Compare commits

...

9 commits

23 changed files with 666 additions and 119 deletions

View file

@ -23,8 +23,9 @@ platforms:
suites: suites:
- name: server - name: server
driver: driver:
forward: networks:
- 8087:80 - netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8087-:80
device: virtio-net-pci,netdev=user
run_list: run_list:
- recipe[zabbix::database] - recipe[zabbix::database]
- recipe[zabbix::server] - recipe[zabbix::server]
@ -34,6 +35,24 @@ suites:
database: database:
repo: repo:
pgdg: true pgdg: true
- name: server-nginx
driver:
networks:
- netdev: user,id=user,net=192.168.1.0/24,hostname=%h,hostfwd=tcp::%p-:22,hostfwd=tcp::8086-:80
device: virtio-net-pci,netdev=user
run_list:
- recipe[zabbix::database]
- recipe[zabbix::server]
attributes:
tags: [ 'httpd' ]
zabbix:
webserver:
backend: nginx
database:
repo:
pgdg: true
php:
use_fpm: false
- name: agent - name: agent
run_list: run_list:
- recipe[zabbix::default] - recipe[zabbix::default]

View file

@ -3,8 +3,12 @@ source "https://supermarket.chef.io"
metadata metadata
cookbook "chef-vault", '>= 2.1.1' cookbook "chef-vault", '>= 2.1.1'
cookbook "apache2", '>= 3.2.2'
cookbook "chef_nginx", '>= 5.0.7'
#cookbook "httpd", '>= 0.4.4'
cookbook "php", '>= 2.2.0'
cookbook "postgresql", '>= 6.0.1' cookbook "postgresql", '>= 6.0.1'
cookbook "yum-ius", '>= 2.1.0'
cookbook "yum-zabbix", path: "../yum-zabbix" cookbook "yum-zabbix", path: "../yum-zabbix"
#cookbook "apt-zabbix", path: "../apt-zabbix" #cookbook "apt-zabbix", path: "../apt-zabbix"
#cookbook "mysql", '>= 8.2.0' #cookbook "mysql", '>= 8.2.0'

View file

@ -1,5 +1,20 @@
default['zabbix']['database']['backend'] = 'postgresql' default['zabbix']['database']['backend'] = 'postgresql'
default['zabbix']['database']['repo']['pgdg'] = false default['zabbix']['database']['repo']['pgdg'] = false
default['zabbix']['webserver']['backend'] = 'apache'
default['zabbix']['webserver']['port'] = '80'
default['zabbix']['php']['use_fpm'] = true
default['zabbix']['php']['timezone'] = 'America/New_York'
default['zabbix']['ssl']['enable'] = false
default['zabbix']['ssl']['port'] = '443'
default['zabbix']['ssl']['cacert'] = nil
default['zabbix']['ssl']['server_cert'] = nil
default['zabbix']['ssl']['server_key'] = nil
default['zabbix']['ssl']['ssl_protocols'] = [ "TLSv1.2" ]
default['zabbix']['ssl']['ssl_ciphers'] = [
"HIGH",
"!aNULL",
"!MD5"
]
default['zabbix']['version'] = "3.0" default['zabbix']['version'] = "3.0"
default['zabbix']['agent_meta'] = [] default['zabbix']['agent_meta'] = []

View file

@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
license 'Apache 2.0' license 'Apache 2.0'
description 'Installs Zabbix Server & Client agents for EL linux distributions' description 'Installs Zabbix Server & Client agents for EL linux distributions'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '1.5.0' version '1.5.2'
source_url 'https://git.linux-help.org/Linux-Help/zabbix' if respond_to?(:source_url) source_url 'https://git.linux-help.org/Linux-Help/zabbix' if respond_to?(:source_url)
issues_url 'https://git.linux-help.org/Linux-Help/zabbix/issues' if respond_to?(:issues_url) issues_url 'https://git.linux-help.org/Linux-Help/zabbix/issues' if respond_to?(:issues_url)
@ -15,7 +15,12 @@ end
recipe 'zabbix', 'Installs zabbix' recipe 'zabbix', 'Installs zabbix'
depends 'chef-vault', '>= 2.1.1' depends 'chef-vault', '>= 2.1.1'
depends 'apache2', '>= 3.2.2'
depends 'chef_nginx', '>= 5.0.7'
#depends 'httpd', '>= 0.4.4'
depends 'php', '>= 2.2.0'
depends 'postgresql', '>= 6.0.1' depends 'postgresql', '>= 6.0.1'
depends 'yum-ius', '>= 2.1.0'
depends 'yum-zabbix', '>= 1.0.1' depends 'yum-zabbix', '>= 1.0.1'
#depends 'apt-zabbix' #depends 'apt-zabbix'
#depends 'mysql', '>= 8.2.0' #depends 'mysql', '>= 8.2.0'

