From 21cea7f103f19770350559fdca236a9b7d2a721c Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:07:16 +0200 Subject: [PATCH 01/13] refactor(compose): Remove unneeded components --- docker-compose_v3_alpine_pgsql_latest.yaml | 78 ---------------------- 1 file changed, 78 deletions(-) diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index bc4892246..68b55d5d2 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -12,40 +12,6 @@ services: labels: com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-proxy-sqlite3: - extends: - file: compose_zabbix_components.yaml - service: proxy-sqlite3 - image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-proxy-mysql: - extends: - file: compose_zabbix_components.yaml - service: proxy-mysql - image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - depends_on: - - mysql-server - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-web-apache-pgsql: - extends: - file: compose_zabbix_components.yaml - service: web-apache-pgsql - image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - depends_on: - - postgres-server - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-web-nginx-pgsql: extends: file: compose_zabbix_components.yaml @@ -58,55 +24,11 @@ services: labels: com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-agent: - extends: - file: compose_zabbix_components.yaml - service: agent - image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-java-gateway: - extends: - file: compose_zabbix_components.yaml - service: java-gateway - image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-snmptraps: - extends: - file: compose_zabbix_components.yaml - service: snmptraps - image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-web-service: - extends: - file: compose_zabbix_components.yaml - service: web-service - image: "${ZABBIX_WEB_SERVICE_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - mysql-server: - extends: - file: compose_databases.yaml - service: mysql-server - postgres-server: extends: file: compose_databases.yaml service: postgres-server - db-data-mysql: - extends: - file: compose_databases.yaml - service: db-data-mysql - db-data-pgsql: extends: file: compose_databases.yaml -- 2.42.0 From c4bd71d1ca83d09e4727a507c148bdbafe37f322 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:13:17 +0200 Subject: [PATCH 02/13] refactor(zabbix-server): Set bind mounts --- compose_databases.yaml | 8 ++++---- compose_zabbix_components.yaml | 32 +++++++++++++++++--------------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 50f5368dd..216e1cb04 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -40,10 +40,10 @@ services: # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" volumes: - - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql secrets: diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index d46273eef..21231de36 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -6,15 +6,15 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw - - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - - snmptraps:/var/lib/zabbix/snmptraps:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro tmpfs: /tmp ulimits: nproc: 65535 @@ -78,10 +78,10 @@ services: server-pgsql: extends: service: server -# volumes: -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro + volumes: + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql secrets: @@ -265,8 +265,10 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro - - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro tmpfs: /tmp deploy: resources: -- 2.42.0 From 15631d10b495f9643915549143f947a304678547 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:20:27 +0200 Subject: [PATCH 03/13] feat(stack): Extend env vars --- env_vars/.env_db_pgsql | 12 +++++++----- env_vars/.env_srv | 8 ++++---- env_vars/.env_web | 6 +++--- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/env_vars/.env_db_pgsql b/env_vars/.env_db_pgsql index 30be4ad2f..20f642a9d 100644 --- a/env_vars/.env_db_pgsql +++ b/env_vars/.env_db_pgsql @@ -1,11 +1,13 @@ # DB_SERVER_HOST=postgres-server # DB_SERVER_PORT=5432 -# POSTGRES_USER=zabbix -POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER -# POSTGRES_PASSWORD=zabbix -POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD +POSTGRES_USER=${POSTGRES_USER} +# POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER +POSTGRES_PASSWORD=${POSTGRES_PASSWORD} +# POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD # POSTGRES_DB=zabbix -POSTGRES_DB=zabbix +POSTGRES_DB=${POSTGRES_DB} # DB_SERVER_SCHEMA=public # ENABLE_TIMESCALEDB=true # POSTGRES_USE_IMPLICIT_SEARCH_PATH=false +ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO} +ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW} diff --git a/env_vars/.env_srv b/env_vars/.env_srv index 8ef2091b6..6aff55002 100644 --- a/env_vars/.env_srv +++ b/env_vars/.env_srv @@ -14,7 +14,7 @@ # ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0 # ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0 # ZBX_NODEADDRESS=localhost:10051 # Available since 6.0.0 -# ZBX_DEBUGLEVEL=3 +ZBX_DEBUGLEVEL=${ZBX_DEBUGLEVEL:-3} # ZBX_STARTPOLLERS=5 # ZBX_IPMIPOLLERS=0 # ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0 @@ -69,11 +69,11 @@ ZBX_ENABLE_SNMP_TRAPS=true # ZBX_TLSCERTFILE= # ZBX_TLSKEYFILE= # ZBX_VAULT=HashiCorp # Available since 6.2.0 -# ZBX_VAULTDBPATH= +ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH} # ZBX_VAULTTLSCERTFILE= # Available since 6.2.0 # ZBX_VAULTTLSKEYFILE= # Available since 6.2.0 -# ZBX_VAULTURL=https://127.0.0.1:8200 -# VAULT_TOKEN= +ZBX_VAULTURL=${ZBX_VAULTURL} +VAULT_TOKEN=${VAULT_TOKEN} # ZBX_STARTREPORTWRITERS=0 # ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # ZBX_SERVICEMANAGERSYNCFREQUENCY=60 diff --git a/env_vars/.env_web b/env_vars/.env_web index 8f6585ad0..4f0ebb1b0 100644 --- a/env_vars/.env_web +++ b/env_vars/.env_web @@ -1,6 +1,6 @@ -ZBX_SERVER_HOST=zabbix-server +ZBX_SERVER_HOST=${ZBX_SERVER_HOST} # ZBX_SERVER_PORT=10051 -ZBX_SERVER_NAME=Composed installation +ZBX_SERVER_NAME=${ZBX_SERVER_NAME} # ZBX_DB_ENCRYPTION=true # Available since 5.0.0 # ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0 # ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0 @@ -25,7 +25,7 @@ ZBX_SERVER_NAME=Composed installation # ZBX_MAXINPUTTIME=300 # ZBX_SESSION_NAME=zbx_sessionid # Timezone one of: http://php.net/manual/en/timezones.php -# PHP_TZ=Europe/Riga +PHP_TZ=${PHP_TZ} # ZBX_DENY_GUI_ACCESS=false # ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1'] # ZBX_GUI_WARNING_MSG=Zabbix is under maintenance. -- 2.42.0 From 67f84af300695674fdd47210a7e123098d2eced6 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:22:50 +0200 Subject: [PATCH 04/13] refactor(compose): Remove secrets and unneeded volume --- compose_databases.yaml | 3 --- docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------ 2 files changed, 21 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 216e1cb04..52c06b356 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -46,9 +46,6 @@ services: - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD stop_grace_period: 1m networks: zbx_net_database: diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index 68b55d5d2..359e2ee7c 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -64,21 +64,3 @@ networks: internal: true ipam: driver: "${DATABASE_NETWORK_DRIVER}" - -volumes: - snmptraps: -# dbsocket: - -secrets: - MYSQL_USER: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER - MYSQL_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD - MYSQL_ROOT_USER: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER - MYSQL_ROOT_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD - POSTGRES_USER: - file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER - POSTGRES_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD -- 2.42.0 From fc7477f0d17e1253aeb245ad75610e5d8eaeba2f Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:26:07 +0200 Subject: [PATCH 05/13] refactor(zabbix-web-nginx): Exposed ports --- compose_zabbix_components.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 21231de36..62e77c578 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -260,8 +260,8 @@ services: web-nginx: ports: - - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080" - - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443" + - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" + - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro -- 2.42.0 From 1aff1200dbcec51767fbd49c66ede673210add93 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:26:34 +0200 Subject: [PATCH 06/13] refactor(postgresql): Use static username ID --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 52c06b356..40c8b7fa0 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -39,6 +39,7 @@ services: image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" + user: 70:70 volumes: - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro -- 2.42.0 From b8cfbd7bff008fee7bbd8ba6af1c6c9a60e7fda5 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:28:41 +0200 Subject: [PATCH 07/13] refactor(compose): Set custom container names --- compose_databases.yaml | 2 ++ compose_zabbix_components.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 40c8b7fa0..7c85574d0 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -37,6 +37,7 @@ services: postgres-server: image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" + container_name: zabbixserver-postgres-${CTX} # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 @@ -60,6 +61,7 @@ services: db-data-pgsql: image: busybox + container_name: zabbixserver-pgsqlbusybox-${CTX} volumes: - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 62e77c578..14afe391d 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -1,6 +1,7 @@ version: '3.8' services: server: + container_name: zabbixserver-zabbixserver-${CTX} ports: - "${ZABBIX_SERVER_PORT}:10051" restart: "${RESTART_POLICY}" @@ -259,6 +260,7 @@ services: com.zabbix.dbtype: "pgsql" web-nginx: + container_name: zabbixserver-zabbixwebnginx-${CTX} ports: - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" -- 2.42.0 From b019cd4868567802d65d7147505382c174c3e3cb Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:29:44 +0200 Subject: [PATCH 08/13] refactor(postgresql): Publicly expose so that other tools can access the database --- compose_databases.yaml | 2 ++ docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 7c85574d0..67c8dcb20 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -41,6 +41,8 @@ services: # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 + ports: + - "5432:5432" volumes: - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index 359e2ee7c..85b974168 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -61,6 +61,11 @@ networks: driver: bridge driver_opts: com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}" - internal: true + # Should not be Zabbix' official default 'internal: true' because in our + # case we want external entities such as a Grafana instance to be able + # to directly access this PostgreSQL. Here 'internal: true' would render + # our 'ports: ["5432:5432"]' irrelevant, ports would just never get + # exposed. + # internal: true ipam: driver: "${DATABASE_NETWORK_DRIVER}" -- 2.42.0 From