Linux-Help/cookbook-zabbix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Initial commit

Browse source
This commit is contained in:
Eric Renfro 2017-02-07 01:02:03 -05:00
commit 4ecbdffcac
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
58 changed files with 12367 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.gitignore vendored Normal file
View file

@ -0,0 +1,19 @@
.DS_Store
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Berkshelf
.vagrant
Berksfile.lock
# Bundler
Gemfile.lock
bin/*
.bundle/*
.kitchen/
.kitchen.local.yml

34
.kitchen.vagrant.yml Normal file
View file

@ -0,0 +1,34 @@
---
driver:
name: vagrant
network:
- ["forwarded_port", {guest: 80, host: 8880}]
- ["private_network", {ip: "192.168.33.43"}]
provisioner:
name: chef_zero
environments_path: test/environments
client_rb:
environment: integration_test_env
platforms:
- name: bento/centos-6.7
driver:
vagrantfiles:
- local-vagrantfile.rb
vm_hostname: integrationtesting
suites:
- name: default
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::default]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
- name: server
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]

48
.kitchen.yml Normal file
View file

@ -0,0 +1,48 @@
---
driver:
name: docker
provisioner:
name: chef_zero
environments_path: test/environments
client_rb:
environment: integration_test_env
platforms:
- name: centos-6.6-chef-11
driver_config:
image: centos:6.6
platform: rhel
require_chef_omnibus: 12.5.1
use_sudo: false
hostname: integration.test.test
suites:
- name: server
driver:
forward:
- 8087:80
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
- name: agent
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/agent/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::default]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
zabbix:
agent_servers: ['172.17.0.3']
- name: proxy
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::proxy]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]

6
Berksfile Normal file
View file

@ -0,0 +1,6 @@
source "https://supermarket.chef.io"
metadata
cookbook "yum-zabbix", path: "../yum-zabbix"

6
Gemfile Normal file
View file

@ -0,0 +1,6 @@
source 'https://rubygems.org'
gem 'berkshelf'
gem 'test-kitchen'
gem 'chefspec'
gem 'foodcritic'
gem 'kitchen-docker'

41
README.md Normal file
View file

@ -0,0 +1,41 @@
Zabbix Cookbook
============
This cookbook installs, manages, and handles Zabbix for monitoring systems
health and system metrics. It also handles trap script auto-discovery based
on recipe inclusion and tags, as well as auto-registration metadata.
The way auto-discovery works is, for example, if the openldap recipe is
included in the run_list, the zabbix::trap_scripts will set up the variables
used to add certain trap scripts to the monitored system, for use in:`/etc/zabbix/trap.d/{live,daily}/`
Optionally, in case a recipe is incomplete or not in use, you can manually
enable a trap agent by use of tags on a per-node basis as well, using the
node tags as such:
```
{
"name": "some.node.name",
"chef_environment": "_default",
"normal": {
"tags": [
"httpd",
"openldap"
]
},
"run_list": [
"recipe[zabbix]"
]
}
```
This allows for fully automated, and manual designation of agents required
for monitoring on every system.
Available tags for manual override are as follows:
```
httpd: Apache HTTPD
openldap: OpenLDAP
mongodb: MongoDB Database Server
tomcat: Tomcat 6 Server
```

19
attributes/default.rb Normal file
View file

@ -0,0 +1,19 @@
default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = []
if node.run_list?('recipe[zabbix::server]')
default['zabbix']['agent_servers'] = ['127.0.0.1']
elsif node.run_list?('recipe[zabbix::proxy]')
default['zabbix']['agent_servers'] = ['127.0.0.1']
else
default['zabbix']['agent_servers'] = ['127.0.0.1']
end
default['zabbix']['trap_scripts']['live']['add'] = []
default['zabbix']['trap_scripts']['live']['del'] = []
default['zabbix']['trap_scripts']['daily']['add'] = []
default['zabbix']['trap_scripts']['daily']['del'] = []
default['zabbix']['httpd_conf']['https_redirection_enabled'] = true
default['letsencrypt']['enabled'] = false
default['lba_host'] = 'default'

95
chefignore Normal file
View file

@ -0,0 +1,95 @@
# Put files/directories that should be ignored in this file when uploading
# or sharing to the community site.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
Guardfile
Procfile
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
cookbooks/*
tmp
.kitchen
# Cookbooks #
#############
CONTRIBUTING
CHANGELOG*
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
# Travis #
##########
.travis.yml

