From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: New addon: zabbix_agentd Date: Wed, 13 Feb 2019 17:19:26 +0000 Message-ID: <26C790AB-A83B-4AF0-AD8A-EBC902CF92B8@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3432191297990985981==" List-Id: --===============3432191297990985981== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, > On 12 Feb 2019, at 22:14, Alexander Koch = wrote: >=20 > Hello Michael, >=20 > thank you for you're comments. I've put some brief comments and a few quest= ions inline. The new patch is nearly read though =E2=80=A6 *your >=20 > Best regards, > Alex >=20 >=20 > -------- Original-Nachricht -------- >=20 > *Von:* michael.tremer(a)ipfire.org > *Gesendet:* Fri, 8 Feb 2019 12:49:26 +0000 > *An:* ipfire(a)starkstromkonsument.de > *CC:* development(a)lists.ipfire.org > *Betreff:* Re: New addon: zabbix_agentd >=20 >=20 >> Hi, >>=20 >>> On 7 Feb 2019, at 22:21, Alexander Koch = wrote: >>>=20 >>> Hello Michael, >>>=20 >>> thank you for you're detailed review. I apologize for the line wrap issue= ... I will answer you're >>> questions inline below. >>=20 >> I strongly recommend using git send-email >>=20 >> https://wiki.ipfire.org/devel/git/setup >>=20 >>> -------- Original-Nachricht -------- >>>=20 >>> *Von:* michael.tremer(a)ipfire.org >>> *Gesendet:* Tue, 5 Feb 2019 12:44:54 +0000 >>> *An:* ipfire(a)starkstromkonsument.de >>> *CC:* development(a)lists.ipfire.org >>>=20 >>> *Betreff:* Re: New addon: zabbix_agentd >>>=20 >>>=20 >>>> Hello Alexander, >>>>=20 >>>> Thank you very much for submitting this patch. >>>>=20 >>>> I guess that you have been involved in the forum thread about getting th= is thing into IPFire. Happy to see that that is now making its way to the lis= t. >>>>=20 >>>> However, there are some issues with the patch: >>>>=20 >>>> First of all, some lines are wrapped (presumably by your email program).= You can see this at the end of the patch where the #s are not in the same li= ne any more. >>>>=20 >>>> Therefore it won=E2=80=99t merge. >>>>=20 >>>> Also it is quite a large patch and could have been broken down into smal= ler parts to make it easier to review it. >>>>=20 >>>> I will go through the rest inline... >>>>=20 >>>>> On 3 Feb 2019, at 19:37, Alexander Koch wrote: >>>>>=20 >>>>> Hello, >>>>>=20 >>>>> I would like to contribute a new addon for monitoring hosts running >>>>> IPFire by Zabbix Monitoring (https://www.zabbix.com/features) to >>>>> IPFire. Topic in the forum: >>>>> https://forum.ipfire.org/viewtopic.php?f=3D52&t=3D22039 >>>>>=20 >>>>> I'm not a professional software developer and this is going to be my >>>>> first patch for IPFire. I hope I did not make any stupid mistakes and >>>>> I'm not wasting you're time. I've built and tested (only for/on x86_64) >>>>> this package for/with core126, core127 (testing) and core128 >>>>> (Development Build: zabbix_agentd/b72540bc) so far. >>>>>=20 >>>>> Before I finally submit this as a Patch, I've got two questions I could >>>>> not figure out reading the wiki/forum: >>>>>=20 >>>>> 1: How are logfiles (/var/log/zabbix) supposed to be treated by the >>>>> backup- and uninstall-scripts of an addon? Are logs supposed to be >>>>> included in the addon-backup? Is the log-directory supposed to be >>>>> deleted by the uninstall.sh of the addon? If I do not include them in >>>>> the backup, but delete the log-directory in uninstall.sh, the logs will >>>>> be flushed on every update of the addon. This is probably not what the >>>>> users expects to happen. >>>>>=20 >>>>> 2: How is the original source-code of zabbix >>>>> (https://www.zabbix.com/download_sources) supposed to be shipped with >>>>> the patch? A patch only includes the lfs, config etc. and I did not find >>>>> a place to provide a download URL for it. Did I miss something? >>>>>=20 >>>>> Best, >>>>> Alex >>>>>=20 >>>>> P.S. Just in case you want to check what I achieved so far, I attached >>>>> my current patchfile below: >>>>>=20 >>>>> Subject: [PATCH] zabbix_agentd: New addon for monitoring IPFire Hosts by >>>>> Zabbix Monitoring (https://www.zabbix.com/features). See >>>>> https://forum.ipfire.org/viewtopic.php?f=3D52&t=3D22039 for further det= ails. >>>>>=20 >>>>> Signed-off-by: Alexander Koch >>>>> --- >>>>> config/backup/includes/zabbix_agentd | 3 + >>>>> config/rootfiles/packages/zabbix_agentd | 21 ++ >>>>> config/zabbix_agentd/logrotate | 9 + >>>>> config/zabbix_agentd/pakfire_updates.pl | 100 ++++++ >>>>> config/zabbix_agentd/sudoers | 17 + >>>>> config/zabbix_agentd/userparameter_pakfire.conf | 4 + >>>>> config/zabbix_agentd/zabbix_agentd.conf | 394 >>>>> ++++++++++++++++++++++++ >>>>> lfs/zabbix_agentd | 128 ++++++++ >>>>> make.sh | 1 + >>>>> src/initscripts/packages/zabbix_agentd | 61 ++++ >>>>> src/paks/zabbix_agentd/install.sh | 45 +++ >>>>> src/paks/zabbix_agentd/uninstall.sh | 38 +++ >>>>> src/paks/zabbix_agentd/update.sh | 26 ++ >>>>> 13 files changed, 847 insertions(+) >>>>> create mode 100644 config/backup/includes/zabbix_agentd >>>>> create mode 100644 config/rootfiles/packages/zabbix_agentd >>>>> create mode 100644 config/zabbix_agentd/logrotate >>>>> create mode 100644 config/zabbix_agentd/pakfire_updates.pl >>>>> create mode 100644 config/zabbix_agentd/sudoers >>>>> create mode 100644 config/zabbix_agentd/userparameter_pakfire.conf >>>>> create mode 100644 config/zabbix_agentd/zabbix_agentd.conf >>>>> create mode 100755 lfs/zabbix_agentd >>>>> create mode 100755 src/initscripts/packages/zabbix_agentd >>>>> create mode 100644 src/paks/zabbix_agentd/install.sh >>>>> create mode 100644 src/paks/zabbix_agentd/uninstall.sh >>>>> create mode 100644 src/paks/zabbix_agentd/update.sh >>>>>=20 >>>>> diff --git a/config/backup/includes/zabbix_agentd >>>>> b/config/backup/includes/zabbix_agentd >>>>> new file mode 100644 >>>>> index 0000000..d6a2b49 >>>>> --- /dev/null >>>>> +++ b/config/backup/includes/zabbix_agentd >>>>> @@ -0,0 +1,3 @@ >>>>> +/etc/sudoers.d/zabbix >>>>> +/etc/zabbix/zabbix_agentd.