From 9364c8df4c121210521f0ea511a5d4bfe7a9afb7 Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Sun, 12 Feb 2017 15:42:59 -0500 Subject: [PATCH] Split httpd and php into sub-modules, started adding support for nginx --- .kitchen.yml | 5 +- Berksfile | 6 +- attributes/default.rb | 3 + metadata.rb | 5 + recipes/agent.rb | 12 +- recipes/database_postgresql.rb | 16 +- recipes/proxy.rb | 20 +- recipes/server.rb | 289 +++++++++++++----- recipes/server_apache.rb | 36 +++ recipes/server_nginx.rb | 24 ++ recipes/server_php.rb | 82 +++++ templates/apache/zabbix-fpm.conf.erb | 77 +++++ templates/apache/zabbix-mod.conf.erb | 81 +++++ templates/fpm/zabbix.conf.erb | 26 ++ templates/nginx/zabbix-fpm.conf.erb | 52 ++++ templates/zabbix/3.0/maintenance.inc.php.erb | 29 ++ .../3.0/zabbix.conf.php.erb} | 7 +- .../3.0}/zabbix_agentd.conf.erb | 0 .../3.0}/zabbix_proxy.conf.erb | 0 .../3.0}/zabbix_server.conf.erb | 4 +- test/fixtures/data_bags/secrets/zabbix.json | 5 +- 21 files changed, 689 insertions(+), 90 deletions(-) create mode 100644 recipes/server_apache.rb create mode 100644 recipes/server_nginx.rb create mode 100644 recipes/server_php.rb create mode 100644 templates/apache/zabbix-fpm.conf.erb create mode 100644 templates/apache/zabbix-mod.conf.erb create mode 100644 templates/fpm/zabbix.conf.erb create mode 100644 templates/nginx/zabbix-fpm.conf.erb create mode 100644 templates/zabbix/3.0/maintenance.inc.php.erb rename templates/{default/zabbix_web.conf.erb => zabbix/3.0/zabbix.conf.php.erb} (78%) rename templates/{default => zabbix/3.0}/zabbix_agentd.conf.erb (100%) rename templates/{default => zabbix/3.0}/zabbix_proxy.conf.erb (100%) rename templates/{default => zabbix/3.0}/zabbix_server.conf.erb (99%) diff --git a/.kitchen.yml b/.kitchen.yml index d909d3f..134f397 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,8 +23,9 @@ platforms: suites: - name: server driver: - forward: - - 8087:80 + networks: + - netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8087-:80 + device: virtio-net-pci,netdev=user run_list: - recipe[zabbix::database] - recipe[zabbix::server] diff --git a/Berksfile b/Berksfile index d169a24..73b32eb 100644 --- a/Berksfile +++ b/Berksfile @@ -3,8 +3,12 @@ source "https://supermarket.chef.io" metadata cookbook "chef-vault", '>= 2.1.1' +cookbook "apache2", '>= 3.2.2' +cookbook "chef_nginx", '>= 5.0.7' +#cookbook "httpd", '>= 0.4.4' +cookbook "php", '>= 2.2.0' cookbook "postgresql", '>= 6.0.1' +cookbook "yum-ius", '>= 2.1.0' cookbook "yum-zabbix", path: "../yum-zabbix" #cookbook "apt-zabbix", path: "../apt-zabbix" #cookbook "mysql", '>= 8.2.0' - diff --git a/attributes/default.rb b/attributes/default.rb index 74a1eff..6c29830 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,5 +1,8 @@ default['zabbix']['database']['backend'] = 'postgresql' default['zabbix']['database']['repo']['pgdg'] = false +default['zabbix']['webserver']['backend'] = 'apache' +default['zabbix']['php']['use_fpm'] = true +default['zabbix']['php']['timezone'] = 'America/New_York' default['zabbix']['version'] = "3.0" default['zabbix']['agent_meta'] = [] diff --git a/metadata.rb b/metadata.rb index 70fc7e1..0292297 100644 --- a/metadata.rb +++ b/metadata.rb @@ -15,7 +15,12 @@ end recipe 'zabbix', 'Installs zabbix' depends 'chef-vault', '>= 2.1.1' +depends 'apache2', '>= 3.2.2' +depends 'chef_nginx', '>= 5.0.7' +#depends 'httpd', '>= 0.4.4' +depends 'php', '>= 2.2.0' depends 'postgresql', '>= 6.0.1' +depends 'yum-ius', '>= 2.1.0' depends 'yum-zabbix', '>= 1.0.1' #depends 'apt-zabbix' #depends 'mysql', '>= 8.2.0' diff --git a/recipes/agent.rb b/recipes/agent.rb index c34621e..ee0d1e5 100644 --- a/recipes/agent.rb +++ b/recipes/agent.rb @@ -16,7 +16,16 @@ end # Install custom zabbix_agentd.conf template "/etc/zabbix/zabbix_agentd.conf" do - source "zabbix_agentd.conf.erb" + source %W{ + zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_agentd.