/docker-entrypoint.sh b/Dockerfiles/agent2/ol/docker-entrypoint.sh index 60867594c..2b66ee89e 100755 --- a/Dockerfiles/agent2/ol/docker-entrypoint.sh +++ b/Dockerfiles/agent2/ol/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +: ${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +: ${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -124,112 +120,90 @@ file_process_from_env() { echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agent2.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" - update_config_var $ZBX_AGENT_CONFIG "ForceActiveChecksOnStart" "${ZBX_FORCEACTIVECHECKSONSTART}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT if [ "${ZBX_ENABLEPERSISTENTBUFFER,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/agent2.db" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}" - else - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0" + export ZBX_ENABLEPERSISTENTBUFFER=1 fi if [ "${ZBX_ENABLESTATUSPORT,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999" + export ZBX_STATUSPORT=${ZBX_STATUSPORT="31999"} + else + unset ZBX_PERSISTENTBUFFERFILE fi - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" "true" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" - - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" } prepare_zbx_agent_plugin_config() { echo "** Preparing Zabbix agent plugin configuration files" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" if command -v nvidia-smi 2>&1 >/dev/null then - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 31fb0e289..6c786cdec 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -14,7 +14,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_PERSISTENTBUFFERFILE="$ZABBIX_USER_HOME_DIR/buffer/agent2.db" LABEL description="Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -47,7 +51,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/sbin/", "/usr/sbin/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ @@ -94,24 +98,32 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/buffer && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agent2.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/buffer && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} microdnf -y clean all EXPOSE 10050/TCP 31999/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent2/rhel/docker-entrypoint.sh b/Dockerfiles/agent2/rhel/docker-entrypoint.sh index 60867594c..2b66ee89e 100755 --- a/Dockerfiles/agent2/rhel/docker-entrypoint.sh +++ b/Dockerfiles/agent2/rhel/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +: ${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +: ${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -124,112 +120,90 @@ file_process_from_env() { echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agent2.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" - update_config_var $ZBX_AGENT_CONFIG "ForceActiveChecksOnStart" "${ZBX_FORCEACTIVECHECKSONSTART}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT if [ "${ZBX_ENABLEPERSISTENTBUFFER,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/agent2.db" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}" - else - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0" + export ZBX_ENABLEPERSISTENTBUFFER=1 fi if [ "${ZBX_ENABLESTATUSPORT,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999" + export ZBX_STATUSPORT=${ZBX_STATUSPORT="31999"} + else + unset ZBX_PERSISTENTBUFFERFILE fi - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" "true" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" - - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" } prepare_zbx_agent_plugin_config() { echo "** Preparing Zabbix agent plugin configuration files" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" if command -v nvidia-smi 2>&1 >/dev/null then - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/agent2/ubuntu/Dockerfile b/Dockerfiles/agent2/ubuntu/Dockerfile index dc6e59881..7de6155bb 100644 --- a/Dockerfiles/agent2/ubuntu/Dockerfile +++ b/Dockerfiles/agent2/ubuntu/Dockerfile @@ -12,7 +12,11 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_PERSISTENTBUFFERFILE="$ZABBIX_USER_HOME_DIR/buffer/agent2.db" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix agent 2 is deployed on a monitoring target to actively monitor local resources and applications" \ @@ -28,7 +32,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/sbin/", "/usr/sbin/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/agent2/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ set -eux && \ @@ -56,25 +60,33 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /etc/zabbix/zabbix_agentd.d && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/buffer && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ /usr/sbin/zabbix-agent2-plugin/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_CONF_DIR}/zabbix_agent2.d && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/buffer && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_agent2_item_keys.conf \ + ${ZABBIX_CONF_DIR}/zabbix_agent2.d/ \ + ${ZABBIX_USER_HOME_DIR}/ && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ apt-get -y autoremove && \ apt-get -y clean EXPOSE 10050/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/agent2/ubuntu/docker-entrypoint.sh b/Dockerfiles/agent2/ubuntu/docker-entrypoint.sh index 60867594c..2b66ee89e 100755 --- a/Dockerfiles/agent2/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/agent2/ubuntu/docker-entrypoint.sh @@ -11,15 +11,11 @@ fi # Default Zabbix installation name # Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} +: ${ZBX_SERVER_HOST="zabbix-server"} # Default Zabbix server port number -: ${ZBX_SERVER_PORT:="10051"} +: ${ZBX_SERVER_PORT="10051"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -124,112 +120,90 @@ file_process_from_env() { echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_agent_config() { - echo "** Preparing Zabbix agent configuration file" - ZBX_AGENT_CONFIG=$ZABBIX_ETC_DIR/zabbix_agent2.conf + : ${ZBX_PASSIVESERVERS=""} + : ${ZBX_ACTIVESERVERS=""} - : ${ZBX_PASSIVESERVERS:=""} - : ${ZBX_ACTIVESERVERS:=""} + if [ ! -z "$ZBX_SERVER_HOST" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST","$ZBX_PASSIVESERVERS + elif [ ! -z "$ZBX_SERVER_HOST" ]; then + ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST + fi - [ -n "$ZBX_PASSIVESERVERS" ] && ZBX_PASSIVESERVERS=","$ZBX_PASSIVESERVERS - - ZBX_PASSIVESERVERS=$ZBX_SERVER_HOST$ZBX_PASSIVESERVERS - - [ -n "$ZBX_ACTIVESERVERS" ] && ZBX_ACTIVESERVERS=","$ZBX_ACTIVESERVERS - - ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT$ZBX_ACTIVESERVERS - - update_config_var $ZBX_AGENT_CONFIG "PidFile" - update_config_var $ZBX_AGENT_CONFIG "LogType" "console" - update_config_var $ZBX_AGENT_CONFIG "LogFile" - update_config_var $ZBX_AGENT_CONFIG "LogFileSize" - update_config_var $ZBX_AGENT_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - update_config_var $ZBX_AGENT_CONFIG "SourceIP" + if [ ! -z "$ZBX_SERVER_HOST" ]; then + if [ ! -z "$ZBX_SERVER_PORT" ] && [ "$ZBX_SERVER_PORT" != "10051" ]; then + ZBX_SERVER_HOST=$ZBX_SERVER_HOST":"$ZBX_SERVER_PORT + fi + if [ ! -z "$ZBX_ACTIVESERVERS" ]; then + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST","$ZBX_ACTIVESERVERS + else + ZBX_ACTIVESERVERS=$ZBX_SERVER_HOST + fi + fi : ${ZBX_PASSIVE_ALLOW:="true"} - if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_PASSIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_PASSIVESERVERS" ]; then echo "** Using '$ZBX_PASSIVESERVERS' servers for passive checks" - update_config_var $ZBX_AGENT_CONFIG "Server" "${ZBX_PASSIVESERVERS}" + export ZBX_PASSIVESERVERS="${ZBX_PASSIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "Server" + unset ZBX_PASSIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_AGENT_CONFIG "ListenIP" "${ZBX_LISTENIP}" - : ${ZBX_ACTIVE_ALLOW:="true"} - if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ]; then + if [ "${ZBX_ACTIVE_ALLOW,,}" == "true" ] && [ ! -z "$ZBX_ACTIVESERVERS" ]; then echo "** Using '$ZBX_ACTIVESERVERS' servers for active checks" - update_config_var $ZBX_AGENT_CONFIG "ServerActive" "${ZBX_ACTIVESERVERS}" + export ZBX_ACTIVESERVERS="${ZBX_ACTIVESERVERS}" else - update_config_var $ZBX_AGENT_CONFIG "ServerActive" + unset ZBX_ACTIVESERVERS fi - update_config_var $ZBX_AGENT_CONFIG "HeartbeatFrequency" "${ZBX_HEARTBEAT_FREQUENCY}" - update_config_var $ZBX_AGENT_CONFIG "ForceActiveChecksOnStart" "${ZBX_FORCEACTIVECHECKSONSTART}" + unset ZBX_SERVER_HOST + unset ZBX_SERVER_PORT if [ "${ZBX_ENABLEPERSISTENTBUFFER,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "1" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferFile" "$ZABBIX_USER_HOME_DIR/buffer/agent2.db" - update_config_var $ZBX_AGENT_CONFIG "PersistentBufferPeriod" "${ZBX_PERSISTENTBUFFERPERIOD}" - else - update_config_var $ZBX_AGENT_CONFIG "EnablePersistentBuffer" "0" + export ZBX_ENABLEPERSISTENTBUFFER=1 fi if [ "${ZBX_ENABLESTATUSPORT,,}" == "true" ]; then - update_config_var $ZBX_AGENT_CONFIG "StatusPort" "31999" + export ZBX_STATUSPORT=${ZBX_STATUSPORT="31999"} + else + unset ZBX_PERSISTENTBUFFERFILE fi - update_config_var $ZBX_AGENT_CONFIG "HostInterface" "${ZBX_HOSTINTERFACE}" - update_config_var $ZBX_AGENT_CONFIG "HostInterfaceItem" "${ZBX_HOSTINTERFACEITEM}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "DenyKey" "${ZBX_DENYKEY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_agentd_item_keys.conf" "AllowKey" "${ZBX_ALLOWKEY}" - update_config_var $ZBX_AGENT_CONFIG "Hostname" "${ZBX_HOSTNAME}" - update_config_var $ZBX_AGENT_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadata" "${ZBX_METADATA}" - update_config_var $ZBX_AGENT_CONFIG "HostMetadataItem" "${ZBX_METADATAITEM}" - update_config_var $ZBX_AGENT_CONFIG "RefreshActiveChecks" "${ZBX_REFRESHACTIVECHECKS}" - update_config_var $ZBX_AGENT_CONFIG "BufferSend" "${ZBX_BUFFERSEND}" - update_config_var $ZBX_AGENT_CONFIG "BufferSize" "${ZBX_BUFFERSIZE}" - # Please use include to enable Alias feature -# update_config_multiple_var $ZBX_AGENT_CONFIG "Alias" ${ZBX_ALIAS} - update_config_var $ZBX_AGENT_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf" - update_config_var $ZBX_AGENT_CONFIG "Include" "/etc/zabbix/zabbix_agentd.d/*.conf" "true" - update_config_var $ZBX_AGENT_CONFIG "UnsafeUserParameters" "${ZBX_UNSAFEUSERPARAMETERS}" - update_config_var $ZBX_AGENT_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_AGENT_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" - - update_config_multiple_var $ZBX_AGENT_CONFIG "DenyKey" "${ZBX_DENYKEY}" - update_config_multiple_var $ZBX_AGENT_CONFIG "AllowKey" "${ZBX_ALLOWKEY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" } prepare_zbx_agent_plugin_config() { echo "** Preparing Zabbix agent plugin configuration files" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mongodb.conf" "Plugins.MongoDB.System.Path" "/usr/sbin/zabbix-agent2-plugin/mongodb" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/postgresql.conf" "Plugins.PostgreSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/postgresql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/mssql.conf" "Plugins.MSSQL.System.Path" "/usr/sbin/zabbix-agent2-plugin/mssql" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/ember.conf" "Plugins.EmberPlus.System.Path" "/usr/sbin/zabbix-agent2-plugin/ember-plus" if command -v nvidia-smi 2>&1 >/dev/null then - update_config_var "/etc/zabbix/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" + update_config_var "$ZABBIX_CONF_DIR/zabbix_agent2.d/plugins.d/nvidia.conf" "Plugins.NVIDIA.System.Path" "/usr/sbin/zabbix-agent2-plugin/nvidia-gpu" fi } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 3db9bd45e..0fc7efc77 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -117,19 +122,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index aa774a9bb..f72fde264 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -117,19 +122,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index e9f058bb4..5987e5117 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -117,19 +122,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index fd62ca2ef..a032f5485 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -46,7 +46,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -72,7 +73,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -128,19 +133,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index 5f55a180a..dc556d921 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -61,7 +62,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -117,19 +122,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-mysql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-mysql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index e357344a9..84f54ff77 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -63,7 +64,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -122,19 +127,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/alpine/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/alpine/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 45f6282b1..201525082 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -63,7 +64,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -121,19 +126,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/centos/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/centos/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index 7a6d88799..0328941d7 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -63,7 +64,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -122,19 +127,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ol/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ol/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/rhel/Dockerfile b/Dockerfiles/build-pgsql/rhel/Dockerfile index 291e58721..5fbc4b6e6 100644 --- a/Dockerfiles/build-pgsql/rhel/Dockerfile +++ b/Dockerfiles/build-pgsql/rhel/Dockerfile @@ -46,7 +46,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -74,7 +75,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -133,19 +138,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/rhel/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/rhel/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index e9c14f047..092402d5d 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -35,7 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ - --mount=type=bind,source=conf/chromedp_no_sandbox.patch,target=/tmp/chromedp_no_sandbox.patch \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -63,7 +64,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ - patch -p1 < /tmp/chromedp_no_sandbox.patch && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -121,19 +126,24 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ strip ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_server/zabbix_server ${ZBX_OUTPUT_DIR}/server/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_server.conf ${ZBX_OUTPUT_DIR}/server/conf/zabbix_server.conf_template && \ + cp /tmp/conf/server/* ${ZBX_OUTPUT_DIR}/server/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_web_service ${ZBX_OUTPUT_DIR}/web_service/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_web_service.conf ${ZBX_OUTPUT_DIR}/web_service/conf/zabbix_web_service.conf_template && \ + cp /tmp/conf/web_service/* ${ZBX_OUTPUT_DIR}/web_service/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender ${ZBX_OUTPUT_DIR}/general/bin/ && \ make -s distclean && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch b/Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch similarity index 100% rename from Dockerfiles/build-pgsql/ubuntu/conf/chromedp_no_sandbox.patch rename to Dockerfiles/build-pgsql/ubuntu/patches/chromedp_no_sandbox.patch diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 4613edc8d..1ed338cc7 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -35,6 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -54,6 +56,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -98,13 +105,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ diff --git a/Dockerfiles/build-mysql/rhel/src/.gitkeep b/Dockerfiles/build-sqlite3/alpine/patches/.gitkeep similarity index 100% rename from Dockerfiles/build-mysql/rhel/src/.gitkeep rename to Dockerfiles/build-sqlite3/alpine/patches/.gitkeep diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 95232a085..68f761ed6 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -35,6 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -54,6 +56,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -98,13 +105,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ diff --git a/Dockerfiles/build-sqlite3/centos/patches/.gitkeep b/Dockerfiles/build-sqlite3/centos/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 2bf1cb299..22b78e449 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -35,6 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -54,6 +56,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -98,13 +105,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ diff --git a/Dockerfiles/build-sqlite3/ol/patches/.gitkeep b/Dockerfiles/build-sqlite3/ol/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index a5d715e6f..a1c73475c 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -46,6 +46,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -65,6 +67,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -109,13 +116,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ diff --git a/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep b/Dockerfiles/build-sqlite3/rhel/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index 850dafa2d..367f2a0b5 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -35,6 +35,8 @@ ENV ZBX_SOURCES_DIR=/tmp/zabbix-${ZBX_VERSION} ZBX_OUTPUT_DIR=/tmp/zabbix-${ZBX_ RUN --mount=type=cache,target=/root/.cache/go-build/ \ --mount=type=cache,target=/root/go/ \ --mount=type=bind,source=src/,target=/tmp/src \ + --mount=type=bind,source=patches/,target=/tmp/patches \ + --mount=from=config_templates,target=/tmp/conf \ set -eux && \ cd /tmp/ && \ mkdir -p ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ @@ -54,6 +56,11 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${GIT_BRANCH:-$ZBX_VERSION} --depth 1 --single-branch ${ZBX_SOURCES_DIR}; \ fi && \ cd ${ZBX_SOURCES_DIR} && \ + for patch_filename in /tmp/patches/*.patch; do \ + if [ -f "$patch_filename" ]; then \ + patch -p1 < $patch_filename; \ + fi \ + done && \ zabbix_revision=`git rev-parse --short HEAD` && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ @@ -99,13 +106,16 @@ RUN --mount=type=cache,target=/root/.cache/go-build/ \ strip ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get && \ strip ${ZBX_SOURCES_DIR}/src/zabbix_sender/zabbix_sender && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_agent/zabbix_agentd ${ZBX_OUTPUT_DIR}/agent/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_agentd.conf ${ZBX_OUTPUT_DIR}/agent/conf/zabbix_agentd.conf_template && \ + cp /tmp/conf/agent/* ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/conf/zabbix_agentd/ ${ZBX_OUTPUT_DIR}/agent/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/go/bin/zabbix_agent2 ${ZBX_OUTPUT_DIR}/agent2/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ + cp ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.conf ${ZBX_OUTPUT_DIR}/agent2/conf/zabbix_agent2.conf_template && \ + cp /tmp/conf/agent2/* ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/go/conf/zabbix_agent2.d/ ${ZBX_OUTPUT_DIR}/agent2/conf/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_proxy/zabbix_proxy ${ZBX_OUTPUT_DIR}/proxy/sbin/ && \ - cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ + cp ${ZBX_SOURCES_DIR}/conf/zabbix_proxy.conf ${ZBX_OUTPUT_DIR}/proxy/conf/zabbix_proxy.conf_template && \ + cp /tmp/conf/proxy/* ${ZBX_OUTPUT_DIR}/proxy/conf/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/bin/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp -R ${ZBX_SOURCES_DIR}/src/zabbix_java/lib/ ${ZBX_OUTPUT_DIR}/java_gateway/sbin/ && \ cp ${ZBX_SOURCES_DIR}/src/zabbix_get/zabbix_get ${ZBX_OUTPUT_DIR}/general/bin/ && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep b/Dockerfiles/build-sqlite3/ubuntu/patches/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/Dockerfiles/proxy-mysql/alpine/Dockerfile b/Dockerfiles/proxy-mysql/alpine/Dockerfile index 4bda2d2a1..fc3965bca 100644 --- a/Dockerfiles/proxy-mysql/alpine/Dockerfile +++ b/Dockerfiles/proxy-mysql/alpine/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"] RUN set -eux && \ @@ -69,33 +80,36 @@ RUN set -eux && \ --uid 1997 \ --ingroup zabbix \ --shell /sbin/nologin \ - --home /var/lib/zabbix/ \ + --home ${ZABBIX_USER_HOME_DIR}/ \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh index c7db68fe0..000912b92 100755 --- a/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -143,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -346,192 +343,47 