#!/bin/bash # variables LABEL="DATA" DATABASE_PASS=$(head -c 300 /dev/urandom | tr -cd 'a-zA-Z0-9' | head -c 16) TLD="example.com" HOST="zabbix" ORGNAME="Zabbix example" # start set -e [ -e /01firstboot ] && exit 0 [ -e /02firstboot ] || exit 0 # Select type if [ -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then zabbixtype="server" elif [ -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then zabbixtype="proxy" else echo echo "Should the new appliance be configured as a server or a proxy?" while read -n1 -r -p "choose [s]erver|[p]roxy: "; do case $REPLY in s|S) zabbixtype="server" break ;; p|P) zabbixtype="proxy" break ;; *) echo " (Invalid option, choose again...)" ;; esac done echo fi # Zabbix configuration if [ "$zabbixtype" == "server" ]; then if [ ! -L /etc/zabbix/zabbix_server.conf ]; then if [ ! -f "/$LABEL/etc/zabbix/zabbix_server.conf" ]; then echo 'Create Zabbix Server config...' mkdir -p /$LABEL/etc/zabbix cp /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig chown -R zabbix:zabbix /$LABEL/etc/zabbix ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf else echo 'Linking Zabbix Server config...' cp /$LABEL/etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.alt rm -f /$LABEL/etc/zabbix/zabbix_server.conf.orig mv /etc/zabbix/zabbix_server.conf /$LABEL/etc/zabbix/zabbix_server.conf.orig chown -R zabbix:zabbix /$LABEL/etc/zabbix ln -s /$LABEL/etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf fi fi else if [ ! -L /etc/zabbix/zabbix_proxy.conf ]; then if [ ! -f "/$LABEL/etc/zabbix/zabbix_proxy.conf" ]; then echo 'Create Zabbix Proxy config...' mkdir -p /$LABEL/etc/zabbix chown zabbix:zabbix /$LABEL/etc/zabbix cp /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig sed -i "s:^DBName=.*:DBName=zabbix:" /$LABEL/etc/zabbix/zabbix_proxy.conf chown -R zabbix:zabbix /$LABEL/etc/zabbix ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf else echo 'Linking Zabbix Proxy config...' cp /$LABEL/etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.alt rm -f /$LABEL/etc/zabbix/zabbix_proxy.conf.orig mv /etc/zabbix/zabbix_proxy.conf /$LABEL/etc/zabbix/zabbix_proxy.conf.orig chown -R zabbix:zabbix /$LABEL/etc/zabbix ln -s /$LABEL/etc/zabbix/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf fi fi fi if [ "$zabbixtype" == "server" ]; then if [ ! -L /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php ]; then if [ ! -f "/$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php" ]; then echo 'Create Zabbix Frontend config...' mkdir -p /$LABEL/var/www/localhost/htdocs/zabbix/conf cp /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php else echo 'Linking Zabbix Frontend config...' cp /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.alt rm -f /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig mv /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php.orig ln -s /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php /var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php fi fi fi # Database if [ ! -L /var/lib/mysql ]; then systemctl stop mariadb if [ ! -d "/$LABEL/var/lib/mysql/zabbix" ]; then echo 'Initialize MariaDB...' mkdir -p "/$LABEL/var/lib" rm -rf "/$LABEL/var/lib/mysql" cp -a "/var/lib/mysql" "/$LABEL/var/lib/mysql" mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" systemctl start mariadb sleep 5 echo 'Create Zabbix database...' mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY '$DATABASE_PASS'" mysql -u root -e "CREATE DATABASE zabbix DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;" mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" mysql -u root -e "FLUSH PRIVILEGES;" echo 'Import Zabbix MySQL data' mysql -u root zabbix < /usr/share/zabbix/database/mysql/schema.sql if [ "$zabbixtype" == "server" ]; then mysql -u root zabbix < /usr/share/zabbix/database/mysql/images.sql mysql -u root zabbix < /usr/share/zabbix/database/mysql/data.sql fi else echo 'Start MariaDB...' rm -rf "/$LABEL/var/lib/mysql.orig" mv "/var/lib/mysql" "/$LABEL/var/lib/mysql.orig" ln -s "/$LABEL/var/lib/mysql" "/var/lib/mysql" systemctl start mariadb sleep 5 mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" fi else echo 'Set new database password...' systemctl restart mariadb sleep 5 mysql -u root -e "GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED by '$DATABASE_PASS';" fi # update config with new database password if [ "$zabbixtype" == "server" ]; then sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_server.conf sed -i "s:\$DB\['PASSWORD'\].*:\$DB\['PASSWORD'\] = '${DATABASE_PASS}';:" /$LABEL/var/www/localhost/htdocs/zabbix/conf/zabbix.conf.php else sed -i "s:.*DBPassword=.*:DBPassword=${DATABASE_PASS}:" /$LABEL/etc/zabbix/zabbix_proxy.conf fi # Certificate if [ "$zabbixtype" == "server" ]; then if [ -x "/$LABEL/etc/ssl/cert-renew.sh" ]; then # angepaßtes Zertifikat vorhanden (kein example) if [ ! -L /etc/ssl/cert-renew.sh ]; then rm -f "/$LABEL/etc/ssl/cert-renew.sh.orig" mv "/etc/ssl/cert-renew.sh" "/$LABEL/etc/ssl/cert-renew.sh.orig" else rm -f "/etc/ssl/cert-renew.sh" fi ln -s "/$LABEL/etc/ssl/cert-renew.sh" "/etc/ssl/cert-renew.sh" else echo 'Create example certificate...' mkdir -p "/$LABEL/CERTS/KEYS/" mkdir -p "/$LABEL/CERTS/$HOST.$TLD" echo "FQDN = $HOST.$TLD" > "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ORGNAME = $ORGNAME" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo "ALTNAMES = DNS:$HOST.$TLD , DNS:$TLD" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req ]\ndefault_bits = 4096\ndefault_md = sha256\nprompt = no\nencrypt_key = no\ndistinguished_name = dn\nreq_extensions = req_ext\ndefault_keyfile = ../KEYS/\$FQDN-key.pem\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ dn ]\nC = DE\nO = \$ORGNAME\nCN = \$FQDN\n" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" echo -e "\n[ req_ext ]\nsubjectAltName = \$ALTNAMES" >> "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" openssl req -x509 -new -config "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD.cnf" -out "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" -keyout "/$LABEL/CERTS/KEYS/$HOST.$TLD-key.pem" cp "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-cert.pem" "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-fullchain.pem" touch "/$LABEL/CERTS/$HOST.$TLD/$HOST.$TLD-chain.pem" fi rm -rf /etc/ssl/apache2 mkdir -p /etc/ssl ln -sf "/$LABEL/etc/ssl/apache2" "/etc/ssl/apache2" /etc/ssl/cert-renew.sh fi systemctl enable mariadb systemctl enable zabbix-agentd if [ "$zabbixtype" == "server" ]; then systemctl enable zabbix-server systemctl enable apache2 else systemctl enable zabbix-proxy fi systemctl restart zabbix-agentd if [ "$zabbixtype" == "server" ]; then systemctl restart zabbix-server systemctl restart apache2 else systemctl restart zabbix-proxy fi rm /02firstboot