extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-16 03:27:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migrated images to use native Zabbix environment variables

Browse Source
This commit is contained in:
Alexey Pustovalov
2024-12-23 21:22:01 +09:00
parent 850cde0309
commit c952d4ef69
186 changed files with 6312 additions and 5674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
Dockerfiles/proxy-mysql/alpine/Dockerfile
View File

@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
NMAP_PRIVILEGED="" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_CONF_DIR="/etc/zabbix"
ENV ZBX_DB_NAME="dummy_db_name" \
ZBX_FPINGLOCATION="/usr/sbin/fping" \
ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \
ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \
ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \
ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \
ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \
ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"]
RUN set -eux && \
@ -69,33 +80,36 @@ RUN set -eux && \
--uid 1997 \
--ingroup zabbix \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
--home ${ZABBIX_USER_HOME_DIR}/ \
zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \
mkdir -p /var/lib/zabbix/enc_internal && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /var/lib/zabbix/mibs && \
mkdir -p /var/lib/zabbix/modules && \
mkdir -p /var/lib/zabbix/snmptraps && \
mkdir -p /var/lib/zabbix/ssh_keys && \
mkdir -p /var/lib/zabbix/ssl && \
mkdir -p /var/lib/zabbix/ssl/certs && \
mkdir -p /var/lib/zabbix/ssl/keys && \
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \
mkdir -p /usr/share/doc/zabbix-proxy-mysql && \
chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
chmod -R g=u /etc/zabbix/ /var/lib/zabbix/
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chgrp 0 ${ZABBIX_CONF_DIR} && \
chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chmod g=u ${ZABBIX_CONF_DIR}
EXPOSE 10051/TCP
WORKDIR /var/lib/zabbix
WORKDIR ${ZABBIX_USER_HOME_DIR}
VOLUME ["/var/lib/zabbix/snmptraps"]
VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

208
Dockerfiles/proxy-mysql/alpine/docker-entrypoint.sh
View File

@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Default Zabbix server host
: ${ZBX_SERVER_HOST:="zabbix-server"}
# Default directories
# User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
# Configuration files directory
ZABBIX_ETC_DIR="/etc/zabbix"
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
@ -143,16 +136,20 @@ update_config_multiple_var() {
}
file_process_from_env() {
local config_path=$1
local var_name=$2
local file_name=$3
local var_value=$4
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
update_config_var $config_path "$var_name" "$file_name"
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
@ -346,192 +343,47 @@ create_db_schema_mysql() {
}
update_zbx_config() {
echo "** Preparing Zabbix proxy configuration file"
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}"
ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}"
update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}"
update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}"
if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then
update_config_var $ZBX_CONFIG "Hostname" ""
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME=""
else
update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
fi
update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}"
update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}"
update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}"
update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}"
update_config_var $ZBX_CONFIG "LogType" "console"
update_config_var $ZBX_CONFIG "LogFile"
update_config_var $ZBX_CONFIG "LogFileSize"
update_config_var $ZBX_CONFIG "PidFile"
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
else
update_config_var $ZBX_CONFIG "DBHost"
update_config_var $ZBX_CONFIG "DBPort"
fi
update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}"
update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
update_config_var $ZBX_CONFIG "DBUser"
update_config_var $ZBX_CONFIG "DBPassword"
else
update_config_var $ZBX_CONFIG "Vault"
update_config_var $ZBX_CONFIG "VaultDBPath"
update_config_var $ZBX_CONFIG "VaultTLSCertFile"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
update_config_var $ZBX_CONFIG "VaultPrefix"
update_config_var $ZBX_CONFIG "VaultURL"
update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
fi
update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}"
update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}"
update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}"
update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}"
update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}"
update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}"
update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}"
update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}"
update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}"
update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}"
update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}"
update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}"
update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}"
update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}"
update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}"
update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}"
update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}"
: ${ZBX_JAVAGATEWAY_ENABLE:="false"}
if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}"
update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}"
update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}"
else
update_config_var $ZBX_CONFIG "JavaGateway"
update_config_var $ZBX_CONFIG "JavaGatewayPort"
update_config_var $ZBX_CONFIG "StartJavaPollers"
fi
update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}"
update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}"
update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log"
update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1"
else
update_config_var $ZBX_CONFIG "SNMPTrapperFile"
update_config_var $ZBX_CONFIG "StartSNMPTrapper"
fi
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_var $ZBX_CONFIG "SocketDir" "/tmp/"
update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}"
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}"
update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}"
update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}"
update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}"
update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}"
update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}"
update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}"
update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts"
update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts"
update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping"
update_config_var $ZBX_CONFIG "Fping6Location"
update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys"
update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}"
update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/"
update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/"
update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/"
update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/"
update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}"
update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}"
file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
if [ "$(id -u)" != '0' ]; then
update_config_var $ZBX_CONFIG "User" "$(whoami)"
export ZBX_USER="$(whoami)"
else
update_config_var $ZBX_CONFIG "AllowRoot" "1"
export ZBX_ALLOWROOT=1
fi
update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}"
update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}"
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do
for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do
unset "${env_var%%=*}"
done
}

