quico-containers/zabbixserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(zabbixserver): Update to Zabbix 7.2

Browse Source
This commit is contained in:
hygienic-books 2025-02-22 07:30:04 +01:00
parent 1c2d33962f
commit 47397159ac
18 changed files with 864 additions and 1062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
.gitignore vendored
View File

@ -1,80 +1 @@
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
.idea

414
README.md
View File

@ -1,33 +1,34 @@
# Upstream repo
# Zabbix Docker Compose files
We use the [official Zabbix Docker GitHub repo](https://github.com/zabbix/zabbix-docker) for Docker Compose deployment, we add a few local changes.
Docker Compose files to spin up an instance of Zabbix.
Create dir
```
mkdir -p '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
```
# How to run
Pull repo
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' clone 'https://github.com/zabbix/zabbix-docker' .
```
Add a `COMPOSE_ENV_FILE` and save its location as a shell variable along with the location where this repo lives, here for example `/opt/containers/zabbixserver` plus all other variables. At [env/fqdn_context.env.example](env/fqdn_context.env.example) you'll find an example environment file.
# Docker Compose
When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) first.
## Base setup
## Environment
When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) or [Upgrade an existing repo](#upgrade-an-existing-repo) first.
Make sure that Zabbix' upstream repo at [github.com/zabbix/zabbix-docker](https://github.com/zabbix/zabbix-docker) is checked out locally. We're going with example dir `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`. We're also assuming that **_this_** repo exists at `/opt/containers/zabbixserver`.
Define variables assuming the official Zabbix Docker repo lives at `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`:
```
export UPSTREAM_REPO_DIR='/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
export UPSTREAM_REPO_TAG='6.4.15'
export UPSTREAM_COMPOSE_FILE="${UPSTREAM_REPO_DIR%/}"'/docker-compose_v3_alpine_pgsql_latest.yaml'
export UPSTREAM_COMPOSE_DB_FILE="${UPSTREAM_REPO_DIR%/}"'/compose_databases.yaml'
export UPSTREAM_ENV_FILE="${UPSTREAM_REPO_DIR%/}"'/.env'
export COMPOSE_CTX='bi_colombo'
export COMPOSE_CTX='ux_vilnius'
export COMPOSE_PROJECT_NAME='zabbixserver-'"${COMPOSE_CTX}"
export COMPOSE_ENV_FILE=<add accordingly>
export COMPOSE_OVERRIDE='/opt/containers/zabbixserver/compose.override.yaml'
```
In Zabbix' Git repo check out latest tag for whatever version you want to use, we're going with the latest `7.2.*` version.
```
git -C "${UPSTREAM_REPO_DIR}" reset --hard origin/trunk
git -C "${UPSTREAM_REPO_DIR}" checkout trunk
git -C "${UPSTREAM_REPO_DIR}" pull
git -C "${UPSTREAM_REPO_DIR}" checkout "$(git --no-pager -C "${UPSTREAM_REPO_DIR}" tag -l --sort -version:refname | grep -Fi -- '7.2.' | head -n 1)"
```
## Context
@ -39,205 +40,256 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
## Pull
Pull newest image versions. Do this locally on your deployment machine, not on the actual app machine. Chances are the app machine cannot even pull directly from your container registry anyways:
Pull images from Docker Hub verbatim.
```
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
```
## Copy to target
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub or your private registry of choice. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow.
```
source "${UPSTREAM_ENV_FILE}" "${COMPOSE_ENV_FILE}" 2>/dev/null
while IFS= read -r image; do
copy-docker "$(eval echo "${image}")" containers-1.ops.loft.seneve.de
done < <(grep -Pih -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" "${UPSTREAM_COMPOSE_DB_FILE}" | awk '{print $2}')
images="$(docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" config | grep -Pi -- 'image:' | awk '{print $2}' | sort | uniq)"
while IFS= read -u 10 -r image; do
copy-docker "${image}" fully.qualified.domain.name
done 10<<<"${images}"
```
This first `grep`s a list of images and their tags from Zabbix' official Docker Compose files:
```
# grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}'
"${ZABBIX_SERVER_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
"${ZABBIX_WEB_NGINX_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
"${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
busybox
```
This will for example copy over:
It then expands each variable via `eval echo "${image}"` like so:
```
zabbix/zabbix-server-pgsql:alpine-6.4-latest
zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest
postgres:15-alpine
busybox
REPOSITORY TAG
postgres 16-alpine
zabbix/zabbix-web-nginx-pgsql alpine-7.2-latest
zabbix/zabbix-server-pgsql alpine-7.2-latest
busybox latest
```
... and pushes each resulting image string to your remote host where the image is needed. Note that `busybox` implies `busybox:latest` by convention.
## Start
Run Zabbix like so
```
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
```
## Additional files
## Clean up
- [common-settings.yml](common-settings.yml)
This file will be auto-created as part of the patch. Use it as an example in case patching fails
- [env/fqdn_context.env.example](env/fqdn_context.env.example)
An example env file with all currently used variables after `docker-compose_v3_alpine_pgsql_latest.yaml` is patched
- Directory tree underneath [build-context](build-context)
```
build-context/
└── docker-data
├── postgres
│   └── config
│   ├── cert
│   │   ├── ZBX_PGSQL_TLS_CA_CERT_FILE
│   │   ├── ZBX_PGSQL_TLS_CERT_FILE
│   │   └── ZBX_PGSQL_TLS_KEY_FILE
│   └── docker-entrypoint-initdb.d
│   └── init-user-db.sh
├── zabbixserver
│   └── config
│   └── cert
│   ├── ZBX_SERVER_TLS_CA_CERT_FILE
│   ├── ZBX_SERVER_TLS_CERT_FILE
│   └── ZBX_SERVER_TLS_KEY_FILE
└── zabbixwebnginx
└── config
└── cert
├── dhparam.pem
├── ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE
└── ZBX_WEBNGINX_TLS_KEY_FILE
```
Example data you're going to want to physically place on your deployment machine. SSL certs and keys are blank files each of which has the exact same name used in env file `fqdn_context.env.example`.
In [postgres/config/docker-entrypoint-initdb.d](build-context/docker-data/postgres/config/docker-entrypoint-initdb.d) a PostgreSQL initialization script - when this container is run on a completely empty data directory - will create an additional read-only user `ZBX_DB_USERNAME_RO` with password `ZBX_DB_USERNAME_PW`. The example's intended to grant a Grafana daemon direct PostgreSQL database read access.
# Upgrade an existing repo
Check [Initial setup](#initial-setup) below for first time steps. On consecutive upgrades proceed as follows.
## Revert unpushed local changes
Return repo state to exactly the upstream repo's original branch state throwing away the commits you added.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' reset --hard origin
