From 892e59371d2caffb9935f0de01fdc42444f5000f Mon Sep 17 00:00:00 2001 From: DEFERME Bert Date: Thu, 28 Jul 2022 13:23:49 +0200 Subject: [PATCH 1/4] Add sensitive support --- manifests/database.pp | 34 +- manifests/database/mysql.pp | 37 ++- manifests/database/postgresql.pp | 28 +- manifests/init.pp | 4 +- manifests/params.pp | 8 +- manifests/proxy.pp | 100 +++++- manifests/resources/web.pp | 8 +- manifests/server.pp | 107 +++++- manifests/web.pp | 123 ++++--- templates/api.conf.epp | 8 +- templates/web/zabbix.conf.php.epp | 83 +++++ templates/web/zabbix.conf.php.erb | 64 ---- ...x_proxy.conf.erb => zabbix_proxy.conf.epp} | 307 ++++++++++++------ ...server.conf.erb => zabbix_server.conf.epp} | 304 +++++++++++------ 14 files changed, 830 insertions(+), 385 deletions(-) create mode 100644 templates/web/zabbix.conf.php.epp delete mode 100644 templates/web/zabbix.conf.php.erb rename templates/{zabbix_proxy.conf.erb => zabbix_proxy.conf.epp} (58%) rename templates/{zabbix_server.conf.erb => zabbix_server.conf.epp} (57%) diff --git a/manifests/database.pp b/manifests/database.pp index cfa124094..4e1f49c79 100644 --- a/manifests/database.pp +++ b/manifests/database.pp @@ -64,23 +64,23 @@ # the zabbix_server and zabbix_web parameter. # @author Werner Dijkerman ikben@werner-dijkerman.nl class zabbix::database ( - $zabbix_type = 'server', - $zabbix_web = $zabbix::params::zabbix_web, - $zabbix_web_ip = $zabbix::params::zabbix_web_ip, - $zabbix_server = $zabbix::params::zabbix_server, - $zabbix_server_ip = $zabbix::params::zabbix_server_ip, - $zabbix_proxy = $zabbix::params::zabbix_proxy, - $zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip, - $manage_database = $zabbix::params::manage_database, - Zabbix::Databases $database_type = $zabbix::params::database_type, - $database_schema_path = $zabbix::params::database_schema_path, - $database_name = $zabbix::params::server_database_name, - $database_user = $zabbix::params::server_database_user, - $database_password = $zabbix::params::server_database_password, - $database_host = $zabbix::params::server_database_host, - $database_host_ip = $zabbix::params::server_database_host_ip, - $database_charset = $zabbix::params::server_database_charset, - $database_collate = $zabbix::params::server_database_collate, + $zabbix_type = 'server', + $zabbix_web = $zabbix::params::zabbix_web, + $zabbix_web_ip = $zabbix::params::zabbix_web_ip, + $zabbix_server = $zabbix::params::zabbix_server, + $zabbix_server_ip = $zabbix::params::zabbix_server_ip, + $zabbix_proxy = $zabbix::params::zabbix_proxy, + $zabbix_proxy_ip = $zabbix::params::zabbix_proxy_ip, + $manage_database = $zabbix::params::manage_database, + Zabbix::Databases $database_type = $zabbix::params::database_type, + $database_schema_path = $zabbix::params::database_schema_path, + $database_name = $zabbix::params::server_database_name, + $database_user = $zabbix::params::server_database_user, + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password, + $database_host = $zabbix::params::server_database_host, + $database_host_ip = $zabbix::params::server_database_host_ip, + $database_charset = $zabbix::params::server_database_charset, + $database_collate = $zabbix::params::server_database_collate, Optional[String[1]] $database_tablespace = $zabbix::params::server_database_tablespace, ) inherits zabbix::params { # So lets create the databases and load all files. This can only be diff --git a/manifests/database/mysql.pp b/manifests/database/mysql.pp index bf6a923dc..75c6d2412 100644 --- a/manifests/database/mysql.pp +++ b/manifests/database/mysql.pp @@ -11,18 +11,24 @@ # @param database_path Path to the database executable # @author Werner Dijkerman class zabbix::database::mysql ( - $zabbix_type = '', - $zabbix_version = $zabbix::params::zabbix_version, - $database_schema_path = '', - $database_name = '', - $database_user = '', - $database_password = '', - $database_host = '', - Optional[Stdlib::Port::Unprivileged] $database_port = undef, - $database_path = $zabbix::params::database_path, + $zabbix_type = '', + $zabbix_version = $zabbix::params::zabbix_version, + $database_schema_path = '', + $database_name = '', + $database_user = '', + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = '', + $database_host = '', + Optional[Stdlib::Port::Unprivileged] $database_port = undef, + $database_path = $zabbix::params::database_path, ) inherits zabbix::params { assert_private() + $database_password_unsensitive = if $database_password =~ Sensitive[String] { + $database_password.unwrap + } else { + $database_password + } + if ($database_schema_path == false) or ($database_schema_path == '') { if versioncmp($zabbix_version, '6.0') >= 0 { $schema_path = '/usr/share/zabbix-sql-scripts/mysql/' @@ -45,14 +51,14 @@ case $zabbix_type { 'proxy': { $zabbix_proxy_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? { - true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done", - false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done" + true => "cd ${schema_path} && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < proxy.sql && touch /etc/zabbix/.schema.done", + false => "cd ${schema_path} && if [ -f schema.sql.gz ]; then gunzip -f schema.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < schema.sql && touch /etc/zabbix/.schema.done" } } default: { $zabbix_server_create_sql = versioncmp($zabbix_version, '6.0') >= 0 ? { - true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done", - false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p'${database_password}' ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done" + true => "cd ${schema_path} && if [ -f server.sql.gz ]; then gunzip -f server.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < server.sql && touch /etc/zabbix/.schema.done", + false => "cd ${schema_path} && if [ -f create.sql.gz ]; then gunzip -f create.sql.gz ; fi && mysql -h '${database_host}' -u '${database_user}' -p\"\${database_password}\" ${port}-D '${database_name}' < create.sql && touch /etc/zabbix/.schema.done" } $zabbix_server_images_sql = 'touch /etc/zabbix/.images.done' $zabbix_server_data_sql = 'touch /etc/zabbix/.data.done' @@ -60,6 +66,7 @@ } # Loading the sql files. + $_mysql_env = [ "database_password=${database_password_unsensitive}" ] case $zabbix_type { 'proxy' : { exec { 'zabbix_proxy_create.sql': @@ -67,6 +74,7 @@ path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", unless => 'test -f /etc/zabbix/.schema.done', provider => 'shell', + environment => $_mysql_env, } } 'server' : { @@ -75,18 +83,21 @@ path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", unless => 'test -f /etc/zabbix/.schema.done', provider => 'shell', + environment => $_mysql_env, } -> exec { 'zabbix_server_images.sql': command => $zabbix_server_images_sql, path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", unless => 'test -f /etc/zabbix/.images.done', provider => 'shell', + environment => $_mysql_env, } -> exec { 'zabbix_server_data.sql': command => $zabbix_server_data_sql, path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", unless => 'test -f /etc/zabbix/.data.done', provider => 'shell', + environment => $_mysql_env, } } default : { diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index eb73c6588..cbeed173f 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -11,18 +11,24 @@ # @param database_path Path to the database executable # @author Werner Dijkerman class zabbix::database::postgresql ( - $zabbix_type = '', - $zabbix_version = $zabbix::params::zabbix_version, - $database_schema_path = '', - $database_name = '', - $database_user = '', - $database_password = '', - $database_host = '', - Stdlib::Port::Unprivileged $database_port = 5432, - $database_path = $zabbix::params::database_path, + $zabbix_type = '', + $zabbix_version = $zabbix::params::zabbix_version, + $database_schema_path = '', + $database_name = '', + $database_user = '', + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = undef, + $database_host = '', + Stdlib::Port::Unprivileged $database_port = 5432, + $database_path = $zabbix::params::database_path, ) inherits zabbix::params { assert_private() + $database_password_unsensitive = if $database_password =~ Sensitive[String] { + $database_password.unwrap + } else { + $database_password + } + if ($database_schema_path == false) or ($database_schema_path == '') { if member(['CentOS', 'RedHat', 'OracleLinux', 'VirtuozzoLinux'], $facts['os']['name']) { if versioncmp($zabbix_version, '6.0') >= 0 { @@ -63,9 +69,9 @@ } exec { 'update_pgpass': - command => "echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password} >> /root/.pgpass", + command => "echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass", path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => "grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password}\" /root/.pgpass", + unless => "grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass", require => File['/root/.pgpass'], } diff --git a/manifests/init.pp b/manifests/init.pp index 7a23864c2..66ba45a7e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -249,7 +249,7 @@ Optional[Stdlib::Absolutepath] $ldap_clientkey = $zabbix::params::ldap_clientkey, Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert, $zabbix_api_user = $zabbix::params::server_api_user, - $zabbix_api_pass = $zabbix::params::server_api_pass, + Optional[Variant[String[1], Sensitive[String[1]]]] $zabbix_api_pass = $zabbix::params::server_api_pass, $listenport = $zabbix::params::server_listenport, $sourceip = $zabbix::params::server_sourceip, Enum['console', 'file', 'system'] $logtype = $zabbix::params::server_logtype, @@ -262,7 +262,7 @@ $database_schema = $zabbix::params::server_database_schema, Boolean $database_double_ieee754 = $zabbix::params::server_database_double_ieee754, $database_user = $zabbix::params::server_database_user, - $database_password = $zabbix::params::server_database_password, + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password, $database_socket = $zabbix::params::server_database_socket, $database_port = $zabbix::params::server_database_port, $database_charset = $zabbix::params::server_database_charset, diff --git a/manifests/params.pp b/manifests/params.pp index 07470e85e..38639257f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -182,7 +182,7 @@ $ldap_clientcert = undef $ldap_clientkey = undef $ldap_reqcert = undef - $server_api_pass = 'zabbix' + $server_api_pass = Sensitive('zabbix') $server_api_user = 'Admin' $server_database_double_ieee754 = false $saml_sp_key = undef @@ -203,7 +203,7 @@ $server_database_host = 'localhost' $server_database_host_ip = '127.0.0.1' $server_database_name = 'zabbix_server' - $server_database_password = 'zabbix_server' + $server_database_password = Sensitive('zabbix_server') $server_database_port = undef $server_database_schema = undef $server_database_socket = undef @@ -240,6 +240,7 @@ $server_snmptrapperfile = '/tmp/zabbix_traps.tmp' $server_sourceip = undef $server_sshkeylocation = undef + $server_sslcalocation = undef $server_sslcertlocation = '/usr/lib/zabbix/ssl/certs' $server_sslkeylocation = '/usr/lib/zabbix/ssl/keys' $server_startdbsyncers = '4' @@ -288,6 +289,7 @@ $server_vaulturl = 'https://127.0.0.1:8200' $server_vmwarecachesize = '8M' $server_vmwarefrequency = '60' + $server_vmwareperffrequency = undef $server_vmwaretimeout = undef $server_socketdir = undef @@ -369,7 +371,7 @@ $proxy_configfrequency = '3600' $proxy_database_host = 'localhost' $proxy_database_name = 'zabbix_proxy' - $proxy_database_password = 'zabbix-proxy' + $proxy_database_password = Sensitive('zabbix-proxy') $proxy_database_port = undef $proxy_database_schema = undef $proxy_database_socket = undef diff --git a/manifests/proxy.pp b/manifests/proxy.pp index 741dbf8e6..0b8b3ab54 100644 --- a/manifests/proxy.pp +++ b/manifests/proxy.pp @@ -219,7 +219,7 @@ $database_name = $zabbix::params::proxy_database_name, $database_schema = $zabbix::params::proxy_database_schema, $database_user = $zabbix::params::proxy_database_user, - $database_password = $zabbix::params::proxy_database_password, + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::proxy_database_password, $database_socket = $zabbix::params::proxy_database_socket, $database_port = $zabbix::params::proxy_database_port, $database_charset = $zabbix::params::server_database_charset, @@ -507,7 +507,103 @@ mode => '0644', require => Package["zabbix-proxy-${db}"], replace => true, - content => template('zabbix/zabbix_proxy.conf.erb'), + content => Sensitive(epp('zabbix/zabbix_proxy.conf.epp', { + 'allowroot' => $allowroot, + 'cachesize' => $cachesize, + 'configfrequency' => $configfrequency, + 'database_host' => $database_host, + 'database_name' => $database_name, + 'database_password' => $database_password, + 'database_port' => $database_port, + 'database_schema' => $database_schema, + 'database_socket' => $database_socket, + 'database_tlscafile' => $database_tlscafile, + 