View file

@ -16,7 +16,16 @@ end
# Install custom zabbix_agentd.conf # Install custom zabbix_agentd.conf
template "/etc/zabbix/zabbix_agentd.conf" do template "/etc/zabbix/zabbix_agentd.conf" do
source "zabbix_agentd.conf.erb" source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_agentd.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_agentd.conf.erb
zabbix/zabbix_agentd.conf.erb
default/zabbix_agentd.conf.erb
zabbix_agentd.conf.erb
}
mode "0644" mode "0644"
owner "root" owner "root"
group "root" group "root"
@ -49,25 +58,6 @@ remote_directory "/etc/zabbix/trap.d" do
action :create action :create
end end
if node['recipes'].include?('mongodb') or node['tags'].include?('mongodb')
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials")
variables({
:users => credentials['mongo']['users'][node.chef_environment]
})
end
else
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end
# Link live agents to node # Link live agents to node
node['zabbix']['trap_scripts']['live']['add'].each do |script| node['zabbix']['trap_scripts']['live']['add'].each do |script|
link "/etc/zabbix/trap.d/live/#{script}" do link "/etc/zabbix/trap.d/live/#{script}" do
@ -115,4 +105,3 @@ cron "zabbix_daily" do
command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1} command %Q{/etc/zabbix/trap.d/runtrap daily >/dev/null 2>&1}
only_if { node['zabbix']['trap_scripts']['daily']['add'].any? } only_if { node['zabbix']['trap_scripts']['daily']['add'].any? }
end end

View file

@ -35,6 +35,7 @@ directory '/tmp/database' do
end end
cookbook_file '/tmp/database/schema.sql' do cookbook_file '/tmp/database/schema.sql' do
sensitive true
source %W{ source %W{
host-#{node['fqdn']}/schema.sql host-#{node['fqdn']}/schema.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/schema.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/schema.sql
@ -45,6 +46,7 @@ cookbook_file '/tmp/database/schema.sql' do
end end
cookbook_file '/tmp/database/images.sql' do cookbook_file '/tmp/database/images.sql' do
sensitive true
source %W{ source %W{
host-#{node['fqdn']}/images.sql host-#{node['fqdn']}/images.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/images.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/images.sql
@ -55,6 +57,7 @@ cookbook_file '/tmp/database/images.sql' do
end end
cookbook_file '/tmp/database/data.sql' do cookbook_file '/tmp/database/data.sql' do
sensitive true
source %W{ source %W{
host-#{node['fqdn']}/data.sql host-#{node['fqdn']}/data.sql
#{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/data.sql #{node['zabbix']['database']['backend']}/#{node['zabbix']['version']}/data.sql
@ -66,12 +69,11 @@ end
bash 'create_zabbix_db_user' do bash 'create_zabbix_db_user' do
user 'postgres' user 'postgres'
sensitive true #sensitive true
credentials = chef_vault_item("secrets", "zabbix") credentials = chef_vault_item("secrets", "zabbix")
code <<-EOH code <<-EOH
psql -c "CREATE DATABASE zabbix WITH ENCODING='UTF-8';" psql -c "CREATE USER \"#{credentials['username']}\" WITH PASSWORD '#{credentials['password']}';"
psql -c "CREATE USER zabbix WITH PASSWORD '#{credentials['postgres']}';" psql -c "CREATE DATABASE \"#{credentials['database']}\" WITH OWNER \"#{credentials['username']}\" ENCODING 'UTF-8';"
psql -c "GRANT ALL PRIVILEGES ON DATABASE zabbix TO zabbix;"
EOH EOH
action :nothing action :nothing
subscribes :run, 'directory[/tmp/database]', :immediately subscribes :run, 'directory[/tmp/database]', :immediately
@ -79,7 +81,11 @@ end
bash 'initialize_zabbix_db' do bash 'initialize_zabbix_db' do
sensitive true sensitive true
user 'postgres' credentials = chef_vault_item("secrets", "zabbix")
environment({
"PGUSER" => credentials['username'],
"PGPASSWORD" => credentials['password']
})
code <<-EOH code <<-EOH
psql -d zabbix -f /tmp/database/schema.sql psql -d zabbix -f /tmp/database/schema.sql
psql -d zabbix -f /tmp/database/images.sql psql -d zabbix -f /tmp/database/images.sql

