Initial commit

This commit is contained in:
Eric Renfro 2017-02-07 01:02:03 -05:00
commit 4ecbdffcac
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
58 changed files with 12367 additions and 0 deletions

19
.gitignore vendored Normal file
View file

@ -0,0 +1,19 @@
.DS_Store
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Berkshelf
.vagrant
Berksfile.lock
# Bundler
Gemfile.lock
bin/*
.bundle/*
.kitchen/
.kitchen.local.yml

34
.kitchen.vagrant.yml Normal file
View file

@ -0,0 +1,34 @@
---
driver:
name: vagrant
network:
- ["forwarded_port", {guest: 80, host: 8880}]
- ["private_network", {ip: "192.168.33.43"}]
provisioner:
name: chef_zero
environments_path: test/environments
client_rb:
environment: integration_test_env
platforms:
- name: bento/centos-6.7
driver:
vagrantfiles:
- local-vagrantfile.rb
vm_hostname: integrationtesting
suites:
- name: default
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::default]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
- name: server
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]

48
.kitchen.yml Normal file
View file

@ -0,0 +1,48 @@
---
driver:
name: docker
provisioner:
name: chef_zero
environments_path: test/environments
client_rb:
environment: integration_test_env
platforms:
- name: centos-6.6-chef-11
driver_config:
image: centos:6.6
platform: rhel
require_chef_omnibus: 12.5.1
use_sudo: false
hostname: integration.test.test
suites:
- name: server
driver:
forward:
- 8087:80
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
- name: agent
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/agent/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::default]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]
zabbix:
agent_servers: ['172.17.0.3']
- name: proxy
data_bags_path: "test/integration/data_bags"
encrypted_data_bag_secret_key_path: "test/integration/server/encrypted_data_bag_secret"
run_list:
- recipe[zabbix::proxy]
attributes:
tags: [ 'httpd', 'openldap', 'mind1', 'mongodb', 'shibboleth', 'tomcat' ]

6
Berksfile Normal file
View file

@ -0,0 +1,6 @@
source "https://supermarket.chef.io"
metadata
cookbook "yum-zabbix", path: "../yum-zabbix"

6
Gemfile Normal file
View file

@ -0,0 +1,6 @@
source 'https://rubygems.org'
gem 'berkshelf'
gem 'test-kitchen'
gem 'chefspec'
gem 'foodcritic'
gem 'kitchen-docker'

41
README.md Normal file
View file

@ -0,0 +1,41 @@
Zabbix Cookbook
============
This cookbook installs, manages, and handles Zabbix for monitoring systems
health and system metrics. It also handles trap script auto-discovery based
on recipe inclusion and tags, as well as auto-registration metadata.
The way auto-discovery works is, for example, if the openldap recipe is
included in the run_list, the zabbix::trap_scripts will set up the variables
used to add certain trap scripts to the monitored system, for use in:`/etc/zabbix/trap.d/{live,daily}/`
Optionally, in case a recipe is incomplete or not in use, you can manually
enable a trap agent by use of tags on a per-node basis as well, using the
node tags as such:
```
{
"name": "some.node.name",
"chef_environment": "_default",
"normal": {
"tags": [
"httpd",
"openldap"
]
},
"run_list": [
"recipe[zabbix]"
]
}
```
This allows for fully automated, and manual designation of agents required
for monitoring on every system.
Available tags for manual override are as follows:
```
httpd: Apache HTTPD
openldap: OpenLDAP
mongodb: MongoDB Database Server
tomcat: Tomcat 6 Server
```

19
attributes/default.rb Normal file
View file

@ -0,0 +1,19 @@
default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = []
if node.run_list?('recipe[zabbix::server]')
default['zabbix']['agent_servers'] = ['127.0.0.1']
elsif node.run_list?('recipe[zabbix::proxy]')
default['zabbix']['agent_servers'] = ['127.0.0.1']
else
default['zabbix']['agent_servers'] = ['127.0.0.1']
end
default['zabbix']['trap_scripts']['live']['add'] = []
default['zabbix']['trap_scripts']['live']['del'] = []
default['zabbix']['trap_scripts']['daily']['add'] = []
default['zabbix']['trap_scripts']['daily']['del'] = []
default['zabbix']['httpd_conf']['https_redirection_enabled'] = true
default['letsencrypt']['enabled'] = false
default['lba_host'] = 'default'

95
chefignore Normal file
View file

@ -0,0 +1,95 @@
# Put files/directories that should be ignored in this file when uploading
# or sharing to the community site.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
Guardfile
Procfile
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
cookbooks/*
tmp
.kitchen
# Cookbooks #
#############
CONTRIBUTING
CHANGELOG*
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
# Travis #
##########
.travis.yml

View file

@ -0,0 +1,263 @@
#!/usr/bin/python2
""" Fetch Apache stats via mod_status and send to Zabbix
By Paulson McIntyre
Patches by:
Zach Bailey <znbailey@gmail.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import urllib
from optparse import OptionParser
import os
from tempfile import mkstemp
import StringIO
import csv
import socket
class ErrorSendingValues(RuntimeError):
""" An error occured while sending the values to the Zabbix
server using zabbix_sender.
"""
def fetchURL(url, user = None, passwd = None):
""" Return the data from a URL """
if user and passwd:
parts = url.split('://')
url = parts[0] + "://" + user + ":" + passwd + "@" + parts[1]
conn = urllib.urlopen(url)
try:
data = conn.read()
finally:
conn.close()
return data
def sendValues(filepath, zabbixserver = "localhost", zabbixport = 10051, senderloc = "zabbix_sender"):
r = os.system("%s --zabbix-server '%s' --port '%s' -i '%s' -vv" % (senderloc, zabbixserver, zabbixport, filepath))
if r != 0:
raise ErrorSendingValues, "An error occured sending the values to the server"
def clean(string, chars):
for i in chars:
string = string.replace(i, '')
return string
def parse(data):
""" Parse the CSV file into a dict of data
"""
mapping = {
"_":"Waiting For Connection",
"S":"Starting Up",
"R":"Reading Request",
"W":"Sending Reply",
"K":"KeepAlive",
"D":"DNS Lookup",
"C":"Closing Connection",
"L":"Logging",
"G":"Gracefully Finishing",
"I":"Idle Cleanup Of Worker",
".":"Open slot with no current process",
}
mappingFloat = [
"CPULoad",
"ReqPerSec",
"BytesPerReq",
"BytesPerSec",
]
# Clean out certian chars
replace = '() '
csvobj = csv.reader(StringIO.StringIO(data), delimiter = ":", skipinitialspace = True)
ret = {}
for (key, val) in csvobj:
if key == 'Scoreboard':
sb = {
"Waiting For Connection":0,
"Starting Up":0,
"Reading Request":0,
"Sending Reply":0,
"KeepAlive":0,
"DNS Lookup":0,
"Closing Connection":0,
"Logging":0,
"Gracefully Finishing":0,
"Idle Cleanup Of Worker":0,
"Open slot with no current process":0,
}
for i in val:
sb[mapping[i]] += 1
ret[key] = sb
else:
ret[key] = val
ret2 = {}
for (key, val) in ret.items():
if key == "Scoreboard":
for (key, val) in val.items():
ret2[clean(key, replace)] = val
if key in mappingFloat:
ret2[clean(key, replace)] = float(val)
else:
ret2[clean(key, replace)] = val
return ret2
if __name__ == "__main__":
parser = OptionParser(
usage = "%prog [-z <Zabbix hostname or IP>] [-o <Apache hostname or IP>]",
version = "%prog $Revision$",
prog = "ApacheStatsForZabbix",
description = """This program gathers data from Apache's
built-in status page and sends it to
Zabbix. The data is sent via zabbix_sender.
Author: Paulson McIntyre (GpMidi)
License: GPLv2
""",
)
parser.add_option(
"-l",
"--url",
action = "store",
type = "string",
dest = "url",
default = None,
help = "Override the automatically generated URL with one of your own",
)
parser.add_option(
"-o",
"--host",
action = "store",
type = "string",
dest = "host",
default = "localhost",
help = "Host to connect to. [default: %default]",
)
parser.add_option(
"-p",
"--port",
action = "store",
type = "int",
dest = "port",
default = 80,
help = "Port to connect on. [default: %default]",
)
parser.add_option(
"-r",
"--proto",
action = "store",
type = "string",
dest = "proto",
default = "http",
help = "Protocol to connect on. Can be http or https. [default: %default]",
)
parser.add_option(
"-z",
"--zabixserver",
action = "store",
type = "string",
dest = "zabbixserver",
default = None,
help = "Zabbix Server to send metrics to. [default: Disabled]",
)
parser.add_option(
"-u",
"--user",
action = "store",
type = "string",
dest = "user",
default = None,
help = "HTTP authentication user to use when connection. [default: None]",
)
parser.add_option(
"-a",
"--passwd",
action = "store",
type = "string",
dest = "passwd",
default = None,
help = "HTTP authentication password to use when connecting. [default: None]",
)
parser.add_option(
"-s",
"--sender",
action = "store",
type = "string",
dest = "senderloc",
default = "/usr/bin/zabbix_sender",
help = "Location to the zabbix_sender executable. [default: %default]",
)
parser.add_option(
"-q",
"--zabbixport",
action = "store",
type = "int",
dest = "zabbixport",
default = 10051,
help = "Zabbix port to connect to. [default: %default]",
)
parser.add_option(
"-c",
"--zabbixsource",
action = "store",
type = "string",
dest = "zabbixsource",
default = socket.gethostname(),
help = "Zabbix host to use when sending values. [default: %default]",
)
(opts, args) = parser.parse_args()
if opts.url and (opts.port != 80 or opts.proto != "http"):
parser.error("Can't specify -u with -p or -r")
if not opts.url:
opts.url = "%s://%s:%s/server-status?auto" % (opts.proto, opts.host, opts.port)
data = fetchURL(opts.url, user = opts.user, passwd = opts.passwd)
try:
if opts.zabbixserver is not None:
(tempfiled, tempfilepath) = mkstemp()
tempfile = open(tempfilepath, 'wb')
except:
parser.error("Error creating temporary file")
try:
data = parse(data = data)
except csv.Error:
parser.error("Error parsing returned data")
try:
for key, val in data.items():
if opts.zabbixserver is not None:
tempfile.write("%s apache[%s] %s\n" % (opts.zabbixsource, key, val))
else:
print "%s apache[%s] %s"%(opts.zabbixsource, key, val)
if opts.zabbixserver is not None:
tempfile.close()
except IndexError:
parser.error("No data")
except "bogus":
parser.error("Error creating the file to send")
try:
if opts.zabbixserver is not None:
sendValues(filepath = tempfilepath, zabbixserver = opts.zabbixserver, zabbixport = opts.zabbixport, senderloc = opts.senderloc)
except ErrorSendingValues:
parser.error("An error occurred while sending values to the Zabbix server")
finally:
if opts.zabbixserver is not None:
try:
tempfile.close()
except:
pass
os.remove(tempfilepath)