* >>>>> +/etc/zabbix/scripts >>>>=20 >>>> I would say that /etc/sudoers.d/zabbix is not a configuration file for t= he user here and therefore should not be in the backup. It is a system config= uration file that comes with the package. >>>=20 >>> The zabbix_agentd provides "items" for gathering data for monitoring by t= he zabbix_server. These out-of-the-box-items can be extended by >>> UserParameter's consisting of one-liner's or entire scripts (e.g. the pak= fire_updates.pl). These extensions of the agent have to be >>> maintained by the user himself (and are typically shipped with zabbix tem= plates). Some of the commands run by these extensions may require >>> to be run as root. The sudoers-includefile has to be modified by the user= in order to fit the needs of his UserParameters. This is why I >>> consider this a config file that should be included in the backup. Otherw= ise the changes of the user will be overwritten on updates and lost >>> when a system crashes. Do you agree? >>=20 >> Hmm, I am not really sure what to think about it. >>=20 >> Maybe we can rename the file to /etc/sudoers.d/zabbix.user or .local like = we usually do it with files that are supposed to be changed by the users. >=20 > I will name it zabbix.user >=20 >>=20 >>>=20 >>>>=20 >>>> Shouldn=E2=80=99t the whole /etc/zabbix directory be in the backup? >>> The Zabbix-Ecosystem consist of several daemons: zabbix_server, zabbix_pr= oxy, zabbix_agentd and additionally it's php-frontend. By default >>> they all share this config-directory. I'm planing to build another addon = for the zabbix_proxy and wanted to separate the backups. Thinking >>> about it again, it would be better to use separate directories like /etc/= zabbix_agentd and /etc/zabbix_proxy in the case of IPFire, although >>> other distributions like e.g. debian don't change this ... what do you th= ink? >>=20 >> Yes, it would be a good idea to have different backups if there were diffe= rent packages. >>=20 >> Is there any point in packaging the proxy and server for IPFire though? Ne= ver worked with Zabbix, so please don=E2=80=99t mind the beginner=E2=80=99s q= uestion here. >=20 > I don't think it's a good idea to run a monitoring server on a router/firew= all and I'm not planning to build it. The proxy on the other side is a very v= aluable extension for monitoring remote sites (connected via N2N-VPN). It can= perform checks and collect data on behalf of the server. When configuring a = host on the server, you can choose whether it should be monitored by the serv= er itself or one of its proxies. I'm planning to build it with sqlite3 as DB.= It will need libssh2 and libopenipmi too to be fully featured and has to be = shipped with the abbillity to collect data via snmp and recieve snmp-traps. I= dont now whether any of the requiremets will cause major headaches yet. I'll= give it a try, when the agent is finished. I already ran into the problem th= at these two packages will share the same source-tarball. The lfs just builds= the first one of them, because the source-tarball is not "touched" again aft= er the first lfs has ben executed. Is there a workaround for this? No workaround needed. You can just have two lfs/zabbix-* files that use the s= ame tarball. They could even in theory be a different version and there won= =E2=80=99t be any problems. The first build will run and clean up after itsel= f and the second one starts with an empty build environment. You might just have some issues with the configuration directories in the roo= tfiles. Regarding the dependencies: I have no problem with those. Just make sure to h= ave them packaged first and sending them in as individual patches. Libssh2 sh= ould be easy and become part of the core distribution. Curl and so on will pr= obably link against it when it finds it, so make sure to move it to a good pl= ace in the build process that other packages can take advantage of it. Same g= oes for libopenipmi. This should also be part of the core distribution I thin= k. Please make sure to send in updated for those packages on a regular basis. Li= bssh2 is security-sensitive. >=20 >>=20 >>>=20 >>>>=20 >>>>> diff --git a/config/rootfiles/packages/zabbix_agentd >>>>> b/config/rootfiles/packages/zabbix_agentd >>>>> new file mode 100644 >>>>> index 0000000..f12c46d >>>>> --- /dev/null >>>>> +++ b/config/rootfiles/packages/zabbix_agentd >>>>> @@ -0,0 +1,21 @@ >>>>> +#etc/group- >>>>=20 >>>> This file should not be in here and probably this is a mistake. >>>=20 >>> It appeared in the log and I don't know why. I will remove the line. >>=20 >> It is probably created by useradd. >>=20 >>>=20 >>>>=20 >>>>> +etc/logrotate.d/zabbix_agentd >>>>> +etc/rc.d/init.d/zabbix_agentd >>>>> +etc/sudoers.d/zabbix >>>>> +#etc/zabbix >>>>> +#etc/zabbix/scripts >>>>> +etc/zabbix/scripts/pakfire_updates.pl >>>>> +etc/zabbix/zabbix_agentd.conf >>>>> +#etc/zabbix/zabbix_agentd.conf.d >>>>> +#etc/zabbix/zabbix_agentd.d >>>>> +etc/zabbix/zabbix_agentd.d/userparameter_pakfire.conf >>>>> +etc/zabbix/zabbix_agentd.psk >>>>> +usr/bin/zabbix_get >>>>> +usr/bin/zabbix_sender >>>>> +#usr/lib/modules >>>>=20 >>>> This also does not seem to be a very well named directory. >>>=20 >>> I will set it to 'usr/lib/zabbix'. >>>=20 >>>>=20 >>>>> +usr/sbin/zabbix_agentd >>>>> +#usr/share/man/man1/zabbix_get.1 >>>>> +#usr/share/man/man1/zabbix_sender.1 >>>>> +#usr/share/man/man8/zabbix_agentd.8 >>>>> +var/ipfire/backup/addons/includes/zabbix_agentd >>>>> +#var/log/zabbix >>>>=20 >>>> The log directory should probably be shipped in this package. >>>=20 >>> yep. >=20 > I found another issue while testing: when i include /var/log/zabbix in the = rootfile, the directory is removed on uninstall/update. My current rootfile: >=20 > etc/logrotate.d/zabbix_agentd > etc/rc.d/init.d/zabbix_agentd > etc/sudoers.d/zabbix.user > #etc/zabbix_agentd > etc/zabbix_agentd/scripts > etc/zabbix_agentd/zabbix_agentd.conf > etc/zabbix_agentd/zabbix_agentd.d > usr/bin/zabbix_get > usr/bin/zabbix_sender > usr/lib/zabbix > usr/sbin/zabbix_agentd > #usr/share/man/man1/zabbix_get.1 > #usr/share/man/man1/zabbix_sender.1 > #usr/share/man/man8/zabbix_agentd.8 > var/ipfire/backup/addons/includes/zabbix_agentd > var/log/zabbix >=20 > Is there something wrong with this? Should I remove it from the rootfile ag= ain and create it in the install.sh or src/initscripts/sysconfig/createfiles? No, createfiles should only create things in /var/run. The log directory does= not need to be (re-)created at boot time. I think it is best to create it in install.sh then. Not pretty, but it will w= ork.=20 >=20 >>>=20 >>>>=20 >>>>> diff --git a/config/zabbix_agentd/logrotate b/config/zabbix_agentd/logr= otate >>>>> new file mode 100644 >>>>> index 0000000..83bbca9 >>>>> --- /dev/null >>>>> +++ b/config/zabbix_agentd/logrotate >>>>> @@ -0,0 +1,9 @@ >>>>> +/var/log/zabbix/zabbix_agentd.log { >>>>> + monthly >>>>> + rotate 12 >>>>> + compress >>>>> + delaycompress >>>>> + missingok >>>>> + notifempty >>>>> + create 0640 zabbix zabbix >>>>> +} >>>>=20 >>>> Does the daemon not need to be notified when the log file is being rotat= ed? >>>=20 >>> It doe not, because the daemon performs a open/write/close-operation when= writing to the logfile. >>>=20 >>>>=20 >>>>> diff --git a/config/zabbix_agentd/pakfire_updates.pl >>>>> b/config/zabbix_agentd/pakfire_updates.pl >>>>> new file mode 100644 >>>>> index 0000000..875df40 >>>>> --- /dev/null >>>>> +++ b/config/zabbix_agentd/pakfire_updates.pl >>>>> @@ -0,0 +1,100 @@ >>>>> +#!