Linux-Help/cookbook-zabbix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: Linux-Help:develop
Branches Tags
Linux-Help:develop
Linux-Help:enhancement-erenfro-issue4-itemize-zabbix-config-into-attributes
Linux-Help:enhancement-erenfro-issue10-chef-vault-everything
Linux-Help:master
Linux-Help:enhancement-erenfro-issue3-split-database-install
..
compare: Linux-Help:enhancement-erenfro-issue3-split-database-install
Branches Tags
Linux-Help:enhancement-erenfro-issue4-itemize-zabbix-config-into-attributes
Linux-Help:develop
Linux-Help:enhancement-erenfro-issue10-chef-vault-everything
Linux-Help:master
Linux-Help:enhancement-erenfro-issue3-split-database-install

No commits in common. "develop" and "enhancement-erenfro-issue3-split-database-install" have entirely different histories.
develop ... enhancemen

23 changed files with 119 additions and 666 deletions
Show stats Expand all files Collapse all files

23
.kitchen.yml
View file

@ -23,9 +23,8 @@ platforms:
suites:
- name: server
driver:
networks:
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8087-:80
device: virtio-net-pci,netdev=user
forward:
- 8087:80
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
@ -35,24 +34,6 @@ suites:
database:
repo:
pgdg: true
- name: server-nginx
driver:
networks:
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8086-:80
device: virtio-net-pci,netdev=user
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
attributes:
tags: [ 'httpd' ]
zabbix:
webserver:
backend: nginx
database:
repo:
pgdg: true
php:
use_fpm: false
- name: agent
run_list:
- recipe[zabbix::default]

6
Berksfile
View file

@ -3,12 +3,8 @@ source "https://supermarket.chef.io"
metadata
cookbook "chef-vault", '>= 2.1.1'
cookbook "apache2", '>= 3.2.2'
cookbook "chef_nginx", '>= 5.0.7'
#cookbook "httpd", '>= 0.4.4'
cookbook "php", '>= 2.2.0'
cookbook "postgresql", '>= 6.0.1'
cookbook "yum-ius", '>= 2.1.0'
cookbook "yum-zabbix", path: "../yum-zabbix"
#cookbook "apt-zabbix", path: "../apt-zabbix"
#cookbook "mysql", '>= 8.2.0'

15
attributes/default.rb
View file

@ -1,20 +1,5 @@
default['zabbix']['database']['backend'] = 'postgresql'
default['zabbix']['database']['repo']['pgdg'] = false
default['zabbix']['webserver']['backend'] = 'apache'
default['zabbix']['webserver']['port'] = '80'
default['zabbix']['php']['use_fpm'] = true
default['zabbix']['php']['timezone'] = 'America/New_York'
default['zabbix']['ssl']['enable'] = false
default['zabbix']['ssl']['port'] = '443'
default['zabbix']['ssl']['cacert'] = nil
default['zabbix']['ssl']['server_cert'] = nil
default['zabbix']['ssl']['server_key'] = nil
default['zabbix']['ssl']['ssl_protocols'] = [ "TLSv1.2" ]
default['zabbix']['ssl']['ssl_ciphers'] = [
"HIGH",
"!aNULL",
"!MD5"
]
default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = []

7
metadata.rb
View file

@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
license 'Apache 2.0'
description 'Installs Zabbix Server & Client agents for EL linux distributions'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '1.5.2'
version '1.5.0'
source_url 'https://git.linux-help.org/Linux-Help/zabbix' if respond_to?(:source_url)
issues_url 'https://git.linux-help.org/Linux-Help/zabbix/issues' if respond_to?(:issues_url)
@ -15,12 +15,7 @@ end
recipe 'zabbix', 'Installs zabbix'
depends 'chef-vault', '>= 2.1.1'
depends 'apache2', '>= 3.2.2'
depends 'chef_nginx', '>= 5.0.7'
#depends 'httpd', '>= 0.4.4'
depends 'php', '>= 2.2.0'
depends 'postgresql', '>= 6.0.1'
depends 'yum-ius', '>= 2.1.0'
depends 'yum-zabbix', '>= 1.0.1'
#depends 'apt-zabbix'
#depends 'mysql', '>= 8.2.0'

