From de2f0875170aa2ceca144b5e01dc80a32044f3ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Geir=20R=C3=A5ness?= Date: Tue, 5 Mar 2024 06:52:04 +0100 Subject: [PATCH] Add and remove Zabbix 6.0 + 6.4 options (HA mode, StatsAllowedIP, ProxyConfigFrequency, HeartbeatFrequency) (#921) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add StatsAllowedIP for proxy and server * make value optional * remove ServerPort for proxy for versions below 6.0 - its deprecated * Add Zabbix 6.0 and 6.4 changes * add reference for statsallowedip * fix proxy--statsallowedip reference * add statsallowedip to params * add reference for HA (nodename + nodeaddress) * run strings:generate:reference * attempt to rewrite web_spec.rb checks * adjust web_spec.rb * fix context * remove emptyline --------- Co-authored-by: Geir RĂ¥ness --- REFERENCE.md | 48 ++++++++++++++++++++++++++++++- manifests/params.pp | 5 ++++ manifests/proxy.pp | 4 +++ manifests/server.pp | 6 ++++ spec/classes/web_spec.rb | 23 ++++++++++++++- templates/web/zabbix.conf.php.erb | 2 ++ templates/zabbix_proxy.conf.erb | 30 +++++++++++++++++++ templates/zabbix_server.conf.erb | 40 ++++++++++++++++++++++++++ 8 files changed, 156 insertions(+), 2 deletions(-) mode change 100644 => 100755 manifests/params.pp mode change 100644 => 100755 manifests/proxy.pp mode change 100644 => 100755 manifests/server.pp mode change 100644 => 100755 templates/web/zabbix.conf.php.erb mode change 100644 => 100755 templates/zabbix_proxy.conf.erb mode change 100644 => 100755 templates/zabbix_server.conf.erb diff --git a/REFERENCE.md b/REFERENCE.md index 22a1ed425..39fe359d8 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -2545,6 +2545,7 @@ The following parameters are available in the `zabbix::proxy` class: * [`offlinebuffer`](#-zabbix--proxy--offlinebuffer) * [`heartbeatfrequency`](#-zabbix--proxy--heartbeatfrequency) * [`configfrequency`](#-zabbix--proxy--configfrequency) +* [`proxyconfigfrequency`](#-zabbix--proxy--proxyconfigfrequency) * [`datasenderfrequency`](#-zabbix--proxy--datasenderfrequency) * [`startpollers`](#-zabbix--proxy--startpollers) * [`startpreprocessors`](#-zabbix--proxy--startpreprocessors) @@ -2600,6 +2601,7 @@ The following parameters are available in the `zabbix::proxy` class: * [`fpinglocation`](#-zabbix--proxy--fpinglocation) * [`fping6location`](#-zabbix--proxy--fping6location) * [`sshkeylocation`](#-zabbix--proxy--sshkeylocation) +* [`statsallowedip`](#-zabbix--proxy--statsallowedip) * [`sslcalocation_dir`](#-zabbix--proxy--sslcalocation_dir) * [`sslcertlocation_dir`](#-zabbix--proxy--sslcertlocation_dir) * [`sslkeylocation_dir`](#-zabbix--proxy--sslkeylocation_dir) @@ -3004,6 +3006,14 @@ How often proxy retrieves configuration data from Zabbix Server in seconds. Default value: `$zabbix::params::proxy_configfrequency` +##### `proxyconfigfrequency` + +Data type: `Optional[Integer[1,604800]]` + +How often proxy retrieves configuration data from Zabbix Server in seconds (Zabbix 6.4). + +Default value: `$zabbix::params::proxy_proxyconfigfrequency` + ##### `datasenderfrequency` Data type: `Any` @@ -3452,6 +3462,14 @@ Location of public and private keys for ssh checks and actions. Default value: `$zabbix::params::proxy_sshkeylocation` +##### `statsallowedip` + +Data type: `Optional[String[1]]` + +list of allowed ipadresses that can access the internal stats of zabbix proxy over network + +Default value: `$zabbix::params::proxy_statsallowedip` + ##### `sslcalocation_dir` Data type: `Optional[Stdlib::Absolutepath]` @@ -4009,6 +4027,7 @@ The following parameters are available in the `zabbix::server` class: * [`proxydatafrequency`](#-zabbix--server--proxydatafrequency) * [`allowroot`](#-zabbix--server--allowroot) * [`include_dir`](#-zabbix--server--include_dir) +* [`statsallowedip`](#-zabbix--server--statsallowedip) * [`loadmodulepath`](#-zabbix--server--loadmodulepath) * [`loadmodule`](#-zabbix--server--loadmodule) * [`sslcertlocation_dir`](#-zabbix--server--sslcertlocation_dir) @@ -4018,6 +4037,8 @@ The following parameters are available in the `zabbix::server` class: * [`zabbix_user`](#-zabbix--server--zabbix_user) * [`manage_startup_script`](#-zabbix--server--manage_startup_script) * [`socketdir`](#-zabbix--server--socketdir) +* [`hanodename`](#-zabbix--server--hanodename) +* [`nodeaddress`](#-zabbix--server--nodeaddress) ##### `database_type` @@ -4832,6 +4853,14 @@ You may include individual files or all files in a directory in the configuratio Default value: `$zabbix::params::server_include` +##### `statsallowedip` + +Data type: `Optional[String[1]]` + +list of allowed ipadresses that can access the internal stats of zabbix server over network + +Default value: `$zabbix::params::server_statsallowedip` + ##### `loadmodulepath` Data type: `Any` @@ -4900,10 +4929,27 @@ Default value: `$zabbix::params::manage_startup_script` Data type: `Optional[Stdlib::Absolutepath]` + + +Default value: `$zabbix::params::server_socketdir` + +##### `hanodename` + +Data type: `Optional[String[1]]` + +Node name identifier in HA setup + +Default value: `$zabbix::params::server_hanodename` + +##### `nodeaddress` + +Data type: `Optional[String[1]]` + +Connection details to the HA node, used to check if zabbix-web can talk to zabbix server IPC socket directory. Directory to store IPC sockets used by internal Zabbix services. -Default value: `$zabbix::params::server_socketdir` +Default value: `$zabbix::params::server_nodeaddress` ### `zabbix::userparameter` diff --git a/manifests/params.pp b/manifests/params.pp old mode 100644 new mode 100755 index 5e7665a23..7b2c0c9b5 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -260,6 +260,7 @@ $server_starttimers = '1' $server_starttrappers = '5' $server_startvmwarecollectors = '0' + $server_statsallowedip = undef $server_timeout = '3' $server_database_tlsconnect = undef $server_database_tlscafile = undef @@ -291,6 +292,8 @@ $server_vmwarefrequency = '60' $server_vmwaretimeout = undef $server_socketdir = undef + $server_hanodename = undef + $server_nodeaddress = undef # Agent specific params $agent_allowroot = '0' @@ -367,6 +370,7 @@ $proxy_cachesize = '32M' $proxy_configfile_path = '/etc/zabbix/zabbix_proxy.conf' $proxy_configfrequency = '3600' + $proxy_proxyconfigfrequency = undef $proxy_database_host = 'localhost' $proxy_database_name = 'zabbix_proxy' $proxy_database_password = 'zabbix-proxy' @@ -425,6 +429,7 @@ $proxy_startpreprocessors = 3 $proxy_starttrappers = '5' $proxy_startvmwarecollectors = '0' + $proxy_statsallowedip = undef $proxy_timeout = '3' $proxy_database_tlsconnect = undef $proxy_database_tlscafile = undef diff --git a/manifests/proxy.pp b/manifests/proxy.pp old mode 100644 new mode 100755 index 68ddf6f38..6fe3285f3 --- a/manifests/proxy.pp +++ b/manifests/proxy.pp @@ -59,6 +59,7 @@ # @param offlinebuffer Proxy will keep data for N hours in case if no connectivity with Zabbix Server # @param heartbeatfrequency Unique nodeid in distributed setup. # @param configfrequency How often proxy retrieves configuration data from Zabbix Server in seconds. +# @param proxyconfigfrequency How often proxy retrieves configuration data from Zabbix Server in seconds (Zabbix 6.4). # @param datasenderfrequency Proxy will send collected data to the Server every N seconds. # @param startpollers Number of pre-forked instances of pollers. # @param startpreprocessors Number of pre-forked instances of preprocessing workers @@ -130,6 +131,7 @@ # @param fpinglocation Location of fping. # @param fping6location Location of fping6. # @param sshkeylocation Location of public and private keys for ssh checks and actions. +# @param statsallowedip list of allowed ipadresses that can access the internal stats of zabbix proxy over network # @param sslcalocation_dir Location of certificate authority (CA) files for SSL server certificate verification. # @param sslcertlocation_dir Location of SSL client certificate files for client authentication. # @param sslkeylocation_dir Location of SSL private key files for client authentication. @@ -235,6 +237,7 @@ $offlinebuffer = $zabbix::params::proxy_offlinebuffer, $heartbeatfrequency = $zabbix::params::proxy_heartbeatfrequency, $configfrequency = $zabbix::params::proxy_configfrequency, + Optional[Integer[1,604800]] $proxyconfigfrequency = $zabbix::params::proxy_proxyconfigfrequency, $datasenderfrequency = $zabbix::params::proxy_datasenderfrequency, $startpollers = $zabbix::params::proxy_startpollers, $startipmipollers = $zabbix::params::proxy_startipmipollers, @@ -290,6 +293,7 @@ $fpinglocation = $zabbix::params::proxy_fpinglocation, $fping6location = $zabbix::params::proxy_fping6location, $sshkeylocation = $zabbix::params::proxy_sshkeylocation, + Optional[String[1]] $statsallowedip = $zabbix::params::proxy_statsallowedip, $logslowqueries = $zabbix::params::proxy_logslowqueries, $tmpdir = $zabbix::params::proxy_tmpdir, $allowroot = $zabbix::params::proxy_allowroot, diff --git a/manifests/server.pp b/manifests/server.pp old mode 100644 new mode 100755 index 7b53b1aa7..f6e71e618 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -131,6 +131,7 @@ # @param proxydatafrequency How often zabbix server requests history data from a zabbix proxy in seconds. # @param allowroot Allow the server to run as 'root'. # @param include_dir You may include individual files or all files in a directory in the configuration file. +# @param statsallowedip list of allowed ipadresses that can access the internal stats of zabbix server over network # @param loadmodulepath Full path to location of server modules. # @param loadmodule Module to load at server startup. # @param sslcertlocation_dir Location of SSL client certificate files for client authentication. @@ -140,6 +141,8 @@ # @param zabbix_user User the zabbix service will run as. # @param manage_startup_script If the init script should be managed by this module. Attention: This might cause problems with some config options of this module (e.g server_configfile_path) # @param socketdir +# @param hanodename Node name identifier in HA setup +# @param nodeaddress Connection details to the HA node, used to check if zabbix-web can talk to zabbix server # IPC socket directory. # Directory to store IPC sockets used by internal Zabbix services. # @example @@ -268,12 +271,15 @@ $loadmodule = $zabbix::params::server_loadmodule, $sslcertlocation_dir = $zabbix::params::server_sslcertlocation, $sslkeylocation_dir = $zabbix::params::server_sslkeylocation, + Optional[String[1]] $statsallowedip = $zabbix::params::server_statsallowedip, Boolean $manage_selinux = $zabbix::params::manage_selinux, String $additional_service_params = $zabbix::params::additional_service_params, Optional[String[1]] $zabbix_user = $zabbix::params::server_zabbix_user, Boolean $manage_startup_script = $zabbix::params::manage_startup_script, Optional[Stdlib::Absolutepath] $socketdir = $zabbix::params::server_socketdir, Optional[Stdlib::HTTPUrl] $webserviceurl = undef, + Optional[String[1]] $hanodename = $zabbix::params::server_hanodename, + Optional[String[1]] $nodeaddress = $zabbix::params::server_nodeaddress, ) inherits zabbix::params { # zabbix server 5.2, 5.4 and 6.0 is not supported on RHEL 7. # https://www.zabbix.com/documentation/current/manual/installation/install_from_packages/rhel_centos diff --git a/spec/classes/web_spec.rb b/spec/classes/web_spec.rb index 63322dfeb..101b47bb3 100644 --- a/spec/classes/web_spec.rb +++ b/spec/classes/web_spec.rb @@ -195,7 +195,7 @@ class { 'apache': it { is_expected.to contain_apache__vhost('zabbix.example.com').with_name('zabbix.example.com') } - context 'with database_* settings' do + context 'with database_* settings and zabbix_version 6.0' do let :params do super().merge( database_host: 'localhost', @@ -209,6 +209,27 @@ class { 'apache': ) end + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['SERVER'\] = 'localhost'}) } + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['DATABASE'\] = 'zabbix-server'}) } + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['USER'\] = 'zabbix-server'}) } + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['PASSWORD'\] = 'zabbix-server'}) } + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$ZBX_SERVER_NAME = 'localhost'}) } + end + + context 'with database_* settings and zabbix_version 5.0' do + let :params do + super().merge( + database_host: 'localhost', + database_name: 'zabbix-server', + database_user: 'zabbix-server', + database_password: 'zabbix-server', + zabbix_server: 'localhost', + zabbix_listenport: '3306', + zabbix_server_name: 'localhost', + zabbix_version: '5.0' + ) + end + it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['SERVER'\] = 'localhost'}) } it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['DATABASE'\] = 'zabbix-server'}) } it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['USER'\] = 'zabbix-server'}) } diff --git