View file

@ -7,6 +7,8 @@
# Eric Renfro <psi-jack@linux-help.org> # Eric Renfro <psi-jack@linux-help.org>
# #
include_recipe 'chef-vault'
%w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg| %w{zabbix-proxy-sqlite3 zabbix-get}.each do |pkg|
yum_package pkg do yum_package pkg do
version '3.0.5-1.el6' version '3.0.5-1.el6'
@ -23,11 +25,20 @@ directory "/var/lib/zabbix" do
end end
template "/etc/zabbix/zabbix_proxy.conf" do template "/etc/zabbix/zabbix_proxy.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBPassword => credentials['zabbix']['postgres_password'] :credentials => credentials
}) })
source "zabbix_proxy.conf.erb" source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_proxy.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_proxy.conf.erb
zabbix/zabbix_proxy.conf.erb
default/zabbix_proxy.conf.erb
zabbix_proxy.conf.erb
}
sensitive true sensitive true
mode "0640" mode "0640"
owner "root" owner "root"
@ -41,4 +52,3 @@ service 'zabbix-proxy' do
end end
include_recipe 'zabbix::agent' include_recipe 'zabbix::agent'

View file

@ -7,103 +7,157 @@
# Eric Renfro <psi-jack@linux-help.org> # Eric Renfro <psi-jack@linux-help.org>
# #
%w{httpd mod_ssl}.each do |pkg| include_recipe 'chef-vault'
yum_package pkg do include_recipe "#{cookbook_name}::database"
version '2.2.15-39.el6'
allow_downgrade true #################################
action :install # Include Additional Repositories
end case node['platform_family']
when 'rhel'
include_recipe 'yum-ius'
include_recipe 'yum-zabbix'
end end
%w{php56u php56u-bcmath php56u-gd php56u-mbstring php56u-pgsql php56u-xml php56u-xmlrpc php56u-cli php56u-opcache}.each do |pkg| #############################
yum_package pkg do # Setup and Install Webserver
version '5.6.28-1.ius.centos6' case node['zabbix']['webserver']['backend']
allow_downgrade true when 'apache'
action :install include_recipe "#{cookbook_name}::server_apache"
end when 'nginx'
include_recipe "#{cookbook_name}::server_nginx"
else
Chef::Application.fatal!('Webserver backend can either be apache or nginx', 121)
end end
%w{zabbix-server-pgsql zabbix-web-pgsql zabbix-get}.each do |pkg| #######################
yum_package pkg do # Setup and Install PHP
version '3.0.5-1.el6' include_recipe "#{cookbook_name}::server_php"
allow_downgrade true
action :install #######################
end # Install Zabbix Server
end case node['zabbix']['database']['backend']
when 'postgresql'
template "/etc/httpd/conf/httpd.conf" do %w(zabbix-server-pgsql zabbix-web-pgsql zabbix-get).each do |pkg|
source "httpd.conf.erb" package pkg
mode "0644" end
owner "root" when 'mysql', 'mariadb', 'percona'
group "root" %w(zabbix-server-mysql zabbix-web-mysql zabbix-get).each do |pkg|
notifies :restart, "service[httpd]", :delayed package pkg
end end
template "/etc/httpd/conf.d/zabbix.conf" do
source "zabbix_httpd.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/security.conf" do
source "security.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end
template "/etc/httpd/conf.d/ssl.conf" do
source "ssl.conf.erb"
mode "0644"
owner "root"
group "root"
notifies :restart, "service[httpd]", :delayed
end end
#########################