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_agentd.conf.erb + zabbix/#{node['zabbix']['version']}/zabbix_agentd.conf.erb + zabbix/zabbix_agentd.conf.erb + default/zabbix_agentd.conf.erb + zabbix_agentd.conf.erb + } mode "0644" owner "root" group "root" @@ -115,4 +124,3 @@ cron "zabbix_daily" do command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1} only_if { node['zabbix']['trap_scripts']['daily']['add'].any? } end - diff --git a/recipes/database_postgresql.rb b/recipes/database_postgresql.rb index af3d598..936578c 100644 --- a/recipes/database_postgresql.rb +++ b/recipes/database_postgresql.rb @@ -35,6 +35,7 @@ directory '/tmp/database' do end cookbook_file '/tmp/database/schema.sql' do + sensitive true source %W{ host-#{node['fqdn']}/schema.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/schema.sql @@ -45,6 +46,7 @@ cookbook_file '/tmp/database/schema.sql' do end cookbook_file '/tmp/database/images.sql' do + sensitive true source %W{ host-#{node['fqdn']}/images.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/images.sql @@ -55,6 +57,7 @@ cookbook_file '/tmp/database/images.sql' do end cookbook_file '/tmp/database/data.sql' do + sensitive true source %W{ host-#{node['fqdn']}/data.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/data.sql @@ -66,12 +69,11 @@ end bash 'create_zabbix_db_user' do user 'postgres' - sensitive true + #sensitive true credentials = chef_vault_item("secrets", "zabbix") code <<-EOH - psql -c "CREATE DATABASE zabbix WITH ENCODING='UTF-8';" - psql -c "CREATE USER zabbix WITH PASSWORD '#{credentials['postgres']}';" - psql -c "GRANT ALL PRIVILEGES ON DATABASE zabbix TO zabbix;" + psql -c "CREATE USER \"#{credentials['username']}\" WITH PASSWORD '#{credentials['password']}';" + psql -c "CREATE DATABASE \"#{credentials['database']}\" WITH OWNER \"#{credentials['username']}\" ENCODING 'UTF-8';" EOH action :nothing subscribes :run, 'directory[/tmp/database]', :immediately @@ -79,7 +81,11 @@ end bash 'initialize_zabbix_db' do sensitive true - user 'postgres' + credentials = chef_vault_item("secrets", "zabbix") + environment({ + "PGUSER" => credentials['username'], + "PGPASSWORD" => credentials['password'] + }) code <<-EOH psql -d zabbix -f /tmp/database/schema.sql psql -d zabbix -f /tmp/database/images.sql diff --git a/recipes/proxy.rb b/recipes/proxy.rb index cf23907..3613868 100644 --- a/recipes/proxy.rb +++ b/recipes/proxy.rb @@ -7,6 +7,8 @@ # Eric Renfro # +include_recipe 'chef-vault' + %w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg| yum_package pkg do version '3.0.5-1.el6' @@ -23,11 +25,22 @@ directory "/var/lib/zabbix" do end template "/etc/zabbix/zabbix_proxy.conf" do - credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") + credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBPassword => credentials['zabbix']['postgres_password'] + :DBUsername => credentials['username'], + :DBPassword => credentials['password'], + :DBDatabase => credentials['database'] }) - source "zabbix_proxy.conf.erb" + source %W{ + zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_proxy.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_proxy.conf.erb + zabbix/#{node['zabbix']['version']}/zabbix_proxy.conf.erb + zabbix/zabbix_proxy.conf.erb + default/zabbix_proxy.conf.erb + zabbix_proxy.conf.erb + } sensitive true mode "0640" owner "root" @@ -41,4 +54,3 @@ service 'zabbix-proxy' do end include_recipe 'zabbix::agent' - diff --git a/recipes/server.rb b/recipes/server.rb index d409c1d..7e91317 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -7,103 +7,254 @@ # Eric Renfro # -%w{httpd mod_ssl}.each do |pkg| - yum_package pkg do - version '2.2.15-39.el6' - allow_downgrade true - action :install - end +include_recipe 'chef-vault' +include_recipe "#{cookbook_name}::database" +include_recipe 'apache2' + +################################# +# Include Additional Repositories +case node['platform_family'] +when 'rhel' + include_recipe 'yum-ius' + include_recipe 'yum-zabbix' end -%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg| - yum_package pkg do - version '5.6.28-1.ius.centos6' - allow_downgrade true - action :install - end +############################# +# Setup and Install Webserver +case node['zabbix']['webserver']['backend'] +when 'apache' + include_recipe "#{cookbook_name}::server_apache" +when 'nginx' + include_recipe "#{cookbook_name}::server_nginx" +else + Chef::Application.fatal!