From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Koch To: development@lists.ipfire.org Subject: Re: New addon: zabbix_agentd Date: Tue, 12 Feb 2019 23:14:34 +0100 Message-ID: In-Reply-To: <3E7F63AC-4B8B-47F0-B1CA-9D93FCDFD716@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2408967991689885618==" List-Id: --===============2408967991689885618== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, thank you for you're comments. I've put some brief comments and a few questio= ns inline. The new patch is nearly read though ... Best regards, Alex -------- Original-Nachricht -------- *Von:* michael.tremer(a)ipfire.org *Gesendet:* Fri, 8 Feb 2019 12:49:26 +0000 *An:* ipfire(a)starkstromkonsument.de *CC:* development(a)lists.ipfire.org *Betreff:* Re: New addon: zabbix_agentd > Hi, >=20 >> On 7 Feb 2019, at 22:21, Alexander Koch = wrote: >> >> Hello Michael, >> >> thank you for you're detailed review. I apologize for the line wrap issue.= .. I will answer you're >> questions inline below. >=20 > I strongly recommend using git send-email >=20 > https://wiki.ipfire.org/devel/git/setup >=20 >> -------- Original-Nachricht -------- >> >> *Von:* michael.tremer(a)ipfire.org >> *Gesendet:* Tue, 5 Feb 2019 12:44:54 +0000 >> *An:* ipfire(a)starkstromkonsument.de >> *CC:* development(a)lists.ipfire.org >> >> *Betreff:* Re: New addon: zabbix_agentd >> >> >>> Hello Alexander, >>> >>> Thank you very much for submitting this patch. >>> >>> I guess that you have been involved in the forum thread about getting thi= s thing into IPFire. Happy to see that that is now making its way to the list. >>> >>> However, there are some issues with the patch: >>> >>> First of all, some lines are wrapped (presumably by your email program). = You can see this at the end of the patch where the #s are not in the same lin= e any more. >>> >>> Therefore it won=E2=80=99t merge. >>> >>> Also it is quite a large patch and could have been broken down into small= er parts to make it easier to review it. >>> >>> I will go through the rest inline... >>> >>>> On 3 Feb 2019, at 19:37, Alexander Koch wrote: >>>> >>>> Hello, >>>> >>>> I would like to contribute a new addon for monitoring hosts running >>>> IPFire by Zabbix Monitoring (https://www.zabbix.com/features) to >>>> IPFire. Topic in the forum: >>>> https://forum.ipfire.org/viewtopic.php?f=3D52&t=3D22039 >>>> >>>> I'm not a professional software developer and this is going to be my >>>> first patch for IPFire. I hope I did not make any stupid mistakes and >>>> I'm not wasting you're time. I've built and tested (only for/on x86_64) >>>> this package for/with core126, core127 (testing) and core128 >>>> (Development Build: zabbix_agentd/b72540bc) so far. >>>> >>>> Before I finally submit this as a Patch, I've got two questions I could >>>> not figure out reading the wiki/forum: >>>> >>>> 1: How are logfiles (/var/log/zabbix) supposed to be treated by the >>>> backup- and uninstall-scripts of an addon? Are logs supposed to be >>>> included in the addon-backup? Is the log-directory supposed to be >>>> deleted by the uninstall.sh of the addon? If I do not include them in >>>> the backup, but delete the log-directory in uninstall.sh, the logs will >>>> be flushed on every update of the addon. This is probably not what the >>>> users expects to happen. >>>> >>>> 2: How is the original source-code of zabbix >>>> (https://www.zabbix.com/download_sources) supposed to be shipped with >>>> the patch? A patch only includes the lfs, config etc. and I did not find >>>> a place to provide a download URL for it. Did I miss something? >>>> >>>> Best, >>>> Alex >>>> >>>> P.S. Just in case you want to check what I achieved so far, I attached >>>> my current patchfile below: >>>> >>>> Subject: [PATCH] zabbix_agentd: New addon for monitoring IPFire Hosts by >>>> Zabbix Monitoring (https://www.zabbix.com/features). See >>>> https://forum.ipfire.org/viewtopic.php?f=3D52&t=3D22039 for further deta= ils. >>>> >>>> Signed-off-by: Alexander Koch >>>> --- >>>> config/backup/includes/zabbix_agentd | 3 + >>>> config/rootfiles/packages/zabbix_agentd | 21 ++ >>>> config/zabbix_agentd/logrotate | 9 + >>>> config/zabbix_agentd/pakfire_updates.pl | 100 ++++++ >>>> config/zabbix_agentd/sudoers | 17 + >>>> config/zabbix_agentd/userparameter_pakfire.conf | 4 + >>>> config/zabbix_agentd/zabbix_agentd.conf | 394 >>>> ++++++++++++++++++++++++ >>>> lfs/zabbix_agentd | 128 ++++++++ >>>> make.sh | 1 + >>>> src/initscripts/packages/zabbix_agentd | 61 ++++ >>>> src/paks/zabbix_agentd/install.sh | 45 +++ >>>> src/paks/zabbix_agentd/uninstall.sh | 38 +++ >>>> src/paks/zabbix_agentd/update.sh | 26 ++ >>>> 13 files changed, 847 insertions(+) >>>> create mode 100644 config/backup/includes/zabbix_agentd >>>> create mode 100644 config/rootfiles/packages/zabbix_agentd >>>> create mode 100644 config/zabbix_agentd/logrotate >>>> create mode 100644 config/zabbix_agentd/pakfire_updates.pl >>>> create mode 100644 config/zabbix_agentd/sudoers >>>> create mode 100644 config/zabbix_agentd/userparameter_pakfire.conf >>>> create mode 100644 config/zabbix_agentd/zabbix_agentd.conf >>>> create mode 100755 lfs/zabbix_agentd >>>> create mode 100755 src/initscripts/packages/zabbix_agentd >>>> create mode 100644 src/paks/zabbix_agentd/install.sh >>>> create mode 100644 src/paks/zabbix_agentd/uninstall.sh >>>> create mode 100644 src/paks/zabbix_agentd/update.sh >>>> >>>> diff --git a/config/backup/includes/zabbix_agentd >>>> b/config/backup/includes/zabbix_agentd >>>> new file mode 100644 >>>> index 0000000..d6a2b49 >>>> --- /dev/null >>>> +++ b/config/backup/includes/zabbix_agentd >>>> @@ -0,0 +1,3 @@ >>>> +/etc/sudoers.d/zabbix >>>> +/etc/zabbix/zabbix_agentd.