# Configure Zabbix Server
template "/etc/zabbix/zabbix_server.conf" do template "/etc/zabbix/zabbix_server.conf" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBPassword => credentials['zabbix']['postgres_password'] :credentials => credentials
}) })
source "zabbix_server.conf.erb" source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix_server.conf.erb
zabbix/#{node['zabbix']['version']}/zabbix_server.conf.erb
zabbix/zabbix_server.conf.erb
default/zabbix_server.conf.erb
zabbix_server.conf.erb
}
sensitive true sensitive true
mode "0640" mode "0640"
owner "root" owner "root"
group "root" group "root"
notifies :restart, "service[zabbix-server]", :immediately notifies :restart, "service[zabbix-server]", :immediately
end end
directory "/etc/zabbix/web" do
mode "0750"
owner "root"
group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
end
template "/etc/zabbix/web/zabbix.conf.php" do template "/etc/zabbix/web/zabbix.conf.php" do
credentials = Chef::EncryptedDataBagItem.load("odhp_credentials", "credentials") credentials = chef_vault_item("secrets", "zabbix")
variables({ variables({
:DBPassword => credentials['zabbix']['postgres_password'] :credentials => credentials
}) })
source "zabbix_web.conf.erb" source %W{
zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/zabbix.conf.php.erb
zabbix/#{node['zabbix']['version']}/zabbix.conf.php.erb
zabbix/zabbix.conf.php.erb
default/zabbix.conf.php.erb
zabbix.conf.php.erb
}
sensitive true sensitive true
mode "0640" mode "0640"
owner "root" owner "root"
group "apache" group case node['zabbix']['php']['use_fpm']
when true
node['php']['fpm_group']
else
case node['zabbix']['webserver']['backend']
when 'apache'
node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
end end
template "/etc/php.ini" do template "/etc/zabbix/web/maintenance.inc.php" do
source "php.ini.erb" source %W{
mode "0644" zabbix/#{node['zabbix']['version']}/#{node['platform']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}-#{node['platform_version'].to_i}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/#{node['platform_family']}/maintenance.inc.php.erb
zabbix/#{node['zabbix']['version']}/maintenance.inc.php.erb
zabbix/maintenance.inc.php.erb
default/maintenance.inc.php.erb
maintenance.inc.php.erb
}
sensitive true
mode "0640"
owner "root" owner "root"
group "root" group case node['zabbix']['php']['use_fpm']
notifies :restart, "service[httpd]", :immediately when true
end node['php']['fpm_group']
else
service 'httpd' do case node['zabbix']['webserver']['backend']
supports :restart => true, :start => true when 'apache'
action :enable node['apache']['group']
when 'nginx'
node['php']['fpm_group']
end
end
end end
#################
# Manage Services
service 'zabbix-server' do service 'zabbix-server' do
supports :restart => true, :start => true supports :restart => true, :start => true
action :enable action [:enable, :start]
subscribes :restart, "template[/etc/zabbix/zabbix_server.conf]", :delayed
end end
service 'php-fpm' do
action [:enable, :start]
subscribes :reload, "php_fpm_pool[default]", :delayed
only_if { node['zabbix']['php']['use_fpm'] }
end
######################
# Include Zabbix Agent
include_recipe 'zabbix::agent' include_recipe 'zabbix::agent'