('Webserver backend can either be apache or nginx', 121) end -%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg| - yum_package pkg do - version '3.0.5-1.el6' - allow_downgrade true - action :install - end +include_recipe "#{cookbook_name}::server_php" + +########################## +# Setup and Install Apache +# apache_module 'proxy' +# apache_module 'proxy_fcgi' +# +# web_app "zabbix" do +# server_name node['fqdn'] +# server_aliases ["zabbix.#{node['domain']}"] +# template %W{ +# apache/#{node['platform']}/#{node['platform_version'].to_i}/zabbix.conf.erb +# apache/#{node['platform']}/zabbix.conf.erb +# apache/#{node['platform_family']}/#{node['platform_version'].to_i}/zabbix.conf.erb +# apache/#{node['platform_family']}/zabbix.conf.erb +# apache/default/zabbix.conf.erb +# apache/zabbix.conf.erb +# } +# docroot "/usr/share/zabbix" +# directory_index ["index.php"] +# directory_options [ "FollowSymLinks" ] +# allow_override [ "None" ] +# end + +####################### +# Install and Setup PHP +# case node['platform_family'] +# when 'rhel' +# # Remove distro-provided versions if installed +# %w(php php-cli php-pear php-devel php-common).each do |pkg| +# package pkg do +# action :remove +# end +# end +# +# # Setup PHP to use yum-ius packages +# node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache) +# node.default['php']['fpm_package'] = 'php56u-fpm' +# node.default['php']['fpm_user'] = 'php-fpm' +# node.default['php']['fpm_group'] = 'php-fpm' +# node.default['php']['gd']['package'] = 'php56u-gd' +# node.default['php']['apcu']['package'] = 'php56u-pecl-apcu' +# node.default['php']['ldap']['package'] = 'php56u-ldap' +# +# case node['zabbix']['database']['backend'] +# when 'postgresql' +# node.default['php']['packages'] += ['php56u-pgsql'] +# node.default['php']['postgresql']['package'] = 'php56u-pgsql' +# when 'mysql', 'mariadb', 'percona' +# node.default['php']['packages'] += ['php56u-mysqlnd'] +# node.default['php']['mysql']['package'] = 'php56u-mysqlnd' +# end +# end +# +# # Set PHP timezone +# node.default['php']['directives'] = { +# 'date.timezone' => node['zabbix']['php']['timezone'] +# } +# include_recipe 'php' + +####################### +# Install Zabbix Server +case node['zabbix']['database']['backend'] +when 'postgresql' + %w(zabbix-server-pgsql zabbix-web-pgsql zabbix-get).each do |pkg| + package pkg + end +when 'mysql', 'mariadb', 'percona' + %w(zabbix-server-mysql zabbix-web-mysql zabbix-get).each do |pkg| + package pkg + end end -template "/etc/httpd/conf/httpd.conf" do - source "httpd.conf.erb" - mode "0644" - owner "root" - group "root" - notifies :restart, "service[httpd]", :delayed -end - -template "/etc/httpd/conf.d/zabbix.conf" do - source "zabbix_httpd.conf.erb" - mode "0644" - owner "root" - group "root" - notifies :restart, "service[httpd]", :delayed -end - -template "/etc/httpd/conf.d/security.conf" do - source "security.conf.erb" - mode "0644" - owner "root" - group "root" - notifies :restart, "service[httpd]", :delayed -end - -template "/etc/httpd/conf.d/ssl.conf" do - source "ssl.conf.erb" - mode "0644" - owner "root" - group "root" - notifies :restart, "service[httpd]", :delayed -end +############################# +# Install PHP-FPM Zabbix pool +# php_fpm_pool 'zabbix' do +# listen '127.0.0.1:9001' +# user 'php-fpm' +# group 'php-fpm' +# chdir '/usr/share/zabbix' +# max_children 50 +# start_servers 5 +# min_spare_servers 5 +# max_spare_servers 35 +# additional_config({ +# 'pm.process_idle_timeout' => '10s', +# 'pm.max_requests' => '500', +# 'ping.path' => '/ping', +# 'ping.response' => 'pong', +# 'php_flag[display_errors]' => 'off', +# 'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log', +# 'php_admin_flag[log_errors]' => 'on', +# 