VA
/
appliances
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity

zabbix: add sendxmpp, better firstboot

This commit is contained in:
Jörg Deckert 2021-04-19 19:22:09 +02:00
parent fe12d020be
commit cc7abedd23
3 changed files with 163 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
zabbix/Makefile
View File

@ -1,13 +1,14 @@
02firstboot = $(CHROOT)/etc/local.d/02firstboot.start
02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
zabbix-userparameter = $(CHROOT)/var/lib/zabbix/userparameter_mysql.conf
systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer
mkdir -p $(CHROOT)/usr/local/bin
cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/
cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
$(02firstboot): appliance/02firstboot.start
mkdir -p $(CHROOT)/etc/local.d
mkdir -p $(CHROOT)/usr/local/bin
cp $< $@
touch $(CHROOT)/02firstboot

256
zabbix/appliance/02firstboot.start
View File

@ -13,122 +13,184 @@ set -e
[ -e /01firstboot ] && exit 0
[ -e /02firstboot ] || exit 0
# Zabbix configuration
if [ ! -d "/$LABEL/etc/zabbix" ]; then
echo 'Create Zabbix Server config...'
mkdir -p /$LABEL/etc/zabbix
chown zabbix:zabbix /$LABEL/etc/zabbix
cp /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig
mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf
ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf
sed -i "s:# DBPassword=:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_server.conf
echo 'Create Zabbix Frontend config...'
mkdir -p /$LABEL/var/www/localhost/htdocs/zabbix/conf
cp /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig
mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
sed -i "s:\$DB\['PASSWORD'\].*:\$DB\['PASSWORD'\] = '${DATABASE_PASS}';:" /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
# Select type
if [ -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then
zabbixtype="server"
elif [ -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then
zabbixtype="proxy"
else
if [ ! -L /etc/zabbix/zabbix_server.conf ]; then
rm -rf /$LABEL/etc/zabbix/zabbix_server.conf.orig
mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig
else
rm -rf /etc/zabbix/zabbix_server.conf
fi
ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf
echo
echo "Should the new appliance be configured as a server or a proxy?"
while read -n1 -r -p "choose [s]erver|[p]roxy: "; do
case $REPLY in
s|S) zabbixtype="server"
break
;;
p|P) zabbixtype="proxy"
break
;;
*) echo " (Invalid option, choose again...)"
;;
esac
done
echo
fi
if [ ! -L /var/www/localhost/htdocs/zabbix/conf ]; then
rm -rf /$LABEL/var/www/localhost/htdocs/zabbix/conf.orig
mv /var/www/localhost/htdocs/zabbix/conf /$LABEL/var/www/localhost/htdocs/zabbix/conf.orig
else
rm -rf /var/www/localhost/htdocs/zabbix/conf
# Zabbix configuration
if [ "$zabbixtype" == "server" ]; then
if [ ! -L /etc/zabbix/zabbix_server.conf ]; then
if [ ! -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then
echo 'Create Zabbix Server config...'
mkdir -p /$LABEL/etc/zabbix
cp /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf
mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig
chown -R zabbix:zabbix /$LABEL/etc/zabbix
ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf
else
echo 'Linking Zabbix Server config...'
cp /$LABEL/etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.alt
rm -f /$LABEL/etc/zabbix/zabbix_server.conf.orig
mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig
chown -R zabbix:zabbix /$LABEL/etc/zabbix
ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf
fi
fi
else
if [ ! -L /etc/zabbix/zabbix_proxy.conf ]; then
if [ ! -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then
echo 'Create Zabbix Proxy config...'
mkdir -p /$LABEL/etc/zabbix
chown zabbix:zabbix /$LABEL/etc/zabbix
cp /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf
mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig
sed -i "s:^DBName=.*:DBName=zabbix:" /$LABEL/etc/zabbix/zabbix_proxy.conf
chown -R zabbix:zabbix /$LABEL/etc/zabbix
ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf
else
echo 'Linking Zabbix Proxy config...'
cp /$LABEL/etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.alt
rm -f /$LABEL/etc/zabbix/zabbix_proxy.conf.orig
mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig
chown -R zabbix:zabbix /$LABEL/etc/zabbix
ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf
fi
fi
fi
if [ "$zabbixtype" == "server" ]; then
if [ ! -L /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php ]; then
if [ ! -f "/$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php" ]; then
echo 'Create Zabbix Frontend config...'
mkdir -p /$LABEL/var/www/localhost/htdocs/zabbix/conf
cp /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig
ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
else
echo 'Linking Zabbix Frontend config...'
cp /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.alt
rm -f /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig
mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig
ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
fi
fi
ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf /var/www/localhost/htdocs/zabbix/conf