/usr/bin/perl >>>>> +# >>>>> +# Script for fetching available updates and "need reboot"-status for >>>>> userparameter of zabbix_agentd >>>>> +# >>>>> +# This script is based on /opt/pakfire/lib/functions.pl >>>>> +# >>>>> +# Created on 09.07.2017 by Alexander Koch (ipfire(a)starkstromkonsumen= t.de) >>>>> +# Last modified on 24.01.19 by Alexander Koch >>>>> (ipfire(a)starkstromkonsument.de) >>>>> +# >>>>=20 >>>> This script is missing a license header. Presumably you want a GPLv3 or = some similar header here. Please check the appropriate license that you would= like to use. >>>=20 >>> Ok, this will be fixed. >>>=20 >>>>=20 >>>>> + >>>>> +# Inculde Pakfire-Functions >>>>> +require "/opt/pakfire/lib/functions.pl"; >>>>> + >>>>> +# Check for passed options >>>>> +unless (@ARGV) { >>>>> + print "No options given!\n"; >>>>> + print "Possible options: updatescount, coreupdate_avail, need_reboot= \n"; >>>>> + exit 2; >>>>> +} >>>>> + >>>>> +# Count packets >>>>> +if ("$ARGV[0]" eq "updatescount") { >>>>> + >>>>> + # The following lines have been copied from >>>>> /opt/pakfire/lib/functions.pl with minor modifications. >>>>> + my @meta; >>>>> + my $file; >>>>> + my $line; >>>>> + my $prog; >>>>> + my ($name, $version, $release); >>>>> + my @templine; >>>>> + my $updatecount =3D 0; >>>>> + >>>>> + # Get list of packets >>>>> + open(FILE, "<$Conf::dbdir/lists/packages_list.db"); >>>>> + my @db =3D ; >>>>> + close(FILE); >>>>> + >>>>> + # Get installed addons >>>>> + opendir(DIR,"$Conf::dbdir/installed"); >>>>> + my @files =3D readdir(DIR); >>>>> + closedir(DIR); >>>>> + foreach $file (@files) { >>>>> + next if ( $file eq "." ); >>>>> + next if ( $file eq ".." ); >>>>> + next if ( $file =3D~ /^old/ ); >>>>> + open(FILE, "<$Conf::dbdir/installed/$file"); >>>>> + @meta =3D ; >>>>> + close(FILE); >>>>> + foreach $line (@meta) { >>>>> + @templine =3D split(/\: /,$line); >>>>> + if ("$templine[0]" eq "Name") { >>>>> + $name =3D $templine[1]; >>>>> + chomp($name); >>>>> + } elsif ("$templine[0]" eq "ProgVersion") { >>>>> + $version =3D $templine[1]; >>>>> + chomp($version); >>>>> + } elsif ("$templine[0]" eq "Release") { >>>>> + $release =3D $templine[1]; >>>>> + chomp($release); >>>>> + } >>>>> + } >>>>> + foreach $prog (@db) { >>>>> + @templine =3D split(/\;/,$prog); >>>>> + if (("$name" eq "$templine[0]") && ("$release" < "$templine[2]")) { >>>>> + $updatecount++; >>>>> + } >>>>> + } >>>>> + } >>>>> + print $updatecount; >>>>> + exit 0; >>>>> +} >>>>> + >>>>> +elsif ("$ARGV[0]" eq "coreupdate_avail") { >>>>> + eval(`grep "core_" $Conf::dbdir/lists/core-list.db`); >>>>> + if ("$core_release" > "$Conf::core_mine") { >>>>> + print 1; >>>>> + exit 0; >>>>> + } >>>>> + else { >>>>> + print 0; >>>>> + exit 0; >>>>> + } >>>>> +} >>>>> + >>>>> +elsif ("$ARGV[0]" eq "need_reboot") { >>>>> + if ( -e "/var/run/need_reboot" ) { >>>>> + print 1; >>>>> + exit 0; >>>>> + } >>>>> + else { >>>>> + print 0; >>>>> + exit 0; >>>>> + } >>>>> +} >>>>> + >>>>> +else { >>>>> + print "Wrong options!\n"; >>>>> + print "Possible options: updatescount, coreupdate_avail, need_reboot\= n"; >>>>> + exit 2; >>>>> +} >>>>=20 >>>> Would it not have been a good idea to have the functions live in the pak= fire code and just have a convenient script to call them? Or even extend the = pakfire command to return whether there are updates or not? >>>=20 >>> You are right. I didn't want to mess around with a corefile for the begin= ning. As this is a UserParameter-Extension for the agent and >>> therefore not essentially nescesarry for the addon in the first place, I = will remove this file and >>> config/zabbix_agentd/userparameter_pakfire.conf from the patch and provid= e it separately as an update for the addon or only togehter with >>> the apropriate Zabbix-Tamplate later on. >>>=20 >>>>=20 >>>>> diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers >>>>> new file mode 100644 >>>>> index 0000000..d6049f3 >>>>> --- /dev/null >>>>> +++ b/config/zabbix_agentd/sudoers >>>>> @@ -0,0 +1,17 @@ >>>>> +# Include file for sudoers file >>>>> +# >>>>> +# This is needed for some userparameters to be able to execute commands >>>>> that only run as root (using sudo) >>>>> +# e.g. /usr/bin/openssl or /usr/sbin/smartctl >>>>> +# >>>>> +# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BR= EACH! >>>>> +# >>>>> +# Some hints: >>>>> +# - It is strongly recommended to edit this file only using the visudo >>>>> -f command. If you mess up this file, >>>>> +# you might end up locking yourself out of your system! >>>>> +# - Append the full path to each command, using "," as separator. >>>>> +# - Only add commands you really need. Zabbix should not have more >>>>> rights than it has to. >>>>> +# >>>>> +# Uncomment the following two lines and edit the example of commands to >>>>> fit your needs: >>>>> +# >>>>> +#Defaults:zabbix !requiretty >>>>> +#zabbix ALL=3D(ALL) NOPASSWD: /usr/bin/openssl, /usr/sbin/smartctl >>>>=20 >>>> You might want to limit the options to be given to smartctl. Potentially= you can send commands to the hard drives but I assume that you only want to = read information. >>>=20 >>> You are right. But these are just examples. I will remove these. The user= has to take care of this file anyway, as explained above. The >>> reason for shipping this file is to have it there and in the backup with = this filename. If I don't provide this placeholder, I'm afraid of >>> the users choosing different filenames and ending up not having it in the= backup of the addon. Is there a more elegant way to dispel this doubt? >>>=20 >>>>=20 >>>>> diff --git a/config/zabbix_agentd/userparameter_pakfire.conf >>>>> b/config/zabbix_agentd/userparameter_pakfire.conf >>>>> new file mode 100644 >>>>> index 0000000..4fc4265 >>>>> --- /dev/null >>>>> +++ b/config/zabbix_agentd/userparameter_pakfire.conf >>>>> @@ -0,0 +1,4 @@ >>>>> +# Provide additional items for Pakfire-Updates >>>>> +UserParameter=3Dpakfire.updatescount,/etc/zabbix/scripts/pakfire_updat= es.pl >>>>> updatescount >>>>> +UserParameter=3Dpakfire.coreupdate_avail,/etc/zabbix/scripts/pakfire_u= pdates.pl >>>>> coreupdate_avail >>>>> +UserParameter=3Dpakfire.need_reboot,/etc/zabbix/scripts/pakfire_update= s.pl need_reboot >>>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf >>>>> b/config/zabbix_agentd/zabbix_agentd.conf >>>>> new file mode 100644 >>>>> index 0000000..e60af19 >>>>> --- /dev/null >>>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf >>>>> @@ -0,0 +1,394 @@ >>>>> +# This is a configuration file for Zabbix agent daemon (Unix) >>>>> +# To get more information about Zabbix, visit http://www.zabbix.com >>>>> + >>>>> +############ GENERAL PARAMETERS ################# >>>>> + >>>>> +### Option: PidFile >>>>> +# Name of PID file. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# PidFile=3D/tmp/zabbix_agentd.pid >>>>> + >>>>> +PidFile=3D/var/run/zabbix/zabbix_agentd.pid >>>>> + >>>>> +### Option: LogType >>>>> +# Specifies where log messages are written to: >>>>> +# system - syslog >>>>> +# file - file specified with LogFile parameter >>>>> +# console - standard output >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# LogType=3Dfile >>>>> + >>>>> +### Option: LogFile >>>>> +# Log file name for LogType 'file' parameter. >>>>> +# >>>>> +# Mandatory: yes, if LogType is set to file, otherwise no >>>>> +# Default: >>>>> +# LogFile=3D >>>>> + >>>>> +LogFile=3D/var/log/zabbix/zabbix_agentd.log >>>>> + >>>>> +### Option: LogFileSize >>>>> +# Maximum size of log file in MB. >>>>> +# 0 - disable automatic log rotation. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 0-1024 >>>>> +# Default: >>>>> +# LogFileSize=3D1 >>>>=20 >>>> Default seems to be enabled. Doesn=E2=80=99t this collide with logrotate? >>>=20 >>> Yes it does, sorry I missed this. I will change it to 0. >>>=20 >>>>=20 >>>>> +### Option: DebugLevel >>>>> +# Specifies debug level: >>>>> +# 0 - basic information about starting and stopping of Zabbix processes >>>>> +# 1 - critical information >>>>> +# 2 - error information >>>>> +# 3 - warnings >>>>> +# 4 - for debugging (produces lots of information) >>>>> +# 5 - extended debugging (produces even more information) >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 0-5 >>>>> +# Default: >>>>> +# DebugLevel=3D3 >>>>> + >>>>> +### Option: SourceIP >>>>> +# Source IP address for outgoing connections. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# SourceIP=3D >>>>> + >>>>> +### Option: EnableRemoteCommands >>>>> +# Whether remote commands from Zabbix server are allowed. >>>>> +# 0 - not allowed >>>>> +# 1 - allowed >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# EnableRemoteCommands=3D0 >>>>> + >>>>> +### Option: LogRemoteCommands >>>>> +# Enable logging of executed shell commands as warnings. >>>>> +# 0 - disabled >>>>> +# 1 - enabled >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# LogRemoteCommands=3D0 >>>>> + >>>>> +##### Passive checks related >>>>> + >>>>> +### Option: Server >>>>> +# List of comma delimited IP addresses, optionally in CIDR notation, or >>>>> DNS names of Zabbix servers and Zabbix proxies. >>>>> +# Incoming connections will be accepted only from the hosts listed her= e. >>>>> +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', >>>>> '::ffff:127.0.0.1' are treated equally >>>>> +# and '::/0' will allow any IPv4 or IPv6 address. >>>>> +# '0.0.0.0/0' can be used to allow any IPv4 address. >>>>> +# Example: >>>>> Server=3D127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com >>>>> +# >>>>> +# Mandatory: yes, if StartAgents is not explicitly set to 0 >>>>> +# Default: >>>>> +# Server=3D >>>>> + >>>>> +Server=3D127.0.0.1 >>>>=20 >>>> What is the rationale behind this default? >>>=20 >>> There is no rational default for this, because the IP/DNS-Name of the zab= bix_server (or proxy) will be different in every environment. >>> Exception: the agent on the host of the server itsself. This is the defau= lt chosen in the sources and by the maintainers of other >>> distributions. The agent does not start without this parameter beeing set= though. Setting this as a default prevents the agent from beeing >>> accessible by unauthorized zabbix servers or proxys and assures the damen= on starting without errors anyways. Users of zabbix should be aware >>> of his though. >>=20 >> Hmm, in case it needs to be set anyways, I would not set it to localhost t= hen. But whatever you do here it is not an optimal solution. >=20 > I will leave it as it is. >=20 >>=20 >>>=20 >>>>=20 >>>>> + >>>>> +### Option: ListenPort >>>>> +# Agent will listen on this port for connections from the server. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 1024-32767 >>>>> +# Default: >>>>> +# ListenPort=3D10050 >>>>> + >>>>> +### Option: ListenIP >>>>> +# List of comma delimited IP addresses that the agent should listen on. >>>>> +# First IP address is sent to Zabbix server if connecting to it to >>>>> retrieve list of active checks. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# ListenIP=3D0.0.0.0 >>>>> + >>>>> +### Option: StartAgents >>>>> +# Number of pre-forked instances of zabbix_agentd that process passive >>>>> checks. >>>>> +# If set to 0, disables passive checks and the agent will not listen on >>>>> any TCP port. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 0-100 >>>>> +# Default: >>>>> +# StartAgents=3D3 >>>>> + >>>>> +##### Active checks related >>>>> + >>>>> +### Option: ServerActive >>>>> +# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix >>>>> servers and Zabbix proxies for active checks. >>>>> +# If port is not specified, default port is used. >>>>> +# IPv6 addresses must be enclosed in square brackets if port for that >>>>> host is specified. >>>>> +# If port is not specified, square brackets for IPv6 addresses are >>>>> optional. >>>>> +# If this parameter is not specified, active checks are disabled. >>>>> +# Example: >>>>> ServerActive=3D127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# ServerActive=3D >>>>> + >>>>> +ServerActive=3D127.0.0.1 >>>>=20 >>>> See above.> >>>>> +### Option: Hostname >>>>> +# Unique, case sensitive hostname. >>>>> +# Required for active checks and must match hostname as configured on >>>>> the server. >>>>> +# Value is acquired from HostnameItem if undefined. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# Hostname=3D >>>>> + >>>>> +### Option: HostnameItem >>>>> +# Item used for generating Hostname if it is undefined. Ignored if >>>>> Hostname is defined. >>>>> +# Does not support UserParameters or aliases. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# HostnameItem=3Dsystem.hostname >>>>> + >>>>> +### Option: HostMetadata >>>>> +# Optional parameter that defines host metadata. >>>>> +# Host metadata is used at host auto-registration process. >>>>> +# An agent will issue an error and not start if the value is over limit >>>>> of 255 characters. >>>>> +# If not defined, value will be acquired from HostMetadataItem. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 0-255 characters >>>>> +# Default: >>>>> +# HostMetadata=3D >>>>> + >>>>> +### Option: HostMetadataItem >>>>> +# Optional parameter that defines an item used for getting host metada= ta. >>>>> +# Host metadata is used at host auto-registration process. >>>>> +# During an auto-registration request an agent will log a warning >>>>> message if >>>>> +# the value returned by specified item is over limit of 255 characters. >>>>> +# This option is only used when HostMetadata is not defined. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# HostMetadataItem=3D >>>>> + >>>>> +### Option: RefreshActiveChecks >>>>> +# How often list of active checks is refreshed, in seconds. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 60-3600 >>>>> +# Default: >>>>> +# RefreshActiveChecks=3D120 >>>>> + >>>>> +### Option: BufferSend >>>>> +# Do not keep data longer than N seconds in buffer. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 1-3600 >>>>> +# Default: >>>>> +# BufferSend=3D5 >>>>> + >>>>> +### Option: BufferSize >>>>> +# Maximum number of values in a memory buffer. The agent will send >>>>> +# all collected data to Zabbix Server or Proxy if the buffer is full. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 2-65535 >>>>> +# Default: >>>>> +# BufferSize=3D100 >>>>> + >>>>> +### Option: MaxLinesPerSecond >>>>> +# Maximum number of new lines the agent will send per second to Zabbix >>>>> Server >>>>> +# or Proxy processing 'log' and 'logrt' active checks. >>>>> +# The provided value will be overridden by the parameter 'maxlines', >>>>> +# provided in 'log' or 'logrt' item keys. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 1-1000 >>>>> +# Default: >>>>> +# MaxLinesPerSecond=3D20 >>>>> + >>>>> +############ ADVANCED PARAMETERS ################# >>>>> + >>>>> +### Option: Alias >>>>> +# Sets an alias for an item key. It can be used to substitute long and >>>>> complex item key with a smaller and simpler one. >>>>> +# Multiple Alias parameters may be present. Multiple parameters with >>>>> the same Alias key are not allowed. >>>>> +# Different Alias keys may reference the same item key. >>>>> +# For example, to retrieve the ID of user 'zabbix': >>>>> +# Alias=3Dzabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+)= ,,,,\1] >>>>> +# Now shorthand key zabbix.userid may be used to retrieve data. >>>>> +# Aliases can be used in HostMetadataItem but not in HostnameItem >>>>> parameters. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: >>>>> +# Default: >>>>> + >>>>> +### Option: Timeout >>>>> +# Spend no more than Timeout seconds on processing >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 1-30 >>>>> +# Default: >>>>> +# Timeout=3D3 >>>>> + >>>>> +### Option: AllowRoot >>>>> +# Allow the agent to run as 'root'. If disabled and the agent is >>>>> started by 'root', the agent >>>>> +# will try to switch to the user specified by the User configuration >>>>> option instead. >>>>> +# Has no effect if started under a regular user. >>>>> +# 0 - do not allow >>>>> +# 1 - allow >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# AllowRoot=3D0 >>>>> + >>>>> +### Option: User >>>>> +# Drop privileges to a specific, existing user on the system. >>>>> +# Only has effect if run as 'root' and AllowRoot is disabled. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# User=3Dzabbix >>>>> + >>>>> +### Option: Include >>>>> +# You may include individual files or all files in a directory in the >>>>> configuration file. >>>>> +# Installing Zabbix will create include directory in /usr/local/etc, >>>>> unless modified during the compile time. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# Include=3D >>>>> + >>>>> +Include=3D/etc/zabbix/zabbix_agentd.d/*.conf >>>>> + >>>>> + >>>>> +####### USER-DEFINED MONITORED PARAMETERS ####### >>>>> + >>>>> +### Option: UnsafeUserParameters >>>>> +# Allow all characters to be passed in arguments to user-defined >>>>> parameters. >>>>> +# The following characters are not allowed: >>>>> +# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ >>>>> +# Additionally, newline characters are not allowed. >>>>> +# 0 - do not allow >>>>> +# 1 - allow >>>>> +# >>>>> +# Mandatory: no >>>>> +# Range: 0-1 >>>>> +# Default: >>>>> +# UnsafeUserParameters=3D0 >>>>> + >>>>> +### Option: UserParameter >>>>> +# User-defined parameter to monitor. There can be several user-defined >>>>> parameters. >>>>> +# Format: UserParameter=3D, >>>>> +# See 'zabbix_agentd' directory for examples. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# UserParameter=3D >>>>> + >>>>> +####### LOADABLE MODULES ####### >>>>> + >>>>> +### Option: LoadModulePath >>>>> +# Full path to location of agent modules. >>>>> +# Default depends on compilation options. >>>>> +# To see the default path run command "zabbix_agentd --help". >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# LoadModulePath=3D/usr/lib/modules >>>>=20 >>>> See above. >>>>=20 >>>>> +### Option: LoadModule >>>>> +# Module to load at agent startup. Modules are used to extend >>>>> functionality of the agent. >>>>> +# Format: LoadModule=3D >>>>> +# The modules must be located in directory specified by LoadModulePath. >>>>> +# It is allowed to include multiple LoadModule parameters. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# LoadModule=3D >>>>> + >>>>> +####### TLS-RELATED PARAMETERS ####### >>>>> + >>>>> +### Option: TLSConnect >>>>> +# How the agent should connect to server or proxy. Used for active che= cks. >>>>> +# Only one value can be specified: >>>>> +# unencrypted - connect without encryption >>>>> +# psk - connect using TLS and a pre-shared key >>>>> +# cert - connect using TLS and a certificate >>>>> +# >>>>> +# Mandatory: yes, if TLS certificate or PSK parameters are defined >>>>> (even for 'unencrypted' connection) >>>>> +# Default: >>>>> +# TLSConnect=3Dunencrypted >>>>> + >>>>> +### Option: TLSAccept >>>>> +# What incoming connections to accept. >>>>> +# Multiple values can be specified, separated by comma: >>>>> +# unencrypted - accept connections without encryption >>>>> +# psk - accept connections secured with TLS and a pre-shared = key >>>>> +# cert - accept connections secured with TLS and a certificate >>>>> +# >>>>> +# Mandatory: yes, if TLS certificate or PSK parameters are defined >>>>> (even for 'unencrypted' connection) >>>>> +# Default: >>>>> +# TLSAccept=3Dunencrypted >>>>> + >>>>> +### Option: TLSCAFile >>>>> +# Full pathname of a file containing the top-level CA(s) certificates = for >>>>> +# peer certificate verification. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSCAFile=3D >>>>> + >>>>> +### Option: TLSCRLFile >>>>> +# Full pathname of a file containing revoked certificates. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSCRLFile=3D >>>>> + >>>>> +### Option: TLSServerCertIssuer >>>>> +# Allowed server certificate issuer. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSServerCertIssuer=3D >>>>> + >>>>> +### Option: TLSServerCertSubject >>>>> +# Allowed server certificate subject. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSServerCertSubject=3D >>>>> + >>>>> +### Option: TLSCertFile >>>>> +# Full pathname of a file containing the agent certificate or >>>>> certificate chain. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSCertFile=3D >>>>> + >>>>> +### Option: TLSKeyFile >>>>> +# Full pathname of a file containing the agent private key. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSKeyFile=3D >>>>> + >>>>> +### Option: TLSPSKIdentity >>>>> +# Unique, case sensitive string used to identify the pre-shared key. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSPSKIdentity=3D >>>>> + >>>>> +### Option: TLSPSKFile >>>>> +# Full pathname of a file containing the pre-shared key. >>>>> +# >>>>> +# Mandatory: no >>>>> +# Default: >>>>> +# TLSPSKFile=3D >>>>> + >>>>> +#TLSPSKFile=3D/etc/zabbix/zabbix_agentd.psk >>>>=20 >>>> This line doesn=E2=80=99t do anything. >>>=20 >>> It's yust for convenience actually. I personally aprecieate this paramete= r and the file already existing as very handy when configuring a >>> new host. But thinking about it, actually it might be more consequent not= providing this, because I don't provide a default for the other >>> TLS-parameters and files and the file ends up residing on the system with= out any use if PSK is not the chosen method of encryption. I will >>> remove both. >>>=20 >>>>=20 >>>>> + >>>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd >>>>> new file mode 100755 >>>>> index 0000000..fba24f1 >>>>> --- /dev/null >>>>> +++ b/lfs/zabbix_agentd >>>>> @@ -0,0 +1,128 @@ >>>>> +######################################################################= ######### >>>>> +# >>>>> # >>>>> +# IPFire.org - A linux based firewall >>>>> # >>>>> +# Copyright (C) 2007-2019 IPFire Team >>>>> # >>>>> +# >>>>> # >>>>> +# This program is free software: you can redistribute it and/or modify >>>>> # >>>>> +# it under the terms of the GNU General Public License as published by >>>>> # >>>>> +# the Free Software Foundation, either version 3 of the License, or >>>>> # >>>>> +# (at your option) any later version. >>>>> # >>>>> +# >>>>> # >>>>> +# This program is distributed in the hope that it will be useful, >>>>> # >>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>>> # >>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>>> # >>>>> +# GNU General Public License for more details. >>>>> # >>>>> +# >>>>> # >>>>> +# You should have received a copy of the GNU General Public License >>>>> # >>>>> +# along with this program. If not, see . >>>>> # >>>>> +# >>>>> # >>>>> +######################################################################= ######### >>>>> + >>>>> +######################################################################= ######### >>>>> +# Definitions >>>>> +######################################################################= ######### >>>>> + >>>>> +include Config >>>>> + >>>>> +VER =3D 4.0.3 >>>>> + >>>>> +THISAPP =3D zabbix-$(VER) >>>>> +DL_FILE =3D $(THISAPP).tar.gz >>>>> +DL_FROM =3D $(URL_IPFIRE) >>>>> +DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>>>> +TARGET =3D $(DIR_INFO)/$(THISAPP) >>>>> +PROG =3D zabbix_agentd >>>>> +PAK_VER =3D 0.4 >>>>> +DEPS =3D "" >>>>> + >>>>> +######################################################################= ######### >>>>> +# Top-level Rules >>>>> +######################################################################= ######### >>>>> + >>>>> +objects =3D $(DL_FILE) >>>>> + >>>>> +$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>>>> + >>>>> +$(DL_FILE)_MD5 =3D 917d7303c248a9d1c49b8883c01ab2d9 >>>>> + >>>>> +install : $(TARGET) >>>>> + >>>>> +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >>>>> + >>>>> +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >>>>> + >>>>> +md5 : $(subst %,%_MD5,$(objects)) >>>>> + >>>>> +dist: >>>>> + @$(PAK) >>>>> + >>>>> +######################################################################= ######### >>>>> +# Downloading, checking, md5sum >>>>> +######################################################################= ######### >>>>> + >>>>> +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >>>>> + @$(CHECK) >>>>> + >>>>> +$(patsubst %,$(DIR_DL)/%,$(objects)) : >>>>> + @$(LOAD) >>>>> + >>>>> +$(subst %,%_MD5,$(objects)) : >>>>> + @$(MD5) >>>>> + >>>>> +######################################################################= ######### >>>>> +# Installation Details >>>>> +######################################################################= ######### >>>>> + >>>>> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>>>> + @$(PREBUILD) >>>>> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE) >>>>> + cd $(DIR_APP) && ./configure \ >>>>> + --prefix=3D/usr \ >>>>> + --enable-agent \ >>>>> + --sysconfdir=3D"/etc/zabbix" \ >>>>> + --with-openssl >>>>> + >>>>> + cd $(DIR_APP) && make + cd $(DIR_APP) && make install >>>>> + >>>>> + # Add User Zabbix if it does not exist >>>>> + id -u zabbix &>/dev/null || useradd -r -U -s /bin/false -M -d >>>>> /var/empty -c "Zabbix Monitoring=E2=80=9D zabbix >>>>=20 >>>> You are checking if the user exists, but expect to create a user *and* a= group. This could potentially go wrong. >>>>=20 >>>> This will also randomly select a user ID. Therefore it would be better t= o have this in config/etc/passwd and config/etc/group so it will be persisten= t for every time the build is run. >>>=20 >>> Ok, i will change this. But will this not result in the user & group exis= ting allways and not only if the addon is installed? >>=20 >> Yes. I don=E2=80=99t think that that is a bad thing. We have that for most= of the other addons, too. >>=20 >>>=20 >>>>=20 >>>>> + # Create config directory and create files. >>>>> + -rmdir zabbix_agentd.conf.d >>>>=20 >>>> You are trying to delete /usr/src/zabbit_agentd.conf.d here. This should= not exist anyways. >>>=20 >>> The install-routine allways creates this and I could not figure out