'php_admin_value[memory_limit]' => '128M', +# 'php_value[session.save_handler]' => 'files', +# 'php_value[session.save_path]' => '/var/lib/php-fpm/session', +# 'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache', +# 'php_value[max_execution_time]' => '300', +# 'php_value[post_max_size]' => '16M', +# 'php_value[upload_max_filesize]' => '2M', +# 'php_value[max_input_time]' => '300', +# 'php_value[always_populate_raw_post_data]' => '-1' +# }) +# action :install +# only_if { node['zabbix']['php']['use_fpm'] } +# end +######################### +# Configure Zabbix Server template "/etc/zabbix/zabbix_server.conf" do - credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") + credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBPassword => credentials['zabbix']['postgres_password'] + :DBUsername => credentials['username'], + :DBPassword => credentials['password'], + :DBDatabase => credentials['database'] }) - source "zabbix_server.conf.erb" + source %W{ + zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_server.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_server.conf.erb + zabbix/#{node['zabbix']['version']}/zabbix_server.conf.erb + zabbix/zabbix_server.conf.erb + default/zabbix_server.conf.erb + zabbix_server.conf.erb + } sensitive true - mode "0640" + mode "0640" owner "root" group "root" notifies :restart, "service[zabbix-server]", :immediately end +directory "/etc/zabbix/web" do + mode "0750" + owner "root" + #group "php-fpm" + group case node['zabbix']['php']['use_fpm'] + when true + node['php']['fpm_group'] + else + case node['zabbix']['webserver']['backend'] + when 'apache' + node['apache']['group'] + when 'nginx' + node['nginx']['group'] + end + end +end + template "/etc/zabbix/web/zabbix.conf.php" do - credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") + credentials = chef_vault_item("secrets", "zabbix") variables({ - :DBPassword => credentials['zabbix']['postgres_password'] + :DBUsername => credentials['username'], + :DBPassword => credentials['password'], + :DBDatabase => credentials['database'] }) - source "zabbix_web.conf.erb" + source %W{ + zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix.conf.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix.conf.php.erb + zabbix/#{node['zabbix']['version']}/zabbix.conf.php.erb + zabbix/zabbix.conf.php.erb + default/zabbix.conf.php.erb + zabbix.conf.php.erb + } sensitive true - mode "0640" + mode "0640" owner "root" - group "apache" + #group "php-fpm" + group case node['zabbix']['php']['use_fpm'] + when true + node['php']['fpm_group'] + else + case node['zabbix']['webserver']['backend'] + when 'apache' + node['apache']['group'] + when 'nginx' + node['nginx']['group'] + end + end end -template "/etc/php.ini" do - source "php.ini.erb" - mode "0644" +template "/etc/zabbix/web/maintenance.inc.php" do + source %W{ + zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform']}/maintenance.inc.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb + zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/maintenance.inc.php.erb + zabbix/#{node['zabbix']['version']}/maintenance.inc.php.erb + zabbix/maintenance.inc.php.erb + default/maintenance.inc.php.erb + maintenance.inc.php.erb + } + sensitive true + mode "0640" owner "root" - group "root" - notifies :restart, "service[httpd]", :immediately -end - -service 'httpd' do - supports :restart => true, :start => true - action :enable + #group "php-fpm" + group case node['zabbix']['php']['use_fpm'] + when true + node['php']['fpm_group'] + else + case node['zabbix']['webserver']['backend'] + when 'apache' + node['apache']['group'] + when 'nginx' + node['nginx']['group'] + end + end end +################# +# Manage Services service 'zabbix-server' do supports :restart => true, :start => true - action :enable + action [:enable, :start] + subscribes :restart, "template[/etc/zabbix/zabbix_server.conf]", :delayed end +service 'php-fpm' do + action [:enable, :start] + subscribes :reload, "php_fpm_pool[default]", :delayed + only_if { node['zabbix']['php']['use_fpm'] } +end + +###################### +# Include Zabbix Agent include_recipe 'zabbix::agent' diff --git a/recipes/server_apache.rb b/recipes/server_apache.rb new file mode 100644 index 0000000..d2943ee --- /dev/null +++ b/recipes/server_apache.