12
files/default/traps/httpd.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
procs=$(/etc/init.d/httpd status >/dev/null 2>&1)
ret=$?
if [[ $ret -eq 0 ]]
then
echo "- apache.status 1"
else
echo "- apache.status 0"
fi

12
files/default/traps/idp.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
curl -ks https://localhost/idp/status | grep "idp_version" >/dev/null 2>&1
ret=$?
if [[ "$ret" -ne 0 ]]
then
echo "- shibboleth.idp.status 0"
else
echo "- shibboleth.idp.status 1"
fi

73
files/default/traps/mongo26.sh Executable file
View file

@ -0,0 +1,73 @@
#! /bin/bash
configPath="$(dirname $(readlink -f $0))"
if [[ -r "${configPath}/mongo26.config" ]]
then
source "${configPath}/mongo26.config"
else
exit 0
fi
# A single mandatory parameter: the Zabbix Server host
# Send just the first 7 values
fields=(insert query update delete getmore command flushes mapped vsize res faults locked_db idx_miss_% "qr|qw" "ar|aw" netIn netOut conn time)
#sendIDX=(0 1 2 3 4 5 7 12 13 14 15 16 17 19 20)
sendIDX=(0 1 2 3 4 5 6 10 12 13 14 17)
#IFS=$' \t\n|'
set -o pipefail
declare -A mongostat
eval $(mongostat --username ${mongoUser} --password ${mongoPass} --ssl -n 1 6 2>&1 | (
OLDIFS=$IFS
IFS=$' \t\n'
read test1;
read test2;
#echo "test1=$test1"
#echo "test2=$test2"
if [[ "$test2" != "insert query update delete getmore command flushes mapped vsize res faults locked db idx miss % qr|qw ar|aw netIn netOut conn time" ]]
then
exit 2
fi
read -a values;
curField=0
for i in ${sendIDX[@]}
do
if [[ "${fields[i]}" = "command" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[command]=${subvalues[0]}"
elif [[ "${fields[i]}" = "qr|qw" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[qr]=${subvalues[0]}"
echo "mongostat[qw]=${subvalues[1]}"
elif [[ "${fields[i]}" = "ar|aw" ]]
then
IFS='|' read -a subvalues <<< "${values[i]}"
echo "mongostat[ar]=${subvalues[0]}"
echo "mongostat[aw]=${subvalues[1]}"
else
if [[ $curField -lt 4 ]]
then
echo "mongostat[${fields[i]}]=${values[i]//\*}"
else
echo "mongostat[${fields[i]}]=${values[i]}"
fi
fi
let curField++
done
IFS=$OLDIFS
))
ret=$?
if [[ $ret -ne 0 ]]
then
echo "- mongostat[status] 0"
else
for v in "${!mongostat[@]}"
do
echo "- mongostat[$v] ${mongostat[$v]}"
done
echo "- mongostat[status] 1"
fi

22
files/default/traps/openldap.sh Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
search=$(ldapsearch -x -H ldapi:/// -b '' -s base '(objectClass=*)' namingConexts | grep -wc "Success")
if [[ $search -gt 0 ]]
then
echo "- ldap.search 1"
else
echo "- ldap.search 0"
fi
#port=$(zabbix_agent -t net.tcp.port[,636] | cut -d'|' -f2 | cut -d']' -f1)
#echo "- ldap.port $port"
port=$(ss -lnp 2>&1 | grep ':636' | wc -l)
if [[ $port -gt 0 ]]
then
echo "- ldap.port 1"
else
echo "- ldap.port 0"
fi

View file

@ -0,0 +1,12 @@
#!/bin/bash
/etc/init.d/slapd status >/dev/null 2>&1
status=$?
if [[ $status -ne 0 ]]
then
echo "- ldap.status 0"
else
echo "- ldap.status 1"
fi

109
files/default/traps/runtrap Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

109
files/default/traps/runtrap.debug Executable file
View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

View file

@ -0,0 +1,109 @@
#!/bin/bash
state=${1:-live}
if [[ "$state" == *report* ]]; then
report=1
state="${state#*-}"
fi
agentconf=${2:-/etc/zabbix/zabbix_agentd.conf}
lockfile="/tmp/zabbix.trap.${state}.lock"
tempfile=$(mktemp /tmp/zabbix.trap.${state}.tmp.XXXXXXXXXX)
trap 'rm -f "$tempfile"' EXIT
trapdir="$(dirname $(readlink -f $0))/${state}"
errors=0
debug=false
post=false
if [[ "$0" == *".debug" ]]; then
debug=true
elif [[ "$0" == *".debugpost" ]]; then
debug=true
post=true
fi
if [[ ! -d "$trapdir" ]]; then
echo "ERROR: Trap directory doesn't exist: $trapdir "
exit 5
fi
if [[ -r "${lockfile}" ]]; then
if [[ $(pgrep -f $(readlink -f $0) | wc -l) -gt 0 ]]; then
runs=$(head -n1 ${lockfile})
if [[ $runs -ge 3 ]]; then
for s in ${trapdir}/*
do
echo "Kill: $s "
pkill -9 -f $s
done
rm -f ${lockfile}
rm -f /tmp/zabbix.trap.${state}.*
pkill -9 -f $(readlink -f $0)
else
echo "$[ ++runs ]" > ${lockfile}
exit 0
fi
fi
fi
echo 1 > ${lockfile}
for s in ${trapdir}/*
do
$s $state >> ${tempfile} 2> /dev/null
if [ $? -ne 0 ]; then
errors=1
if [[ $report -eq 1 ]]; then
echo "WARN: ${s}"
fi
else
if [[ $report -eq 1 ]]; then
echo "OK: ${s}"
fi
fi
done
#cat ${tempfile}
#rm -f ${tempfile}
#echo
#echo "Errors: $errors"
#exit 0
if $debug; then
cat ${tempfile}
if $post; then
zabbix_sender -c ${agentconf} -i ${tempfile} -vv
ret=$?
if [[ $ret -ne 0 ]]; then
echo "ERROR: $ret"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "0"
else
if [[ $errors -gt 0 ]]; then
echo "WARN: $errors"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "1"
else
echo "OK"
zabbix_sender -c ${agentconf} -vv -k "agent.traps" -o "2"
fi
fi
else
echo "- agent.traps 1"
fi
else
zsend=$(zabbix_sender -c ${agentconf} -i ${tempfile})
if [ $? -ne 0 ]; then
echo "ERROR"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "0" > /dev/null 2>&1
else
if [[ $errors -gt 0 ]]; then
echo "WARN"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "1" > /dev/null 2>&1
else
echo "OK"
zabbix_sender -c ${agentconf} -k "agent.traps" -o "2" > /dev/null 2>&1
fi
fi
fi
rm -f ${tempfile}
rm -f ${lockfile}