how t= o disable / change this in the lfs. I know this is a dirty >>> workaround, but I don't know a better way to solve this by today. Does an= ybody have a hint for me? >>=20 >> Is it because you used the quotes around =E2=80=94-sysconfdir? I don=E2=80= =99t know=E2=80=A6 Seems to be a bug in their build system. >=20 > You seem to be right. I changed it to --sysconfdir=3D/etc/zabbix_agentd and= it still happens. I will just stick to the workaround and keep an eye on it. >=20 >>=20 >>>=20 >>>>=20 >>>>> + -mkdir -pv /etc/zabbix/zabbix_agentd.d >>>>> + -mkdir -pv /etc/zabbix/scripts >>>>> + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \ >>>>> + /etc/zabbix/zabbix_agentd.conf >>>>> + install -v -m 644 >>>>> $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ >>>>> + /etc/zabbix/zabbix_agentd.d/userparameter_pakfire.conf >>>>> + install -v -m 754 -g zabbix >>>>> $(DIR_SRC)/config/zabbix_agentd/pakfire_updates.pl \ >>>>> + /etc/zabbix/scripts/pakfire_updates.pl >>>>=20 >>>> Why should this script not be allowed to be executed by other users than= root and those in the zabbix group? >>>=20 >>> There is no reason besides my paranoia... The functionallity of the file = will be integrated in the original one anyways (see above). >>>=20 >>>>=20 >>>>> + touch /etc/zabbix/zabbix_agentd.psk >>>>=20 >>>> This file is not being used in the configuration file. >>>=20 >>> See above. >>>=20 >>>>=20 >>>>> + # Create directory and file for logging. >>>>> + -mkdir -pv /var/log/zabbix >>>>> + chown zabbix.zabbix /var/log/zabbix -R >>>>> + >>>>> + # Create directory for pid. >>>>> + -mkdir -pv /var/run/zabbix >>>>> + chown zabbix.zabbix /var/run/zabbix >>>>> + >>>>> + # Install initscripts >>>>> + $(call INSTALL_INITSCRIPT,zabbix_agentd) >>>>> + >>>>> + # Install sudoers include file >>>>> + install -v -m 440 $(DIR_SRC)/config/zabbix_agentd/sudoers \ >>>>> + /etc/sudoers.d/zabbix >>>>> + >>>>> + # Install include file for backup >>>>> + install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ >>>>> + /var/ipfire/backup/addons/includes/zabbix_agentd >>>>> + >>>>> + # Install include file for Logrotate >>>>> + -mkdir -pv /etc/logrotate.d >>>>> + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/logrotate \ >>>>> + /etc/logrotate.d/zabbix_agentd >>>>> + >>>>> + @rm -rf $(DIR_APP) >>>>> + @$(POSTBUILD) >>>>> diff --git a/make.sh b/make.sh >>>>> index f96b74b..dadae3c 100755 >>>>> --- a/make.sh >>>>> +++ b/make.sh >>>>> @@ -1588,6 +1588,7 @@ buildipfire() { >>>>> lfsmake2 dehydrated >>>>> lfsmake2 shairport-sync >>>>> lfsmake2 borgbackup >>>>> + lfsmake2 zabbix_agentd >>>>> } >>>>> buildinstaller() { >>>>> diff --git a/src/initscripts/packages/zabbix_agentd >>>>> b/src/initscripts/packages/zabbix_agentd >>>>> new file mode 100755 >>>>> index 0000000..e50b56c >>>>> --- /dev/null >>>>> +++ b/src/initscripts/packages/zabbix_agentd >>>>> @@ -0,0 +1,61 @@ >>>>> +#!/bin/sh >>>>> +######################################################################= ## >>>>> +# Begin $rc_base/init.d/zabbix_agentd >>>>> +# >>>>> +# Description : This is a script that starts zabbix_agent as deamon >>>>> +# >>>>> +# Authors : Alexander Koch (ipfire(a)starkstromkonsument.de) >>>>> +# >>>>> +# Version : 01.00 >>>>> +# >>>>> +# Notes : >>>>> +# >>>>> +######################################################################= ## >>>>> + >>>>> +. /etc/sysconfig/rc >>>>> +. ${rc_functions} >>>>> + >>>>> +NAME=3Dzabbix_agentd >>>>> +DAEMON=3D/usr/sbin/$NAME >>>>> +DESC=3D"Zabbix agent" >>>>> +RUNDIR=3D/var/run/zabbix >>>>> +CONF=3D/etc/zabbix/zabbix_agentd.conf >>>>> + >>>>> +test -x $DAEMON || exit 0 >>>>> + >>>>> +case "${1}" in >>>>> + start) >>>>> + # Make sure RUNDIR exists >>>>> + if [ ! -d $RUNDIR ]; then >>>>> + boot_mesg "Creating Directory $RUNDIR ..." >>>>> + mkdir $RUNDIR >>>>> + chown zabbix.zabbix $RUNDIR >>>>> + fi >>>>> + >>>>> + boot_mesg "Starting $NAME =E2=80=A6" >>>>=20 >>>> We usually use a descriptive name here and not the name of the binary he= re. >>>>=20 >>>> Also no space before the ellipsis.> >>>>> + loadproc $DAEMON -c $CONF > /dev/null >>>>> + evaluate_retval >>>>> + ;; >>>>> + =09 >>>>> + stop) >>>>> + boot_mesg "Stopping $NAME ..." >>>>> + killproc $DAEMON >>>>> + ;; >>>>> + >>>>> + restart) >>>>> + ${0} stop >>>>> + sleep 1 >>>>> + ${0} start >>>>> + ;; >>>>> + >>>>> + status) >>>>> + statusproc $DAEMON >>>>> + ;; >>>>> + >>>>> + *) >>>>> + echo "Usage: ${0} {start|stop|restart|status}" >>>>> + exit 1 >>>>> + ;; >>>>> +esac >>>>> + >>>>> +# End $rc_base/init.d/zabbix_agentd >>>>=20 >>>> This script is a bit different than the others. Variables are being used= instead of using the command names directly. Not sure if that is necessary. >>>=20 >>> Ok, I'll change it. >>>=20 >>>>=20 >>>> Why is the output of loadproc being thrown away? You won=E2=80=99t have = to call evaluate_retval if you didn=E2=80=99t do that. >>>=20 >>> I actually just coppied this part from the netsnmpd-addon without thinkin= g about it =E2=80=A6 >>=20 >> There is a script called =E2=80=9Ctemplate=E2=80=9D which is=E2=80=A6 well= =E2=80=A6 a template that I use for the initscripts. >>=20 >>>=20 >>>>=20 >>>> Is it not better to have /var/run/zabbix being created in src/initscript= s/sysconfig/createfiles? >>>=20 >>> Yes, it is. I did not know this script yet. >>>=20 >>>>=20 >>>>> diff --git a/src/paks/zabbix_agentd/install.sh >>>>> b/src/paks/zabbix_agentd/install.sh >>>>> new file mode 100644 >>>>> index 0000000..7264a08 >>>>> --- /dev/null >>>>> +++ b/src/paks/zabbix_agentd/install.sh >>>>> @@ -0,0 +1,45 @@ >>>>> +#!/bin/bash >>>>> +######################################################################= ###### >>>>> +# >>>>> # >>>>> +# This file is part of the IPFire Firewall. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is free software; you can redistribute it and/or modify >>>>> # >>>>> +# it under the terms of the GNU General Public License as published by >>>>> # >>>>> +# the Free Software Foundation; either version 2 of the License, or >>>>> # >>>>> +# (at your option) any later version. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is distributed in the hope that it will be useful, >>>>> # >>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>>> # >>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>>> # >>>>> +# GNU General Public License for more details. >>>>> # >>>>> +# >>>>> # >>>>> +# You should have received a copy of the GNU General Public License >>>>> # >>>>> +# along with IPFire; if not, write to the Free Software >>>>> # >>>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>>> USA # >>>>> +# >>>>> # >>>>> +# Copyright (C) 2007 IPFire-Team . >>>>> # >>>>> +# >>>>> # >>>>> +######################################################################= ###### >>>>> +# >>>>> +. /opt/pakfire/lib/functions.sh >>>>> + >>>>> +# Add User Zabbix if it does not exist >>>>> +id -u zabbix &>/dev/null || useradd -r -U -s /bin/false -M -d >>>>> /var/empty -c "Zabbix Monitoring=E2=80=9D zabbix >>>>=20 >>>> See above. If the group has been lost, it won=E2=80=99t be recreated aga= in. >>>=20 >>> The "-U" takes care of this. >>=20 >> It doesn=E2=80=99t really, because useradd isn=E2=80=99t called when the u= ser exists, but the group doesn=E2=80=99t. Hence you end up with no group. Ce= rtainly an edge-case, but possible. >>=20 >>>>=20 >>>>> + >>>>> +extract_files >>>>> + >>>>> +# Create additonal Directories and set permissions >>>>> +mkdir -pv /etc/zabbix/zabbix_agentd.d >>>>> +mkdir -pv /etc/zabbix/scripts >>>>=20 >>>> These should be in the tarball. >>>>=20 >>>>> +mkdir -pv /var/run/zabbix >>>>> +chown zabbix.zabbix /var/run/zabbix >>>>=20 >>>> This is being created in the initscript. >>>>=20 >>>>> +mkdir -pv /var/log/zabbix >>>>> +chown zabbix.zabbix /var/log/zabbix -R >>>>=20 >>>> This should also be in the tarball. >>>=20 >>> I will check / fix these issues. >>>=20 >>>>=20 >>>>> +# Create symlinks for runlevel interaction. >>>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc3.d/S14zabbix_agentd >>>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc0.d/K71zabbix_agentd >>>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K71zabbix_agentd >>>>=20 >>>> You are starting this very early in the boot process. Even before the ne= twork is being started. >>>>=20 >>>> Is that deliberate or could this be moved to a later time? >>>>=20 >>>> Can zabbix bind to IP addresses if those are not assigned to the network= interfaces, yet? >>>=20 >>> No and no. I will change it to S65 & K02, if you agree. >>=20 >> Yes, I think that makes more sense. >>=20 >>>=20 >>>>=20 >>>>> +restore_backup ${NAME} >>>>> +start_service --background ${NAME} >>>>> diff --git a/src/paks/zabbix_agentd/uninstall.sh >>>>> b/src/paks/zabbix_agentd/uninstall.sh >>>>> new file mode 100644 >>>>> index 0000000..ae8f815 >>>>> --- /dev/null >>>>> +++ b/src/paks/zabbix_agentd/uninstall.sh >>>>> @@ -0,0 +1,38 @@ >>>>> +#!/bin/bash >>>>> +######################################################################= ###### >>>>> +# >>>>> # >>>>> +# This file is part of the IPFire Firewall. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is free software; you can redistribute it and/or modify >>>>> # >>>>> +# it under the terms of the GNU General Public License as published by >>>>> # >>>>> +# the Free Software Foundation; either version 2 of the License, or >>>>> # >>>>> +# (at your option) any later version. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is distributed in the hope that it will be useful, >>>>> # >>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>>> # >>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>>> # >>>>> +# GNU General Public License for more details. >>>>> # >>>>> +# >>>>> # >>>>> +# You should have received a copy of the GNU General Public License >>>>> # >>>>> +# along with IPFire; if not, write to the Free Software >>>>> # >>>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>>> USA # >>>>> +# >>>>> # >>>>> +# Copyright (C) 2007 IPFire-Team . >>>>> # >>>>> +# >>>>> # >>>>> +######################################################################= ###### >>>>> +# >>>>> +. /opt/pakfire/lib/functions.sh >>>>> +stop_service ${NAME} >>>>> +make_backup ${NAME} >>>>> +remove_files >>>>> + >>>>> +# Remove init-scripts and symlinks >>>>> +rm -rfv /etc/rc.d/rc*.d/*zabbix_agentd >>>>> + >>>>> +# Remove directorys >>>>> +rm -rfv /etc/zabbix >>>>> +rm -rfv /var/log/zabbix >>>>> +rm -rfv /var/run/zabbix >>>>=20 >>>> See above. Log files should not be removed I think. We do not do that an= ywhere else as far as I know. >>>=20 >>> Ok. >>>=20 >>>>=20 >>>>> + >>>>> +# Remove user and group >>>>> +userdel zabbix >>>>=20 >>>> Do you delete the group here? >>>=20 >>> I tested this an the group seems to be deleted automatically, because it'= s the users primary group. >>=20 >> What about any files that are not being removed? Logfiles, etc. These migh= t lose their user/group. >>=20 >> You should leave the user/group when the add-on is being uninstalled. >>=20 >>>=20 >>>>=20 >>>>> diff --git a/src/paks/zabbix_agentd/update.sh >>>>> b/src/paks/zabbix_agentd/update.sh >>>>> new file mode 100644 >>>>> index 0000000..89c40d0 >>>>> --- /dev/null >>>>> +++ b/src/paks/zabbix_agentd/update.sh >>>>> @@ -0,0 +1,26 @@ >>>>> +#!/bin/bash >>>>> +######################################################################= ###### >>>>> +# >>>>> # >>>>> +# This file is part of the IPFire Firewall. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is free software; you can redistribute it and/or modify >>>>> # >>>>> +# it under the terms of the GNU General Public License as published by >>>>> # >>>>> +# the Free Software Foundation; either version 2 of the License, or >>>>> # >>>>> +# (at your option) any later version. >>>>> # >>>>> +# >>>>> # >>>>> +# IPFire is distributed in the hope that it will be useful, >>>>> # >>>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>>> # >>>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>>> # >>>>> +# GNU General Public License for more details. >>>>> # >>>>> +# >>>>> # >>>>> +# You should have received a copy of the GNU General Public License >>>>> # >>>>> +# along with IPFire; if not, write to the Free Software >>>>> # >>>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>>> USA # >>>>> +# >>>>> # >>>>> +# Copyright (C) 2007 IPFire-Team . >>>>> # >>>>> +# >>>>> # >>>>> +######################################################################= ###### >>>>> +# >>>>> +. /opt/pakfire/lib/functions.sh >>>>> +./uninstall.sh >>>>> +./install.sh >>>>> --=20 >>>>> 2.7.4 >>>>=20 >>>> So, those are a lot of comments. Most of them are just questions. Hope y= ou can clarify those for me. >>>>=20 >>>> Looking forward to hearing from you soon. Apologies for taking a couple = of days to review this. Where are the other people on this list? >>>>=20 >>>> -Michael >>>>=20 >>>=20 >>> I hope I cloud clarify you're questions. I'm looking forward to some more= feedback to my few questions above and I will be preparing a >>> modified patch within a few days. >>=20 >> Cool! >>=20 >> -Michael >>=20 >>>=20 >>> Best regards, >>> Alex --===============3432191297990985981==--