* >>>> +/etc/zabbix/scripts >>> >>> I would say that /etc/sudoers.d/zabbix is not a configuration file for th= e user here and therefore should not be in the backup. It is a system configu= ration file that comes with the package. >> >> The zabbix_agentd provides "items" for gathering data for monitoring by th= e zabbix_server. These out-of-the-box-items can be extended by >> UserParameter's consisting of one-liner's or entire scripts (e.g. the pakf= ire_updates.pl). These extensions of the agent have to be >> maintained by the user himself (and are typically shipped with zabbix temp= lates). Some of the commands run by these extensions may require >> to be run as root. The sudoers-includefile has to be modified by the user = in order to fit the needs of his UserParameters. This is why I >> consider this a config file that should be included in the backup. Otherwi= se the changes of the user will be overwritten on updates and lost >> when a system crashes. Do you agree? >=20 > Hmm, I am not really sure what to think about it. >=20 > Maybe we can rename the file to /etc/sudoers.d/zabbix.user or .local like w= e usually do it with files that are supposed to be changed by the users. I will name it zabbix.user >=20 >> >>> >>> Shouldn=E2=80=99t the whole /etc/zabbix directory be in the backup? >> The Zabbix-Ecosystem consist of several daemons: zabbix_server, zabbix_pro= xy, zabbix_agentd and additionally it's php-frontend. By default >> they all share this config-directory. I'm planing to build another addon f= or the zabbix_proxy and wanted to separate the backups. Thinking >> about it again, it would be better to use separate directories like /etc/z= abbix_agentd and /etc/zabbix_proxy in the case of IPFire, although >> other distributions like e.g. debian don't change this ... what do you thi= nk? >=20 > Yes, it would be a good idea to have different backups if there were differ= ent packages. >=20 > Is there any point in packaging the proxy and server for IPFire though? Nev= er worked with Zabbix, so please don=E2=80=99t mind the beginner=E2=80=99s qu= estion here. I don't think it's a good idea to run a monitoring server on a router/firewal= l and I'm not planning to build it. The proxy on the other side is a very val= uable extension for monitoring remote sites (connected via N2N-VPN). It can p= erform checks and collect data on behalf of the server. When configuring a ho= st on the server, you can choose whether it should be monitored by the server= itself or one of its proxies. I'm planning to build it with sqlite3 as DB. I= t will need libssh2 and libopenipmi too to be fully featured and has to be sh= ipped with the abbillity to collect data via snmp and recieve snmp-traps. I d= ont now whether any of the requiremets will cause major headaches yet. I'll g= ive it a try, when the agent is finished. I already ran into the problem that= these two packages will share the same source-tarball. The lfs just builds t= he first one of them, because the source-tarball is not "touched" again after= the first lfs has ben executed. Is there a workaround for this? >=20 >> >>> >>>> diff --git a/config/rootfiles/packages/zabbix_agentd >>>> b/config/rootfiles/packages/zabbix_agentd >>>> new file mode 100644 >>>> index 0000000..f12c46d >>>> --- /dev/null >>>> +++ b/config/rootfiles/packages/zabbix_agentd >>>> @@ -0,0 +1,21 @@ >>>> +#etc/group- >>> >>> This file should not be in here and probably this is a mistake. >> >> It appeared in the log and I don't know why. I will remove the line. >=20 > It is probably created by useradd. >=20 >> >>> >>>> +etc/logrotate.d/zabbix_agentd >>>> +etc/rc.d/init.d/zabbix_agentd >>>> +etc/sudoers.d/zabbix >>>> +#etc/zabbix >>>> +#etc/zabbix/scripts >>>> +etc/zabbix/scripts/pakfire_updates.pl >>>> +etc/zabbix/zabbix_agentd.conf >>>> +#etc/zabbix/zabbix_agentd.conf.d >>>> +#etc/zabbix/zabbix_agentd.d >>>> +etc/zabbix/zabbix_agentd.d/userparameter_pakfire.conf >>>> +etc/zabbix/zabbix_agentd.psk >>>> +usr/bin/zabbix_get >>>> +usr/bin/zabbix_sender >>>> +#usr/lib/modules >>> >>> This also does not seem to be a very well named directory. >> >> I will set it to 'usr/lib/zabbix'. >> >>> >>>> +usr/sbin/zabbix_agentd >>>> +#usr/share/man/man1/zabbix_get.1 >>>> +#usr/share/man/man1/zabbix_sender.1 >>>> +#usr/share/man/man8/zabbix_agentd.8 >>>> +var/ipfire/backup/addons/includes/zabbix_agentd >>>> +#var/log/zabbix >>> >>> The log directory should probably be shipped in this package. >> >> yep. I found another issue while testing: when i include /var/log/zabbix in the ro= otfile, the directory is removed on uninstall/update. My current rootfile: etc/logrotate.d/zabbix_agentd etc/rc.d/init.d/zabbix_agentd etc/sudoers.d/zabbix.user #etc/zabbix_agentd etc/zabbix_agentd/scripts etc/zabbix_agentd/zabbix_agentd.conf etc/zabbix_agentd/zabbix_agentd.d usr/bin/zabbix_get usr/bin/zabbix_sender usr/lib/zabbix usr/sbin/zabbix_agentd #usr/share/man/man1/zabbix_get.1 #usr/share/man/man1/zabbix_sender.1 #usr/share/man/man8/zabbix_agentd.8 var/ipfire/backup/addons/includes/zabbix_agentd var/log/zabbix Is there something wrong with this? Should I remove it from the rootfile agai= n and create it in the install.sh or src/initscripts/sysconfig/createfiles? >> >>> >>>> diff --git a/config/zabbix_agentd/logrotate b/config/zabbix_agentd/logro= tate >>>> new file mode 100644 >>>> index 0000000..83bbca9 >>>> --- /dev/null >>>> +++ b/config/zabbix_agentd/logrotate >>>> @@ -0,0 +1,9 @@ >>>> +/var/log/zabbix/zabbix_agentd.log { >>>> + monthly >>>> + rotate 12 >>>> + compress >>>> + delaycompress >>>> + missingok >>>> + notifempty >>>> + create 0640 zabbix zabbix >>>> +} >>> >>> Does the daemon not need to be notified when the log file is being rotate= d? >> >> It doe not, because the daemon performs a open/write/close-operation when = writing to the logfile. >> >>> >>>> diff --git a/config/zabbix_agentd/pakfire_updates.pl >>>> b/config/zabbix_agentd/pakfire_updates.pl >>>> new file mode 100644 >>>> index 0000000..875df40 >>>> --- /dev/null >>>> +++ b/config/zabbix_agentd/pakfire_updates.pl >>>> @@ -0,0 +1,100 @@ >>>> +#!/usr/bin/perl >>>> +# >>>> +# Script for fetching available updates and "need reboot"-status for >>>> userparameter of zabbix_agentd >>>> +# >>>> +# This script is based on /opt/pakfire/lib/functions.pl >>>> +# >>>> +# Created on 09.07.2017 by Alexander Koch (ipfire(a)starkstromkonsument= .de) >>>> +# Last modified on 24.01.19 by Alexander Koch >>>> (ipfire(a)starkstromkonsument.de) >>>> +# >>> >>> This script is missing a license header. Presumably you want a GPLv3 or s= ome similar header here. Please check the appropriate license that you would = like to use. >> >> Ok, this will be fixed. >> >>> >>>> + >>>> +# Inculde Pakfire-Functions >>>> +require "/opt/pakfire/lib/functions.pl"; >>>> + >>>> +# Check for passed options >>>> +unless (@ARGV) { >>>> + print "No options given!