263
files/default/traps/apache.trap.py Executable file
View file

@ -0,0 +1,263 @@
#!/usr/bin/python2
""" Fetch Apache stats via mod_status and send to Zabbix
By Paulson McIntyre
Patches by:
Zach Bailey <znbailey@gmail.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import urllib
from optparse import OptionParser
import os
from tempfile import mkstemp
import StringIO
import csv
import socket
class ErrorSendingValues(RuntimeError):
""" An error occured while sending the values to the Zabbix
server using zabbix_sender.
"""
def fetchURL(url, user = None, passwd = None):
""" Return the data from a URL """
if user and passwd:
parts = url.split('://')
url = parts[0] + "://" + user + ":" + passwd + "@" + parts[1]
conn = urllib.urlopen(url)
try:
data = conn.read()
finally:
conn.close()
return data
def sendValues(filepath, zabbixserver = "localhost", zabbixport = 10051, senderloc = "zabbix_sender"):
r = os.system("%s --zabbix-server '%s' --port '%s' -i '%s' -vv" % (senderloc, zabbixserver, zabbixport, filepath))
if r != 0:
raise ErrorSendingValues, "An error occured sending the values to the server"
def clean(string, chars):
for i in chars:
string = string.replace(i, '')
return string
def parse(data):
""" Parse the CSV file into a dict of data
"""
mapping = {
"_":"Waiting For Connection",
"S":"Starting Up",
"R":"Reading Request",
"W":"Sending Reply",
"K":"KeepAlive",
"D":"DNS Lookup",
"C":"Closing Connection",
"L":"Logging",
"G":"Gracefully Finishing",
"I":"Idle Cleanup Of Worker",
".":"Open slot with no current process",
}
mappingFloat = [
"CPULoad",
"ReqPerSec",
"BytesPerReq",
"BytesPerSec",
]
# Clean out certian chars
replace = '() '
csvobj = csv.reader(StringIO.StringIO(data), delimiter = ":", skipinitialspace = True)
ret = {}
for (key, val) in csvobj:
if key == 'Scoreboard':
sb = {
"Waiting For Connection":0,
"Starting Up":0,
"Reading Request":0,
"Sending Reply":0,
"KeepAlive":0,
"DNS Lookup":0,
"Closing Connection":0,
"Logging":0,
"Gracefully Finishing":0,
"Idle Cleanup Of Worker":0,
"Open slot with no current process":0,
}
for i in val:
sb[mapping[i]] += 1
ret[key] = sb
else:
ret[key] = val
ret2 = {}
for (key, val) in ret.items():
if key == "Scoreboard":
for (key, val) in val.items():
ret2[clean(key, replace)] = val
if key in mappingFloat:
ret2[clean(key, replace)] = float(val)
else:
ret2[clean(key, replace)] = val
return ret2
if __name__ == "__main__":
parser = OptionParser(
usage = "%prog [-z <Zabbix hostname or IP>] [-o <Apache hostname or IP>]",
version = "%prog $Revision$",
prog = "ApacheStatsForZabbix",
description = """This program gathers data from Apache's
built-in status page and sends it to
Zabbix. The data is sent via zabbix_sender.
Author: Paulson McIntyre (GpMidi)
License: GPLv2
""",
)
parser.add_option(
"-l",
"--url",
action = "store",
type = "string",
dest = "url",
default = None,
help = "Override the automatically generated URL with one of your own",
)
parser.add_option(
"-o",
"--host",
action = "store",
type = "string",
dest = "host",
default = "localhost",
help = "Host to connect to. [default: %default]",
)
parser.add_option(
"-p",
"--port",
action = "store",
type = "int",
dest = "port",
default = 80,
help = "Port to connect on. [default: %default]",
)
parser.add_option(
"-r",
"--proto",
action = "store",
type = "string",
dest = "proto",
default = "http",
help = "Protocol to connect on. Can be http or https. [default: %default]",
)
parser.add_option(
"-z",
"--zabixserver",
action = "store",
type = "string",
dest = "zabbixserver",
default = None,
help = "Zabbix Server to send metrics to. [default: Disabled]",
)
parser.add_option(
"-u",
"--user",
action = "store",
type = "string",
dest = "user",
default = None,
help = "HTTP authentication user to use when connection. [default: None]",
)
parser.add_option(
"-a",
"--passwd",
action = "store",
type = "string",
dest = "passwd",
default = None,
help = "HTTP authentication password to use when connecting. [default: None]",
)
parser.add_option(
"-s",
"--sender",
action = "store",
type = "string",
dest = "senderloc",
default = "/usr/bin/zabbix_sender",
help = "Location to the zabbix_sender executable. [default: %default]",
)
parser.add_option(
"-q",
"--zabbixport",
action = "store",
type = "int",
dest = "zabbixport",
default = 10051,
help = "Zabbix port to connect to. [default: %default]",
)
parser.add_option(
"-c",
"--zabbixsource",
action = "store",
type = "string",
dest = "zabbixsource",
default = socket.gethostname(),
help = "Zabbix host to use when sending values. [default: %default]",
)
(opts, args) = parser.parse_args()
if opts.url and (opts.port != 80 or opts.proto != "http"):
parser.error("Can't specify -u with -p or -r")
if not opts.url:
opts.url = "%s://%s:%s/server-status?auto" % (opts.proto, opts.host, opts.port)
data = fetchURL(opts.url, user = opts.user, passwd = opts.passwd)
try:
if opts.zabbixserver is not None:
(tempfiled, tempfilepath) = mkstemp()
tempfile = open(tempfilepath, 'wb')
except:
parser.error("Error creating temporary file")
try:
data = parse(data = data)
except csv.Error:
parser.error("Error parsing returned data")
try:
for key, val in data.items():
if opts.zabbixserver is not None:
tempfile.write("%s apache[%s] %s\n" % (opts.zabbixsource, key, val))
else:
print "%s apache[%s] %s"%(opts.zabbixsource, key, val)
if opts.zabbixserver is not None:
tempfile.close()
except IndexError:
parser.error("No data")
except "bogus":
parser.error("Error creating the file to send")
try:
if opts.zabbixserver is not None:
sendValues(filepath = tempfilepath, zabbixserver = opts.zabbixserver, zabbixport = opts.zabbixport, senderloc = opts.senderloc)
except ErrorSendingValues:
parser.error("An error occurred while sending values to the Zabbix server")
finally:
if opts.zabbixserver is not None:
try:
tempfile.close()
except:
pass
os.remove(tempfilepath)

12
files/default/traps/httpd.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
procs=$(/etc/init.d/httpd status >/dev/null 2>&1)
ret=$?
if [[ $ret -eq 0 ]]
then
echo "- apache.status 1"
else
echo "- apache.status 0"
fi

12
files/default/traps/idp.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
curl -ks https://localhost/idp/status | grep "idp_version" >/dev/null 2>&1
ret=$?
if [[ "$ret" -ne 0 ]]
then
echo "- shibboleth.idp.status 0"
else
echo "- shibboleth.idp.status 1"
fi

73
files/default/traps/mongo26.sh Executable file
View file

@ -0,0 +1,73 @@
#! /bin/bash
configPath="$(dirname $(readlink -f $0))"
if [[ -r "${configPath}/mongo26.config" ]]
then
source "${configPath}/mongo26.config"
else
exit 0
fi
# A single mandatory parameter: the Zabbix Server host
# Send just the first 7 values
fields=(insert query update delete getmore command flushes mapped vsize res faults locked_db idx_miss_% "qr|qw" "ar|aw" netIn netOut conn time)
#sendIDX=(0 1 2 3 4 5 7 12 13 14 15 16 17 19 20)
sendIDX=(0 1 2 3 4 5 6 10 12 13 14 17)
#IFS=$' \t\n|'
set -o pipefail
declare -A mongostat
eval $(mongostat --username ${mongoUser} --password ${mongoPass} --ssl -n 1 6 2>&1 | (
OLDIFS=$IFS
IFS=$' \t\n'
read test1;
read test2;
#echo "test1=$test1"
#echo "test2=$test2"
if [[ "$test2" != "insert query update delete getmore command flushes mapped vsize res faults locked db idx miss % qr|qw ar|aw netIn netOut conn time" ]]
then
exit 2
fi
read -a values;
curField=0
for i in ${sendIDX[@]}
do
if [[ "${fields[i]}" = "command" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[command]=${subvalues[0]}"
elif [[ "${fields[i]}" = "qr|qw" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[qr]=${subvalues[0]}"
echo "mongostat[qw]=${subvalues[1]}"
elif [[ "${fields[i]}" = "ar|aw" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[ar]=${subvalues[0]}"
echo "mongostat[aw]=${subvalues[1]}"
else
if [[ $curField -lt 4 ]]
then
echo "mongostat[${fields[i]}]=${values[i]//\*}"
else
echo "mongostat[${fields[i]}]=${values[i]}"
fi
fi
let curField++
done
IFS=$OLDIFS
))
ret=$?
if [[ $ret -ne 0 ]]
then
echo "- mongostat[status] 0"
else
for v in "${!mongostat[@]}"
do
echo "- mongostat[$v] ${mongostat[$v]}"
done
echo "- mongostat[status] 1"
fi

