Add parameter and default for Option SocketDir #723
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added the parameter socketdir to be able to override Option SocketDir in both zabbix_server.conf and zabbix_proxy.conf via an ENC (such as Foreman).
It was added in zabbix_server.conf for completeness, however, in Zabbix 5.0 the proxy service creates a Unix socket for preprocessing called zabbix_proxy_preprocessing.sock.
In the default location, /tmp, SELinux violations on creating the socket prevented the zabbix-proxy service from starting in my deployment on CentOS 7.
My workaround was to override SocketDir, which was added to zabbix_proxy.conf in 5.0, to change the directory that this socket is created in from the default to /var/run/zabbix.
Because it only exists when the service is running, /var/run seemed the appropriate place, and /var/run/zabbix already existed and had appropriate SELinux labels due to the agent and proxy PID files.
To resolve this issue without explicitly setting the parameter, I set the default for socketdir within zabbix::proxy to be /var/run/zabbix if zabbix_version is >= 5.0.
That seems a safe and sane enough default that works when both SELinux is enabled or disabled so that it's not necessary to do a boolean and comparison against both zabbix_version and facts('os.selinux.enabled').
kenyon
requested changes
Oct 24, 2020
Removes extra newline at end of zabbix_proxy.conf and zabbix_server.conf
I realized, after the fact, that the better code pattern rather than explicitly configuring the default value to the implied default is to omit it from the configuration file by the default by using a default of undef and conditional statements.
kenyon
approved these changes
Oct 26, 2020
bastelfreak
approved these changes
Oct 28, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes an issue that occurred after upgrading from Zabbix 4.0 to 5.0 that prevents the zabbix-proxy service from starting correctly.
Pull Request (PR) description
Add parameter and default for Option SocketDir
Added the parameter socketdir to be able to override Option SocketDir in both zabbix_server.conf and zabbix_proxy.conf via an ENC (such as Foreman).
It was added in zabbix_server.conf for completeness, however, in Zabbix 5.0 the proxy service creates a Unix socket for preprocessing called zabbix_proxy_preprocessing.sock.
In the default location, /tmp, SELinux violations on creating the socket prevented the zabbix-proxy service from starting in my deployment on CentOS 7.
My workaround was to override SocketDir, which was added to zabbix_proxy.conf in 5.0, to change the directory that this socket is created in from the default to /var/run/zabbix.
Because it only exists when the service is running, /var/run seemed the appropriate place, and /var/run/zabbix already existed and had appropriate SELinux labels due to the agent and proxy PID files.
To resolve this issue without explicitly setting the parameter, I set the default for socketdir within zabbix::proxy to be /var/run/zabbix if zabbix_version is >= 5.0.
That seems a safe and sane enough default that works when both SELinux is enabled or disabled so that it's not necessary to do a boolean and comparison against both zabbix_version and facts('os.selinux.enabled').
This Pull Request (PR) fixes the following issues
n/a