31
recipes/agent.rb
View file

@ -16,16 +16,7 @@ end
# Install custom zabbix_agentd.conf
template "/etc/zabbix/zabbix_agentd.conf" do
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_agentd.conf.erb
zabbix/zabbix_agentd.conf.erb
default/zabbix_agentd.conf.erb
zabbix_agentd.conf.erb
}
source "zabbix_agentd.conf.erb"
mode "0644"
owner "root"
group "root"
@ -58,6 +49,25 @@ remote_directory "/etc/zabbix/trap.d" do
action :create
end
if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb')
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:users => credentials['mongo']['users'][node.chef_environment]
})
end
else
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
# Link live agents to node
node['zabbix']['trap_scripts']['live']['add'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do
@ -105,3 +115,4 @@ cron "zabbix_daily" do
command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['daily']['add'].any? }
end

16
recipes/database_postgresql.rb
View file

@ -35,7 +35,6 @@ directory '/tmp/database' do
end
cookbook_file '/tmp/database/schema.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/schema.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/schema.sql
@ -46,7 +45,6 @@ cookbook_file '/tmp/database/schema.sql' do
end
cookbook_file '/tmp/database/images.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/images.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/images.sql
@ -57,7 +55,6 @@ cookbook_file '/tmp/database/images.sql' do
end
cookbook_file '/tmp/database/data.sql' do
sensitive true
source %W{
host-#{node['fqdn']}/data.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/data.sql
@ -69,11 +66,12 @@ end
bash 'create_zabbix_db_user' do
user 'postgres'
#sensitive true
sensitive true
credentials = chef_vault_item("secrets", "zabbix")
code <<-EOH
psql -c "CREATE USER \"#{credentials['username']}\" WITH PASSWORD '#{credentials['password']}';"
psql -c "CREATE DATABASE \"#{credentials['database']}\" WITH OWNER \"#{credentials['username']}\" ENCODING 'UTF-8';"
psql -c "CREATE DATABASE zabbix WITH ENCODING='UTF-8';"
psql -c "CREATE USER zabbix WITH PASSWORD '#{credentials['postgres']}';"
psql -c "GRANT ALL PRIVILEGES ON DATABASE zabbix TO zabbix;"
EOH
action :nothing
subscribes :run, 'directory[/tmp/database]', :immediately
@ -81,11 +79,7 @@ end
bash 'initialize_zabbix_db' do
sensitive true
credentials = chef_vault_item("secrets", "zabbix")
environment({
"PGUSER" => credentials['username'],
"PGPASSWORD" => credentials['password']
})
user 'postgres'
code <<-EOH
psql -d zabbix -f /tmp/database/schema.sql
psql -d zabbix -f /tmp/database/images.sql

18
recipes/proxy.rb
View file

@ -7,8 +7,6 @@
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'chef-vault'
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
@ -25,20 +23,11 @@ directory "/var/lib/zabbix" do
end
template "/etc/zabbix/zabbix_proxy.conf" do
credentials = chef_vault_item("secrets", "zabbix")
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:credentials => credentials
:DBPassword => credentials['zabbix']['postgres_password']
})
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_proxy.conf.erb
zabbix/zabbix_proxy.conf.erb
default/zabbix_proxy.conf.erb
zabbix_proxy.conf.erb
}
source "zabbix_proxy.conf.erb"
sensitive true
mode "0640"
owner "root"
@ -52,3 +41,4 @@ service 'zabbix-proxy' do
end
include_recipe 'zabbix::agent'