\n"; >>>> + print "Possible options: updatescount, coreupdate_avail, need_reboot\= n"; >>>> + exit 2; >>>> +} >>>> + >>>> +# Count packets >>>> +if ("$ARGV[0]" eq "updatescount") { >>>> + >>>> + # The following lines have been copied from >>>> /opt/pakfire/lib/functions.pl with minor modifications. >>>> + my @meta; >>>> + my $file; >>>> + my $line; >>>> + my $prog; >>>> + my ($name, $version, $release); >>>> + my @templine; >>>> + my $updatecount =3D 0; >>>> + >>>> + # Get list of packets >>>> + open(FILE, "<$Conf::dbdir/lists/packages_list.db"); >>>> + my @db =3D ; >>>> + close(FILE); >>>> + >>>> + # Get installed addons >>>> + opendir(DIR,"$Conf::dbdir/installed"); >>>> + my @files =3D readdir(DIR); >>>> + closedir(DIR); >>>> + foreach $file (@files) { >>>> + next if ( $file eq "." ); >>>> + next if ( $file eq ".." ); >>>> + next if ( $file =3D~ /^old/ ); >>>> + open(FILE, "<$Conf::dbdir/installed/$file"); >>>> + @meta =3D ; >>>> + close(FILE); >>>> + foreach $line (@meta) { >>>> + @templine =3D split(/\: /,$line); >>>> + if ("$templine[0]" eq "Name") { >>>> + $name =3D $templine[1]; >>>> + chomp($name); >>>> + } elsif ("$templine[0]" eq "ProgVersion") { >>>> + $version =3D $templine[1]; >>>> + chomp($version); >>>> + } elsif ("$templine[0]" eq "Release") { >>>> + $release =3D $templine[1]; >>>> + chomp($release); >>>> + } >>>> + } >>>> + foreach $prog (@db) { >>>> + @templine =3D split(/\;/,$prog); >>>> + if (("$name" eq "$templine[0]") && ("$release" < "$templine[2]")) { >>>> + $updatecount++; >>>> + } >>>> + } >>>> + } >>>> + print $updatecount; >>>> + exit 0; >>>> +} >>>> + >>>> +elsif ("$ARGV[0]" eq "coreupdate_avail") { >>>> + eval(`grep "core_" $Conf::dbdir/lists/core-list.db`); >>>> + if ("$core_release" > "$Conf::core_mine") { >>>> + print 1; >>>> + exit 0; >>>> + } >>>> + else { >>>> + print 0; >>>> + exit 0; >>>> + } >>>> +} >>>> + >>>> +elsif ("$ARGV[0]" eq "need_reboot") { >>>> + if ( -e "/var/run/need_reboot" ) { >>>> + print 1; >>>> + exit 0; >>>> + } >>>> + else { >>>> + print 0; >>>> + exit 0; >>>> + } >>>> +} >>>> + >>>> +else { >>>> + print "Wrong options!\n"; >>>> + print "Possible options: updatescount, coreupdate_avail, need_reboot\n= "; >>>> + exit 2; >>>> +} >>> >>> Would it not have been a good idea to have the functions live in the pakf= ire code and just have a convenient script to call them? Or even extend the p= akfire command to return whether there are updates or not? >> >> You are right. I didn't want to mess around with a corefile for the beginn= ing. As this is a UserParameter-Extension for the agent and >> therefore not essentially nescesarry for the addon in the first place, I w= ill remove this file and >> config/zabbix_agentd/userparameter_pakfire.conf from the patch and provide= it separately as an update for the addon or only togehter with >> the apropriate Zabbix-Tamplate later on. >> >>> >>>> diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers >>>> new file mode 100644 >>>> index 0000000..d6049f3 >>>> --- /dev/null >>>> +++ b/config/zabbix_agentd/sudoers >>>> @@ -0,0 +1,17 @@ >>>> +# Include file for sudoers file >>>> +# >>>> +# This is needed for some userparameters to be able to execute commands >>>> that only run as root (using sudo) >>>> +# e.g. /usr/bin/openssl or /usr/sbin/smartctl >>>> +# >>>> +# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BRE= ACH! >>>> +# >>>> +# Some hints: >>>> +# - It is strongly recommended to edit this file only using the visudo >>>> -f command. If you mess up this file, >>>> +# you might end up locking yourself out of your system! >>>> +# - Append the full path to each command, using "," as separator. >>>> +# - Only add commands you really need. Zabbix should not have more >>>> rights than it has to. >>>> +# >>>> +# Uncomment the following two lines and edit the example of commands to >>>> fit your needs: >>>> +# >>>> +#Defaults:zabbix !requiretty >>>> +#zabbix ALL=3D(ALL) NOPASSWD: /usr/bin/openssl, /usr/sbin/smartctl >>> >>> You might want to limit the options to be given to smartctl. Potentially = you can send commands to the hard drives but I assume that you only want to r= ead information. >> >> You are right. But these are just examples. I will remove these. The user = has to take care of this file anyway, as explained above. The >> reason for shipping this file is to have it there and in the backup with t= his filename. If I don't provide this placeholder, I'm afraid of >> the users choosing different filenames and ending up not having it in the = backup of the addon. Is there a more elegant way to dispel this doubt? >> >>> >>>> diff --git a/config/zabbix_agentd/userparameter_pakfire.conf >>>> b/config/zabbix_agentd/userparameter_pakfire.conf >>>> new file mode 100644 >>>> index 0000000..4fc4265 >>>> --- /dev/null >>>> +++ b/config/zabbix_agentd/userparameter_pakfire.conf >>>> @@ -0,0 +1,4 @@ >>>> +# Provide additional items for Pakfire-Updates >>>> +UserParameter=3Dpakfire.updatescount,/etc/zabbix/scripts/pakfire_update= s.pl >>>> updatescount >>>> +UserParameter=3Dpakfire.coreupdate_avail,/etc/zabbix/scripts/pakfire_up= dates.pl >>>> coreupdate_avail >>>> +UserParameter=3Dpakfire.need_reboot,/etc/zabbix/scripts/pakfire_updates= .pl need_reboot >>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf >>>> b/config/zabbix_agentd/zabbix_agentd.conf >>>> new file mode 100644 >>>> index 0000000..e60af19 >>>> --- /dev/null >>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf >>>> @@ -0,0 +1,394 @@ >>>> +# This is a configuration file for Zabbix agent daemon (Unix) >>>> +# To get more information about Zabbix, visit http://www.zabbix.com >>>> + >>>> +############ GENERAL PARAMETERS ################# >>>> + >>>> +### Option: PidFile >>>> +# Name of PID file. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# PidFile=3D/tmp/zabbix_agentd.pid >>>> + >>>> +PidFile=3D/var/run/zabbix/zabbix_agentd.pid >>>> + >>>> +### Option: LogType >>>> +# Specifies where log messages are written to: >>>> +# system - syslog >>>> +# file - file specified with LogFile parameter >>>> +# console - standard output >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# LogType=3Dfile >>>> + >>>> +### Option: LogFile >>>> +# Log file name for LogType 'file' parameter. >>>> +# >>>> +# Mandatory: yes, if LogType is set to file, otherwise no >>>> +# Default: >>>> +# LogFile=3D >>>> + >>>> +LogFile=3D/var/log/zabbix/zabbix_agentd.log >>>> + >>>> +### Option: LogFileSize >>>> +# Maximum size of log file in MB. >>>> +# 0 - disable automatic log rotation. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-1024 >>>> +# Default: >>>> +# LogFileSize=3D1 >>> >>> Default seems to be enabled. Doesn=E2=80=99t this collide with logrotate? >> >> Yes it does, sorry I missed this. I will change it to 0. >> >>> >>>> +### Option: DebugLevel >>>> +# Specifies debug level: >>>> +# 0 - basic information about starting and stopping of Zabbix processes >>>> +# 1 - critical information >>>> +# 2 - error information >>>> +# 3 - warnings >>>> +# 4 - for debugging (produces lots of information) >>>> +# 5 - extended debugging (produces even more information) >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-5 >>>> +# Default: >>>> +# DebugLevel=3D3 >>>> + >>>> +### Option: SourceIP >>>> +# Source IP address for outgoing connections. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# SourceIP=3D >>>> + >>>> +### Option: EnableRemoteCommands >>>> +# Whether remote commands from Zabbix server are allowed. >>>> +# 0 - not allowed >>>> +# 1 - allowed >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# EnableRemoteCommands=3D0 >>>> + >>>> +### Option: LogRemoteCommands >>>> +# Enable logging of executed shell commands as warnings. >>>> +# 0 - disabled >>>> +# 1 - enabled >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# LogRemoteCommands=3D0 >>>> + >>>> +##### Passive checks related >>>> + >>>> +### Option: Server >>>> +# List of comma delimited IP addresses, optionally in CIDR notation, or >>>> DNS names of Zabbix servers and Zabbix proxies. >>>> +# Incoming connections will be accepted only from the hosts listed here. >>>> +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', >>>> '::ffff:127.0.0.1' are treated equally >>>> +# and '::/0' will allow any IPv4 or IPv6 address. >>>> +# '0.0.0.0/0' can be used to allow any IPv4 address. >>>> +# Example: >>>> Server=3D127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com >>>> +# >>>> +# Mandatory: yes, if StartAgents is not explicitly set to 0 >>>> +# Default: >>>> +# Server=3D >>>> + >>>> +Server=3D127.0.0.1 >>> >>> What is the rationale behind this default? >> >> There is no rational default for this, because the IP/DNS-Name of the zabb= ix_server (or proxy) will be different in every environment. >> Exception: the agent on the host of the server itsself. This is the defaul= t chosen in the sources and by the maintainers of other >> distributions. The agent does not start without this parameter beeing set = though. Setting this as a default prevents the agent from beeing >> accessible by unauthorized zabbix servers or proxys and assures the dameno= n starting without errors anyways. Users of zabbix should be aware >> of his though. >=20 > Hmm, in case it needs to be set anyways, I would not set it to localhost th= en. But whatever you do here it is not an optimal solution. I will leave it as it is. >=20 >> >>> >>>> + >>>> +### Option: ListenPort >>>> +# Agent will listen on this port for connections from the server. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 1024-32767 >>>> +# Default: >>>> +# ListenPort=3D10050 >>>> + >>>> +### Option: ListenIP >>>> +# List of comma delimited IP addresses that the agent should listen on. >>>> +# First IP address is sent to Zabbix server if connecting to it to >>>> retrieve list of active checks. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# ListenIP=3D0.0.0.0 >>>> + >>>> +### Option: StartAgents >>>> +# Number of pre-forked instances of zabbix_agentd that process passive >>>> checks. >>>> +# If set to 0, disables passive checks and the agent will not listen on >>>> any TCP port. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-100 >>>> +# Default: >>>> +# StartAgents=3D3 >>>> + >>>> +##### Active checks related >>>> + >>>> +### Option: ServerActive >>>> +# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix >>>> servers and Zabbix proxies for active checks. >>>> +# If port is not specified, default port is used. >>>> +# IPv6 addresses must be enclosed in square brackets if port for that >>>> host is specified. >>>> +# If port is not specified, square brackets for IPv6 addresses are >>>> optional. >>>> +# If this parameter is not specified, active checks are disabled. >>>> +# Example: >>>> ServerActive=3D127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# ServerActive=3D >>>> + >>>> +ServerActive=3D127.0.0.1 >>> >>> See above.> >>>> +### Option: Hostname >>>> +# Unique, case sensitive hostname. >>>> +# Required for active checks and must match hostname as configured on >>>> the server. >>>> +# Value is acquired from HostnameItem if undefined. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# Hostname=3D >>>> + >>>> +### Option: HostnameItem >>>> +# Item used for generating Hostname if it is undefined. Ignored if >>>> Hostname is defined. >>>> +# Does not support UserParameters or aliases. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# HostnameItem=3Dsystem.hostname >>>> + >>>> +### Option: HostMetadata >>>> +# Optional parameter that defines host metadata. >>>> +# Host metadata is used at host auto-registration process. >>>> +# An agent will issue an error and not start if the value is over limit >>>> of 255 characters. >>>> +# If not defined, value will be acquired from HostMetadataItem. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-255 characters >>>> +# Default: >>>> +# HostMetadata=3D >>>> + >>>> +### Option: HostMetadataItem >>>> +# Optional parameter that defines an item used for getting host metadat= a. >>>> +# Host metadata is used at host auto-registration process. >>>> +# During an auto-registration request an agent will log a warning >>>> message if >>>> +# the value returned by specified item is over limit of 255 characters. >>>> +# This option is only used when HostMetadata is not defined. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# HostMetadataItem=3D >>>> + >>>> +### Option: RefreshActiveChecks >>>> +# How often list of active checks is refreshed, in seconds. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 60-3600 >>>> +# Default: >>>> +# RefreshActiveChecks=3D120 >>>> + >>>> +### Option: BufferSend >>>> +# Do not keep data longer than N seconds in buffer. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 1-3600 >>>> +# Default: >>>> +# BufferSend=3D5 >>>> + >>>> +### Option: BufferSize >>>> +# Maximum number of values in a memory buffer. The agent will send >>>> +# all collected data to Zabbix Server or Proxy if the buffer is full. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 2-65535 >>>> +# Default: >>>> +# BufferSize=3D100 >>>> + >>>> +### Option: MaxLinesPerSecond >>>> +# Maximum number of new lines the agent will send per second to Zabbix >>>> Server >>>> +# or Proxy processing 'log' and 'logrt' active checks. >>>> +# The provided value will be overridden by the parameter 'maxlines', >>>> +# provided in 'log' or 'logrt' item keys. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 1-1000 >>>> +# Default: >>>> +# MaxLinesPerSecond=3D20 >>>> + >>>> +############ ADVANCED PARAMETERS ################# >>>> + >>>> +### Option: Alias >>>> +# Sets an alias for an item key. It can be used to substitute long and >>>> complex item key with a smaller and simpler one. >>>> +# Multiple Alias parameters may be present. Multiple parameters with >>>> the same Alias key are not allowed. >>>> +# Different Alias keys may reference the same item key. >>>> +# For example, to retrieve the ID of user 'zabbix': >>>> +# Alias=3Dzabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),= ,,,\1] >>>> +# Now shorthand key zabbix.userid may be used to retrieve data. >>>> +# Aliases can be used in HostMetadataItem but not in HostnameItem >>>> parameters. >>>> +# >>>> +# Mandatory: no >>>> +# Range: >>>> +# Default: >>>> + >>>> +### Option: Timeout >>>> +# Spend no more than Timeout seconds on processing >>>> +# >>>> +# Mandatory: no >>>> +# Range: 1-30 >>>> +# Default: >>>> +# Timeout=3D3 >>>> + >>>> +### Option: AllowRoot >>>> +# Allow the agent to run as 'root'. If disabled and the agent is >>>> started by 'root', the agent >>>> +# will try to switch to the user specified by the User configuration >>>> option instead. >>>> +# Has no effect if started under a regular user. >>>> +# 0 - do not allow >>>> +# 1 - allow >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# AllowRoot=3D0 >>>> + >>>> +### Option: User >>>> +# Drop privileges to a specific, existing user on the system. >>>> +# Only has effect if run as 'root' and AllowRoot is disabled. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# User=3Dzabbix >>>> + >>>> +### Option: Include >>>> +# You may include individual files or all files in a directory in the >>>> configuration file. >>>> +# Installing Zabbix will create include directory in /usr/local/etc, >>>> unless modified during the compile time. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# Include=3D >>>> + >>>> +Include=3D/etc/zabbix/zabbix_agentd.d/*.conf >>>> + >>>> + >>>> +####### USER-DEFINED MONITORED PARAMETERS ####### >>>> + >>>> +### Option: UnsafeUserParameters >>>> +# Allow all characters to be passed in arguments to user-defined >>>> parameters. >>>> +# The following characters are not allowed: >>>> +# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ >>>> +# Additionally, newline characters are not allowed. >>>> +# 0 - do not allow >>>> +# 1 - allow >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-1 >>>> +# Default: >>>> +# UnsafeUserParameters=3D0 >>>> + >>>> +### Option: UserParameter >>>> +# User-defined parameter to monitor. There can be several user-defined >>>> parameters. >>>> +# Format: UserParameter=3D, >>>> +# See 'zabbix_agentd' directory for examples. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# UserParameter=3D >>>> + >>>> +####### LOADABLE MODULES ####### >>>> + >>>> +### Option: LoadModulePath >>>> +# Full path to location of agent modules. >>>> +# Default depends on compilation options. >>>> +# To see the default path run command "zabbix_agentd --help". >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# LoadModulePath=3D/usr/lib/modules >>> >>> See above. >>> >>>> +### Option: LoadModule >>>> +# Module to load at agent startup. Modules are used to extend >>>> functionality of the agent. >>>> +# Format: LoadModule=3D >>>> +# The modules must be located in directory specified by LoadModulePath. >>>> +# It is allowed to include multiple LoadModule parameters. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# LoadModule=3D >>>> + >>>> +####### TLS-RELATED PARAMETERS ####### >>>> + >>>> +### Option: TLSConnect >>>> +# How the agent should connect to server or proxy. Used for active chec= ks. >>>> +# Only one value can be specified: >>>> +# unencrypted - connect without encryption >>>> +# psk - connect using TLS and a pre-shared key >>>> +# cert - connect using TLS and a certificate >>>> +# >>>> +# Mandatory: yes, if TLS certificate or PSK parameters are defined >>>> (even for 'unencrypted' connection) >>>> +# Default: >>>> +# TLSConnect=3Dunencrypted >>>> + >>>> +### Option: TLSAccept >>>> +# What incoming connections to accept. >>>> +# Multiple values can be specified, separated by comma: >>>> +# unencrypted - accept connections without encryption >>>> +# psk - accept connections secured with TLS and a pre-shared k= ey >>>> +# cert - accept connections secured with TLS and a certificate >>>> +# >>>> +# Mandatory: yes, if TLS certificate or PSK parameters are defined >>>> (even for 'unencrypted' connection) >>>> +# Default: >>>> +# TLSAccept=3Dunencrypted >>>> + >>>> +### Option: TLSCAFile >>>> +# Full pathname of a file containing the top-level CA(s) certificates f= or >>>> +# peer certificate verification. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCAFile=3D >>>> + >>>> +### Option: TLSCRLFile >>>> +# Full pathname of a file containing revoked certificates. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCRLFile=3D >>>> + >>>> +### Option: TLSServerCertIssuer >>>> +# Allowed server certificate issuer. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSServerCertIssuer=3D >>>> + >>>> +### Option: TLSServerCertSubject >>>> +# Allowed server certificate subject. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSServerCertSubject=3D >>>> + >>>> +### Option: TLSCertFile >>>> +# Full pathname of a file containing the agent certificate or >>>> certificate chain. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCertFile=3D >>>> + >>>> +### Option: TLSKeyFile >>>> +# Full pathname of a file containing the agent private key. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSKeyFile=3D >>>> + >>>> +### Option: TLSPSKIdentity >>>> +# Unique, case sensitive string used to identify the pre-shared key. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSPSKIdentity=3D >>>> + >>>> +### Option: TLSPSKFile >>>> +# Full pathname of a file containing the pre-shared key. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSPSKFile=3D >>>> + >>>> +#TLSPSKFile=3D/etc/zabbix/zabbix_agentd.psk >>> >>> This line doesn=E2=80=99t do anything. >> >> It's yust for convenience actually. I personally aprecieate this parameter= and the file already existing as very handy when configuring a >> new host. But thinking about it, actually it might be more consequent not = providing this, because I don't provide a default for the other >> TLS-parameters and files and the file ends up residing on the system witho= ut any use if PSK is not the chosen method of encryption. I will >> remove both. >> >>> >>>> + >>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd >>>> new file mode 100755 >>>> index 0000000..fba24f1 >>>> --- /dev/null >>>> +++ b/lfs/zabbix_agentd >>>> @@ -0,0 +1,128 @@ >>>> +#######################################################################= ######## >>>> +# >>>> # >>>> +# IPFire.org - A linux based firewall >>>> # >>>> +# Copyright (C) 2007-2019 IPFire Team >>>> # >>>> +# >>>> # >>>> +# This program is free software: you can redistribute it and/or modify >>>> # >>>> +# it under the terms of the GNU General Public License as published by >>>> # >>>> +# the Free Software Foundation, either version 3 of the License, or >>>> # >>>> +# (at your option) any later version. >>>> # >>>> +# >>>> # >>>> +# This program is distributed in the hope that it will be useful, >>>> # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> # >>>> +# GNU General Public License for more details. >>>> # >>>> +# >>>> # >>>> +# You should have received a copy of the GNU General Public License >>>> # >>>> +# along with this program. If not, see . >>>> # >>>> +# >>>> # >>>> +#######################################################################= ######## >>>> + >>>> +#######################################################################= ######## >>>> +# Definitions >>>> +#######################################################################= ######## >>>> + >>>> +include Config >>>> + >>>> +VER =3D 4.0.3 >>>> + >>>> +THISAPP =3D zabbix-$(VER) >>>> +DL_FILE =3D $(THISAPP).tar.gz >>>> +DL_FROM =3D $(URL_IPFIRE) >>>> +DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>>> +TARGET =3D $(DIR_INFO)/$(THISAPP) >>>> +PROG =3D zabbix_agentd >>>> +PAK_VER =3D 0.4 >>>> +DEPS =3D "" >>>> + >>>> +#######################################################################= ######## >>>> +# Top-level Rules >>>> +#######################################################################= ######## >>>> + >>>> +objects =3D $(DL_FILE) >>>> + >>>> +$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>>> + >>>> +$(DL_FILE)_MD5 =3D 917d7303c248a9d1c49b8883c01ab2d9 >>>> + >>>> +install : $(TARGET) >>>> + >>>> +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) >>>> + >>>> +download :$(patsubst %,$(DIR_DL)/%,$(objects)) >>>> + >>>> +md5 : $(subst %,%_MD5,$(objects)) >>>> + >>>> +dist: >>>> + @$(PAK) >>>> + >>>> +#######################################################################= ######## >>>> +# Downloading, checking, md5sum >>>> +#######################################################################= ######## >>>> + >>>> +$(patsubst %,$(DIR_CHK)/%,$(objects)) : >>>> + @$(CHECK) >>>> + >>>> +$(patsubst %,$(DIR_DL)/%,$(objects)) : >>>> + @$(LOAD) >>>> + >>>> +$(subst %,%_MD5,$(objects)) : >>>> + @$(MD5) >>>> + >>>> +#######################################################################= ######## >>>> +# Installation Details >>>> +#######################################################################= ######## >>>> + >>>> +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>>> + @$(PREBUILD) >>>> + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE) >>>> + cd $(DIR_APP) && ./configure \ >>>> + --prefix=3D/usr \ >>>> + --enable-agent \ >>>> + --sysconfdir=3D"/etc/zabbix" \ >>>> + --with-openssl >>>> + >>>> + cd $(DIR_APP) && make + cd $(DIR_APP) && make install >>>> + >>>> + # Add User Zabbix if it does not exist >>>> + id -u zabbix &>/dev/null || useradd -r -U -s /bin/false -M -d >>>> /var/empty -c "Zabbix Monitoring=E2=80=9D zabbix >>> >>> You are checking if the user exists, but expect to create a user *and* a = group. This could potentially go wrong. >>> >>> This will also randomly select a user ID. Therefore it would be better to= have this in config/etc/passwd and config/etc/group so it will be persistent= for every time the build is run. >> >> Ok, i will change this. But will this not result in the user & group exist= ing allways and not only if the addon is installed? >=20 > Yes. I don=E2=80=99t think that that is a bad thing. We have that for most = of the other addons, too. >=20 >> >>> >>>> + # Create config directory and create files. >>>> + -rmdir zabbix_agentd.conf.d >>> >>> You are trying to delete /usr/src/zabbit_agentd.conf.d here. This should = not exist anyways. >> >> The install-routine allways creates this and I could not figure out how to= disable / change this in the lfs. I know this is a dirty >> workaround, but