Split httpd and php into sub-modules, started adding support for nginx

This commit is contained in:
Eric Renfro 2017-02-12 15:42:59 -05:00
parent 2b54793017
commit 9364c8df4c
No known key found for this signature in database
GPG key ID: 9A949323CBE78F97
21 changed files with 689 additions and 90 deletions

View file

@ -23,8 +23,9 @@ platforms:
suites:
- name: server
driver:
forward:
- 8087:80
networks:
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8087-:80
device: virtio-net-pci,netdev=user
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]

View file

@ -3,8 +3,12 @@ source "https://supermarket.chef.io"
metadata
cookbook "chef-vault", '>= 2.1.1'
cookbook "apache2", '>= 3.2.2'
cookbook "chef_nginx", '>= 5.0.7'
#cookbook "httpd", '>= 0.4.4'
cookbook "php", '>= 2.2.0'
cookbook "postgresql", '>= 6.0.1'
cookbook "yum-ius", '>= 2.1.0'
cookbook "yum-zabbix", path: "../yum-zabbix"
#cookbook "apt-zabbix", path: "../apt-zabbix"
#cookbook "mysql", '>= 8.2.0'

View file

@ -1,5 +1,8 @@
default['zabbix']['database']['backend'] = 'postgresql'
default['zabbix']['database']['repo']['pgdg'] = false
default['zabbix']['webserver']['backend'] = 'apache'
default['zabbix']['php']['use_fpm'] = true
default['zabbix']['php']['timezone'] = 'America/New_York'
default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = []

View file

@ -15,7 +15,12 @@ end
recipe 'zabbix', 'Installs zabbix'
depends 'chef-vault', '>= 2.1.1'
depends 'apache2', '>= 3.2.2'
depends 'chef_nginx', '>= 5.0.7'
#depends 'httpd', '>= 0.4.4'
depends 'php', '>= 2.2.0'
depends 'postgresql', '>= 6.0.1'
depends 'yum-ius', '>= 2.1.0'
depends 'yum-zabbix', '>= 1.0.1'
#depends 'apt-zabbix'
#depends 'mysql', '>= 8.2.0'

View file

@ -16,7 +16,16 @@ end
# Install custom zabbix_agentd.conf
template "/etc/zabbix/zabbix_agentd.conf" do
source "zabbix_agentd.conf.erb"
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_agentd.conf.erb
zabbix/zabbix_agentd.conf.erb
default/zabbix_agentd.conf.erb
zabbix_agentd.conf.erb
}
mode "0644"
owner "root"
group "root"
@ -115,4 +124,3 @@ cron "zabbix_daily" do
command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['daily']['add'].any? }
end

View file

@ -35,6 +35,7 @@ directory '/tmp/database' do
end
cookbook_file '/tmp/database/schema.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/schema.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/schema.sql
@ -45,6 +46,7 @@ cookbook_file '/tmp/database/schema.sql' do
end
cookbook_file '/tmp/database/images.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/images.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/images.sql
@ -55,6 +57,7 @@ cookbook_file '/tmp/database/images.sql' do
end
cookbook_file '/tmp/database/data.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/data.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/data.sql
@ -66,12 +69,11 @@ end
bash 'create_zabbix_db_user' do
user 'postgres'
sensitive true
#sensitive true
credentials = chef_vault_item("secrets", "zabbix")
code <<-EOH
psql -c "CREATE DATABASE zabbix WITH ENCODING='UTF-8';"
psql -c "CREATE USER zabbix WITH PASSWORD '#{credentials['postgres']}';"
psql -c "GRANT ALL PRIVILEGES ON DATABASE zabbix TO zabbix;"
psql -c "CREATE USER \"#{credentials['username']}\" WITH PASSWORD '#{credentials['password']}';"
psql -c "CREATE DATABASE \"#{credentials['database']}\" WITH OWNER \"#{credentials['username']}\" ENCODING 'UTF-8';"
EOH
action :nothing
subscribes :run, 'directory[/tmp/database]', :immediately
@ -79,7 +81,11 @@ end
bash 'initialize_zabbix_db' do
sensitive true
user 'postgres'
credentials = chef_vault_item("secrets", "zabbix")
environment({
"PGUSER" => credentials['username'],
"PGPASSWORD" => credentials['password']
})
code <<-EOH
psql -d zabbix -f /tmp/database/schema.sql
psql -d zabbix -f /tmp/database/images.sql

View file

@ -7,6 +7,8 @@
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'chef-vault'
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
@ -23,11 +25,22 @@ directory "/var/lib/zabbix" do
end
template "/etc/zabbix/zabbix_proxy.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
credentials = chef_vault_item("secrets", "zabbix")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
:DBUsername => credentials['username'],
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
})
source "zabbix_proxy.conf.erb"
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_proxy.conf.erb
zabbix/zabbix_proxy.conf.erb
default/zabbix_proxy.conf.erb
zabbix_proxy.conf.erb
}
sensitive true
mode "0640"
owner "root"
@ -41,4 +54,3 @@ service 'zabbix-proxy' do
end
include_recipe 'zabbix::agent'