54
Dockerfiles/proxy-mysql/centos/Dockerfile
View File

@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
NMAP_PRIVILEGED="" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_CONF_DIR="/etc/zabbix"
ENV ZBX_DB_NAME="dummy_db_name" \
ZBX_FPINGLOCATION="/usr/sbin/fping" \
ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \
ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \
ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \
ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \
ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \
ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"]
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -88,34 +99,37 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \
mkdir -p /var/lib/zabbix/enc_internal && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /var/lib/zabbix/mibs && \
mkdir -p /var/lib/zabbix/modules && \
mkdir -p /var/lib/zabbix/snmptraps && \
mkdir -p /var/lib/zabbix/ssh_keys && \
mkdir -p /var/lib/zabbix/ssl && \
mkdir -p /var/lib/zabbix/ssl/certs && \
mkdir -p /var/lib/zabbix/ssl/keys && \
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \
mkdir -p /usr/share/doc/zabbix-proxy-mysql && \
chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chgrp 0 ${ZABBIX_CONF_DIR} && \
chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chmod g=u ${ZABBIX_CONF_DIR} && \
microdnf -y clean all
EXPOSE 10051/TCP
WORKDIR /var/lib/zabbix
WORKDIR ${ZABBIX_USER_HOME_DIR}
VOLUME ["/var/lib/zabbix/snmptraps"]
VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

208
Dockerfiles/proxy-mysql/centos/docker-entrypoint.sh
View File

@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Default Zabbix server host
: ${ZBX_SERVER_HOST:="zabbix-server"}
# Default directories
# User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
# Configuration files directory
ZABBIX_ETC_DIR="/etc/zabbix"
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
@ -143,16 +136,20 @@ update_config_multiple_var() {
}
file_process_from_env() {
local config_path=$1
local var_name=$2
local file_name=$3
local var_value=$4
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
update_config_var $config_path "$var_name" "$file_name"
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
@ -343,192 +340,47 @@ create_db_schema_mysql() {
}
update_zbx_config() {
echo "** Preparing Zabbix proxy configuration file"
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}"
ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}"
update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}"
update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}"
if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then
update_config_var $ZBX_CONFIG "Hostname" ""
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME=""
else
update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
fi
update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}"
update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}"
update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}"
update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}"
update_config_var $ZBX_CONFIG "LogType" "console"
update_config_var $ZBX_CONFIG "LogFile"
update_config_var $ZBX_CONFIG "LogFileSize"
update_config_var $ZBX_CONFIG "PidFile"
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
else
update_config_var $ZBX_CONFIG "DBHost"
update_config_var $ZBX_CONFIG "DBPort"
fi
update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}"
update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
update_config_var $ZBX_CONFIG "DBUser"
update_config_var $ZBX_CONFIG "DBPassword"
else
update_config_var $ZBX_CONFIG "Vault"
update_config_var $ZBX_CONFIG "VaultDBPath"
update_config_var $ZBX_CONFIG "VaultTLSCertFile"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
update_config_var $ZBX_CONFIG "VaultPrefix"
update_config_var $ZBX_CONFIG "VaultURL"
update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
fi
update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}"
update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}"
update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}"
update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}"
update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}"
update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}"
update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}"
update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}"
update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}"
update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}"
update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}"
update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}"
update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}"
update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}"
update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}"
update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}"
update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}"
: ${ZBX_JAVAGATEWAY_ENABLE:="false"}
if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}"
update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}"
update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}"
else
update_config_var $ZBX_CONFIG "JavaGateway"
update_config_var $ZBX_CONFIG "JavaGatewayPort"
update_config_var $ZBX_CONFIG "StartJavaPollers"
fi
update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}"
update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}"
update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log"
update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1"
else
update_config_var $ZBX_CONFIG "SNMPTrapperFile"
update_config_var $ZBX_CONFIG "StartSNMPTrapper"
fi
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_var $ZBX_CONFIG "SocketDir" "/tmp/"
update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}"
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}"
update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}"
update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}"
update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}"
update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}"
update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}"
update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}"
update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts"
update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts"
update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping"
update_config_var $ZBX_CONFIG "Fping6Location"
update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys"
update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}"
update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/"
update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/"
update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/"
update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/"
update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}"
update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}"
file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
if [ "$(id -u)" != '0' ]; then
update_config_var $ZBX_CONFIG "User" "$(whoami)"
export ZBX_USER="$(whoami)"
else
update_config_var $ZBX_CONFIG "AllowRoot" "1"
export ZBX_ALLOWROOT=1
fi
update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}"
update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}"
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do
for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do
unset "${env_var%%=*}"
done
}