View file

@ -0,0 +1,17 @@
#/usr/bin/python
import sys
import urllib
import simplejson
f = urllib.urlopen("http://127.0.0.1:28017/_status" )
data=simplejson.loads(f.read())
condition=data[sys.argv[1]][sys.argv[2]]
if len(sys.argv) == 5:
print condition [sys.argv[3]] [sys.argv[4]]
elif len(sys.argv) == 4:
print condition [sys.argv[3]]
else:
print condition

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,14 @@
#!/bin/bash
search=$(ldapsearch -x -H ldapi:/// -b '' -s base '(objectClass=*)' namingConexts | grep -wc "Success")
if [[ $search -gt 0 ]]
then
echo "- ldap.search 1"
else
echo "- ldap.search 0"
fi
port=$(zabbix_agent -t net.tcp.port[,636] | cut -d'|' -f2 | cut -d']' -f1)
echo "- ldap.port $port"

17
files/default/traps/sp.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
status=$(curl -ks https://localhost/Shibboleth.sso/Status)
statusErr=$?
if [[ $statusErr -eq 0 ]]
then
if grep -q '<Status><OK/></Status>' <<< "$status"
then
echo "- shibboleth.sp.status 1"
else
echo "- shibboleth.sp.status 0"
fi
else
echo "- shibboleth.sp.status 0"
fi

12
files/default/traps/tomcat.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
/etc/init.d/tomcat6 status >/dev/null 2>&1
ret=$?
if [[ $ret -eq 0 ]]
then
echo "- tomcat.status 1"
else
echo "- tomcat.status 0"
fi

84
local-vagrantfile.rb Normal file
View file

@ -0,0 +1,84 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = '2'
Vagrant.require_version '>= 1.5.0'
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
config.vm.hostname = 'integrationtesting'
# Set the version of chef to install using the vagrant-omnibus plugin
# NOTE: You will need to install the vagrant-omnibus plugin:
#
# $ vagrant plugin install vagrant-omnibus
#
if Vagrant.has_plugin?("vagrant-omnibus")
config.omnibus.chef_version = 'latest'
end
# Every Vagrant virtual environment requires a box to build off of.
# If this value is a shorthand to a box in Vagrant Cloud then
# config.vm.box_url doesn't need to be specified.
config.vm.box = 'bento/centos-6.7'
# Assign this VM to a host-only network IP, allowing you to access it
# via the IP. Host-only networks can talk to the host machine as well as
# any other machines on the same network, but cannot be accessed (through this
# network interface) by any external networks.
config.vm.network :private_network, type: 'dhcp'
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider :virtualbox do |vb|
# # Don't boot with headless mode
# vb.gui = true
#
# # Use VBoxManage to customize the VM. For example to change memory:
# vb.customize ["modifyvm", :id, "--memory", "1024"]
# end
#
# View the documentation for the provider you're using for more
# information on available options.
# The path to the Berksfile to use with Vagrant Berkshelf
# config.berkshelf.berksfile_path = "./Berksfile"
config.vm.define "app1" do |v|
v.vm.provider "virtualbox" do |p|
p.memory = 2048
p.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
end
# Enabling the Berkshelf plugin. To enable this globally, add this configuration
# option to your ~/.vagrant.d/Vagrantfile file
#config.berkshelf.enabled = true
# An array of symbols representing groups of cookbook described in the Vagrantfile
# to exclusively install and copy to Vagrant's shelf.
# config.berkshelf.only = []
# An array of symbols representing groups of cookbook described in the Vagrantfile
# to skip installing and copying to Vagrant's shelf.
# config.berkshelf.except = []
end
end

16
metadata.rb Normal file
View file

@ -0,0 +1,16 @@
name 'zabbix'
maintainer 'Eric Renfro'
maintainer_email 'psi-jack@linux-help.org'
license 'Apache 2.0'
description 'Installs Zabbix Server & Client agents for EL linux distributions'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '1.4.0'
source_url 'https://git.linux-help.org/Linux-Help/zabbix' if respond_to?(:source_url)
issues_url 'https://git.linux-help.org/Linux-Help/zabbix/issues' if respond_to?(:issues_url)
%w(amazon centos redhat oracle scientific).each do |os|
supports os
end
recipe 'zabbix', 'Installs zabbix'

118
recipes/agent.rb Normal file
View file

@ -0,0 +1,118 @@
#
# Cookbook Name:: zabbix
# Recipe:: agent
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'zabbix::trap_scripts'
# Install zabbix package and dependencies
%w{zabbix-agent zabbix-sender cronie crontabs}.each do |pkg|
yum_package pkg
end
# Install custom zabbix_agentd.conf
template "/etc/zabbix/zabbix_agentd.conf" do
source "zabbix_agentd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[zabbix-agent]", :delayed
end
# Define the zabbix service, set to start on boot
service "zabbix-agent" do
supports :restart => true, :status => true, :reload => false
action [:enable, :start]
end
# Install custom trap scripts.
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
directory path do
owner 'root'
group 'root'
mode '0755'
end
end
remote_directory "/etc/zabbix/trap.d" do
files_backup 0
files_owner 'root'
files_group 'zabbix'
files_mode '0750'
owner 'root'
group 'root'
source 'traps'
action :create
end
if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb')
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:users => credentials['mongo']['users'][node.chef_environment]
})
end
else
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
# Link live agents to node
node['zabbix']['trap_scripts']['live']['add'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
end
end
# Link daily agents to node
node['zabbix']['trap_scripts']['daily']['add'].each do |script|
link "/etc/zabbix/trap.d/daily/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
end
end
# Delete live agents to node
node['zabbix']['trap_scripts']['live']['del'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
action :delete
end
end
# Delete daily agents to node
node['zabbix']['trap_scripts']['daily']['del'].each do |script|
link "/etc/zabbix/trap.d/daily/#{script}" do
to "/etc/zabbix/trap.d/#{script}"
action :delete
end
end
# Setup trapper crons according to agents setup as appropriate:
cron "zabbix_live" do
minute '*'
hour '*'
user "root"
command %Q{/etc/zabbix/trap.d/runtrap live >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['live']['add'].any? }
end
cron "zabbix_daily" do
minute '*'
hour '0'
user "root"
command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['daily']['add'].any? }
end

97
recipes/database.rb Normal file
View file

@ -0,0 +1,97 @@
#
# Cookbook Name:: zabbix
# Recipe:: database
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
yum_package 'postgresql94-server'
directory '/tmp/database' do
owner 'root'
group 'root'
mode '0755'
action :create
only_if { Dir.glob('/var/lib/pgsql/9.4/data/*').empty? }
end
template "/tmp/database/schema.sql" do
source "schema.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
template "/tmp/database/images.sql" do
source "images.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
template "/tmp/database/data.sql" do
source "data.sql.erb"
mode "0644"
owner "root"
group "root"
action :create
only_if { Dir.exist?('/tmp/database') }
end
execute 'initializingdb' do
command 'service postgresql-9.4 initdb'
action :run
only_if { Dir.glob('/var/lib/pgsql/9.4/data/*').empty? }
end
template "/var/lib/pgsql/9.4/data/pg_hba.conf" do
source "pg_hba.conf.erb"
mode "0600"
owner "postgres"
group "postgres"
notifies :restart, "service[postgresql-9.4]", :immediately
end
service 'postgresql-9.4' do
action [:start, :enable]
end
bash 'configure_postgres' do
user 'root'
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
code <<-EOH
su postgres -l -c "psql -U postgres -c \\"CREATE DATABASE zabbix WITH ENCODING='UTF-8';\\""
su postgres -l -c "psql -U postgres -c \\"CREATE USER zabbixmaster WITH PASSWORD '#{credentials['zabbix']['postgres_password']}';\\""
su postgres -l -c "psql -U postgres -c \\"GRANT ALL PRIVILEGES ON DATABASE zabbix to zabbixmaster;\\""
EOH
only_if { Dir.exist?('/tmp/database') }
end
bash 'configure_schema' do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
sensitive true
environment ({
"PGPASSWORD" => credentials['zabbix']['postgres_password']
})
code <<-EOH
cd /tmp/database/
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/schema.sql;
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/images.sql;
psql -h 127.0.0.1 -U zabbixmaster -d zabbix -f /tmp/database/data.sql;
EOH
only_if { Dir.exist?('/tmp/database') }
end
directory "cleanup" do
path "/tmp/database"
recursive true
action :delete
end

13
recipes/default.rb Normal file
View file

@ -0,0 +1,13 @@
#
# Cookbook Name:: zabbix
# Recipe:: default
#
# Copyright 2014, Mobiquity, Inc.
# Authors:
# Eric Renfro <erenfro@mobiquityinc.com>
#
# All rights reserved - Do Not Redistribute
#
include_recipe 'zabbix::agent'