I don't know a better way to solve this by today. Does any= body have a hint for me? >=20 > Is it because you used the quotes around =E2=80=94-sysconfdir? I don=E2=80= =99t know=E2=80=A6 Seems to be a bug in their build system. You seem to be right. I changed it to --sysconfdir=3D/etc/zabbix_agentd and i= t still happens. I will just stick to the workaround and keep an eye on it. >=20 >> >>> >>>> + -mkdir -pv /etc/zabbix/zabbix_agentd.d >>>> + -mkdir -pv /etc/zabbix/scripts >>>> + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \ >>>> + /etc/zabbix/zabbix_agentd.conf >>>> + install -v -m 644 >>>> $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ >>>> + /etc/zabbix/zabbix_agentd.d/userparameter_pakfire.conf >>>> + install -v -m 754 -g zabbix >>>> $(DIR_SRC)/config/zabbix_agentd/pakfire_updates.pl \ >>>> + /etc/zabbix/scripts/pakfire_updates.pl >>> >>> Why should this script not be allowed to be executed by other users than = root and those in the zabbix group? >> >> There is no reason besides my paranoia... The functionallity of the file w= ill be integrated in the original one anyways (see above). >> >>> >>>> + touch /etc/zabbix/zabbix_agentd.psk >>> >>> This file is not being used in the configuration file. >> >> See above. >> >>> >>>> + # Create directory and file for logging. >>>> + -mkdir -pv /var/log/zabbix >>>> + chown zabbix.zabbix /var/log/zabbix -R >>>> + >>>> + # Create directory for pid. >>>> + -mkdir -pv /var/run/zabbix >>>> + chown zabbix.zabbix /var/run/zabbix >>>> + >>>> + # Install initscripts >>>> + $(call INSTALL_INITSCRIPT,zabbix_agentd) >>>> + >>>> + # Install sudoers include file >>>> + install -v -m 440 $(DIR_SRC)/config/zabbix_agentd/sudoers \ >>>> + /etc/sudoers.d/zabbix >>>> + >>>> + # Install include file for backup >>>> + install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ >>>> + /var/ipfire/backup/addons/includes/zabbix_agentd >>>> + >>>> + # Install include file for Logrotate >>>> + -mkdir -pv /etc/logrotate.d >>>> + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/logrotate \ >>>> + /etc/logrotate.d/zabbix_agentd >>>> + >>>> + @rm -rf $(DIR_APP) >>>> + @$(POSTBUILD) >>>> diff --git a/make.sh b/make.sh >>>> index f96b74b..dadae3c 100755 >>>> --- a/make.sh >>>> +++ b/make.sh >>>> @@ -1588,6 +1588,7 @@ buildipfire() { >>>> lfsmake2 dehydrated >>>> lfsmake2 shairport-sync >>>> lfsmake2 borgbackup >>>> + lfsmake2 zabbix_agentd >>>> } >>>> buildinstaller() { >>>> diff --git a/src/initscripts/packages/zabbix_agentd >>>> b/src/initscripts/packages/zabbix_agentd >>>> new file mode 100755 >>>> index 0000000..e50b56c >>>> --- /dev/null >>>> +++ b/src/initscripts/packages/zabbix_agentd >>>> @@ -0,0 +1,61 @@ >>>> +#!/bin/sh >>>> +######################################################################## >>>> +# Begin $rc_base/init.d/zabbix_agentd >>>> +# >>>> +# Description : This is a script that starts zabbix_agent as deamon >>>> +# >>>> +# Authors : Alexander Koch (ipfire(a)starkstromkonsument.de) >>>> +# >>>> +# Version : 01.00 >>>> +# >>>> +# Notes : >>>> +# >>>> +######################################################################## >>>> + >>>> +. /etc/sysconfig/rc >>>> +. ${rc_functions} >>>> + >>>> +NAME=3Dzabbix_agentd >>>> +DAEMON=3D/usr/sbin/$NAME >>>> +DESC=3D"Zabbix agent" >>>> +RUNDIR=3D/var/run/zabbix >>>> +CONF=3D/etc/zabbix/zabbix_agentd.conf >>>> + >>>> +test -x $DAEMON || exit 0 >>>> + >>>> +case "${1}" in >>>> + start) >>>> + # Make sure RUNDIR exists >>>> + if [ ! -d $RUNDIR ]; then >>>> + boot_mesg "Creating Directory $RUNDIR ..." >>>> + mkdir $RUNDIR >>>> + chown zabbix.zabbix $RUNDIR >>>> + fi >>>> + >>>> + boot_mesg "Starting $NAME =E2=80=A6" >>> >>> We usually use a descriptive name here and not the name of the binary her= e. >>> >>> Also no space before the ellipsis.> >>>> + loadproc $DAEMON -c $CONF > /dev/null >>>> + evaluate_retval >>>> + ;; >>>> + =09 >>>> + stop) >>>> + boot_mesg "Stopping $NAME ..." >>>> + killproc $DAEMON >>>> + ;; >>>> + >>>> + restart) >>>> + ${0} stop >>>> + sleep 1 >>>> + ${0} start >>>> + ;; >>>> + >>>> + status) >>>> + statusproc $DAEMON >>>> + ;; >>>> + >>>> + *) >>>> + echo "Usage: ${0} {start|stop|restart|status}" >>>> + exit 1 >>>> + ;; >>>> +esac >>>> + >>>> +# End $rc_base/init.d/zabbix_agentd >>> >>> This script is a bit different than the others. Variables are being used = instead of using the command names directly. Not sure if that is necessary. >> >> Ok, I'll change it. >> >>> >>> Why is the output of loadproc being thrown away? You won=E2=80=99t have t= o call evaluate_retval if you didn=E2=80=99t do that. >> >> I actually just coppied this part from the netsnmpd-addon without thinking= about it =E2=80=A6 >=20 > There is a script called =E2=80=9Ctemplate=E2=80=9D which is=E2=80=A6 well= =E2=80=A6 a template that I use for the initscripts. >=20 >> >>> >>> Is it not better to have /var/run/zabbix being created in src/initscripts= /sysconfig/createfiles? >> >> Yes, it is. I did not know this script yet. >> >>> >>>> diff --git a/src/paks/zabbix_agentd/install.sh >>>> b/src/paks/zabbix_agentd/install.sh >>>> new file mode 100644 >>>> index 0000000..7264a08 >>>> --- /dev/null >>>> +++ b/src/paks/zabbix_agentd/install.sh >>>> @@ -0,0 +1,45 @@ >>>> +#!