22
files/default/traps/openldap.sh Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
search=$(ldapsearch -x -H ldapi:/// -b '' -s base '(objectClass=*)' namingConexts | grep -wc "Success")
if [[ $search -gt 0 ]]
then
echo "- ldap.search 1"
else
echo "- ldap.search 0"
fi
#port=$(zabbix_agent -t net.tcp.port[,636] | cut -d'|' -f2 | cut -d']' -f1)
#echo "- ldap.port $port"
port=$(ss -lnp 2>&1 | grep ':636' | wc -l)
if [[ $port -gt 0 ]]
then
echo "- ldap.port 1"
else
echo "- ldap.port 0"
fi

12
files/default/traps/openldap2.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
/etc/init.d/slapd status >/dev/null 2>&1
status=$?
if [[ $status -ne 0 ]]
then
echo "- ldap.status 0"
else
echo "- ldap.status 1"
fi

109
files/default/traps/runtrap Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

109
files/default/traps/runtrap.debug Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

109
files/default/traps/runtrap.debugpost Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

17
files/default/traps/scripts/check_mongo2 Normal file
View file

@ -0,0 +1,17 @@
#/usr/bin/python
import sys
import urllib
import simplejson
f = urllib.urlopen("http://127.0.0.1:28017/_status" )
data=simplejson.loads(f.read())
condition=data[sys.argv[1]][sys.argv[2]]
if len(sys.argv) == 5:
print condition [sys.argv[3]] [sys.argv[4]]
elif len(sys.argv) == 4:
print condition [sys.argv[3]]
else:
print condition

1457
files/default/traps/scripts/check_mongodb Executable file
View file

File diff suppressed because it is too large Load diff

14
files/default/traps/scripts/openldap Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
search=$(ldapsearch -x -H ldapi:/// -b '' -s base '(objectClass=*)' namingConexts | grep -wc "Success")
if [[ $search -gt 0 ]]
then
echo "- ldap.search 1"
else
echo "- ldap.search 0"
fi
port=$(zabbix_agent -t net.tcp.port[,636] | cut -d'|' -f2 | cut -d']' -f1)
echo "- ldap.port $port"

17
files/default/traps/sp.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
status=$(curl -ks https://localhost/Shibboleth.sso/Status)
statusErr=$?
if [[ $statusErr -eq 0 ]]
then
if grep -q '<Status><OK/></Status>' <<< "$status"
then
echo "- shibboleth.sp.status 1"
else
echo "- shibboleth.sp.status 0"
fi
else
echo "- shibboleth.sp.status 0"
fi

12
files/default/traps/tomcat.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
/etc/init.d/tomcat6 status >/dev/null 2>&1
ret=$?
if [[ $ret -eq 0 ]]
then
echo "- tomcat.status 1"
else
echo "- tomcat.status 0"
fi

84
local-vagrantfile.rb Normal file
View file

@ -0,0 +1,84 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = '2'
Vagrant.require_version '>= 1.5.0'
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
config.vm.hostname = 'integrationtesting'
# Set the version of chef to install using the vagrant-omnibus plugin
# NOTE: You will need to install the vagrant-omnibus plugin:
#
# $ vagrant plugin install vagrant-omnibus
#
if Vagrant.has_plugin?("vagrant-omnibus")
config.omnibus.chef_version = 'latest'
end
# Every Vagrant virtual environment requires a box to build off of.
# If this value is a shorthand to a box in Vagrant Cloud then
# config.vm.box_url doesn't need to be specified.
config.vm.box = 'bento/centos-6.7'
# Assign this VM to a host-only network IP, allowing you to access it
# via the IP. Host-only networks can talk to the host machine as well as
# any other machines on the same network, but cannot be accessed (through this
# network interface) by any external networks.
config.vm.network :private_network, type: 'dhcp'
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider :virtualbox do |vb|
# # Don't boot with headless mode
# vb.gui = true
#
# # Use VBoxManage to customize the VM. For example to change memory:
# vb.customize ["modifyvm", :id, "--memory", "1024"]
# end
#
# View the documentation for the provider you're using for more
# information on available options.
# The path to the Berksfile to use with Vagrant Berkshelf
# config.berkshelf.berksfile_path = "./Berksfile"
config.vm.define "app1" do |v|
v.vm.provider "virtualbox" do |p|
p.memory = 2048
p.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
end
# Enabling the Berkshelf plugin. To enable this globally, add this configuration
# option to your ~/.vagrant.d/Vagrantfile file
#config.berkshelf.enabled = true
# An array of symbols representing groups of cookbook described in the Vagrantfile
# to exclusively install and copy to Vagrant's shelf.
# config.berkshelf.only = []
# An array of symbols representing groups of cookbook described in the Vagrantfile
# to skip installing and copying to Vagrant's shelf.
# config.berkshelf.except = []
end
end

16
metadata.rb Normal file
View file

@ -0,0 +1,16 @@
name 'zabbix'
maintainer 'Eric Renfro'
maintainer_email 'psi-jack@linux-help.org'
license 'Apache 2.0'
description 'Installs Zabbix Server & Client agents for EL linux distributions'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '1.4.0'
source_url 'https://git.linux-help.org/Linux-Help/zabbix' if respond_to?(:source_url)
issues_url 'https://git.linux-help.org/Linux-Help/zabbix/issues' if respond_to?(:issues_url)
%w(amazon centos redhat oracle scientific).each do |os|
supports os
end
recipe 'zabbix', 'Installs zabbix'

118
recipes/agent.rb Normal file
View file

@ -0,0 +1,118 @@
#
# Cookbook Name:: zabbix
# Recipe:: agent
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'zabbix::trap_scripts'
# Install zabbix package and dependencies
%w{zabbix-agent zabbix-sender cronie crontabs}.each do |pkg|
yum_package pkg
end
# Install custom zabbix_agentd.conf
template "/etc/zabbix/zabbix_agentd.conf" do
source "zabbix_agentd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[zabbix-agent]", :delayed
end
# Define the zabbix service, set to start on boot
service "zabbix-agent" do
supports :restart => true, :status => true, :reload => false
action [:enable, :start]
end
# Install custom trap scripts.
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
directory path do
owner 'root'
group 'root'
mode '0755'
end
end
remote_directory "/etc/zabbix/trap.d" do
files_backup 0
files_owner 'root'
files_group 'zabbix'
files_mode '0750'
owner 'root'
group 'root'
source 'traps'
action :create
end
if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb')
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:users => credentials['mongo']['users'][node.chef_environment]
})
end
else
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
# Link live agents to node
node['zabbix']['trap_scripts']['live']['add'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
end
end
# Link daily agents to node
node['zabbix']['trap_scripts']['daily']['add'].each do |script|
link "/etc/zabbix/trap.d/daily/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
end
end
# Delete live agents to node
node['zabbix']['trap_scripts']['live']['del'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
action :delete
end
end
# Delete daily agents to node
node['zabbix']['trap_scripts']['daily']['del'].each do |script|
link "/etc/zabbix/trap.d/daily/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
action :delete
end
end
# Setup trapper crons according to agents setup as appropriate:
cron "zabbix_live" do
minute '*'
hour '*'
user "root"
command %Q{/etc/zabbix/trap.d/runtrap live >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['live']['add'].any? }
end
cron "zabbix_daily" do
minute '*'
hour '0'
user "root"
command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['daily']['add'].any? }
end