44
recipes/proxy.rb Normal file
View file

@ -0,0 +1,44 @@
#
# Cookbook Name:: zabbix
# Recipe:: proxy
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
directory "/var/lib/zabbix" do
owner 'zabbix'
group 'zabbix'
mode '0750'
action :create
end
template "/etc/zabbix/zabbix_proxy.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_proxy.conf.erb"
sensitive true
mode "0640"
owner "root"
group "root"
notifies :restart, "service[zabbix-proxy]", :immediately
end
service 'zabbix-proxy' do
supports :restart => true, :start => true
action :enable
end
include_recipe 'zabbix::agent'

109
recipes/server.rb Normal file
View file

@ -0,0 +1,109 @@
#
# Cookbook Name:: zabbix
# Recipe:: server
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
%w{httpd mod_ssl}.each do |pkg|
yum_package pkg do
version '2.2.15-39.el6'
allow_downgrade true
action :install
end
end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
yum_package pkg do
version '5.6.28-1.ius.centos6'
allow_downgrade true
action :install
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/zabbix.conf" do
source "zabbix_httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/security.conf" do
source "security.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/ssl.conf" do
source "ssl.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/zabbix/zabbix_server.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_server.conf.erb"
sensitive true
mode "0640"
owner "root"
group "root"
notifies :restart, "service[zabbix-server]", :immediately
end
template "/etc/zabbix/web/zabbix.conf.php" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
})
source "zabbix_web.conf.erb"
sensitive true
mode "0640"
owner "root"
group "apache"
end
template "/etc/php.ini" do
source "php.ini.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :immediately
end
service 'httpd' do
supports :restart => true, :start => true
action :enable
end
service 'zabbix-server' do
supports :restart => true, :start => true
action :enable
end
include_recipe 'zabbix::agent'

81
recipes/trap_scripts.rb Normal file
View file

@ -0,0 +1,81 @@
#
# Cookbook Name:: zabbix
# Recipe:: trap_scripts
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
node.override['zabbix']['trap_scripts']['live']['add'] = []
node.override['zabbix']['trap_scripts']['live']['del'] = []
node.override['zabbix']['trap_scripts']['daily']['add'] = []
node.override['zabbix']['trap_scripts']['daily']['del'] = []
node.override['zabbix']['agent_meta'] = []
# Utilize node tags to determine which agents to activate:
###########################################################
# Apache Web Server
#
if node['recipes'].include?('httpd') or node.tags.include?('httpd')
node.override['zabbix']['trap_scripts']['live']['add'] += ['httpd.sh', 'ssl_check_apache.sh']
node.override['zabbix']['agent_meta'] += ['HTTPD']
elsif
node.override['zabbix']['trap_scripts']['live']['del'] += ['httpd.sh', 'ssl_check_apache.sh']
end
###########################################################
# OpenLDAP
#
if node['recipes'].include?('ldap') or node.tags.include?('openldap')
node.override['zabbix']['trap_scripts']['live']['add'] += ['openldap2.sh', 'ssl_check_ldap.sh']
node.override['zabbix']['agent_meta'] += ['OpenLDAP']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['openldap2.sh', 'ssl_check_ldap.sh']
end
###########################################################
# MongoDB
#
if node['recipes'].include?('mongodb') or node.tags.include?('mongodb')
node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh']
node.override['zabbix']['agent_meta'] += ['MongoDB']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh']
end
###########################################################
# Shibboleth Service Provider
#
if node['recipes'].include?('shibboleth') or node.tags.include?('shibboleth')
node.override['zabbix']['trap_scripts']['live']['add'] += ['sp.sh', 'idp.sh', 'tomcat.sh']
if not node.override['zabbix']['trap_scripts']['live']['add'].include?('httpd.sh')
node.override['zabbix']['trap_scripts']['live']['add'] += ['httpd.sh']
end
if node.override['zabbix']['trap_scripts']['live']['del'].include?('httpd.sh')
node.override['zabbix']['trap_scripts']['live']['del'].delete('httpd.sh')
end
if node['zabbix']['agent_meta'].include?('HTTPD')
node.override['zabbix']['agent_meta'].delete('HTTPD')
end
node.override['zabbix']['agent_meta'] += ['ShibD']
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['sp.sh', 'idp.sh']
if not node['recipes'].include?('tomcat')
node.override['zabbix']['trap_scripts']['live']['del'] += ['tomcat.sh']
end
end
###########################################################
# Tomcat
#
if (node['recipes'].include?('tomcat') or node.tags.include?('tomcat')) and
not node.override['zabbix']['trap_scripts']['live']['add'].include?('tomcat.sh')
node.override['zabbix']['trap_scripts']['live']['add'] += ['tomcat.sh']
node.override['zabbix']['agent_meta'] += ['Tomcat6']
elsif not node['zabbix']['trap_scripts']['live']['del'].include?('tomcat.sh') and
not node['zabbix']['trap_scripts']['live']['add'].include?('tomcat.sh') and
not node.tags.include?('tomcat')
node.override['zabbix']['trap_scripts']['live']['del'] += ['tomcat.sh']
end

9
spec/spec_helper.rb Normal file
View file

@ -0,0 +1,9 @@
require 'chefspec'
require 'chefspec/berkshelf'
RSpec.configure do |config|
config.platform = 'centos'
config.version = '6.5'
end
ChefSpec::Coverage.start!

View file

@ -0,0 +1,180 @@
#
# Cookbook Name:: zabbix
# Spec:: agent
#
# Copyright (c) 2015 Mobiquity Inc, All Rights Reserved.
require 'spec_helper'
describe 'zabbix::agent' do
context 'When all zabbix tags are enabled, on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test_env'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
node.normal['tags'] = [ 'httpd', 'openldap', 'mongodb', 'shibboleth', 'tomcat' ]
end.converge(described_recipe)
end
before do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'mongo' => {
'users' => {
'unit_test_env' => {
'mmsagent' => {
'username' => 'unit_test_username',
'password' => 'unit_test_password'
}
}
}
}
})
end
let(:zabbix_agent_template) { chef_run.template('/etc/zabbix/zabbix_agentd.conf') }
it 'installs zabbix packages' do
%w{zabbix-agent zabbix-sender}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'installs wget' do
%w{wget crontabs cronie}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
end
end
it 'generates zabbix_agentd.conf file' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_agentd.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'zabbix_agentd.conf.erb'
)
expect(zabbix_agent_template).to notify('service[zabbix-agent]').to(:restart).delayed
end
it 'enables and starts zabbix service' do
expect(chef_run).to enable_service('zabbix-agent')
expect(chef_run).to start_service('zabbix-agent')
end
it 'creates zabbix trap directories' do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
expect(chef_run).to create_directory(path)
.with(
owner: 'root',
group: 'root',
mode: '0755'
)
end
end
it 'populates trap.d directory' do
expect(chef_run).to create_remote_directory('/etc/zabbix/trap.d')
.with(
files_backup: 0,
files_owner: 'root',
files_group: 'zabbix',
files_mode: '0750',
owner: 'root',
group: 'root',
source: 'traps'
)
end
it 'renders mongo trap' do
expect(chef_run).to create_template('/etc/zabbix/trap.d/mongo26.config')
.with(
owner: 'root',
group: 'root',
mode: '0700',
source: 'mongo26.config.erb'
)
expect(chef_run).to render_file('/etc/zabbix/trap.d/mongo26.config')
.with_content('mongoUser="unit_test_username"
mongoPass="unit_test_password"')
end
it 'renders links to trap scripts' do
httplink = chef_run.link('/etc/zabbix/trap.d/live/httpd.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/httpd.sh')
.with(to: '/etc/zabbix/trap.d/httpd.sh')
expect(httplink).to link_to('/etc/zabbix/trap.d/httpd.sh')
openldap2 = chef_run.link('/etc/zabbix/trap.d/live/openldap2.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/openldap2.sh')
.with(to: '/etc/zabbix/trap.d/openldap2.sh')
expect(openldap2).to link_to('/etc/zabbix/trap.d/openldap2.sh')
sp = chef_run.link('/etc/zabbix/trap.d/live/sp.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/sp.sh')
.with(to: '/etc/zabbix/trap.d/sp.sh')
expect(sp).to link_to('/etc/zabbix/trap.d/sp.sh')
idp = chef_run.link('/etc/zabbix/trap.d/live/idp.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/idp.sh')
.with(to: '/etc/zabbix/trap.d/idp.sh')
expect(idp).to link_to('/etc/zabbix/trap.d/idp.sh')
tomcat = chef_run.link('/etc/zabbix/trap.d/live/tomcat.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/tomcat.sh')
.with(to: '/etc/zabbix/trap.d/tomcat.sh')
expect(tomcat).to link_to('/etc/zabbix/trap.d/tomcat.sh')
mongo26 = chef_run.link('/etc/zabbix/trap.d/live/mongo26.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/mongo26.sh')
.with(to: '/etc/zabbix/trap.d/mongo26.sh')
expect(mongo26).to link_to('/etc/zabbix/trap.d/mongo26.sh')
ssl_check_apache = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_apache.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_apache.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_apache.sh')
expect(ssl_check_apache).to link_to('/etc/zabbix/trap.d/ssl_check_apache.sh')
ssl_check_ldap = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_ldap.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_ldap.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_ldap.sh')
expect(ssl_check_ldap).to link_to('/etc/zabbix/trap.d/ssl_check_ldap.sh')
ssl_check_mongo = chef_run.link('/etc/zabbix/trap.d/live/ssl_check_mongo.sh')
expect(chef_run).to create_link('/etc/zabbix/trap.d/live/ssl_check_mongo.sh')
.with(to: '/etc/zabbix/trap.d/ssl_check_mongo.sh')
expect(ssl_check_mongo).to link_to('/etc/zabbix/trap.d/ssl_check_mongo.sh')
end
it 'creates trapper crons' do
expect(chef_run).to create_cron('zabbix_live')
.with(
minute: '*',
hour: '*',
user: 'root',
)
expect(chef_run).to_not create_cron('zabbix_daily')
.with(
minute: '*',
hour: '0',
user: 'root',
)
end
end
end