docker --context 'fully.qualified.domain.name' system prune -af
docker system prune -af
```
Switch to `trunk` branch, get newest commits from upstream
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout trunk
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' pull
```
Pick and checkout new tag
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2024-02-01-100454 4d62e7af5cf884763c5e66a5e376a77972fb632f 6.4.11
2024-02-26-142242 a4e950ac473a82c2982ed2ebb5b82e4b2204e78a 6.4.12
2024-03-25-175845 6b85028331f30dcd3440888d846babd12eb01ae2 6.4.13
2024-04-22-124800 7cb4ec29d4c34f006f2c92403022fb32eb778276 6.4.14
2024-05-21-131508 170db44b637acdb37d3c0f7b71d623c5488446e4 6.4.15
...
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/x.y.z'
```
Lastly [apply patch](#apply-patch). If patch does not apply cleanly read on in the next section [Create new patch](#create-new-patch) to find out how to fix your patch.
# Create new patch
## Add your changes as commits
Get `zabbix-docker` repo into a state with which you're happy then
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' format-patch 7665739620ba6d99090838d502ab76d2f5a47e96^..a17380598ca66153ddc2a42eb618d906d4f582e6 --stdout > '/opt/containers/zabbixserver/zabbix-docker.patch'
```
Where the first commit hash is our first commit and the other commit hash is our last commit. Note the caret (`^`) right after the first commit hash.
## Investigation
You may have to try and find out how a known good base commit differs from a newer one in case the newer one does no longer cleanly accept the patch.
Get commit hashes from both affected tags, e.g.
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2024-02-01-100454 4d62e7af5cf884763c5e66a5e376a77972fb632f 6.4.11
2024-02-26-142242 a4e950ac473a82c2982ed2ebb5b82e4b2204e78a 6.4.12
2024-03-25-175845 6b85028331f30dcd3440888d846babd12eb01ae2 6.4.13
2024-04-22-124800 7cb4ec29d4c34f006f2c92403022fb32eb778276 6.4.14
2024-05-21-131508 170db44b637acdb37d3c0f7b71d623c5488446e4 6.4.15
...
```
Diff them
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' diff a4e950ac473a82c2982ed2ebb5b82e4b2204e78a 170db44b637acdb37d3c0f7b71d623c5488446e4 .env env_vars docker-compose_v3_alpine_pgsql_latest.yaml compose_zabbix_components.yaml compose_databases.yaml
```
Output will be empty in case no difference exists in any of the files between both commit hashes.
Commit your updated patch file into _this_ repo. With a new working patch in hand head back up to [Upgrade an existing repo](#upgrade-an-existing-repo).
# Initial setup
## Prep
We're assuming you run Docker Compose workloads with ZFS-based bind mounts. ZFS management, creating a zpool and setting adequate properties for its datasets is out of scope of this document.
## Datasets
Create ZFS datasets and set permissions as needed.
* Parent dateset
```
export "$(grep -Pi -- '^CONTEXT=' "${COMPOSE_ENV_FILE}")"
zfs create -o canmount=off zpool/data/opt
zfs create -o mountpoint=/opt/docker-data zpool/data/opt/docker-data
```
* Container-specific datasets
```
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/config'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/data'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/config'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/data'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixwebnginx/config'
```
* Change ownership
```
chown -R 70:70 '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/'*
chown -R 101:101 '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixwebnginx/config/'*
```
The PostgreSQL container will run its processes as user ID 70, the Zabbix web frontend container will be using user ID 101.
## Additional files
Per [Datasets](#datasets) your Docker files will live at `'/opt/docker-data/zabbixserver-'"${CONTEXT}"`. Over in [build-context](build-context) you'll find a subdirectory `docker-data` that has an example file and directory structure that explains the layout you'll want to create at `'/opt/docker-data/zabbixserver-'"${CONTEXT}"`. Match the `postgres` to your `postgres` dir, the `zabbixserver` dir to your `zabbixserver` dir and lastly the `zabbixwebnginx` dir to yours.
Get desired tag e.g. from version-sorted tags list
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2024-02-01-100454 4d62e7af5cf884763c5e66a5e376a77972fb632f 6.4.11
2024-02-26-142242 a4e950ac473a82c2982ed2ebb5b82e4b2204e78a 6.4.12
2024-03-25-175845 6b85028331f30dcd3440888d846babd12eb01ae2 6.4.13
2024-04-22-124800 7cb4ec29d4c34f006f2c92403022fb32eb778276 6.4.14
2024-05-21-131508 170db44b637acdb37d3c0f7b71d623c5488446e4 6.4.15
...
docker-data/
├── postgres
│ ├── cert
│ │ ├── .ZBX_DB_CA_FILE
│ │ ├── .ZBX_DB_CERT_FILE
│ │ └── .ZBX_DB_KEY_FILE
│ └── docker-entrypoint-initdb.d
│ └── init-user-db.sh
├── zabbixserver
│ ├── config
│ │ ├── cert
│ │ │ ├── .ZBX_SERVER_CA_FILE
│ │ │ ├── .ZBX_SERVER_CERT_FILE
│ │ │ └── .ZBX_SERVER_KEY_FILE
│ │ └── docker-entrypoint.sh
│ └── data
│ ├── usr
│ │ └── lib
│ │ └── zabbix
│ │ ├── alertscripts
│ │ └── externalscripts
│ └── var
│ └── lib
│ └── zabbix
│ ├── dbscripts
│ ├── enc
│ ├── export
│ ├── mibs
│ ├── modules
│ ├── snmptraps
│ ├── ssh_keys
│ └── ssl
│ ├── certs
│ ├── keys
│ └── ssl_ca
└── zabbixwebnginx
└── config
├── cert
│ ├── dhparam.pem
│ ├── ssl.crt
│ └── ssl.key
└── modules
```
Switch to desired tag
### postgres (PostgreSQL)
In `postgres/cert` place SSL certificate files that Postgres should serve to TLS-capable database clients for encrypted database connections such as for a domain `db.zabbix.example.com`. `.ZBX_DB_CA_FILE` is a certificate authority (CA) certificate, `.ZBX_DB_CERT_FILE` is a "full chain" certificate as in your domain's certificate followed by any intermediate certs concatenated one after the other. Lastly `.ZBX_DB_KEY_FILE` is your cert's unencrypted key file.
In `postgres/config/docker-entrypoint-initdb.d/init-user-db.sh` you'll find an example script file that - when your Postgres database is uninitialized - will create a second Postgres account in your database. Check out the example environment variables file [env/fqdn_context.env.example](env/fqdn_context.env.example) and specifically `ZBX_DB_USERNAME_PW` and `ZBX_DB_USERNAME_RO` to define a password and a username.
Zabbix' PostgreSQL instance by default doesn't expose a TCP port outside of its container. This setup, however, assumes that you have for example a Grafana instance or a similar entity that wants to directly connect to Postgres. Dedicated read-only database credentials come in handy in that situation.
### zabbixserver (main Zabbix server daemon)
In `zabbixserver/config/cert` place your SSL cert files. These are what the Zabbix server process serves to clients that connect to it such as `server.zabbix.example.com`. As with [PostgreSQL](#postgres-postgresql) you'll need a CA cert, a domain cert and a key file; file names are `.ZBX_SERVER_CA_FILE`, `.ZBX_SERVER_CERT_FILE` and `.ZBX_SERVER_KEY_FILE`.