ef1ce4376b3b154db634f78ec7ac76ceb3372bd2 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:36:52 +0200 Subject: [PATCH 09/13] refactor(compose): Set logging defaults --- common-settings.yml | 8 ++++++++ compose_databases.yaml | 6 ++++++ compose_zabbix_components.yaml | 6 ++++++ 3 files changed, 20 insertions(+) create mode 100644 common-settings.yml diff --git a/common-settings.yml b/common-settings.yml new file mode 100644 index 000000000..d409ea1c1 --- /dev/null +++ b/common-settings.yml @@ -0,0 +1,8 @@ +services: + common-settings: + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "10" + compress: "true" diff --git a/compose_databases.yaml b/compose_databases.yaml index 67c8dcb20..97bb300af 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -36,6 +36,9 @@ services: - mysql-server postgres-server: + extends: + file: common-settings.yml + service: common-settings image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" container_name: zabbixserver-postgres-${CTX} # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem @@ -62,6 +65,9 @@ services: - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw db-data-pgsql: + extends: + file: common-settings.yml + service: common-settings image: busybox container_name: zabbixserver-pgsqlbusybox-${CTX} volumes: diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 14afe391d..21843aa4e 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -1,6 +1,9 @@ version: '3.8' services: server: + extends: + file: common-settings.yml + service: common-settings container_name: zabbixserver-zabbixserver-${CTX} ports: - "${ZABBIX_SERVER_PORT}:10051" @@ -260,6 +263,9 @@ services: com.zabbix.dbtype: "pgsql" web-nginx: + extends: + file: common-settings.yml + service: common-settings container_name: zabbixserver-zabbixwebnginx-${CTX} ports: - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" -- 2.42.0 From 674a6ae8c9add2b4c7db374cd00427af11040d35 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:37:32 +0200 Subject: [PATCH 10/13] refactor(postgresql): Start with SSL cert --- compose_databases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 97bb300af..1b21c5eeb 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -41,7 +41,7 @@ services: service: common-settings image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" container_name: zabbixserver-postgres-${CTX} -# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 ports: -- 2.42.0 From 69b3466be73519196753c168ba248cca84be21ae Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:37:59 +0200 Subject: [PATCH 11/13] feat(postgresql): Add initialization scripts dir --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 1b21c5eeb..87a39fb47 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -51,6 +51,7 @@ services: - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql stop_grace_period: 1m -- 2.42.0 From 666ed0f597118990785f825c0ca4cc3b3c680b2f Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:43:11 +0200 Subject: [PATCH 12/13] refactor(compose): Remove secrets --- compose_zabbix_components.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 21843aa4e..3f2abdf65 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -88,9 +88,6 @@ services: - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD networks: zbx_net_backend: aliases: @@ -336,9 +333,6 @@ services: # - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD networks: zbx_net_backend: aliases: -- 2.42.0 From f0cc3b938cee802caf2c18e72519062b46b0a9f9 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 4 Jun 2024 00:54:40 +0200 Subject: [PATCH 13/13] refactor(compose): Remove unneeded components --- compose_databases.yaml | 54 ------------------------------------------ 1 file changed, 54 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 87a39fb47..70f4fa894 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -1,40 +1,5 @@ version: '3.8' services: - mysql-server: - image: "${MYSQL_IMAGE}:${MYSQL_IMAGE_TAG}" - command: - - mysqld - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_bin -# Only during upgrade from versions prior 6.4 and new installations (schema deployment) - - --log_bin_trust_function_creators=1 -# Use TLS encryption for connections to database -# - --require-secure-transport -# - --ssl-ca=/run/secrets/root-ca.pem -# - --ssl-cert=/run/secrets/server-cert.pem -# - --ssl-key=/run/secrets/server-key.pem - restart: "${RESTART_POLICY}" - volumes: - - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw - - ${ENV_VARS_DIRECTORY}/mysql_init/init_proxy_db.sql:/docker-entrypoint-initdb.d/mysql_init_proxy.sql:ro -# - dbsocket:/var/run/mysqld/ - env_file: - - ${ENV_VARS_DIRECTORY}/.env_db_mysql - environment: - - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD - secrets: - - MYSQL_USER - - MYSQL_PASSWORD - - MYSQL_ROOT_PASSWORD -# - server-key.pem -# - server-cert.pem -# - root-ca.pem - stop_grace_period: 1m - networks: - zbx_net_database: - aliases: - - mysql-server - postgres-server: extends: file: common-settings.yml @@ -60,11 +25,6 @@ services: aliases: - postgres-server - db-data-mysql: - image: busybox - volumes: - - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw - db-data-pgsql: extends: file: common-settings.yml @@ -73,17 +33,3 @@ services: container_name: zabbixserver-pgsqlbusybox-${CTX} volumes: - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw - - elasticsearch: - image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}" - restart: "${RESTART_POLICY}" - profiles: - - full - - all - environment: - - transport.host=0.0.0.0 - - discovery.zen.minimum_master_nodes=1 - networks: - zbx_net_database: - aliases: - - elasticsearch -- 2.42.0