View file

@ -0,0 +1,114 @@
require 'spec_helper'
describe 'zabbix::database' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
# Stubbing Directory results
allow(Dir).to receive(:exist?).with('/tmp/database').and_return(true)
allow(Dir).to receive(:empty?).with('/var/lib/pgsql/9.4/data/*').and_return(true)
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
end
let(:pg_hba_template) { chef_run.template('/var/lib/pgsql/9.4/data/pg_hba.conf') }
it 'installs a package postgresql94-server' do
expect(chef_run).to install_yum_package('postgresql94-server')
end
it 'creates a directory database' do
expect(chef_run).to create_directory('/tmp/database')
end
it 'creates schema.sql' do
expect(chef_run).to create_template('/tmp/database/schema.sql')
.with(
source: 'schema.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'creates images.sql' do
expect(chef_run).to create_template('/tmp/database/images.sql')
.with(
source: 'images.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'creates data.sql' do
expect(chef_run).to create_template('/tmp/database/data.sql')
.with(
source: 'data.sql.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
end
it 'runs the yum command to initialize postgresql db' do
expect(chef_run).to run_execute('initializingdb')
end
it 'creates pg_hba.conf' do
expect(chef_run).to create_template('/var/lib/pgsql/9.4/data/pg_hba.conf')
.with(
source: 'pg_hba.conf.erb',
mode: '0600',
owner: 'postgres',
group: 'postgres'
)
expect(pg_hba_template).to notify('service[postgresql-9.4]').to(:restart).immediately
end
it 'executes both start and enable actions for postgresql-9.4' do
expect(chef_run).to start_service('postgresql-9.4')
expect(chef_run).to enable_service('postgresql-9.4')
end
it 'runs configures postgres db' do
expect(chef_run).to run_bash('configure_postgres')
end
it 'runs configure postgres schema' do
expect(chef_run).to run_bash('configure_schema')
end
it 'cleans up temporary files' do
expect(chef_run).to delete_directory('cleanup')
end
end
end

View file

@ -0,0 +1,18 @@
#
# Cookbook Name:: zabbix
# Spec:: default
#
# Copyright (c) 2015 The Authors, All Rights Reserved.
require 'spec_helper'
describe 'zabbix::default' do
context 'When all attributes are default, on an unspecified platform' do
let(:chef_run) { ChefSpec::SoloRunner.converge(described_recipe) }
it 'calls zabbix agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

View file

@ -0,0 +1,78 @@
require 'spec_helper'
describe 'zabbix::proxy' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
end
let(:zabbix_proxy_template) { chef_run.template('/etc/zabbix/zabbix_proxy.conf') }
it 'installs the zabbix proxy packages' do
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'creates /var/lib/zabbix directory' do
expect(chef_run).to create_directory('/var/lib/zabbix')
.with(
mode: '0750',
owner: 'zabbix',
group: 'zabbix'
)
end
it 'creates zabbix_proxy.conf' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_proxy.conf')
.with(
source: 'zabbix_proxy.conf.erb',
mode: '0640',
owner: 'root',
group: 'root'
)
expect(zabbix_proxy_template).to notify('service[zabbix-proxy]').to(:restart).immediately
end
it 'enables both start and enable actions for zabbix-proxy' do
expect(chef_run).to enable_service('zabbix-proxy')
end
it 'includes agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

View file

@ -0,0 +1,169 @@
require 'spec_helper'
describe 'zabbix::server' do
context 'When all database environments for zabbix are set on RHEL/CentOS' do
let(:chef_run) do
ChefSpec::SoloRunner.new do |node|
# Create a new environment (you could also use a different :let block or :before block)
env = Chef::Environment.new
env.name 'unit_test'
# Stub the node to return this environment
allow(node).to receive(:chef_environment).and_return(env.name)
# Stub any calls to Environment.load to return this environment
allow(Chef::Environment).to receive(:load).and_return(env)
# Stubbing out fqdn node attribute
node.automatic['fqdn'] = 'unit.testing.stub'
end.converge(described_recipe)
end
before(:each) do
allow(Chef::EncryptedDataBagItem).to receive(:load).with('odhp_credentials', 'credentials').and_return(
{
'zabbix' => {
'users' => {
'unit_test_env' => {
'postgres' => {
'username' => 'postgres_username',
'password' => 'postgres_password'
}
}
}
}
})
allow(Chef::EncryptedDataBagItem).to receive(:load).with('ssl', 'httpd').and_return(
{
'certificate' => 'unit_test_certificate_stub',
'digicert1' => 'unit_test_digicert1_stub',
'digicert2' => 'unit_test_digicert2_stub',
'key' => 'unit_test_key_stub'
})
end
let(:httpd_template_security) { chef_run.template('/etc/httpd/conf.d/security.conf') }
let(:httpd_template_httpd) { chef_run.template('/etc/httpd/conf/httpd.conf') }
let(:httpd_template_ssl) { chef_run.template('/etc/httpd/conf.d/ssl.conf') }
let(:zabbix_httpd_template) { chef_run.template('/etc/httpd/conf.d/zabbix.conf') }
let(:zabbix_server_template) { chef_run.template('/etc/zabbix/zabbix_server.conf') }
let(:php_ini_template) { chef_run.template('/etc/php.ini') }
it 'installs the httpd packages' do
%w{httpd mod_ssl}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '2.2.15-39.el6',
allow_downgrade: true
)
end
end
it 'installs the zabbix server packages' do
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
expect(chef_run).to install_yum_package(pkg)
.with(
version: '3.0.5-1.el6',
allow_downgrade: true
)
end
end
it 'installs the php packages' do
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
expect(chef_run).to install_yum_package(pkg).with(
version: '5.6.28-1.ius.centos6',
allow_downgrade: true
)
end
end
it 'writes apache main configuration file' do
expect(chef_run).to create_template('/etc/httpd/conf/httpd.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'httpd.conf.erb'
)
expect(httpd_template_security).to notify('service[httpd]').to(:restart).delayed
end
it 'creates zabbix.conf in httpd conf.d' do
expect(chef_run).to create_template('/etc/httpd/conf.d/zabbix.conf')
.with(
source: 'zabbix_httpd.conf.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
expect(zabbix_httpd_template).to notify('service[httpd]').to(:restart).delayed
end
it 'writes apache security configuration' do
expect(chef_run).to create_template('/etc/httpd/conf.d/security.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'security.conf.erb'
)
expect(httpd_template_security).to notify('service[httpd]').to(:restart).delayed
end
it 'writes apache ssl configuration' do
expect(chef_run).to create_template('/etc/httpd/conf.d/ssl.conf')
.with(
owner: 'root',
group: 'root',
mode: '0644',
source: 'ssl.conf.erb'
)
expect(httpd_template_ssl).to notify('service[httpd]').to(:restart).delayed
end
it 'creates zabbix_server.conf' do
expect(chef_run).to create_template('/etc/zabbix/zabbix_server.conf')
.with(
source: 'zabbix_server.conf.erb',
mode: '0640',
owner: 'root',
group: 'root'
)
expect(zabbix_server_template).to notify('service[zabbix-server]').to(:restart).immediately
end
it 'creates zabbix.conf.php' do
expect(chef_run).to create_template('/etc/zabbix/web/zabbix.conf.php')
.with(
source: 'zabbix_web.conf.erb',
mode: '0640',
owner: 'root',
group: 'apache'
)
end
it 'creates php.ini' do
expect(chef_run).to create_template('/etc/php.ini')
.with(
source: 'php.ini.erb',
mode: '0644',
owner: 'root',
group: 'root'
)
expect(php_ini_template).to notify('service[httpd]').to(:restart).immediately
end
it 'enables both start and enable actions for httpd' do
expect(chef_run).to enable_service('httpd')
end
it 'enables both start and enable actions for zabbix-server' do
expect(chef_run).to enable_service('zabbix-server')
end
it 'includes agent recipe' do
expect(chef_run).to include_recipe('zabbix::agent')
end
end
end

