11 KiB
Upstream repo
We use the official Zabbix Docker GitHub repo for Docker Compose deployment, we add a few local changes.
Create dir
mkdir -p '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
Pull repo
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' clone 'https://github.com/zabbix/zabbix-docker' .
Docker Compose
Base setup
When everything's ready start Zabbix with Docker Compose, otherwise head down to Initial setup or Upgrade an existing repo first.
Define variables assuming the official Zabbix Docker repo lives at /opt/git/github.com/zabbix/zabbix-docker/branches/latest:
export UPSTREAM_REPO_DIR='/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
export UPSTREAM_REPO_TAG='6.4.4'
export UPSTREAM_COMPOSE_FILE="${UPSTREAM_REPO_DIR%/}"'/docker-compose_v3_alpine_pgsql_latest.yaml'
export COMPOSE_CTX='bi_colombo'
export COMPOSE_PROJECT_NAME='zabbixserver-'"${COMPOSE_CTX}"
export COMPOSE_ENV_FILE=<add accordingly>
Context
On your deployment machine create the necessary Docker context to connect to and control the Docker daemon on whatever target host you'll be using, for example:
docker context create fully.qualified.domain.name --docker 'host=ssh://root@fully.qualified.domain.name'
Pull
Pull newest image versions:
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
Copy to target
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local docker save and a remote docker load. Consider the helper mini-project quico.space/Quico/copy-docker where copy-docker.sh allows the following workflow:
source "${COMPOSE_ENV_FILE}"
while IFS= read -r image; do
copy-docker.sh "${image}" fully.qualified.domain.name
done < <(grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}')
This first greps a list of images and their tags from Zabbix' official Docker Compose file:
# grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}'
zabbix/zabbix-server-pgsql:alpine-6.4-latest
zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest
postgres:14-alpine
busybox
It then pushes each image to your remote host where the image is needed. Note that busybox implies busybox:latest by convention.
Start
Run Zabbix like so
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
Additional files
-
This file will be auto-created as part of the patch. Use it as an example in case patching fails
-
An example env file with all currently used variables after
docker-compose_v3_alpine_pgsql_latest.yamlis patched -
Directory tree underneath build-context
build-context/ └── docker-data ├── postgres │ └── config │ ├── cert │ │ ├── ZBX_PGSQL_TLS_CA_CERT_FILE │ │ ├── ZBX_PGSQL_TLS_CERT_FILE │ │ └── ZBX_PGSQL_TLS_KEY_FILE │ └── docker-entrypoint-initdb.d │ └── init-user-db.sh ├── zabbixserver │ └── config │ └── cert │ ├── ZBX_SERVER_TLS_CA_CERT_FILE │ ├── ZBX_SERVER_TLS_CERT_FILE │ └── ZBX_SERVER_TLS_KEY_FILE └── zabbixwebnginx └── config └── cert ├── dhparam.pem ├── ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE └── ZBX_WEBNGINX_TLS_KEY_FILEExample data you're going to want to physically place on your deployment machine. SSL certs and keys are blank files each of which has the exact same name used in env file
fqdn_context.env.example.In postgres/config/docker-entrypoint-initdb.d a PostgreSQL initialization script - when this container is run on a completely empty data directory - will create an additional read-only user
ZBX_DB_USERNAME_ROwith passwordZBX_DB_USERNAME_PW. The example's intended to grant a Grafana daemon direct PostgreSQL database read access.
Upgrade an existing repo
Check Initial setup below for first time steps. On consecutive upgrades proceed as follows.
Revert unpushed local changes
Return repo state to exactly the upstream repo's original branch state throwing away the commits you added.
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' reset --hard origin
Switch to trunk branch, get newest commits from upstream
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout trunk
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' pull
Pick and checkout new tag
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/x.y.z'
Lastly apply patch. If patch does not apply cleanly read on in the next section Create new patch to find out how to fix your patch.
Create new patch
Add your changes as commits
Get zabbix-docker repo into a state with which you're happy then
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' format-patch 7665739620ba6d99090838d502ab76d2f5a47e96^..a17380598ca66153ddc2a42eb618d906d4f582e6 --stdout > '/opt/containers/zabbixserver/zabbix-docker.patch'
Where the first commit hash is our first commit and the other commit hash is our last commit. Note the caret (^) right after the first commit hash.
Investigation
You may have to try and find out how a known good base commit differs from a newer one in case the newer one does no longer cleanly accept the patch.
Get commit hashes from both affected tags, e.g.
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
Diff them
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' diff d7b0eab80723a2c562a13ee866c4cd384af96d3b 482e21c7803c2878e522aba0325bf04533efa61a 'docker-compose_v3_alpine_pgsql_latest.yaml'
Output will be empty in case no difference exists in docker-compose_v3_alpine_pgsql_latest.yaml between both commit hashes.
Commit your updated patch file into this repo. With a new working patch in hand head back up to Upgrade an existing repo.
Initial setup
Prep
Get desired tag e.g. from version-sorted tags list
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
Switch to desired tag
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/6.4.4'
Apply patch
Identify yourself to the local zabbix-docker repo. Obviously substitute your own name. An e-mail address is optional here. You don't want to contribute upstream, you just want to locally apply a patch file.
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.name "hygienic-books"
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.email ""
Apply zabbix-docker.patch to Docker Compose file. We use Zabbix' docker-compose_v3_alpine_pgsql_latest.yaml Compose file. Assuming this repo lives at /opt/containers/zabbixserver:
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' am '/opt/containers/zabbixserver/zabbix-docker.patch'
# Output will be:
Applying: refactor(compose): Remove trailing whitespace
Applying: refactor(compose): 4 leading spaces
Applying: refactor(compose): Indent comments
Applying: refactor(zabbix-server): Set correct libs paths
Applying: refactor(zabbix-server): Set TLS cert file names
Applying: feat(zabbix-server): Replace env files with variables
...
And now back up to Docker Compose.