97
recipes/database.rb Normal file
View file

@ -0,0 +1,97 @@
#
# Cookbook Name:: zabbix
# Recipe:: database
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
yum_package 'postgresql94-server'
directory '/tmp/database' do
owner 'root'
group 'root'
mode '0755'
action :create
only_if { Dir.glob('/var/lib/pgsql/9.4/data/*').empty? }
end
template "/tmp/database/schema.sql" do
source "schema.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
template "/tmp/database/images.sql" do
source "images.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
template "/tmp/database/data.sql" do
source "data.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
execute 'initializingdb' do
command 'service postgresql-9.4 initdb'
action :run
only_if { Dir.glob('/var/lib/pgsql/9.4/data/*').empty? }
end
template "/var/lib/pgsql/9.4/data/pg_hba.conf" do
source "pg_hba.conf.erb"
mode "0600"
owner "postgres"
group "postgres"
notifies :restart, "service[postgresql-9.4]", :immediately
end
service 'postgresql-9.4' do
action [:start, :enable]
end
bash 'configure_postgres' do
user 'root'
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
code <<-EOH
su postgres -l -c "psql -U postgres -c \\"CREATE DATABASE zabbix WITH ENCODING='UTF-8';\\""
su postgres -l -c "psql -U postgres -c \\"CREATE USER zabbixmaster WITH PASSWORD '#{credentials['zabbix']['postgres_password']}';\\""
su postgres -l -c "psql -U postgres -c \\"GRANT ALL PRIVILEGES ON DATABASE zabbix to zabbixmaster;\\""
EOH
only_if { Dir.exist?('/tmp/database') }
end
bash 'configure_schema' do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
sensitive true
environment ({
"PGPASSWORD" => credentials['zabbix']['postgres_password']
})
code <<-EOH
cd /tmp/database/
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/schema.sql;
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/images.sql;
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/data.sql;
EOH
only_if { Dir.exist?('/tmp/database') }
end
directory "cleanup" do
path "/tmp/database"
recursive true
action :delete
end

13
recipes/default.rb Normal file
View file

@ -0,0 +1,13 @@
#
# Cookbook Name:: zabbix
# Recipe:: default
#
# Copyright 2014, Mobiquity, Inc.
# Authors:
# Eric Renfro <erenfro@mobiquityinc.com>
#
# All rights reserved - Do Not Redistribute
#
include_recipe 'zabbix::agent'

44
recipes/proxy.rb Normal file
View file

@ -0,0 +1,44 @@
#
# Cookbook Name:: zabbix
# Recipe:: proxy
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
directory "/var/lib/zabbix" do
owner 'zabbix'
group 'zabbix'
mode '0750'
action :create
end
template "/etc/zabbix/zabbix_proxy.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_proxy.conf.erb"
sensitive true
mode "0640"
owner "root"
group "root"
notifies :restart, "service[zabbix-proxy]", :immediately
end
service 'zabbix-proxy' do
supports :restart => true, :start => true
action :enable
end
include_recipe 'zabbix::agent'

109
recipes/server.rb Normal file
View file

@ -0,0 +1,109 @@
#
# Cookbook Name:: zabbix
# Recipe:: server
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
%w{httpd mod_ssl}.each do |pkg|
yum_package pkg do
version '2.2.15-39.el6'
allow_downgrade true
action :install
end
end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
yum_package pkg do
version '5.6.28-1.ius.centos6'
allow_downgrade true
action :install
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/zabbix.conf" do
source "zabbix_httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/security.conf" do
source "security.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/ssl.conf" do
source "ssl.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/zabbix/zabbix_server.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_server.conf.erb"
sensitive true
mode "0640"
owner "root"
group "root"
notifies :restart, "service[zabbix-server]", :immediately
end
template "/etc/zabbix/web/zabbix.conf.php" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_web.conf.erb"
sensitive true
mode "0640"
owner "root"
group "apache"
end
template "/etc/php.ini" do
source "php.ini.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :immediately
end
service 'httpd' do
supports :restart => true, :start => true
action :enable
end
service 'zabbix-server' do
supports :restart => true, :start => true
action :enable
end
include_recipe 'zabbix::agent'

81
recipes/trap_scripts.rb Normal file
View file

@ -0,0 +1,81 @@
#
# Cookbook Name:: zabbix
# Recipe:: trap_scripts
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
node.override['zabbix']['trap_scripts']['live']['add'] = []
node.override['zabbix']['trap_scripts']['live']['del'] = []
node.override['zabbix']['trap_scripts']['daily']['add'] = []
node.override['zabbix']['trap_scripts']['daily']['del'] = []
node.override['zabbix']['agent_meta'] = []
# Utilize node tags to determine which agents to activate:
###########################################################
# Apache Web Server
#
if node['recipes'].include?('httpd') or node.tags.include?('httpd')
node.override['zabbix']['trap_scripts']['live']['add'] += ['httpd.sh', 'ssl_check_apache.sh']
node.override['zabbix']['agent_meta'] += ['HTTPD']
elsif
node.override['zabbix']['trap_scripts']['live']['del'] += ['httpd.sh', 'ssl_check_apache.sh']
end
###########################################################
# OpenLDAP
#
if node['recipes'].include?('ldap') or node.tags.include?('openldap')
node.override['zabbix']['trap_scripts']['live']['add'] += ['openldap2.sh', 'ssl_check_ldap.sh']
node.override['zabbix']['agent_meta'] += ['OpenLDAP']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['openldap2.sh', 'ssl_check_ldap.sh']
end
###########################################################
# MongoDB
#
if node['recipes'].include?('mongodb') or node.tags.include?('mongodb')
node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh']
node.override['zabbix']['agent_meta'] += ['MongoDB']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh']
end
###########################################################
# Shibboleth Service Provider
#
if node['recipes'].include?('shibboleth') or node.tags.include?('shibboleth')
node.override['zabbix']['trap_scripts']['live']['add'] += ['sp.sh', 'idp.sh', 'tomcat.sh']
if not node.override['zabbix']['trap_scripts']['live']['add'].include?('httpd.sh')
node.override['zabbix']['trap_scripts']['live']['add'] += ['httpd.sh']
end
if node.override['zabbix']['trap_scripts']['live']['del'].include?('httpd.sh')
node.override['zabbix']['trap_scripts']['live']['del'].delete('httpd.sh')
end
if node['zabbix']['agent_meta'].include?('HTTPD')
node.override['zabbix']['agent_meta'].delete('HTTPD')
end
node.override['zabbix']['agent_meta'] += ['ShibD']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['sp.sh', 'idp.sh']
if not node['recipes'].include?('tomcat')
node.override['zabbix']['trap_scripts']['live']['del'] += ['tomcat.sh']
end
end
###########################################################
# Tomcat
#
if (node['recipes'].include?('tomcat') or node.tags.include?('tomcat')) and
not node.override['zabbix']['trap_scripts']['live']['add'].include?('tomcat.sh')
node.override['zabbix']['trap_scripts']['live']['add'] += ['tomcat.sh']
node.override['zabbix']['agent_meta'] += ['Tomcat6']
elsif not node['zabbix']['trap_scripts']['live']['del'].include?('tomcat.sh') and
not node['zabbix']['trap_scripts']['live']['add'].include?('tomcat.sh') and
not node.tags.include?('tomcat')
node.override['zabbix']['trap_scripts']['live']['del'] += ['tomcat.sh']
end

9
spec/spec_helper.rb Normal file
View file

@ -0,0 +1,9 @@
require 'chefspec'
require 'chefspec/berkshelf'
RSpec.configure do |config|
config.platform = 'centos'
config.version = '6.5'
end
ChefSpec::Coverage.start!