54
Dockerfiles/proxy-mysql/ol/Dockerfile
View File

@ -14,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
NMAP_PRIVILEGED="" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_CONF_DIR="/etc/zabbix"
ENV ZBX_DB_NAME="dummy_db_name" \
ZBX_FPINGLOCATION="/usr/sbin/fping" \
ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \
ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \
ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \
ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \
ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \
ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -30,7 +41,7 @@ STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"]
COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
@ -75,34 +86,37 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \
mkdir -p /var/lib/zabbix/enc_internal && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /var/lib/zabbix/mibs && \
mkdir -p /var/lib/zabbix/modules && \
mkdir -p /var/lib/zabbix/snmptraps && \
mkdir -p /var/lib/zabbix/ssh_keys && \
mkdir -p /var/lib/zabbix/ssl && \
mkdir -p /var/lib/zabbix/ssl/certs && \
mkdir -p /var/lib/zabbix/ssl/keys && \
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \
mkdir -p /usr/share/doc/zabbix-proxy-mysql && \
chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chgrp 0 ${ZABBIX_CONF_DIR} && \
chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chmod g=u ${ZABBIX_CONF_DIR} && \
microdnf -y clean all
EXPOSE 10051/TCP
WORKDIR /var/lib/zabbix
WORKDIR ${ZABBIX_USER_HOME_DIR}
VOLUME ["/var/lib/zabbix/snmptraps"]
VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

208
Dockerfiles/proxy-mysql/ol/docker-entrypoint.sh
View File

@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Default Zabbix server host
: ${ZBX_SERVER_HOST:="zabbix-server"}
# Default directories
# User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
# Configuration files directory
ZABBIX_ETC_DIR="/etc/zabbix"
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
@ -143,16 +136,20 @@ update_config_multiple_var() {
}
file_process_from_env() {
local config_path=$1
local var_name=$2
local file_name=$3
local var_value=$4
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
update_config_var $config_path "$var_name" "$file_name"
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
@ -343,192 +340,47 @@ create_db_schema_mysql() {
}
update_zbx_config() {
echo "** Preparing Zabbix proxy configuration file"
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}"
ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}"
update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}"
update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}"
if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then
update_config_var $ZBX_CONFIG "Hostname" ""
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME=""
else
update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
fi
update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}"
update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}"
update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}"
update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}"
update_config_var $ZBX_CONFIG "LogType" "console"
update_config_var $ZBX_CONFIG "LogFile"
update_config_var $ZBX_CONFIG "LogFileSize"
update_config_var $ZBX_CONFIG "PidFile"
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
else
update_config_var $ZBX_CONFIG "DBHost"
update_config_var $ZBX_CONFIG "DBPort"
fi
update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}"
update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
update_config_var $ZBX_CONFIG "DBUser"
update_config_var $ZBX_CONFIG "DBPassword"
else
update_config_var $ZBX_CONFIG "Vault"
update_config_var $ZBX_CONFIG "VaultDBPath"
update_config_var $ZBX_CONFIG "VaultTLSCertFile"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
update_config_var $ZBX_CONFIG "VaultPrefix"
update_config_var $ZBX_CONFIG "VaultURL"
update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
fi
update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}"
update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}"
update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}"
update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}"
update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}"
update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}"
update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}"
update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}"
update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}"
update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}"
update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}"
update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}"
update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}"
update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}"
update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}"
update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}"
update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}"
: ${ZBX_JAVAGATEWAY_ENABLE:="false"}
if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}"
update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}"
update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}"
else
update_config_var $ZBX_CONFIG "JavaGateway"
update_config_var $ZBX_CONFIG "JavaGatewayPort"
update_config_var $ZBX_CONFIG "StartJavaPollers"
fi
update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}"
update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}"
update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log"
update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1"
else
update_config_var $ZBX_CONFIG "SNMPTrapperFile"
update_config_var $ZBX_CONFIG "StartSNMPTrapper"
fi
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_var $ZBX_CONFIG "SocketDir" "/tmp/"
update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}"
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}"
update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}"
update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}"
update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}"
update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}"
update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}"
update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}"
update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts"
update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts"
update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping"
update_config_var $ZBX_CONFIG "Fping6Location"
update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys"
update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}"
update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/"
update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/"
update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/"
update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/"
update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}"
update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}"
file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
if [ "$(id -u)" != '0' ]; then
update_config_var $ZBX_CONFIG "User" "$(whoami)"
export ZBX_USER="$(whoami)"
else
update_config_var $ZBX_CONFIG "AllowRoot" "1"
export ZBX_ALLOWROOT=1
fi
update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}"
update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}"
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do
for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do
unset "${env_var%%=*}"
done
}

