From 7664d0f3f698fba6230b6836fd4cebf9a2c56b77 Mon Sep 17 00:00:00 2001 From: hygienic-books Date: Fri, 14 Mar 2025 09:54:37 +0100 Subject: [PATCH] fix(zabbixserver): Zabbix server now works without override Upstream github.com/zabbix/zabbix-docker/issues/1643 is now fixed. This previously prevented us from using both HashiCorp Vault and the default docker-entrypoint.sh file that came with the the zabbix/zabbix-server-pgsql:alpine-7.2-latest image. Upstreams commit hash 435e92f made it so that when Vault params are present both the Zabbix server config params DBUser and DBPassword are unset. --- README.md | 40 +++++----------------------------------- 1 file changed, 5 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index b567083..e51c243 100644 --- a/README.md +++ b/README.md @@ -126,11 +126,10 @@ docker-data/ │ └── init-user-db.sh ├── zabbixserver │ ├── config -│ │ ├── cert -│ │ │ ├── .ZBX_SERVER_CA_FILE -│ │ │ ├── .ZBX_SERVER_CERT_FILE -│ │ │ └── .ZBX_SERVER_KEY_FILE -│ │ └── docker-entrypoint.sh +│ │ └── cert +│ │ ├── .ZBX_SERVER_CA_FILE +│ │ ├── .ZBX_SERVER_CERT_FILE +│ │ └── .ZBX_SERVER_KEY_FILE │ └── data │ ├── usr │ │ └── lib @@ -172,36 +171,7 @@ Zabbix' PostgreSQL instance by default doesn't expose a TCP port outside of its In `zabbixserver/config/cert` place your SSL cert files. These are what the Zabbix server process serves to clients that connect to it such as `server.zabbix.example.com`. As with [PostgreSQL](#postgres-postgresql) you'll need a CA cert, a domain cert and a key file; file names are `.ZBX_SERVER_CA_FILE`, `.ZBX_SERVER_CERT_FILE` and `.ZBX_SERVER_KEY_FILE`. -In `config` there's also `docker-entrypoint.sh`. This is largely identical to the Zabbix container's internal file as seen in the official upstream GitHub repo at [github.com/zabbix/zabbix-docker commit hash 4236b6d for Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh](https://github.com/zabbix/zabbix-docker/blob/4236b6d502a03ee9a4ab0a3699e740cc45f687a4/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh) (last retrieved on February 22, 2025). - -Our version comments out two Bash `export` commands like so: - -``` ---- -+++ -@@ -394,8 +394,8 @@ - - export ZBX_DB_NAME="${DB_SERVER_DBNAME}" - export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}" -- export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" -- export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" -+ # export ZBX_DB_USER="${DB_SERVER_ZBX_USER}" -+ # export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}" - - : ${ZBX_ENABLE_SNMP_TRAPS:="false"} - [[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1 -``` - -This is a sloppy workaround to an issue that's present in newest 7.2 tags (7.2.2 and 7.2.3) where the default `docker-entrypoint.sh` will unconditionally `export` both `ZBX_DB_USER` and `ZBX_DB_PASSWORD` variables which are then unconditionally rendered into `/etc/zabbix/zabbix_server_db.conf` inside the container even when HashiCorp Vault is in use: - -``` -DBUser=${ZBX_DB_USER} -DBPassword=${ZBX_DB_PASSWORD} -``` - -If HashiCorp Vault is in use neither `DBUser` nor `DBPassword` must have a value otherwise Zabbix server will complain and exit. If you have no need for Vault - or Zabbix' official Docker containers are fixed by the time you read this - feel free to skip `docker-entrypoint.sh`. - -Besides `zabbixserver/config` there's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`. +There's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`. ``` - type: bind