View file

@ -7,68 +7,154 @@
# Eric Renfro <psi-jack@linux-help.org>
#
%w{httpd mod_ssl}.each do |pkg|
yum_package pkg do
version '2.2.15-39.el6'
allow_downgrade true
action :install
include_recipe 'chef-vault'
include_recipe "#{cookbook_name}::database"
include_recipe 'apache2'
#################################
# Include Additional Repositories
case node['platform_family']
when 'rhel'
include_recipe 'yum-ius'
include_recipe 'yum-zabbix'
end
#############################
# Setup and Install Webserver
case node['zabbix']['webserver']['backend']
when 'apache'
include_recipe "#{cookbook_name}::server_apache"
when 'nginx'
include_recipe "#{cookbook_name}::server_nginx"
else
Chef::Application.fatal!('Webserver backend can either be apache or nginx', 121)
end
include_recipe "#{cookbook_name}::server_php"
##########################
# Setup and Install Apache
# apache_module 'proxy'
# apache_module 'proxy_fcgi'
#
# web_app "zabbix" do
# server_name node['fqdn']
# server_aliases ["zabbix.#{node['domain']}"]
# template %W{
# apache/#{node['platform']}/#{node['platform_version'].to_i}/zabbix.conf.erb
# apache/#{node['platform']}/zabbix.conf.erb
# apache/#{node['platform_family']}/#{node['platform_version'].to_i}/zabbix.conf.erb
# apache/#{node['platform_family']}/zabbix.conf.erb
# apache/default/zabbix.conf.erb
# apache/zabbix.conf.erb
# }
# docroot "/usr/share/zabbix"
# directory_index ["index.php"]
# directory_options [ "FollowSymLinks" ]
# allow_override [ "None" ]
# end
#######################
# Install and Setup PHP
# case node['platform_family']
# when 'rhel'
# # Remove distro-provided versions if installed
# %w(php php-cli php-pear php-devel php-common).each do |pkg|
# package pkg do
# action :remove
# end
# end
#
# # Setup PHP to use yum-ius packages
# node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache)
# node.default['php']['fpm_package'] = 'php56u-fpm'
# node.default['php']['fpm_user'] = 'php-fpm'
# node.default['php']['fpm_group'] = 'php-fpm'
# node.default['php']['gd']['package'] = 'php56u-gd'
# node.default['php']['apcu']['package'] = 'php56u-pecl-apcu'
# node.default['php']['ldap']['package'] = 'php56u-ldap'
#
# case node['zabbix']['database']['backend']
# when 'postgresql'
# node.default['php']['packages'] += ['php56u-pgsql']
# node.default['php']['postgresql']['package'] = 'php56u-pgsql'
# when 'mysql', 'mariadb', 'percona'
# node.default['php']['packages'] += ['php56u-mysqlnd']
# node.default['php']['mysql']['package'] = 'php56u-mysqlnd'
# end
# end
#
# # Set PHP timezone
# node.default['php']['directives'] = {
# 'date.timezone' => node['zabbix']['php']['timezone']
# }
# include_recipe 'php'
#######################
# Install Zabbix Server
case node['zabbix']['database']['backend']
when 'postgresql'
%w(zabbix-server-pgsql zabbix-web-pgsql zabbix-get).each do |pkg|
package pkg
end
when 'mysql', 'mariadb', 'percona'
%w(zabbix-server-mysql zabbix-web-mysql zabbix-get).each do |pkg|
package pkg
end
end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
yum_package pkg do
version '5.6.28-1.ius.centos6'
allow_downgrade true
action :install
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/zabbix.conf" do
source "zabbix_httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/security.conf" do
source "security.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/ssl.conf" do
source "ssl.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
#############################