180
spec/unit/recipes/agent_spec.rb Normal file
View file

@ -0,0 +1,180 @@
#
# Cookbook Name:: zabbix
# Spec:: agent
#
# Copyright (c) 2015 Mobiquity Inc, All Rights Reserved.
require 'spec_helper'
describe 'zabbix::agent' do
context 'When all zabbix tags are enabled, on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test_env'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
node.normal['tags'] = [ 'httpd', 'openldap', 'mongodb', 'shibboleth', 'tomcat' ]
end.converge(described_recipe)
end
before do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'mongo' => {
'users' => {
'unit_test_env' => {
'mmsagent' => {
'username' => 'unit_test_username',
'password' => 'unit_test_password'
}
}
}
}
})
end
let(:zabbix_agent_template) { chef_run.template('/etc/zabbix/zabbix_agentd.conf') }
it 'installs zabbix packages' do
%w{zabbix-agent zabbix-sender}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'installs wget' do
%w{wget crontabs cronie}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
end
end
it 'generates zabbix_agentd.conf file' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_agentd.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'zabbix_agentd.conf.erb'
)
expect(zabbix_agent_template).to notify('service[zabbix-agent]').to(:restart).delayed
end
it 'enables and starts zabbix service' do
expect(chef_run).to enable_service('zabbix-agent')
expect(chef_run).to start_service('zabbix-agent')
end
it 'creates zabbix trap directories' do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
expect(chef_run).to create_directory(path)
.with(
owner: 'root',
group: 'root',
mode: '0755'
)
end
end
it 'populates trap.d directory' do
expect(chef_run).to create_remote_directory('/etc/zabbix/trap.d')
.with(
files_backup: 0,
files_owner: 'root',
files_group: 'zabbix',
files_mode: '0750',
owner: 'root',
group: 'root',
source: 'traps'
)
end
it 'renders mongo trap' do
expect(chef_run).to create_template('/etc/zabbix/trap.d/mongo26.config')
.with(
owner: 'root',
group: 'root',
mode: '0700',
source: 'mongo26.config.erb'
)
expect(chef_run).to render_file('/etc/zabbix/trap.d/mongo26.config')
.with_content('mongoUser="unit_test_username"
mongoPass="unit_test_password"')
end
it 'renders links to trap scripts' do
httplink = chef_run.link('/etc/zabbix/trap.d/live/httpd.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/httpd.sh')
.with(to: '/etc/zabbix/trap.d/httpd.sh')
expect(httplink).to link_to('/etc/zabbix/trap.d/httpd.sh')
openldap2 = chef_run.link('/etc/zabbix/trap.d/live/openldap2.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/openldap2.sh')
.with(to: '/etc/zabbix/trap.d/openldap2.sh')
expect(openldap2).to link_to('/etc/zabbix/trap.d/openldap2.sh')
sp = chef_run.link('/etc/zabbix/trap.d/live/sp.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/sp.sh')
.with(to: '/etc/zabbix/trap.d/sp.sh')
expect(sp).to link_to('/etc/zabbix/trap.d/sp.sh')
idp = chef_run.link('/etc/zabbix/trap.d/live/idp.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/idp.sh')
.with(to: '/etc/zabbix/trap.d/idp.sh')
expect(idp).to link_to('/etc/zabbix/trap.d/idp.sh')
tomcat = chef_run.link('/etc/zabbix/trap.d/live/tomcat.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/tomcat.sh')
.with(to: '/etc/zabbix/trap.d/tomcat.sh')
expect(tomcat).to link_to('/etc/zabbix/trap.d/tomcat.sh')
mongo26 = chef_run.link('/etc/zabbix/trap.d/live/mongo26.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/mongo26.sh')
.with(to: '/etc/zabbix/trap.d/mongo26.sh')
expect(mongo26).to link_to('/etc/zabbix/trap.d/mongo26.sh')
ssl_check_apache = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_apache.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_apache.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_apache.sh')
expect(ssl_check_apache).to link_to('/etc/zabbix/trap.d/ssl_check_apache.sh')
ssl_check_ldap = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_ldap.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_ldap.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_ldap.sh')
expect(ssl_check_ldap).to link_to('/etc/zabbix/trap.d/ssl_check_ldap.sh')
ssl_check_mongo = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_mongo.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_mongo.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_mongo.sh')
expect(ssl_check_mongo).to link_to('/etc/zabbix/trap.d/ssl_check_mongo.sh')
end
it 'creates trapper crons' do
expect(chef_run).to create_cron('zabbix_live')
.with(
minute: '*',
hour: '*',
user: 'root',
)
expect(chef_run).to_not create_cron('zabbix_daily')
.with(
minute: '*',
hour: '0',
user: 'root',
)
end
end
end

114
spec/unit/recipes/database_spec.rb Normal file
View file

@ -0,0 +1,114 @@
require 'spec_helper'
describe 'zabbix::database' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
# Stubbing Directory results
allow(Dir).to receive(:exist?).with('/tmp/database').and_return(true)
allow(Dir).to receive(:empty?).with('/var/lib/pgsql/9.4/data/*').and_return(true)
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
end
let(:pg_hba_template) { chef_run.template('/var/lib/pgsql/9.4/data/pg_hba.conf') }
it 'installs a package postgresql94-server' do
expect(chef_run).to install_yum_package('postgresql94-server')
end
it 'creates a directory database' do
expect(chef_run).to create_directory('/tmp/database')
end
it 'creates schema.sql' do
expect(chef_run).to create_template('/tmp/database/schema.sql')
.with(
source: 'schema.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'creates images.sql' do
expect(chef_run).to create_template('/tmp/database/images.sql')
.with(
source: 'images.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'creates data.sql' do
expect(chef_run).to create_template('/tmp/database/data.sql')
.with(
source: 'data.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'runs the yum command to initialize postgresql db' do
expect(chef_run).to run_execute('initializingdb')
end
it 'creates pg_hba.conf' do
expect(chef_run).to create_template('/var/lib/pgsql/9.4/data/pg_hba.conf')
.with(
source: 'pg_hba.conf.erb',
mode: '0600',
owner: 'postgres',
group: 'postgres'
)
expect(pg_hba_template).to notify('service[postgresql-9.4]').to(:restart).immediately
end
it 'executes both start and enable actions for postgresql-9.4' do
expect(chef_run).to start_service('postgresql-9.4')
expect(chef_run).to enable_service('postgresql-9.4')
end
it 'runs configures postgres db' do
expect(chef_run).to run_bash('configure_postgres')
end
it 'runs configure postgres schema' do
expect(chef_run).to run_bash('configure_schema')
end
it 'cleans up temporary files' do
expect(chef_run).to delete_directory('cleanup')
end
end
end