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" + + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" fi - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultDBPath" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-mysql/centos/Dockerfile b/Dockerfiles/proxy-mysql/centos/Dockerfile index f8c035381..e7ce8d0a2 100644 --- a/Dockerfiles/proxy-mysql/centos/Dockerfile +++ b/Dockerfiles/proxy-mysql/centos/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -88,34 +99,37 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh index 3a3227f7d..7b869ab31 100755 --- a/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -143,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -343,192 +340,47 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" + + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" fi - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultDBPath" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-mysql/ol/Dockerfile b/Dockerfiles/proxy-mysql/ol/Dockerfile index 81b179531..a78427e4c 100644 --- a/Dockerfiles/proxy-mysql/ol/Dockerfile +++ b/Dockerfiles/proxy-mysql/ol/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] @@ -75,34 +86,37 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh index 3a3227f7d..7b869ab31 100755 --- a/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -143,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -343,192 +340,47 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" + + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" fi - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultDBPath" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 8edf72a9b..a5ccaf915 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -16,7 +16,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL description="Zabbix proxy with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -49,7 +60,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -117,35 +128,38 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh index 3a3227f7d..7b869ab31 100755 --- a/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -143,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -343,192 +340,47 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" + + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" fi - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultDBPath" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 5a4dee1f2..f977b99c0 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -2,7 +2,6 @@ ARG MAJOR_VERSION=7.4 ARG ZBX_VERSION=${MAJOR_VERSION} ARG BUILD_BASE_IMAGE=zabbix-build-mysql:ubuntu-${ZBX_VERSION} -ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git FROM ${BUILD_BASE_IMAGE} AS builder @@ -15,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/bin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -31,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"] RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ @@ -73,35 +83,38 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR}/ \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-proxy-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ apt-get -y autoremove && \ apt-get -y clean EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh index e20acf994..7b869ab31 100755 --- a/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -143,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -343,192 +340,47 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" + + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}" fi - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultDBPath" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile index ba3ef58ab..70b978e98 100644 --- a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile @@ -14,7 +14,17 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -29,7 +39,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf - - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - update_config_var $ZBX_CONFIG "DBHost" : ${ZBX_USE_NODE_NAME_AS_DB_NAME:="false"} if [ "${ZBX_USE_NODE_NAME_AS_DB_NAME,,}" == "false" ]; then - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" else node_name=$(uname -n) - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/$node_name.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/$node_name.sqlite" fi - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" + unset ZBX_USE_NODE_NAME_AS_DB_NAME - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + if [ ! -z "${ZBX_HOSTNAMEITEM}" ]; then + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" fi - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-sqlite3/centos/Dockerfile b/Dockerfiles/proxy-sqlite3/centos/Dockerfile index bf787272f..5a28375c6 100644 --- a/Dockerfiles/proxy-sqlite3/centos/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/centos/Dockerfile @@ -14,7 +14,17 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -29,7 +39,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf - - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - update_config_var $ZBX_CONFIG "DBHost" : ${ZBX_USE_NODE_NAME_AS_DB_NAME:="false"} if [ "${ZBX_USE_NODE_NAME_AS_DB_NAME,,}" == "false" ]; then - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" else node_name=$(uname -n) - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/$node_name.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/$node_name.sqlite" fi - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" + unset ZBX_USE_NODE_NAME_AS_DB_NAME - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + if [ ! -z "${ZBX_HOSTNAMEITEM}" ]; then + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" fi - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-sqlite3/ol/Dockerfile b/Dockerfiles/proxy-sqlite3/ol/Dockerfile index f813eba22..dc639c8e4 100644 --- a/Dockerfiles/proxy-sqlite3/ol/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ol/Dockerfile @@ -14,7 +14,17 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -29,7 +39,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf - - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - update_config_var $ZBX_CONFIG "DBHost" : ${ZBX_USE_NODE_NAME_AS_DB_NAME:="false"} if [ "${ZBX_USE_NODE_NAME_AS_DB_NAME,,}" == "false" ]; then - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" else node_name=$(uname -n) - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/$node_name.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/$node_name.sqlite" fi - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" + unset ZBX_USE_NODE_NAME_AS_DB_NAME - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + if [ ! -z "${ZBX_HOSTNAMEITEM}" ]; then + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" fi - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index 3ea581f47..5dead16c7 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -16,7 +16,17 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL description="Zabbix proxy with SQLite3 database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -48,7 +58,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/", "/usr/bin/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -114,34 +124,37 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/db_data && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/db_data && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/proxy-sqlite3/rhel/docker-entrypoint.sh b/Dockerfiles/proxy-sqlite3/rhel/docker-entrypoint.sh index 07ea5dd07..73cd1d85f 100755 --- a/Dockerfiles/proxy-sqlite3/rhel/docker-entrypoint.sh +++ b/Dockerfiles/proxy-sqlite3/rhel/docker-entrypoint.sh @@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default Zabbix server host -: ${ZBX_SERVER_HOST:="zabbix-server"} - # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -109,175 +102,65 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf - - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - update_config_var $ZBX_CONFIG "DBHost" : ${ZBX_USE_NODE_NAME_AS_DB_NAME:="false"} if [ "${ZBX_USE_NODE_NAME_AS_DB_NAME,,}" == "false" ]; then - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" else node_name=$(uname -n) - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/$node_name.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/$node_name.sqlite" fi - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" + unset ZBX_USE_NODE_NAME_AS_DB_NAME - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + if [ ! -z "${ZBX_HOSTNAMEITEM}" ]; then + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" fi - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 23ece7d40..5859a7054 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -14,7 +14,17 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_FPINGLOCATION="/usr/bin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -29,7 +39,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } update_zbx_config() { - echo "** Preparing Zabbix proxy configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf - - update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}" - update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}" - if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then - update_config_var $ZBX_CONFIG "Hostname" "" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - else - update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" - update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}" - fi - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" - update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" - - update_config_var $ZBX_CONFIG "DBHost" : ${ZBX_USE_NODE_NAME_AS_DB_NAME:="false"} if [ "${ZBX_USE_NODE_NAME_AS_DB_NAME,,}" == "false" ]; then - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}.sqlite" else node_name=$(uname -n) - update_config_var $ZBX_CONFIG "DBName" "/var/lib/zabbix/db_data/$node_name.sqlite" + export ZBX_DB_NAME="${ZABBIX_USER_HOME_DIR}/db_data/$node_name.sqlite" fi - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPort" - update_config_var $ZBX_CONFIG "DBPassword" + unset ZBX_USE_NODE_NAME_AS_DB_NAME - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" + export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}" - update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}" - update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}" - - update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}" - update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" + if [ ! -z "${ZBX_HOSTNAMEITEM}" ]; then + export ZBX_HOSTNAME="" else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" + export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-sqlite3"}" fi - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}" - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" - update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" - file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" + file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}" if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-mysql/alpine/Dockerfile b/Dockerfiles/server-mysql/alpine/Dockerfile index fdf26cbb7..1ce5a17d2 100644 --- a/Dockerfiles/server-mysql/alpine/Dockerfile +++ b/Dockerfiles/server-mysql/alpine/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/mysql/create.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN set -eux && \ @@ -69,37 +80,40 @@ RUN set -eux && \ --uid 1997 \ --ingroup zabbix \ --shell /sbin/nologin \ - --home /var/lib/zabbix/ \ + --home ${ZABBIX_USER_HOME_DIR} \ zabbix && \ adduser zabbix dialout && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh index 4dd835439..7d111fec5 100755 --- a/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/server-mysql/alpine/docker-entrypoint.sh @@ -9,11 +9,6 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +135,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -188,6 +187,7 @@ check_variables_mysql() { # If root password is not specified use provided credentials : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD,,}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -356,229 +356,50 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix server configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-mysql/centos/Dockerfile b/Dockerfiles/server-mysql/centos/Dockerfile index 1f61565ec..e6831d86a 100644 --- a/Dockerfiles/server-mysql/centos/Dockerfile +++ b/Dockerfiles/server-mysql/centos/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/mysql/create.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -102,33 +113,36 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-mysql/centos/docker-entrypoint.sh b/Dockerfiles/server-mysql/centos/docker-entrypoint.sh index 2f6560e98..924f4c64a 100755 --- a/Dockerfiles/server-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/server-mysql/centos/docker-entrypoint.sh @@ -9,11 +9,6 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +135,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -188,6 +187,7 @@ check_variables_mysql() { # If root password is not specified use provided credentials : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD,,}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -353,229 +353,50 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix server configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index 900b02a72..4007f735d 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/mysql/create.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] @@ -83,33 +94,36 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-mysql/ol/docker-entrypoint.sh b/Dockerfiles/server-mysql/ol/docker-entrypoint.sh index 2f6560e98..924f4c64a 100755 --- a/Dockerfiles/server-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/server-mysql/ol/docker-entrypoint.sh @@ -9,11 +9,6 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +135,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -188,6 +187,7 @@ check_variables_mysql() { # If root password is not specified use provided credentials : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD,,}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -353,229 +353,50 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix server configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 7ce58883d..47bc3faf3 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -16,7 +16,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL description="Zabbix server with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -49,7 +60,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/mysql/create.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -130,33 +141,36 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh index 2f6560e98..924f4c64a 100755 --- a/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/server-mysql/rhel/docker-entrypoint.sh @@ -9,11 +9,6 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +135,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -188,6 +187,7 @@ check_variables_mysql() { # If root password is not specified use provided credentials : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD,,}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -353,229 +353,50 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix server configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-mysql/ubuntu/Dockerfile b/Dockerfiles/server-mysql/ubuntu/Dockerfile index 57bca0660..a759b852e 100644 --- a/Dockerfiles/server-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/server-mysql/ubuntu/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/bin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/mysql/create.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ @@ -75,38 +86,41 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-mysql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ apt-get -y autoremove && \ apt-get -y clean EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix - -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +WORKDIR ${ZABBIX_USER_HOME_DIR} + +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh index a8668e287..924f4c64a 100755 --- a/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/server-mysql/ubuntu/docker-entrypoint.sh @@ -9,11 +9,6 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi -# Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +135,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for MySQL database @@ -188,6 +187,7 @@ check_variables_mysql() { # If root password is not specified use provided credentials : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD,,}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} + DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} @@ -353,229 +353,50 @@ create_db_schema_mysql() { } update_zbx_config() { - echo "** Preparing Zabbix server configuration file" + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" + export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - if [ ! -n "${DB_SERVER_SOCKET}" ]; then - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - else - update_config_var $ZBX_CONFIG "DBHost" - update_config_var $ZBX_CONFIG "DBPort" - fi - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-pgsql/alpine/Dockerfile b/Dockerfiles/server-pgsql/alpine/Dockerfile index 25921f837..06a970486 100644 --- a/Dockerfiles/server-pgsql/alpine/Dockerfile +++ b/Dockerfiles/server-pgsql/alpine/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] RUN set -eux && \ @@ -68,37 +79,40 @@ RUN set -eux && \ --uid 1997 \ --ingroup zabbix \ --shell /sbin/nologin \ - --home /var/lib/zabbix/ \ + --home ${ZABBIX_USER_HOME_DIR} \ zabbix && \ adduser zabbix dialout && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh index 8b22bbdb2..98b7dbf22 100755 --- a/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh @@ -13,10 +13,6 @@ fi : ${ENABLE_TIMESCALEDB:="false"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for PostgreSQL database @@ -367,235 +367,55 @@ create_db_schema_postgresql() { exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql" fi - apply_db_scripts "/var/lib/zabbix/dbscripts/*.sql" + apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql" fi } update_zbx_config() { - local type=$1 - local db_type=$2 + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" - echo "** Preparing Zabbix server configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|POSTGRES)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index d492f6007..93230d241 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -103,37 +114,40 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh index 8b22bbdb2..98b7dbf22 100755 --- a/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/centos/docker-entrypoint.sh @@ -13,10 +13,6 @@ fi : ${ENABLE_TIMESCALEDB:="false"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for PostgreSQL database @@ -367,235 +367,55 @@ create_db_schema_postgresql() { exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql" fi - apply_db_scripts "/var/lib/zabbix/dbscripts/*.sql" + apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql" fi } update_zbx_config() { - local type=$1 - local db_type=$2 + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" - echo "** Preparing Zabbix server configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|POSTGRES)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index b69502a56..404f3886a 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.title="Zabbix server (PostgreSQL)" \ org.opencontainers.image.authors="Alexey Pustovalov " \ @@ -26,11 +37,11 @@ LABEL org.opencontainers.image.title="Zabbix server (PostgreSQL)" \ org.opencontainers.image.version="${ZBX_VERSION}" \ org.opencontainers.image.source="${ZBX_SOURCES}" -STOPSIGNAL SIGTERM +STOP]SIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] @@ -85,37 +96,40 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh index 8b22bbdb2..98b7dbf22 100755 --- a/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ol/docker-entrypoint.sh @@ -13,10 +13,6 @@ fi : ${ENABLE_TIMESCALEDB:="false"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for PostgreSQL database @@ -367,235 +367,55 @@ create_db_schema_postgresql() { exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql" fi - apply_db_scripts "/var/lib/zabbix/dbscripts/*.sql" + apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql" fi } update_zbx_config() { - local type=$1 - local db_type=$2 + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" - echo "** Preparing Zabbix server configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|POSTGRES)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-pgsql/rhel/Dockerfile b/Dockerfiles/server-pgsql/rhel/Dockerfile index 73c7e2578..b085e8f5a 100644 --- a/Dockerfiles/server-pgsql/rhel/Dockerfile +++ b/Dockerfiles/server-pgsql/rhel/Dockerfile @@ -16,7 +16,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/sbin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL description="Zabbix server with PostgreSQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -49,7 +60,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ @@ -132,37 +143,40 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ microdnf -y clean all EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-pgsql/rhel/docker-entrypoint.sh b/Dockerfiles/server-pgsql/rhel/docker-entrypoint.sh index 8b22bbdb2..98b7dbf22 100755 --- a/Dockerfiles/server-pgsql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/rhel/docker-entrypoint.sh @@ -13,10 +13,6 @@ fi : ${ENABLE_TIMESCALEDB:="false"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for PostgreSQL database @@ -367,235 +367,55 @@ create_db_schema_postgresql() { exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql" fi - apply_db_scripts "/var/lib/zabbix/dbscripts/*.sql" + apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql" fi } update_zbx_config() { - local type=$1 - local db_type=$2 + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" - echo "** Preparing Zabbix server configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|POSTGRES)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/server-pgsql/ubuntu/Dockerfile b/Dockerfiles/server-pgsql/ubuntu/Dockerfile index f28befc01..e70718c35 100644 --- a/Dockerfiles/server-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/server-pgsql/ubuntu/Dockerfile @@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ - NMAP_PRIVILEGED="" + NMAP_PRIVILEGED="" \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" + +ENV ZBX_DB_NAME="dummy_db_name" \ + ZBX_FPINGLOCATION="/usr/bin/fping" \ + ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \ + ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \ + ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \ + ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \ + ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \ + ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/sbin/zabbix_server", "/usr/sbin/zabbix_server"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/conf/", "${ZABBIX_CONF_DIR}/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/server/database/postgresql/", "/usr/share/doc/zabbix-server-postgresql/"] RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ @@ -75,38 +86,41 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \ -G dialout \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR} \ zabbix && \ chgrp zabbix /usr/bin/nmap && \ setcap cap_net_raw+eip /usr/bin/nmap && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/dbscripts && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/export && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \ mkdir -p /usr/lib/zabbix/alertscripts && \ - mkdir -p /var/lib/zabbix/dbscripts && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - mkdir -p /var/lib/zabbix/export && \ mkdir -p /usr/lib/zabbix/externalscripts && \ - mkdir -p /var/lib/zabbix/mibs && \ - mkdir -p /var/lib/zabbix/modules && \ - mkdir -p /var/lib/zabbix/snmptraps && \ - mkdir -p /var/lib/zabbix/ssh_keys && \ - mkdir -p /var/lib/zabbix/ssl && \ - mkdir -p /var/lib/zabbix/ssl/certs && \ - mkdir -p /var/lib/zabbix/ssl/keys && \ - mkdir -p /var/lib/zabbix/ssl/ssl_ca && \ mkdir -p /usr/share/doc/zabbix-server-postgresql && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \ + chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chgrp 0 ${ZABBIX_CONF_DIR} && \ + chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_server_modules.conf ${ZABBIX_USER_HOME_DIR} && \ + chmod g=u ${ZABBIX_CONF_DIR} && \ apt-get -y autoremove && \ apt-get -y clean EXPOSE 10051/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} -VOLUME ["/var/lib/zabbix/snmptraps", "/var/lib/zabbix/export"] +VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps", "${ZABBIX_USER_HOME_DIR}/export"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh index df6dfc12d..c8fc71688 100755 --- a/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/server-pgsql/ubuntu/docker-entrypoint.sh @@ -13,10 +13,6 @@ fi : ${ENABLE_TIMESCALEDB:="false"} # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" @@ -140,16 +136,20 @@ update_config_multiple_var() { } file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } # Check prerequisites for PostgreSQL database @@ -372,230 +372,50 @@ create_db_schema_postgresql() { } update_zbx_config() { - local type=$1 - local db_type=$2 + export ZBX_DB_HOST="${DB_SERVER_HOST}" + export ZBX_DB_PORT="${DB_SERVER_PORT}" - echo "** Preparing Zabbix server configuration file" - - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_server.conf - - update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}" - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}" - - update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}" - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "PidFile" - - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" - - if [ -n "${ZBX_DBTLSCONNECT}" ]; then - update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" - update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" - update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" - update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" - update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" - update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" - fi - - update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" - update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" - update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" - update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}" - - if [ -n "${ZBX_VAULT}" ] && [ -n "${ZBX_VAULTURL}" ]; then - update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}" - update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}" - update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}" - update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}" - - if [ -n "${ZBX_VAULTDBPATH}" ]; then - update_config_var $ZBX_CONFIG "DBUser" - update_config_var $ZBX_CONFIG "DBPassword" - else - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - else - update_config_var $ZBX_CONFIG "Vault" - update_config_var $ZBX_CONFIG "VaultTLSCertFile" - update_config_var $ZBX_CONFIG "VaultTLSKeyFile" - update_config_var $ZBX_CONFIG "VaultPrefix" - update_config_var $ZBX_CONFIG "VaultURL" - update_config_var $ZBX_CONFIG "VaultDBPath" - - update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}" - update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}" - fi - - update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}" - update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}" - update_config_var $ZBX_CONFIG "EnableGlobalScripts" "${ZBX_ENABLEGLOBALSCRIPTS}" - - update_config_var $ZBX_CONFIG "StartReportWriters" "${ZBX_STARTREPORTWRITERS}" - : ${ZBX_WEBSERVICEURL:="http://zabbix-web-service:10053/report"} - update_config_var $ZBX_CONFIG "WebServiceURL" "${ZBX_WEBSERVICEURL}" - - update_config_var $ZBX_CONFIG "HistoryStorageURL" "${ZBX_HISTORYSTORAGEURL}" - update_config_var $ZBX_CONFIG "HistoryStorageTypes" "${ZBX_HISTORYSTORAGETYPES}" - update_config_var $ZBX_CONFIG "HistoryStorageDateIndex" "${ZBX_HISTORYSTORAGEDATEINDEX}" - - update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}" - - update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}" - - update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}" - update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}" - update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}" - update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}" - update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}" - update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}" - update_config_var $ZBX_CONFIG "StartHistoryPollers" "${ZBX_STARTHISTORYPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}" - update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}" - update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}" - - update_config_var $ZBX_CONFIG "StartConnectors" "${ZBX_STARTCONNECTORS}" - update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}" - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}" - update_config_var $ZBX_CONFIG "StartAlerters" "${ZBX_STARTALERTERS}" - - update_config_var $ZBX_CONFIG "StartTimers" "${ZBX_STARTTIMERS}" - update_config_var $ZBX_CONFIG "StartEscalators" "${ZBX_STARTESCALATORS}" - - update_config_var $ZBX_CONFIG "StartLLDProcessors" "${ZBX_STARTLLDPROCESSORS}" - - : ${ZBX_JAVAGATEWAY_ENABLE:="false"} - if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}" - update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}" - update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}" - else - update_config_var $ZBX_CONFIG "JavaGateway" - update_config_var $ZBX_CONFIG "JavaGatewayPort" - update_config_var $ZBX_CONFIG "StartJavaPollers" - fi - - update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}" - update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}" - update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}" - update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}" + export ZBX_DB_NAME="${DB_SERVER_DBNAME}" + export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" + export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" + export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then - update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1" - else - update_config_var $ZBX_CONFIG "SNMPTrapperFile" - update_config_var $ZBX_CONFIG "StartSNMPTrapper" - fi + [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 + unset ZBX_ENABLE_SNMP_TRAPS - update_config_var $ZBX_CONFIG "SocketDir" "/tmp/" + update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}" - update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" + file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - update_config_var $ZBX_CONFIG "MaxHousekeeperDelete" "${ZBX_MAXHOUSEKEEPERDELETE}" - update_config_var $ZBX_CONFIG "ProblemHousekeepingFrequency" "${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY}" - - update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}" - - update_config_var $ZBX_CONFIG "CacheUpdateFrequency" "${ZBX_CACHEUPDATEFREQUENCY}" - - update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}" - update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}" - update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}" - - update_config_var $ZBX_CONFIG "TrendCacheSize" "${ZBX_TRENDCACHESIZE}" - update_config_var $ZBX_CONFIG "TrendFunctionCacheSize" "${ZBX_TRENDFUNCTIONCACHESIZE}" - update_config_var $ZBX_CONFIG "ValueCacheSize" "${ZBX_VALUECACHESIZE}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}" - update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}" - update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}" - update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}" - - update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts" - update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts" - - if [ -n "${ZBX_EXPORTFILESIZE}" ]; then - update_config_var $ZBX_CONFIG "ExportDir" "$ZABBIX_USER_HOME_DIR/export/" - update_config_var $ZBX_CONFIG "ExportFileSize" "${ZBX_EXPORTFILESIZE}" - update_config_var $ZBX_CONFIG "ExportType" "${ZBX_EXPORTTYPE}" - fi - - update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping" - update_config_var $ZBX_CONFIG "Fping6Location" - - update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys" - update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}" - - update_config_var $ZBX_CONFIG "StartProxyPollers" "${ZBX_STARTPROXYPOLLERS}" - update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}" - update_config_var $ZBX_CONFIG "ProxyDataFrequency" "${ZBX_PROXYDATAFREQUENCY}" - - update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/" - update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/" - update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/" - update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/" - update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}" - - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" - update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" - update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" - update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" - update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" - update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "ServiceManagerSyncFrequency" "${ZBX_SERVICEMANAGERSYNCFREQUENCY}" - update_config_var $ZBX_CONFIG "AllowSoftwareUpdateCheck" "${ZBX_ALLOWSOFTWAREUPDATECHECK}" - - update_config_var $ZBX_CONFIG "SMSDevices" "${ZBX_SMSDEVICES}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname -f)" + export ZBX_HANODENAME="$(hostname -f)" elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then - update_config_var $ZBX_CONFIG "HANodeName" "$(hostname)" - else - update_config_var $ZBX_CONFIG "HANodeName" "${ZBX_HANODENAME}" + export ZBX_HANODENAME="$(hostname)" fi : ${ZBX_NODEADDRESSPORT:="10051"} if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname -f):${ZBX_NODEADDRESSPORT}" + export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}" elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then - update_config_var $ZBX_CONFIG "NodeAddress" "$(hostname):${ZBX_NODEADDRESSPORT}" - else - update_config_var $ZBX_CONFIG "NodeAddress" "${ZBX_NODEADDRESS}" + export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}" fi if [ "$(id -u)" != '0' ]; then - update_config_var $ZBX_CONFIG "User" "$(whoami)" + export ZBX_USER="$(whoami)" else - update_config_var $ZBX_CONFIG "AllowRoot" "1" + export ZBX_ALLOWROOT=1 fi - - update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}" - update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^(ZBX|DB|POSTGRES)_"); do + for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/web-service/alpine/Dockerfile b/Dockerfiles/web-service/alpine/Dockerfile index cf4f5082b..5c05efddd 100644 --- a/Dockerfiles/web-service/alpine/Dockerfile +++ b/Dockerfiles/web-service/alpine/Dockerfile @@ -12,7 +12,9 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix web service for performing various tasks using headless web browser" \ @@ -27,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_web_service_config() { - echo "** Preparing Zabbix web service configuration file" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_web_service.conf + export ZBX_ALLOWEDIP=${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - : ${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "AllowedIP" "${ZBX_ALLOWEDIP}" - - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "IgnoreURLCertErrors" "${ZBX_IGNOREURLCERTERRORS}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/web-service/centos/Dockerfile b/Dockerfiles/web-service/centos/Dockerfile index 713e84ee9..112ddd71e 100644 --- a/Dockerfiles/web-service/centos/Dockerfile +++ b/Dockerfiles/web-service/centos/Dockerfile @@ -13,6 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" \ PATH=/usr/lib64/chromium-browser:$PATH LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ @@ -28,7 +30,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_web_service_config() { - echo "** Preparing Zabbix web service configuration file" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_web_service.conf + export ZBX_ALLOWEDIP=${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - : ${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "AllowedIP" "${ZBX_ALLOWEDIP}" - - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "IgnoreURLCertErrors" "${ZBX_IGNOREURLCERTERRORS}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/web-service/ol/Dockerfile b/Dockerfiles/web-service/ol/Dockerfile index 492ed1edb..8ba682942 100644 --- a/Dockerfiles/web-service/ol/Dockerfile +++ b/Dockerfiles/web-service/ol/Dockerfile @@ -13,6 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" \ PATH=/usr/lib64/chromium-browser:$PATH LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ @@ -28,7 +30,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_web_service_config() { - echo "** Preparing Zabbix web service configuration file" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_web_service.conf + export ZBX_ALLOWEDIP=${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - : ${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "AllowedIP" "${ZBX_ALLOWEDIP}" - - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "IgnoreURLCertErrors" "${ZBX_IGNOREURLCERTERRORS}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index cda2d5a0c..4f738e118 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -15,6 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" \ PATH=/usr/lib64/chromium-browser:$PATH LABEL description="Zabbix web service for performing various tasks using headless web browser" \ @@ -47,7 +49,7 @@ STOPSIGNAL SIGTERM COPY ["licenses", "/licenses"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/web_service/sbin/zabbix_web_service", "/usr/sbin/zabbix_web_service"] -COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/web_service/conf/", "/etc/zabbix/"] +COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/web_service/conf/", "${ZABBIX_CONF_DIR}/"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --mount=type=bind,target=/run/secrets/,src=secrets/ \ @@ -86,20 +88,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ - --home-dir /var/lib/zabbix/ \ + --home-dir ${ZABBIX_USER_HOME_DIR}/ \ zabbix && \ - mkdir -p /etc/zabbix && \ - mkdir -p /var/lib/zabbix && \ - mkdir -p /var/lib/zabbix/enc && \ - mkdir -p /var/lib/zabbix/enc_internal && \ - chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ - chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \ - chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \ + mkdir -p ${ZABBIX_CONF_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR} && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \ + mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \ + chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ && \ + chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ && \ + chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ && \ microdnf -y clean all EXPOSE 10053/TCP -WORKDIR /var/lib/zabbix +WORKDIR ${ZABBIX_USER_HOME_DIR} COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/Dockerfiles/web-service/rhel/docker-entrypoint.sh b/Dockerfiles/web-service/rhel/docker-entrypoint.sh index b86938b0b..5e0f874c0 100755 --- a/Dockerfiles/web-service/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-service/rhel/docker-entrypoint.sh @@ -10,124 +10,39 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then fi # Default directories -# User 'zabbix' home directory -ZABBIX_USER_HOME_DIR="/var/lib/zabbix" -# Configuration files directory -ZABBIX_ETC_DIR="/etc/zabbix" # Internal directory for TLS related files, used when TLS*File specified as plain text values ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal" -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..." - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Use full path to a file for TLS related configuration parameters - if [[ $var_name =~ ^TLS.