# Install PHP-FPM Zabbix pool
# php_fpm_pool 'zabbix' do
# listen '127.0.0.1:9001'
# user 'php-fpm'
# group 'php-fpm'
# chdir '/usr/share/zabbix'
# max_children 50
# start_servers 5
# min_spare_servers 5
# max_spare_servers 35
# additional_config({
# 'pm.process_idle_timeout' => '10s',
# 'pm.max_requests' => '500',
# 'ping.path' => '/ping',
# 'ping.response' => 'pong',
# 'php_flag[display_errors]' => 'off',
# 'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log',
# 'php_admin_flag[log_errors]' => 'on',
# 'php_admin_value[memory_limit]' => '128M',
# 'php_value[session.save_handler]' => 'files',
# 'php_value[session.save_path]' => '/var/lib/php-fpm/session',
# 'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache',
# 'php_value[max_execution_time]' => '300',
# 'php_value[post_max_size]' => '16M',
# 'php_value[upload_max_filesize]' => '2M',
# 'php_value[max_input_time]' => '300',
# 'php_value[always_populate_raw_post_data]' => '-1'
# })
# action :install
# only_if { node['zabbix']['php']['use_fpm'] }
# end
#########################
# Configure Zabbix Server
template "/etc/zabbix/zabbix_server.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
credentials = chef_vault_item("secrets", "zabbix")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
:DBUsername => credentials['username'],
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
})
source "zabbix_server.conf.erb"
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_server.conf.erb
zabbix/zabbix_server.conf.erb
default/zabbix_server.conf.erb
zabbix_server.conf.erb
}
sensitive true
mode "0640"
owner "root"
@ -76,34 +162,99 @@ template "/etc/zabbix/zabbix_server.conf" do
notifies :restart, "service[zabbix-server]", :immediately
end
directory "/etc/zabbix/web" do
mode "0750"
owner "root"
#group "php-fpm"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
end
end
end
template "/etc/zabbix/web/zabbix.conf.php" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
credentials = chef_vault_item("secrets", "zabbix")
variables({
:DBPassword => credentials['zabbix']['postgres_password']
:DBUsername => credentials['username'],
:DBPassword => credentials['password'],
:DBDatabase => credentials['database']
})
source "zabbix_web.conf.erb"
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/zabbix.conf.php.erb
zabbix/zabbix.conf.php.erb
default/zabbix.conf.php.erb
zabbix.conf.php.erb
}
sensitive true
mode "0640"
owner "root"
group "apache"
#group "php-fpm"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
end
end
end
template "/etc/php.ini" do
source "php.ini.erb"
mode "0644"
template "/etc/zabbix/web/maintenance.inc.php" do
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/maintenance.inc.php.erb
zabbix/maintenance.inc.php.erb
default/maintenance.inc.php.erb
maintenance.inc.php.erb
}
sensitive true
mode "0640"
owner "root"
group "root"
notifies :restart, "service[httpd]", :immediately
end
service 'httpd' do
supports :restart => true, :start => true
action :enable
#group "php-fpm"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['nginx']['group']
end
end
end
#################
# Manage Services
service 'zabbix-server' do
supports :restart => true, :start => true
action :enable
action [:enable, :start]
subscribes :restart, "template[/etc/zabbix/zabbix_server.conf]", :delayed
end
service 'php-fpm' do
action [:enable, :start]
subscribes :reload, "php_fpm_pool[default]", :delayed
only_if { node['zabbix']['php']['use_fpm'] }
end
######################
# Include Zabbix Agent
include_recipe 'zabbix::agent'