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,3 @@
mongoUser="<%= @users['mmsagent']['username'] %>"
mongoPass="<%= @users['mmsagent']['password'] %>"

View file

@ -0,0 +1,9 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 10.10.2.0/16 md5
# IPV6 local connections:
host all all ::1/128 md5

View file

@ -0,0 +1,8 @@
*******
max_execution_time = 300
memory_limit = 128M
post_max_size = 16M
upload_max_filesize = 2M
max_input_time = 300
date.timezone = America/New_York
*******

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,78 @@
#########################################################################
# This file is centrally managed by chef.
# Manual changes will be over written
#########################################################################
# TODO: These standard settings should be merged back in with the
# httpd.conf.erb file
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages. It will be made the default for the release after lenny.
#
#<Directory />
# AllowOverride None
# Order Deny,Allow
# Deny from all
#</Directory>
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
#
TraceEnable Off
#
# Always send HSTS Header
#
#
<% unless node['zabbix']['httpd_conf']['https_redirection_enabled'] == false %>
LoadModule headers_module modules/mod_headers.so
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<% end %>
#
# Always redirect incoming HTTP connections to HTTPS
# Enable mod_rewrite
# If connection is not https
# Rewrite the URL to https using the host and URI passed by the browser.
<% unless node['zabbix']['httpd_conf']['https_redirection_enabled'] == false %>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<% end %>
# Address ETag Inode Information Leakage Vulnerability
FileETag MTime Size

View file

@ -0,0 +1,244 @@
#########################################################################
# This file is centrally managed by chef.
# Manual changes will be over written
#########################################################################
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
LogFormat "%h %l - %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D"combined
CustomLog logs/ssl_access_log combined
# TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA AES256-SHA RC4 !aNULL !eNULL !LOW !SEED !CAMELLIA128 !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
<% if node['letsencrypt']['enabled'] == true %>
SSLCertificateFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/cert.pem
<% else %>
SSLCertificateFile /etc/pki/tls/certs/mydomain.crt
<% end %>
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<% if node['letsencrypt']['enabled'] == true %>
SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/privkey.pem
<% else %>
SSLCertificateKeyFile /etc/pki/tls/private/mydomain.key
<% end %>
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
<% if node['letsencrypt']['enabled'] == true %>
SSLCACertificateFile /etc/letsencrypt/live/<%= node['letsencrypt']['domain'] %>/chain.pem
<% else %>
SSLCACertificateFile /etc/pki/tls/certs/DigiCertCA.crt
<% end %>
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

View file

@ -0,0 +1,401 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix agent daemon (Unix)
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agentd.pid
PidFile=/var/run/zabbix/zabbix_agentd.pid
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_agentd.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: EnableRemoteCommands
# Whether remote commands from Zabbix server are allowed.
# 0 - not allowed
# 1 - allowed
#
# Mandatory: no
# Default:
# EnableRemoteCommands=0
EnableRemoteCommands=1
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# LogRemoteCommands=0
LogRemoteCommands=1
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses (or hostnames) of Zabbix servers.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
#
# Mandatory: no
# Default:
# Server=
Server=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050
### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: StartAgents
# Number of pre-forked instances of zabbix_agentd that process passive checks.
# If set to 0, disables passive checks and the agent will not listen on any TCP port.
#
# Mandatory: no
# Range: 0-100
# Default:
# StartAgents=3
##### Active checks related
### Option: ServerActive
# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
#
# Mandatory: no
# Default:
# ServerActive=
ServerActive=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: Hostname
# Unique, case sensitive hostname.
# Required for active checks and must match hostname as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=<%= node['fqdn'] %>
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostMetadata=
HostMetadata=Linux <%= node['zabbix']['agent_meta'].join(' ') %>
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 60-3600
# Default:
# RefreshActiveChecks=120
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=100
### Option: MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# MaxLinesPerSecond=20
############ ADVANCED PARAMETERS #################
### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user 'zabbix':
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:
### Option: Timeout
# Spend no more than Timeout seconds on processing
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: AllowRoot
# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
Include=/etc/zabbix/zabbix_agentd.d/
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
# UnsafeUserParameters=0
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of agent modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at agent startup. Modules are used to extend functionality of the agent.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

View file

@ -0,0 +1,60 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# Zabbix monitoring system php web frontend
#
Alias /zabbix /usr/share/zabbix
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
# php_value date.timezone Europe/Riga
</IfModule>
</Directory>
<Directory "/usr/share/zabbix/conf">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/api">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include/classes">
Order deny,allow
Deny from all
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>

View file

@ -0,0 +1,680 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix proxy daemon
# To get more information about Zabbix, visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ProxyMode
# Proxy operating mode.
# 0 - proxy in the active mode
# 1 - proxy in the passive mode
#
# Mandatory: no
# Default:
# ProxyMode=0
### Option: Server
# IP address (or hostname) of Zabbix server.
# Active proxy will get configuration data from the server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: yes (if ProxyMode is set to 0)
# Default:
# Server=
Server=<%= node['zabbix']['agent_servers'].join(', ') %>
### Option: ServerPort
# Port of Zabbix trapper on Zabbix server.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ServerPort=10051
### Option: Hostname
# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=<%= node['fqdn'] %>
### Option: HostnameItem
# Item used for generating Hostname if it is undefined.
# Ignored if Hostname is defined.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_proxy.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_proxy.pid
PidFile=/var/run/zabbix/zabbix_proxy.pid
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
# DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
# Warning: do not attempt to use the same database Zabbix server is using.
#
# Mandatory: yes
# Default:
# DBName=
DBName=/var/lib/zabbix/zabbix_proxy.db
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Default:
# DBUser=
DBUser=zabbix
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
# DBPassword=
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
# Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Default (for MySQL):
# DBPort=3306
######### PROXY SPECIFIC PARAMETERS #############
### Option: ProxyLocalBuffer
# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
# This parameter may be used if local data will be used by third party applications.
#
# Mandatory: no
# Range: 0-720
# Default:
# ProxyLocalBuffer=0
### Option: ProxyOfflineBuffer
# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
# Older data will be lost.
#
# Mandatory: no
# Range: 1-720
# Default:
# ProxyOfflineBuffer=1
ProxyOfflineBuffer=24
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of Proxy on server side.
# 0 - heartbeat messages disabled.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 0-3600
# Default:
# HeartbeatFrequency=60
### Option: ConfigFrequency
# How often proxy retrieves configuration data from Zabbix Server in seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ConfigFrequency=3600
### Option: DataSenderFrequency
# Proxy will send collected data to the Server every N seconds.
# For a proxy in the passive mode this parameter will be ignored.
#
# Mandatory: no
# Range: 1-3600
# Default:
# DataSenderFrequency=1
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender and active agents.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the proxy.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle.
# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
#
# Mandatory: no
# Range: 0-24
# Default:
# HousekeepingFrequency=1
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size, for storing hosts and items data.
#
# Mandatory: no
# Range: 128K-8G
# Default:
# CacheSize=8M
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers.
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=16M
### Option: HistoryIndexCacheSize
# Size of history index cache, in bytes.
# Shared memory size for indexing history cache.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryIndexCacheSize=4M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
Timeout=4
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
LogSlowQueries=3000
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: AllowRoot
# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_proxy.general.conf
# Include=/usr/local/etc/zabbix_proxy.conf.d/
# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of proxy modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the proxy certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the proxy private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=