196
recipes/server.rb
View file

@ -7,62 +7,68 @@
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'chef-vault'
include_recipe "#{cookbook_name}::database"
#################################
# Include Additional Repositories
case node['platform_family']
when 'rhel'
include_recipe 'yum-ius'
include_recipe 'yum-zabbix'
end
#############################
# Setup and Install Webserver
case node['zabbix']['webserver']['backend']
when 'apache'
include_recipe "#{cookbook_name}::server_apache"
when 'nginx'
include_recipe "#{cookbook_name}::server_nginx"
else
Chef::Application.fatal!('Webserver backend can either be apache or nginx', 121)
end
#######################
# Setup and Install PHP
include_recipe "#{cookbook_name}::server_php"
#######################
# Install Zabbix Server
case node['zabbix']['database']['backend']
when 'postgresql'
%w(zabbix-server-pgsql zabbix-web-pgsql zabbix-get).each do |pkg|
package pkg
end
when 'mysql', 'mariadb', 'percona'
%w(zabbix-server-mysql zabbix-web-mysql zabbix-get).each do |pkg|
package pkg
%w{httpd mod_ssl}.each do |pkg|
yum_package pkg do
version '2.2.15-39.el6'
allow_downgrade true
action :install
end
end
#########################
# Configure Zabbix Server
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg|
yum_package pkg do
version '5.6.28-1.ius.centos6'
allow_downgrade true
action :install
end
end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg|
yum_package pkg do
version '3.0.5-1.el6'
allow_downgrade true
action :install
end
end
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/zabbix.conf" do
source "zabbix_httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/security.conf" do
source "security.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/ssl.conf" do
source "ssl.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/zabbix/zabbix_server.conf" do
credentials = chef_vault_item("secrets", "zabbix")
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:credentials => credentials
:DBPassword => credentials['zabbix']['postgres_password']
})
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_server.conf.erb
zabbix/zabbix_server.conf.erb
default/zabbix_server.conf.erb
zabbix_server.conf.erb
}
source "zabbix_server.conf.erb"
sensitive true
mode "0640"
owner "root"
@ -70,94 +76,34 @@ template "/etc/zabbix/zabbix_server.conf" do
notifies :restart, "service[zabbix-server]", :immediately
end
directory "/etc/zabbix/web" do
mode "0750"
owner "root"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
end
template "/etc/zabbix/web/zabbix.conf.php" do
credentials = chef_vault_item("secrets", "zabbix")
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:credentials => credentials
:DBPassword => credentials['zabbix']['postgres_password']
})
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/zabbix.conf.php.erb
zabbix/zabbix.conf.php.erb
default/zabbix.conf.php.erb
zabbix.conf.php.erb
}
source "zabbix_web.conf.erb"
sensitive true
mode "0640"
owner "root"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
group "apache"
end
template "/etc/zabbix/web/maintenance.inc.php" do
source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/maintenance.inc.php.erb
zabbix/maintenance.inc.php.erb
default/maintenance.inc.php.erb
maintenance.inc.php.erb
}
sensitive true
mode "0640"
template "/etc/php.ini" do
source "php.ini.erb"
mode "0644"
owner "root"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
group "root"
notifies :restart, "service[httpd]", :immediately
end
service 'httpd' do
supports :restart => true, :start => true
action :enable
end
#################
# Manage Services
service 'zabbix-server' do
supports :restart => true, :start => true
action [:enable, :start]
subscribes :restart, "template[/etc/zabbix/zabbix_server.conf]", :delayed
action :enable
end
service 'php-fpm' do
action [:enable, :start]
subscribes :reload, "php_fpm_pool[default]", :delayed
only_if { node['zabbix']['php']['use_fpm'] }
end
######################
# Include Zabbix Agent
include_recipe 'zabbix::agent'

36
recipes/server_apache.rb
View file

@ -1,36 +0,0 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_apache
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'apache2'
##########################
# Setup and Install Apache
%w(proxy proxy_fcgi).each do |mod|
apache_module mod do
only_if { node['zabbix']['php']['use_fpm'] }
end
end
web_app "zabbix" do
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-mod"
server_name node['fqdn']
server_aliases ["zabbix.#{node['domain']}"]
template %W{
apache/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform']}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{tname}.conf.erb
apache/default/#{tname}.conf.erb
apache/#{tname}.conf.erb
}
docroot "/usr/share/zabbix"
directory_index ["index.php"]
directory_options [ "FollowSymLinks" ]
allow_override [ "None" ]
end

34
recipes/server_nginx.rb
View file

@ -1,34 +0,0 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_nginx
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#########################
# Setup and Install nginx
node.default['nginx']['default_site_enabled'] = false
include_recipe 'chef_nginx'
nginx_site "zabbix" do
template 'nginx/zabbix.conf.erb'
variables({
:params => {
:server_port => node['zabbix']['webserver']['port'],
:ssl_port => node['zabbix']['ssl']['port'],
:server_name => [ "#{node['fqdn']}, zabbix.#{node['domain']}" ],
:docroot => '/usr/share/zabbix',
:cacert => node['zabbix']['ssl']['cacert'],
:server_cert => node['zabbix']['ssl']['server_cert'],
:server_key => node['zabbix']['ssl']['server_key'],
:ssl_proto => node['zabbix']['ssl']['ssl_protocols'],
:ssl_ciphers => node['zabbix']['ssl']['ssl_ciphers']
}
})
end
file "/etc/nginx/conf.d/default.conf" do
action :delete
end