36
recipes/server_apache.rb Normal file
View file

@ -0,0 +1,36 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_apache
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
include_recipe 'apache2'
##########################
# Setup and Install Apache
%w(proxy proxy_fcgi).each do |mod|
apache_module mod do
only_if { node['zabbix']['php']['use_fpm'] }
end
end
web_app "zabbix" do
tname = node['zabbix']['php']['use_fpm'] ? "zabbix-fpm" : "zabbix-mod"
server_name node['fqdn']
server_aliases ["zabbix.#{node['domain']}"]
template %W{
apache/#{node['platform']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform']}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{node['platform_version'].to_i}/#{tname}.conf.erb
apache/#{node['platform_family']}/#{tname}.conf.erb
apache/default/#{tname}.conf.erb
apache/#{tname}.conf.erb
}
docroot "/usr/share/zabbix"
directory_index ["index.php"]
directory_options [ "FollowSymLinks" ]
allow_override [ "None" ]
end

34
recipes/server_nginx.rb Normal file
View file

@ -0,0 +1,34 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_nginx
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#########################
# Setup and Install nginx
node.default['nginx']['default_site_enabled'] = false
include_recipe 'chef_nginx'
nginx_site "zabbix" do
template 'nginx/zabbix.conf.erb'
variables({
:params => {
:server_port => node['zabbix']['webserver']['port'],
:ssl_port => node['zabbix']['ssl']['port'],
:server_name => [ "#{node['fqdn']}, zabbix.#{node['domain']}" ],
:docroot => '/usr/share/zabbix',
:cacert => node['zabbix']['ssl']['cacert'],
:server_cert => node['zabbix']['ssl']['server_cert'],
:server_key => node['zabbix']['ssl']['server_key'],
:ssl_proto => node['zabbix']['ssl']['ssl_protocols'],
:ssl_ciphers => node['zabbix']['ssl']['ssl_ciphers']
}
})
end
file "/etc/nginx/conf.d/default.conf" do
action :delete
end

82
recipes/server_php.rb Normal file
View file

@ -0,0 +1,82 @@
#
# Cookbook Name:: zabbix
# Recipe:: server_php
#
# Copyright 2017, Linux-Help.org
# Authors:
# Eric Renfro <psi-jack@linux-help.org>
#
#######################
# Install and Setup PHP
case node['platform_family']
when 'rhel'
# Remove distro-provided versions if installed
%w(php php-cli php-pear php-devel php-common).each do |pkg|
package pkg do
action :remove
end
end
# Setup PHP to use yum-ius packages
node.default['php']['packages'] = %w(php56u php56u-bcmath php56u-gd php56u-mbstring php56u-xml php56u-xmlrpc php56u-cli php56u-opcache)
node.default['php']['fpm_package'] = 'php56u-fpm'
node.default['php']['fpm_user'] = 'php-fpm'
node.default['php']['fpm_group'] = 'php-fpm'
node.default['php']['gd']['package'] = 'php56u-gd'
node.default['php']['apcu']['package'] = 'php56u-pecl-apcu'
node.default['php']['ldap']['package'] = 'php56u-ldap'
if node['zabbix']['php']['use_fpm'] != true
if node['zabbix']['webserver']['backend'] == 'apache'
node.default['php']['packages'] += ['php56u']
end
end
case node['zabbix']['database']['backend']
when 'postgresql'
node.default['php']['packages'] += ['php56u-pgsql']
node.default['php']['postgresql']['package'] = 'php56u-pgsql'
when 'mysql', 'mariadb', 'percona'
node.default['php']['packages'] += ['php56u-mysqlnd']
node.default['php']['mysql']['package'] = 'php56u-mysqlnd'
end
end
# Set PHP timezone
node.default['php']['directives'] = {
'date.timezone' => node['zabbix']['php']['timezone']
}
include_recipe 'php'
#############################
# Install PHP-FPM Zabbix pool
php_fpm_pool 'zabbix' do
listen '127.0.0.1:9001'
user 'php-fpm'
group 'php-fpm'
#chdir '/usr/share/zabbix'
max_children 50
start_servers 5
min_spare_servers 5
max_spare_servers 35
additional_config({
'pm.process_idle_timeout' => '10s',
'pm.max_requests' => '500',
'ping.path' => '/ping',
'ping.response' => 'pong',
'php_flag[display_errors]' => 'off',
'php_admin_value[error_log]' => '/var/log/php-fpm/www-error.log',
'php_admin_flag[log_errors]' => 'on',
'php_admin_value[memory_limit]' => '128M',
'php_value[session.save_handler]' => 'files',
'php_value[session.save_path]' => '/var/lib/php-fpm/session',
'php_value[soap.wsdl_cache_dir]' => '/var/lib/php-fpm/wsdlcache',
'php_value[max_execution_time]' => '300',
'php_value[post_max_size]' => '16M',
'php_value[upload_max_filesize]' => '2M',
'php_value[max_input_time]' => '300',
'php_value[always_populate_raw_post_data]' => '-1'
})
action :install
only_if { node['zabbix']['php']['use_fpm'] || node['zabbix']['webserver']['backend'] == 'nginx' }
end