a/templates/web/zabbix.conf.php.erb b/templates/web/zabbix.conf.php.erb old mode 100644 new mode 100755 index a2666fa9c..930e4110e --- a/templates/web/zabbix.conf.php.erb +++ b/templates/web/zabbix.conf.php.erb @@ -26,8 +26,10 @@ $DB['SCHEMA'] = ''; $DB['DOUBLE_IEEE754'] = 'true'; <% end -%> +<% if @zabbix_version.to_f < 6.0 -%> $ZBX_SERVER = '<%= @zabbix_server %>'; $ZBX_SERVER_PORT = '<%= @zabbix_listenport %>'; +<% end -%> $ZBX_SERVER_NAME = '<%= @zabbix_server_name %>'; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; diff --git a/templates/zabbix_proxy.conf.erb b/templates/zabbix_proxy.conf.erb old mode 100644 new mode 100755 index 49518a96d..b405c4ad0 --- a/templates/zabbix_proxy.conf.erb +++ b/templates/zabbix_proxy.conf.erb @@ -17,11 +17,13 @@ ProxyMode=<%= @mode %> # Server=<%= @zabbix_server_host %> +<% if @zabbix_version.to_f < 6.0 %> ### Option: ServerPort # Port of Zabbix trapper on Zabbix server. # For a proxy in the passive mode this parameter will be ignored. # ServerPort=<%= @zabbix_server_port %> +<% end %> ### Option: Hostname # Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! @@ -162,6 +164,7 @@ ProxyLocalBuffer=<%= @localbuffer %> # ProxyOfflineBuffer=<%= @offlinebuffer %> +<% if @zabbix_version.to_f < 6.4 %> ### Option: HeartbeatFrequency # Frequency of heartbeat messages in seconds. # Used for monitoring availability of Proxy on server side. @@ -175,6 +178,19 @@ HeartbeatFrequency=<%= @heartbeatfrequency %> # For a proxy in the passive mode this parameter will be ignored. # ConfigFrequency=<%= @configfrequency %> +<% end %> + +<% if @zabbix_version.to_f >= 6.4 %> +### Option: ProxyConfigFrequency +# How often proxy retrieves configuration data from Zabbix Server in seconds. +# For a proxy in the passive mode this parameter will be ignored. +# +# Mandatory: no +# Range: 1-3600*24*7 +# Default: +# ProxyConfigFrequency=10 +<% if @proxyconfigfrequency %>ProxyConfigFrequency=<%= @proxyconfigfrequency %><% end %> +<% end %> ### Option: DataSenderFrequency # Proxy will send collected data to the Server every N seconds. @@ -457,6 +473,20 @@ LoadModulePath=<%= @loadmodulepath %> # <% if @loadmodule %>LoadModule=<%= @loadmodule %><% end %> +### Option: StatsAllowedIP +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. +# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests +# will be accepted. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: no +# Default: +# StatsAllowedIP= +<% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %> + ####### TLS-RELATED PARAMETERS ####### ### Option: TLSConnect diff --git a/templates/zabbix_server.conf.erb b/templates/zabbix_server.conf.erb old mode 100644 new mode 100755 index 5392ddcd5..55de220c1 --- a/templates/zabbix_server.conf.erb +++ b/templates/zabbix_server.conf.erb @@ -447,6 +447,20 @@ SSLKeyLocation=<%= @sslkeylocation_dir %> # <% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %> +### Option: StatsAllowedIP +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. +# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests +# will be accepted. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: no +# Default: +# StatsAllowedIP= +<% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %> + ####### LOADABLE MODULES ####### ### Option: LoadModulePath @@ -676,3 +690,29 @@ LoadModulePath=<%= @loadmodulepath %> # WebServiceURL= <% if @webserviceurl %>WebServiceURL=<%= @webserviceurl -%><% end %> <% end %> + +<% if @zabbix_version.to_f >= 6.0 %> +####### High availability cluster parameters ####### + +## Option: HANodeName +# The high availability cluster node name. +# When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. +# +# Mandatory: no +# Default: +# HANodeName= +<% if @hanodename %>HANodeName=<%= @hanodename -%><% end %> + +## Option: NodeAddress +# IP or hostname with optional port to specify how frontend should connect to the server. +# Format:
[:] +# +# If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used. +# If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used. +# This option can be overridden by address specified in frontend configuration. +# +# Mandatory: no +# Default: +# NodeAddress=localhost:10051 +<% if @nodeaddress %>NodeAddress=<%= @nodeaddress -%><% end %> +<% end %> \ No newline at end of file