fix(zabbixserver): Zabbix server now works without override

Upstream github.com/zabbix/zabbix-docker/issues/1643 is now fixed. This previously prevented us from using both HashiCorp Vault and the default docker-entrypoint.sh file that came with the the zabbix/zabbix-server-pgsql:alpine-7.2-latest image. Upstreams commit hash 435e92f made it so that when Vault params are present both the Zabbix server config params DBUser and DBPassword are unset.
2025-03-14 09:54:37 +01:00 · 2025-03-14 09:54:37 +01:00 · 7664d0f3f6
commit 7664d0f3f6
parent 5fb3be9228
1 changed files with 5 additions and 35 deletions
--- a/README.md
+++ b/README.md
@ -126,11 +126,10 @@ docker-data/
 │       └── init-user-db.sh
 ├── zabbixserver
 │   ├── config
-│   │   ├── cert
-│   │   │   ├── .ZBX_SERVER_CA_FILE
-│   │   │   ├── .ZBX_SERVER_CERT_FILE
-│   │   │   └── .ZBX_SERVER_KEY_FILE
-│   │   └── docker-entrypoint.sh
+│   │   └── cert
+│   │       ├── .ZBX_SERVER_CA_FILE
+│   │       ├── .ZBX_SERVER_CERT_FILE
+│   │       └── .ZBX_SERVER_KEY_FILE
 │   └── data
 │       ├── usr
 │       │   └── lib
@ -172,36 +171,7 @@ Zabbix' PostgreSQL instance by default doesn't expose a TCP port outside of its

 In `zabbixserver/config/cert` place your SSL cert files. These are what the Zabbix server process serves to clients that connect to it such as `server.zabbix.example.com`. As with [PostgreSQL](#postgres-postgresql) you'll need a CA cert, a domain cert and a key file; file names are `.ZBX_SERVER_CA_FILE`, `.ZBX_SERVER_CERT_FILE` and `.ZBX_SERVER_KEY_FILE`.

-In `config` there's also `docker-entrypoint.sh`. This is largely identical to the Zabbix container's internal file as seen in the official upstream GitHub repo at [github.com/zabbix/zabbix-docker commit hash 4236b6d for Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh](https://github.com/zabbix/zabbix-docker/blob/4236b6d502a03ee9a4ab0a3699e740cc45f687a4/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh) (last retrieved on February 22, 2025).
-
-Our version comments out two Bash `export` commands like so:
-
-```
--- <unnamed>
-+++ <unnamed>
-@@ -394,8 +394,8 @@
- 
-     export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
-     export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}"
-    export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
-    export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
-+    # export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
-+    # export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
- 
-     : ${ZBX_ENABLE_SNMP_TRAPS:="false"}
-     [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
-```
-
-This is a sloppy workaround to an issue that's present in newest 7.2 tags (7.2.2 and 7.2.3) where the default `docker-entrypoint.sh` will unconditionally `export` both `ZBX_DB_USER` and `ZBX_DB_PASSWORD` variables which are then unconditionally rendered into `/etc/zabbix/zabbix_server_db.conf` inside the container even when HashiCorp Vault is in use: 
-
-```
-DBUser=${ZBX_DB_USER}
-DBPassword=${ZBX_DB_PASSWORD}
-```
-
-If HashiCorp Vault is in use neither `DBUser` nor `DBPassword` must have a value otherwise Zabbix server will complain and exit. If you have no need for Vault - or Zabbix' official Docker containers are fixed by the time you read this - feel free to skip `docker-entrypoint.sh`.
-
-Besides `zabbixserver/config` there's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.
+There's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.

 ```
    - type: bind