From cc7abedd236a7cadd28b4b9420a889bdaefdb27b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Deckert?= Date: Mon, 19 Apr 2021 19:22:09 +0200 Subject: [PATCH] zabbix: add sendxmpp, better firstboot --- zabbix/Makefile | 5 +- zabbix/appliance/02firstboot.start | 256 ++++++++++++++++++----------- zabbix/world | 1 + 3 files changed, 163 insertions(+), 99 deletions(-) diff --git a/zabbix/Makefile b/zabbix/Makefile index 889e4b2..761b703 100644 --- a/zabbix/Makefile +++ b/zabbix/Makefile @@ -1,13 +1,14 @@ -02firstboot = $(CHROOT)/etc/local.d/02firstboot.start +02firstboot = $(CHROOT)/usr/local/bin/02firstboot.start cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh zabbix-userparameter = $(CHROOT)/var/lib/zabbix/userparameter_mysql.conf systemd-units: appliance/MySQL-Backup.sh appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer + mkdir -p $(CHROOT)/usr/local/bin cp appliance/MySQL-Backup.sh $(CHROOT)/usr/local/bin/ cp appliance/backup.service appliance/backup.timer appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/ $(02firstboot): appliance/02firstboot.start - mkdir -p $(CHROOT)/etc/local.d + mkdir -p $(CHROOT)/usr/local/bin cp $< $@ touch $(CHROOT)/02firstboot diff --git a/zabbix/appliance/02firstboot.start b/zabbix/appliance/02firstboot.start index e046cc0..417390a 100755 --- a/zabbix/appliance/02firstboot.start +++ b/zabbix/appliance/02firstboot.start @@ -13,122 +13,184 @@ set -e [ -e /01firstboot ] && exit 0 [ -e /02firstboot ] || exit 0 -# Zabbix configuration -if [ ! -d "/$LABEL/etc/zabbix" ]; then - echo 'Create Zabbix Server config...' - mkdir -p /$LABEL/etc/zabbix - chown zabbix:zabbix /$LABEL/etc/zabbix - cp /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig - mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf - ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf - sed -i "s:# DBPassword=:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_server.conf - - echo 'Create Zabbix Frontend config...' - mkdir -p /$LABEL/var/www/localhost/htdocs/zabbix/conf - cp /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig - mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php - ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php - sed -i "s:\$DB\['PASSWORD'\].*:\$DB\['PASSWORD'\] = '${DATABASE_PASS}';:" /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php +# Select type +if [ -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then + zabbixtype="server" +elif [ -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then + zabbixtype="proxy" else - if [ ! -L /etc/zabbix/zabbix_server.conf ]; then - rm -rf /$LABEL/etc/zabbix/zabbix_server.conf.orig - mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig - else - rm -rf /etc/zabbix/zabbix_server.conf - fi - ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf + echo + echo "Should the new appliance be configured as a server or a proxy?" + while read -n1 -r -p "choose [s]erver|[p]roxy: "; do + case $REPLY in + s|S) zabbixtype="server" + break + ;; + p|P) zabbixtype="proxy" + break + ;; + *) echo " (Invalid option, choose again...)" + ;; + esac + done + echo +fi - if [ ! -L /var/www/localhost/htdocs/zabbix/conf ]; then - rm -rf /$LABEL/var/www/localhost/htdocs/zabbix/conf.orig - mv /var/www/localhost/htdocs/zabbix/conf /$LABEL/var/www/localhost/htdocs/zabbix/conf.orig - else - rm -rf /var/www/localhost/htdocs/zabbix/conf +# Zabbix configuration +if [ "$zabbixtype" == "server" ]; then + if [ ! -L /etc/zabbix/zabbix_server.conf ]; then + if [ ! -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then + echo 'Create Zabbix Server config...' + mkdir -p /$LABEL/etc/zabbix + cp /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf + mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig + chown -R zabbix:zabbix /$LABEL/etc/zabbix + ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf + else + echo 'Linking Zabbix Server config...' + cp /$LABEL/etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.alt + rm -f /$LABEL/etc/zabbix/zabbix_server.conf.orig + mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig + chown -R zabbix:zabbix /$LABEL/etc/zabbix + ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf + fi + fi +else + if [ ! -L /etc/zabbix/zabbix_proxy.conf ]; then + if [ ! -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then + echo 'Create Zabbix Proxy config...' + mkdir -p /$LABEL/etc/zabbix + chown zabbix:zabbix /$LABEL/etc/zabbix + cp /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf + mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig + sed -i "s:^DBName=.*:DBName=zabbix:" /$LABEL/etc/zabbix/zabbix_proxy.conf + chown -R zabbix:zabbix /$LABEL/etc/zabbix + ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf + else + echo 'Linking Zabbix Proxy config...' + cp /$LABEL/etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.alt + rm -f /$LABEL/etc/zabbix/zabbix_proxy.conf.orig + mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig + chown -R zabbix:zabbix /$LABEL/etc/zabbix + ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf + fi + fi +fi + +if [ "$zabbixtype" == "server" ]; then + if [ ! -L /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php ]; then + if [ ! -f "/$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php" ]; then + echo 'Create Zabbix Frontend config...' + mkdir -p /$LABEL/var/www/localhost/htdocs/zabbix/conf + cp /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php + mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig + ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php + else + echo 'Linking Zabbix Frontend config...' + cp /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.alt + rm -f /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig + mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig + ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php + fi fi - ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf /var/www/localhost/htdocs/zabbix/conf fi # Database -systemctl stop mariadb -if [ ! -d "/$LABEL/var/lib/mysql/zabbix" ]; then - echo 'Initialize MariaDB...' - mkdir -p "/$LABEL/var/lib" - rm -rf "/$LABEL/var/lib/mysql" - if [ ! -L /var/lib/mysql ]; then - rm -rf "/$LABEL/var/lib/mysql.orig" - cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" - mv "/var/lib/mysql" "/$LABEL/var/lib/mysql" - ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" - elif [ -d "/$LABEL/var/lib/mysql.orig" ]; then - cp -a "/$LABEL/var/lib/mysql.orig" "/$LABEL/var/lib/mysql" - rm -rf "/var/lib/mysql" +if [ ! -L /var/lib/mysql ]; then + systemctl stop mariadb + if [ ! -d "/$LABEL/var/lib/mysql/zabbix" ]; then + echo 'Initialize MariaDB...' + mkdir -p "/$LABEL/var/lib" + rm -rf "/$LABEL/var/lib/mysql" + cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql" + mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" + systemctl start mariadb + sleep 5 + + echo 'Create Zabbix database...' + mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY '$DATABASE_PASS'" + mysql -u root -e "CREATE DATABASE zabbix DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;" + mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" + mysql -u root -e "FLUSH PRIVILEGES;" + + echo 'Import Zabbix MySQL data' + mysql -u root zabbix < /usr/share/zabbix/database/mysql/schema.sql + if [ "$zabbixtype" == "server" ]; then + mysql -u root zabbix < /usr/share/zabbix/database/mysql/images.sql + mysql -u root zabbix < /usr/share/zabbix/database/mysql/data.sql + fi else - echo '### ERROR initialize database !!! ###' - exit 1 - fi - systemctl start mariadb - sleep 5 - - echo 'Create Zabbix database...' - mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY '$DATABASE_PASS'" - mysql -u root -e "CREATE DATABASE zabbix DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;" - mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" - mysql -u root -e "FLUSH PRIVILEGES;" - - echo 'Import Zabbix MySQL data' - mysql -u root zabbix < /usr/share/zabbix/database/mysql/schema.sql - mysql -u root zabbix < /usr/share/zabbix/database/mysql/images.sql - mysql -u root zabbix < /usr/share/zabbix/database/mysql/data.sql -else - echo 'Start MariaDB...' - if [ ! -L /var/lib/mysql ]; then + echo 'Start MariaDB...' rm -rf "/$LABEL/var/lib/mysql.orig" mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" - else - rm -f "/var/lib/mysql" + ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" + systemctl start mariadb + sleep 5 + mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" fi - ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" - systemctl start mariadb -fi - -if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then - # angepaßtes Zertifikat vorhanden (kein example) - if [ ! -L /etc/ssl/cert-renew.sh ]; then - rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig" - mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig" - else - rm -f "/etc/ssl/cert-renew.sh" - fi - ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh" else - echo 'Create example certificate...' - mkdir -p "/$LABEL/CERTS/KEYS/" - mkdir -p "/$LABEL/CERTS/$HOST.$TLD" - echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" - openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" - cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" - touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" + echo 'Set new database password...' + systemctl restart mariadb + sleep 5 + mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" +fi +# update config with new database password +if [ "$zabbixtype" == "server" ]; then + sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_server.conf + sed -i "s:\$DB\['PASSWORD'\].*:\$DB\['PASSWORD'\] = '${DATABASE_PASS}';:" /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php +else + sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_proxy.conf fi -rm -rf /etc/ssl/apache2 -mkdir -p /etc/ssl -ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" +# Certificate +if [ "$zabbixtype" == "server" ]; then + if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then + # angepaßtes Zertifikat vorhanden (kein example) + if [ ! -L /etc/ssl/cert-renew.sh ]; then + rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig" + mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig" + else + rm -f "/etc/ssl/cert-renew.sh" + fi + ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh" + else + echo 'Create example certificate...' + mkdir -p "/$LABEL/CERTS/KEYS/" + mkdir -p "/$LABEL/CERTS/$HOST.$TLD" + echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" + openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" + cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" + touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" + fi -/etc/ssl/cert-renew.sh + rm -rf /etc/ssl/apache2 + mkdir -p /etc/ssl + ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" + + /etc/ssl/cert-renew.sh +fi systemctl enable mariadb -systemctl enable zabbix-server systemctl enable zabbix-agentd -systemctl enable apache2 +if [ "$zabbixtype" == "server" ]; then + systemctl enable zabbix-server + systemctl enable apache2 +else + systemctl enable zabbix-proxy +fi -systemctl restart zabbix-server systemctl restart zabbix-agentd -systemctl restart apache2 +if [ "$zabbixtype" == "server" ]; then + systemctl restart zabbix-server + systemctl restart apache2 +else + systemctl restart zabbix-proxy +fi rm /02firstboot - diff --git a/zabbix/world b/zabbix/world index 5ac46c0..230718b 100644 --- a/zabbix/world +++ b/zabbix/world @@ -12,6 +12,7 @@ net-analyzer/net-snmp net-analyzer/nmap net-analyzer/snmptt net-dns/bind-tools +net-im/sendxmpp net-misc/netkit-telnetd sys-apps/ipmitool sys-libs/openipmi