36
recipes/server_apache.rb Normal file
View file

@ -0,0 +1,36 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_apache
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'apache2'
##########################
# Setup and Install Apache
%w(proxy proxy_fcgi).each do |mod|
apache_module mod do
only_if { node['zabbix']['php']['use_fpm'] }
end
end
web_app "zabbix" do
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-mod"
server_name node['fqdn']
server_aliases ["zabbix.#{node['domain']}"]
template %W{
apache/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform']}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{tname}.conf.erb
apache/default/#{tname}.conf.erb
apache/#{tname}.conf.erb
}
docroot "/usr/share/zabbix"
directory_index ["index.php"]
directory_options [ "FollowSymLinks" ]
allow_override [ "None" ]
end

24
recipes/server_nginx.rb Normal file
View file

@ -0,0 +1,24 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_nginx
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#########################
# Setup and Install nginx
include_recipe 'chef_nginx'
nginx_site "zabbix" do
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-fcgi"
template %W{
nginx/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
nginx/#{node['platform']}/#{tname}.conf.erb
nginx/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
nginx/#{node['platform_family']}/#{tname}.conf.erb
nginx/default/#{tname}.conf.erb
nginx/#{tname}.conf.erb
}
end

82
recipes/server_php.rb Normal file
View file

@ -0,0 +1,82 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_php
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#######################
# Install and Setup PHP
case node['platform_family']
when 'rhel'
# Remove distro-provided versions if installed
%w(php php-cli php-pear php-devel php-common).each do |pkg|
package pkg do
action :remove
end
end
# Setup PHP to use yum-ius packages
node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache)
node.default['php']['fpm_package'] = 'php56u-fpm'
node.default['php']['fpm_user'] = 'php-fpm'
node.default['php']['fpm_group'] = 'php-fpm'
node.default['php']['gd']['package'] = 'php56u-gd'
node.default['php']['apcu']['package'] = 'php56u-pecl-apcu'
node.default['php']['ldap']['package'] = 'php56u-ldap'
if node['zabbix']['php']['use_fpm'] != true
if node['zabbix']['webserver']['backend'] == 'apache'
node.default['php']['packages'] += ['php56u']
end
end
case node['zabbix']['database']['backend']
when 'postgresql'
node.default['php']['packages'] += ['php56u-pgsql']
node.default['php']['postgresql']['package'] = 'php56u-pgsql'
when 'mysql', 'mariadb', 'percona'
node.default['php']['packages'] += ['php56u-mysqlnd']
node.default['php']['mysql']['package'] = 'php56u-mysqlnd'
end
end
# Set PHP timezone
node.default['php']['directives'] = {
'date.timezone' => node['zabbix']['php']['timezone']
}
include_recipe 'php'
#############################
# Install PHP-FPM Zabbix pool
php_fpm_pool 'zabbix' do
listen '127.0.0.1:9001'
user 'php-fpm'
group 'php-fpm'
chdir '/usr/share/zabbix'
max_children 50
start_servers 5
min_spare_servers 5
max_spare_servers 35
additional_config({
'pm.process_idle_timeout' => '10s',
'pm.max_requests' => '500',
'ping.path' => '/ping',
'ping.response' => 'pong',
'php_flag[display_errors]' => 'off',
'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log',
'php_admin_flag[log_errors]' => 'on',
'php_admin_value[memory_limit]' => '128M',
'php_value[session.save_handler]' => 'files',
'php_value[session.save_path]' => '/var/lib/php-fpm/session',
'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache',
'php_value[max_execution_time]' => '300',
'php_value[post_max_size]' => '16M',
'php_value[upload_max_filesize]' => '2M',
'php_value[max_input_time]' => '300',
'php_value[always_populate_raw_post_data]' => '-1'
})
action :install
only_if { node['zabbix']['php']['use_fpm'] }
end

View file

@ -0,0 +1,77 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
# Enable http authorization headers.
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9001/usr/share/zabbix/$1
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

View file

@ -0,0 +1,81 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
</IfModule>
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

View file

@ -0,0 +1,26 @@
[zabbix]
user = php-fpm
group = php-fpm
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
pm.max_requests = 500
ping.path = /ping
ping.response = pong
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php-fpm/session
php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache
php_value[max_execution_time] = 300
php_value[post_max_size] = 16M
php_value[upload_max_filesize] = 2M
php_value[max_input_time] = 300
php_value[always_populate_raw_post_data] = -1

View file

@ -0,0 +1,52 @@
upstream php-handler {
<% if node['zabbix']['php']['use_fpm'] %>
server 127.0.0.1:9001;
<% else %>
server unix:/var/run/php5-fpm.sock;
<% end %>
}
#server {
# server_name zabbix.example.com;
# return 301 https://zabbix.example.com$request_uri;
#}
server {
listen 80;
server_name zabbix.example.com;
access_log /var/log/nginx/zabbix.log;
error_log /var/log/nginx/zabbix.error;
#ssl on;
#ssl_certificate /etc/ssl/certs/zabbix.crt;
#ssl_certificate_key /etc/ssl/private/zabbix.key;
root /var/www/zabbix/;
index index.php index.html;
client_max_body_size 5m;
client_body_buffer_size 128k;
location ~ \.php$ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass unix:/var/run/zabbix.socket;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
}

View file

@ -0,0 +1,29 @@
<?php
/*
** Zabbix
** Copyright (C) 2001-2016 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
// Maintenance mode
//define('ZBX_DENY_GUI_ACCESS', 1);
// IP range, who are allowed to connect to FrontEnd
//$ZBX_GUI_ACCESS_IP_RANGE = array('127.0.0.1');
// MSG shown on Warning screen!
//$_REQUEST['warning_msg'] = 'Zabbix is under maintenance.';

View file

@ -1,12 +1,14 @@
<?php
// MANAGED BY CHEF
//
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost';
$DB['PORT'] = '0';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbixmaster';
$DB['DATABASE'] = '<%= @DBDatabase %>';
$DB['USER'] = '<%= @DBUsername %>';
$DB['PASSWORD'] = '<%= @DBPassword %>';
// Schema name. Used for IBM DB2 and PostgreSQL.
@ -17,4 +19,3 @@ $ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

View file

@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid
# Default:
# DBName=
DBName=zabbix
DBName=<%= @DBDatabase %>
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
@ -97,7 +97,7 @@ DBName=zabbix
# Default:
# DBUser=
DBUser=zabbixmaster
DBUser=<%= @DBUsername %>
### Option: DBPassword
# Database password. Ignored for SQLite.

View file

@ -1,5 +1,6 @@
{
"id": "zabbix",
"postgres": "password",
"server": "password"
"username": "zabbix",
"password": "password",
"database": "zabbix"
}