View file

@ -0,0 +1,590 @@
# MANAGED BY CHEF, DO NOT MODIFY
#
# This is a configuration file for Zabbix Server process
# To get more information about Zabbix,
# visit http://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: ListenPort
# Listen port for trapper.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10051
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
### Option: LogFile
# Name of log file.
# If not set, syslog is used.
#
# Mandatory: no
# Default:
# LogFile=
LogFile=/var/log/zabbix/zabbix_server.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
#
# Mandatory: no
# Range: 0-4
# Default:
# DebugLevel=3
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_server.pid
PidFile=/var/run/zabbix/zabbix_server.pid
### Option: DBHost
# Database host name.
# If set to localhost, socket is used for MySQL.
# If set to empty string, socket is used for PostgreSQL.
#
# Mandatory: no
# Default:
DBHost=localhost
### Option: DBName
# Database name.
# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
#
# Mandatory: yes
# Default:
# DBName=
DBName=zabbix
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
#
# Mandatory: no
# Default:
# DBSchema=
### Option: DBUser
# Database user. Ignored for SQLite.
#
# Mandatory: no
# Default:
# DBUser=
DBUser=zabbixmaster
### Option: DBPassword
# Database password. Ignored for SQLite.
# Comment this line if no password is used.
#
# Mandatory: no
# Default:
DBPassword=<%= @DBPassword %>
### Option: DBSocket
# Path to MySQL socket.
#
# Mandatory: no
# Default:
# DBSocket=/tmp/mysql.sock
DBSocket=/var/lib/mysql/mysql.sock
### Option: DBPort
# Database port when not using local socket. Ignored for SQLite.
#
# Mandatory: no
# Range: 1024-65535
# Default (for MySQL):
# DBPort=3306
############ ADVANCED PARAMETERS ################
### Option: StartPollers
# Number of pre-forked instances of pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollers=5
### Option: StartIPMIPollers
# Number of pre-forked instances of IPMI pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartIPMIPollers=0
### Option: StartPollersUnreachable
# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
# are started.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPollersUnreachable=1
### Option: StartTrappers
# Number of pre-forked instances of trappers.
# Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
# At least one trapper process must be running to display server availability and view queue
# in the frontend.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartTrappers=5
### Option: StartPingers
# Number of pre-forked instances of ICMP pingers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartPingers=1
### Option: StartDiscoverers
# Number of pre-forked instances of discoverers.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartDiscoverers=1
### Option: StartHTTPPollers
# Number of pre-forked instances of HTTP pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartHTTPPollers=1
### Option: StartTimers
# Number of pre-forked instances of timers.
# Timers process time-based trigger functions and maintenance periods.
# Only the first timer process handles the maintenance periods.
#
# Mandatory: no
# Range: 1-1000
# Default:
# StartTimers=1
### Option: JavaGateway
# IP address (or hostname) of Zabbix Java gateway.
# Only required if Java pollers are started.
#
# Mandatory: no
# Default:
# JavaGateway=
### Option: JavaGatewayPort
# Port that Zabbix Java gateway listens on.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# JavaGatewayPort=10052
### Option: StartJavaPollers
# Number of pre-forked instances of Java pollers.
#
# Mandatory: no
# Range: 0-1000
# Default:
# StartJavaPollers=0
### Option: StartVMwareCollectors
# Number of pre-forked vmware collector instances.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartVMwareCollectors=0
### Option: VMwareFrequency
# How often Zabbix will connect to VMware service to obtain a new data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwareFrequency=60
### Option: VMwarePerfFrequency
# How often Zabbix will connect to VMware service to obtain performance data.
#
# Mandatory: no
# Range: 10-86400
# Default:
# VMwarePerfFrequency=60
### Option: VMwareCacheSize
# Size of VMware cache, in bytes.
# Shared memory size for storing VMware data.
# Only used if VMware collectors are started.
#
# Mandatory: no
# Range: 256K-2G
# Default:
# VMwareCacheSize=8M
### Option: VMwareTimeout
# Specifies how many seconds vmware collector waits for response from VMware service.
#
# Mandatory: no
# Range: 1-300
# Default:
# VMwareTimeout=10
### Option: SNMPTrapperFile
# Temporary file used for passing data from SNMP trap daemon to the server.
# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
#
# Mandatory: no
# Default:
# SNMPTrapperFile=/tmp/zabbix_traps.tmp
SNMPTrapperFile=/var/log/snmptt/snmptt.log
### Option: StartSNMPTrapper
# If 1, SNMP trapper process is started.
#
# Mandatory: no
# Range: 0-1
# Default:
# StartSNMPTrapper=0
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Trapper will listen on all network interfaces if this parameter is missing.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
# ListenIP=127.0.0.1
### Option: HousekeepingFrequency
# How often Zabbix will perform housekeeping procedure (in hours).
# Housekeeping is removing outdated information from the database.
# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
# hours of outdated information are deleted in one housekeeping cycle, for each item.
# To lower load on server startup housekeeping is postponed for 30 minutes after server start.
#
# Mandatory: no
# Range: 1-24
# Default:
# HousekeepingFrequency=1
### Option: MaxHousekeeperDelete
# The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
# [housekeeperid], [tablename], [field], [value].
# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
# will be deleted per one task in one housekeeping cycle.
# SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
# If set to 0 then no limit is used at all. In this case you must know what you are doing!
#
# Mandatory: no
# Range: 0-1000000
# Default:
# MaxHousekeeperDelete=500
### Option: SenderFrequency
# How often Zabbix will try to send unsent alerts (in seconds).
#
# Mandatory: no
# Range: 5-3600
# Default:
# SenderFrequency=30
### Option: CacheSize
# Size of configuration cache, in bytes.
# Shared memory size for storing host, item and trigger data.
#
# Mandatory: no
# Range: 128K-8G
# Default:
# CacheSize=8M
### Option: CacheUpdateFrequency
# How often Zabbix will perform update of configuration cache, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# CacheUpdateFrequency=60
### Option: StartDBSyncers
# Number of pre-forked instances of DB Syncers
#
# Mandatory: no
# Range: 1-100
# Default:
# StartDBSyncers=4
### Option: HistoryCacheSize
# Size of history cache, in bytes.
# Shared memory size for storing history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryCacheSize=8M
### Option: TrendCacheSize
# Size of trend cache, in bytes.
# Shared memory size for storing trends data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# TrendCacheSize=4M
### Option: HistoryTextCacheSize
# Size of text history cache, in bytes.
# Shared memory size for storing character, text or log history data.
#
# Mandatory: no
# Range: 128K-2G
# Default:
# HistoryTextCacheSize=16M
### Option: ValueCacheSize
# Size of history value cache, in bytes.
# Shared memory size for caching item history data requests.
# Setting to 0 disables value cache.
#
# Mandatory: no
# Range: 0,128K-64G
# Default:
# ValueCacheSize=8M
### Option: Timeout
# Specifies how long we wait for agent, SNMP device or external check (in seconds).
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option: TrapperTimeout
# Specifies how many seconds trapper may spend processing new data.
#
# Mandatory: no
# Range: 1-300
# Default:
# TrapperTimeout=300
### Option: UnreachablePeriod
# After how many seconds of unreachability treat a host as unavailable.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachablePeriod=45
### Option: UnavailableDelay
# How often host is checked for availability during the unavailability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnavailableDelay=60
### Option: UnreachableDelay
# How often host is checked for availability during the unreachability period, in seconds.
#
# Mandatory: no
# Range: 1-3600
# Default:
# UnreachableDelay=15
### Option: AlertScriptsPath
# Full path to location of custom alert scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# AlertScriptsPath=${datadir}/zabbix/alertscripts
AlertScriptsPath=/usr/lib/zabbix/alertscripts
### Option: ExternalScripts
# Full path to location of external scripts.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# ExternalScripts=${datadir}/zabbix/externalscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
### Option: FpingLocation
# Location of fping.
# Make sure that fping binary has root ownership and SUID flag set.
#
# Mandatory: no
# Default:
# FpingLocation=/usr/sbin/fping
### Option: Fping6Location
# Location of fping6.
# Make sure that fping6 binary has root ownership and SUID flag set.
# Make empty if your fping utility is capable to process IPv6 addresses.
#
# Mandatory: no
# Default:
# Fping6Location=/usr/sbin/fping6
### Option: SSHKeyLocation
# Location of public and private keys for SSH checks and actions.
#
# Mandatory: no
# Default:
# SSHKeyLocation=
### Option: LogSlowQueries
# How long a database query may take before being logged (in milliseconds).
# Only works if DebugLevel set to 3 or 4.
# 0 - don't log slow queries.
#
# Mandatory: no
# Range: 1-3600000
# Default:
# LogSlowQueries=0
### Option: TmpDir
# Temporary directory.
#
# Mandatory: no
# Default:
# TmpDir=/tmp
### Option: StartProxyPollers
# Number of pre-forked instances of pollers for passive proxies.
#
# Mandatory: no
# Range: 0-250
# Default:
# StartProxyPollers=1
### Option: ProxyConfigFrequency
# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
# This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600*24*7
# Default:
# ProxyConfigFrequency=3600
### Option: ProxyDataFrequency
# How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
# This parameter is used only for proxies in the passive mode.
#
# Mandatory: no
# Range: 1-3600
# Default:
# ProxyDataFrequency=1
### Option: AllowRoot
# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
# will try to switch to the user specified by the User configuration option instead.
# Has no effect if started under a regular user.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Default:
# AllowRoot=0
### Option: User
# Drop privileges to a specific, existing user on the system.
# Only has effect if run as 'root' and AllowRoot is disabled.
#
# Mandatory: no
# Default:
# User=zabbix
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
# Include=/usr/local/etc/zabbix_server.general.conf
# Include=/usr/local/etc/zabbix_server.conf.d/
# Include=/usr/local/etc/zabbix_server.conf.d/*.conf
### Option: SSLCertLocation
# Location of SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCertLocation=${datadir}/zabbix/ssl/certs
### Option: SSLKeyLocation
# Location of private keys for SSL client certificates.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLKeyLocation=${datadir}/zabbix/ssl/keys
### Option: SSLCALocation
# Override the location of certificate authority (CA) files for SSL server certificate verification.
# If not set, system-wide directory will be used.
# This parameter is used only in web monitoring.
#
# Mandatory: no
# Default:
# SSLCALocation=
####### LOADABLE MODULES #######
### Option: LoadModulePath
# Full path to location of server modules.
# Default depends on compilation options.
#
# Mandatory: no
# Default:
# LoadModulePath=${libdir}/modules
### Option: LoadModule
# Module to load at server startup. Modules are used to extend functionality of the server.
# Format: LoadModule=<module.so>
# The modules must be located in directory specified by LoadModulePath.
# It is allowed to include multiple LoadModule parameters.
#
# Mandatory: no
# Default:
# LoadModule=