54
Dockerfiles/proxy-mysql/rhel/Dockerfile
View File

@ -16,7 +16,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
NMAP_PRIVILEGED="" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_CONF_DIR="/etc/zabbix"
ENV ZBX_DB_NAME="dummy_db_name" \
ZBX_FPINGLOCATION="/usr/sbin/fping" \
ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \
ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \
ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \
ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \
ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \
ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/"
LABEL description="Zabbix proxy with MySQL database support" \
maintainer="alexey.pustovalov@zabbix.com" \
@ -49,7 +60,7 @@ STOPSIGNAL SIGTERM
COPY ["licenses", "/licenses"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"]
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -117,35 +128,38 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \
mkdir -p /var/lib/zabbix/enc_internal && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /var/lib/zabbix/mibs && \
mkdir -p /var/lib/zabbix/modules && \
mkdir -p /var/lib/zabbix/snmptraps && \
mkdir -p /var/lib/zabbix/ssh_keys && \
mkdir -p /var/lib/zabbix/ssl && \
mkdir -p /var/lib/zabbix/ssl/certs && \
mkdir -p /var/lib/zabbix/ssl/keys && \
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \
mkdir -p /usr/share/doc/zabbix-proxy-mysql && \
chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chgrp 0 ${ZABBIX_CONF_DIR} && \
chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chmod g=u ${ZABBIX_CONF_DIR} && \
microdnf -y clean all
EXPOSE 10051/TCP
WORKDIR /var/lib/zabbix
WORKDIR ${ZABBIX_USER_HOME_DIR}
VOLUME ["/var/lib/zabbix/snmptraps"]
VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