82
recipes/server_php.rb
View file

@ -1,82 +0,0 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_php
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#######################
# Install and Setup PHP
case node['platform_family']
when 'rhel'
# Remove distro-provided versions if installed
%w(php php-cli php-pear php-devel php-common).each do |pkg|
package pkg do
action :remove
end
end
# Setup PHP to use yum-ius packages
node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache)
node.default['php']['fpm_package'] = 'php56u-fpm'
node.default['php']['fpm_user'] = 'php-fpm'
node.default['php']['fpm_group'] = 'php-fpm'
node.default['php']['gd']['package'] = 'php56u-gd'
node.default['php']['apcu']['package'] = 'php56u-pecl-apcu'
node.default['php']['ldap']['package'] = 'php56u-ldap'
if node['zabbix']['php']['use_fpm'] != true
if node['zabbix']['webserver']['backend'] == 'apache'
node.default['php']['packages'] += ['php56u']
end
end
case node['zabbix']['database']['backend']
when 'postgresql'
node.default['php']['packages'] += ['php56u-pgsql']
node.default['php']['postgresql']['package'] = 'php56u-pgsql'
when 'mysql', 'mariadb', 'percona'
node.default['php']['packages'] += ['php56u-mysqlnd']
node.default['php']['mysql']['package'] = 'php56u-mysqlnd'
end
end
# Set PHP timezone
node.default['php']['directives'] = {
'date.timezone' => node['zabbix']['php']['timezone']
}
include_recipe 'php'
#############################
# Install PHP-FPM Zabbix pool
php_fpm_pool 'zabbix' do
listen '127.0.0.1:9001'
user 'php-fpm'
group 'php-fpm'
#chdir '/usr/share/zabbix'
max_children 50
start_servers 5
min_spare_servers 5
max_spare_servers 35
additional_config({
'pm.process_idle_timeout' => '10s',
'pm.max_requests' => '500',
'ping.path' => '/ping',
'ping.response' => 'pong',
'php_flag[display_errors]' => 'off',
'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log',
'php_admin_flag[log_errors]' => 'on',
'php_admin_value[memory_limit]' => '128M',
'php_value[session.save_handler]' => 'files',
'php_value[session.save_path]' => '/var/lib/php-fpm/session',
'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache',
'php_value[max_execution_time]' => '300',
'php_value[post_max_size]' => '16M',
'php_value[upload_max_filesize]' => '2M',
'php_value[max_input_time]' => '300',
'php_value[always_populate_raw_post_data]' => '-1'
})
action :install
only_if { node['zabbix']['php']['use_fpm'] || node['zabbix']['webserver']['backend'] == 'nginx' }
end

17
recipes/trap_scripts.rb
View file

@ -7,8 +7,6 @@
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'chef-vault'
node.override['zabbix']['trap_scripts']['live']['add'] = []
node.override['zabbix']['trap_scripts']['live']['del'] = []
node.override['zabbix']['trap_scripts']['daily']['add'] = []
@ -43,23 +41,8 @@ end
if node['recipes'].include?('mongodb') or node.tags.include?('mongodb')
node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh']
node.override['zabbix']['agent_meta'] += ['MongoDB']
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = chef_vault_item("secrets", "mongodb")
variables({
:credentials => credentials
})
end
else
node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh']
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
###########################################################

77
templates/apache/zabbix-fpm.conf.erb
View file

@ -1,77 +0,0 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
# Enable http authorization headers.
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9001/usr/share/zabbix/$1
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

81
templates/apache/zabbix-mod.conf.erb
View file

@ -1,81 +0,0 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
</IfModule>
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

5
templates/default/mongo26.config.erb
View file

@ -1,2 +1,3 @@
mongoUser="<%= @credentials['username'] %>"
mongoPass="<%= @credentials['password'] %>"
mongoUser="<%= @users['mmsagent']['username'] %>"
mongoPass="<%= @users['mmsagent']['password'] %>"