'database_tlscertfile' => $database_tlscertfile, + 'database_tlscipher' => $database_tlscipher, + 'database_tlscipher13' => $database_tlscipher13, + 'database_tlsconnect' => $database_tlsconnect, + 'database_tlskeyfile' => $database_tlskeyfile, + 'database_user' => $database_user, + 'datasenderfrequency' => $datasenderfrequency, + 'debuglevel' => $debuglevel, + 'enableremotecommands' => $enableremotecommands, + 'externalscripts' => $externalscripts, + 'fping6location' => $fping6location, + 'fpinglocation' => $fpinglocation, + 'heartbeatfrequency' => $heartbeatfrequency, + 'historycachesize' => $historycachesize, + 'historyindexcachesize' => $historyindexcachesize, + 'hostname' => $hostname, + 'housekeepingfrequency' => $housekeepingfrequency, + 'include_dir' => $include_dir, + 'javagateway' => $javagateway, + 'javagatewayport' => $javagatewayport, + 'listenip' => $listenip, + 'listenport' => $listenport, + 'loadmodule' => $loadmodule, + 'loadmodulepath' => $loadmodulepath, + 'localbuffer' => $localbuffer, + 'logfile' => $logfile, + 'logfilesize' => $logfilesize, + 'logremotecommands' => $logremotecommands, + 'logslowqueries' => $logslowqueries, + 'logtype' => $logtype, + 'mode' => $mode, + 'offlinebuffer' => $offlinebuffer, + 'pidfile' => $pidfile, + 'snmptrapper' => $snmptrapper, + 'snmptrapperfile' => $snmptrapperfile, + 'socketdir' => $socketdir, + 'sourceip' => $sourceip, + 'sshkeylocation' => $sshkeylocation, + 'sslcalocation_dir' => $sslcalocation_dir, + 'sslcertlocation_dir' => $sslcertlocation_dir, + 'sslkeylocation_dir' => $sslkeylocation_dir, + 'startdbsyncers' => $startdbsyncers, + 'startdiscoverers' => $startdiscoverers, + 'starthttppollers' => $starthttppollers, + 'startipmipollers' => $startipmipollers, + 'startjavapollers' => $startjavapollers, + 'startpingers' => $startpingers, + 'startpollers' => $startpollers, + 'startpollersunreachable' => $startpollersunreachable, + 'startpreprocessors' => $startpreprocessors, + 'starttrappers' => $starttrappers, + 'startvmwarecollectors' => $startvmwarecollectors, + 'timeout' => $timeout, + 'tlsaccept' => $tlsaccept, + 'tlscafile' => $tlscafile, + 'tlscertfile' => $tlscertfile, + 'tlscipherall' => $tlscipherall, + 'tlscipherall13' => $tlscipherall13, + 'tlsciphercert' => $tlsciphercert, + 'tlsciphercert13' => $tlsciphercert13, + 'tlscipherpsk' => $tlscipherpsk, + 'tlscipherpsk13' => $tlscipherpsk13, + 'tlsconnect' => $tlsconnect, + 'tlscrlfile' => $tlscrlfile, + 'tlskeyfile' => $tlskeyfile, + 'tlspskfile' => $tlspskfile, + 'tlspskidentity' => $tlspskidentity, + 'tlsservercertissuer' => $tlsservercertissuer, + 'tlsservercertsubject' => $tlsservercertsubject, + 'tmpdir' => $tmpdir, + 'trappertimeout' => $trappertimeout, + 'unavaliabledelay' => $unavaliabledelay, + 'unreachabedelay' => $unreachabedelay, + 'unreachableperiod' => $unreachableperiod, + 'vaultdbpath' => $vaultdbpath, + 'vaulttoken' => $vaulttoken, + 'vaulturl' => $vaulturl, + 'vmwarecachesize' => $vmwarecachesize, + 'vmwarefrequency' => $vmwarefrequency, + 'vmwareperffrequency' => $vmwareperffrequency, + 'vmwaretimeout' => $vmwaretimeout, + 'zabbix_server_host' => $zabbix_server_host, + 'zabbix_server_port' => $zabbix_server_port, + 'zabbix_user' => $zabbix::params::server_zabbix_user, + 'zabbix_version' => $zabbix_version, + })), } # Include dir for specific zabbix-proxy checks. diff --git a/manifests/resources/web.pp b/manifests/resources/web.pp index 8de4c2c97..9c55fcf66 100644 --- a/manifests/resources/web.pp +++ b/manifests/resources/web.pp @@ -4,10 +4,10 @@ # @param zabbix_pass API password. # @param apache_use_ssl Whether to use ssl or not. class zabbix::resources::web ( - String[1] $zabbix_url, - String[1] $zabbix_user, - String[1] $zabbix_pass, - Boolean $apache_use_ssl, + String[1] $zabbix_url, + String[1] $zabbix_user, + Variant[String[1], Sensitive[String[1]]] $zabbix_pass, + Boolean $apache_use_ssl, ) { file { '/etc/zabbix/api.conf': ensure => file, diff --git a/manifests/server.pp b/manifests/server.pp index 41d8f73b0..8eeb63ffc 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -66,6 +66,9 @@ # @param startreportwriters Number of pre-forked report writer instances. # @param webserviceurl URL to Zabbix web service, used to perform web related tasks. # @param vmwarefrequency How often zabbix will connect to vmware service to obtain a new datan. +# @param vmwareperffrequency +# Delay in seconds between performance counter statistics retrieval from a single VMware service. +# This delay should be set to the least update interval of any VMware monitoring item that uses VMware performance counters. # @param vaultdbpath Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. # @param vaulttoken # Vault authentication token that should have been generated exclusively for Zabbix proxy with read-only @@ -132,6 +135,7 @@ # @param include_dir You may include individual files or all files in a directory in the configuration file. # @param loadmodulepath Full path to location of server modules. # @param loadmodule Module to load at server startup. +# @param sslcalocation_dir Location of certificate authority (CA) files for SSL server certificate verification. # @param sslcertlocation_dir Location of SSL client certificate files for client authentication. # @param sslkeylocation_dir Location of SSL private key files for client authentication. # @param manage_selinux Whether we should manage SELinux rules. @@ -191,7 +195,7 @@ $database_name = $zabbix::params::server_database_name, $database_schema = $zabbix::params::server_database_schema, $database_user = $zabbix::params::server_database_user, - $database_password = $zabbix::params::server_database_password, + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password, $database_socket = $zabbix::params::server_database_socket, Optional[Stdlib::Port::Unprivileged] $database_port = $zabbix::params::server_database_port, Optional[Enum['required', 'verify_ca', 'verify_full']] $database_tlsconnect = $zabbix::params::server_database_tlsconnect, @@ -221,6 +225,7 @@ Optional[String[1]] $vaulttoken = $zabbix::params::server_vaulttoken, Stdlib::HTTPSUrl $vaulturl = $zabbix::params::server_vaulturl, $vmwarefrequency = $zabbix::params::server_vmwarefrequency, + $vmwareperffrequency = $zabbix::params::server_vmwareperffrequency, $vmwarecachesize = $zabbix::params::server_vmwarecachesize, $vmwaretimeout = $zabbix::params::server_vmwaretimeout, $snmptrapperfile = $zabbix::params::server_snmptrapperfile, @@ -264,8 +269,9 @@ $include_dir = $zabbix::params::server_include, $loadmodulepath = $zabbix::params::server_loadmodulepath, $loadmodule = $zabbix::params::server_loadmodule, - $sslcertlocation_dir = $zabbix::params::server_sslcertlocation, - $sslkeylocation_dir = $zabbix::params::server_sslkeylocation, + Optional[Stdlib::Absolutepath] $sslcalocation_dir = $zabbix::params::server_sslcalocation, + Optional[Stdlib::Absolutepath] $sslcertlocation_dir = $zabbix::params::server_sslcertlocation, + Optional[Stdlib::Absolutepath] $sslkeylocation_dir = $zabbix::params::server_sslkeylocation, Boolean $manage_selinux = $zabbix::params::manage_selinux, String $additional_service_params = $zabbix::params::additional_service_params, Optional[String[1]] $zabbix_user = $zabbix::params::server_zabbix_user, @@ -446,7 +452,100 @@ mode => '0640', require => Package["zabbix-server-${db}"], replace => true, - content => template('zabbix/zabbix_server.conf.erb'), + content => Sensitive(epp('zabbix/zabbix_server.conf.epp', { + 'alertscriptspath' => $alertscriptspath, + 'allowroot' => $allowroot, + 'cachesize' => $cachesize, + 'cacheupdatefrequency' => $cacheupdatefrequency, + 'database_host' => $database_host, + 'database_name' => $database_name, + 'database_password' => $database_password, + 'database_port' => $database_port, + 'database_schema' => $database_schema, + 'database_socket' => $database_socket, + 'database_tlscafile' => $database_tlscafile, + 'database_tlscertfile' => $database_tlscertfile, + 'database_tlscipher' => $database_tlscipher, + 'database_tlscipher13' => $database_tlscipher13, + 'database_tlsconnect' => $database_tlsconnect, + 'database_tlskeyfile' => $database_tlskeyfile, + 'database_user' => $database_user, + 'debuglevel' => $debuglevel, + 'externalscripts' => $externalscripts, + 'fping6location' => $fping6location, + 'fpinglocation' => $fpinglocation, + 'historycachesize' => $historycachesize, + 'historyindexcachesize' => $historyindexcachesize, + 'housekeepingfrequency' => $housekeepingfrequency, + 'include_dir' => $include_dir, + 'javagateway' => $javagateway, + 'javagatewayport' => $javagatewayport, + 'listenip' => $listenip, + 'listenport' => $listenport, + 'loadmodule' => $loadmodule, + 'loadmodulepath' => $loadmodulepath, + 'logfile' => $logfile, + 'logfilesize' => $logfilesize, + 'logslowqueries' => $logslowqueries, + 'logtype' => $logtype, + 'maxhousekeeperdelete' => $maxhousekeeperdelete, + 'pidfile' => $pidfile, + 'proxyconfigfrequency' => $proxyconfigfrequency, + 'proxydatafrequency' => $proxydatafrequency, + 'snmptrapperfile' => $snmptrapperfile, + 'socketdir' => $socketdir, + 'sourceip' => $sourceip, + 'sshkeylocation' => $sshkeylocation, + 'sslcalocation_dir' => $sslcalocation_dir, + 'sslcertlocation_dir' => $sslcertlocation_dir, + 'sslkeylocation_dir' => $sslkeylocation_dir, + 'startalerters' => $startalerters, + 'startdbsyncers' => $startdbsyncers, + 'startdiscoverers' => $startdiscoverers, + 'startescalators' => $startescalators, + 'starthttppollers' => $starthttppollers, + 'startipmipollers' => $startipmipollers, + 'startjavapollers' => $startjavapollers, + 'startlldprocessors' => $startlldprocessors, + 'startpingers' => $startpingers, + 'startpollers' => $startpollers, + 'startpollersunreachable' => $startpollersunreachable, + 'startpreprocessors' => $startpreprocessors, + 'startproxypollers' => $startproxypollers, + 'startreportwriters' => $startreportwriters, + 'startsnmptrapper' => $startsnmptrapper, + 'starttimers' => $starttimers, + 'starttrappers' => $starttrappers, + 'startvmwarecollectors' => $startvmwarecollectors, + 'timeout' => $timeout, + 'tlscafile' => $tlscafile, + 'tlscertfile' => $tlscertfile, + 'tlscipherall' => $tlscipherall, + 'tlscipherall13' => $tlscipherall13, + 'tlsciphercert' => $tlsciphercert, + 'tlsciphercert13' => $tlsciphercert13, + 'tlscipherpsk' => $tlscipherpsk, + 'tlscipherpsk13' => $tlscipherpsk13, + 'tlscrlfile' => $tlscrlfile, + 'tlskeyfile' => $tlskeyfile, + 'tmpdir' => $tmpdir, + 'trappertimeout' => $trappertimeout, + 'trendcachesize' => $trendcachesize, + 'unavailabledelay' => $unavailabledelay, + 'unreachabledelay' => $unreachabledelay, + 'unreachableperiod' => $unreachableperiod, + 'valuecachesize' => $valuecachesize, + 'vaultdbpath' => $vaultdbpath, + 'vaulttoken' => $vaulttoken, + 'vaulturl' => $vaulturl, + 'vmwarecachesize' => $vmwarecachesize, + 'vmwarefrequency' => $vmwarefrequency, + 'vmwareperffrequency' => $vmwareperffrequency, + 'vmwaretimeout' => $vmwaretimeout, + 'webserviceurl' => $webserviceurl, + 'zabbix_user' => $zabbix::params::server_zabbix_user, + 'zabbix_version' => $zabbix_version, + })), } # Include dir for specific zabbix-server checks. diff --git a/manifests/web.pp b/manifests/web.pp index 665ef4489..fc9a6620d 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -92,56 +92,56 @@ # } # @author Werner Dijkerman class zabbix::web ( - $zabbix_url = $zabbix::params::zabbix_url, - $database_type = $zabbix::params::database_type, - $manage_repo = $zabbix::params::manage_repo, - $zabbix_version = $zabbix::params::zabbix_version, - $zabbix_timezone = $zabbix::params::zabbix_timezone, - $zabbix_package_state = $zabbix::params::zabbix_package_state, - $zabbix_template_dir = $zabbix::params::zabbix_template_dir, - $web_config_owner = $zabbix::params::web_config_owner, - $web_config_group = $zabbix::params::web_config_group, - $manage_vhost = $zabbix::params::manage_vhost, - $default_vhost = $zabbix::params::default_vhost, - $manage_resources = $zabbix::params::manage_resources, - $apache_use_ssl = $zabbix::params::apache_use_ssl, - $apache_ssl_cert = $zabbix::params::apache_ssl_cert, - $apache_ssl_key = $zabbix::params::apache_ssl_key, - $apache_ssl_cipher = $zabbix::params::apache_ssl_cipher, - $apache_ssl_chain = $zabbix::params::apache_ssl_chain, - $apache_listen_ip = $zabbix::params::apache_listen_ip, - Variant[Array[Stdlib::Port], Stdlib::Port] $apache_listenport = $zabbix::params::apache_listenport, - Variant[Array[Stdlib::Port], Stdlib::Port] $apache_listenport_ssl = $zabbix::params::apache_listenport_ssl, - $zabbix_api_user = $zabbix::params::server_api_user, - $zabbix_api_pass = $zabbix::params::server_api_pass, - $database_host = $zabbix::params::server_database_host, - $database_name = $zabbix::params::server_database_name, - $database_schema = $zabbix::params::server_database_schema, - Boolean $database_double_ieee754 = $zabbix::params::server_database_double_ieee754, - $database_user = $zabbix::params::server_database_user, - $database_password = $zabbix::params::server_database_password, - $database_socket = $zabbix::params::server_database_socket, - $database_port = $zabbix::params::server_database_port, - $zabbix_server = $zabbix::params::zabbix_server, - Optional[String] $zabbix_server_name = $zabbix::params::zabbix_server, - $zabbix_listenport = $zabbix::params::server_listenport, - $apache_php_max_execution_time = $zabbix::params::apache_php_max_execution_time, - $apache_php_memory_limit = $zabbix::params::apache_php_memory_limit, - $apache_php_post_max_size = $zabbix::params::apache_php_post_max_size, - $apache_php_upload_max_filesize = $zabbix::params::apache_php_upload_max_filesize, - $apache_php_max_input_time = $zabbix::params::apache_php_max_input_time, - $apache_php_always_populate_raw_post_data = $zabbix::params::apache_php_always_populate_raw_post_data, - $apache_php_max_input_vars = $zabbix::params::apache_php_max_input_vars, - Optional[Stdlib::Absolutepath] $ldap_cacert = $zabbix::params::ldap_cacert, - Optional[Stdlib::Absolutepath] $ldap_clientcert = $zabbix::params::ldap_clientcert, - Optional[Stdlib::Absolutepath] $ldap_clientkey = $zabbix::params::ldap_clientkey, - Optional[Enum['never','allow','try','demand','hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert, - Optional[Stdlib::Absolutepath] $saml_sp_key = $zabbix::params::saml_sp_key, - Optional[Stdlib::Absolutepath] $saml_sp_cert = $zabbix::params::saml_sp_cert, - Optional[Stdlib::Absolutepath] $saml_idp_cert = $zabbix::params::saml_idp_cert, - Hash[String[1], Variant[ScalarData, Hash]] $saml_settings = $zabbix::params::saml_settings, - $puppetgem = $zabbix::params::puppetgem, - Boolean $manage_selinux = $zabbix::params::manage_selinux, + $zabbix_url = $zabbix::params::zabbix_url, + $database_type = $zabbix::params::database_type, + $manage_repo = $zabbix::params::manage_repo, + $zabbix_version = $zabbix::params::zabbix_version, + $zabbix_timezone = $zabbix::params::zabbix_timezone, + $zabbix_package_state = $zabbix::params::zabbix_package_state, + $zabbix_template_dir = $zabbix::params::zabbix_template_dir, + $web_config_owner = $zabbix::params::web_config_owner, + $web_config_group = $zabbix::params::web_config_group, + $manage_vhost = $zabbix::params::manage_vhost, + $default_vhost = $zabbix::params::default_vhost, + $manage_resources = $zabbix::params::manage_resources, + $apache_use_ssl = $zabbix::params::apache_use_ssl, + $apache_ssl_cert = $zabbix::params::apache_ssl_cert, + $apache_ssl_key = $zabbix::params::apache_ssl_key, + $apache_ssl_cipher = $zabbix::params::apache_ssl_cipher, + $apache_ssl_chain = $zabbix::params::apache_ssl_chain, + $apache_listen_ip = $zabbix::params::apache_listen_ip, + Variant[Array[Stdlib::Port], Stdlib::Port] $apache_listenport = $zabbix::params::apache_listenport, + Variant[Array[Stdlib::Port], Stdlib::Port] $apache_listenport_ssl = $zabbix::params::apache_listenport_ssl, + $zabbix_api_user = $zabbix::params::server_api_user, + $zabbix_api_pass = $zabbix::params::server_api_pass, + $database_host = $zabbix::params::server_database_host, + $database_name = $zabbix::params::server_database_name, + $database_schema = $zabbix::params::server_database_schema, + Boolean $database_double_ieee754 = $zabbix::params::server_database_double_ieee754, + $database_user = $zabbix::params::server_database_user, + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = $zabbix::params::server_database_password, + $database_socket = $zabbix::params::server_database_socket, + $database_port = $zabbix::params::server_database_port, + $zabbix_server = $zabbix::params::zabbix_server, + Optional[String] $zabbix_server_name = $zabbix::params::zabbix_server, + $zabbix_listenport = $zabbix::params::server_listenport, + $apache_php_max_execution_time = $zabbix::params::apache_php_max_execution_time, + $apache_php_memory_limit = $zabbix::params::apache_php_memory_limit, + $apache_php_post_max_size = $zabbix::params::apache_php_post_max_size, + $apache_php_upload_max_filesize = $zabbix::params::apache_php_upload_max_filesize, + $apache_php_max_input_time = $zabbix::params::apache_php_max_input_time, + $apache_php_always_populate_raw_post_data = $zabbix::params::apache_php_always_populate_raw_post_data, + $apache_php_max_input_vars = $zabbix::params::apache_php_max_input_vars, + Optional[Stdlib::Absolutepath] $ldap_cacert = $zabbix::params::ldap_cacert, + Optional[Stdlib::Absolutepath] $ldap_clientcert = $zabbix::params::ldap_clientcert, + Optional[Stdlib::Absolutepath] $ldap_clientkey = $zabbix::params::ldap_clientkey, + Optional[Enum['never','allow','try','demand','hard']] $ldap_reqcert = $zabbix::params::ldap_reqcert, + Optional[Stdlib::Absolutepath] $saml_sp_key = $zabbix::params::saml_sp_key, + Optional[Stdlib::Absolutepath] $saml_sp_cert = $zabbix::params::saml_sp_cert, + Optional[Stdlib::Absolutepath] $saml_idp_cert = $zabbix::params::saml_idp_cert, + Hash[String[1], Variant[ScalarData, Hash]] $saml_settings = $zabbix::params::saml_settings, + $puppetgem = $zabbix::params::puppetgem, + Boolean $manage_selinux = $zabbix::params::manage_selinux, ) inherits zabbix::params { # check osfamily, Arch is currently not supported for web if $facts['os']['family'] in ['Archlinux', 'Gentoo',] { @@ -289,7 +289,28 @@ group => $web_config_group, mode => '0640', replace => true, - content => template('zabbix/web/zabbix.conf.php.erb'), + content => Sensitive(epp('zabbix/web/zabbix.conf.php.epp', { + 'database_type' => $database_type, + 'database_host' => $database_host, + 'database_port' => $database_port, + 'db_port' => $db_port, + 'database_name' => $database_name, + 'database_user' => $database_user, + 'database_password' => $database_password, + 'database_schema' => $database_schema, + 'database_double_ieee754' => $database_double_ieee754, + 'zabbix_server' => $zabbix_server, + 'zabbix_listenport' => $zabbix_listenport, + 'zabbix_server_name' => $zabbix_server_name, + 'ldap_cacert' => $ldap_cacert, + 'ldap_clientcert' => $ldap_clientcert, + 'ldap_clientkey' => $ldap_clientkey, + 'ldap_reqcert' => $ldap_reqcert, + 'saml_sp_key' => $saml_sp_key, + 'saml_sp_cert' => $saml_sp_cert, + 'saml_idp_cert' => $saml_idp_cert, + 'saml_settings' => $saml_settings, + })), } # For API to work on Zabbix 5.x zabbix.conf.php needs to be in the root folder. diff --git a/templates/api.conf.epp b/templates/api.conf.epp index 32679f37b..b8f4955ac 100644 --- a/templates/api.conf.epp +++ b/templates/api.conf.epp @@ -1,7 +1,7 @@ -<%- | String[1] $zabbix_url, - String[1] $zabbix_user, - String[1] $zabbix_pass, - Boolean $apache_use_ssl, +<%- | String[1] $zabbix_url, + String[1] $zabbix_user, + Variant[String[1], Sensitive[String[1]]] $zabbix_pass, + Boolean $apache_use_ssl, | -%> # MANAGED BY PUPPET [default] diff --git a/templates/web/zabbix.conf.php.epp b/templates/web/zabbix.conf.php.epp new file mode 100644 index 000000000..b020ba826 --- /dev/null +++ b/templates/web/zabbix.conf.php.epp @@ -0,0 +1,83 @@ +<%- | + String[1] $database_type, + String[1] $database_host, + Optional[String[1]] $database_port, + String[1] $db_port, + String[1] $database_name, + String[1] $database_user, + Variant[String[1], Sensitive[String[1]]] $database_password, + Optional[String[1]] $database_schema, + Boolean $database_double_ieee754, + Stdlib::Fqdn $zabbix_server, + String[1] $zabbix_listenport, + Stdlib::Fqdn $zabbix_server_name, + Optional[String[1]] $ldap_cacert, + Optional[String[1]] $ldap_clientcert, + Optional[String[1]] $ldap_clientkey, + Optional[String[1]] $ldap_reqcert, + Optional[String[1]] $saml_sp_key, + Optional[String[1]] $saml_sp_cert, + Optional[String[1]] $saml_idp_cert, + Hash[String[1],Variant[ScalarData, Hash]] $saml_settings, + | -%> + +'; +$DB['SERVER'] = '<%= $database_host %>'; +<% if $database_port { -%> +$DB['PORT'] = '<%= $database_port %>'; +<% } elsif $db_port { -%> +$DB['PORT'] = '<%= $db_port %>'; +<% } else { -%> +$DB['PORT'] = '0'; +<% } -%> +$DB['DATABASE'] = '<%= $database_name %>'; +$DB['USER'] = '<%= $database_user %>'; +$DB['PASSWORD'] = '<%= $database_password.unwrap %>'; + +// SCHEMA is relevant only for IBM_DB2 and PostgreSQL database +<% if $database_schema { -%> +$DB['SCHEMA'] = '<%= $database_schema %>'; +<% } else { -%> +$DB['SCHEMA'] = ''; +<% } -%> + +<% if $database_double_ieee754 { -%> +$DB['DOUBLE_IEEE754'] = 'true'; +<% } -%> + +$ZBX_SERVER = '<%= $zabbix_server %>'; +$ZBX_SERVER_PORT = '<%= $zabbix_listenport %>'; +$ZBX_SERVER_NAME = '<%= $zabbix_server_name %>'; + +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; + +<% if $ldap_cacert { -%> +putenv("LDAPTLS_CACERT=<%= $ldap_cacert %>"); +<% } -%> +<% if $ldap_clientcert { -%> +putenv("LDAPTLS_CERT=<%= $ldap_clientcert %>"); +<% } -%> +<% if $ldap_clientkey { -%> +putenv("LDAPTLS_KEY=<%= $ldap_clientkey %>"); +<% } -%> +<% if $ldap_reqcert { -%> +putenv("TLS_REQCERT=<%= $ldap_reqcert %>"); +<% } -%> + +<% if $saml_sp_key { -%> +$SSO['SP_KEY'] = '<%= $saml_sp_key -%>'; +<% } -%> +<% if $saml_sp_cert { -%> +$SSO['SP_CERT'] = '<%= $saml_sp_cert -%>'; +<% } -%> +<% if $saml_idp_cert { -%> +$SSO['IDP_CERT'] = '<%= $saml_idp_cert -%>'; +<% } -%> +<% unless empty($saml_settings) { -%> +$SSO['SETTINGS'] = [ <%= String($saml_settings,'%[h') %>; +<% } -%> +?> diff --git a/templates/web/zabbix.conf.php.erb b/templates/web/zabbix.conf.php.erb deleted file mode 100644 index a2666fa9c..000000000 --- a/templates/web/zabbix.conf.php.erb +++ /dev/null @@ -1,64 +0,0 @@ -'; -$DB['SERVER'] = '<%= @database_host %>'; -<% if @database_port -%> -$DB['PORT'] = '<%= @database_port %>'; -<% elsif @db_port -%> -$DB['PORT'] = '<%= @db_port %>'; -<% else -%> -$DB['PORT'] = '0'; -<% end -%> -$DB['DATABASE'] = '<%= @database_name %>'; -$DB['USER'] = '<%= @database_user %>'; -$DB['PASSWORD'] = '<%= @database_password %>'; - -// SCHEMA is relevant only for IBM_DB2 and PostgreSQL database -<% if @database_schema -%> -$DB['SCHEMA'] = '<%= @database_schema %>'; -<% else -%> -$DB['SCHEMA'] = ''; -<% end -%> - -<% if @database_double_ieee754 -%> -$DB['DOUBLE_IEEE754'] = 'true'; -<% end -%> - -$ZBX_SERVER = '<%= @zabbix_server %>'; -$ZBX_SERVER_PORT = '<%= @zabbix_listenport %>'; -$ZBX_SERVER_NAME = '<%= @zabbix_server_name %>'; - -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; - -<% if @ldap_cacert %> -putenv("LDAPTLS_CACERT=<%= @ldap_cacert %>"); -<% end %> -<% if @ldap_clientcert %> -putenv("LDAPTLS_CERT=<%= @ldap_clientcert %>"); -<% end %> -<% if @ldap_clientkey %> -putenv("LDAPTLS_KEY=<%= @ldap_clientkey %>"); -<% end %> -<% if @ldap_reqcert %> -putenv("TLS_REQCERT=<%= @ldap_reqcert %>"); -<% end %> - -<% if @saml_sp_key %> -$SSO['SP_KEY'] = '<%= @saml_sp_key -%>'; -<% end %> -<% if @saml_sp_cert %> -$SSO['SP_CERT'] = '<%= @saml_sp_cert -%>'; -<% end %> -<% if @saml_idp_cert %> -$SSO['IDP_CERT'] = '<%= @saml_idp_cert -%>'; -<% end %> -<% if @saml_settings %> -$SSO['SETTINGS'] = [ <%= JSON.pretty_generate(@saml_settings, space_before: " ") - .sub("{", "") - .gsub(" : ", " => ") - .gsub("{", "[") - .gsub("}", "]") -%>; -<% end %> -?