In `config` there's also `docker-entrypoint.sh`. This is largely identical to the Zabbix container's internal file as seen in the official upstream GitHub repo at [github.com/zabbix/zabbix-docker commit hash 4236b6d for Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh](https://github.com/zabbix/zabbix-docker/blob/4236b6d502a03ee9a4ab0a3699e740cc45f687a4/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh) (last retrieved on February 22, 2025).
Our version comments out two Bash `export` commands like so:
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/6.4.15'
--- <unnamed>
+++ <unnamed>
@@ -394,8 +394,8 @@
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}"
- export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
- export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
+ # export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
+ # export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
```
## Apply patch
This is a sloppy workaround to an issue that's present in newest 7.2 tags (7.2.2 and 7.2.3) where the default `docker-entrypoint.sh` will unconditionally `export` both `ZBX_DB_USER` and `ZBX_DB_PASSWORD` variables which are then unconditionally rendered into `/etc/zabbix/zabbix_server_db.conf` inside the container even when HashiCorp Vault is in use:
Identify yourself to the local `zabbix-docker` repo. Obviously substitute your own name. An e-mail address is optional here. You don't want to contribute upstream, you just want to locally apply a patch file.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.name "hygienic-books"
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.email ""
DBUser=${ZBX_DB_USER}
DBPassword=${ZBX_DB_PASSWORD}
```
Apply `zabbix-docker.patch` to Docker Compose file. We use Zabbix' `docker-compose_v3_alpine_pgsql_latest.yaml` Compose file. Assuming this repo lives at `/opt/containers/zabbixserver`:
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' am '/opt/containers/zabbixserver/zabbix-docker.patch'
If HashiCorp Vault is in use neither `DBUser` nor `DBPassword` must have a value otherwise Zabbix server will complain and exit. If you have no need for Vault - or Zabbix' official Docker containers are fixed by the time you read this - feel free to skip `docker-entrypoint.sh`.
# Output will be:
Applying: refactor(compose): Remove unneeded components
Applying: refactor(zabbix-server): Set bind mounts
Applying: feat(stack): Extend env vars
Applying: refactor(compose): Remove secrets and unneeded volume
Applying: refactor(zabbix-web-nginx): Exposed ports
...
Besides `zabbixserver/config` there's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.
```
- type: bind
source: /opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts
target: /usr/lib/zabbix/alertscripts
read_only: true
bind:
--> create_host_path: true
```
And now back up to [Docker Compose](#docker-compose).
If you don't want to mount any files into your Zabbix instance you can leave `zabbixserver/data` alone and Docker will create the necessary subdirs on your Docker host on container start.
If you do want all subdirs feel free to go like this:
```
cd '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/data'
mkdir -p {'./usr/lib/zabbix/'{'alert','external'}'scripts','./var/lib/zabbix/'{'dbscripts','enc','export','mibs','modules','snmptraps','ssh_keys','ssl/'{'certs','keys','ssl_ca'}}}
```
This will create the entire directory tree underneath `zabbixserver/data`:
```
data/
├── usr
│ └── lib
│ └── zabbix
│ ├── alertscripts
│ └── externalscripts
└── var
└── lib
└── zabbix
├── dbscripts
├── enc
├── export
├── mibs
├── modules
├── snmptraps
├── ssh_keys
└── ssl
├── certs
├── keys
└── ssl_ca
```
### zabbixwebnginx (Nginx web server)
First things first, directory `zabbixwebnginx/config/modules` is empty and due to `create_host_path: true` will be created anyway if you don't create it yourself so no worries there. In `zabbixwebnginx/config/cert` - as the name suggests - you'll place frontend SSL cert files. That's the domain certificate you want to get served when visiting Zabbix frontend with a web browser. In line with our earlier examples this might be a cert for example for `zabbix.example.com`.
Note that the file names here look relatively normal as opposed to `.ZBX_SERVER_CERT_FILE` and `.ZBX_DB_CERT_FILE` from before. We will be bind-mounting the entire `cert` directory like so:
```
- type: bind
source: /opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert
target: /etc/ssl/nginx
read_only: true
bind:
create_host_path: true
```
The `cert` dir ends up getting bind-mounted into `/etc/ssl/nginx` inside the container. Since Zabbix uses a standard Nginx setup we stick to the Nginx way of calling a default cert and key file. Store your full certificate chain as `ssl.crt` and the corresponding unencrypted key as `ssl.key`. Make sure to also save a `dhparam.pem` parameters file. You can get one such file the quick and dirty way for example from Mozilla at [https://ssl-config.mozilla.org/ffdhe2048.txt](https://ssl-config.mozilla.org/ffdhe2048.txt) - just save it as `dhparam.pem` if you're so inclined. You can alternatively render a file yourself. Assuming the `parallel` binary exists on your machine you can follow [unix.stackexchange.com/a/749156](https://unix.stackexchange.com/a/749156) like so:
```
seq 10000 | parallel -N0 --halt now,success=1 openssl dhparam -out dhparam.pem 4096
```
This starts as many parallel `openssl dhparam` processes as you have CPU cores (assuming you have at most 10,000 cores). Processes essentially race each other which typically lowers waiting time for a finished parameters file by an order of magnitude since you only need one random process to finish. On a moderately modern desktop CPU with four cores this will take about 30 seconds.
When done head back up to [How to run](#how-to-run).
# Development
## Conventional commits
This project uses [Conventional Commits](https://www.conventionalcommits.org/) for its commit messages.
### Commit types
Commit _types_ besides `fix` and `feat` are:
- `refactor`: Keeping functionality while streamlining or otherwise improving function flow
- `docs`: Documentation for project or components
### Commit scopes
The following _scopes_ are known for this project. A Conventional Commits commit message may optionally use one of the following scopes or none:
- `zabbixserver`: A change to how the `zabbixserver` service component works
- `build`: Build-related changes such as `Dockerfile` fixes and features.
- `mount`: Volume or bind mount-related changes.
- `net`: Networking, IP addressing, routing changes
- `meta`: Affects the project's repo layout, file names etc.