View file

@ -7,6 +7,8 @@
# Eric Renfro <psi-jack@linux-help.org> # Eric Renfro <psi-jack@linux-help.org>
# #
include_recipe 'chef-vault'
node.override['zabbix']['trap_scripts']['live']['add'] = [] node.override['zabbix']['trap_scripts']['live']['add'] = []
node.override['zabbix']['trap_scripts']['live']['del'] = [] node.override['zabbix']['trap_scripts']['live']['del'] = []
node.override['zabbix']['trap_scripts']['daily']['add'] = [] node.override['zabbix']['trap_scripts']['daily']['add'] = []
@ -39,10 +41,25 @@ end
# MongoDB # MongoDB
# #
if node['recipes'].include?('mongodb') or node.tags.include?('mongodb') if node['recipes'].include?('mongodb') or node.tags.include?('mongodb')
node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh'] node.override['zabbix']['trap_scripts']['live']['add'] += ['mongo26.sh', 'ssl_check_mongo.sh']
node.override['zabbix']['agent_meta'] += ['MongoDB'] node.override['zabbix']['agent_meta'] += ['MongoDB']
template "/etc/zabbix/trap.d/mongo26.config" do
owner "root"
group "root"
mode "0700"
source "mongo26.config.erb"
sensitive true
credentials = chef_vault_item("secrets", "mongodb")
variables({
:credentials => credentials
})
end
else else
node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh'] node.override['zabbix']['trap_scripts']['live']['del'] += ['mongo26.sh', 'ssl_check_mongo.sh']
file "/etc/zabbix/trap.d/mongo26.config" do
action :delete
end
end end
########################################################### ###########################################################

View file

@ -0,0 +1,77 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
# Enable http authorization headers.
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9001/usr/share/zabbix/$1
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

View file

@ -0,0 +1,81 @@
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost *:<%= @params[:server_port] %>
<% end -%>
<VirtualHost *:<%= @params[:server_port] %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
# The following lines prevent .user.ini files from being viewed by Web clients.
<Files ".user.ini">
Require all denied
</Files>
# Allow php to handle Multiviews.
AddType text/html .php
<IfModule mod_php5.c>
php_value max_execution_time 300
php_value memory_limit 128M
php_value post_max_size 16M
php_value upload_max_filesize 2M
php_value max_input_time 300
php_value always_populate_raw_post_data -1
</IfModule>
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/conf>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/app>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/include>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
<Directory <%= @params[:docroot] %>/local>
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order deny,allow
Deny from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
</VirtualHost>

View file

@ -1,3 +1,2 @@
mongoUser="<%= @users['mmsagent']['username'] %>" mongoUser="<%= @credentials['username'] %>"
mongoPass="<%= @users['mmsagent']['password'] %>" mongoPass="<%= @credentials['password'] %>"

View file

@ -0,0 +1,26 @@
[zabbix]
user = php-fpm
group = php-fpm
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.process_idle_timeout = 10s;
pm.max_requests = 500
ping.path = /ping
ping.response = pong
php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 128M
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php-fpm/session
php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache
php_value[max_execution_time] = 300
php_value[post_max_size] = 16M
php_value[upload_max_filesize] = 2M
php_value[max_input_time] = 300
php_value[always_populate_raw_post_data] = -1