/bin/bash >>>> +#######################################################################= ##### >>>> +# >>>> # >>>> +# This file is part of the IPFire Firewall. >>>> # >>>> +# >>>> # >>>> +# IPFire is free software; you can redistribute it and/or modify >>>> # >>>> +# it under the terms of the GNU General Public License as published by >>>> # >>>> +# the Free Software Foundation; either version 2 of the License, or >>>> # >>>> +# (at your option) any later version. >>>> # >>>> +# >>>> # >>>> +# IPFire is distributed in the hope that it will be useful, >>>> # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> # >>>> +# GNU General Public License for more details. >>>> # >>>> +# >>>> # >>>> +# You should have received a copy of the GNU General Public License >>>> # >>>> +# along with IPFire; if not, write to the Free Software >>>> # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>> USA # >>>> +# >>>> # >>>> +# Copyright (C) 2007 IPFire-Team . >>>> # >>>> +# >>>> # >>>> +#######################################################################= ##### >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> + >>>> +# Add User Zabbix if it does not exist >>>> +id -u zabbix &>/dev/null || useradd -r -U -s /bin/false -M -d >>>> /var/empty -c "Zabbix Monitoring=E2=80=9D zabbix >>> >>> See above. If the group has been lost, it won=E2=80=99t be recreated agai= n. >> >> The "-U" takes care of this. >=20 > It doesn=E2=80=99t really, because useradd isn=E2=80=99t called when the us= er exists, but the group doesn=E2=80=99t. Hence you end up with no group. Cer= tainly an edge-case, but possible. >=20 >>> >>>> + >>>> +extract_files >>>> + >>>> +# Create additonal Directories and set permissions >>>> +mkdir -pv /etc/zabbix/zabbix_agentd.d >>>> +mkdir -pv /etc/zabbix/scripts >>> >>> These should be in the tarball. >>> >>>> +mkdir -pv /var/run/zabbix >>>> +chown zabbix.zabbix /var/run/zabbix >>> >>> This is being created in the initscript. >>> >>>> +mkdir -pv /var/log/zabbix >>>> +chown zabbix.zabbix /var/log/zabbix -R >>> >>> This should also be in the tarball. >> >> I will check / fix these issues. >> >>> >>>> +# Create symlinks for runlevel interaction. >>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc3.d/S14zabbix_agentd >>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc0.d/K71zabbix_agentd >>>> +ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K71zabbix_agentd >>> >>> You are starting this very early in the boot process. Even before the net= work is being started. >>> >>> Is that deliberate or could this be moved to a later time? >>> >>> Can zabbix bind to IP addresses if those are not assigned to the network = interfaces, yet? >> >> No and no. I will change it to S65 & K02, if you agree. >=20 > Yes, I think that makes more sense. >=20 >> >>> >>>> +restore_backup ${NAME} >>>> +start_service --background ${NAME} >>>> diff --git a/src/paks/zabbix_agentd/uninstall.sh >>>> b/src/paks/zabbix_agentd/uninstall.sh >>>> new file mode 100644 >>>> index 0000000..ae8f815 >>>> --- /dev/null >>>> +++ b/src/paks/zabbix_agentd/uninstall.sh >>>> @@ -0,0 +1,38 @@ >>>> +#!/bin/bash >>>> +#######################################################################= ##### >>>> +# >>>> # >>>> +# This file is part of the IPFire Firewall. >>>> # >>>> +# >>>> # >>>> +# IPFire is free software; you can redistribute it and/or modify >>>> # >>>> +# it under the terms of the GNU General Public License as published by >>>> # >>>> +# the Free Software Foundation; either version 2 of the License, or >>>> # >>>> +# (at your option) any later version. >>>> # >>>> +# >>>> # >>>> +# IPFire is distributed in the hope that it will be useful, >>>> # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> # >>>> +# GNU General Public License for more details. >>>> # >>>> +# >>>> # >>>> +# You should have received a copy of the GNU General Public License >>>> # >>>> +# along with IPFire; if not, write to the Free Software >>>> # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>> USA # >>>> +# >>>> # >>>> +# Copyright (C) 2007 IPFire-Team . >>>> # >>>> +# >>>> # >>>> +#######################################################################= ##### >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> +stop_service ${NAME} >>>> +make_backup ${NAME} >>>> +remove_files >>>> + >>>> +# Remove init-scripts and symlinks >>>> +rm -rfv /etc/rc.d/rc*.d/*zabbix_agentd >>>> + >>>> +# Remove directorys >>>> +rm -rfv /etc/zabbix >>>> +rm -rfv /var/log/zabbix >>>> +rm -rfv /var/run/zabbix >>> >>> See above. Log files should not be removed I think. We do not do that any= where else as far as I know. >> >> Ok. >> >>> >>>> + >>>> +# Remove user and group >>>> +userdel zabbix >>> >>> Do you delete the group here? >> >> I tested this an the group seems to be deleted automatically, because it's= the users primary group. >=20 > What about any files that are not being removed? Logfiles, etc. These might= lose their user/group. >=20 > You should leave the user/group when the add-on is being uninstalled. >=20 >> >>> >>>> diff --git a/src/paks/zabbix_agentd/update.sh >>>> b/src/paks/zabbix_agentd/update.sh >>>> new file mode 100644 >>>> index 0000000..89c40d0 >>>> --- /dev/null >>>> +++ b/src/paks/zabbix_agentd/update.sh >>>> @@ -0,0 +1,26 @@ >>>> +#!/bin/bash >>>> +#######################################################################= ##### >>>> +# >>>> # >>>> +# This file is part of the IPFire Firewall. >>>> # >>>> +# >>>> # >>>> +# IPFire is free software; you can redistribute it and/or modify >>>> # >>>> +# it under the terms of the GNU General Public License as published by >>>> # >>>> +# the Free Software Foundation; either version 2 of the License, or >>>> # >>>> +# (at your option) any later version. >>>> # >>>> +# >>>> # >>>> +# IPFire is distributed in the hope that it will be useful, >>>> # >>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> # >>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> # >>>> +# GNU General Public License for more details. >>>> # >>>> +# >>>> # >>>> +# You should have received a copy of the GNU General Public License >>>> # >>>> +# along with IPFire; if not, write to the Free Software >>>> # >>>> +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 >>>> USA # >>>> +# >>>> # >>>> +# Copyright (C) 2007 IPFire-Team . >>>> # >>>> +# >>>> # >>>> +#######################################################################= ##### >>>> +# >>>> +. /opt/pakfire/lib/functions.sh >>>> +./uninstall.sh >>>> +./install.sh >>>> --=20 >>>> 2.7.4 >>> >>> So, those are a lot of comments. Most of them are just questions. Hope yo= u can clarify those for me. >>> >>> Looking forward to hearing from you soon. Apologies for taking a couple o= f days to review this. Where are the other people on this list? >>> >>> -Michael >>> >> >> I hope I cloud clarify you're questions. I'm looking forward to some more = feedback to my few questions above and I will be preparing a >> modified patch within a few days. >=20 > Cool! >=20 > -Michael >=20 >> >> Best regards, >> Alex >=20 --===============2408967991689885618==--