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_CA_FILE
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_CERT_FILE
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_KEY_FILE
View File

0
build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh → build-context/docker-data/postgres/docker-entrypoint-initdb.d/init-user-db.sh
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE
View File

475
build-context/docker-data/zabbixserver/config/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,475 @@
#!/bin/bash
set -o pipefail
set +e
# Script trace mode
if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
#Enable PostgreSQL timescaleDB feature:
: ${ENABLE_TIMESCALEDB:="false"}
# Default directories
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file)
# unsets the VAR_FILE afterwards and just leaving VAR
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local defaultValue="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo "**** Both variables $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$defaultValue"
if [ "${!var:-}" ]; then
val="${!var}"
echo "** Using ${var} variable from ENV"
elif [ "${!fileVar:-}" ]; then
if [ ! -f "${!fileVar}" ]; then
echo "**** Secret file \"${!fileVar}\" is not found"
exit 1
fi
val="$(< "${!fileVar}")"
echo "** Using ${var} variable from secret file"
fi
export "$var"="$val"
unset "$fileVar"
}
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
local masklist=("DBPassword TLSPSKIdentity")
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
if [[ " ${masklist[@]} " =~ " $var_name " ]] && [ ! -z "$var_value" ]; then
echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..."
else
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..."
fi
# Remove configuration parameter definition in case of unset or empty parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of set to double quoted parameter value
if [[ "$var_value" == '""' ]]; then
if [ "$(grep -E "^$var_name=" $config_path)" ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=/" "$config_path"
fi
echo "undefined"
return
fi
# Use full path to a file for TLS related configuration parameters
if [[ $var_name =~ ^TLS.*File$ ]] && [[ ! $var_value =~ ^/.+$ ]]; then
var_value=$ZABBIX_USER_HOME_DIR/enc/$var_value
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=$var_value$" $config_path)" ]; then
echo "exists"
elif [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables_postgresql() {
: ${DB_SERVER_HOST="postgres-server"}
: ${DB_SERVER_PORT:="5432"}
file_env POSTGRES_USER
file_env POSTGRES_PASSWORD
DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"}
DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""}
DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"}
: ${DB_SERVER_SCHEMA:="public"}
DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"}
: ${POSTGRES_USE_IMPLICIT_SEARCH_PATH:="false"}
if [ -n "${DB_SERVER_HOST}" ]; then
psql_connect_args="--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT}"
else
psql_connect_args="--port ${DB_SERVER_PORT}"
fi
}
check_db_connect_postgresql() {
echo "********************"
if [ -n "${DB_SERVER_HOST}" ]; then
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
else
echo "* DB_SERVER_HOST: Using DB socket"
echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
fi
echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}"
echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}"
if [ "${DEBUG_MODE,,}" == "true" ]; then
echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
fi
echo "********************"
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
WAIT_TIMEOUT=5
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while true :
do
psql $psql_connect_args --username ${DB_SERVER_ROOT_USER} --list --quiet 1>/dev/null 2>&1 && break
psql $psql_connect_args --username ${DB_SERVER_ROOT_USER} --list --dbname ${DB_SERVER_DBNAME} --quiet 1>/dev/null 2>&1 && break
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
psql_query() {
query=$1
db=$2
local result=""
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
result=$(psql --no-align --quiet --tuples-only $psql_connect_args \
--username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null);
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
echo $result
}
exec_sql_file() {
sql_script=$1
local command="cat"
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
if [ "${sql_script: -3}" == ".gz" ]; then
command="zcat"
fi
$command $sql_script | psql --quiet \
$psql_connect_args \
--username "${DB_SERVER_ZBX_USER}" --dbname "${DB_SERVER_DBNAME}" 1>/dev/null || exit 1
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
create_db_database_postgresql() {
DB_EXISTS=$(psql_query "SELECT 1 AS result FROM pg_database WHERE datname='${DB_SERVER_DBNAME}'" "${DB_SERVER_DBNAME}")
if [ -z ${DB_EXISTS} ]; then
echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..."
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
createdb $psql_connect_args --username "${DB_SERVER_ROOT_USER}" \
--owner "${DB_SERVER_ZBX_USER}" --lc-ctype "en_US.utf8" --lc-collate "en_US.utf8" "${DB_SERVER_DBNAME}"
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
else
echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database owner!"
fi
psql_query "CREATE SCHEMA IF NOT EXISTS ${DB_SERVER_SCHEMA}" "${DB_SERVER_DBNAME}" 1>/dev/null
}
apply_db_scripts() {
db_scripts=$1
for sql_script in $db_scripts; do
[ -e "$sql_script" ] || continue
echo "** Processing additional '$sql_script' SQL script"
exec_sql_file "$sql_script"
done
}
create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then
echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists."
ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}")
fi
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL"
if [ "${ENABLE_TIMESCALEDB,,}" == "true" ]; then
psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" "${DB_SERVER_DBNAME}"
fi
exec_sql_file "/usr/share/doc/zabbix-server-postgresql/create.sql.gz"
if [ "${ENABLE_TIMESCALEDB,,}" == "true" ]; then
exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql"
fi
apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql"
fi
}
update_zbx_config() {
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}"
# export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
# export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then
export ZBX_HANODENAME="$(hostname -f)"
elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then
export ZBX_HANODENAME="$(hostname)"
fi
: ${ZBX_NODEADDRESSPORT:="10051"}
if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then
export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}"
elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then
export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}"
fi
if [ "$(id -u)" != '0' ]; then
export ZBX_USER="$(whoami)"
else
export ZBX_ALLOWROOT=1
fi
command -v openssl >/dev/null 2>&1 && openssl rehash -v "${ZBX_SSLCALOCATION}" 1>/dev/null
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do
unset "${env_var%%=*}"
done
}
prepare_db() {
echo "** Preparing database"
check_variables_postgresql
check_db_connect_postgresql
create_db_database_postgresql
create_db_schema_postgresql
}
prepare_server() {
echo "** Preparing Zabbix server"
prepare_db
update_zbx_config
clear_zbx_env
}
#################################################
if [ "${1#-}" != "$1" ]; then
set -- /usr/sbin/zabbix_server "$@"
fi
if [ "$1" == '/usr/sbin/zabbix_server' ]; then
prepare_server
fi
if [ "$1" == "init_db_only" ]; then
prepare_db
else
exec "$@"
fi
#################################################

