From 8518c14708bdffd063ac0767e6859f4f0aa81003 Mon Sep 17 00:00:00 2001 From: Mickael-Martin Date: Thu, 7 Mar 2019 15:03:07 +0100 Subject: [PATCH] Merge branch 'master' into 'testing' Master See merge request Mickael-Martin/zabbix_ynh!12 --- README.md | 2 +- manifest.json | 5 +- scripts/_common.sh | 127 +++++++++++++++++++++++++ scripts/backup | 6 ++ scripts/install | 226 +++++++++++++++++---------------------------- scripts/remove | 12 +-- scripts/restore | 51 +++++----- scripts/upgrade | 202 ++++++++++++---------------------------- 8 files changed, 313 insertions(+), 318 deletions(-) diff --git a/README.md b/README.md index fd1a450..58de2be 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Do not change admin password. * Do not change the default admin user password. The user is disabled juste after the install but used to update templates. * The Zabbix server port is not opened by default for external monitoring (active agent). -* Install or update apply a template yunohost on the host "Zabbix-server" (127.0.0.1) for basic monitoring for Yunohost. +* A Yunohost template is imported and linked to the host "Zabbix-server" (127.0.0.1) for basic monitoring for Yunohost. * If you want more information about Yunohost in the template, please open an issue on git. **More information on the documentation page:** diff --git a/manifest.json b/manifest.json index 04cd064..4816e75 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Zabbix pour Yunohost" }, "version": "2.0", - "url": "https://framagit.org/Mickael-Martin/zabbix_ynh", + "url": "https://www.zabbix.com", "license": "free", "maintainer": { "name": "Mickael Martin", @@ -61,10 +61,11 @@ "en": "Is it a public application?", "fr": "Est-ce une application publique ?" }, - "default": true + "default": false }, { "name": "language", + "type": "string", "ask": { "en": "Choose the application language", "fr": "Choisissez la langue de l'application" diff --git a/scripts/_common.sh b/scripts/_common.sh index bb04a03..79bf17b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,4 +10,131 @@ ynh_delete_file_checksum () { local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' ynh_app_setting_delete $app $checksum_setting_name +} + +#Zabbix part +#===================GET GUEST DEFAULT USER STATE============== +#return 0 if enable, else 1 +get_state_guest_user(){ + $mysqlconn -BN -e "SELECT count(id) from \`users_groups\` where userid=2 and usrgrpid=9" +} + +#================ DISABLE DEFAULT ZABBIX USER GUEST =================== + +disable_guest_user(){ + if [ $(get_state_guest_user) = "0" ];then + lastid=$($mysqlconn -BN -e "SELECT max(id) from \`users_groups\`") + lastid=$(("$lastid" + 1 )) + $mysqlconn -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" + fi +} + +#===================GET ADMIN DEFAULT USER STATE============== +#return 0 if enable, else 1 +get_state_admin_user(){ + $mysqlconn -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9" +} + +#================ DISABLE DEFAULT ADMIN USER =================== +disable_admin_user(){ + if [ $(get_state_admin_user) = "0" ] ;then + lastid=$($mysqlconn -BN -e "SELECT max(id) from \`users_groups\`") + lastid=$((lastid + 1 )) + $mysqlconn -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);" + ynh_print_info "Default admin disabled" + + else + ynh_print_info "Default admin already disabled" + + fi +} + +enable_admin_user(){ + if [ $(get_state_admin_user) = "1" ] ;then + ynh_print_info "Enable default admin" + #enable default admin temporaly + $mysqlconn -e "DELETE FROM users_groups where usrgrpid=9 and userid=1;" + ynh_print_info "Default admin enabled" + else + ynh_print_info "Default admin already enable" + fi +} + +import_template(){ + ynh_print_info "Import yunohost template" + zabbixFullpath=https://$domain$path_url + localpath=$(find /var/cache/yunohost/ -name "Template_Yunohost.xml") + sudoUserPpath=$(find /var/cache/yunohost/ -name "etc_sudoers.d_zabbix") + confUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_userP_yunohost.conf") + bashUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_yunohost.sh") + + cp "$sudoUserPpath" /etc/sudoers.d/zabbix + cp "$confUserPpath" /etc/zabbix/zabbix_agentd.d/userP_yunohost.conf + cp "$bashUserPpath" /etc/zabbix/zabbix_agentd.d/yunohost.sh + chmod a+x /etc/zabbix/zabbix_agentd.d/yunohost.sh + + systemctl restart zabbix-agent + curlOptions="-k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt --resolve $domain:443:127.0.0.1" + + curl -L $curlOptions \ + --form "enter=Sign+in" \ + --form "name=Admin" \ + --form "password=zabbix" \ + "$zabbixFullpath/index.php" + + if [ $? -eq 0 ];then + sid=$(curl $curlOptions \ + "$zabbixFullpath/conf.import.php?rules_preset=template" \ + | grep -Po 'name="sid" value="\K([a-z0-9]{16})(?