208
Dockerfiles/proxy-mysql/rhel/docker-entrypoint.sh
View File

@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Default Zabbix server host
: ${ZBX_SERVER_HOST:="zabbix-server"}
# Default directories
# User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
# Configuration files directory
ZABBIX_ETC_DIR="/etc/zabbix"
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
@ -143,16 +136,20 @@ update_config_multiple_var() {
}
file_process_from_env() {
local config_path=$1
local var_name=$2
local file_name=$3
local var_value=$4
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
update_config_var $config_path "$var_name" "$file_name"
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
@ -343,192 +340,47 @@ create_db_schema_mysql() {
}
update_zbx_config() {
echo "** Preparing Zabbix proxy configuration file"
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}"
ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}"
update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}"
update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}"
if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then
update_config_var $ZBX_CONFIG "Hostname" ""
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME=""
else
update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
fi
update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}"
update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}"
update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}"
update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}"
update_config_var $ZBX_CONFIG "LogType" "console"
update_config_var $ZBX_CONFIG "LogFile"
update_config_var $ZBX_CONFIG "LogFileSize"
update_config_var $ZBX_CONFIG "PidFile"
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
else
update_config_var $ZBX_CONFIG "DBHost"
update_config_var $ZBX_CONFIG "DBPort"
fi
update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}"
update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
update_config_var $ZBX_CONFIG "DBUser"
update_config_var $ZBX_CONFIG "DBPassword"
else
update_config_var $ZBX_CONFIG "Vault"
update_config_var $ZBX_CONFIG "VaultDBPath"
update_config_var $ZBX_CONFIG "VaultTLSCertFile"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
update_config_var $ZBX_CONFIG "VaultPrefix"
update_config_var $ZBX_CONFIG "VaultURL"
update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
fi
update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}"
update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}"
update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}"
update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}"
update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}"
update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}"
update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}"
update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}"
update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}"
update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}"
update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}"
update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}"
update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}"
update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}"
update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}"
update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}"
update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}"
: ${ZBX_JAVAGATEWAY_ENABLE:="false"}
if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}"
update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}"
update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}"
else
update_config_var $ZBX_CONFIG "JavaGateway"
update_config_var $ZBX_CONFIG "JavaGatewayPort"
update_config_var $ZBX_CONFIG "StartJavaPollers"
fi
update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}"
update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}"
update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log"
update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1"
else
update_config_var $ZBX_CONFIG "SNMPTrapperFile"
update_config_var $ZBX_CONFIG "StartSNMPTrapper"
fi
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_var $ZBX_CONFIG "SocketDir" "/tmp/"
update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}"
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}"
update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}"
update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}"
update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}"
update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}"
update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}"
update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}"
update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts"
update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts"
update_config_var $ZBX_CONFIG "FpingLocation" "/usr/sbin/fping"
update_config_var $ZBX_CONFIG "Fping6Location"
update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys"
update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}"
update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/"
update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/"
update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/"
update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/"
update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}"
update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}"
file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
if [ "$(id -u)" != '0' ]; then
update_config_var $ZBX_CONFIG "User" "$(whoami)"
export ZBX_USER="$(whoami)"
else
update_config_var $ZBX_CONFIG "AllowRoot" "1"
export ZBX_ALLOWROOT=1
fi
update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}"
update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}"
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do
for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do
unset "${env_var%%=*}"
done
}

55
Dockerfiles/proxy-mysql/ubuntu/Dockerfile
View File

@ -2,7 +2,6 @@
ARG MAJOR_VERSION=7.4
ARG ZBX_VERSION=${MAJOR_VERSION}
ARG BUILD_BASE_IMAGE=zabbix-build-mysql:ubuntu-${ZBX_VERSION}
ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
FROM ${BUILD_BASE_IMAGE} AS builder
@ -15,7 +14,18 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
NMAP_PRIVILEGED="" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_CONF_DIR="/etc/zabbix"
ENV ZBX_DB_NAME="dummy_db_name" \
ZBX_FPINGLOCATION="/usr/bin/fping" \
ZBX_LOADMODULEPATH="${ZABBIX_USER_HOME_DIR}/modules" \
ZBX_SNMPTRAPPERFILE="${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log" \
ZBX_SSHKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssh_keys/" \
ZBX_SSLCERTLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/certs/" \
ZBX_SSLKEYLOCATION="${ZABBIX_USER_HOME_DIR}/ssl/keys/" \
ZBX_SSLCALOCATION="${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca/"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -31,7 +41,7 @@ STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/sbin/zabbix_proxy", "/usr/sbin/zabbix_proxy"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/general/bin/*", "/usr/bin/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "/etc/zabbix/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/conf/", "${ZABBIX_CONF_DIR}/"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}-output/proxy/database/mysql/", "/usr/share/doc/zabbix-proxy-mysql/"]
RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
@ -73,35 +83,38 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR}/ \
zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \
mkdir -p /var/lib/zabbix/enc_internal && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR} && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /usr/lib/zabbix/externalscripts && \
mkdir -p /var/lib/zabbix/mibs && \
mkdir -p /var/lib/zabbix/modules && \
mkdir -p /var/lib/zabbix/snmptraps && \
mkdir -p /var/lib/zabbix/ssh_keys && \
mkdir -p /var/lib/zabbix/ssl && \
mkdir -p /var/lib/zabbix/ssl/certs && \
mkdir -p /var/lib/zabbix/ssl/keys && \
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/mibs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/modules && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/snmptraps && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssh_keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/keys && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/ssl/ssl_ca && \
mkdir -p /usr/share/doc/zabbix-proxy-mysql && \
chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \
chgrp -R 0 /etc/zabbix/ /var/lib/zabbix/ && \
chmod -R g=u /etc/zabbix/ /var/lib/zabbix/ && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chown --quiet zabbix:root ${ZABBIX_CONF_DIR}/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chgrp 0 ${ZABBIX_CONF_DIR} && \
chmod -R g=u ${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf ${ZABBIX_USER_HOME_DIR} && \
chmod g=u ${ZABBIX_CONF_DIR} && \
apt-get -y autoremove && \
apt-get -y clean
EXPOSE 10051/TCP
WORKDIR /var/lib/zabbix
WORKDIR ${ZABBIX_USER_HOME_DIR}
VOLUME ["/var/lib/zabbix/snmptraps"]
VOLUME ["${ZABBIX_USER_HOME_DIR}/snmptraps"]
COPY ["docker-entrypoint.sh", "/usr/bin/"]