0
templates/zabbix/3.0/zabbix_agentd.conf.erb → templates/default/zabbix_agentd.conf.erb
View file

0
templates/zabbix/3.0/zabbix_proxy.conf.erb → templates/default/zabbix_proxy.conf.erb
View file

6
templates/zabbix/3.0/zabbix_server.conf.erb → templates/default/zabbix_server.conf.erb
View file

@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid
# Default:
# DBName=
DBName=<%= @credentials['database'] %>
DBName=zabbix
### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL.
@ -97,7 +97,7 @@ DBName=<%= @credentials['database'] %>
# Default:
# DBUser=
DBUser=<%= @credentials['username'] %>
DBUser=zabbixmaster
### Option: DBPassword
# Database password. Ignored for SQLite.
@ -105,7 +105,7 @@ DBUser=<%= @credentials['username'] %>
#
# Mandatory: no
# Default:
DBPassword=<%= @credentials['password'] %>
DBPassword=<%= @DBPassword %>
### Option: DBSocket
# Path to MySQL socket.

9
templates/zabbix/3.0/zabbix.conf.php.erb → templates/default/zabbix_web.conf.erb
View file

@ -1,15 +1,13 @@
<?php
// MANAGED BY CHEF
//
// Zabbix GUI configuration file.
global $DB;
$DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost';
$DB['PORT'] = '0';
$DB['DATABASE'] = '<%= @credentials['database'] %>';
$DB['USER'] = '<%= @credentials['username'] %>';
$DB['PASSWORD'] = '<%= @credentials['password'] %>';
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbixmaster';
$DB['PASSWORD'] = '<%= @DBPassword %>';
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '';
@ -19,3 +17,4 @@ $ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

26
templates/fpm/zabbix.conf.erb
View file

@ -1,26 +0,0 @@
[zabbix]
user = php-fpm
group = php-fpm
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
pm.max_requests = 500
ping.path = /ping
ping.response = pong
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php-fpm/session
php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache
php_value[max_execution_time] = 300
php_value[post_max_size] = 16M
php_value[upload_max_filesize] = 2M
php_value[max_input_time] = 300
php_value[always_populate_raw_post_data] = -1

62
templates/nginx/zabbix.conf.erb
View file

@ -1,62 +0,0 @@
upstream php-handler {
server 127.0.0.1:9001;
}
<% if node['zabbix']['ssl']['enable'] %>
server {
listen <%= @params['server_port'] %> default_server;
listen [::]:<%= @params['server_port'] %> default_server;
server_name _;
return 301 https://$host:<%= @params['ssl_port'] %>$request_uri;
}
<% end %>
server {
<% if node['zabbix']['ssl']['enable'] %>
listen <%= @params[:ssl_port] %> default_server;
listen [::]:<%= @params[:ssl_port] %> default_server;
<% else %>
listen <%= @params[:server_port] %> default_server;
listen [::]:<%= @params[:server_port] %> default_server;
<% end %>
server_name <%= [@params[:server_name]].flatten.join ", " %>;
access_log /var/log/nginx/zabbix.log;
error_log /var/log/nginx/zabbix.error;
<% if node['zabbix']['ssl']['enable'] %>
ssl on;
ssl_certificate <%= @params[:server_cert] %>;
ssl_certificate_key <%= @params[:server_cert] %>;
ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>;
#ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>;
<% end %>
root <%= @params[:docroot] %>;
index index.php index.html;
client_max_body_size 5m;
client_body_buffer_size 128k;
#location ~ \.php$ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass unix:/var/run/zabbix.socket;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
}

29
templates/zabbix/3.0/maintenance.inc.php.erb
View file

@ -1,29 +0,0 @@
<?php
/*
** Zabbix
** Copyright (C) 2001-2016 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
// Maintenance mode
//define('ZBX_DENY_GUI_ACCESS', 1);
// IP range, who are allowed to connect to FrontEnd
//$ZBX_GUI_ACCESS_IP_RANGE = array('127.0.0.1');
// MSG shown on Warning screen!
//$_REQUEST['warning_msg'] = 'Zabbix is under maintenance.';

5
test/fixtures/data_bags/secrets/zabbix.json vendored
View file

@ -1,6 +1,5 @@
{
"id": "zabbix",
"username": "zabbix",
"password": "password",
"database": "zabbix"
"postgres": "password",
"server": "password"
}