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: zabbix +# Recipe:: server_apache +# +# Copyright 2017, Linux-Help.org +# Authors: +# Eric Renfro +# + +include_recipe 'apache2' + +########################## +# Setup and Install Apache +%w(proxy proxy_fcgi).each do |mod| + apache_module mod do + only_if { node['zabbix']['php']['use_fpm'] } + end +end + +web_app "zabbix" do + tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-mod" + server_name node['fqdn'] + server_aliases ["zabbix.#{node['domain']}"] + template %W{ + apache/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb + apache/#{node['platform']}/#{tname}.conf.erb + apache/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb + apache/#{node['platform_family']}/#{tname}.conf.erb + apache/default/#{tname}.conf.erb + apache/#{tname}.conf.erb + } + docroot "/usr/share/zabbix" + directory_index ["index.php"] + directory_options [ "FollowSymLinks" ] + allow_override [ "None" ] +end diff --git a/recipes/server_nginx.rb b/recipes/server_nginx.rb new file mode 100644 index 0000000..05cf774 --- /dev/null +++ b/recipes/server_nginx.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: zabbix +# Recipe:: server_nginx +# +# Copyright 2017, Linux-Help.org +# Authors: +# Eric Renfro +# + +######################### +# Setup and Install nginx +include_recipe 'chef_nginx' + +nginx_site "zabbix" do + tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-fcgi" + template %W{ + nginx/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb + nginx/#{node['platform']}/#{tname}.conf.erb + nginx/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb + nginx/#{node['platform_family']}/#{tname}.conf.erb + nginx/default/#{tname}.conf.erb + nginx/#{tname}.conf.erb + } +end diff --git a/recipes/server_php.rb b/recipes/server_php.rb new file mode 100644 index 0000000..388b1b9 --- /dev/null +++ b/recipes/server_php.rb @@ -0,0 +1,82 @@ +# +# Cookbook Name:: zabbix +# Recipe:: server_php +# +# Copyright 2017, Linux-Help.org +# Authors: +# Eric Renfro +# + +####################### +# Install and Setup PHP +case node['platform_family'] +when 'rhel' + # Remove distro-provided versions if installed + %w(php php-cli php-pear php-devel php-common).each do |pkg| + package pkg do + action :remove + end + end + + # Setup PHP to use yum-ius packages + node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache) + node.default['php']['fpm_package'] = 'php56u-fpm' + node.default['php']['fpm_user'] = 'php-fpm' + node.default['php']['fpm_group'] = 'php-fpm' + node.default['php']['gd']['package'] = 'php56u-gd' + node.default['php']['apcu']['package'] = 'php56u-pecl-apcu' + node.default['php']['ldap']['package'] = 'php56u-ldap' + + if node['zabbix']['php']['use_fpm'] != true + if node['zabbix']['webserver']['backend'] == 'apache' + node.default['php']['packages'] += ['php56u'] + end + end + case node['zabbix']['database']['backend'] + when 'postgresql' + node.default['php']['packages'] += ['php56u-pgsql'] + node.default['php']['postgresql']['package'] = 'php56u-pgsql' + when 'mysql', 'mariadb', 'percona' + node.default['php']['packages'] += ['php56u-mysqlnd'] + node.default['php']['mysql']['package'] = 'php56u-mysqlnd' + end +end + +# Set PHP timezone +node.default['php']['directives'] = { + 'date.timezone' => node['zabbix']['php']['timezone'] +} +include_recipe 'php' + +############################# +# Install PHP-FPM Zabbix pool +php_fpm_pool 'zabbix' do + listen '127.0.0.1:9001' + user 'php-fpm' + group 'php-fpm' + chdir '/usr/share/zabbix' + max_children 50 + start_servers 5 + min_spare_servers 5 + max_spare_servers 35 + additional_config({ + 'pm.process_idle_timeout' => '10s', + 'pm.max_requests' => '500', + 'ping.path' => '/ping', + 