208
Dockerfiles/proxy-mysql/ubuntu/docker-entrypoint.sh
View File

@ -9,14 +9,7 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Default Zabbix server host
: ${ZBX_SERVER_HOST:="zabbix-server"}
# Default directories
# User 'zabbix' home directory
ZABBIX_USER_HOME_DIR="/var/lib/zabbix"
# Configuration files directory
ZABBIX_ETC_DIR="/etc/zabbix"
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
@ -143,16 +136,20 @@ update_config_multiple_var() {
}
file_process_from_env() {
local config_path=$1
local var_name=$2
local file_name=$3
local var_value=$4
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
update_config_var $config_path "$var_name" "$file_name"
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
@ -343,192 +340,47 @@ create_db_schema_mysql() {
}
update_zbx_config() {
echo "** Preparing Zabbix proxy configuration file"
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_SOCKET="${DB_SERVER_SOCKET}"
ZBX_CONFIG=$ZABBIX_ETC_DIR/zabbix_proxy.conf
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
export ZBX_SERVER_HOST="${ZBX_SERVER_HOST:="zabbix-server"}"
update_config_var $ZBX_CONFIG "ProxyMode" "${ZBX_PROXYMODE}"
update_config_var $ZBX_CONFIG "Server" "${ZBX_SERVER_HOST}"
if [ -z "${ZBX_HOSTNAME}" ] && [ -n "${ZBX_HOSTNAMEITEM}" ]; then
update_config_var $ZBX_CONFIG "Hostname" ""
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME=""
else
update_config_var $ZBX_CONFIG "Hostname" "${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
update_config_var $ZBX_CONFIG "HostnameItem" "${ZBX_HOSTNAMEITEM}"
export ZBX_HOSTNAME="${ZBX_HOSTNAME:-"zabbix-proxy-mysql"}"
fi
update_config_var $ZBX_CONFIG "ListenIP" "${ZBX_LISTENIP}"
update_config_var $ZBX_CONFIG "ListenPort" "${ZBX_LISTENPORT}"
update_config_var $ZBX_CONFIG "ListenBacklog" "${ZBX_LISTENBACKLOG}"
update_config_var $ZBX_CONFIG "SourceIP" "${ZBX_SOURCEIP}"
update_config_var $ZBX_CONFIG "LogType" "console"
update_config_var $ZBX_CONFIG "LogFile"
update_config_var $ZBX_CONFIG "LogFileSize"
update_config_var $ZBX_CONFIG "PidFile"
update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}"
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}"
update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}"
update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}"
update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}"
update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}"
update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}"
fi
update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}"
update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}"
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}"
update_config_var $ZBX_CONFIG "DBPort" "${DB_SERVER_PORT}"
else
update_config_var $ZBX_CONFIG "DBHost"
update_config_var $ZBX_CONFIG "DBPort"
fi
update_config_var $ZBX_CONFIG "DBSocket" "${DB_SERVER_SOCKET}"
update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}"
update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}"
if [ -n "${ZBX_VAULTDBPATH}" ] && [ -n "${ZBX_VAULTURL}" ]; then
update_config_var $ZBX_CONFIG "Vault" "${ZBX_VAULT}"
update_config_var $ZBX_CONFIG "VaultDBPath" "${ZBX_VAULTDBPATH}"
update_config_var $ZBX_CONFIG "VaultTLSCertFile" "${ZBX_VAULTTLSCERTFILE}"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile" "${ZBX_VAULTTLSKEYFILE}"
update_config_var $ZBX_CONFIG "VaultPrefix" "${ZBX_VAULTPREFIX}"