18
spec/unit/recipes/default_spec.rb Normal file
View file

@ -0,0 +1,18 @@
#
# Cookbook Name:: zabbix
# Spec:: default
#
# Copyright (c) 2015 The Authors, All Rights Reserved.
require 'spec_helper'
describe 'zabbix::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) { ChefSpec::SoloRunner.converge(described_recipe) }
it 'calls zabbix agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

78
spec/unit/recipes/proxy_spec.rb Normal file
View file

@ -0,0 +1,78 @@
require 'spec_helper'
describe 'zabbix::proxy' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
end
let(:zabbix_proxy_template) { chef_run.template('/etc/zabbix/zabbix_proxy.conf') }
it 'installs the zabbix proxy packages' do
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'creates /var/lib/zabbix directory' do
expect(chef_run).to create_directory('/var/lib/zabbix')
.with(
mode: '0750',
owner: 'zabbix',
group: 'zabbix'
)
end
it 'creates zabbix_proxy.conf' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_proxy.conf')
.with(
source: 'zabbix_proxy.conf.erb',
mode: '0640',
owner: 'root',
group: 'root'
)
expect(zabbix_proxy_template).to notify('service[zabbix-proxy]').to(:restart).immediately
end
it 'enables both start and enable actions for zabbix-proxy' do
expect(chef_run).to enable_service('zabbix-proxy')
end
it 'includes agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

169
spec/unit/recipes/server_spec.rb Normal file
View file

@ -0,0 +1,169 @@
require 'spec_helper'
describe 'zabbix::server' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
allow(Chef::EncryptedDataBagItem).to receive(:load).with('ssl', 'httpd').and_return(
{
'certificate' => 'unit_test_certificate_stub',
'digicert1' => 'unit_test_digicert1_stub',
'digicert2' => 'unit_test_digicert2_stub',
'key' => 'unit_test_key_stub'
})
end
let(:httpd_template_security) { chef_run.template('/etc/httpd/conf.d/security.conf') }
let(:httpd_template_httpd) { chef_run.template('/etc/httpd/conf/httpd.conf') }
let(:httpd_template_ssl) { chef_run.template('/etc/httpd/conf.d/ssl.conf') }
let(:zabbix_httpd_template) { chef_run.template('/etc/httpd/conf.d/zabbix.conf') }
let(:zabbix_server_template) { chef_run.template('/etc/zabbix/zabbix_server.conf') }
let(:php_ini_template) { chef_run.template('/etc/php.ini') }
it 'installs the httpd packages' do
%w{httpd mod_ssl}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '2.2.15-39.el6',
allow_downgrade: true
)
end
end
it 'installs the zabbix server packages' do
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'installs the php packages' do
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
expect(chef_run).to install_yum_package(pkg).with(
version: '5.6.28-1.ius.centos6',
allow_downgrade: true
)
end
end
it 'writes apache main configuration file' do
expect(chef_run).to create_template('/etc/httpd/conf/httpd.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'httpd.conf.erb'
)
expect(httpd_template_security).to notify('service[httpd]').to(:restart).delayed
end
it 'creates zabbix.conf in httpd conf.d' do
expect(chef_run).to create_template('/etc/httpd/conf.d/zabbix.conf')
.with(
source: 'zabbix_httpd.conf.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
expect(zabbix_httpd_template).to notify('service[httpd]').to(:restart).delayed
end
it 'writes apache security configuration' do
expect(chef_run).to create_template('/etc/httpd/conf.d/security.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'security.conf.erb'
)
expect(httpd_template_security).to notify('service[httpd]').to(:restart).delayed
end
it 'writes apache ssl configuration' do
expect(chef_run).to create_template('/etc/httpd/conf.d/ssl.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'ssl.conf.erb'
)
expect(httpd_template_ssl).to notify('service[httpd]').to(:restart).delayed
end
it 'creates zabbix_server.conf' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_server.conf')
.with(
source: 'zabbix_server.conf.erb',
mode: '0640',
owner: 'root',
group: 'root'
)
expect(zabbix_server_template).to notify('service[zabbix-server]').to(:restart).immediately
end
it 'creates zabbix.conf.php' do
expect(chef_run).to create_template('/etc/zabbix/web/zabbix.conf.php')
.with(
source: 'zabbix_web.conf.erb',
mode: '0640',
owner: 'root',
group: 'apache'
)
end
it 'creates php.ini' do
expect(chef_run).to create_template('/etc/php.ini')
.with(
source: 'php.ini.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
expect(php_ini_template).to notify('service[httpd]').to(:restart).immediately
end
it 'enables both start and enable actions for httpd' do
expect(chef_run).to enable_service('httpd')
end
it 'enables both start and enable actions for zabbix-server' do
expect(chef_run).to enable_service('zabbix-server')
end
it 'includes agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

3342
templates/default/data.sql.erb Normal file
View file

File diff suppressed because it is too large Load diff

1003
templates/default/httpd.conf.erb Normal file
View file

File diff suppressed because it is too large Load diff

187
templates/default/images.sql.erb Normal file
View file

File diff suppressed because one or more lines are too long

3
templates/default/mongo26.config.erb Normal file
View file

@ -0,0 +1,3 @@
mongoUser="<%= @users['mmsagent']['username'] %>"
mongoPass="<%= @users['mmsagent']['password'] %>"

9
templates/default/pg_hba.conf.erb Normal file
View file

@ -0,0 +1,9 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 10.10.2.0/16 md5
# IPV6 local connections:
host all all ::1/128 md5

8
templates/default/php.ini.erb Normal file
View file

@ -0,0 +1,8 @@
*******
max_execution_time = 300
memory_limit = 128M
post_max_size = 16M
upload_max_filesize = 2M
max_input_time = 300
date.timezone = America/New_York
*******

1593
templates/default/schema.sql.erb Normal file
View file

File diff suppressed because it is too large Load diff

78
templates/default/security.conf.erb Normal file
View file

@ -0,0 +1,78 @@
#########################################################################
# This file is centrally managed by chef.
# Manual changes will be over written
#########################################################################
# TODO: These standard settings should be merged back in with the
# httpd.conf.erb file
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages. It will be made the default for the release after lenny.
#
#<Directory />
# AllowOverride None
# Order Deny,Allow
# Deny from all
#</Directory>
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
#
TraceEnable Off
#
# Always send HSTS Header
#
#
<% unless node['zabbix']['httpd_conf']['https_redirection_enabled'] == false %>
LoadModule headers_module modules/mod_headers.so
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<% end %>
#
# Always redirect incoming HTTP connections to HTTPS
# Enable mod_rewrite
# If connection is not https
# Rewrite the URL to https using the host and URI passed by the browser.
<% unless node['zabbix']['httpd_conf']['https_redirection_enabled'] == false %>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<% end %>
# Address ETag Inode Information Leakage Vulnerability
FileETag MTime Size