fi
# Database
systemctl stop mariadb
if [ ! -d "/$LABEL/var/lib/mysql/zabbix" ]; then
echo 'Initialize MariaDB...'
mkdir -p "/$LABEL/var/lib"
rm -rf "/$LABEL/var/lib/mysql"
if [ ! -L /var/lib/mysql ]; then
rm -rf "/$LABEL/var/lib/mysql.orig"
cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
mv "/var/lib/mysql" "/$LABEL/var/lib/mysql"
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
elif [ -d "/$LABEL/var/lib/mysql.orig" ]; then
cp -a "/$LABEL/var/lib/mysql.orig" "/$LABEL/var/lib/mysql"
rm -rf "/var/lib/mysql"
if [ ! -L /var/lib/mysql ]; then
systemctl stop mariadb
if [ ! -d "/$LABEL/var/lib/mysql/zabbix" ]; then
echo 'Initialize MariaDB...'
mkdir -p "/$LABEL/var/lib"
rm -rf "/$LABEL/var/lib/mysql"
cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql"
mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
systemctl start mariadb
sleep 5
echo 'Create Zabbix database...'
mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY '$DATABASE_PASS'"
mysql -u root -e "CREATE DATABASE zabbix DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;"
mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
mysql -u root -e "FLUSH PRIVILEGES;"
echo 'Import Zabbix MySQL data'
mysql -u root zabbix < /usr/share/zabbix/database/mysql/schema.sql
if [ "$zabbixtype" == "server" ]; then
mysql -u root zabbix < /usr/share/zabbix/database/mysql/images.sql
mysql -u root zabbix < /usr/share/zabbix/database/mysql/data.sql
fi
else
echo '### ERROR initialize database !!! ###'
exit 1
fi
systemctl start mariadb
sleep 5
echo 'Create Zabbix database...'
mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY '$DATABASE_PASS'"
mysql -u root -e "CREATE DATABASE zabbix DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;"
mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
mysql -u root -e "FLUSH PRIVILEGES;"
echo 'Import Zabbix MySQL data'
mysql -u root zabbix < /usr/share/zabbix/database/mysql/schema.sql
mysql -u root zabbix < /usr/share/zabbix/database/mysql/images.sql
mysql -u root zabbix < /usr/share/zabbix/database/mysql/data.sql
else
echo 'Start MariaDB...'
if [ ! -L /var/lib/mysql ]; then
echo 'Start MariaDB...'
rm -rf "/$LABEL/var/lib/mysql.orig"
mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig"
else
rm -f "/var/lib/mysql"
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
systemctl start mariadb
sleep 5
mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
fi
ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql"
systemctl start mariadb
fi
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
# angepaßtes Zertifikat vorhanden (kein example)
if [ ! -L /etc/ssl/cert-renew.sh ]; then
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
else
rm -f "/etc/ssl/cert-renew.sh"
fi
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
else
echo 'Create example certificate...'
mkdir -p "/$LABEL/CERTS/KEYS/"
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
echo 'Set new database password...'
systemctl restart mariadb
sleep 5
mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';"
fi
# update config with new database password
if [ "$zabbixtype" == "server" ]; then
sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_server.conf
sed -i "s:\$DB\['PASSWORD'\].*:\$DB\['PASSWORD'\] = '${DATABASE_PASS}';:" /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php
else
sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_proxy.conf
fi
rm -rf /etc/ssl/apache2
mkdir -p /etc/ssl
ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
# Certificate
if [ "$zabbixtype" == "server" ]; then
if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then
# angepaßtes Zertifikat vorhanden (kein example)
if [ ! -L /etc/ssl/cert-renew.sh ]; then
rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig"
mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig"
else
rm -f "/etc/ssl/cert-renew.sh"
fi
ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh"
else
echo 'Create example certificate...'
mkdir -p "/$LABEL/CERTS/KEYS/"
mkdir -p "/$LABEL/CERTS/$HOST.$TLD"
echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf"
openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem"
cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem"
touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem"
fi
/etc/ssl/cert-renew.sh
rm -rf /etc/ssl/apache2
mkdir -p /etc/ssl
ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2"
/etc/ssl/cert-renew.sh
fi
systemctl enable mariadb
systemctl enable zabbix-server
systemctl enable zabbix-agentd
systemctl enable apache2
if [ "$zabbixtype" == "server" ]; then
systemctl enable zabbix-server
systemctl enable apache2
else
systemctl enable zabbix-proxy
fi
systemctl restart zabbix-server
systemctl restart zabbix-agentd
systemctl restart apache2
if [ "$zabbixtype" == "server" ]; then
systemctl restart zabbix-server
systemctl restart apache2
else
systemctl restart zabbix-proxy
fi
rm /02firstboot

1
zabbix/world
View File

@ -12,6 +12,7 @@ net-analyzer/net-snmp
net-analyzer/nmap
net-analyzer/snmptt
net-dns/bind-tools
net-im/sendxmpp
net-misc/netkit-telnetd
sys-apps/ipmitool
sys-libs/openipmi