View file

@ -0,0 +1,62 @@
upstream php-handler {
server 127.0.0.1:9001;
}
<% if node['zabbix']['ssl']['enable'] %>
server {
listen <%= @params['server_port'] %> default_server;
listen [::]:<%= @params['server_port'] %> default_server;
server_name _;
return 301 https://$host:<%= @params['ssl_port'] %>$request_uri;
}
<% end %>
server {
<% if node['zabbix']['ssl']['enable'] %>
listen <%= @params[:ssl_port] %> default_server;
listen [::]:<%= @params[:ssl_port] %> default_server;
<% else %>
listen <%= @params[:server_port] %> default_server;
listen [::]:<%= @params[:server_port] %> default_server;
<% end %>
server_name <%= [@params[:server_name]].flatten.join ", " %>;
access_log /var/log/nginx/zabbix.log;
error_log /var/log/nginx/zabbix.error;
<% if node['zabbix']['ssl']['enable'] %>
ssl on;
ssl_certificate <%= @params[:server_cert] %>;
ssl_certificate_key <%= @params[:server_cert] %>;
ssl_protocols <%= [@params[:ssl_proto]].flatten.join " " %>;
#ssl_ciphers <%= [@params[:ssl_ciphers]].flatten.join ":" %>;
<% end %>
root <%= @params[:docroot] %>;
index index.php index.html;
client_max_body_size 5m;
client_body_buffer_size 128k;
#location ~ \.php$ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#fastcgi_pass unix:/var/run/zabbix.socket;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ /\. {
deny all;
}
}

View file

@ -0,0 +1,29 @@
<?php
/*
** Zabbix
** Copyright (C) 2001-2016 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
// Maintenance mode
//define('ZBX_DENY_GUI_ACCESS', 1);
// IP range, who are allowed to connect to FrontEnd
//$ZBX_GUI_ACCESS_IP_RANGE = array('127.0.0.1');
// MSG shown on Warning screen!
//$_REQUEST['warning_msg'] = 'Zabbix is under maintenance.';

View file

@ -1,13 +1,15 @@
<?php <?php
// MANAGED BY CHEF
//
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB; global $DB;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = 'POSTGRESQL';
$DB['SERVER'] = 'localhost'; $DB['SERVER'] = 'localhost';
$DB['PORT'] = '0'; $DB['PORT'] = '0';
$DB['DATABASE'] = 'zabbix'; $DB['DATABASE'] = '<%= @credentials['database'] %>';
$DB['USER'] = 'zabbixmaster'; $DB['USER'] = '<%= @credentials['username'] %>';
$DB['PASSWORD'] = '<%= @DBPassword %>'; $DB['PASSWORD'] = '<%= @credentials['password'] %>';
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = ''; $DB['SCHEMA'] = '';
@ -17,4 +19,3 @@ $ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix'; $ZBX_SERVER_NAME = 'Zabbix';
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

View file

@ -81,7 +81,7 @@ PidFile=/var/run/zabbix/zabbix_server.pid
# Default: # Default:
# DBName= # DBName=
DBName=zabbix DBName=<%= @credentials['database'] %>
### Option: DBSchema ### Option: DBSchema
# Schema name. Used for IBM DB2 and PostgreSQL. # Schema name. Used for IBM DB2 and PostgreSQL.
@ -97,7 +97,7 @@ DBName=zabbix
# Default: # Default:
# DBUser= # DBUser=
DBUser=zabbixmaster DBUser=<%= @credentials['username'] %>
### Option: DBPassword ### Option: DBPassword
# Database password. Ignored for SQLite. # Database password. Ignored for SQLite.
@ -105,7 +105,7 @@ DBUser=zabbixmaster
# #
# Mandatory: no # Mandatory: no
# Default: # Default:
DBPassword=<%= @DBPassword %> DBPassword=<%= @credentials['password'] %>
### Option: DBSocket ### Option: DBSocket
# Path to MySQL socket. # Path to MySQL socket.

View file

@ -1,5 +1,6 @@
{ {
"id": "zabbix", "id": "zabbix",
"postgres": "password", "username": "zabbix",
"server": "password" "password": "password",
"database": "zabbix"
} }