244
templates/default/ssl.conf.erb Normal file
View file

@ -0,0 +1,244 @@
#########################################################################
# This file is centrally managed by chef.
# Manual changes will be over written
#########################################################################
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
LogFormat "%h %l - %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D"combined
CustomLog logs/ssl_access_log combined
# TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA AES256-SHA RC4 !aNULL !eNULL !LOW !SEED !CAMELLIA128 !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
<% if node['letsencrypt']['enabled'] == true %>
SSLCertificateFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/cert.pem
<% else %>
SSLCertificateFile /etc/pki/tls/certs/mydomain.crt
<% end %>
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<% if node['letsencrypt']['enabled'] == true %>
SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/privkey.pem
<% else %>
SSLCertificateKeyFile /etc/pki/tls/private/mydomain.key
<% end %>
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
<% if node['letsencrypt']['enabled'] == true %>
SSLCACertificateFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/chain.pem
<% else %>
SSLCACertificateFile /etc/pki/tls/certs/DigiCertCA.crt
<% end %>
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

401
templates/default/zabbix_agentd.conf.erb Normal file
View file

@ -0,0 +1,401 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix agent daemon (Unix)
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid
PidFile=/var/run/zabbix/zabbix_agentd.pid
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
EnableRemoteCommands=1
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
LogRemoteCommands=1
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
#
# Mandatory: no
# Default:
# Server=
Server=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050
### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3
##### Active checks related
### Option: ServerActive
# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
# ServerActive=
ServerActive=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=<%= node['fqdn'] %>
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostMetadata=
HostMetadata=Linux <%= node['zabbix']['agent_meta'].join(' ') %>
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=20
############ ADVANCED PARAMETERS #################
### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user 'zabbix':
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: AllowRoot
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
Include=/etc/zabbix/zabbix_agentd.d/
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

60
templates/default/zabbix_httpd.conf.erb Normal file
View file

@ -0,0 +1,60 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# Zabbix monitoring system php web frontend
#
Alias /zabbix /usr/share/zabbix
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
# php_value date.timezone Europe/Riga
</IfModule>
</Directory>
<Directory "/usr/share/zabbix/conf">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/api">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include/classes">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>

680
templates/default/zabbix_proxy.conf.erb Normal file
View file

@ -0,0 +1,680 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix proxy daemon
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ProxyMode
# Proxy operating mode.
# 0 - proxy in the active mode
# 1 - proxy in the passive mode
#
# Mandatory: no
# Default:
# ProxyMode=0
### Option: Server
# IP address (or hostname) of Zabbix server.
# Active proxy will get configuration data from the server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: yes (if ProxyMode is set to 0)
# Default:
# Server=
Server=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: ServerPort
# Port of Zabbix trapper on Zabbix server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ServerPort=10051
### Option: Hostname
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=<%= node['fqdn'] %>
### Option: HostnameItem
# Item used for generating Hostname if it is undefined.
# Ignored if Hostname is defined.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_proxy.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_proxy.pid
PidFile=/var/run/zabbix/zabbix_proxy.pid
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# Warning: do not attempt to use the same database Zabbix server is using.
#
# Mandatory: yes
# Default:
# DBName=
DBName=/var/lib/zabbix/zabbix_proxy.db
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Default:
# DBUser=
DBUser=zabbix
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
# DBPassword=
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
# Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Default (for MySQL):
# DBPort=3306
######### PROXY SPECIFIC PARAMETERS #############
### Option: ProxyLocalBuffer
# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
# This parameter may be used if local data will be used by third party applications.
#
# Mandatory: no
# Range: 0-720
# Default:
# ProxyLocalBuffer=0
### Option: ProxyOfflineBuffer
# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
# Older data will be lost.
#
# Mandatory: no
# Range: 1-720
# Default:
# ProxyOfflineBuffer=1
ProxyOfflineBuffer=24
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of Proxy on server side.
# 0 - heartbeat messages disabled.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 0-3600
# Default:
# HeartbeatFrequency=60
### Option: ConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ConfigFrequency=3600
### Option: DataSenderFrequency
# Proxy will send collected data to the Server every N seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600
# Default:
# DataSenderFrequency=1
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender and active agents.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the proxy.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle.
# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
#
# Mandatory: no
# Range: 0-24
# Default:
# HousekeepingFrequency=1
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size, for storing hosts and items data.
#
# Mandatory: no
# Range: 128K-8G
# Default:
# CacheSize=8M
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=16M
### Option: HistoryIndexCacheSize
# Size of history index cache, in bytes.
# Shared memory size for indexing history cache.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryIndexCacheSize=4M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
Timeout=4
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
LogSlowQueries=3000
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: AllowRoot
# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_proxy.general.conf
# Include=/usr/local/etc/zabbix_proxy.conf.d/
# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of proxy modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the proxy certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the proxy private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