update_config_var $ZBX_CONFIG "VaultURL" "${ZBX_VAULTURL}"
update_config_var $ZBX_CONFIG "DBUser"
update_config_var $ZBX_CONFIG "DBPassword"
else
update_config_var $ZBX_CONFIG "Vault"
update_config_var $ZBX_CONFIG "VaultDBPath"
update_config_var $ZBX_CONFIG "VaultTLSCertFile"
update_config_var $ZBX_CONFIG "VaultTLSKeyFile"
update_config_var $ZBX_CONFIG "VaultPrefix"
update_config_var $ZBX_CONFIG "VaultURL"
update_config_var $ZBX_CONFIG "DBUser" "${DB_SERVER_ZBX_USER}"
update_config_var $ZBX_CONFIG "DBPassword" "${DB_SERVER_ZBX_PASS}"
fi
update_config_var $ZBX_CONFIG "AllowUnsupportedDBVersions" "${ZBX_ALLOWUNSUPPORTEDDBVERSIONS}"
update_config_var $ZBX_CONFIG "MaxConcurrentChecksPerPoller" "${ZBX_MAXCONCURRENTCHECKSPERPOLLER}"
update_config_var $ZBX_CONFIG "ProxyBufferMode" "${ZBX_PROXYBUFFERMODE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferAge" "${ZBX_PROXYMEMORYBUFFERAGE}"
update_config_var $ZBX_CONFIG "ProxyMemoryBufferSize" "${ZBX_PROXYMEMORYBUFFERSIZE}"
update_config_var $ZBX_CONFIG "ProxyLocalBuffer" "${ZBX_PROXYLOCALBUFFER}"
update_config_var $ZBX_CONFIG "ProxyOfflineBuffer" "${ZBX_PROXYOFFLINEBUFFER}"
update_config_var $ZBX_CONFIG "ProxyConfigFrequency" "${ZBX_PROXYCONFIGFREQUENCY}"
update_config_var $ZBX_CONFIG "DataSenderFrequency" "${ZBX_DATASENDERFREQUENCY}"
update_config_var $ZBX_CONFIG "StatsAllowedIP" "${ZBX_STATSALLOWEDIP}"
update_config_var $ZBX_CONFIG "StartPreprocessors" "${ZBX_STARTPREPROCESSORS}"
update_config_var $ZBX_CONFIG "StartAgentPollers" "${ZBX_STARTAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollers" "${ZBX_STARTPOLLERS}"
update_config_var $ZBX_CONFIG "StartIPMIPollers" "${ZBX_STARTIPMIPOLLERS}"
update_config_var $ZBX_CONFIG "StartPollersUnreachable" "${ZBX_STARTPOLLERSUNREACHABLE}"
update_config_var $ZBX_CONFIG "StartTrappers" "${ZBX_STARTTRAPPERS}"
update_config_var $ZBX_CONFIG "StartPingers" "${ZBX_STARTPINGERS}"
update_config_var $ZBX_CONFIG "StartDiscoverers" "${ZBX_STARTDISCOVERERS}"
update_config_var $ZBX_CONFIG "StartHTTPAgentPollers" "${ZBX_STARTHTTPAGENTPOLLERS}"
update_config_var $ZBX_CONFIG "StartHTTPPollers" "${ZBX_STARTHTTPPOLLERS}"
update_config_var $ZBX_CONFIG "StartODBCPollers" "${ZBX_STARTODBCPOLLERS}"
update_config_var $ZBX_CONFIG "StartSNMPPollers" "${ZBX_STARTSNMPPOLLERS}"
: ${ZBX_JAVAGATEWAY_ENABLE:="false"}
if [ "${ZBX_JAVAGATEWAY_ENABLE,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "JavaGateway" "${ZBX_JAVAGATEWAY:-"zabbix-java-gateway"}"
update_config_var $ZBX_CONFIG "JavaGatewayPort" "${ZBX_JAVAGATEWAYPORT}"
update_config_var $ZBX_CONFIG "StartJavaPollers" "${ZBX_STARTJAVAPOLLERS:-"5"}"
else
update_config_var $ZBX_CONFIG "JavaGateway"
update_config_var $ZBX_CONFIG "JavaGatewayPort"
update_config_var $ZBX_CONFIG "StartJavaPollers"
fi
update_config_var $ZBX_CONFIG "StartVMwareCollectors" "${ZBX_STARTVMWARECOLLECTORS}"
update_config_var $ZBX_CONFIG "VMwareFrequency" "${ZBX_VMWAREFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwarePerfFrequency" "${ZBX_VMWAREPERFFREQUENCY}"
update_config_var $ZBX_CONFIG "VMwareCacheSize" "${ZBX_VMWARECACHESIZE}"
update_config_var $ZBX_CONFIG "VMwareTimeout" "${ZBX_VMWARETIMEOUT}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
if [ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]; then
update_config_var $ZBX_CONFIG "SNMPTrapperFile" "${ZABBIX_USER_HOME_DIR}/snmptraps/snmptraps.log"