View file

@ -0,0 +1,20 @@
<?php
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost';
$DB['PORT'] = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbixmaster';
$DB['PASSWORD'] = '<%= @DBPassword %>';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
$ZBX_SERVER = 'localhost';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

View file

@ -0,0 +1,15 @@
{
"name": "integration_test_env",
"description": "placeholder for integration testing",
"cookbook_versions": {
},
"json_class": "Chef::Environment",
"chef_type": "environment",
"default_attributes": {
},
"override_attributes": {
}
}

View file

@ -0,0 +1,109 @@
require 'spec_helper'
describe 'zabbix::default' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '9d26e61c0f10f3667ee69046a6b253b1af9cb4c73f2d95c432a7359cdeb9c79d' }
end
end
describe "Zabbix Scripts:" do
describe port(10050) do
it { should be_listening.with('tcp') }
end
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
end
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-agent') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

View file

@ -0,0 +1,3 @@
require 'serverspec'
set :backend, :exec

View file

@ -0,0 +1,106 @@
require 'spec_helper'
describe 'zabbix::default' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '86c94ce6b411573b836d43388044749fb6e2cbe4ddcf9d4492ea9088622a4bcc' }
end
end
describe "Zabbix Scripts:" do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
end
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-proxy') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

View file

@ -0,0 +1,53 @@
require 'spec_helper'
describe 'zabbix::proxy' do
describe "Installed Packages:" do
%w{zabbix-proxy-sqlite3 zabbix-agent zabbix-get}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_proxy.conf') do
it { should be_file }
it { should be_mode 640 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq 'fd1620dfc6f13eeb8ef4d7bdace3dc16bababdf0a46db787d579bdd9ae0c7577' }
end
describe file('/var/lib/zabbix') do
it { should exist }
it { should be_directory }
it { should be_mode 750 }
it { should be_owned_by 'zabbix' }
it { should be_grouped_into 'zabbix' }
end
describe file('/var/lib/zabbix/zabbix_proxy.db') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'zabbix' }
it { should be_grouped_into 'zabbix' }
end
end
describe "Services:" do
describe service('zabbix-proxy') do
it { should be_enabled }
it { should be_running }
end
describe process('zabbix_proxy') do
its(:user) { should eq "zabbix" }
end
describe port(10051) do
it { should be_listening.with('tcp') }
end
end
end

View file

@ -0,0 +1,104 @@
require 'spec_helper'
describe 'zabbix::agent' do
# Serverspec examples can be found at
# http://serverspec.org/resource_types.html
describe "Installed Packages:" do
%w{zabbix-agent zabbix-sender wget}.each do |pkg|
describe package(pkg) do
it { should be_installed }
end
end
end
describe "Configuration Files:" do
describe file('/etc/zabbix/zabbix_agentd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '86c94ce6b411573b836d43388044749fb6e2cbe4ddcf9d4492ea9088622a4bcc' }
end
end
describe "Zabbix Agent Scripts:" do
%w[ /etc/zabbix/trap.d /etc/zabbix/trap.d/live /etc/zabbix/trap.d/daily ].each do |path|
describe file(path) do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_mode 755 }
end
end
describe file('/etc/zabbix/trap.d/mongo26.config') do
it { should be_file }
it { should be_mode 700 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '4feb7eb028cbac16ef4bcd9fc435cc100ed84f64142a410a79ca52f1a8c73526' }
end
describe file('/etc/zabbix/trap.d/live/httpd.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/httpd.sh' }
its(:sha256sum) { should eq 'f49e60bb9e85674eef968333e78c76e5c47ad9e850e3718297f8de060c556543' }
end
describe file('/etc/zabbix/trap.d/live/idp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/idp.sh' }
its(:sha256sum) { should eq '091d86d3472307360556f3ce42656ee51a2530ad07e0038e2002d09a5d9545a1' }
describe file('/etc/zabbix/trap.d/live/mongo26.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/mongo26.sh' }
its(:sha256sum) { should eq '8a1fcebd0699395b9a1f43ba73c5f71eb1de5c9a181f0d8e450eebf337974d6f' }
end
describe file('/etc/zabbix/trap.d/live/openldap2.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/openldap2.sh' }
its(:sha256sum) { should eq '8aa432ea0f0db9153183210e832d3b2c744cfd2893dbc370c240b6edf2583871' }
end
describe file('/etc/zabbix/trap.d/live/sp.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/sp.sh' }
its(:sha256sum) { should eq '04b7fcc0d1e520b9029e5b5fb4a68b13e79160afb3782875f23fd0b33e0db1e3' }
end
describe file('/etc/zabbix/trap.d/live/tomcat.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/tomcat.sh' }
its(:sha256sum) { should eq '0a5d29eaab50af586c1546003458423afd0056ba43bb894e305ed5c40eabd57d' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_apache.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_apache.sh' }
its(:sha256sum) { should eq 'c416956452b40ed0de02f0b83279f13030c79c562b55f6fe373fcb24ab3f3d5b' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_ldap.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_ldap.sh' }
its(:sha256sum) { should eq 'ed2a8e7da1bc4f7d53c52e90ad3e7b7c1a418dc223ec99d4d1381988f2f02f9f' }
end
describe file('/etc/zabbix/trap.d/live/ssl_check_mongo.sh') do
it { should be_symlink }
it { should be_linked_to '/etc/zabbix/trap.d/ssl_check_mongo.sh' }
its(:sha256sum) { should eq '5d71e7243efcaf7068887b33a35fcf499c5aeae5a770e822059b4fe9a5f61517' }
end
end
describe "Services:" do
describe cron do
it { should have_entry '* * * * * /etc/zabbix/trap.d/runtrap live >/dev/null 2>&1' }
end
describe service('zabbix-agent') do
it { should be_enabled }
it { should be_running }
end
describe port(10050) do
it { should be_listening.with('tcp') }
end
end
end

View file

@ -0,0 +1,33 @@
require 'spec_helper'
describe 'zabbix::database' do
describe "Installed Packages:" do
describe package('postgresql94-server') do
it { should be_installed }
end
end
describe "Configuration Files:" do
describe file('/var/lib/pgsql/9.4/data/pg_hba.conf') do
it { should be_file }
it { should be_mode 600 }
it { should be_owned_by 'postgres' }
it { should be_grouped_into 'postgres' }
end
end
describe "Services:" do
describe service('postgresql-9.4') do
it { should be_enabled }
it { should be_running }
end
describe process('postmaster') do
its(:user) { should eq 'postgres' }
end
describe port(5432) do
it { should be_listening.on('127.0.0.1').with('tcp') }
end
end
end

View file

@ -0,0 +1,90 @@
require 'spec_helper'
describe 'zabbix::server' do
describe "Installed Packages:" do
%w{httpd mod_ssl}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('2.2.15-39.el6') }
end
end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('5.6.28-1.ius.centos6') }
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get zabbix-agent}.each do |pkg|
describe package(pkg) do
it { should be_installed.with_version('3.0.5-1.el6') }
end
end
end
describe "Configuration Files:" do
describe file('/etc/httpd/conf/httpd.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/httpd/conf.d/security.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/httpd/conf.d/ssl.conf') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/zabbix/zabbix_server.conf') do
it { should be_file }
it { should be_mode 640 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '1bd8289af12ada9489b67ac04e1f1dc0ed6736bbebab61153ce85dcbe72b8289' }
end
describe file('/etc/php.ini') do
it { should be_file }
it { should be_mode 644 }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:sha256sum) { should eq '9b34f15b5bb38627130ced110062f1d9f60aece21de65475ac7b660a9ddbfc71' }
end
end
describe "Services:" do
describe service('httpd') do
it { should be_enabled }
it { should be_running }
end
describe service('zabbix-server') do
it { should be_enabled }
it { should be_running }
end
describe process('zabbix_server') do
its(:user) { should eq "zabbix" }
end
describe port(80) do
it { should be_listening.with('tcp') }
end
#describe port(443) do
# it { should be_listening.with('tcp') }
#end
describe port(10051) do
it { should be_listening.with('tcp') }
end
end
end