590
templates/default/zabbix_server.conf.erb Normal file
View file

@ -0,0 +1,590 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix Server process
# To get more information about Zabbix,
# visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogFile
# Name of log file.
# If not set, syslog is used.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_server.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
# Mandatory: no
# Range: 0-4
# Default:
# DebugLevel=3
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_server.pid
PidFile=/var/run/zabbix/zabbix_server.pid
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
#
# Mandatory: yes
# Default:
# DBName=
DBName=zabbix
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Mandatory: no
# Default:
# DBUser=
DBUser=zabbixmaster
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=<%= @DBPassword %>
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
DBSocket=/var/lib/mysql/mysql.sock
### Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Range: 1024-65535
# Default (for MySQL):
# DBPort=3306
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
# At least one trapper process must be running to display server availability and view queue
# in the frontend.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: StartTimers
# Number of pre-forked instances of timers.
# Timers process time-based trigger functions and maintenance periods.
# Only the first timer process handles the maintenance periods.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartTimers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the server.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptt/snmptt.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
# ListenIP=127.0.0.1
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle, for each item.
# To lower load on server startup housekeeping is postponed for 30 minutes after server start.
#
# Mandatory: no
# Range: 1-24
# Default:
# HousekeepingFrequency=1
### Option: MaxHousekeeperDelete
# The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
# [housekeeperid], [tablename], [field], [value].
# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
# will be deleted per one task in one housekeeping cycle.
# SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
# If set to 0 then no limit is used at all. In this case you must know what you are doing!
#
# Mandatory: no
# Range: 0-1000000
# Default:
# MaxHousekeeperDelete=500
### Option: SenderFrequency
# How often Zabbix will try to send unsent alerts (in seconds).
#
# Mandatory: no
# Range: 5-3600
# Default:
# SenderFrequency=30
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size for storing host, item and trigger data.
#
# Mandatory: no
# Range: 128K-8G
# Default:
# CacheSize=8M
### Option: CacheUpdateFrequency
# How often Zabbix will perform update of configuration cache, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# CacheUpdateFrequency=60
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=8M
### Option: TrendCacheSize
# Size of trend cache, in bytes.
# Shared memory size for storing trends data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# TrendCacheSize=4M
### Option: HistoryTextCacheSize
# Size of text history cache, in bytes.
# Shared memory size for storing character, text or log history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryTextCacheSize=16M
### Option: ValueCacheSize
# Size of history value cache, in bytes.
# Shared memory size for caching item history data requests.
# Setting to 0 disables value cache.
#
# Mandatory: no
# Range: 0,128K-64G
# Default:
# ValueCacheSize=8M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: AlertScriptsPath
# Full path to location of custom alert scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# AlertScriptsPath=${datadir}/zabbix/alertscripts
AlertScriptsPath=/usr/lib/zabbix/alertscripts
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: StartProxyPollers
# Number of pre-forked instances of pollers for passive proxies.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartProxyPollers=1
### Option: ProxyConfigFrequency
# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
# This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ProxyConfigFrequency=3600
### Option: ProxyDataFrequency
# How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
# This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600
# Default:
# ProxyDataFrequency=1
### Option: AllowRoot
# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_server.general.conf
# Include=/usr/local/etc/zabbix_server.conf.d/
# Include=/usr/local/etc/zabbix_server.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Override the location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of server modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at server startup. Modules are used to extend functionality of the server.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=

20
templates/default/zabbix_web.conf.erb Normal file
View file

@ -0,0 +1,20 @@
<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost';
$DB['PORT'] = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbixmaster';
$DB['PASSWORD'] = '<%= @DBPassword %>';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
$ZBX_SERVER = 'localhost';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

15
test/environments/integration_test_env.json Normal file
View file

@ -0,0 +1,15 @@
{
"name": "integration_test_env",
"description": "placeholder for integration testing",
"cookbook_versions": {
},
"json_class": "Chef::Environment",
"chef_type": "environment",
"default_attributes": {
},
"override_attributes": {
}
}

109
test/integration/agent/serverspec/agent_spec.rb Normal file
View file

@ -0,0 +1,109 @@
require 'spec_helper'
describe 'zabbix::default' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '9d26e61c0f10f3667ee69046a6b253b1af9cb4c73f2d95c432a7359cdeb9c79d' }
end
end
describe "Zabbix Scripts:" do
describe port(10050) do
it { should be_listening.with('tcp') }
end
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
end
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-agent') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

3
test/integration/helpers/serverspec/spec_helper.rb Normal file
View file

@ -0,0 +1,3 @@
require 'serverspec'
set :backend, :exec

106
test/integration/proxy/serverspec/agent_spec.rb Normal file
View file

@ -0,0 +1,106 @@
require 'spec_helper'
describe 'zabbix::default' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '86c94ce6b411573b836d43388044749fb6e2cbe4ddcf9d4492ea9088622a4bcc' }
end
end
describe "Zabbix Scripts:" do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
end
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-proxy') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

53
test/integration/proxy/serverspec/proxy_spec.rb Normal file
View file

@ -0,0 +1,53 @@
require 'spec_helper'
describe 'zabbix::proxy' do
describe "Installed Packages:" do
%w{zabbix-proxy-sqlite3 zabbix-agent zabbix-get}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_proxy.conf') do
it { should be_file }
it { should be_mode 640 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq 'fd1620dfc6f13eeb8ef4d7bdace3dc16bababdf0a46db787d579bdd9ae0c7577' }
end
describe file('/var/lib/zabbix') do
it { should exist }
it { should be_directory }
it { should be_mode 750 }
it { should be_owned_by 'zabbix' }
it { should be_grouped_into 'zabbix' }
end
describe file('/var/lib/zabbix/zabbix_proxy.db') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'zabbix' }
it { should be_grouped_into 'zabbix' }
end
end
describe "Services:" do
describe service('zabbix-proxy') do
it { should be_enabled }
it { should be_running }
end
describe process('zabbix_proxy') do
its(:user) { should eq "zabbix" }
end
describe port(10051) do
it { should be_listening.with('tcp') }
end
end
end

104
test/integration/server/serverspec/agent_spec.rb Normal file
View file

@ -0,0 +1,104 @@
require 'spec_helper'
describe 'zabbix::agent' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '86c94ce6b411573b836d43388044749fb6e2cbe4ddcf9d4492ea9088622a4bcc' }
end
end
describe "Zabbix Agent Scripts:" do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-agent') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

33
test/integration/server/serverspec/database_spec.rb Normal file
View file

@ -0,0 +1,33 @@
require 'spec_helper'
describe 'zabbix::database' do
describe "Installed Packages:" do
describe package('postgresql94-server') do
it { should be_installed }
end
end
describe "Configuration Files:" do
describe file('/var/lib/pgsql/9.4/data/pg_hba.conf') do
it { should be_file }
it { should be_mode 600 }
it { should be_owned_by 'postgres' }
it { should be_grouped_into 'postgres' }
end
end
describe "Services:" do
describe service('postgresql-9.4') do
it { should be_enabled }
it { should be_running }
end
describe process('postmaster') do
its(:user) { should eq 'postgres' }
end
describe port(5432) do
it { should be_listening.on('127.0.0.1').with('tcp') }
end
end
end

90
test/integration/server/serverspec/server_spec.rb Normal file
View file

@ -0,0 +1,90 @@
require 'spec_helper'
describe 'zabbix::server' do
describe "Installed Packages:" do
%w{httpd mod_ssl}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('2.2.15-39.el6') }
end
end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('5.6.28-1.ius.centos6') }
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get zabbix-agent}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('3.0.5-1.el6') }
end
end
end
describe "Configuration Files:" do
describe file('/etc/httpd/conf/httpd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/httpd/conf.d/security.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/httpd/conf.d/ssl.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/zabbix/zabbix_server.conf') do
it { should be_file }
it { should be_mode 640 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '1bd8289af12ada9489b67ac04e1f1dc0ed6736bbebab61153ce85dcbe72b8289' }
end
describe file('/etc/php.ini') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '9b34f15b5bb38627130ced110062f1d9f60aece21de65475ac7b660a9ddbfc71' }
end
end
describe "Services:" do
describe service('httpd') do
it { should be_enabled }
it { should be_running }
end
describe service('zabbix-server') do
it { should be_enabled }
it { should be_running }
end
describe process('zabbix_server') do
its(:user) { should eq "zabbix" }
end
describe port(80) do
it { should be_listening.with('tcp') }
end
#describe port(443) do
# it { should be_listening.with('tcp') }
#end
describe port(10051) do
it { should be_listening.with('tcp') }
end
end
end