update_config_var $ZBX_CONFIG "StartSNMPTrapper" "1"
else
update_config_var $ZBX_CONFIG "SNMPTrapperFile"
update_config_var $ZBX_CONFIG "StartSNMPTrapper"
fi
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_var $ZBX_CONFIG "SocketDir" "/tmp/"
update_config_var $ZBX_CONFIG "HousekeepingFrequency" "${ZBX_HOUSEKEEPINGFREQUENCY}"
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_proxy_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "CacheSize" "${ZBX_CACHESIZE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "StartDBSyncers" "${ZBX_STARTDBSYNCERS}"
update_config_var $ZBX_CONFIG "HistoryCacheSize" "${ZBX_HISTORYCACHESIZE}"
update_config_var $ZBX_CONFIG "HistoryIndexCacheSize" "${ZBX_HISTORYINDEXCACHESIZE}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "Timeout" "${ZBX_TIMEOUT}"
update_config_var $ZBX_CONFIG "TrapperTimeout" "${ZBX_TRAPPERTIMEOUT}"
update_config_var $ZBX_CONFIG "UnreachablePeriod" "${ZBX_UNREACHABLEPERIOD}"
update_config_var $ZBX_CONFIG "UnavailableDelay" "${ZBX_UNAVAILABLEDELAY}"
update_config_var $ZBX_CONFIG "UnreachableDelay" "${ZBX_UNREACHABLEDELAY}"
update_config_var $ZBX_CONFIG "AlertScriptsPath" "/usr/lib/zabbix/alertscripts"
update_config_var $ZBX_CONFIG "ExternalScripts" "/usr/lib/zabbix/externalscripts"
update_config_var $ZBX_CONFIG "FpingLocation" "/usr/bin/fping"
update_config_var $ZBX_CONFIG "Fping6Location"
update_config_var $ZBX_CONFIG "SSHKeyLocation" "$ZABBIX_USER_HOME_DIR/ssh_keys"
update_config_var $ZBX_CONFIG "LogSlowQueries" "${ZBX_LOGSLOWQUERIES}"
update_config_var $ZBX_CONFIG "SSLCertLocation" "$ZABBIX_USER_HOME_DIR/ssl/certs/"
update_config_var $ZBX_CONFIG "SSLKeyLocation" "$ZABBIX_USER_HOME_DIR/ssl/keys/"
update_config_var $ZBX_CONFIG "SSLCALocation" "$ZABBIX_USER_HOME_DIR/ssl/ssl_ca/"
update_config_var $ZBX_CONFIG "LoadModulePath" "$ZABBIX_USER_HOME_DIR/modules/"
update_config_multiple_var $ZBX_CONFIG "LoadModule" "${ZBX_LOADMODULE}"
update_config_var $ZBX_CONFIG "TLSConnect" "${ZBX_TLSCONNECT}"
update_config_var $ZBX_CONFIG "TLSAccept" "${ZBX_TLSACCEPT}"
file_process_from_env $ZBX_CONFIG "TLSCAFile" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
update_config_var $ZBX_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}"
update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}"
file_process_from_env $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}"
update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}"
update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}"
update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}"
update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}"
update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}"
file_process_from_env $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"
file_process_from_env $ZBX_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
file_process_from_env "ZBX_TLSPSKFILE" "${ZBX_TLSPSKFILE}" "${ZBX_TLSPSK}"
if [ "$(id -u)" != '0' ]; then
update_config_var $ZBX_CONFIG "User" "$(whoami)"
export ZBX_USER="$(whoami)"
else
update_config_var $ZBX_CONFIG "AllowRoot" "1"
export ZBX_ALLOWROOT=1
fi
update_config_var $ZBX_CONFIG "WebDriverURL" "${ZBX_WEBDRIVERURL}"
update_config_var $ZBX_CONFIG "StartBrowserPollers" "${ZBX_STARTBROWSERPOLLERS}"
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZBX|DB|MYSQL)_"); do
for env_var in $(env | grep -E "^(ZABBIX|DB|MYSQL)_"); do
unset "${env_var%%=*}"
done
}