13
build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem
View File

@ -1,13 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA1shg4Gf/2rG+kllZ1qE2or0BHGqhDdjw0DlwNlPL9qVaiqmU/TRq
LCxr0ZloKa8dwImvEtwxy8bJROMW7gcVfYebsOwTnNbQGePkQ3OSKyyBBG+A04rx
QAT6mxgG84ydQOicu42mK0lRwWeFUzZFauZa8CWEcaLcKBUxYQWN6QXOAk7pUQ32
3vAjUKL8+dYUINCna5QXOPmNgnSmXJfjPEnLwveDUTj6IaXFLvWmJm4yRgi7AvXF
r85aAKl9FgT7e5+BntpJAP4Mj7TYxVyHHq7BLZAke7slwe6bkFLxQ6H3INlTYWgp
QEmALgW+KjiARTTh12NJgJvT0ti4ck7VA6P9eN5kw4FCEg1hZbMLFQg7asUWq9tV
7usrDC971W46YsrBstQg851Vbs64ZMf5+knHYJIWaUF5ZTQ1cHihKhEfGJOdRvxU
Py2q192knNzXwroqi/q22iUe9zu4kPRI3qLjR1brVcf8mkUGnMtkIZsO6cdHdvf9
+2De05V57/yCp8R1QUY/UErdDSO+ey+gNFVfpIBdUIoy8+bG1Dcz70X8DDHXD+4+
DJXeajEWS4xkHEB8kaoYGHS6dDJpQk/nsk2H4Mdb1M/uYDedLdMh3FVjH40lzQzR
oRYpzgieag0RPJcaxi6z8PN0HEuVpPA8EbOvxwDMR2zp4zJxHuA0inMCAQI=
-----END DH PARAMETERS-----

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE → build-context/docker-data/zabbixwebnginx/config/cert/ssl.crt
View File

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE → build-context/docker-data/zabbixwebnginx/config/cert/ssl.key
View File

10
common-settings.yaml Normal file
View File

@ -0,0 +1,10 @@
services:
common-settings:
environment:
TZ: "${TIMEZONE:-Etc/UTC}"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
compress: "true"

8
common-settings.yml
View File

@ -1,8 +0,0 @@
services:
common-settings:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
compress: "true"