'ping.response' => 'pong', + 'php_flag[display_errors]' => 'off', + 'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log', + 'php_admin_flag[log_errors]' => 'on', + 'php_admin_value[memory_limit]' => '128M', + 'php_value[session.save_handler]' => 'files', + 'php_value[session.save_path]' => '/var/lib/php-fpm/session', + 'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache', + 'php_value[max_execution_time]' => '300', + 'php_value[post_max_size]' => '16M', + 'php_value[upload_max_filesize]' => '2M', + 'php_value[max_input_time]' => '300', + 'php_value[always_populate_raw_post_data]' => '-1' + }) + action :install + only_if { node['zabbix']['php']['use_fpm'] } +end diff --git a/templates/apache/zabbix-fpm.conf.erb b/templates/apache/zabbix-fpm.conf.erb new file mode 100644 index 0000000..5fdbd30 --- /dev/null +++ b/templates/apache/zabbix-fpm.conf.erb @@ -0,0 +1,77 @@ +<% if node['apache']['version'] != '2.4' -%> +NameVirtualHost *:<%= @params[:server_port] %> +<% end -%> +> + ServerName <%= @params[:server_name] %> + <% if @params[:server_aliases] -%> + ServerAlias <%= @params[:server_aliases].join " " %> + <% end -%> + DocumentRoot <%= @params[:docroot] %> + + # The following lines prevent .user.ini files from being viewed by Web clients. + + Require all denied + + + # Allow php to handle Multiviews. + AddType text/html .php + + # Enable http authorization headers. + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9001/usr/share/zabbix/$1 + + > + Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %> + AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %> + <% if node['apache']['version'] == '2.4' -%> + Require all granted + <% else -%> + Order allow,deny + Allow from all + <% end -%> + + + /conf> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /app> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /include> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /local> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log + CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined + + <% if @params[:directory_index] -%> + DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %> + <% end -%> + diff --git a/templates/apache/zabbix-mod.conf.erb b/templates/apache/zabbix-mod.conf.erb new file mode 100644 index 0000000..6d2771a --- /dev/null +++ b/templates/apache/zabbix-mod.conf.erb @@ -0,0 +1,81 @@ +<% if node['apache']['version'] != '2.4' -%> +NameVirtualHost *:<%= @params[:server_port] %> +<% end -%> +> + ServerName <%= @params[:server_name] %> + <% if @params[:server_aliases] -%> + ServerAlias <%= @params[:server_aliases].join " " %> + <% end -%> + DocumentRoot <%= @params[:docroot] %> + + # The following lines prevent .user.ini files from being viewed by Web clients. + + Require all denied + + + # Allow php to handle Multiviews. + AddType text/html .php + + + php_value max_execution_time 300 + php_value memory_limit 128M + php_value post_max_size 16M + php_value upload_max_filesize 2M + php_value max_input_time 300 + php_value always_populate_raw_post_data -1 + + + > + Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %> + AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %> + <% if node['apache']['version'] == '2.4' -%> + Require all granted + <% else -%> + Order allow,deny + Allow from all + <% end -%> + + + /conf> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /app> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /include> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + /local> + <% if node['apache']['version'] == '2.4' -%> + Require all denied + <% else -%> + Order deny,allow + Deny from all + <% end -%> + + + ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log + CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined + + <% if @params[:directory_index] -%> + DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %> + <% end -%> + diff --git a/templates/fpm/zabbix.conf.erb b/templates/fpm/zabbix.conf.erb new file mode 100644 index 0000000..bec5401 --- /dev/null +++ b/templates/fpm/zabbix.conf.erb @@ -0,0 +1,26 @@ +[zabbix] +user = php-fpm +group = php-fpm +listen = 127.0.0.1:9001 +listen.allowed_clients = 127.0.0.1 +pm = dynamic +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 35 +pm.process_idle_timeout = 10s; +pm.max_requests = 500 +ping.path = /ping +ping.response = pong +php_flag[display_errors] = off +php_admin_value[error_log] = /var/log/php-fpm/www-error.log +php_admin_flag[log_errors] = on +php_admin_value[memory_limit] = 128M +php_value[session.save_handler] = files +php_value[session.save_path] = /var/lib/php-fpm/session +php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache +php_value[max_execution_time] = 300 +php_value[post_max_size] = 16M +php_value[upload_max_filesize] = 2M +php_value[max_input_time] = 300 +php_value[always_populate_raw_post_data] = -1 diff --git a/templates/nginx/zabbix-fpm.conf.erb b/templates/nginx/zabbix-fpm.conf.erb new file mode 100644 index 0000000..1501c5c --- /dev/null +++ b/templates/nginx/zabbix-fpm.conf.erb @@ -0,0 +1,52 @@ +upstream php-handler { +<% if node['zabbix']['php']['use_fpm'] %> + server 127.0.0.1:9001; +<% else %> + server unix:/var/run/php5-fpm.sock; +<% end %> +} + +#server { +# server_name zabbix.example.com; +# return 301 https://zabbix.example.com$request_uri; +#} + +server { + listen 80; + server_name zabbix.example.com; + access_log /var/log/nginx/zabbix.log; + error_log /var/log/nginx/zabbix.error; + #ssl on; + #ssl_certificate /etc/ssl/certs/zabbix.crt; + #ssl_certificate_key /etc/ssl/private/zabbix.key; + root /var/www/zabbix/; + index index.php index.html; + client_max_body_size 5m; + client_body_buffer_size 128k; + + location ~ \.php$ { + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + #fastcgi_pass unix:/var/run/zabbix.socket; + fastcgi_pass php-handler; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + } + + location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + + location ~ /\.ht { + deny all; + } + + location ~ /\. { + deny all; + } +} diff --git a/templates/zabbix/3.0/maintenance.inc.php.erb b/templates/zabbix/3.0/maintenance.inc.php.erb new file mode 100644 index 0000000..8ef81e4 --- /dev/null +++ b/templates/zabbix/3.0/maintenance.inc.php.erb @@ -0,0 +1,29 @@ +'; +$DB['USER'] = '<%= @DBUsername %>'; $DB['PASSWORD'] = '<%= @DBPassword %>'; // Schema name. Used for IBM DB2 and PostgreSQL. @@ -17,4 +19,3 @@ $ZBX_SERVER_PORT = '10051'; $ZBX_SERVER_NAME = 'Zabbix'; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; - diff --git a/templates/default/zabbix_agentd.conf.erb b/templates/zabbix/3.0/zabbix_agentd.conf.erb similarity index 100% rename from templates/default/zabbix_agentd.conf.erb rename to templates/zabbix/3.0/zabbix_agentd.conf.erb diff --git a/templates/default/zabbix_proxy.conf.erb b/templates/zabbix/3.0/zabbix_proxy.conf.erb similarity index 100% rename from templates/default/zabbix_proxy.conf.erb rename to templates/zabbix/3.0/zabbix_proxy.conf.erb diff --git a/templates/default/zabbix_server.conf.erb b/templates/zabbix/3.0/zabbix_server.conf.erb similarity index 99% rename from templates/default/zabbix_server.conf.erb rename to templates/zabbix/3.0/zabbix_server.conf.erb index f1b943e..7d15fe7 100644 --- a/templates/default/zabbix_server.conf.erb +++ b/templates/zabbix/3.0/zabbix_server.conf.erb @@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid # Default: # DBName= -DBName=zabbix +DBName=<%= @DBDatabase %> ### Option: DBSchema # Schema name. Used for IBM DB2 and PostgreSQL. @@ -97,7 +97,7 @@ DBName=zabbix # Default: # DBUser= -DBUser=zabbixmaster +DBUser=<%= @DBUsername %> ### Option: DBPassword # Database password. Ignored for SQLite. diff --git a/test/fixtures/data_bags/secrets/zabbix.json b/test/fixtures/data_bags/secrets/zabbix.json index 5a2d346..629523e 100644 --- a/test/fixtures/data_bags/secrets/zabbix.json +++ b/test/fixtures/data_bags/secrets/zabbix.json @@ -1,5 +1,6 @@ { "id": "zabbix", - "postgres": "password", - "server": "password" + "username": "zabbix", + "password": "password", + "database": "zabbix" }