> diff --git a/templates/zabbix_proxy.conf.erb b/templates/zabbix_proxy.conf.epp similarity index 58% rename from templates/zabbix_proxy.conf.erb rename to templates/zabbix_proxy.conf.epp index 97c46f365..6d1c2909a 100644 --- a/templates/zabbix_proxy.conf.erb +++ b/templates/zabbix_proxy.conf.epp @@ -1,3 +1,100 @@ +<%- | + String[1] $allowroot, + String[1] $cachesize, + String[1] $configfrequency, + String[1] $database_host, + String[1] $database_name, + Variant[String[1], Sensitive[String[8]]] $database_password, + Optional[String[1]] $database_port, + Optional[String[1]] $database_schema, + Optional[String[1]] $database_socket, + Optional[Stdlib::Absolutepath] $database_tlscafile, + Optional[Stdlib::Absolutepath] $database_tlscertfile, + Optional[String[1]] $database_tlscipher, + Optional[String[1]] $database_tlscipher13, + Optional[Enum['required', 'verify_ca', 'verify_full']] $database_tlsconnect, + Optional[Stdlib::Absolutepath] $database_tlskeyfile, + String[1] $database_user, + String[1] $datasenderfrequency, + String[1] $debuglevel, + Integer[0] $enableremotecommands, + String[1] $externalscripts, + String[1] $fping6location, + String[1] $fpinglocation, + String[1] $heartbeatfrequency, + String[1] $historycachesize, + Optional[String[1]] $historyindexcachesize, + Stdlib::Fqdn $hostname, + String[1] $housekeepingfrequency, + String[1] $include_dir, + Optional[String[1]] $javagateway, + String[1] $javagatewayport, + Optional[Stdlib::IP::Address] $listenip, + String[1] $listenport, + Optional[String[1]] $loadmodule, + String[1] $loadmodulepath, + String[1] $localbuffer, + Optional[Stdlib::Absolutepath] $logfile, + String[1] $logfilesize, + Integer[0] $logremotecommands, + Integer $logslowqueries, + Enum['console', 'file', 'system'] $logtype, + String[1] $mode, + String[1] $offlinebuffer, + String[1] $pidfile, + String[1] $snmptrapper, + String[1] $snmptrapperfile, + Optional[Stdlib::Absolutepath] $socketdir, + Optional[Stdlib::IP::Address] $sourceip, + Optional[String[1]] $sshkeylocation, + Optional[Stdlib::Absolutepath] $sslcalocation_dir, + Optional[Stdlib::Absolutepath] $sslcertlocation_dir, + Optional[Stdlib::Absolutepath] $sslkeylocation_dir, + Integer $startdbsyncers, + Integer $startdiscoverers, + Integer $starthttppollers, + Integer $startipmipollers, + Integer $startjavapollers, + Integer $startpingers, + Variant[Integer, String[1]] $startpollers, + Variant[Integer, String[1]] $startpollersunreachable, + Integer[1, 1000] $startpreprocessors, + Variant[Integer, String[1]] $starttrappers, + Variant[Integer, String[1]] $startvmwarecollectors, + Variant[Integer, String[1]] $timeout, + Optional[String[1]] $tlsaccept, + Optional[String[1]] $tlscafile, + Optional[String[1]] $tlscertfile, + Optional[String[1]] $tlscipherall, + Optional[String[1]] $tlscipherall13, + Optional[String[1]] $tlsciphercert, + Optional[String[1]] $tlsciphercert13, + Optional[String[1]] $tlscipherpsk, + Optional[String[1]] $tlscipherpsk13, + Optional[String[1]] $tlsconnect, + Optional[String[1]] $tlscrlfile, + Optional[String[1]] $tlskeyfile, + Optional[String[1]] $tlspskfile, + Optional[String[1]] $tlspskidentity, + Optional[String[1]] $tlsservercertissuer, + Optional[String[1]] $tlsservercertsubject, + String[1] $tmpdir, + Variant[Integer, String[1]] $trappertimeout, + String[1] $unavaliabledelay, + Optional[String[1]] $unreachabedelay, + String[1] $unreachableperiod, + Optional[String[1]] $vaultdbpath, + Optional[String[1]] $vaulttoken, + Optional[Stdlib::HTTPSUrl] $vaulturl, + String[1] $vmwarecachesize, + String[1] $vmwarefrequency, + Optional[String[1]] $vmwareperffrequency, + Optional[String[1]] $vmwaretimeout, + String[1] $zabbix_server_host, + String[1] $zabbix_server_port, + String[1] $zabbix_user, + String[1] $zabbix_version, + | -%> # This is a configuration file for Zabbix Proxy process # To get more information about Zabbix,_# visit http://www.zabbix.com @@ -8,26 +105,26 @@ # 0 - proxy in the active mode # 1 - proxy in the passive mode # -ProxyMode=<%= @mode %> +ProxyMode=<%= $mode %> ### Option: Server # IP address (or hostname) of Zabbix server. # Active proxy will get configuration data from the server. # For a proxy in the passive mode this parameter will be ignored. # -Server=<%= @zabbix_server_host %> +Server=<%= $zabbix_server_host %> ### Option: ServerPort # Port of Zabbix trapper on Zabbix server. # For a proxy in the passive mode this parameter will be ignored. # -ServerPort=<%= @zabbix_server_port %> +ServerPort=<%= $zabbix_server_port %> ### Option: Hostname # Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! # Value is acquired from HostnameItem if undefined. # -Hostname=<%= @hostname %> +Hostname=<%= $hostname %> ### Option: HostnameItem # Item used for generating Hostname if it is undefined. @@ -40,7 +137,7 @@ Hostname=<%= @hostname %> ### Option: ListenPort # Listen port for trapper. # -ListenPort=<%= @listenport %> +ListenPort=<%= $listenport %> ### Option: SourceIP # Source IP address for outgoing connections. @@ -48,7 +145,7 @@ ListenPort=<%= @listenport %> # Mandatory: no # Default: # SourceIP= -<% if @sourceip %>SourceIP=<%= @sourceip %><% end %> +<% if $sourceip { %>SourceIP=<%= $sourceip %><% } -%> ### Option: LogType # Specifies where log messages are written to: @@ -56,19 +153,19 @@ ListenPort=<%= @listenport %> # file - file specified with LogFile parameter # console - standard output # -<% if @logtype %>LogType=<%= @logtype %><% end %> +<% if $logtype { %>LogType=<%= $logtype %><% } -%> -<% if @logtype == 'file' -%> +<% if $logtype == 'file' { -%> ### Option: LogFile # Log file name for LogType 'file' parameter. # -LogFile=<%= @logfile %> +LogFile=<%= $logfile %> ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # -LogFileSize=<%= @logfilesize %><% end -%> +LogFileSize=<%= $logfilesize %><% } -%> ### Option: DebugLevel # Specifies debug level @@ -78,14 +175,14 @@ LogFileSize=<%= @logfilesize %><% end -%> # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) -DebugLevel=<%= @debuglevel %> +DebugLevel=<%= $debuglevel %> ### Option: PidFile # Name of PID file. # -PidFile=<%= @pidfile %> +PidFile=<%= $pidfile %> -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: SocketDir # IPC socket directory. # Directory to store IPC sockets used by internal Zabbix services. @@ -93,62 +190,62 @@ PidFile=<%= @pidfile %> # Mandatory: no # Default: -<% if @socketdir %>SocketDir=<%= @socketdir %><% end %> -<% end %> +<% if $socketdir { %>SocketDir=<%= $socketdir %><% } -%> +<% } %> ### Option: DBHost # Database host name. # If set to localhost, socket is used for MySQL. # If set to empty string, socket is used for PostgreSQL. # -DBHost=<%= @database_host %> +DBHost=<%= $database_host %> ### Option: DBName # Database name. # For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. # Warning: do not attempt to use the same database Zabbix server is using. # -DBName=<%= @database_name %> +DBName=<%= $database_name %> ### Option: DBSchema # Schema name. Used for IBM DB2 and PostgreSQL. # -<% if @database_schema %>DBSchema=<%= @database_schema %><% end %> +<% if $database_schema { %>DBSchema=<%= $database_schema %><% } -%> ### Option: DBUser # Database user. Ignored for SQLite. # -DBUser=<%= @database_user %> +DBUser=<%= $database_user %> ### Option: DBPassword # Database password. Ignored for SQLite. # Comment this line if no password is used. # -DBPassword=<%= @database_password %> +DBPassword=<%= $database_password %> ### Option: DBSocket # Path to MySQL socket. # -<% if @database_socket %>DBSocket=<%= @database_socket %><% end %> +<% if $database_socket { %>DBSocket=<%= $database_socket %><% } -%> # Option: DBPort # Database port when not using local socket. Ignored for SQLite. # -<% if @database_port %>DBPort=<%= @database_port %><% end %> +<% if $database_port { %>DBPort=<%= $database_port %><% } -%> ### Option: EnableRemoteCommands # Whether remote commands from Zabbix server are allowed. # 0 - not allowed # 1 - allowed # -EnableRemoteCommands=<%= @enableremotecommands %> +EnableRemoteCommands=<%= $enableremotecommands %> ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. # 0 - disabled # 1 - enabled # -LogRemoteCommands=<%= @logremotecommands %> +LogRemoteCommands=<%= $logremotecommands %> ######### PROXY SPECIFIC PARAMETERS ############# @@ -156,13 +253,13 @@ LogRemoteCommands=<%= @logremotecommands %> # Proxy will keep data locally for N hours, even if the data have already been synced with the server. # This parameter may be used if local data will be used by third party applications. # -ProxyLocalBuffer=<%= @localbuffer %> +ProxyLocalBuffer=<%= $localbuffer %> ### Option: ProxyOfflineBuffer # Proxy will keep data for N hours in case if no connectivity with Zabbix Server. # Older data will be lost. # -ProxyOfflineBuffer=<%= @offlinebuffer %> +ProxyOfflineBuffer=<%= $offlinebuffer %> ### Option: HeartbeatFrequency # Frequency of heartbeat messages in seconds. @@ -170,38 +267,38 @@ ProxyOfflineBuffer=<%= @offlinebuffer %> # 0 - heartbeat messages disabled. # For a proxy in the passive mode this parameter will be ignored. # -HeartbeatFrequency=<%= @heartbeatfrequency %> +HeartbeatFrequency=<%= $heartbeatfrequency %> ### Option: ConfigFrequency # How often proxy retrieves configuration data from Zabbix Server in seconds. # For a proxy in the passive mode this parameter will be ignored. # -ConfigFrequency=<%= @configfrequency %> +ConfigFrequency=<%= $configfrequency %> ### Option: DataSenderFrequency # Proxy will send collected data to the Server every N seconds. # For a proxy in the passive mode this parameter will be ignored. # -DataSenderFrequency=<%= @datasenderfrequency %> +DataSenderFrequency=<%= $datasenderfrequency %> ############ ADVANCED PARAMETERS ################ ### Option: StartPollers # Number of pre-forked instances of pollers. # -StartPollers=<%= @startpollers %> +StartPollers=<%= $startpollers %> ### Option: StartIPMIPollers # Number of pre-forked instances of IPMI pollers. # -StartIPMIPollers=<%= @startipmipollers %> +StartIPMIPollers=<%= $startipmipollers %> ### Option: StartPollersUnreachable # Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). # At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers # are started. # -StartPollersUnreachable=<%= @startpollersunreachable %> +StartPollersUnreachable=<%= $startpollersunreachable %> ### Option: StartPreprocessors # Number of pre-forked instances of preprocessing workers. @@ -211,90 +308,90 @@ StartPollersUnreachable=<%= @startpollersunreachable %> # Range: 1-1000 # Default: # StartPreprocessors=3 -<% if @startpreprocessors %>StartPreprocessors=<%= @startpreprocessors -%><% end %> +<% if $startpreprocessors { %>StartPreprocessors=<%= $startpreprocessors -%><% } -%> ### Option: StartTrappers # Number of pre-forked instances of trappers. # Trappers accept incoming connections from Zabbix sender and active agents. # -StartTrappers=<%= @starttrappers %> +StartTrappers=<%= $starttrappers %> ### Option: StartPingers # Number of pre-forked instances of ICMP pingers. # -StartPingers=<%= @startpingers %> +StartPingers=<%= $startpingers %> ### Option: StartDiscoverers # Number of pre-forked instances of discoverers. # -StartDiscoverers=<%= @startdiscoverers %> +StartDiscoverers=<%= $startdiscoverers %> ### Option: StartHTTPPollers # Number of pre-forked instances of HTTP pollers. # -StartHTTPPollers=<%= @starthttppollers %> +StartHTTPPollers=<%= $starthttppollers %> ### Option: JavaGateway # IP address (or hostname) of Zabbix Java gateway. # Only required if Java pollers are started. # -<% if @javagateway and @javagateway != '' %> -JavaGateway=<%= @javagateway %> +<% if $javagateway and $javagateway != '' { -%> +JavaGateway=<%= $javagateway %> ### Option: JavaGatewayPort # Port that Zabbix Java gateway listens on. # -JavaGatewayPort=<%= @javagatewayport %> +JavaGatewayPort=<%= $javagatewayport %> ### Option: StartJavaPollers # Number of pre-forked instances of Java pollers. # -StartJavaPollers=<%= @startjavapollers %> -<% end %> +StartJavaPollers=<%= $startjavapollers %> +<% } -%> ### Option: StartVMwareCollectors # Number of pre-forked vmware collector instances. # -StartVMwareCollectors=<%= @startvmwarecollectors %> +StartVMwareCollectors=<%= $startvmwarecollectors %> ### Option: VMwareFrequency # How often Zabbix will connect to VMware service to obtain a new data. # -VMwareFrequency=<%= @vmwarefrequency %> +VMwareFrequency=<%= $vmwarefrequency %> ### Option: VMwarePerfFrequency # How often Zabbix will connect to VMware service to obtain performance data. # -<% if @vmwareperffrequency %>VMwarePerfFrequency=<%= @vmwareperffrequency %><% end %> +<% if $vmwareperffrequency { %>VMwarePerfFrequency=<%= $vmwareperffrequency %><% } -%> ### Option: VMwareCacheSize # Size of VMware cache, in bytes. # Shared memory size for storing VMware data. # Only used if VMware collectors are started. # -VMwareCacheSize=<%= @vmwarecachesize %> +VMwareCacheSize=<%= $vmwarecachesize %> ### Option: VMwareTimeout # Specifies how many seconds vmware collector waits for response from VMware service. # -<% if @vmwaretimeout %>VMwareTimeout=<%= @vmwaretimeout %><% end %> +<% if $vmwaretimeout { %>VMwareTimeout=<%= $vmwaretimeout %><% } -%> ### Option: SNMPTrapperFile # Temporary file used for passing data from SNMP trap daemon to the proxy. # Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. # -SNMPTrapperFile=<%= @snmptrapperfile %> +SNMPTrapperFile=<%= $snmptrapperfile %> ### Option: StartSNMPTrapper # If 1, SNMP trapper process is started. # -StartSNMPTrapper=<%= @snmptrapper %> +StartSNMPTrapper=<%= $snmptrapper %> ### Option: ListenIP # List of comma delimited IP addresses that the trapper should listen on. # Trapper will listen on all network interfaces if this parameter is missing. # -<% if @listenip %>ListenIP=<%= @listenip %><% end %> +<% if $listenip { %>ListenIP=<%= $listenip %><% } -%> ### Option: HousekeepingFrequency # How often Zabbix will perform housekeeping procedure (in hours). @@ -306,91 +403,91 @@ StartSNMPTrapper=<%= @snmptrapper %> # In this case the period of outdated information deleted in one housekeeping cycle is 4 times the # period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. # -HousekeepingFrequency=<%= @housekeepingfrequency %> +HousekeepingFrequency=<%= $housekeepingfrequency %> ### Option: CacheSize # Size of configuration cache, in bytes. # Shared memory size, for storing hosts and items data. # -CacheSize=<%= @cachesize %> +CacheSize=<%= $cachesize %> ### Option: StartDBSyncers # Number of pre-forked instances of DB Syncers # -StartDBSyncers=<%= @startdbsyncers %> +StartDBSyncers=<%= $startdbsyncers %> ### Option: HistoryCacheSize # Size of history cache, in bytes. # Shared memory size for storing history data. # -HistoryCacheSize=<%= @historycachesize %> +HistoryCacheSize=<%= $historycachesize %> ### Option: HistoryIndexCacheSize # Size of history index cache, in bytes. # Shared memory size for indexing history cache. # -<% if @historyindexcachesize %>HistoryIndexCacheSize=<%= @historyindexcachesize %><% end %> +<% if $historyindexcachesize { %>HistoryIndexCacheSize=<%= $historyindexcachesize %><% } -%> ### Option: Timeout # Specifies how long we wait for agent, SNMP device or external check (in seconds). # -Timeout=<%= @timeout %> +Timeout=<%= $timeout %> ### Option: TrapperTimeout # Specifies how many seconds trapper may spend processing new data. # -TrapperTimeout=<%= @trappertimeout %> +TrapperTimeout=<%= $trappertimeout %> ### Option: UnreachablePeriod # After how many seconds of unreachability treat a host as unavailable. # -UnreachablePeriod=<%= @unreachableperiod %> +UnreachablePeriod=<%= $unreachableperiod %> ### Option: UnavailableDelay # How often host is checked for availability during the unavailability period, in seconds. # -UnavailableDelay=<%= @unavaliabledelay %> +UnavailableDelay=<%= $unavaliabledelay %> ### Option: UnreachableDelay # How often host is checked for availability during the unreachability period, in seconds. # -UnreachableDelay=<%= @unreachabedelay %> +UnreachableDelay=<%= $unreachabedelay %> ### Option: ExternalScripts # Full path to location of external scripts. # Default depends on compilation options. # -ExternalScripts=<%= @externalscripts %> +ExternalScripts=<%= $externalscripts %> ### Option: FpingLocation # Location of fping. # Make sure that fping binary has root ownership and SUID flag set. # -FpingLocation=<%= @fpinglocation %> +FpingLocation=<%= $fpinglocation %> ### Option: Fping6Location # Location of fping6. # Make sure that fping6 binary has root ownership and SUID flag set. # Make empty if your fping utility is capable to process IPv6 addresses. # -Fping6Location=<%= @fping6location %> +Fping6Location=<%= $fping6location %> ### Option: SSHKeyLocation # Location of public and private keys for SSH checks and actions. # -<% if @sshkeylocation %>SSHKeyLocation=<%= @sshkeylocation %><% end %> +<% if $sshkeylocation { %>SSHKeyLocation=<%= $sshkeylocation %><% } -%> ### Option: LogSlowQueries # How long a database query may take before being logged (in milliseconds). # Only works if DebugLevel set to 3 or 4. # 0 - don't log slow queries. # -LogSlowQueries=<%= @logslowqueries %> +LogSlowQueries=<%= $logslowqueries %> ### Option: TmpDir # Temporary directory. # -TmpDir=<%= @tmpdir %> +TmpDir=<%= $tmpdir %> ### Option: AllowRoot # Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy @@ -399,38 +496,38 @@ TmpDir=<%= @tmpdir %> # 0 - do not allow # 1 - allow # -AllowRoot=<%= @allowroot %> +AllowRoot=<%= $allowroot %> ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. # -<% if @zabbix_user %>User=<%= @zabbix_user %><% end %> +<% if $zabbix_user { %>User=<%= $zabbix_user %><% } -%> ### Option: Include # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # -Include=<%= @include_dir %> +Include=<%= $include_dir %> ### Option: SSLCertLocation # Location of SSL client certificates. # This parameter is used only in web monitoring. # -<% if @sslcertlocation_dir %>SSLCertLocation=<%= @sslcertlocation_dir %><% end %> +<% if $sslcertlocation_dir { %>SSLCertLocation=<%= $sslcertlocation_dir %><% } -%> ### Option: SSLKeyLocation # Location of private keys for SSL client certificates. # This parameter is used only in web monitoring. # -<% if @sslkeylocation_dir %>SSLKeyLocation=<%= @sslkeylocation_dir %><% end %> +<% if $sslkeylocation_dir { %>SSLKeyLocation=<%= $sslkeylocation_dir %><% } -%> ### Option: SSLCALocation # Location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. # This parameter is used only in web monitoring. # -<% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %> +<% if $sslcalocation_dir { %>SSLCALocation=<%= $sslcalocation_dir %><% } -%> ####### LOADABLE MODULES ####### @@ -438,7 +535,7 @@ Include=<%= @include_dir %> # Full path to location of proxy modules. # Default depends on compilation options. # -LoadModulePath=<%= @loadmodulepath %> +LoadModulePath=<%= $loadmodulepath %> ### Option: LoadModule # Module to load at proxy startup. Modules are used to extend functionality of the proxy. @@ -446,7 +543,7 @@ LoadModulePath=<%= @loadmodulepath %> # The modules must be located in directory specified by LoadModulePath. # It is allowed to include multiple LoadModule parameters. # -<% if @loadmodule %>LoadModule=<%= @loadmodule %><% end %> +<% if $loadmodule { %>LoadModule=<%= $loadmodule %><% } -%> ####### TLS-RELATED PARAMETERS ####### @@ -460,7 +557,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSConnect=unencrypted -<% if @tlsconnect %>TLSConnect=<%= @tlsconnect %><% end %> +<% if $tlsconnect { %>TLSConnect=<%= $tlsconnect %><% } -%> ### Option: TLSAccept # What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy. @@ -472,51 +569,51 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) # Default: # TLSAccept=unencrypted -<% if @tlsaccept %>TLSAccept=<%= @tlsaccept %><% end %> +<% if $tlsaccept { %>TLSAccept=<%= $tlsaccept %><% } -%> ### Option: TLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # peer certificate verification. # -<% if @tlscafile %>TLSCAFile=<%= @tlscafile %><% end %> +<% if $tlscafile { %>TLSCAFile=<%= $tlscafile %><% } -%> ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # -<% if @tlscrlfile %>TLSCRLFile=<%= @tlscrlfile %><% end %> +<% if $tlscrlfile { %>TLSCRLFile=<%= $tlscrlfile %><% } -%> ### Option: TLSServerCertIssuer # Allowed server certificate issuer. # -<% if @tlsservercertissuer %>TLSServerCertIssuer=<%= @tlsservercertissuer %><% end %> +<% if $tlsservercertissuer { %>TLSServerCertIssuer=<%= $tlsservercertissuer %><% } -%> ### Option: TLSServerCertSubject # Allowed server certificate subject. # -<% if @tlsservercertsubject %>TLSServerCertSubject=<%= @tlsservercertsubject %><% end %> +<% if $tlsservercertsubject { %>TLSServerCertSubject=<%= $tlsservercertsubject %><% } -%> ### Option: TLSCertFile # Full pathname of a file containing the proxy certificate or certificate chain. # -<% if @tlscertfile %>TLSCertFile=<%= @tlscertfile %><% end %> +<% if $tlscertfile { %>TLSCertFile=<%= $tlscertfile %><% } -%> ### Option: TLSKeyFile # Full pathname of a file containing the proxy private key. # -<% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %> +<% if $tlskeyfile { %>TLSKeyFile=<%= $tlskeyfile %><% } -%> ### Option: TLSPSKIdentity # Unique, case sensitive string used to identify the pre-shared key. # -<% if @tlspskidentity %>TLSPSKIdentity=<%= @tlspskidentity %><% end %> +<% if $tlspskidentity { %>TLSPSKIdentity=<%= $tlspskidentity %><% } -%> ### Option: TLSPSKFile # Full pathname of a file containing the pre-shared key. # -<% if @tlspskfile %>TLSPSKFile=<%= @tlspskfile %><% end %> +<% if $tlspskfile { %>TLSPSKFile=<%= $tlspskfile %><% } -%> ####### For advanced users - TLS ciphersuite selection criteria ####### -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: DBTLSConnect # Setting this option enforces to use TLS connection to database. # required - connect using TLS @@ -530,7 +627,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlsconnect %>DBTLSConnect=<%= @database_tlsconnect %><% end %> +<% if $database_tlsconnect { %>DBTLSConnect=<%= $database_tlsconnect %><% } -%> ### Option: DBTLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. @@ -539,7 +636,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -<% if @database_tlscafile %>DBTLSCAFile=<%= @database_tlscafile %><% end %> +<% if $database_tlscafile { %>DBTLSCAFile=<%= $database_tlscafile %><% } -%> ### Option: DBTLSCertFile # Full pathname of file containing Zabbix server certificate for authenticating to database. @@ -547,7 +644,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlscertfile %>DBTLSCertFile=<%= @database_tlscertfile %><% end %> +<% if $database_tlscertfile { %>DBTLSCertFile=<%= $database_tlscertfile %><% } -%> ### Option: DBTLSKeyFile # Full pathname of file containing the private key for authenticating to database. @@ -555,7 +652,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlskeyfile %>DBTLSKeyFile=<%= @database_tlskeyfile %><% end %> +<% if $database_tlskeyfile { %>DBTLSKeyFile=<%= $database_tlskeyfile %><% } -%> ### Option: DBTLSCipher # The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 @@ -563,7 +660,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory no # Default: -<% if @database_tlscipher %>DBTLSCipher=<%= @database_tlscipher %><% end %> +<% if $database_tlscipher { %>DBTLSCipher=<%= $database_tlscipher %><% } -%> ### Option: DBTLSCipher13 # The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol @@ -571,10 +668,10 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory no # Default: -<% if @database_tlscipher13 %>DBTLSCipher13=<%= @database_tlscipher13 %><% end %> -<% end %> +<% if $database_tlscipher13 { %>DBTLSCipher13=<%= $database_tlscipher13 %><% } -%> +<% } -%> -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: TLSCipherCert13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate-based encryption. @@ -582,7 +679,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherCert13= -<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> +<% if $tlsciphercert13 { %>TLSCipherCert13=<%= $tlsciphercert13 %><% } -%> ### Option: TLSCipherCert # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -595,7 +692,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherCert= -<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> +<% if $tlsciphercert { %>TLSCipherCert=<%= $tlsciphercert %><% } -%> ### Option: TLSCipherPSK13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. @@ -606,7 +703,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherPSK13= -<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> +<% if $tlscipherpsk13 { %>TLSCipherPSK13=<%= $tlscipherpsk13 %><% } -%> ### Option: TLSCipherPSK # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -619,7 +716,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherPSK= -<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> +<% if $tlscipherpsk { %>TLSCipherPSK=<%= $tlscipherpsk %><% } -%> ### Option: TLSCipherAll13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. @@ -630,7 +727,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherAll13= -<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> +<% if $tlscipherall13 { %>TLSCipherAll13=<%= $tlscipherall13 %><% } -%> ### Option: TLSCipherAll # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -643,10 +740,10 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherAll13= -<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> -<% end %> +<% if $tlscipherall { %>TLSCipherAll=<%= $tlscipherall %><% } -%> +<% } -%> -<% if @zabbix_version.to_f >= 5.2 %> +<% if versioncmp($zabbix_version,'6.2') >= 0 { -%> ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission # to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath @@ -656,7 +753,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultToken= -<% if @vaulttoken %>VaultToken=<%= @vaulttoken -%><% end %> +<% if $vaulttoken { %>VaultToken=<%= $vaulttoken -%><% } -%> ### Option: VaultURL # Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. @@ -664,7 +761,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultURL=https://127.0.0.1:8200 -<% if @vaulturl %>VaultURL=<%= @vaulturl -%><% end %> +<% if $vaulturl { %>VaultURL=<%= $vaulturl -%><% } -%> ### Option: VaultDBPath # Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. @@ -674,5 +771,5 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultDBPath= -<% if @vaultdbpath %>VaultDBPath=<%= @vaultdbpath -%><% end %> -<% end %> +<% if $vaultdbpath { %>VaultDBPath=<%= $vaultdbpath -%><% } -%> +<% } -%> diff --git a/templates/zabbix_server.conf.erb b/templates/zabbix_server.conf.epp similarity index 57% rename from templates/zabbix_server.conf.erb rename to templates/zabbix_server.conf.epp index 169076f69..ea3edfce2 100644 --- a/templates/zabbix_server.conf.erb +++ b/templates/zabbix_server.conf.epp @@ -1,3 +1,97 @@ +<%- | + String[1] $alertscriptspath, + String[1] $allowroot, + String[1] $cachesize, + String[1] $cacheupdatefrequency, + String[1] $database_host, + String[1] $database_name, + Variant[String[1], Sensitive[String[8]]] $database_password, + Optional[String[1]] $database_port, + Optional[String[1]] $database_schema, + Optional[String[1]] $database_socket, + Optional[Stdlib::Absolutepath] $database_tlscafile, + Optional[Stdlib::Absolutepath] $database_tlscertfile, + Optional[String[1]] $database_tlscipher, + Optional[String[1]] $database_tlscipher13, + Optional[Enum['required', 'verify_ca', 'verify_full']] $database_tlsconnect, + Optional[Stdlib::Absolutepath] $database_tlskeyfile, + String[1] $database_user, + String[1] $debuglevel, + String[1] $externalscripts, + String[1] $fping6location, + String[1] $fpinglocation, + String[1] $historycachesize, + Optional[String[1]] $historyindexcachesize, + String[1] $housekeepingfrequency, + String[1] $include_dir, + Optional[String[1]] $javagateway, + String[1] $javagatewayport, + Optional[Stdlib::IP::Address] $listenip, + String[1] $listenport, + Optional[String[1]] $loadmodule, + String[1] $loadmodulepath, + Optional[Stdlib::Absolutepath] $logfile, + String[1] $logfilesize, + Integer $logslowqueries, + Enum['console', 'file', 'system'] $logtype, + String[1] $maxhousekeeperdelete, + String[1] $pidfile, + String[1] $proxyconfigfrequency, + String[1] $proxydatafrequency, + String[1] $snmptrapperfile, + Optional[Stdlib::Absolutepath] $socketdir, + Optional[Stdlib::IP::Address] $sourceip, + Optional[String[1]] $sshkeylocation, + Optional[Stdlib::Absolutepath] $sslcalocation_dir, + Optional[Stdlib::Absolutepath] $sslcertlocation_dir, + Optional[Stdlib::Absolutepath] $sslkeylocation_dir, + Integer[1,100] $startalerters, + String[1] $startdbsyncers, + String[1] $startdiscoverers, + Integer[1,100] $startescalators, + String[1] $starthttppollers, + String[1] $startipmipollers, + String[1] $startjavapollers, + Integer[1,100] $startlldprocessors, + Integer $startpingers, + Variant[Integer, String[1]] $startpollers, + Variant[Integer, String[1]] $startpollersunreachable, + Integer[1, 1000] $startpreprocessors, + Variant[Integer, String[1]] $startproxypollers, + Optional[String[1]] $startreportwriters, + Variant[Integer, String[1]] $startsnmptrapper, + Variant[Integer, String[1]] $starttimers, + Variant[Integer, String[1]] $starttrappers, + Variant[Integer, String[1]] $startvmwarecollectors, + Variant[Integer, String[1]] $timeout, + Optional[String[1]] $tlscafile, + Optional[String[1]] $tlscertfile, + Optional[String[1]] $tlscipherall, + Optional[String[1]] $tlscipherall13, + Optional[String[1]] $tlsciphercert, + Optional[String[1]] $tlsciphercert13, + Optional[String[1]] $tlscipherpsk, + Optional[String[1]] $tlscipherpsk13, + Optional[String[1]] $tlscrlfile, + Optional[String[1]] $tlskeyfile, + String[1] $tmpdir, + Variant[Integer, String[1]] $trappertimeout, + String[1] $trendcachesize, + String[1] $unavailabledelay, + Optional[String[1]] $unreachabledelay, + String[1] $unreachableperiod, + String[1] $valuecachesize, + Optional[String[1]] $vaultdbpath, + Optional[String[1]] $vaulttoken, + Optional[Stdlib::HTTPSUrl] $vaulturl, + String[1] $vmwarecachesize, + String[1] $vmwarefrequency, + Optional[String[1]] $vmwareperffrequency, + Optional[String[1]] $vmwaretimeout, + Optional[Stdlib::HTTPUrl] $webserviceurl, + String[1] $zabbix_user, + String[1] $zabbix_version, + | -%> # this is a configuration file for zabbix server process # to get more information about zabbix, # visit http://www.zabbix.com @@ -11,7 +105,7 @@ # Range: 1024-32767 # Default: # ListenPort=10051 -ListenPort=<%= @listenport %> +ListenPort=<%= $listenport %> ### Option: SourceIP # Source IP address for outgoing connections. @@ -19,28 +113,28 @@ ListenPort=<%= @listenport %> # Mandatory: no # Default: # SourceIP= -<% if @sourceip %>SourceIP=<%= @sourceip %><% end %> +<% if $sourceip { %>SourceIP=<%= $sourceip %><% } -%> -<% if @logtype %> +<% if $logtype { %> ### Option: LogType # Specifies where log messages are written to: # system - syslog # file - file specified with LogFile parameter # console - standard output # -LogType=<%= @logtype %><% end %> +LogType=<%= $logtype %><% } -%> -<% if @logtype == 'file' -%> +<% if $logtype == 'file' { -%> ### Option: LogFile # Log file name for LogType 'file' parameter. # -LogFile=<%= @logfile %> +LogFile=<%= $logfile %> ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # -LogFileSize=<%= @logfilesize %><% end -%> +LogFileSize=<%= $logfilesize %><% } -%> ### Option: DebugLevel # Specifies debug level: @@ -50,12 +144,12 @@ LogFileSize=<%= @logfilesize %><% end -%> # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) -DebugLevel=<%= @debuglevel %> +DebugLevel=<%= $debuglevel %> ### Option: PidFile # Name of PID file. # -PidFile=<%= @pidfile %> +PidFile=<%= $pidfile %> ### Option: SocketDir # IPC socket directory. @@ -63,58 +157,58 @@ PidFile=<%= @pidfile %> # # Mandatory: no # Default: -<% if @socketdir %>SocketDir=<%= @socketdir %><% end %> +<% if $socketdir { %>SocketDir=<%= $socketdir %><% } -%> ### Option: DBHost # Database host name. # If set to localhost, socket is used for MySQL. # If set to empty string, socket is used for PostgreSQL. # -DBHost=<%= @database_host %> +DBHost=<%= $database_host %> ### Option: DBName # Database name. # For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. # -DBName=<%= @database_name %> +DBName=<%= $database_name %> ### Option: DBSchema # Schema name. Used for IBM DB2 and PostgreSQL. # -<% if @database_schema %>DBSchema=<%= @database_schema %><% end %> +<% if $database_schema { %>DBSchema=<%= $database_schema %><% } -%> ### Option: DBUser # Database user. Ignored for SQLite. # -DBUser=<%= @database_user %> +DBUser=<%= $database_user %> ### Option: DBPassword # Database password. Ignored for SQLite. # Comment this line if no password is used. # -DBPassword=<%= @database_password %> +DBPassword=<%= $database_password %> ### Option: DBSocket # Path to MySQL socket. # -<% if @database_socket %>DBSocket=<%= @database_socket %><% end %> +<% if $database_socket { %>DBSocket=<%= $database_socket %><% } -%> ### Option: DBPort # Database port when not using local socket. Ignored for SQLite. # -<% if @database_port %>DBPort=<%= @database_port %><% end %> +<% if $database_port { %>DBPort=<%= $database_port %><% } -%> ############ ADVANCED PARAMETERS ################ ### Option: StartPollers # Number of pre-forked instances of pollers. # -StartPollers=<%= @startpollers %> +StartPollers=<%= $startpollers %> ### Option: StartIPMIPollers # Number of pre-forked instances of IPMI pollers. # -StartIPMIPollers=<%= @startipmipollers %> +StartIPMIPollers=<%= $startipmipollers %> ### Option: StartPreprocessors # Number of pre-forked instances of preprocessing workers. @@ -124,14 +218,14 @@ StartIPMIPollers=<%= @startipmipollers %> # Range: 1-1000 # Default: # StartPreprocessors=3 -<% if @startpreprocessors %>StartPreprocessors=<%= @startpreprocessors -%><% end %> +<% if $startpreprocessors { %>StartPreprocessors=<%= $startpreprocessors -%><% } -%> ### Option: StartPollersUnreachable # Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). # At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers # are started. # -StartPollersUnreachable=<%= @startpollersunreachable %> +StartPollersUnreachable=<%= $startpollersunreachable %> ### Option: StartTrappers # Number of pre-forked instances of trappers. @@ -139,34 +233,34 @@ StartPollersUnreachable=<%= @startpollersunreachable %> # At least one trapper process must be running to display server availability and view queue # in the frontend. # -StartTrappers=<%= @starttrappers %> +StartTrappers=<%= $starttrappers %> ### Option: StartPingers # Number of pre-forked instances of ICMP pingers. # -StartPingers=<%= @startpingers %> +StartPingers=<%= $startpingers %> ### Option: StartDiscoverers # Number of pre-forked instances of discoverers. # -StartDiscoverers=<%= @startdiscoverers %> +StartDiscoverers=<%= $startdiscoverers %> ### Option: StartHTTPPollers # Number of pre-forked instances of HTTP pollers. # -StartHTTPPollers=<%= @starthttppollers %> +StartHTTPPollers=<%= $starthttppollers %> ### Option: StartTimers # Number of pre-forked instances of timers. # Timers process time-based trigger functions and maintenance periods. # Only the first timer process handles the maintenance periods. # -StartTimers=<%= @starttimers %> +StartTimers=<%= $starttimers %> ### Option: StartEscalators # Number of pre-forked instances of escalators. # -<% if @startescalators %>StartEscalators=<%= @startescalators %><% end %> +<% if $startescalators { %>StartEscalators=<%= $startescalators %><% } -%> ### Option: StartAlerters # Number of pre-forked instances of alerters. @@ -176,69 +270,69 @@ StartTimers=<%= @starttimers %> # Range: 0-100 # Default: # StartAlerters=3 -<% if @startalerters %>StartAlerters=<%= @startalerters %><% end %> +<% if $startalerters { %>StartAlerters=<%= $startalerters %><% } -%> -<% if @javagateway %> +<% if $javagateway { -%> ### Option: JavaGateway # IP address (or hostname) of Zabbix Java gateway. # Only required if Java pollers are started. # -JavaGateway=<%= @javagateway %> +JavaGateway=<%= $javagateway %> ### Option: JavaGatewayPort # Port that Zabbix Java gateway listens on. # -JavaGatewayPort=<%= @javagatewayport %> +JavaGatewayPort=<%= $javagatewayport %> ### Option: StartJavaPollers # Number of pre-forked instances of Java pollers. # -StartJavaPollers=<%= @startjavapollers %> -<% end %> +StartJavaPollers=<%= $startjavapollers %> +<% } -%> ### Option: StartVMwareCollectors # Number of pre-forked vmware collector instances. # -StartVMwareCollectors=<%= @startvmwarecollectors %> +StartVMwareCollectors=<%= $startvmwarecollectors %> ### Option: VMwareFrequency # How often Zabbix will connect to VMware service to obtain a new data. # -VMwareFrequency=<%= @vmwarefrequency %> +VMwareFrequency=<%= $vmwarefrequency %> ### Option: VMwarePerfFrequency # How often Zabbix will connect to VMware service to obtain performance data. # -<% if @vmwareperffrequency %>VMwarePerfFrequency=<%= @vmwareperffrequency %><% end %> +<% if $vmwareperffrequency { %>VMwarePerfFrequency=<%= $vmwareperffrequency %><% } -%> ### Option: VMwareCacheSize # Size of VMware cache, in bytes. # Shared memory size for storing VMware data. # Only used if VMware collectors are started. # -VMwareCacheSize=<%= @vmwarecachesize %> +VMwareCacheSize=<%= $vmwarecachesize %> ### Option: VMwareTimeout # Specifies how many seconds vmware collector waits for response from VMware service. # -<% if @vmwaretimeout %>VMwareTimeout=<%= @vmwaretimeout %><% end %> +<% if $vmwaretimeout { %>VMwareTimeout=<%= $vmwaretimeout %><% } -%> ### Option: SNMPTrapperFile # Temporary file used for passing data from SNMP trap daemon to the server. # Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. # -SNMPTrapperFile=<%= @snmptrapperfile %> +SNMPTrapperFile=<%= $snmptrapperfile %> ### Option: StartSNMPTrapper # If 1, SNMP trapper process is started. # -StartSNMPTrapper=<%= @startsnmptrapper %> +StartSNMPTrapper=<%= $startsnmptrapper %> ### Option: ListenIP # List of comma delimited IP addresses that the trapper should listen on. # Trapper will listen on all network interfaces if this parameter is missing. # -<% if @listenip %>ListenIP=<%= @listenip %><% end %> +<% if $listenip { %>ListenIP=<%= $listenip %><% } -%> ### Option: HousekeepingFrequency # How often Zabbix will perform housekeeping procedure (in hours). @@ -247,7 +341,7 @@ StartSNMPTrapper=<%= @startsnmptrapper %> # hours of outdated information are deleted in one housekeeping cycle, for each item. # To lower load on server startup housekeeping is postponed for 30 minutes after server start. # -HousekeepingFrequency=<%= @housekeepingfrequency %> +HousekeepingFrequency=<%= $housekeepingfrequency %> ### Option: MaxHousekeeperDelete # The table "housekeeper" contains "tasks" for housekeeping procedure in the format: @@ -257,134 +351,134 @@ HousekeepingFrequency=<%= @housekeepingfrequency %> # SQLite3 does not use this parameter, deletes all corresponding rows without a limit. # If set to 0 then no limit is used at all. In this case you must know what you are doing! # -MaxHousekeeperDelete=<%= @maxhousekeeperdelete %> +MaxHousekeeperDelete=<%= $maxhousekeeperdelete %> ### Option: CacheSize # Size of configuration cache, in bytes. # Shared memory size for storing host, item and trigger data. # -CacheSize=<%= @cachesize %> +CacheSize=<%= $cachesize %> ### Option: CacheUpdateFrequency # How often Zabbix will perform update of configuration cache, in seconds. # -CacheUpdateFrequency=<%= @cacheupdatefrequency %> +CacheUpdateFrequency=<%= $cacheupdatefrequency %> ### Option: StartDBSyncers # Number of pre-forked instances of DB Syncers # -StartDBSyncers=<%= @startdbsyncers %> +StartDBSyncers=<%= $startdbsyncers %> ### Option: HistoryCacheSize # Size of history cache, in bytes. # Shared memory size for storing history data. # -HistoryCacheSize=<%= @historycachesize %> +HistoryCacheSize=<%= $historycachesize %> ### Option: HistoryIndexCacheSize # Size of history index cache, in bytes. # Shared memory size for indexing history cache. # -<% if @historyindexcachesize %>HistoryIndexCacheSize=<%= @historyindexcachesize %><% end %> +<% if $historyindexcachesize { %>HistoryIndexCacheSize=<%= $historyindexcachesize %><% } -%> ### Option: TrendCacheSize # Size of trend cache, in bytes. # Shared memory size for storing trends data. # -TrendCacheSize=<%= @trendcachesize %> +TrendCacheSize=<%= $trendcachesize %> ### Option: ValueCacheSize # Size of history value cache, in bytes. # Shared memory size for caching item history data requests. # Setting to 0 disables value cache. # -ValueCacheSize=<%= @valuecachesize %> +ValueCacheSize=<%= $valuecachesize %> ### Option: Timeout # Specifies how long we wait for agent, SNMP device or external check (in seconds). # -Timeout=<%= @timeout %> +Timeout=<%= $timeout %> ### Option: TrapperTimeout # Specifies how many seconds trapper may spend processing new data. # -TrapperTimeout=<%= @trappertimeout %> +TrapperTimeout=<%= $trappertimeout %> ### Option: UnreachablePeriod # After how many seconds of unreachability treat a host as unavailable. # -UnreachablePeriod=<%= @unreachableperiod %> +UnreachablePeriod=<%= $unreachableperiod %> ### Option: UnavailableDelay # How often host is checked for availability during the unavailability period, in seconds. # -UnavailableDelay=<%= @unavailabledelay %> +UnavailableDelay=<%= $unavailabledelay %> ### Option: UnreachableDelay # How often host is checked for availability during the unreachability period, in seconds. # -UnreachableDelay=<%= @unreachabledelay %> +UnreachableDelay=<%= $unreachabledelay %> ### Option: AlertScriptsPath # Full path to location of custom alert scripts. # Default depends on compilation options. # -AlertScriptsPath=<%= @alertscriptspath %> +AlertScriptsPath=<%= $alertscriptspath %> ### Option: ExternalScripts # Full path to location of external scripts. # Default depends on compilation options. # -ExternalScripts=<%= @externalscripts %> +ExternalScripts=<%= $externalscripts %> ### Option: FpingLocation # Location of fping. # Make sure that fping binary has root ownership and SUID flag set. # -FpingLocation=<%= @fpinglocation %> +FpingLocation=<%= $fpinglocation %> ### Option: Fping6Location # Location of fping6. # Make sure that fping6 binary has root ownership and SUID flag set. # Make empty if your fping utility is capable to process IPv6 addresses. # -Fping6Location=<%= @fping6location %> +Fping6Location=<%= $fping6location %> ### Option: SSHKeyLocation # Location of public and private keys for SSH checks and actions. # -<% if @sshkeylocation %>SSHKeyLocation=<%= @sshkeylocation %><% end %> +<% if $sshkeylocation { %>SSHKeyLocation=<%= $sshkeylocation %><% } -%> ### Option: LogSlowQueries # How long a database query may take before being logged (in milliseconds). # Only works if DebugLevel set to 3 or 4 or 5. # 0 - don't log slow queries. # -LogSlowQueries=<%= @logslowqueries %> +LogSlowQueries=<%= $logslowqueries %> ### Option: TmpDir # Temporary directory. # -TmpDir=<%= @tmpdir %> +TmpDir=<%= $tmpdir %> ### Option: StartProxyPollers # Number of pre-forked instances of pollers for passive proxies. # -StartProxyPollers=<%= @startproxypollers %> +StartProxyPollers=<%= $startproxypollers %> ### Option: ProxyConfigFrequency # How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. # This parameter is used only for proxies in the passive mode. # -ProxyConfigFrequency=<%= @proxyconfigfrequency %> +ProxyConfigFrequency=<%= $proxyconfigfrequency %> ### Option: ProxyDataFrequency # How often Zabbix Server requests history data from a Zabbix Proxy in seconds. # This parameter is used only for proxies in the passive mode. # -ProxyDataFrequency=<%= @proxydatafrequency %> +ProxyDataFrequency=<%= $proxydatafrequency %> -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: StartLLDProcessors # Number of pre-forked instances of low level discovery processors. # @@ -392,8 +486,8 @@ ProxyDataFrequency=<%= @proxydatafrequency %> # Range: 1-100 # Default: # StartLLDProcessors=2 -<% if @startlldprocessors %>StartLLDProcessors=<%= @startlldprocessors -%><% end %> -<% end %> +<% if $startlldprocessors { %>StartLLDProcessors=<%= $startlldprocessors -%><% } -%> +<% } -%> ### Option: AllowRoot # Allow the server to run as 'root'. If disabled and the server is started by 'root', the server @@ -402,7 +496,7 @@ ProxyDataFrequency=<%= @proxydatafrequency %> # 0 - do not allow # 1 - allow # -AllowRoot=<%= @allowroot %> +AllowRoot=<%= $allowroot %> ### Option: User # Drop privileges to a specific, existing user on the system. @@ -411,32 +505,32 @@ AllowRoot=<%= @allowroot %> # Mandatory: no # Default: # User=zabbix -<% if @zabbix_user %>User=<%= @zabbix_user %><% end %> +<% if $zabbix_user { %>User=<%= $zabbix_user %><% } -%> ### Option: Include # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # -Include=<%= @include_dir %> +Include=<%= $include_dir %> ### Option: SSLCertLocation # Location of SSL client certificates. # This parameter is used only in web monitoring. # -SSLCertLocation=<%= @sslcertlocation_dir %> +SSLCertLocation=<%= $sslcertlocation_dir %> ### Option: SSLKeyLocation # Location of private keys for SSL client certificates. # This parameter is used only in web monitoring. # -SSLKeyLocation=<%= @sslkeylocation_dir %> +SSLKeyLocation=<%= $sslkeylocation_dir %> ### Option: SSLCALocation # Override the location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. # This parameter is used only in web monitoring. # -<% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %> +<% if $sslcalocation_dir { %>SSLCALocation=<%= $sslcalocation_dir %><% } -%> ####### LOADABLE MODULES ####### @@ -444,7 +538,7 @@ SSLKeyLocation=<%= @sslkeylocation_dir %> # Full path to location of server modules. # Default depends on compilation options. # -LoadModulePath=<%= @loadmodulepath %> +LoadModulePath=<%= $loadmodulepath %> ### Option: LoadModule # Module to load at server startup. Modules are used to extend functionality of the server. @@ -452,7 +546,7 @@ LoadModulePath=<%= @loadmodulepath %> # The modules must be located in directory specified by LoadModulePath. # It is allowed to include multiple LoadModule parameters. # -<% if @loadmodule %>LoadModule = <%= @loadmodule %><% end %> +<% if $loadmodule { %>LoadModule = <%= $loadmodule %><% } -%> ####### TLS-RELATED PARAMETERS ####### @@ -463,7 +557,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCAFile= -<% if @tlscafile %>TLSCAFile=<%= @tlscafile %><% end %> +<% if $tlscafile { %>TLSCAFile=<%= $tlscafile %><% } -%> ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. @@ -471,7 +565,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCRLFile= -<% if @tlscrlfile %>TLSCRLFile=<%= @tlscrlfile %><% end %> +<% if $tlscrlfile { %>TLSCRLFile=<%= $tlscrlfile %><% } -%> ### Option: TLSCertFile # Full pathname of a file containing the server certificate or certificate chain. @@ -479,7 +573,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCertFile= -<% if @tlscertfile %>TLSCertFile=<%= @tlscertfile %><% end %> +<% if $tlscertfile { %>TLSCertFile=<%= $tlscertfile %><% } -%> ### Option: TLSKeyFile # Full pathname of a file containing the server private key. @@ -487,10 +581,10 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSKeyFile= -<% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %> +<% if $tlskeyfile { %>TLSKeyFile=<%= $tlskeyfile %><% } -%> ####### For advanced users - TLS ciphersuite selection criteria ####### -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: DBTLSConnect # Setting this option enforces to use TLS connection to database. # required - connect using TLS @@ -504,7 +598,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlsconnect %>DBTLSConnect=<%= @database_tlsconnect %><% end %> +<% if $database_tlsconnect { %>DBTLSConnect=<%= $database_tlsconnect %><% } -%> ### Option: DBTLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. @@ -513,7 +607,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: -<% if @database_tlscafile %>DBTLSCAFile=<%= @database_tlscafile %><% end %> +<% if $database_tlscafile { %>DBTLSCAFile=<%= $database_tlscafile %><% } -%> ### Option: DBTLSCertFile # Full pathname of file containing Zabbix server certificate for authenticating to database. @@ -521,7 +615,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlscertfile %>DBTLSCertFile=<%= @database_tlscertfile %><% end %> +<% if $database_tlscertfile { %>DBTLSCertFile=<%= $database_tlscertfile %><% } -%> ### Option: DBTLSKeyFile # Full pathname of file containing the private key for authenticating to database. @@ -529,7 +623,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Default: -<% if @database_tlskeyfile %>DBTLSKeyFile=<%= @database_tlskeyfile %><% end %> +<% if $database_tlskeyfile { %>DBTLSKeyFile=<%= $database_tlskeyfile %><% } -%> ### Option: DBTLSCipher # The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 @@ -537,7 +631,7 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory no # Default: -<% if @database_tlscipher %>DBTLSCipher=<%= @database_tlscipher %><% end %> +<% if $database_tlscipher { %>DBTLSCipher=<%= $database_tlscipher %><% } -%> ### Option: DBTLSCipher13 # The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol @@ -545,10 +639,10 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory no # Default: -<% if @database_tlscipher13 %>DBTLSCipher13=<%= @database_tlscipher13 %><% end %> -<% end %> +<% if $database_tlscipher13 { %>DBTLSCipher13=<%= $database_tlscipher13 %><% } -%> +<% } %> -<% if @zabbix_version.to_f >= 5.0 %> +<% if versioncmp($zabbix_version,'5') >= 0 { -%> ### Option: TLSCipherCert13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate-based encryption. @@ -556,7 +650,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherCert13= -<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> +<% if $tlsciphercert13 { %>TLSCipherCert13=<%= $tlsciphercert13 %><% } -%> ### Option: TLSCipherCert # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -569,7 +663,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherCert= -<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> +<% if $tlsciphercert { %>TLSCipherCert=<%= $tlsciphercert %><% } -%> ### Option: TLSCipherPSK13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. @@ -580,7 +674,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherPSK13= -<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> +<% if $tlscipherpsk13 { %>TLSCipherPSK13=<%= $tlscipherpsk13 %><% } -%> ### Option: TLSCipherPSK # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -593,7 +687,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherPSK= -<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> +<% if $tlscipherpsk { %>TLSCipherPSK=<%= $tlscipherpsk %><% } -%> ### Option: TLSCipherAll13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. @@ -604,7 +698,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherAll13= -<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> +<% if $tlscipherall13 { %>TLSCipherAll13=<%= $tlscipherall13 %><% } -%> ### Option: TLSCipherAll # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. @@ -617,10 +711,10 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # TLSCipherAll13= -<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> -<% end %> +<% if $tlscipherall { %>TLSCipherAll=<%= $tlscipherall %><% } -%> +<% } -%> -<% if @zabbix_version.to_f >= 5.2 %> +<% if versioncmp($zabbix_version,'6.2') >= 0 { -%> ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission # to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath @@ -630,7 +724,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultToken= -<% if @vaulttoken %>VaultToken=<%= @vaulttoken -%><% end %> +<% if $vaulttoken { %>VaultToken=<%= $vaulttoken -%><% } -%> ### Option: VaultURL # Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. @@ -638,7 +732,7 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultURL=https://127.0.0.1:8200 -<% if @vaulturl %>VaultURL=<%= @vaulturl -%><% end %> +<% if $vaulturl { %>VaultURL=<%= $vaulturl -%><% } -%> ### Option: VaultDBPath # Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. @@ -648,11 +742,11 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # VaultDBPath= -<% if @vaultdbpath %>VaultDBPath=<%= @vaultdbpath -%><% end %> -<% end %> +<% if $vaultdbpath { %>VaultDBPath=<%= $vaultdbpath -%><% } -%> +<% } -%> -<% if @zabbix_version.to_f >= 5.4 %> +<% if versioncmp($zabbix_version,'5.4') >= 0 { -%> ### Option: StartReportWriters # Number of pre-forked report writer instances. # @@ -660,7 +754,7 @@ LoadModulePath=<%= @loadmodulepath %> # Range: 0-100 # Default: # StartReportWriters=0 -<% if @startreportwriters %>StartReportWriters=<%= @startreportwriters -%><% end %> +<% if $startreportwriters { %>StartReportWriters=<%= $startreportwriters -%><% } -%> ### Option: WebServiceURL # URL to Zabbix web service, used to perform web related tasks. @@ -669,5 +763,5 @@ LoadModulePath=<%= @loadmodulepath %> # Mandatory: no # Default: # WebServiceURL= -<% if @webserviceurl %>WebServiceURL=<%= @webserviceurl -%><% end %> -<% end %> +<% if $webserviceurl { %>WebServiceURL=<%= $webserviceurl -%><% } -%> +<% } -%> From d975ad9097ebd9238c0a8321676f29762e32cf74 Mon Sep 17 00:00:00 2001 From: DEFERME Bert Date: Fri, 5 Aug 2022 17:00:22 +0200 Subject: [PATCH 2/4] Fix exposing password for debug mode --- manifests/database/postgresql.