121
compose.override.yaml Normal file
View File

@ -0,0 +1,121 @@
services:
db-data-pgsql:
container_name: "zabbixserver-pgsqlbusybox-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yml"
service: "common-settings"
postgres-server:
command: "-c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem"
container_name: "zabbixserver-postgres-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yml"
service: "common-settings"
ports:
- "${POSTGRES_PORT_EXTERNAL}:${POSTGRES_PORT_INTERNAL}"
user: "${UID_GID}"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/data:/var/lib/postgresql/data:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_DB_USERNAME_PW: "${ZBX_DB_USERNAME_PW}"
ZBX_DB_USERNAME_RO: "${ZBX_DB_USERNAME_RO}"
secrets: !reset []
server-db-init:
container_name: "zabbixserver-dbinit-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
secrets: !reset []
zabbix-server:
container_name: "zabbixserver-zabbixserver-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/certs:/var/lib/zabbix/ssl/certs:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/keys:/var/lib/zabbix/ssl/keys:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/ssl_ca:/var/lib/zabbix/ssl/ssl_ca:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:roz"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/docker-entrypoint.sh:/usr/bin/docker-entrypoint.sh:ro"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
VAULT_TOKEN: "${VAULT_TOKEN}"
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
ZBX_VAULTURL: "${ZBX_VAULTURL}"
ZBX_VAULT: "${ZBX_VAULT}"
ZBX_DEBUGLEVEL: "${ZBX_DEBUGLEVEL:-3}"
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
secrets: !reset []
zabbix-web-nginx-pgsql:
container_name: "zabbixserver-zabbixwebnginx-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert:/etc/ssl/nginx:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/modules/:/usr/share/zabbix/modules/:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_SERVER_HOST: "${ZBX_SERVER_HOST}"
ZBX_SERVER_NAME: "${ZBX_SERVER_NAME}"
PHP_TZ: "${PHP_TZ}"
VAULT_TOKEN: "${VAULT_TOKEN}"
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
ZBX_VAULTURL: "${ZBX_VAULTURL}"
ZBX_VAULT: "${ZBX_VAULT}"
secrets: !reset []
secrets: !reset []
volumes:
snmptraps: !reset []
networks:
database:
# Should not be Zabbix' official default 'internal: true'
# because in our case we want external entities such as a
# Grafana instance to be able to directly access this
# PostgreSQL. Here 'internal: true' would render our 'ports:'
# irrelevant, ports would just never get exposed.
internal: false

55
env/fqdn_context.env.example vendored
View File

@ -1,32 +1,27 @@
# This file is maintained by remco and populated with data from HashiCorp
# Vault. Changes not done in Vault will be reverted when file gets rendered.
CONTEXT=ux_vilnius
DEBUG_MODE=true
PHP_TZ=America/Rainy_River
POSTGRES_DB=zabbix
POSTGRES_PASSWORD=my-postgres-password
POSTGRES_PORT_EXTERNAL=5432
POSTGRES_PORT_INTERNAL=5432
POSTGRES_USER=zabbix
RESTART_POLICY=always
TIMEZONE=America/Rainy_River
UID_GID=70:70
VAULT_TOKEN=my-hashicorp-vault-token
ZABBIX_WEB_NGINX_HTTPS_PORT=61001
ZABBIX_WEB_NGINX_HTTP_PORT=61000
ZBX_DB_USERNAME_PW=my-additional-ro-db-user-password
ZBX_DB_USERNAME_RO=my-additional-ro-db-user-name
ZBX_SERVER_HOST=zabbix-server.fully.qualified.domain.name
ZBX_SERVER_NAME=fully.qualified.domain.name
ZBX_TLSCAFILE=/run/secrets/root-ca.pem
ZBX_TLSCERTFILE=/run/secrets/server-cert.pem
ZBX_TLSKEYFILE=/run/secrets/server-key.pem
ZBX_VAULT=HashiCorp
ZBX_VAULTDBPATH=kv/secrets/zabbix
ZBX_VAULTURL=https://vault.fully.qualified.domain.name
BACKEND_SUBNET=
CTX=loft
FRONTEND_SUBNET=
PHP_TZ=
POSTGRES_DB=
POSTGRES_PASSWORD=
POSTGRES_USER=
VAULT_TOKEN=
ZBX_DB_USERNAME_PW=
ZBX_DB_USERNAME_RO=
ZBX_PGSQL_TLS_CA_CERT_FILE=
ZBX_PGSQL_TLS_CERT_FILE=
ZBX_PGSQL_TLS_KEY_FILE=
ZBX_SERVER_HOST=
ZBX_SERVER_NAME=
ZBX_SERVER_TLS_CA_CERT_FILE=
ZBX_SERVER_TLS_CERT_FILE=
ZBX_SERVER_TLS_KEY_FILE=
ZBX_VAULTDBPATH=
ZBX_VAULTURL=
ZBX_WEBNGINX_EXPOSED_HTTPS_PORT=
ZBX_WEBNGINX_EXPOSED_HTTP_PORT=
ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE=
ZBX_WEBNGINX_TLS_KEY_FILE=
# When needed for temporary debugging
# ZBX_DEBUGLEVEL=4
# Other available defaults
# RESTART_POLICY=unless-stopped
# ZBX_DEBUGLEVEL=4

