hygienic-books
5fb3be9228
Upstream github.com/zabbix/zabbix-docker/issues/1643 is now fixed. This previously prevented us from using both HashiCorp Vault and the default docker-entrypoint.sh file that came with the the zabbix/zabbix-server-pgsql:alpine-7.2-latest image. Upstreams commit hash 435e92f made it so that when Vault params are present both the Zabbix server config params DBUser and DBPassword are unset.
120 lines
7.2 KiB
YAML
120 lines
7.2 KiB
YAML
services:
|
|
db-data-pgsql:
|
|
container_name: "zabbixserver-pgsqlbusybox-${CONTEXT}"
|
|
extends:
|
|
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
|
service: "common-settings"
|
|
postgres-server:
|
|
command: "-c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem"
|
|
container_name: "zabbixserver-postgres-${CONTEXT}"
|
|
extends:
|
|
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
|
service: "common-settings"
|
|
ports:
|
|
- "${POSTGRES_PORT_EXTERNAL}:${POSTGRES_PORT_INTERNAL}"
|
|
user: "${UID_GID}"
|
|
volumes:
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/data:/var/lib/postgresql/data:rw"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro"
|
|
env_file: !reset []
|
|
environment:
|
|
POSTGRES_DB: "${POSTGRES_DB}"
|
|
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
|
|
POSTGRES_USER: "${POSTGRES_USER}"
|
|
ZBX_DB_USERNAME_PW: "${ZBX_DB_USERNAME_PW}"
|
|
ZBX_DB_USERNAME_RO: "${ZBX_DB_USERNAME_RO}"
|
|
secrets: !reset []
|
|
server-db-init:
|
|
container_name: "zabbixserver-dbinit-${CONTEXT}"
|
|
extends:
|
|
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
|
service: "common-settings"
|
|
volumes:
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
|
|
env_file: !reset []
|
|
environment:
|
|
POSTGRES_DB: "${POSTGRES_DB}"
|
|
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
|
|
POSTGRES_USER: "${POSTGRES_USER}"
|
|
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
|
|
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
|
|
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
|
|
secrets: !reset []
|
|
zabbix-server:
|
|
container_name: "zabbixserver-zabbixserver-${CONTEXT}"
|
|
extends:
|
|
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
|
service: "common-settings"
|
|
volumes:
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/certs:/var/lib/zabbix/ssl/certs:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/keys:/var/lib/zabbix/ssl/keys:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/ssl_ca:/var/lib/zabbix/ssl/ssl_ca:rw"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:roz"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
|
|
env_file: !reset []
|
|
environment:
|
|
POSTGRES_DB: "${POSTGRES_DB}"
|
|
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
|
|
POSTGRES_USER: "${POSTGRES_USER}"
|
|
VAULT_TOKEN: "${VAULT_TOKEN}"
|
|
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
|
|
ZBX_VAULTURL: "${ZBX_VAULTURL}"
|
|
ZBX_VAULT: "${ZBX_VAULT}"
|
|
ZBX_DEBUGLEVEL: "${ZBX_DEBUGLEVEL:-3}"
|
|
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
|
|
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
|
|
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
|
|
secrets: !reset []
|
|
zabbix-web-nginx-pgsql:
|
|
container_name: "zabbixserver-zabbixwebnginx-${CONTEXT}"
|
|
extends:
|
|
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
|
service: "common-settings"
|
|
volumes:
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert:/etc/ssl/nginx:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/modules/:/usr/share/zabbix/modules/:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
|
|
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
|
|
env_file: !reset []
|
|
environment:
|
|
POSTGRES_DB: "${POSTGRES_DB}"
|
|
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
|
|
POSTGRES_USER: "${POSTGRES_USER}"
|
|
ZBX_SERVER_HOST: "${ZBX_SERVER_HOST}"
|
|
ZBX_SERVER_NAME: "${ZBX_SERVER_NAME}"
|
|
PHP_TZ: "${PHP_TZ}"
|
|
VAULT_TOKEN: "${VAULT_TOKEN}"
|
|
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
|
|
ZBX_VAULTURL: "${ZBX_VAULTURL}"
|
|
ZBX_VAULT: "${ZBX_VAULT}"
|
|
secrets: !reset []
|
|
secrets: !reset []
|
|
volumes:
|
|
snmptraps: !reset []
|
|
networks:
|
|
database:
|
|
# Should not be Zabbix' official default 'internal: true'
|
|
# because in our case we want external entities such as a
|
|
# Grafana instance to be able to directly access this
|
|
# PostgreSQL. Here 'internal: true' would render our 'ports:'
|
|
# irrelevant, ports would just never get exposed.
|
|
internal: false |