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index cbeed173f..6c1a59e4e 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -69,9 +69,9 @@ } exec { 'update_pgpass': - command => "echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass", + command => Sensitive("echo ${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass"), path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => "grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass", + unless => Sensitive("grep \"${database_host}:${database_port}:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass"), require => File['/root/.pgpass'], } From 31ac5d7967696691bacf6ed9b99a88be52921993 Mon Sep 17 00:00:00 2001 From: DEFERME Bert Date: Wed, 19 Oct 2022 09:25:29 +0200 Subject: [PATCH 3/4] Lint fixes --- manifests/database/mysql.pp | 34 +++---- manifests/proxy.pp | 190 ++++++++++++++++++------------------ manifests/web.pp | 40 ++++---- 3 files changed, 132 insertions(+), 132 deletions(-) diff --git a/manifests/database/mysql.pp b/manifests/database/mysql.pp index 75c6d2412..f0891fa4a 100644 --- a/manifests/database/mysql.pp +++ b/manifests/database/mysql.pp @@ -66,37 +66,37 @@ } # Loading the sql files. - $_mysql_env = [ "database_password=${database_password_unsensitive}" ] + $_mysql_env = ["database_password=${database_password_unsensitive}"] case $zabbix_type { 'proxy' : { exec { 'zabbix_proxy_create.sql': - command => $zabbix_proxy_create_sql, - path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => 'test -f /etc/zabbix/.schema.done', - provider => 'shell', + command => $zabbix_proxy_create_sql, + path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", + unless => 'test -f /etc/zabbix/.schema.done', + provider => 'shell', environment => $_mysql_env, } } 'server' : { exec { 'zabbix_server_create.sql': - command => $zabbix_server_create_sql, - path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => 'test -f /etc/zabbix/.schema.done', - provider => 'shell', + command => $zabbix_server_create_sql, + path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", + unless => 'test -f /etc/zabbix/.schema.done', + provider => 'shell', environment => $_mysql_env, } -> exec { 'zabbix_server_images.sql': - command => $zabbix_server_images_sql, - path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => 'test -f /etc/zabbix/.images.done', - provider => 'shell', + command => $zabbix_server_images_sql, + path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", + unless => 'test -f /etc/zabbix/.images.done', + provider => 'shell', environment => $_mysql_env, } -> exec { 'zabbix_server_data.sql': - command => $zabbix_server_data_sql, - path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", - unless => 'test -f /etc/zabbix/.data.done', - provider => 'shell', + command => $zabbix_server_data_sql, + path => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}", + unless => 'test -f /etc/zabbix/.data.done', + provider => 'shell', environment => $_mysql_env, } } diff --git a/manifests/proxy.pp b/manifests/proxy.pp index 0b8b3ab54..558843cf1 100644 --- a/manifests/proxy.pp +++ b/manifests/proxy.pp @@ -508,101 +508,101 @@ require => Package["zabbix-proxy-${db}"], replace => true, content => Sensitive(epp('zabbix/zabbix_proxy.conf.epp', { - 'allowroot' => $allowroot, - 'cachesize' => $cachesize, - 'configfrequency' => $configfrequency, - 'database_host' => $database_host, - 'database_name' => $database_name, - 'database_password' => $database_password, - 'database_port' => $database_port, - 'database_schema' => $database_schema, - 'database_socket' => $database_socket, - 'database_tlscafile' => $database_tlscafile, - 'database_tlscertfile' => $database_tlscertfile, - 'database_tlscipher' => $database_tlscipher, - 'database_tlscipher13' => $database_tlscipher13, - 'database_tlsconnect' => $database_tlsconnect, - 'database_tlskeyfile' => $database_tlskeyfile, - 'database_user' => $database_user, - 'datasenderfrequency' => $datasenderfrequency, - 'debuglevel' => $debuglevel, - 'enableremotecommands' => $enableremotecommands, - 'externalscripts' => $externalscripts, - 'fping6location' => $fping6location, - 'fpinglocation' => $fpinglocation, - 'heartbeatfrequency' => $heartbeatfrequency, - 'historycachesize' => $historycachesize, - 'historyindexcachesize' => $historyindexcachesize, - 'hostname' => $hostname, - 'housekeepingfrequency' => $housekeepingfrequency, - 'include_dir' => $include_dir, - 'javagateway' => $javagateway, - 'javagatewayport' => $javagatewayport, - 'listenip' => $listenip, - 'listenport' => $listenport, - 'loadmodule' => $loadmodule, - 'loadmodulepath' => $loadmodulepath, - 'localbuffer' => $localbuffer, - 'logfile' => $logfile, - 'logfilesize' => $logfilesize, - 'logremotecommands' => $logremotecommands, - 'logslowqueries' => $logslowqueries, - 'logtype' => $logtype, - 'mode' => $mode, - 'offlinebuffer' => $offlinebuffer, - 'pidfile' => $pidfile, - 'snmptrapper' => $snmptrapper, - 'snmptrapperfile' => $snmptrapperfile, - 'socketdir' => $socketdir, - 'sourceip' => $sourceip, - 'sshkeylocation' => $sshkeylocation, - 'sslcalocation_dir' => $sslcalocation_dir, - 'sslcertlocation_dir' => $sslcertlocation_dir, - 'sslkeylocation_dir' => $sslkeylocation_dir, - 'startdbsyncers' => $startdbsyncers, - 'startdiscoverers' => $startdiscoverers, - 'starthttppollers' => $starthttppollers, - 'startipmipollers' => $startipmipollers, - 'startjavapollers' => $startjavapollers, - 'startpingers' => $startpingers, - 'startpollers' => $startpollers, - 'startpollersunreachable' => $startpollersunreachable, - 'startpreprocessors' => $startpreprocessors, - 'starttrappers' => $starttrappers, - 'startvmwarecollectors' => $startvmwarecollectors, - 'timeout' => $timeout, - 'tlsaccept' => $tlsaccept, - 'tlscafile' => $tlscafile, - 'tlscertfile' => $tlscertfile, - 'tlscipherall' => $tlscipherall, - 'tlscipherall13' => $tlscipherall13, - 'tlsciphercert' => $tlsciphercert, - 'tlsciphercert13' => $tlsciphercert13, - 'tlscipherpsk' => $tlscipherpsk, - 'tlscipherpsk13' => $tlscipherpsk13, - 'tlsconnect' => $tlsconnect, - 'tlscrlfile' => $tlscrlfile, - 'tlskeyfile' => $tlskeyfile, - 'tlspskfile' => $tlspskfile, - 'tlspskidentity' => $tlspskidentity, - 'tlsservercertissuer' => $tlsservercertissuer, - 'tlsservercertsubject' => $tlsservercertsubject, - 'tmpdir' => $tmpdir, - 'trappertimeout' => $trappertimeout, - 'unavaliabledelay' => $unavaliabledelay, - 'unreachabedelay' => $unreachabedelay, - 'unreachableperiod' => $unreachableperiod, - 'vaultdbpath' => $vaultdbpath, - 'vaulttoken' => $vaulttoken, - 'vaulturl' => $vaulturl, - 'vmwarecachesize' => $vmwarecachesize, - 'vmwarefrequency' => $vmwarefrequency, - 'vmwareperffrequency' => $vmwareperffrequency, - 'vmwaretimeout' => $vmwaretimeout, - 'zabbix_server_host' => $zabbix_server_host, - 'zabbix_server_port' => $zabbix_server_port, - 'zabbix_user' => $zabbix::params::server_zabbix_user, - 'zabbix_version' => $zabbix_version, + 'allowroot' => $allowroot, + 'cachesize' => $cachesize, + 'configfrequency' => $configfrequency, + 'database_host' => $database_host, + 'database_name' => $database_name, + 'database_password' => $database_password, + 'database_port' => $database_port, + 'database_schema' => $database_schema, + 'database_socket' => $database_socket, + 'database_tlscafile' => $database_tlscafile, + 'database_tlscertfile' => $database_tlscertfile, + 'database_tlscipher' => $database_tlscipher, + 'database_tlscipher13' => $database_tlscipher13, + 'database_tlsconnect' => $database_tlsconnect, + 'database_tlskeyfile' => $database_tlskeyfile, + 'database_user' => $database_user, + 'datasenderfrequency' => $datasenderfrequency, + 'debuglevel' => $debuglevel, + 'enableremotecommands' => $enableremotecommands, + 'externalscripts' => $externalscripts, + 'fping6location' => $fping6location, + 'fpinglocation' => $fpinglocation, + 'heartbeatfrequency' => $heartbeatfrequency, + 'historycachesize' => $historycachesize, + 'historyindexcachesize' => $historyindexcachesize, + 'hostname' => $hostname, + 'housekeepingfrequency' => $housekeepingfrequency, + 'include_dir' => $include_dir, + 'javagateway' => $javagateway, + 'javagatewayport' => $javagatewayport, + 'listenip' => $listenip, + 'listenport' => $listenport, + 'loadmodule' => $loadmodule, + 'loadmodulepath' => $loadmodulepath, + 'localbuffer' => $localbuffer, + 'logfile' => $logfile, + 'logfilesize' => $logfilesize, + 'logremotecommands' => $logremotecommands, + 'logslowqueries' => $logslowqueries, + 'logtype' => $logtype, + 'mode' => $mode, + 'offlinebuffer' => $offlinebuffer, + 'pidfile' => $pidfile, + 'snmptrapper' => $snmptrapper, + 'snmptrapperfile' => $snmptrapperfile, + 'socketdir' => $socketdir, + 'sourceip' => $sourceip, + 'sshkeylocation' => $sshkeylocation, + 'sslcalocation_dir' => $sslcalocation_dir, + 'sslcertlocation_dir' => $sslcertlocation_dir, + 'sslkeylocation_dir' => $sslkeylocation_dir, + 'startdbsyncers' => $startdbsyncers, + 'startdiscoverers' => $startdiscoverers, + 'starthttppollers' => $starthttppollers, + 'startipmipollers' => $startipmipollers, + 'startjavapollers' => $startjavapollers, + 'startpingers' => $startpingers, + 'startpollers' => $startpollers, + 'startpollersunreachable' => $startpollersunreachable, + 'startpreprocessors' => $startpreprocessors, + 'starttrappers' => $starttrappers, + 'startvmwarecollectors' => $startvmwarecollectors, + 'timeout' => $timeout, + 'tlsaccept' => $tlsaccept, + 'tlscafile' => $tlscafile, + 'tlscertfile' => $tlscertfile, + 'tlscipherall' => $tlscipherall, + 'tlscipherall13' => $tlscipherall13, + 'tlsciphercert' => $tlsciphercert, + 'tlsciphercert13' => $tlsciphercert13, + 'tlscipherpsk' => $tlscipherpsk, + 'tlscipherpsk13' => $tlscipherpsk13, + 'tlsconnect' => $tlsconnect, + 'tlscrlfile' => $tlscrlfile, + 'tlskeyfile' => $tlskeyfile, + 'tlspskfile' => $tlspskfile, + 'tlspskidentity' => $tlspskidentity, + 'tlsservercertissuer' => $tlsservercertissuer, + 'tlsservercertsubject' => $tlsservercertsubject, + 'tmpdir' => $tmpdir, + 'trappertimeout' => $trappertimeout, + 'unavaliabledelay' => $unavaliabledelay, + 'unreachabedelay' => $unreachabedelay, + 'unreachableperiod' => $unreachableperiod, + 'vaultdbpath' => $vaultdbpath, + 'vaulttoken' => $vaulttoken, + 'vaulturl' => $vaulturl, + 'vmwarecachesize' => $vmwarecachesize, + 'vmwarefrequency' => $vmwarefrequency, + 'vmwareperffrequency' => $vmwareperffrequency, + 'vmwaretimeout' => $vmwaretimeout, + 'zabbix_server_host' => $zabbix_server_host, + 'zabbix_server_port' => $zabbix_server_port, + 'zabbix_user' => $zabbix::params::server_zabbix_user, + 'zabbix_version' => $zabbix_version, })), } diff --git a/manifests/web.pp b/manifests/web.pp index fc9a6620d..04d29a7e2 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -290,26 +290,26 @@ mode => '0640', replace => true, content => Sensitive(epp('zabbix/web/zabbix.conf.php.epp', { - 'database_type' => $database_type, - 'database_host' => $database_host, - 'database_port' => $database_port, - 'db_port' => $db_port, - 'database_name' => $database_name, - 'database_user' => $database_user, - 'database_password' => $database_password, - 'database_schema' => $database_schema, - 'database_double_ieee754' => $database_double_ieee754, - 'zabbix_server' => $zabbix_server, - 'zabbix_listenport' => $zabbix_listenport, - 'zabbix_server_name' => $zabbix_server_name, - 'ldap_cacert' => $ldap_cacert, - 'ldap_clientcert' => $ldap_clientcert, - 'ldap_clientkey' => $ldap_clientkey, - 'ldap_reqcert' => $ldap_reqcert, - 'saml_sp_key' => $saml_sp_key, - 'saml_sp_cert' => $saml_sp_cert, - 'saml_idp_cert' => $saml_idp_cert, - 'saml_settings' => $saml_settings, + 'database_type' => $database_type, + 'database_host' => $database_host, + 'database_port' => $database_port, + 'db_port' => $db_port, + 'database_name' => $database_name, + 'database_user' => $database_user, + 'database_password' => $database_password, + 'database_schema' => $database_schema, + 'database_double_ieee754' => $database_double_ieee754, + 'zabbix_server' => $zabbix_server, + 'zabbix_listenport' => $zabbix_listenport, + 'zabbix_server_name' => $zabbix_server_name, + 'ldap_cacert' => $ldap_cacert, + 'ldap_clientcert' => $ldap_clientcert, + 'ldap_clientkey' => $ldap_clientkey, + 'ldap_reqcert' => $ldap_reqcert, + 'saml_sp_key' => $saml_sp_key, + 'saml_sp_cert' => $saml_sp_cert, + 'saml_idp_cert' => $saml_idp_cert, + 'saml_settings' => $saml_settings, })), } From 58ec2af641c02346338a6c62ed2f8dc32c38531d Mon Sep 17 00:00:00 2001 From: DEFERME Bert Date: Mon, 12 Dec 2022 11:43:48 +0100 Subject: [PATCH 4/4] Make mysql db password undef by default --- manifests/database/mysql.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/database/mysql.pp b/manifests/database/mysql.pp index f0891fa4a..704d6c3be 100644 --- a/manifests/database/mysql.pp +++ b/manifests/database/mysql.pp @@ -16,7 +16,7 @@ $database_schema_path = '', $database_name = '', $database_user = '', - Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = '', + Optional[Variant[String[1], Sensitive[String[1]]]] $database_password = undef, $database_host = '', Optional[Stdlib::Port::Unprivileged] $database_port = undef, $database_path = $zabbix::params::database_path,