751
zabbix-docker.patch
View File

@ -1,751 +0,0 @@
From 21cea7f103f19770350559fdca236a9b7d2a721c Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:07:16 +0200
Subject: [PATCH 01/13] refactor(compose): Remove unneeded components
---
docker-compose_v3_alpine_pgsql_latest.yaml | 78 ----------------------
1 file changed, 78 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index bc4892246..68b55d5d2 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -12,40 +12,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-proxy-sqlite3:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-sqlite3
- image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-proxy-mysql:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-mysql
- image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - mysql-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-apache-pgsql:
- extends:
- file: compose_zabbix_components.yaml
- service: web-apache-pgsql
- image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - postgres-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-nginx-pgsql:
extends:
file: compose_zabbix_components.yaml
@@ -58,55 +24,11 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-agent:
- extends:
- file: compose_zabbix_components.yaml
- service: agent
- image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-java-gateway:
- extends:
- file: compose_zabbix_components.yaml
- service: java-gateway
- image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-snmptraps:
- extends:
- file: compose_zabbix_components.yaml
- service: snmptraps
- image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-service:
- extends:
- file: compose_zabbix_components.yaml
- service: web-service
- image: "${ZABBIX_WEB_SERVICE_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- mysql-server:
- extends:
- file: compose_databases.yaml
- service: mysql-server
-
postgres-server:
extends:
file: compose_databases.yaml
service: postgres-server
- db-data-mysql:
- extends:
- file: compose_databases.yaml
- service: db-data-mysql
-
db-data-pgsql:
extends:
file: compose_databases.yaml
--
2.42.0
From c4bd71d1ca83d09e4727a507c148bdbafe37f322 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:13:17 +0200
Subject: [PATCH 02/13] refactor(zabbix-server): Set bind mounts
---
compose_databases.yaml | 8 ++++----
compose_zabbix_components.yaml | 32 +++++++++++++++++---------------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 50f5368dd..216e1cb04 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -40,10 +40,10 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index d46273eef..21231de36 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -6,15 +6,15 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- - snmptraps:/var/lib/zabbix/snmptraps:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
tmpfs: /tmp
ulimits:
nproc: 65535
@@ -78,10 +78,10 @@ services:
server-pgsql:
extends:
service: server
-# volumes:
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
+ volumes:
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
@@ -265,8 +265,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
- - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.42.0
From 15631d10b495f9643915549143f947a304678547 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:20:27 +0200
Subject: [PATCH 03/13] feat(stack): Extend env vars
---
env_vars/.env_db_pgsql | 12 +++++++-----
env_vars/.env_srv | 8 ++++----
env_vars/.env_web | 6 +++---
3 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/env_vars/.env_db_pgsql b/env_vars/.env_db_pgsql
index 30be4ad2f..20f642a9d 100644
--- a/env_vars/.env_db_pgsql
+++ b/env_vars/.env_db_pgsql
@@ -1,11 +1,13 @@
# DB_SERVER_HOST=postgres-server
# DB_SERVER_PORT=5432
-# POSTGRES_USER=zabbix
-POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
-# POSTGRES_PASSWORD=zabbix
-POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
+POSTGRES_USER=${POSTGRES_USER}
+# POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
+POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+# POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
# POSTGRES_DB=zabbix
-POSTGRES_DB=zabbix
+POSTGRES_DB=${POSTGRES_DB}
# DB_SERVER_SCHEMA=public
# ENABLE_TIMESCALEDB=true
# POSTGRES_USE_IMPLICIT_SEARCH_PATH=false
+ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
+ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
diff --git a/env_vars/.env_srv b/env_vars/.env_srv
index 8ef2091b6..6aff55002 100644
--- a/env_vars/.env_srv
+++ b/env_vars/.env_srv
@@ -14,7 +14,7 @@
# ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
# ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
# ZBX_NODEADDRESS=localhost:10051 # Available since 6.0.0
-# ZBX_DEBUGLEVEL=3
+ZBX_DEBUGLEVEL=${ZBX_DEBUGLEVEL:-3}
# ZBX_STARTPOLLERS=5
# ZBX_IPMIPOLLERS=0
# ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
@@ -69,11 +69,11 @@ ZBX_ENABLE_SNMP_TRAPS=true
# ZBX_TLSCERTFILE=
# ZBX_TLSKEYFILE=
# ZBX_VAULT=HashiCorp # Available since 6.2.0
-# ZBX_VAULTDBPATH=
+ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
# ZBX_VAULTTLSCERTFILE= # Available since 6.2.0
# ZBX_VAULTTLSKEYFILE= # Available since 6.2.0
-# ZBX_VAULTURL=https://127.0.0.1:8200
-# VAULT_TOKEN=
+ZBX_VAULTURL=${ZBX_VAULTURL}
+VAULT_TOKEN=${VAULT_TOKEN}
# ZBX_STARTREPORTWRITERS=0
# ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report
# ZBX_SERVICEMANAGERSYNCFREQUENCY=60
diff --git a/env_vars/.env_web b/env_vars/.env_web
index 8f6585ad0..4f0ebb1b0 100644
--- a/env_vars/.env_web
+++ b/env_vars/.env_web
@@ -1,6 +1,6 @@
-ZBX_SERVER_HOST=zabbix-server
+ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
# ZBX_SERVER_PORT=10051
-ZBX_SERVER_NAME=Composed installation
+ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
# ZBX_DB_ENCRYPTION=true # Available since 5.0.0
# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0
@@ -25,7 +25,7 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_MAXINPUTTIME=300
# ZBX_SESSION_NAME=zbx_sessionid
# Timezone one of: http://php.net/manual/en/timezones.php
-# PHP_TZ=Europe/Riga
+PHP_TZ=${PHP_TZ}
# ZBX_DENY_GUI_ACCESS=false
# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.
--
2.42.0
From 67f84af300695674fdd47210a7e123098d2eced6 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:22:50 +0200
Subject: [PATCH 04/13] refactor(compose): Remove secrets and unneeded volume
---
compose_databases.yaml | 3 ---
docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------
2 files changed, 21 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 216e1cb04..52c06b356 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -46,9 +46,6 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
stop_grace_period: 1m
networks:
zbx_net_database:
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 68b55d5d2..359e2ee7c 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -64,21 +64,3 @@ networks:
internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
-
-volumes:
- snmptraps:
-# dbsocket:
-
-secrets:
- MYSQL_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER
- MYSQL_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD
- MYSQL_ROOT_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER
- MYSQL_ROOT_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD
- POSTGRES_USER:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER
- POSTGRES_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD
--
2.42.0
From fc7477f0d17e1253aeb245ad75610e5d8eaeba2f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:26:07 +0200
Subject: [PATCH 05/13] refactor(zabbix-web-nginx): Exposed ports
---
compose_zabbix_components.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 21231de36..62e77c578 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -260,8 +260,8 @@ services:
web-nginx:
ports:
- - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080"
- - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
--
2.42.0
From 1aff1200dbcec51767fbd49c66ede673210add93 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:26:34 +0200
Subject: [PATCH 06/13] refactor(postgresql): Use static username ID
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 52c06b356..40c8b7fa0 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -39,6 +39,7 @@ services:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
+ user: 70:70
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
--
2.42.0
From b8cfbd7bff008fee7bbd8ba6af1c6c9a60e7fda5 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:28:41 +0200
Subject: [PATCH 07/13] refactor(compose): Set custom container names
---
compose_databases.yaml | 2 ++
compose_zabbix_components.yaml | 2 ++
2 files changed, 4 insertions(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 40c8b7fa0..7c85574d0 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -37,6 +37,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
+ container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
@@ -60,6 +61,7 @@ services:
db-data-pgsql:
image: busybox
+ container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 62e77c578..14afe391d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,7 @@
version: '3.8'
services:
server:
+ container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
restart: "${RESTART_POLICY}"
@@ -259,6 +260,7 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
- "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
--
2.42.0
From b019cd4868567802d65d7147505382c174c3e3cb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:29:44 +0200
Subject: [PATCH 08/13] refactor(postgresql): Publicly expose so that other
tools can access the database
---
compose_databases.yaml | 2 ++
docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 7c85574d0..67c8dcb20 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,6 +41,8 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
+ ports:
+ - "5432:5432"
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 359e2ee7c..85b974168 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -61,6 +61,11 @@ networks:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}"
- internal: true
+ # Should not be Zabbix' official default 'internal: true' because in our
+ # case we want external entities such as a Grafana instance to be able
+ # to directly access this PostgreSQL. Here 'internal: true' would render
+ # our 'ports: ["5432:5432"]' irrelevant, ports would just never get
+ # exposed.
+ # internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
--
2.42.0
From ef1ce4376b3b154db634f78ec7ac76ceb3372bd2 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:36:52 +0200
Subject: [PATCH 09/13] refactor(compose): Set logging defaults
---
common-settings.yml | 8 ++++++++
compose_databases.yaml | 6 ++++++
compose_zabbix_components.yaml | 6 ++++++
3 files changed, 20 insertions(+)
create mode 100644 common-settings.yml
diff --git a/common-settings.yml b/common-settings.yml
new file mode 100644
index 000000000..d409ea1c1
--- /dev/null
+++ b/common-settings.yml
@@ -0,0 +1,8 @@
+services:
+ common-settings:
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "10m"
+ max-file: "10"
+ compress: "true"
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 67c8dcb20..97bb300af 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -36,6 +36,9 @@ services:
- mysql-server
postgres-server:
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
@@ -62,6 +65,9 @@ services:
- ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
db-data-pgsql:
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: busybox
container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 14afe391d..21843aa4e 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,9 @@
version: '3.8'
services:
server:
+ extends:
+ file: common-settings.yml
+ service: common-settings
container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
@@ -260,6 +263,9 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ extends:
+ file: common-settings.yml
+ service: common-settings
container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
--
2.42.0
From 674a6ae8c9add2b4c7db374cd00427af11040d35 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:37:32 +0200
Subject: [PATCH 10/13] refactor(postgresql): Start with SSL cert
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 97bb300af..1b21c5eeb 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,7 +41,7 @@ services:
service: common-settings
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
+ command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
ports:
--
2.42.0
From 69b3466be73519196753c168ba248cca84be21ae Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:37:59 +0200
Subject: [PATCH 11/13] feat(postgresql): Add initialization scripts dir
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 1b21c5eeb..87a39fb47 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -51,6 +51,7 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
stop_grace_period: 1m
--
2.42.0
From 666ed0f597118990785f825c0ca4cc3b3c680b2f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:43:11 +0200
Subject: [PATCH 12/13] refactor(compose): Remove secrets
---
compose_zabbix_components.yaml | 6 ------
1 file changed, 6 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 21843aa4e..3f2abdf65 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -88,9 +88,6 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
@@ -336,9 +333,6 @@ services:
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.42.0
From f0cc3b938cee802caf2c18e72519062b46b0a9f9 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:54:40 +0200
Subject: [PATCH 13/13] refactor(compose): Remove unneeded components
---
compose_databases.yaml | 54 ------------------------------------------
1 file changed, 54 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 87a39fb47..70f4fa894 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -1,40 +1,5 @@
version: '3.8'
services:
- mysql-server:
- image: "${MYSQL_IMAGE}:${MYSQL_IMAGE_TAG}"
- command:
- - mysqld
- - --character-set-server=utf8mb4
- - --collation-server=utf8mb4_bin
-# Only during upgrade from versions prior 6.4 and new installations (schema deployment)
- - --log_bin_trust_function_creators=1
-# Use TLS encryption for connections to database
-# - --require-secure-transport
-# - --ssl-ca=/run/secrets/root-ca.pem
-# - --ssl-cert=/run/secrets/server-cert.pem
-# - --ssl-key=/run/secrets/server-key.pem
- restart: "${RESTART_POLICY}"
- volumes:
- - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
- - ${ENV_VARS_DIRECTORY}/mysql_init/init_proxy_db.sql:/docker-entrypoint-initdb.d/mysql_init_proxy.sql:ro
-# - dbsocket:/var/run/mysqld/
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_mysql
- environment:
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD
- secrets:
- - MYSQL_USER
- - MYSQL_PASSWORD
- - MYSQL_ROOT_PASSWORD
-# - server-key.pem
-# - server-cert.pem
-# - root-ca.pem
- stop_grace_period: 1m
- networks:
- zbx_net_database:
- aliases:
- - mysql-server
-
postgres-server:
extends:
file: common-settings.yml
@@ -60,11 +25,6 @@ services:
aliases:
- postgres-server
- db-data-mysql:
- image: busybox
- volumes:
- - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
-
db-data-pgsql:
extends:
file: common-settings.yml
@@ -73,17 +33,3 @@ services:
container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
-
- elasticsearch:
- image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}"
- restart: "${RESTART_POLICY}"
- profiles:
- - full
- - all
- environment:
- - transport.host=0.0.0.0
- - discovery.zen.minimum_master_nodes=1
- networks:
- zbx_net_database:
- aliases:
- - elasticsearch
--
2.42.0