*File$ ]]; then - var_value=$ZABBIX_USER_HOME_DIR/enc/$var_value - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - elif [ "$(grep -Ec "^[#;] $var_name=" $config_path)" -gt 0 ]; then - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - else - sed -i -e '$a\' -e "$var_name=$var_value" "$config_path" - echo "added at the end" - fi - -} - file_process_from_env() { - local config_path=$1 - local var_name=$2 - local file_name=$3 - local var_value=$4 + local var_name=$1 + local file_name=$2 + local var_value=$3 if [ ! -z "$var_value" ]; then echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_web_service_config() { - echo "** Preparing Zabbix web service configuration file" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_web_service.conf + export ZBX_ALLOWEDIP=${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - : ${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "AllowedIP" "${ZBX_ALLOWEDIP}" - - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "IgnoreURLCertErrors" "${ZBX_IGNOREURLCERTERRORS}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/Dockerfiles/web-service/ubuntu/Dockerfile b/Dockerfiles/web-service/ubuntu/Dockerfile index dbd96c646..fbbaeae1d 100644 --- a/Dockerfiles/web-service/ubuntu/Dockerfile +++ b/Dockerfiles/web-service/ubuntu/Dockerfile @@ -12,7 +12,9 @@ ARG ZBX_VERSION ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ - ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} + ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ + ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \ + ZABBIX_CONF_DIR="/etc/zabbix" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix web service for performing various tasks using headless web browser" \ @@ -27,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov "${ZABBIX_INTERNAL_ENC_DIR}/$var_name" file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}" fi - update_config_var $config_path "$var_name" "$file_name" + + if [ -n "$var_value" ]; then + export "$var_name"="$file_name" + fi + # Remove variable with plain text data + unset "${var_name%%FILE}" } prepare_zbx_web_service_config() { - echo "** Preparing Zabbix web service configuration file" - ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_web_service.conf + export ZBX_ALLOWEDIP=${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "LogType" "console" - update_config_var $ZBX_CONFIG "LogFile" - update_config_var $ZBX_CONFIG "LogFileSize" - update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - : ${ZBX_ALLOWEDIP:="zabbix-server"} - update_config_var $ZBX_CONFIG "AllowedIP" "${ZBX_ALLOWEDIP}" - - update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}" - - update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}" - - update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}" - file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}" - - file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" - file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" - - update_config_var $ZBX_CONFIG "IgnoreURLCertErrors" "${ZBX_IGNOREURLCERTERRORS}" + file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}" + file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}" } clear_zbx_env() { [[ "${ZBX_CLEAR_ENV}" == "false" ]] && return - for env_var in $(env | grep -E "^ZBX_"); do + for env_var in $(env | grep -E "^ZABBIX_"); do unset "${env_var%%=*}" done } diff --git a/build.sh b/build.sh index 01875e814..6a81f3d84 100755 --- a/build.sh +++ b/build.sh @@ -42,7 +42,7 @@ else exit 1 fi -DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . +DOCKER_BUILDKIT=1 $exec_command build -t "zabbix-$app_component:$os-$version" --build-context config_templates="../../../config_templates" --build-arg VCS_REF="$VCS_REF" --build-arg BUILD_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" -f Dockerfile . if [ "$type" != "build" ]; then links="" diff --git a/config_templates/agent/zabbix_agentd.conf b/config_templates/agent/zabbix_agentd.conf new file mode 100644 index 000000000..0644a67c7 --- /dev/null +++ b/config_templates/agent/zabbix_agentd.conf @@ -0,0 +1,28 @@ +# This is a configuration file for Zabbix agent daemon (Unix) +# To get more information about Zabbix, visit https://www.zabbix.com + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +# Include=/usr/local/etc/zabbix_agentd.userparams.conf +# Include=/usr/local/etc/zabbix_agentd.conf.d/ +# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf + +Include=/etc/zabbix/zabbix_agentd_active_checks.conf +Include=/etc/zabbix/zabbix_agentd_aliases.conf +Include=/etc/zabbix/zabbix_agentd_locations.conf +Include=/etc/zabbix/zabbix_agentd_logging.conf +Include=/etc/zabbix/zabbix_agentd_modules.conf +Include=/etc/zabbix/zabbix_agentd_network.conf +Include=/etc/zabbix/zabbix_agentd_passive_checks.conf +Include=/etc/zabbix/zabbix_agentd_security.conf +Include=/etc/zabbix/zabbix_agentd_timeouts.conf +Include=/etc/zabbix/zabbix_agentd_tls.conf +Include=/etc/zabbix/zabbix_agentd_user_parameters.conf + +Include=/etc/zabbix/zabbix_agentd.d/*.conf diff --git a/config_templates/agent/zabbix_agentd_active_checks.conf b/config_templates/agent/zabbix_agentd_active_checks.conf new file mode 100644 index 000000000..939fbc4fa --- /dev/null +++ b/config_templates/agent/zabbix_agentd_active_checks.conf @@ -0,0 +1,157 @@ +##### Active checks related + +### Option: ServerActive +# Zabbix server/proxy address or cluster configuration to get active checks from. +# Server/proxy address is IP address or DNS name and optional port separated by colon. +# Cluster configuration is one or more server addresses separated by semicolon. +# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma. +# More than one Zabbix proxy should not be specified from each Zabbix server/cluster. +# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified. +# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed. +# If port is not specified, default port is used. +# IPv6 addresses must be enclosed in square brackets if port for that host is specified. +# If port is not specified, square brackets for IPv6 addresses are optional. +# If this parameter is not specified, active checks are disabled. +# Example for Zabbix proxy: +# ServerActive=127.0.0.1:10051 +# Example for multiple servers: +# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# Example for high availability: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3 +# Example for high availability with two clusters and one server: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain +# +# Mandatory: no +# Default: +# ServerActive= + +ServerActive=${ZBX_ACTIVESERVERS} + +### Option: Hostname +# List of comma delimited unique, case sensitive hostnames. +# Required for active checks and must match hostnames as configured on the server. +# Value is acquired from HostnameItem if undefined. +# +# Mandatory: no +# Default: +# Hostname= + +Hostname=${ZBX_HOSTNAME} + +### Option: HostnameItem +# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. +# Does not support UserParameters or aliases. +# +# Mandatory: no +# Default: +# HostnameItem=system.hostname + +HostnameItem=${ZBX_HOSTNAMEITEM} + +### Option: HostMetadata +# Optional parameter that defines host metadata. +# Host metadata is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 2034 bytes. +# If not defined, value will be acquired from HostMetadataItem. +# +# Mandatory: no +# Range: 0-2034 bytes +# Default: +# HostMetadata= + +HostMetadata=${ZBX_METADATA} + +### Option: HostMetadataItem +# Optional parameter that defines an item used for getting host metadata. +# Host metadata is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 65535 characters. +# This option is only used when HostMetadata is not defined. +# +# Mandatory: no +# Default: +# HostMetadataItem= + +HostMetadataItem=${ZBX_METADATAITEM} + +### Option: HostInterface +# Optional parameter that defines host interface. +# Host interface is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostInterfaceItem. +# +# Mandatory: no +# Range: 0-255 characters +# Default: +# HostInterface= + +HostInterface=${ZBX_HOSTINTERFACE} + +### Option: HostInterfaceItem +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. +# +# Mandatory: no +# Default: +# HostInterfaceItem= + +HostInterfaceItem=${ZBX_HOSTINTERFACEITEM} + +### Option: RefreshActiveChecks +# How often list of active checks is refreshed, in seconds. +# +# Mandatory: no +# Range: 1-86400 +# Default: +# RefreshActiveChecks=5 + +RefreshActiveChecks=${ZBX_REFRESHACTIVECHECKS} + +### Option: BufferSend +# Do not keep data longer than N seconds in buffer. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# BufferSend=5 + +BufferSend=${ZBX_BUFFERSEND} + +### Option: BufferSize +# Maximum number of values in a memory buffer. The agent will send +# all collected data to Zabbix Server or Proxy if the buffer is full. +# +# Mandatory: no +# Range: 2-65535 +# Default: +# BufferSize=100 + +BufferSize=${ZBX_BUFFERSIZE} + +### Option: MaxLinesPerSecond +# Maximum number of new lines the agent will send per second to Zabbix Server +# or Proxy processing 'log' and 'logrt' active checks. +# The provided value will be overridden by the parameter 'maxlines', +# provided in 'log' or 'logrt' item keys. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxLinesPerSecond=20 + +MaxLinesPerSecond=${ZBX_MAXLINESPERSECOND} + +### Option: HeartbeatFrequency +# Frequency of heartbeat messages in seconds. +# Used for monitoring availability of active checks. +# 0 - heartbeat messages disabled. +# +# Mandatory: no +# Range: 0-3600 +# Default: 60 +# HeartbeatFrequency= + +HeartbeatFrequency=${ZBX_HEARTBEATFREQUENCY} diff --git a/config_templates/agent/zabbix_agentd_aliases.conf b/config_templates/agent/zabbix_agentd_aliases.conf new file mode 100644 index 000000000..892723bea --- /dev/null +++ b/config_templates/agent/zabbix_agentd_aliases.conf @@ -0,0 +1,12 @@ +### Option: Alias +# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. +# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. +# Different Alias keys may reference the same item key. +# For example, to retrieve the ID of user 'zabbix': +# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] +# Now shorthand key zabbix.userid may be used to retrieve data. +# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. +# +# Mandatory: no +# Range: +# Default: diff --git a/config_templates/agent/zabbix_agentd_item_keys.conf b/config_templates/agent/zabbix_agentd_item_keys.conf new file mode 100644 index 000000000..e508eaf30 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_item_keys.conf @@ -0,0 +1,20 @@ +### Option: AllowKey +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# +# Mandatory: no + +### Option: DenyKey +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. +# +# Mandatory: no +# Default: +# DenyKey=system.run[*] diff --git a/config_templates/agent/zabbix_agentd_locations.conf b/config_templates/agent/zabbix_agentd_locations.conf new file mode 100644 index 000000000..bf0cf0960 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_locations.conf @@ -0,0 +1,8 @@ +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_agentd.pid + +PidFile=/tmp/zabbix_agentd.pid diff --git a/config_templates/agent/zabbix_agentd_logging.conf b/config_templates/agent/zabbix_agentd_logging.conf new file mode 100644 index 000000000..1e168e890 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_logging.conf @@ -0,0 +1,38 @@ +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +LogType=console + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +DebugLevel=${ZBX_DEBUGLEVEL} + +### Option: LogRemoteCommands +# Enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +# Mandatory: no +# Default: +# LogRemoteCommands=0 + +LogRemoteCommands=${ZBX_LOGREMOTECOMMANDS} diff --git a/config_templates/agent/zabbix_agentd_modules.conf b/config_templates/agent/zabbix_agentd_modules.conf new file mode 100644 index 000000000..3911ff7bd --- /dev/null +++ b/config_templates/agent/zabbix_agentd_modules.conf @@ -0,0 +1,26 @@ +####### LOADABLE MODULES ####### + +### Option: LoadModulePath +# Full path to location of agent modules. +# Default depends on compilation options. +# To see the default path run command "zabbix_agentd --help". +# +# Mandatory: no +# Default: +# LoadModulePath=${libdir}/modules + +LoadModulePath=${ZBX_LOADMODULEPATH} + +### Option: LoadModule +# Module to load at agent startup. Modules are used to extend functionality of the agent. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +# It is allowed to include multiple LoadModule parameters. +# +# Mandatory: no +# Default: +# LoadModule= diff --git a/config_templates/agent/zabbix_agentd_network.conf b/config_templates/agent/zabbix_agentd_network.conf new file mode 100644 index 000000000..441477ba7 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_network.conf @@ -0,0 +1,41 @@ +### Option: ListenPort +# Agent will listen on this port for connections from the server. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10050 + +ListenPort=${ZBX_LISTENPORT} + +### Option: ListenIP +# List of comma delimited IP addresses that the agent should listen on. +# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +ListenIP=${ZBX_LISTENIP} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +SourceIP=${ZBX_SOURCEIP} + +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= + +ListenBacklog=${ZBX_LISTENBACKLOG} diff --git a/config_templates/agent/zabbix_agentd_passive_checks.conf b/config_templates/agent/zabbix_agentd_passive_checks.conf new file mode 100644 index 000000000..0e618c524 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_passive_checks.conf @@ -0,0 +1,26 @@ +##### Passive checks related + +### Option: Server +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. +# Incoming connections will be accepted only from the hosts listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes, if StartAgents is not explicitly set to 0 +# Default: +# Server= + +Server=${ZBX_PASSIVESERVERS} + +### Option: StartAgents +# Number of pre-forked instances of zabbix_agentd that process passive checks. +# If set to 0, disables passive checks and the agent will not listen on any TCP port. +# +# Mandatory: no +# Range: 0-100 +# Default: +# StartAgents=10 + +StartAgents=${ZBX_STARTAGENTS} diff --git a/config_templates/agent/zabbix_agentd_security.conf b/config_templates/agent/zabbix_agentd_security.conf new file mode 100644 index 000000000..4d17e33f2 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_security.conf @@ -0,0 +1,22 @@ +### Option: AllowRoot +# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowRoot=0 + +AllowRoot=${ZBX_ALLOWROOT} + +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +# Mandatory: no +# Default: +# User=zabbix + +User=${ZBX_USER} diff --git a/config_templates/agent/zabbix_agentd_timeouts.conf b/config_templates/agent/zabbix_agentd_timeouts.conf new file mode 100644 index 000000000..d50cf2d75 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_timeouts.conf @@ -0,0 +1,9 @@ +### Option: Timeout +# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server. +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +Timeout=${ZBX_TIMEOUT} diff --git a/config_templates/agent/zabbix_agentd_tls.conf b/config_templates/agent/zabbix_agentd_tls.conf new file mode 100644 index 000000000..c4e59b803 --- /dev/null +++ b/config_templates/agent/zabbix_agentd_tls.conf @@ -0,0 +1,178 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the agent should connect to server or proxy. Used for active checks. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted + +TLSConnect=${ZBX_TLSCONNECT} + +### Option: TLSAccept +# What incoming connections to accept. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted + +TLSAccept=${ZBX_TLSACCEPT} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +TLSCAFile=${ZBX_TLSCAFILE} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= + +TLSCRLFile=${ZBX_TLSCRLFILE} + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= + +TLSServerCertIssuer=${ZBX_TLSSERVERCERTISSUER} + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= + +TLSServerCertSubject=${ZBX_TLSSERVERCERTSUBJECT} + +### Option: TLSCertFile +# Full pathname of a file containing the agent certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +TLSCertFile=${ZBX_TLSCERTFILE} + +### Option: TLSKeyFile +# Full pathname of a file containing the agent private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +TLSKeyFile=${ZBX_TLSKEYFILE} + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= + +TLSPSKIdentity=${ZBX_TLSPSKIDENTITY} + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= + +TLSPSKFile=${ZBX_TLSPSKFILE} + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +TLSCipherCert13=${ZBX_TLSCIPHERCERT13} + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +TLSCipherCert=${ZBX_TLSCIPHERCERT} + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +TLSCipherPSK13=${ZBX_TLSCIPHERPSK13} + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +TLSCipherPSK=${ZBX_TLSCIPHERPSK} + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +TLSCipherAll13=${ZBX_TLSCIPHERALL13} + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= + +TLSCipherAll=${ZBX_TLSCIPHERALL} diff --git a/config_templates/agent/zabbix_agentd_user_parameters.conf b/config_templates/agent/zabbix_agentd_user_parameters.conf new file mode 100644 index 000000000..fd664958c --- /dev/null +++ b/config_templates/agent/zabbix_agentd_user_parameters.conf @@ -0,0 +1,35 @@ +####### USER-DEFINED MONITORED PARAMETERS ####### + +### Option: UnsafeUserParameters +# Allow all characters to be passed in arguments to user-defined parameters. +# The following characters are not allowed: +# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ +# Additionally, newline characters are not allowed. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Range: 0-1 +# Default: +# UnsafeUserParameters=0 + +UnsafeUserParameters=${ZBX_UNSAFEUSERPARAMETERS} + +### Option: UserParameter +# User-defined parameter to monitor. There can be several user-defined parameters. +# Format: UserParameter=, +# See 'zabbix_agentd' directory for examples. +# +# Mandatory: no +# Default: +# UserParameter= + +### Option: UserParameterDir +# Directory to execute UserParameter commands from. Only one entry is allowed. +# When executing UserParameter commands the agent will change the working directory to the one +# specified in the UserParameterDir option. +# This way UserParameter commands can be specified using the relative ./ prefix. +# +# Mandatory: no +# Default: +# UserParameterDir= diff --git a/config_templates/agent2/zabbix_agent2.conf b/config_templates/agent2/zabbix_agent2.conf new file mode 100644 index 000000000..615362423 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2.conf @@ -0,0 +1,41 @@ +# This is a configuration file for Zabbix agent 2 (Unix) +# To get more information about Zabbix, visit https://www.zabbix.com + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +# Include=/usr/local/etc/zabbix_agent2.userparams.conf +# Include=/usr/local/etc/zabbix_agent2.conf.d/ +# Include=/usr/local/etc/zabbix_agent2.conf.d/*.conf + +Include=/etc/zabbix/zabbix_agent2_active_checks.conf +Include=/etc/zabbix/zabbix_agent2_aliases.conf +Include=/etc/zabbix/zabbix_agent2_item_keys.conf +Include=/etc/zabbix/zabbix_agent2_locations.conf +Include=/etc/zabbix/zabbix_agent2_logging.conf +Include=/etc/zabbix/zabbix_agent2_network.conf +Include=/etc/zabbix/zabbix_agent2_passive_checks.conf +Include=/etc/zabbix/zabbix_agent2_timeouts.conf +Include=/etc/zabbix/zabbix_agent2_tls.conf +Include=/etc/zabbix/zabbix_agent2_user_parameters.conf + +Include=/etc/zabbix/zabbix_agentd.d/*.conf +Include=/etc/zabbix/zabbix_agent2.d/*.conf + +####### PLUGIN-SPECIFIC PARAMETERS ####### + +### Option: Plugins +# A plugin can have one or more plugin specific configuration parameters in format: +# Plugins..= +# Plugins..= +# +# Mandatory: no +# Range: +# Default: + +Include=/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf diff --git a/config_templates/agent2/zabbix_agent2_active_checks.conf b/config_templates/agent2/zabbix_agent2_active_checks.conf new file mode 100644 index 000000000..bac919bd2 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_active_checks.conf @@ -0,0 +1,200 @@ +##### Active checks related + +### Option: ServerActive +# Zabbix server/proxy address or cluster configuration to get active checks from. +# Server/proxy address is IP address or DNS name and optional port separated by colon. +# Cluster configuration is one or more server addresses separated by semicolon. +# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma. +# More than one Zabbix proxy should not be specified from each Zabbix server/cluster. +# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified. +# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed. +# If port is not specified, default port is used. +# IPv6 addresses must be enclosed in square brackets if port for that host is specified. +# If port is not specified, square brackets for IPv6 addresses are optional. +# If this parameter is not specified, active checks are disabled. +# Example for Zabbix proxy: +# ServerActive=127.0.0.1:10051 +# Example for multiple servers: +# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# Example for high availability: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3 +# Example for high availability with two clusters and one server: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain +# +# Mandatory: no +# Default: +# ServerActive= + +ServerActive=${ZBX_ACTIVESERVERS} + +### Option: Hostname +# List of comma delimited unique, case sensitive hostnames. +# Required for active checks and must match hostnames as configured on the server. +# Value is acquired from HostnameItem if undefined. +# +# Mandatory: no +# Default: +# Hostname= + +Hostname=${ZBX_HOSTNAME} + +### Option: HostnameItem +# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. +# Does not support UserParameters or aliases. +# +# Mandatory: no +# Default: +# HostnameItem=system.hostname + +HostnameItem=${ZBX_HOSTNAMEITEM} + +### Option: HostMetadata +# Optional parameter that defines host metadata. +# Host metadata is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 2034 bytes. +# If not defined, value will be acquired from HostMetadataItem. +# +# Mandatory: no +# Range: 0-2034 bytes +# Default: +# HostMetadata= + +HostMetadata=${ZBX_METADATA} + +### Option: HostMetadataItem +# Optional parameter that defines an item used for getting host metadata. +# Host metadata is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 65535 characters. +# This option is only used when HostMetadata is not defined. +# +# Mandatory: no +# Default: +# HostMetadataItem= + +HostMetadataItem=${ZBX_METADATAITEM} + +### Option: HostInterface +# Optional parameter that defines host interface. +# Host interface is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostInterfaceItem. +# +# Mandatory: no +# Range: 0-255 characters +# Default: +# HostInterface= + +HostInterface=${ZBX_HOSTINTERFACE} + +### Option: HostInterfaceItem +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. +# +# Mandatory: no +# Default: +# HostInterfaceItem= + +HostInterfaceItem=${ZBX_HOSTINTERFACEITEM} + +### Option: RefreshActiveChecks +# How often list of active checks is refreshed, in seconds. +# +# Mandatory: no +# Range: 1-86400 +# Default: +# RefreshActiveChecks=5 + +RefreshActiveChecks=${ZBX_REFRESHACTIVECHECKS} + +### Option: BufferSend +# Do not keep data longer than N seconds in buffer. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# BufferSend=5 + +BufferSend=${ZBX_BUFFERSEND} + +### Option: BufferSize +# Maximum number of values in a memory buffer. The agent will send +# all collected data to Zabbix Server or Proxy if the buffer is full. +# +# Mandatory: no +# Range: 2-65535 +# Default: +# BufferSize=1000 + +BufferSize=${ZBX_BUFFERSIZE} + +### Option: EnablePersistentBuffer +# Enable usage of local persistent storage for active items. +# 0 - disabled, in-memory buffer is used (default); 1 - use persistent buffer +# Mandatory: no +# Range: 0-1 +# Default: +# EnablePersistentBuffer=0 + +EnablePersistentBuffer=${ZBX_ENABLEPERSISTENTBUFFER} + +### Option: PersistentBufferPeriod +# Zabbix Agent2 will keep data for this time period in case of no +# connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved. +# Option is valid if EnablePersistentBuffer=1 +# +# Mandatory: no +# Range: 1m-365d +# Default: +# PersistentBufferPeriod=1h + +PersistentBufferPeriod=${ZBX_PERSISTENTBUFFERPERIOD} + +### Option: PersistentBufferFile +# Full filename. Zabbix Agent2 will keep SQLite database in this file. +# Option is valid if EnablePersistentBuffer=1 +# +# Mandatory: no +# Default: +# PersistentBufferFile= + +PersistentBufferFile=${ZBX_PERSISTENTBUFFERFILE} + +### Option: Plugins.Log.MaxLinesPerSecond +# Maximum number of new lines the agent will send per second to Zabbix Server +# or Proxy processing 'log' and 'logrt' active checks. +# The provided value will be overridden by the parameter 'maxlines', +# provided in 'log' or 'logrt' item keys. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# Plugins.Log.MaxLinesPerSecond=20 + +Plugins.Log.MaxLinesPerSecond=${ZBX_MAXLINESPERSECOND} + +### Option: HeartbeatFrequency +# Frequency of heartbeat messages in seconds. +# Used for monitoring availability of active checks. +# 0 - heartbeat messages disabled. +# +# Mandatory: no +# Range: 0-3600 +# Default: 60 +# HeartbeatFrequency= + +HeartbeatFrequency=${ZBX_HEARTBEATFREQUENCY} + +### Option: ForceActiveChecksOnStart +# Perform active checks immediately after restart for first received configuration. +# Also available as per plugin configuration, example: Plugins.Uptime.System.ForceActiveChecksOnStart=1 +# +# Mandatory: no +# Range: 0-1 +# Default: +# ForceActiveChecksOnStart=0 + +ForceActiveChecksOnStart=${ZBX_FORCEACTIVECHECKSONSTART} diff --git a/config_templates/agent2/zabbix_agent2_aliases.conf b/config_templates/agent2/zabbix_agent2_aliases.conf new file mode 100644 index 000000000..892723bea --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_aliases.conf @@ -0,0 +1,12 @@ +### Option: Alias +# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. +# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. +# Different Alias keys may reference the same item key. +# For example, to retrieve the ID of user 'zabbix': +# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] +# Now shorthand key zabbix.userid may be used to retrieve data. +# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. +# +# Mandatory: no +# Range: +# Default: diff --git a/config_templates/agent2/zabbix_agent2_item_keys.conf b/config_templates/agent2/zabbix_agent2_item_keys.conf new file mode 100644 index 000000000..e508eaf30 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_item_keys.conf @@ -0,0 +1,20 @@ +### Option: AllowKey +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# +# Mandatory: no + +### Option: DenyKey +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. +# +# Mandatory: no +# Default: +# DenyKey=system.run[*] diff --git a/config_templates/agent2/zabbix_agent2_locations.conf b/config_templates/agent2/zabbix_agent2_locations.conf new file mode 100644 index 000000000..55412d72a --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_locations.conf @@ -0,0 +1,26 @@ +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_agent2.pid + +PidFile=/tmp/zabbix_agent2.pid + +### Option:PluginSocket +# Path to unix socket for external plugin communications. +# +# Mandatory: no +# Default:/tmp/agent.plugin.sock +# PluginSocket= + +PluginSocket=/tmp/agent.plugin.sock + +### Option: ControlSocket +# The control socket, used to send runtime commands with '-R' option. +# +# Mandatory: no +# Default: +# ControlSocket= + +ControlSocket=/tmp/agent.sock diff --git a/config_templates/agent2/zabbix_agent2_logging.conf b/config_templates/agent2/zabbix_agent2_logging.conf new file mode 100644 index 000000000..c6a4f4bed --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_logging.conf @@ -0,0 +1,38 @@ +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +LogType=console + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +DebugLevel=${ZBX_DEBUGLEVEL} + +### Option: Plugins.SystemRun.LogRemoteCommands +# Enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +# Mandatory: no +# Default: +# Plugins.SystemRun.LogRemoteCommands=0 + +Plugins.SystemRun.LogRemoteCommands=${ZBX_LOGREMOTECOMMANDS} diff --git a/config_templates/agent2/zabbix_agent2_network.conf b/config_templates/agent2/zabbix_agent2_network.conf new file mode 100644 index 000000000..5aba3bd28 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_network.conf @@ -0,0 +1,28 @@ +### Option: ListenIP +# List of comma delimited IP addresses that the agent should listen on. +# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +ListenIP=${ZBX_LISTENIP} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +SourceIP=${ZBX_SOURCEIP} + +### Option: StatusPort +# Agent will listen on this port for HTTP status requests. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# StatusPort= + +StatusPort=${ZBX_STATUSPORT} diff --git a/config_templates/agent2/zabbix_agent2_passive_checks.conf b/config_templates/agent2/zabbix_agent2_passive_checks.conf new file mode 100644 index 000000000..2a1271809 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_passive_checks.conf @@ -0,0 +1,15 @@ +##### Passive checks related + +### Option: Server +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. +# Incoming connections will be accepted only from the hosts listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes +# Default: +# Server= + +Server=${ZBX_PASSIVESERVERS} diff --git a/config_templates/agent2/zabbix_agent2_timeouts.conf b/config_templates/agent2/zabbix_agent2_timeouts.conf new file mode 100644 index 000000000..d56ff5810 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_timeouts.conf @@ -0,0 +1,19 @@ +### Option: Timeout +# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server. +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +Timeout=${ZBX_TIMEOUT} + +### Option:PluginTimeout +# Timeout for connections with external plugins. +# +# Mandatory: no +# Range: 1-30 +# Default: +# PluginTimeout= + +PluginTimeout=${ZBX_PLUGINTIMEOUT} diff --git a/config_templates/agent2/zabbix_agent2_tls.conf b/config_templates/agent2/zabbix_agent2_tls.conf new file mode 100644 index 000000000..d0f7baf21 --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_tls.conf @@ -0,0 +1,172 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the agent should connect to server or proxy. Used for active checks. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted + +TLSConnect=${ZBX_TLSCONNECT} + +### Option: TLSAccept +# What incoming connections to accept. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted + +TLSAccept=${ZBX_TLSACCEPT} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +TLSCAFile=${ZBX_TLSCAFILE} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= + +TLSCRLFile=${ZBX_TLSCRLFILE} + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= + +TLSServerCertIssuer=${ZBX_TLSSERVERCERTISSUER} + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= + +TLSServerCertSubject=${ZBX_TLSSERVERCERTSUBJECT} + +### Option: TLSCertFile +# Full pathname of a file containing the agent certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +TLSCertFile=${ZBX_TLSCERTFILE} + +### Option: TLSKeyFile +# Full pathname of a file containing the agent private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +TLSKeyFile=${ZBX_TLSKEYFILE} + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= + +TLSPSKIdentity=${ZBX_TLSPSKIDENTITY} + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= + +TLSPSKFile=${ZBX_TLSPSKFILE} + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +TLSCipherCert13=${ZBX_TLSCIPHERCERT13} + +### Option: TLSCipherCert +# OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +TLSCipherCert=${ZBX_TLSCIPHERCERT} + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +TLSCipherPSK13=${ZBX_TLSCIPHERPSK13} + +### Option: TLSCipherPSK +# OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +TLSCipherPSK=${ZBX_TLSCIPHERPSK} + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +TLSCipherAll13=${ZBX_TLSCIPHERALL13} + +### Option: TLSCipherAll +# OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= + +TLSCipherAll=${ZBX_TLSCIPHERALL} diff --git a/config_templates/agent2/zabbix_agent2_user_parameters.conf b/config_templates/agent2/zabbix_agent2_user_parameters.conf new file mode 100644 index 000000000..fd664958c --- /dev/null +++ b/config_templates/agent2/zabbix_agent2_user_parameters.conf @@ -0,0 +1,35 @@ +####### USER-DEFINED MONITORED PARAMETERS ####### + +### Option: UnsafeUserParameters +# Allow all characters to be passed in arguments to user-defined parameters. +# The following characters are not allowed: +# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ +# Additionally, newline characters are not allowed. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Range: 0-1 +# Default: +# UnsafeUserParameters=0 + +UnsafeUserParameters=${ZBX_UNSAFEUSERPARAMETERS} + +### Option: UserParameter +# User-defined parameter to monitor. There can be several user-defined parameters. +# Format: UserParameter=, +# See 'zabbix_agentd' directory for examples. +# +# Mandatory: no +# Default: +# UserParameter= + +### Option: UserParameterDir +# Directory to execute UserParameter commands from. Only one entry is allowed. +# When executing UserParameter commands the agent will change the working directory to the one +# specified in the UserParameterDir option. +# This way UserParameter commands can be specified using the relative ./ prefix. +# +# Mandatory: no +# Default: +# UserParameterDir= diff --git a/config_templates/proxy/zabbix_proxy.conf b/config_templates/proxy/zabbix_proxy.conf new file mode 100644 index 000000000..1803c5da5 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy.conf @@ -0,0 +1,36 @@ +# This is a configuration file for Zabbix proxy daemon +# To get more information about Zabbix, visit https://www.zabbix.com + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +# Include=/usr/local/etc/zabbix_proxy.general.conf +# Include=/usr/local/etc/zabbix_proxy.conf.d/ +# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf + +Include=/etc/zabbix/zabbix_proxy_buffer.conf +Include=/etc/zabbix/zabbix_proxy_cache.conf +Include=/etc/zabbix/zabbix_proxy_db.conf +Include=/etc/zabbix/zabbix_proxy_db_tls.conf +Include=/etc/zabbix/zabbix_proxy_forks.conf +Include=/etc/zabbix/zabbix_proxy_housekeeper.conf +Include=/etc/zabbix/zabbix_proxy_identity.conf +Include=/etc/zabbix/zabbix_proxy_java_gateway.conf +Include=/etc/zabbix/zabbix_proxy_locations.conf +Include=/etc/zabbix/zabbix_proxy_logging.conf +Include=/etc/zabbix/zabbix_proxy_modules.conf +Include=/etc/zabbix/zabbix_proxy_network.conf +Include=/etc/zabbix/zabbix_proxy_security.conf +Include=/etc/zabbix/zabbix_proxy_server_communication.conf +Include=/etc/zabbix/zabbix_proxy_snmp_traps.conf +Include=/etc/zabbix/zabbix_proxy_ssl.conf +Include=/etc/zabbix/zabbix_proxy_timeouts.conf +Include=/etc/zabbix/zabbix_proxy_tls.conf +Include=/etc/zabbix/zabbix_proxy_vault.conf +Include=/etc/zabbix/zabbix_proxy_vmware.conf +Include=/etc/zabbix/zabbix_proxy_webdriver.conf diff --git a/config_templates/proxy/zabbix_proxy_buffer.conf b/config_templates/proxy/zabbix_proxy_buffer.conf new file mode 100644 index 000000000..f703d9f8b --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_buffer.conf @@ -0,0 +1,66 @@ +### Option: ProxyLocalBuffer +# Proxy will keep data locally for N hours, even if the data have already been synced with the server. +# This parameter may be used if local data will be used by third party applications. +# +# Mandatory: no +# Range: 0-720 +# Default: +# ProxyLocalBuffer=0 + +ProxyLocalBuffer=${ZBX_PROXYLOCALBUFFER} + +### Option: ProxyOfflineBuffer +# Proxy will keep data for N hours in case if no connectivity with Zabbix Server. +# Older data will be lost. +# +# Mandatory: no +# Range: 1-720 +# Default: +# ProxyOfflineBuffer=1 + +ProxyOfflineBuffer=${ZBX_PROXYOFFLINEBUFFER} + +### Option: ProxyBufferMode +# Specifies history, discovery and auto registration data storage mechanism: +# disk - data are stored in database and uploaded from database +# memory - data are stored in memory and uploaded from memory. +# If buffer runs out of memory the old data will be discarded. +# On shutdown the buffer is discarded. +# hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or +# the oldest record exceeds the configured age. If that happens the buffer is flushed +# to database and it works like in disk mode until all data have been uploaded and +# it starts working with memory again. On shutdown the memory buffer is flushed +# to database. +# +# Mandatory: no +# Values: disk, memory, hybrid +# Default: +# ProxyBufferMode=disk + +ProxyBufferMode=${ZBX_PROXYBUFFERMODE} + +### Option: ProxyMemoryBufferSize +# Size of shared memory cache for collected history, discovery and auto registration data, in bytes. +# If enabled (not zero) proxy will keep history discovery and auto registration data in memory unless +# cache is full or stored records are older than defined ProxyMemoryBufferAge. +# This parameter cannot be used together with ProxyLocalBuffer parameter. +# +# Mandatory: no +# Range: 0,128K-2G +# Default: +# ProxyMemoryBufferSize=0 + +ProxyMemoryBufferSize=${ZBX_PROXYMEMORYBUFFERSIZE} + +### Option: ProxyMemoryBufferAge +# Maximum age of data in proxy memory buffer, in seconds. +# When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer +# to switch to database mode until all records are uploaded to server. +# This parameter must be less or equal to ProxyOfflineBuffer parameter (note different units). +# +# Mandatory: no +# Range: 0,600-864000 +# Default: +# ProxyMemoryBufferAge=0 + +ProxyMemoryBufferAge=${ZBX_PROXYMEMORYBUFFERAGE} diff --git a/config_templates/proxy/zabbix_proxy_cache.conf b/config_templates/proxy/zabbix_proxy_cache.conf new file mode 100644 index 000000000..ca5de6f2c --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_cache.conf @@ -0,0 +1,32 @@ +### Option: CacheSize +# Size of configuration cache, in bytes. +# Shared memory size, for storing hosts and items data. +# +# Mandatory: no +# Range: 128K-64G +# Default: +# CacheSize=8M + +CacheSize=${ZBX_CACHESIZE} + +### Option: HistoryCacheSize +# Size of history cache, in bytes. +# Shared memory size for storing history data. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# HistoryCacheSize=16M + +HistoryCacheSize=${ZBX_HISTORYCACHESIZE} + +### Option: HistoryIndexCacheSize +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# HistoryIndexCacheSize=4M + +HistoryIndexCacheSize=${ZBX_HISTORYINDEXCACHESIZE} diff --git a/config_templates/proxy/zabbix_proxy_db.conf b/config_templates/proxy/zabbix_proxy_db.conf new file mode 100644 index 000000000..f7508318b --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_db.conf @@ -0,0 +1,77 @@ +### Option: DBHost +# Database host name. +# If set to localhost, socket is used for MySQL. +# If set to empty string, socket is used for PostgreSQL. +# +# Mandatory: no +# Default: +# DBHost=localhost + +DBHost=${ZBX_DB_HOST} + +### Option: DBName +# Database name. +# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# Warning: do not attempt to use the same database Zabbix server is using. +# +# Mandatory: yes +# Default: +# DBName= + +DBName=${ZBX_DB_NAME} + +### Option: DBSchema +# Schema name. Used for PostgreSQL. +# +# Mandatory: no +# Default: +# DBSchema= + +DBSchema={$ZBX_DB_SCHEMA} + +### Option: DBUser +# Database user. Ignored for SQLite. +# +# Default: +# DBUser= + +DBUser=${ZBX_DB_USER} + +### Option: DBPassword +# Database password. Ignored for SQLite. +# Comment this line if no password is used. +# +# Mandatory: no +# Default: +# DBPassword= + +DBPassword=${ZBX_DB_PASSWORD} + +### Option: DBSocket +# Path to MySQL socket. +# +# Mandatory: no +# Default: +# DBSocket= + +DBSocket=${ZBX_DB_SOCKET} + +# Option: DBPort +# Database port when not using local socket. Ignored for SQLite. +# +# Mandatory: no +# Default: +# DBPort= + +DBPort=${ZBX_DB_PORT} + +### Option: AllowUnsupportedDBVersions +# Allow proxy to work with unsupported database versions. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowUnsupportedDBVersions=0 + +AllowUnsupportedDBVersions=${ZBX_ALLOWUNSUPPORTEDDBVERSIONS} diff --git a/config_templates/proxy/zabbix_proxy_db_tls.conf b/config_templates/proxy/zabbix_proxy_db_tls.conf new file mode 100644 index 000000000..7e1ee209b --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_db_tls.conf @@ -0,0 +1,69 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: DBTLSConnect +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate +# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and +# "verify_full". +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration +# +# Mandatory: no +# Default: +# DBTLSConnect= + +DBTLSConnect=${ZBX_DBTLSCONNECT} + +### Option: DBTLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) +# Default: +# DBTLSCAFile= + +DBTLSCAFile=${ZBX_DBTLSCAFILE} + +### Option: DBTLSCertFile +# Full pathname of file containing Zabbix proxy certificate for authenticating to database. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# Default: +# DBTLSCertFile= + +DBTLSCertFile=${ZBX_DBTLSCERTFILE} + +### Option: DBTLSKeyFile +# Full pathname of file containing the private key for authenticating to database. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# Default: +# DBTLSKeyFile= + +DBTLSKeyFile=${ZBX_DBTLSKEYFILE} + +### Option: DBTLSCipher +# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2 +# Supported only for MySQL +# +# Mandatory no +# Default: +# DBTLSCipher= + +DBTLSCipher=${ZBX_DBTLSCIPHER} + +### Option: DBTLSCipher13 +# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol +# Supported only for MySQL, starting from version 8.0.16 +# +# Mandatory no +# Default: +# DBTLSCipher13= + +DBTLSCipher13=${ZBX_DBTLSCIPHER13} diff --git a/config_templates/proxy/zabbix_proxy_forks.conf b/config_templates/proxy/zabbix_proxy_forks.conf new file mode 100644 index 000000000..3c7a2a81b --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_forks.conf @@ -0,0 +1,145 @@ +### Option: StartPollers +# Number of pre-forked instances of pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollers=5 + +StartPollers=${ZBX_STARTPOLLERS} + +### Option: StartAgentPollers +# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartAgentPollers=1 + +StartAgentPollers=${ZBX_STARTAGENTPOLLERS} + +### Option: StartHTTPAgentPollers +# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPAgentPollers=1 + +StartHTTPAgentPollers=${ZBX_STARTHTTPAGENTPOLLERS} + +### Option: StartSNMPPollers +# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartSNMPPollers=1 + +StartSNMPPollers=${ZBX_STARTSNMPPOLLERS} + +### Option: MaxConcurrentChecksPerPoller +# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxConcurrentChecksPerPoller=1000 + +MaxConcurrentChecksPerPoller=${ZBX_MAXCONCURRENTCHECKSPERPOLLER} + +### Option: StartIPMIPollers +# Number of pre-forked instances of IPMI pollers. +# The IPMI manager process is automatically started when at least one IPMI poller is started. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartIPMIPollers=0 + +StartIPMIPollers=${ZBX_STARTIPMIPOLLERS} + +### Option: StartPreprocessors +# Number of pre-started instances of preprocessing worker threads should be set to no less than +# the available CPU core count. More workers should be set if preprocessing is not CPU-bound and has +# lots of network requests. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# StartPreprocessors=16 + +StartPreprocessors=${ZBX_STARTPREPROCESSORS} + +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). +# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers +# are started. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollersUnreachable=1 + +StartPollersUnreachable=${ZBX_STARTPOLLERSUNREACHABLE} + +### Option: StartTrappers +# Number of pre-forked instances of trappers. +# Trappers accept incoming connections from Zabbix sender and active agents. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartTrappers=5 + +StartTrappers=${ZBX_STARTTRAPPERS} + +### Option: StartPingers +# Number of pre-forked instances of ICMP pingers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPingers=1 + +StartPingers=${ZBX_STARTPINGERS} + +### Option: StartDiscoverers +# Number of pre-started instances of discovery workers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartDiscoverers=5 + +StartDiscoverers=${ZBX_STARTDISCOVERERS} + +## Option: StartODBCPollers +# Number of pre-forked ODBC poller instances. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartODBCPollers=1 + +StartODBCPollers=${ZBX_STARTODBCPOLLERS} + +### Option: StartHTTPPollers +# Number of pre-forked instances of HTTP pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPPollers=1 + +StartHTTPPollers=${ZBX_STARTHTTPPOLLERS} + +### Option: StartDBSyncers +# Number of pre-forked instances of DB Syncers. +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartDBSyncers=4 + +StartDBSyncers=${ZBX_STARTDBSYNCERS} diff --git a/config_templates/proxy/zabbix_proxy_housekeeper.conf b/config_templates/proxy/zabbix_proxy_housekeeper.conf new file mode 100644 index 000000000..96ccf5a8a --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_housekeeper.conf @@ -0,0 +1,16 @@ +### Option: HousekeepingFrequency +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing outdated information from the database. +# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency +# hours of outdated information are deleted in one housekeeping cycle. +# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start. +# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option. +# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the +# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. +# +# Mandatory: no +# Range: 0-24 +# Default: +# HousekeepingFrequency=1 + +HousekeepingFrequency=${ZBX_HOUSEKEEPINGFREQUENCY} diff --git a/config_templates/proxy/zabbix_proxy_identity.conf b/config_templates/proxy/zabbix_proxy_identity.conf new file mode 100644 index 000000000..19cf8270d --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_identity.conf @@ -0,0 +1,19 @@ +### Option: Hostname +# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! +# Value is acquired from HostnameItem if undefined. +# +# Mandatory: no +# Default: +# Hostname= + +Hostname=${ZBX_HOSTNAME} + +### Option: HostnameItem +# Item used for generating Hostname if it is undefined. +# Ignored if Hostname is defined. +# +# Mandatory: no +# Default: +# HostnameItem=system.hostname + +HostnameItem=${ZBX_HOSTNAMEITEM} diff --git a/config_templates/proxy/zabbix_proxy_java_gateway.conf b/config_templates/proxy/zabbix_proxy_java_gateway.conf new file mode 100644 index 000000000..aac96ca1f --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_java_gateway.conf @@ -0,0 +1,29 @@ +### Option: JavaGateway +# IP address (or hostname) of Zabbix Java gateway. +# Only required if Java pollers are started. +# +# Mandatory: no +# Default: +# JavaGateway= + +JavaGateway=${ZBX_JAVAGATEWAY} + +### Option: JavaGatewayPort +# Port that Zabbix Java gateway listens on. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# JavaGatewayPort=10052 + +JavaGatewayPort=${ZBX_JAVAGATEWAYPORT} + +### Option: StartJavaPollers +# Number of pre-forked instances of Java pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartJavaPollers=0 + +StartJavaPollers=${ZBX_STARTJAVAPOLLERS} diff --git a/config_templates/proxy/zabbix_proxy_locations.conf b/config_templates/proxy/zabbix_proxy_locations.conf new file mode 100644 index 000000000..8b5bcf97f --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_locations.conf @@ -0,0 +1,69 @@ +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_proxy.pid + +PidFile=/tmp/zabbix_proxy.pid + +### Option: SocketDir +# IPC socket directory. +# Directory to store IPC sockets used by internal Zabbix services. +# +# Mandatory: no +# Default: +# SocketDir=/tmp + +SocketDir=/tmp + +### Option: TmpDir +# Temporary directory. +# +# Mandatory: no +# Default: +# TmpDir=/tmp + +TmpDir=/tmp + +### Option: ExternalScripts +# Full path to location of external scripts. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". +# +# Mandatory: no +# Default: +# ExternalScripts=${datadir}/zabbix/externalscripts + +ExternalScripts=/usr/lib/zabbix/externalscripts + +### Option: FpingLocation +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. +# +# Mandatory: no +# Default: +# FpingLocation=/usr/sbin/fping + +FpingLocation=${ZBX_FPINGLOCATION} + +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. +# +# Mandatory: no +# Default: +# Fping6Location=/usr/sbin/fping6 + +Fping6Location= + +### Option: SSHKeyLocation +# Location of public and private keys for SSH checks and actions. +# +# Mandatory: no +# Default: +# SSHKeyLocation= + +SSHKeyLocation=${ZBX_SSHKEYLOCATION} + diff --git a/config_templates/proxy/zabbix_proxy_logging.conf b/config_templates/proxy/zabbix_proxy_logging.conf new file mode 100644 index 000000000..35b489e37 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_logging.conf @@ -0,0 +1,39 @@ +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +LogType=console + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +DebugLevel=${ZBX_DEBUGLEVEL} + +### Option: LogSlowQueries +# How long a database query may take before being logged (in milliseconds). +# Only works if DebugLevel set to 3 or 4. +# 0 - don't log slow queries. +# +# Mandatory: no +# Range: 1-3600000 +# Default: +# LogSlowQueries=0 + +LogSlowQueries=${ZBX_LOGSLOWQUERIES} diff --git a/config_templates/proxy/zabbix_proxy_modules.conf b/config_templates/proxy/zabbix_proxy_modules.conf new file mode 100644 index 000000000..cf12454b9 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_modules.conf @@ -0,0 +1,26 @@ +####### LOADABLE MODULES ####### + +### Option: LoadModulePath +# Full path to location of proxy modules. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". +# +# Mandatory: no +# Default: +# LoadModulePath=${libdir}/modules + +LoadModulePath=${ZBX_LOADMODULEPATH} + +### Option: LoadModule +# Module to load at proxy startup. Modules are used to extend functionality of the proxy. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +# It is allowed to include multiple LoadModule parameters. +# +# Mandatory: no +# Default: +# LoadModule= diff --git a/config_templates/proxy/zabbix_proxy_network.conf b/config_templates/proxy/zabbix_proxy_network.conf new file mode 100644 index 000000000..2264d5c86 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_network.conf @@ -0,0 +1,41 @@ +### Option: ListenPort +# Listen port for trapper. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10051 + +ListenPort=${ZBX_LISTENPORT} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +SourceIP=${ZBX_SOURCEIP} + +### Option: ListenIP +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +ListenIP=${ZBX_LISTENIP} + +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= + +ListenBacklog=${ZBX_LISTENBACKLOG} diff --git a/config_templates/proxy/zabbix_proxy_security.conf b/config_templates/proxy/zabbix_proxy_security.conf new file mode 100644 index 000000000..c032b62a6 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_security.conf @@ -0,0 +1,59 @@ +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +# Mandatory: no +# Default: +# EnableRemoteCommands=0 + +EnableRemoteCommands=${ZBX_ENABLEREMOTECOMMANDS} + +### Option: LogRemoteCommands +# Enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +# Mandatory: no +# Default: +# LogRemoteCommands=0 + +LogRemoteCommands=${ZBX_LOGREMOTECOMMANDS} + +### Option: AllowRoot +# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowRoot=0 + +AllowRoot=${ZBX_ALLOWROOT} + +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +# Mandatory: no +# Default: +# User=zabbix + +User=${ZBX_USER} + +### Option: StatsAllowedIP +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. +# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests +# will be accepted. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: no +# Default: +# StatsAllowedIP= + +StatsAllowedIP=${ZBX_STATSALLOWEDIP} diff --git a/config_templates/proxy/zabbix_proxy_server_communication.conf b/config_templates/proxy/zabbix_proxy_server_communication.conf new file mode 100644 index 000000000..4ab93c2a2 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_server_communication.conf @@ -0,0 +1,51 @@ +### Option: ProxyMode +# Proxy operating mode. +# 0 - proxy in the active mode +# 1 - proxy in the passive mode +# +# Mandatory: no +# Default: +# ProxyMode=0 + +ProxyMode=${ZBX_PROXYMODE} + +### Option: Server +# If ProxyMode is set to active mode: +# IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to. +# If port is not specified, default port is used. +# Cluster nodes need to be separated by semicolon. +# If ProxyMode is set to passive mode: +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server. +# Incoming connections will be accepted only from the addresses listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes +# Default: +# Server= + +Server=${ZBX_SERVER_HOST} + +### Option: ProxyConfigFrequency +# How often proxy retrieves configuration data from Zabbix Server in seconds. +# For a proxy in the passive mode this parameter will be ignored. +# +# Mandatory: no +# Range: 1-3600*24*7 +# Default: +# ProxyConfigFrequency=10 + +ProxyConfigFrequency=${ZBX_PROXYCONFIGFREQUENCY} + +### Option: DataSenderFrequency +# Proxy will send collected data to the Server every N seconds. +# For a proxy in the passive mode this parameter will be ignored. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# DataSenderFrequency=1 + +DataSenderFrequency=${ZBX_DATASENDERFREQUENCY} diff --git a/config_templates/proxy/zabbix_proxy_snmp_traps.conf b/config_templates/proxy/zabbix_proxy_snmp_traps.conf new file mode 100644 index 000000000..db89efc65 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_snmp_traps.conf @@ -0,0 +1,20 @@ +### Option: SNMPTrapperFile +# Temporary file used for passing data from SNMP trap daemon to the proxy. +# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. +# +# Mandatory: no +# Default: +# SNMPTrapperFile=/tmp/zabbix_traps.tmp + +SNMPTrapperFile=${ZBX_SNMPTRAPPERFILE} + +### Option: StartSNMPTrapper +# If 1, SNMP trapper process is started. +# +# Mandatory: no +# Range: 0-1 +# Default: +# StartSNMPTrapper=0 + +StartSNMPTrapper=${ZBX_STARTSNMPTRAPPER} + diff --git a/config_templates/proxy/zabbix_proxy_ssl.conf b/config_templates/proxy/zabbix_proxy_ssl.conf new file mode 100644 index 000000000..597d40df9 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_ssl.conf @@ -0,0 +1,34 @@ +### Option: SSLCertLocation +# Location of SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". +# +# Mandatory: no +# Default: +# SSLCertLocation=${datadir}/zabbix/ssl/certs + +SSLCertLocation=${ZBX_SSLCERTLOCATION} + +### Option: SSLKeyLocation +# Location of private keys for SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". +# +# Mandatory: no +# Default: +# SSLKeyLocation=${datadir}/zabbix/ssl/keys + +SSLKeyLocation=${ZBX_SSLKEYLOCATION} + +### Option: SSLCALocation +# Location of certificate authority (CA) files for SSL server certificate verification. +# If not set, system-wide directory will be used. +# This parameter is used in web monitoring, HTTP agent items and for communication with Vault. +# +# Mandatory: no +# Default: +# SSLCALocation= + +SSLCALocation=${ZBX_SSLCALOCATION} diff --git a/config_templates/proxy/zabbix_proxy_timeouts.conf b/config_templates/proxy/zabbix_proxy_timeouts.conf new file mode 100644 index 000000000..13adfd57e --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_timeouts.conf @@ -0,0 +1,51 @@ +### Option: Timeout +# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix server, agent, web service, and for SNMP checks (except SNMP `walk[OID]` and `get[OID]` items) and `icmpping[*]` item. +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +Timeout=${ZBX_TIMEOUT} + +### Option: TrapperTimeout +# Specifies timeout in seconds for: +# Retrieval of configuration data from Zabbix server +# Global script / remote command execution +# +# Mandatory: no +# Range: 1-300 +# Default: +# TrapperTimeout=300 + +TrapperTimeout=${ZBX_TRAPPERTIMEOUT} + +### Option: UnreachablePeriod +# After how many seconds of unreachability treat a host as unavailable. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachablePeriod=45 + +UnreachablePeriod=${ZBX_UNREACHABLEPERIOD} + +### Option: UnavailableDelay +# How often host is checked for availability during the unavailability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnavailableDelay=60 + +UnavailableDelay=${ZBX_UNAVAILABLEDELAY} + +### Option: UnreachableDelay +# How often host is checked for availability during the unreachability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachableDelay=15 + +UnreachableDelay=${ZBX_UNREACHABLEDELAY} diff --git a/config_templates/proxy/zabbix_proxy_tls.conf b/config_templates/proxy/zabbix_proxy_tls.conf new file mode 100644 index 000000000..9ff65708b --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_tls.conf @@ -0,0 +1,178 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSConnect +# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. +# Only one value can be specified: +# unencrypted - connect without encryption +# psk - connect using TLS and a pre-shared key +# cert - connect using TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSConnect=unencrypted + +TLSConnect=${ZBX_TLSCONNECT} + +### Option: TLSAccept +# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy. +# Multiple values can be specified, separated by comma: +# unencrypted - accept connections without encryption +# psk - accept connections secured with TLS and a pre-shared key +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) +# Default: +# TLSAccept=unencrypted + +TLSAccept=${ZBX_TLSACCEPT} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +TLSCAFile=${ZBX_TLSCAFILE} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= + +TLSCRLFile=${ZBX_TLSCRLFILE} + +### Option: TLSServerCertIssuer +# Allowed server certificate issuer. +# +# Mandatory: no +# Default: +# TLSServerCertIssuer= + +TLSServerCertIssuer=${ZBX_TLSSERVERCERTISSUER} + +### Option: TLSServerCertSubject +# Allowed server certificate subject. +# +# Mandatory: no +# Default: +# TLSServerCertSubject= + +TLSServerCertSubject=${ZBX_TLSSERVERCERTSUBJECT} + +### Option: TLSCertFile +# Full pathname of a file containing the proxy certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +TLSCertFile=${ZBX_TLSCERTFILE} + +### Option: TLSKeyFile +# Full pathname of a file containing the proxy private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +TLSKeyFile=${ZBX_TLSKEYFILE} + +### Option: TLSPSKIdentity +# Unique, case sensitive string used to identify the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKIdentity= + +TLSPSKIdentity=${ZBX_TLSPSKIDENTITY} + +### Option: TLSPSKFile +# Full pathname of a file containing the pre-shared key. +# +# Mandatory: no +# Default: +# TLSPSKFile= + +TLSPSKFile=${ZBX_TLSPSKFILE} + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +TLSCipherCert13=${ZBX_TLSCIPHERCERT13} + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +TLSCipherCert=${ZBX_TLSCIPHERCERT} + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +TLSCipherPSK13=${ZBX_TLSCIPHERPSK13} + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +TLSCipherPSK=${ZBX_TLSCIPHERPSK} + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +TLSCipherAll13=${ZBX_TLSCIPHERALL13} + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= + +TLSCipherAll=${ZBX_TLSCIPHERALL} diff --git a/config_templates/proxy/zabbix_proxy_vault.conf b/config_templates/proxy/zabbix_proxy_vault.conf new file mode 100644 index 000000000..627c408d1 --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_vault.conf @@ -0,0 +1,82 @@ +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + +Vault=${ZBX_VAULT} + +### Option: VaultToken +# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path +# specified in optional VaultDBPath configuration parameter. +# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. +# +# Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) +# Default: +# VaultToken= + +### Option: VaultURL +# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. +# +# Mandatory: no +# Default: +# VaultURL=https://127.0.0.1:8200 + +VaultURL=${ZBX_VAULTURL} + +### Option: VaultPrefix +# Custom prefix for Vault path or query depending on the Vault. +# Most suitable defaults will be used if not specified. +# Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified. +# Example prefix for HashiCorp: +# /v1/secret/data/zabbix/ +# Example prefix for CyberArk: +# /AIMWebService/api/Accounts? +# Mandatory: no +# Default: +# VaultPrefix= + +VaultPrefix=${ZBX_VAULTPREFIX} + +### Option: VaultDBPath +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path with VaultPrefix=/v1/secret/data/zabbix/: +# database +# Example path without VaultPrefix: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database +# This option can only be used if DBUser and DBPassword are not specified. +# +# Mandatory: no +# Default: +# VaultDBPath= + +VaultDBPath=${ZBX_VAULTDBPATH} + +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +VaultTLSCertFile=${ZBX_VAULTTLSCERTFILE} + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + +VaultTLSKeyFile=${ZBX_VAULTTLSKEYFILE} diff --git a/config_templates/proxy/zabbix_proxy_vmware.conf b/config_templates/proxy/zabbix_proxy_vmware.conf new file mode 100644 index 000000000..4c360dc5d --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_vmware.conf @@ -0,0 +1,51 @@ +### Option: StartVMwareCollectors +# Number of pre-forked vmware collector instances. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartVMwareCollectors=0 + +StartVMwareCollectors=${ZBX_STARTVMWARECOLLECTORS} + +### Option: VMwareFrequency +# How often Zabbix will connect to VMware service to obtain a new data. +# +# Mandatory: no +# Range: 10-86400 +# Default: +# VMwareFrequency=60 + +VMwareFrequency=${ZBX_VMWAREFREQUENCY} + +### Option: VMwarePerfFrequency +# How often Zabbix will connect to VMware service to obtain performance data. +# +# Mandatory: no +# Range: 10-86400 +# Default: +# VMwarePerfFrequency=60 + +VMwarePerfFrequency=${ZBX_VMWAREPERFFREQUENCY} + +### Option: VMwareCacheSize +# Size of VMware cache, in bytes. +# Shared memory size for storing VMware data. +# Only used if VMware collectors are started. +# +# Mandatory: no +# Range: 256K-2G +# Default: +# VMwareCacheSize=8M + +VMwareCacheSize=${ZBX_VMWARECACHESIZE} + +### Option: VMwareTimeout +# Specifies how many seconds vmware collector waits for response from VMware service. +# +# Mandatory: no +# Range: 1-300 +# Default: +# VMwareTimeout=10 + +VMwareTimeout=${ZBX_VMWARETIMEOUT} diff --git a/config_templates/proxy/zabbix_proxy_webdriver.conf b/config_templates/proxy/zabbix_proxy_webdriver.conf new file mode 100644 index 000000000..365f34dbd --- /dev/null +++ b/config_templates/proxy/zabbix_proxy_webdriver.conf @@ -0,0 +1,20 @@ +####### Browser monitoring ####### + +### Option: WebDriverURL +# WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server. +# +# Mandatory: no +# Default: +# WebDriverURL= + +WebDriverURL=${ZBX_WEBDRIVERURL} + +### Option: StartBrowserPollers +# Number of pre-forked instances of browser item pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartBrowserPollers=1 + +StartBrowserPollers=${ZBX_STARTBROWSERPOLLERS} diff --git a/config_templates/server/zabbix_server.conf b/config_templates/server/zabbix_server.conf new file mode 100644 index 000000000..757c35929 --- /dev/null +++ b/config_templates/server/zabbix_server.conf @@ -0,0 +1,39 @@ +# This is a configuration file for Zabbix server daemon +# To get more information about Zabbix, visit https://www.zabbix.com + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# +# Mandatory: no +# Default: +# Include= + +# Include=/usr/local/etc/zabbix_server.general.conf +# Include=/usr/local/etc/zabbix_server.conf.d/ +# Include=/usr/local/etc/zabbix_server.conf.d/*.conf + +Include=/etc/zabbix/zabbix_server_cache.conf +Include=/etc/zabbix/zabbix_server_db.conf +Include=/etc/zabbix/zabbix_server_db_tls.conf +Include=/etc/zabbix/zabbix_server_export.conf +Include=/etc/zabbix/zabbix_server_forks.conf +Include=/etc/zabbix/zabbix_server_ha.conf +Include=/etc/zabbix/zabbix_server_history_storage.conf +Include=/etc/zabbix/zabbix_server_housekeeper.conf +Include=/etc/zabbix/zabbix_server_java_gateway.conf +Include=/etc/zabbix/zabbix_server_locations.conf +Include=/etc/zabbix/zabbix_server_logging.conf +Include=/etc/zabbix/zabbix_server_modules.conf +Include=/etc/zabbix/zabbix_server_network.conf +Include=/etc/zabbix/zabbix_server_proxies.conf +Include=/etc/zabbix/zabbix_server_reports.conf +Include=/etc/zabbix/zabbix_server_security.conf +Include=/etc/zabbix/zabbix_server_service_manager.conf +Include=/etc/zabbix/zabbix_server_snmp_traps.conf +Include=/etc/zabbix/zabbix_server_ssl.conf +Include=/etc/zabbix/zabbix_server_timeouts.conf +Include=/etc/zabbix/zabbix_server_tls.conf +Include=/etc/zabbix/zabbix_server_vault.conf +Include=/etc/zabbix/zabbix_server_vmware.conf +Include=/etc/zabbix/zabbix_server_webdriver.conf diff --git a/config_templates/server/zabbix_server_cache.conf b/config_templates/server/zabbix_server_cache.conf new file mode 100644 index 000000000..1b0587c69 --- /dev/null +++ b/config_templates/server/zabbix_server_cache.conf @@ -0,0 +1,76 @@ +### Option: CacheSize +# Size of configuration cache, in bytes. +# Shared memory size for storing host, item and trigger data. +# +# Mandatory: no +# Range: 128K-64G +# Default: +# CacheSize=32M + +CacheSize=${ZBX_CACHESIZE} + +### Option: CacheUpdateFrequency +# How often Zabbix will perform update of configuration cache, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# CacheUpdateFrequency=10 + +CacheUpdateFrequency=${ZBX_CACHEUPDATEFREQUENCY} + +### Option: HistoryCacheSize +# Size of history cache, in bytes. +# Shared memory size for storing history data. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# HistoryCacheSize=16M + +HistoryCacheSize=${ZBX_HISTORYCACHESIZE} + +### Option: HistoryIndexCacheSize +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# HistoryIndexCacheSize=4M + +HistoryIndexCacheSize=${ZBX_HISTORYINDEXCACHESIZE} + +### Option: TrendCacheSize +# Size of trend write cache, in bytes. +# Shared memory size for storing trends data. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# TrendCacheSize=4M + +TrendCacheSize=${ZBX_TRENDCACHESIZE} + +### Option: TrendFunctionCacheSize +# Size of trend function cache, in bytes. +# Shared memory size for caching calculated trend function data. +# +# Mandatory: no +# Range: 128K-2G +# Default: +# TrendFunctionCacheSize=4M + +TrendFunctionCacheSize=${ZBX_TRENDFUNCTIONCACHESIZE} + +### Option: ValueCacheSize +# Size of history value cache, in bytes. +# Shared memory size for caching item history data requests. +# Setting to 0 disables value cache. +# +# Mandatory: no +# Range: 0,128K-64G +# Default: +# ValueCacheSize=8M + +ValueCacheSize=${ZBX_VALUECACHESIZE} diff --git a/config_templates/server/zabbix_server_db.conf b/config_templates/server/zabbix_server_db.conf new file mode 100644 index 000000000..c19940014 --- /dev/null +++ b/config_templates/server/zabbix_server_db.conf @@ -0,0 +1,77 @@ +### Option: DBHost +# Database host name. +# If set to localhost, socket is used for MySQL. +# If set to empty string, socket is used for PostgreSQL. +# +# Mandatory: no +# Default: +# DBHost=localhost + +DBHost=${ZBX_DB_HOST} + +### Option: DBName +# Database name. +# +# Mandatory: yes +# Default: +# DBName= + +DBName=${ZBX_DB_NAME} + +### Option: DBSchema +# Schema name. Used for PostgreSQL. +# +# Mandatory: no +# Default: +# DBSchema= + +DBSchema=${ZBX_DB_SCHEMA} + +### Option: DBUser +# Database user. +# +# Mandatory: no +# Default: +# DBUser= + +DBUser=${ZBX_DB_USER} + +### Option: DBPassword +# Database password. +# Comment this line if no password is used. +# +# Mandatory: no +# Default: +# DBPassword= + +DBPassword=${ZBX_DB_PASSWORD} + +### Option: DBSocket +# Path to MySQL socket. +# +# Mandatory: no +# Default: +# DBSocket= + +DBSocket=${ZBX_DB_SOCKET} + +### Option: DBPort +# Database port when not using local socket. +# +# Mandatory: no +# Range: 1024-65535 +# Default: +# DBPort= + +DBPort=${ZBX_DB_PORT} + +### Option: AllowUnsupportedDBVersions +# Allow server to work with unsupported database versions. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowUnsupportedDBVersions=0 + +AllowUnsupportedDBVersions=${ZBX_ALLOWUNSUPPORTEDDBVERSIONS} diff --git a/config_templates/server/zabbix_server_db_tls.conf b/config_templates/server/zabbix_server_db_tls.conf new file mode 100644 index 000000000..00813e9ee --- /dev/null +++ b/config_templates/server/zabbix_server_db_tls.conf @@ -0,0 +1,69 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: DBTLSConnect +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate +# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and +# "verify_full". +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration +# +# Mandatory: no +# Default: +# DBTLSConnect= + +DBTLSConnect=${ZBX_DBTLSCONNECT} + +### Option: DBTLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) +# Default: +# DBTLSCAFile= + +DBTLSCAFile=${ZBX_DBTLSCAFILE} + +### Option: DBTLSCertFile +# Full pathname of file containing Zabbix server certificate for authenticating to database. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# Default: +# DBTLSCertFile= + +DBTLSCertFile=${ZBX_DBTLSCERTFILE} + +### Option: DBTLSKeyFile +# Full pathname of file containing the private key for authenticating to database. +# Supported only for MySQL and PostgreSQL +# +# Mandatory: no +# Default: +# DBTLSKeyFile= + +DBTLSKeyFile=${ZBX_DBTLSKEYFILE} + +### Option: DBTLSCipher +# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 +# Supported only for MySQL +# +# Mandatory no +# Default: +# DBTLSCipher= + +DBTLSCipher=${ZBX_DBTLSCIPHER} + +### Option: DBTLSCipher13 +# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol +# Supported only for MySQL, starting from version 8.0.16 +# +# Mandatory no +# Default: +# DBTLSCipher13= + +DBTLSCipher13=${ZBX_DBTLSCIPHER13} diff --git a/config_templates/server/zabbix_server_export.conf b/config_templates/server/zabbix_server_export.conf new file mode 100644 index 000000000..3a799021e --- /dev/null +++ b/config_templates/server/zabbix_server_export.conf @@ -0,0 +1,31 @@ +### Option: ExportDir +# Directory for real time export of events, history and trends in newline delimited JSON format. +# If set, enables real time export. +# +# Mandatory: no +# Default: +# ExportDir= + +ExportDir=${ZBX_EXPORTDIR} + +### Option: ExportFileSize +# Maximum size per export file in bytes. +# Only used for rotation if ExportDir is set. +# +# Mandatory: no +# Range: 1M-1G +# Default: +# ExportFileSize=1G + +ExportFileSize=${ZBX_EXPORTFILESIZE} + +### Option: ExportType +# List of comma delimited types of real time export - allows to control export entities by their +# type (events, history, trends) individually. +# Valid only if ExportDir is set. +# +# Mandatory: no +# Default: +# ExportType=events,history,trends + +ExportType=${ZBX_EXPORTTYPE} diff --git a/config_templates/server/zabbix_server_forks.conf b/config_templates/server/zabbix_server_forks.conf new file mode 100644 index 000000000..7f6a8022f --- /dev/null +++ b/config_templates/server/zabbix_server_forks.conf @@ -0,0 +1,213 @@ +### Option: StartPollers +# Number of pre-forked instances of pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollers=5 + +StartPollers=${ZBX_STARTPOLLERS} + +### Option: StartAgentPollers +# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartAgentPollers=1 + +StartAgentPollers=${ZBX_STARTAGENTPOLLERS} + +### Option: StartHTTPAgentPollers +# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPAgentPollers=1 + +StartHTTPAgentPollers=${ZBX_STARTHTTPAGENTPOLLERS} + +### Option: StartSNMPPollers +# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartSNMPPollers=1 + +StartSNMPPollers=${ZBX_STARTSNMPPOLLERS} + +### Option: MaxConcurrentChecksPerPoller +# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxConcurrentChecksPerPoller=1000 + +MaxConcurrentChecksPerPoller=${ZBX_MAXCONCURRENTCHECKSPERPOLLER} + +### Option: StartIPMIPollers +# Number of pre-forked instances of IPMI pollers. +# The IPMI manager process is automatically started when at least one IPMI poller is started. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartIPMIPollers=0 + +StartIPMIPollers=${ZBX_STARTIPMIPOLLERS} + +### Option: StartPreprocessors +# Number of pre-started instances of preprocessing worker threads should be set to no less than +# the available CPU core count. More workers should be set if preprocessing is not CPU-bound and has +# lots of network requests. +# Mandatory: no +# Range: 1-1000 +# Default: +# StartPreprocessors=16 + +StartPreprocessors=${ZBX_STARTPREPROCESSORS} + +### Option: StartConnectors +# Number of pre-forked instances of connector workers. +# The connector manager process is automatically started when connector worker is started. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartConnectors=0 + +StartConnectors=${ZBX_STARTCONNECTORS} + +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). +# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers +# are started. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollersUnreachable=1 + +StartPollersUnreachable=${ZBX_STARTPOLLERSUNREACHABLE} + +### Option: StartHistoryPollers +# Number of pre-forked instances of history pollers. +# Only required for calculated checks. +# A database connection is required for each history poller instance. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHistoryPollers=5 + +StartHistoryPollers=${ZBX_STARTHISTORYPOLLERS} + +### Option: StartTrappers +# Number of pre-forked instances of trappers. +# Trappers accept incoming connections from Zabbix sender, active agents and active proxies. +# At least one trapper process must be running to display server availability and view queue +# in the frontend. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartTrappers=5 + +StartTrappers=${ZBX_STARTTRAPPERS} + +### Option: StartPingers +# Number of pre-forked instances of ICMP pingers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPingers=1 + +StartPingers=${ZBX_STARTPINGERS} + +### Option: StartDiscoverers +# Number of pre-started instances of discovery workers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartDiscoverers=5 + +StartDiscoverers=${ZBX_STARTDISCOVERERS} + +### Option: StartLLDProcessors +# Number of pre-forked instances of low level discovery processors. +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartLLDProcessors=2 + +StartLLDProcessors=${ZBX_STARTLLDPROCESSORS} + +## Option: StartODBCPollers +# Number of pre-forked ODBC poller instances. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartODBCPollers=1 + +StartODBCPollers=${ZBX_STARTODBCPOLLERS} + +### Option: StartHTTPPollers +# Number of pre-forked instances of HTTP pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPPollers=1 + +StartHTTPPollers=${ZBX_STARTHTTPPOLLERS} + +### Option: StartTimers +# Number of pre-forked instances of timers. +# Timers process maintenance periods. +# Only the first timer process handles host maintenance updates. Problem suppression updates are shared +# between all timers. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# StartTimers=1 + +StartTimers=${ZBX_STARTTIMERS} + +### Option: StartEscalators +# Number of pre-forked instances of escalators. +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartEscalators=1 + +StartEscalators=${ZBX_STARTESCALATORS} + +### Option: StartAlerters +# Number of pre-forked instances of alerters. +# Alerters send the notifications created by action operations. +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartAlerters=3 + +StartAlerters=${ZBX_STARTALERTERS} + +### Option: StartDBSyncers +# Number of pre-forked instances of DB Syncers. +# +# Mandatory: no +# Range: 1-100 +# Default: +# StartDBSyncers=4 + +StartDBSyncers=${ZBX_STARTDBSYNCERS} diff --git a/config_templates/server/zabbix_server_ha.conf b/config_templates/server/zabbix_server_ha.conf new file mode 100644 index 000000000..52bc7f75e --- /dev/null +++ b/config_templates/server/zabbix_server_ha.conf @@ -0,0 +1,25 @@ +####### High availability cluster parameters ####### + +## Option: HANodeName +# The high availability cluster node name. +# When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. +# +# Mandatory: no +# Default: +# HANodeName= + +HANodeName=${ZBX_HANODENAME} + +## Option: NodeAddress +# IP or hostname with optional port to specify how frontend should connect to the server. +# Format:
[:] +# +# If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used. +# If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used. +# This option can be overridden by address specified in frontend configuration. +# +# Mandatory: no +# Default: +# NodeAddress=localhost:10051 + +NodeAddress=${ZBX_NODEADDRESS} diff --git a/config_templates/server/zabbix_server_history_storage.conf b/config_templates/server/zabbix_server_history_storage.conf new file mode 100644 index 000000000..3de1503b5 --- /dev/null +++ b/config_templates/server/zabbix_server_history_storage.conf @@ -0,0 +1,28 @@ +### Option: HistoryStorageURL +# History storage HTTP[S] URL. +# +# Mandatory: no +# Default: +# HistoryStorageURL= + +HistoryStorageURL=${ZBX_HISTORYSTORAGEURL} + +### Option: HistoryStorageTypes +# Comma separated list of value types to be sent to the history storage. +# +# Mandatory: no +# Default: +# HistoryStorageTypes=uint,dbl,str,log,text + +HistoryStorageTypes=${ZBX_HISTORYSTORAGETYPES} + +### Option: HistoryStorageDateIndex +# Enable preprocessing of history values in history storage to store values in different indices based on date. +# 0 - disable +# 1 - enable +# +# Mandatory: no +# Default: +# HistoryStorageDateIndex=0 + +HistoryStorageDateIndex=${ZBX_HISTORYSTORAGEDATEINDEX} diff --git a/config_templates/server/zabbix_server_housekeeper.conf b/config_templates/server/zabbix_server_housekeeper.conf new file mode 100644 index 000000000..ae504ca62 --- /dev/null +++ b/config_templates/server/zabbix_server_housekeeper.conf @@ -0,0 +1,40 @@ +### Option: HousekeepingFrequency +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing outdated information from the database. +# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency +# hours of outdated information are deleted in one housekeeping cycle, for each item. +# To lower load on server startup housekeeping is postponed for 30 minutes after server start. +# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option. +# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the +# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. +# +# Mandatory: no +# Range: 0-24 +# Default: +# HousekeepingFrequency=1 + +HousekeepingFrequency=${ZBX_HOUSEKEEPINGFREQUENCY} + +### Option: MaxHousekeeperDelete +# The table "housekeeper" contains "tasks" for housekeeping procedure in the format: +# [housekeeperid], [tablename], [field], [value]. +# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) +# will be deleted per one task in one housekeeping cycle. +# If set to 0 then no limit is used at all. In this case you must know what you are doing! +# +# Mandatory: no +# Range: 0-1000000 +# Default: +# MaxHousekeeperDelete=5000 + +MaxHousekeeperDelete=${ZBX_MAXHOUSEKEEPERDELETE} + +### Option: ProblemHousekeepingFrequency +# How often Zabbix will delete problems for deleted triggers (in seconds). +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ProblemHousekeepingFrequency=60 + +ProblemHousekeepingFrequency=${ZBX_PROBLEMHOUSEKEEPINGFREQUENCY} diff --git a/config_templates/server/zabbix_server_java_gateway.conf b/config_templates/server/zabbix_server_java_gateway.conf new file mode 100644 index 000000000..aac96ca1f --- /dev/null +++ b/config_templates/server/zabbix_server_java_gateway.conf @@ -0,0 +1,29 @@ +### Option: JavaGateway +# IP address (or hostname) of Zabbix Java gateway. +# Only required if Java pollers are started. +# +# Mandatory: no +# Default: +# JavaGateway= + +JavaGateway=${ZBX_JAVAGATEWAY} + +### Option: JavaGatewayPort +# Port that Zabbix Java gateway listens on. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# JavaGatewayPort=10052 + +JavaGatewayPort=${ZBX_JAVAGATEWAYPORT} + +### Option: StartJavaPollers +# Number of pre-forked instances of Java pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartJavaPollers=0 + +StartJavaPollers=${ZBX_STARTJAVAPOLLERS} diff --git a/config_templates/server/zabbix_server_locations.conf b/config_templates/server/zabbix_server_locations.conf new file mode 100644 index 000000000..ce85e3e28 --- /dev/null +++ b/config_templates/server/zabbix_server_locations.conf @@ -0,0 +1,79 @@ +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_server.pid + +PidFile=/tmp/zabbix_server.pid + +### Option: SocketDir +# IPC socket directory. +# Directory to store IPC sockets used by internal Zabbix services. +# +# Mandatory: no +# Default: +# SocketDir=/tmp + +SocketDir=/tmp + +### Option: TmpDir +# Temporary directory. +# +# Mandatory: no +# Default: +# TmpDir=/tmp + +TmpDir=/tmp + +### Option: AlertScriptsPath +# Full path to location of custom alert scripts. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". +# +# Mandatory: no +# Default: +# AlertScriptsPath=${datadir}/zabbix/alertscripts + +AlertScriptsPath=/usr/lib/zabbix/alertscripts + +### Option: ExternalScripts +# Full path to location of external scripts. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". +# +# Mandatory: no +# Default: +# ExternalScripts=${datadir}/zabbix/externalscripts + +ExternalScripts=/usr/lib/zabbix/externalscripts + +### Option: FpingLocation +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. +# +# Mandatory: no +# Default: +# FpingLocation=/usr/sbin/fping + +FpingLocation=${ZBX_FPINGLOCATION} + +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. +# +# Mandatory: no +# Default: +# Fping6Location=/usr/sbin/fping6 + +Fping6Location= + +### Option: SSHKeyLocation +# Location of public and private keys for SSH checks and actions. +# +# Mandatory: no +# Default: +# SSHKeyLocation= + +SSHKeyLocation=${ZBX_SSHKEYLOCATION} diff --git a/config_templates/server/zabbix_server_logging.conf b/config_templates/server/zabbix_server_logging.conf new file mode 100644 index 000000000..bf8acf2fc --- /dev/null +++ b/config_templates/server/zabbix_server_logging.conf @@ -0,0 +1,39 @@ +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +LogType=console + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +DebugLevel=${ZBX_DEBUGLEVEL} + +### Option: LogSlowQueries +# How long a database query may take before being logged (in milliseconds). +# Only works if DebugLevel set to 3, 4 or 5. +# 0 - don't log slow queries. +# +# Mandatory: no +# Range: 1-3600000 +# Default: +# LogSlowQueries=0 + +LogSlowQueries=${ZBX_LOGSLOWQUERIES} diff --git a/config_templates/server/zabbix_server_modules.conf b/config_templates/server/zabbix_server_modules.conf new file mode 100644 index 000000000..5a6b2061e --- /dev/null +++ b/config_templates/server/zabbix_server_modules.conf @@ -0,0 +1,26 @@ +####### LOADABLE MODULES ####### + +### Option: LoadModulePath +# Full path to location of server modules. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". +# +# Mandatory: no +# Default: +# LoadModulePath=${libdir}/modules + +LoadModulePath=${ZBX_LOADMODULEPATH} + +### Option: LoadModule +# Module to load at server startup. Modules are used to extend functionality of the server. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +# It is allowed to include multiple LoadModule parameters. +# +# Mandatory: no +# Default: +# LoadModule= diff --git a/config_templates/server/zabbix_server_network.conf b/config_templates/server/zabbix_server_network.conf new file mode 100644 index 000000000..2264d5c86 --- /dev/null +++ b/config_templates/server/zabbix_server_network.conf @@ -0,0 +1,41 @@ +### Option: ListenPort +# Listen port for trapper. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10051 + +ListenPort=${ZBX_LISTENPORT} + +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= + +SourceIP=${ZBX_SOURCEIP} + +### Option: ListenIP +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +ListenIP=${ZBX_LISTENIP} + +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= + +ListenBacklog=${ZBX_LISTENBACKLOG} diff --git a/config_templates/server/zabbix_server_proxies.conf b/config_templates/server/zabbix_server_proxies.conf new file mode 100644 index 000000000..590e4265b --- /dev/null +++ b/config_templates/server/zabbix_server_proxies.conf @@ -0,0 +1,31 @@ +### Option: StartProxyPollers +# Number of pre-forked instances of pollers for passive proxies. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartProxyPollers=1 + +StartProxyPollers=${ZBX_STARTPROXYPOLLERS} + +### Option: ProxyConfigFrequency +# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600*24*7 +# Default: +# ProxyConfigFrequency=10 + +ProxyConfigFrequency=${ZBX_PROXYCONFIGFREQUENCY} + +### Option: ProxyDataFrequency +# How often Zabbix Server requests history data from a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ProxyDataFrequency=1 + +ProxyDataFrequency=${ZBX_PROXYDATAFREQUENCY} diff --git a/config_templates/server/zabbix_server_reports.conf b/config_templates/server/zabbix_server_reports.conf new file mode 100644 index 000000000..b976fc746 --- /dev/null +++ b/config_templates/server/zabbix_server_reports.conf @@ -0,0 +1,19 @@ +### Option: StartReportWriters +# Number of pre-forked report writer instances. +# +# Mandatory: no +# Range: 0-100 +# Default: +# StartReportWriters=0 + +StartReportWriters=${ZBX_STARTREPORTWRITERS} + +### Option: WebServiceURL +# URL to Zabbix web service, used to perform web related tasks. +# Example: http://localhost:10053/report +# +# Mandatory: no +# Default: +# WebServiceURL= + +WebServiceURL=${ZBX_WEBSERVICEURL} diff --git a/config_templates/server/zabbix_server_security.conf b/config_templates/server/zabbix_server_security.conf new file mode 100644 index 000000000..a00ff5eb2 --- /dev/null +++ b/config_templates/server/zabbix_server_security.conf @@ -0,0 +1,70 @@ +### Option: AllowRoot +# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow +# +# Mandatory: no +# Default: +# AllowRoot=0 + +AllowRoot=${ZBX_ALLOWROOT} + +### Option: User +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. +# +# Mandatory: no +# Default: +# User=zabbix + +User=${ZBX_USER} + +### Option: StatsAllowedIP +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. +# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests +# will be accepted. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: no +# Default: +# StatsAllowedIP= + +StatsAllowedIP=${ZBX_STATSALLOWEDIP} + +### Option: EnableGlobalScripts +# Enable global scripts on Zabbix server. +# 0 - disable +# 1 - enable +# +# Mandatory: no +# Default: +# EnableGlobalScripts=1 + +EnableGlobalScripts=${ZBX_ENABLEGLOBALSCRIPTS} + +# Option: AllowSoftwareUpdateCheck +# Allow Zabbix UI to receive information about software updates from zabbix.com +# 0 - disable software update checks +# 1 - enable software update checks +# +# Mandatory: no +# Default: +# AllowSoftwareUpdateCheck=1 + +AllowSoftwareUpdateCheck=${ZBX_ALLOWSOFTWAREUPDATECHECK} + +### Option: SMSDevices +# List of comma delimited modem files allowed to use Zabbix server +# SMS sending not possible if this parameter is not set +# Example: SMSDevices=/dev/ttyUSB0,/dev/ttyUSB1 +# +# Mandatory: no +# Default: +# SMSDevices= + +SMSDevices=${ZBX_SMSDEVICES} diff --git a/config_templates/server/zabbix_server_service_manager.conf b/config_templates/server/zabbix_server_service_manager.conf new file mode 100644 index 000000000..9973d1ee1 --- /dev/null +++ b/config_templates/server/zabbix_server_service_manager.conf @@ -0,0 +1,9 @@ +### Option: ServiceManagerSyncFrequency +# How often Zabbix will synchronize configuration of a service manager (in seconds). +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ServiceManagerSyncFrequency=60 + +ServiceManagerSyncFrequency=${ZBX_SERVICEMANAGERSYNCFREQUENCY} diff --git a/config_templates/server/zabbix_server_snmp_traps.conf b/config_templates/server/zabbix_server_snmp_traps.conf new file mode 100644 index 000000000..312af4ddd --- /dev/null +++ b/config_templates/server/zabbix_server_snmp_traps.conf @@ -0,0 +1,19 @@ +### Option: SNMPTrapperFile +# Temporary file used for passing data from SNMP trap daemon to the server. +# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. +# +# Mandatory: no +# Default: +# SNMPTrapperFile=/tmp/zabbix_traps.tmp + +SNMPTrapperFile=${ZBX_SNMPTRAPPERFILE} + +### Option: StartSNMPTrapper +# If 1, SNMP trapper process is started. +# +# Mandatory: no +# Range: 0-1 +# Default: +# StartSNMPTrapper=0 + +StartSNMPTrapper=${ZBX_STARTSNMPTRAPPER} diff --git a/config_templates/server/zabbix_server_ssl.conf b/config_templates/server/zabbix_server_ssl.conf new file mode 100644 index 000000000..a881eeaa4 --- /dev/null +++ b/config_templates/server/zabbix_server_ssl.conf @@ -0,0 +1,34 @@ +### Option: SSLCertLocation +# Location of SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". +# +# Mandatory: no +# Default: +# SSLCertLocation=${datadir}/zabbix/ssl/certs + +SSLCertLocation=${ZBX_SSLCERTLOCATION} + +### Option: SSLKeyLocation +# Location of private keys for SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". +# +# Mandatory: no +# Default: +# SSLKeyLocation=${datadir}/zabbix/ssl/keys + +SSLKeyLocation=${ZBX_SSLKEYLOCATION} + +### Option: SSLCALocation +# Override the location of certificate authority (CA) files for SSL server certificate verification. +# If not set, system-wide directory will be used. +# This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault. +# +# Mandatory: no +# Default: +# SSLCALocation= + +SSLCALocation=${ZBX_SSLCALOCATION} diff --git a/config_templates/server/zabbix_server_timeouts.conf b/config_templates/server/zabbix_server_timeouts.conf new file mode 100644 index 000000000..e1eb45e22 --- /dev/null +++ b/config_templates/server/zabbix_server_timeouts.conf @@ -0,0 +1,52 @@ +### Option: Timeout +# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy, agent, web service, and for SNMP checks (except SNMP `walk[OID]` and `get[OID]` items) and `icmpping[*]` item. +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 + +Timeout=${ZBX_TIMEOUT} + +### Option: TrapperTimeout +# Specifies timeout in seconds for: +# retrieval of historical data from Zabbix proxy +# sending configuration data to Zabbix proxy +# Global script / remote command execution on Zabbix proxy / server +# +# Mandatory: no +# Range: 1-300 +# Default: +# TrapperTimeout=300 + +TrapperTimeout=${ZBX_TRAPPERTIMEOUT} + +### Option: UnreachablePeriod +# After how many seconds of unreachability treat a host as unavailable. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachablePeriod=45 + +UnreachablePeriod=${ZBX_UNREACHABLEPERIOD} + +### Option: UnavailableDelay +# How often host is checked for availability during the unavailability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnavailableDelay=60 + +UnavailableDelay=${ZBX_UNAVAILABLEDELAY} + +### Option: UnreachableDelay +# How often host is checked for availability during the unreachability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachableDelay=15 + +UnreachableDelay=${ZBX_UNREACHABLEDELAY} diff --git a/config_templates/server/zabbix_server_tls.conf b/config_templates/server/zabbix_server_tls.conf new file mode 100644 index 000000000..2a950e02f --- /dev/null +++ b/config_templates/server/zabbix_server_tls.conf @@ -0,0 +1,116 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +TLSCAFile=${ZBX_TLSCAFILE} + +### Option: TLSCRLFile +# Full pathname of a file containing revoked certificates. +# +# Mandatory: no +# Default: +# TLSCRLFile= + +TLSCRLFile=${ZBX_TLSCRLFILE} + +### Option: TLSCertFile +# Full pathname of a file containing the server certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +TLSCertFile=${ZBX_TLSCERTFILE} + +### Option: TLSKeyFile +# Full pathname of a file containing the server private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +TLSKeyFile=${ZBX_TLSKEYFILE} + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +TLSCipherCert13=${ZBX_TLSCIPHERCERT13} + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +TLSCipherCert=${ZBX_TLSCIPHERCERT} + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +TLSCipherPSK13=${ZBX_TLSCIPHERPSK13} + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +TLSCipherPSK=${ZBX_TLSCIPHERPSK} + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +TLSCipherAll13=${ZBX_TLSCIPHERALL13} + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= + +TLSCipherAll=${ZBX_TLSCIPHERALL} diff --git a/config_templates/server/zabbix_server_vault.conf b/config_templates/server/zabbix_server_vault.conf new file mode 100644 index 000000000..31e764dcb --- /dev/null +++ b/config_templates/server/zabbix_server_vault.conf @@ -0,0 +1,85 @@ +####### TLS-RELATED PARAMETERS ####### + +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider +# +# Mandatory: no +# Default: +# Vault=HashiCorp + +Vault=${ZBX_VAULT} + +### Option: VaultToken +# Vault authentication token that should have been generated exclusively for Zabbix server with read only permission +# to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath +# configuration parameter. +# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. +# +# Mandatory: no +# (yes, if Vault is explicitly set to HashiCorp) +# Default: +# VaultToken= + +### Option: VaultURL +# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. +# +# Mandatory: no +# Default: +# VaultURL=https://127.0.0.1:8200 + +VaultURL=${ZBX_VAULTURL} + +### Option: VaultPrefix +# Custom prefix for Vault path or query depending on the Vault. +# Most suitable defaults will be used if not specified. +# Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified. +# Example prefix for HashiCorp: +# /v1/secret/data/zabbix/ +# Example prefix for CyberArk: +# /AIMWebService/api/Accounts? +# Mandatory: no +# Default: +# VaultPrefix= + +VaultPrefix=${ZBX_VAULTPREFIX} + +### Option: VaultDBPath +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path with VaultPrefix=/v1/secret/data/zabbix/: +# database +# Example path without VaultPrefix: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database +# This option can only be used if DBUser and DBPassword are not specified. +# +# Mandatory: no +# Default: +# VaultDBPath= + +VaultDBPath=${ZBX_VAULTDBPATH} + +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= + +VaultTLSCertFile=${ZBX_VAULTTLSCERTFILE} + +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + +VaultTLSKeyFile=${ZBX_VAULTTLSKEYFILE} diff --git a/config_templates/server/zabbix_server_vmware.conf b/config_templates/server/zabbix_server_vmware.conf new file mode 100644 index 000000000..4c360dc5d --- /dev/null +++ b/config_templates/server/zabbix_server_vmware.conf @@ -0,0 +1,51 @@ +### Option: StartVMwareCollectors +# Number of pre-forked vmware collector instances. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartVMwareCollectors=0 + +StartVMwareCollectors=${ZBX_STARTVMWARECOLLECTORS} + +### Option: VMwareFrequency +# How often Zabbix will connect to VMware service to obtain a new data. +# +# Mandatory: no +# Range: 10-86400 +# Default: +# VMwareFrequency=60 + +VMwareFrequency=${ZBX_VMWAREFREQUENCY} + +### Option: VMwarePerfFrequency +# How often Zabbix will connect to VMware service to obtain performance data. +# +# Mandatory: no +# Range: 10-86400 +# Default: +# VMwarePerfFrequency=60 + +VMwarePerfFrequency=${ZBX_VMWAREPERFFREQUENCY} + +### Option: VMwareCacheSize +# Size of VMware cache, in bytes. +# Shared memory size for storing VMware data. +# Only used if VMware collectors are started. +# +# Mandatory: no +# Range: 256K-2G +# Default: +# VMwareCacheSize=8M + +VMwareCacheSize=${ZBX_VMWARECACHESIZE} + +### Option: VMwareTimeout +# Specifies how many seconds vmware collector waits for response from VMware service. +# +# Mandatory: no +# Range: 1-300 +# Default: +# VMwareTimeout=10 + +VMwareTimeout=${ZBX_VMWARETIMEOUT} diff --git a/config_templates/server/zabbix_server_webdriver.conf b/config_templates/server/zabbix_server_webdriver.conf new file mode 100644 index 000000000..365f34dbd --- /dev/null +++ b/config_templates/server/zabbix_server_webdriver.conf @@ -0,0 +1,20 @@ +####### Browser monitoring ####### + +### Option: WebDriverURL +# WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server. +# +# Mandatory: no +# Default: +# WebDriverURL= + +WebDriverURL=${ZBX_WEBDRIVERURL} + +### Option: StartBrowserPollers +# Number of pre-forked instances of browser item pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartBrowserPollers=1 + +StartBrowserPollers=${ZBX_STARTBROWSERPOLLERS} diff --git a/config_templates/web_service/zabbix_web_service.conf b/config_templates/web_service/zabbix_web_service.conf new file mode 100644 index 000000000..324e25df4 --- /dev/null +++ b/config_templates/web_service/zabbix_web_service.conf @@ -0,0 +1,117 @@ +# This is a configuration file for Zabbix web_service +# To get more information about Zabbix, visit https://www.zabbix.com + +############ GENERAL PARAMETERS ################# + +### Option: LogType +# Specifies where log messages are written to: +# system - syslog +# file - file specified with LogFile parameter +# console - standard output +# +# Mandatory: no +# Default: +# LogType=file + +LogType=console + +### Option: DebugLevel +# Specifies debug level: +# 0 - basic information about starting and stopping of Zabbix processes +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 +# Default: +# DebugLevel=3 + +DebugLevel=${ZBX_DEBUGLEVEL} + +### Option: AllowedIP +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. +# Incoming connections will be accepted only from the hosts listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: AllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes +# Default: +# AllowedIP= + +AllowedIP=${ZBX_ALLOWEDIP} + +### Option: ListenPort +# Service will listen on this port for connections from the server. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10053 + +ListenPort=${ZBX_LISTENPORT} + +### Option: Timeout +# Spend no more than Timeout seconds on formatting dashboard as PDF +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=10 + +Timeout=${ZBX_TIMEOUT} + +### Option: TLSAccept +# What incoming connections to accept. +# Specifies what type of connection to use: +# unencrypted - accept connections without encryption +# cert - accept connections secured with TLS and a certificate +# +# Mandatory: no +# Default: +# TLSAccept=unencrypted + +TLSAccept=${ZBX_TLSACCEPT} + +### Option: TLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for +# peer certificate verification. +# +# Mandatory: no +# Default: +# TLSCAFile= + +TLSCAFile=${ZBX_TLSCAFILE} + +### Option: TLSCertFile +# Full pathname of a file containing the service certificate or certificate chain. +# +# Mandatory: no +# Default: +# TLSCertFile= + +TLSCertFile=${ZBX_TLSCERTFILE} + +### Option: TLSKeyFile +# Full pathname of a file containing the service private key. +# +# Mandatory: no +# Default: +# TLSKeyFile= + +TLSKeyFile=${ZBX_TLSKEYFILE} + +### Option: IgnoreURLCertErrors +# Ignore TLS certificate errors when accessing Frontend URL +# 0 - do not ignore +# 1 - ignore +# +# Mandatory: no +# Default: +# IgnoreURLCertErrors=0 + +IgnoreURLCertErrors=${ZBX_IGNOREURLCERTERRORS} diff --git a/docker-compose_v3_alpine_mysql_local.yaml b/docker-compose_v3_alpine_mysql_local.yaml index d263d74d5..167460591 100644 --- a/docker-compose_v3_alpine_mysql_local.yaml +++ b/docker-compose_v3_alpine_mysql_local.yaml @@ -2,6 +2,8 @@ services: zabbix-build-base: build: context: ./Dockerfiles/build-base/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" image: ${BUILD_BASE_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_LOCAL_IMAGE_TAG_POSTFIX} @@ -10,6 +12,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" args: @@ -22,6 +26,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" args: diff --git a/docker-compose_v3_alpine_pgsql_local.yaml b/docker-compose_v3_alpine_pgsql_local.yaml index 6c41fed86..8589820ab 100644 --- a/docker-compose_v3_alpine_pgsql_local.yaml +++ b/docker-compose_v3_alpine_pgsql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-pgsql: build: context: ./Dockerfiles/build-pgsql/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" args: @@ -36,6 +40,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${ALPINE_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${ALPINE_CACHE_FROM}" args: diff --git a/docker-compose_v3_centos_mysql_local.yaml b/docker-compose_v3_centos_mysql_local.yaml index a03fa564c..00793ab82 100644 --- a/docker-compose_v3_centos_mysql_local.yaml +++ b/docker-compose_v3_centos_mysql_local.yaml @@ -2,6 +2,8 @@ services: zabbix-build-base: build: context: ./Dockerfiles/build-base/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" image: ${BUILD_BASE_IMAGE}:${ZABBIX_CENTOS_IMAGE_TAG}${ZABBIX_LOCAL_IMAGE_TAG_POSTFIX} @@ -10,6 +12,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" args: @@ -22,6 +26,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" args: diff --git a/docker-compose_v3_centos_pgsql_local.yaml b/docker-compose_v3_centos_pgsql_local.yaml index 666f47bfe..e35a0f3d5 100644 --- a/docker-compose_v3_centos_pgsql_local.yaml +++ b/docker-compose_v3_centos_pgsql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-pgsql: build: context: ./Dockerfiles/build-pgsql/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" args: @@ -36,6 +40,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${CENTOS_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${CENTOS_CACHE_FROM}" args: diff --git a/docker-compose_v3_ol_mysql_local.yaml b/docker-compose_v3_ol_mysql_local.yaml index d1823b374..ad36b60b4 100644 --- a/docker-compose_v3_ol_mysql_local.yaml +++ b/docker-compose_v3_ol_mysql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${OL_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${OL_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${OL_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${OL_CACHE_FROM}" args: diff --git a/docker-compose_v3_ol_pgsql_local.yaml b/docker-compose_v3_ol_pgsql_local.yaml index add780ab2..d58eed1f4 100644 --- a/docker-compose_v3_ol_pgsql_local.yaml +++ b/docker-compose_v3_ol_pgsql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-pgsql: build: context: ./Dockerfiles/build-pgsql/${OL_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${OL_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${OL_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${OL_CACHE_FROM}" args: @@ -36,6 +40,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${OL_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${OL_CACHE_FROM}" args: diff --git a/docker-compose_v3_ubuntu_mysql_local.yaml b/docker-compose_v3_ubuntu_mysql_local.yaml index 1d4163e81..013d58fce 100644 --- a/docker-compose_v3_ubuntu_mysql_local.yaml +++ b/docker-compose_v3_ubuntu_mysql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${UBUNTU_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${UBUNTU_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${UBUNTU_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${UBUNTU_CACHE_FROM}" args: diff --git a/docker-compose_v3_ubuntu_pgsql_local.yaml b/docker-compose_v3_ubuntu_pgsql_local.yaml index ec92b5a85..fb434337c 100644 --- a/docker-compose_v3_ubuntu_pgsql_local.yaml +++ b/docker-compose_v3_ubuntu_pgsql_local.yaml @@ -10,6 +10,8 @@ services: zabbix-build-pgsql: build: context: ./Dockerfiles/build-pgsql/${UBUNTU_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${UBUNTU_CACHE_FROM}" args: @@ -22,6 +24,8 @@ services: zabbix-build-mysql: build: context: ./Dockerfiles/build-mysql/${UBUNTU_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${UBUNTU_CACHE_FROM}" args: @@ -36,6 +40,8 @@ services: zabbix-build-sqlite3: build: context: ./Dockerfiles/build-sqlite3/${UBUNTU_OS_TAG_SHORT} + additional_contexts: + - config_templates=./config_templates/ cache_from: - "${UBUNTU_CACHE_FROM}" args: diff --git a/env_vars/.env_agent b/env_vars/.env_agent index c14b7a18f..04e3e800b 100644 --- a/env_vars/.env_agent +++ b/env_vars/.env_agent @@ -22,6 +22,7 @@ # ZBX_BUFFERSEND=5 # ZBX_BUFFERSIZE=100 # ZBX_MAXLINESPERSECOND=20 +# ZBX_HEARTBEATFREQUENCY=60 # ZBX_ALIAS="" # ZBX_TIMEOUT=3 # ZBX_UNSAFEUSERPARAMETERS=0 diff --git a/env_vars/.env_prx b/env_vars/.env_prx index b567164d6..12e1af2f0 100644 --- a/env_vars/.env_prx +++ b/env_vars/.env_prx @@ -30,7 +30,6 @@ # ZBX_STARTHTTPPOLLERS=1 # ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0 # ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0 till 6.0.0 -# ZBX_JAVAGATEWAY_ENABLE=false # ZBX_JAVAGATEWAY=zabbix-java-gateway # ZBX_JAVAGATEWAYPORT=10052 # ZBX_STARTJAVAPOLLERS=0 diff --git a/env_vars/.env_srv b/env_vars/.env_srv index 47842d682..b133e43b5 100644 --- a/env_vars/.env_srv +++ b/env_vars/.env_srv @@ -35,8 +35,7 @@ # ZBX_STARTESCALATORS=1 # ZBX_STARTALERTERS=3 # Available since 3.4.0 # ZBX_STARTLLDPROCESSORS=2 -ZBX_JAVAGATEWAY_ENABLE=true -# ZBX_JAVAGATEWAY=zabbix-java-gateway +ZBX_JAVAGATEWAY=zabbix-java-gateway # ZBX_JAVAGATEWAYPORT=10052 ZBX_STARTJAVAPOLLERS=5 # ZBX_STARTVMWARECOLLECTORS=0