=")' ) + + importState=$(curl $curlOptions \ + --form "config=1" \ + --form "import_file=@$localpath" \ + --form "rules[groups][createMissing]=1" \ + --form "rules[templates][updateExisting]=1" \ + --form "rules[templates][createMissing]=1" \ + --form "rules[templateScreens][updateExisting]=1" \ + --form "rules[templateScreens][createMissing]=1" \ + --form "rules[templateLinkage][createMissing]=1" \ + --form "rules[applications][createMissing]=1" \ + --form "rules[items][updateExisting]=1" \ + --form "rules[items][createMissing]=1" \ + --form "rules[discoveryRules][updateExisting]=1" \ + --form "rules[discoveryRules][createMissing]=1" \ + --form "rules[triggers][updateExisting]=1" \ + --form "rules[triggers][createMissing]=1" \ + --form "rules[graphs][updateExisting]=1" \ + --form "rules[graphs][createMissing]=1" \ + --form "rules[httptests][updateExisting]=1" \ + --form "rules[httptests][createMissing]=1" \ + --form "rules[valueMaps][createMissing]=1" \ + --form "import=Import" \ + --form "backurl=templates.php" \ + --form "form_refresh=1" \ + --form "sid=${sid}" \ \ + "${zabbixFullpath}/conf.import.php?rules_preset=template" \ + | grep -c "Imported successfully") + + if [ "$importState" -eq "1" ];then + ynh_print_info "Template Yunohost imported !" + else + ynh_print_warn "Template Yunohost not imported !" + fi + else + ynh_print_warn "Admin user cannot connect interface !" + fi +} + +link_template(){ + #apply template to host + tokenapi=$(curl -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{ "jsonrpc": "2.0","method": "user.login","params": {"user": "Admin","password": "zabbix"},"id": 1,"auth": null}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result') + zabbixHostID=$(curl -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.get","params":{"filter":{"host":["Zabbix server"]}},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result[0].hostid') + zabbixTemplateID=$(curl -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"template.get","params":{"filter":{"host":["Template Yunohost"]}},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result[0].templateid') + applyTemplate=$(curl -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.massadd","params":{"hosts":[{"hostid":"'"$zabbixHostID"'"}],"templates":[{"templateid":"'"$zabbixTemplateID"'"}]},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result.hostids[]') + if [ "$applyTemplate" -eq "$zabbixHostID" ];then + ynh_print_info "Template Yunohost linked to Zabbix server !" + else + ynh_print_warn "Template Yunohost no linked to Zabbix server !" + fi + } \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 300cbbb..745ff1b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -29,6 +29,8 @@ app="zabbix" final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) +nonfree=$(ynh_app_setting_get $app nonfree) + #================================================= # STANDARD BACKUP STEPS @@ -69,4 +71,8 @@ ynh_mysql_dump_db "$db_name" > db.sql #================================================= # SPECIFIC BACKUP #================================================= +if [ $nonfree ];then + ynh_backup /etc/apt/sources.list.d/non-free.list + ynh_backup /etc/apt/preferences.d +fi diff --git a/scripts/install b/scripts/install index f4cac42..df2f530 100644 --- a/scripts/install +++ b/scripts/install @@ -1,4 +1,5 @@ -#================================================= +#!/bin/bash +##================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS @@ -12,17 +13,17 @@ source /usr/share/yunohost/helpers #================================================= # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE +export domain="$YNH_APP_ARG_DOMAIN" +export path_url="$YNH_APP_ARG_PATH" +admin="$YNH_APP_ARG_ADMIN" +is_public="$YNH_APP_ARG_IS_PUBLIC" +language="$YNH_APP_ARG_LANGUAGE" ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID @@ -34,7 +35,7 @@ language=$YNH_APP_ARG_LANGUAGE ### The app instance name is probably what interests you most, since this is ### guaranteed to be unique. This is a good unique identifier to define installation path, ### db names, ... -app=$YNH_APP_INSTANCE_NAME +app="$YNH_APP_INSTANCE_NAME" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS @@ -46,22 +47,23 @@ final_path=/var/www/zabbix test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path "$path_url") # Check web path availability -ynh_webpath_available $domain $path_url +ynh_webpath_available "$domain" "$path_url" # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Get infos from manifest" -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app language $language +ynh_app_setting_set "$app" domain "$domain" +ynh_app_setting_set "$app" path "$path_url" +ynh_app_setting_set "$app" admin "$admin" +ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set "$app" language "$language" #================================================= # STANDARD MODIFICATIONS @@ -93,35 +95,29 @@ ynh_app_setting_set $app language $language ### - Remove the section "REMOVE DEPENDENCIES" in the remove script ### - As well as the section "REINSTALL DEPENDENCIES" in the restore script ### - And the section "UPGRADE DEPENDENCIES" in the upgrade script +ynh_print_info "Install Zabbix repository" wget "https://repo.zabbix.com/zabbix/4.0/debian/pool/main/z/zabbix-release/zabbix-release_4.0-2+stretch_all.deb" dpkg -i zabbix-release_*.deb rm zabbix-release_*.deb -echo "deb http://deb.debian.org/debian stretch non-free" >/etc/apt/sources.list.d/non-free.list + +ynh_print_info "Update and install dependencies" ynh_package_update -ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd snmp-mibs-downloader libjs-prototype zabbix-server-mysql zabbix-agent jq -yunohost service add snmpd -d "Management of SNMP Daemon" -DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php -ar x *.deb -tar xzf control.tar.gz -sed -i 's/apache2 | httpd, //' control -tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control -ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz +ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq -dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb - -rm -fr zabbix-*.deb +ynh_package_install zabbix-server-mysql zabbix-agent zabbix-frontend-php DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php sed -i "s/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/g" /etc/locale.gen locale-gen -ln -s /usr/share/zabbix $final_path -rm $final_path/conf/zabbix.conf.php +ln -s /usr/share/zabbix "$final_path" +rm "$final_path/conf/zabbix.conf.php" #================================================= # CREATE A MYSQL DATABASE #================================================= +ynh_print_info "Create and add default data in db" ### Use these lines if you need a database for the application. ### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. @@ -132,46 +128,46 @@ rm $final_path/conf/zabbix.conf.php ### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script ### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script -db_name=$(ynh_sanitize_dbid $app) -db_user=$db_name -ynh_app_setting_set $app db_name $db_name -ynh_app_setting_set $app db_user $db_user -ynh_mysql_setup_db $db_user $db_name +declare db_pwd +db_name=$(ynh_sanitize_dbid "$app") +db_user="$db_name" +ynh_app_setting_set "$app" db_name "$db_name" +ynh_app_setting_set "$app" db_user "$db_user" +ynh_mysql_setup_db "$db_user" "$db_name" -zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -u$db_user -p$db_pwd $db_name +export mysqlconn="mysql -u$db_user -p$db_pwd $db_name" + +zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | $mysqlconn #sso integration -mysql -u$db_user -p$db_pwd $db_name -e "UPDATE \`config\` SET \`http_auth_enabled\` = '1', \`http_login_form\` = '1' WHERE \`config\`.\`configid\` = 1;" +$mysqlconn -e "UPDATE \`config\` SET \`http_auth_enabled\` = '1', \`http_login_form\` = '1' WHERE \`config\`.\`configid\` = 1;" -if [ $language == "fr" ];then +if [ "$language" == "fr" ];then lang="fr_FR" else lang="en_GB" fi #admin creation -surname=$(ynh_user_get_info $admin lastname) -name=$(ynh_user_get_info $admin firstname) +surname=$(ynh_user_get_info "$admin" lastname) +name=$(ynh_user_get_info "$admin" firstname) -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users\` (\`userid\`,\`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES (3,'"$admin"', '"$admin"', '"$admin"', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '"$lang"', '30s', 3, 'default', 0, '', 0, 50);" -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\`, \`usrgrpid\`, \`userid\`) VALUES (5, 7, 3);" +$mysqlconn -e "INSERT INTO \`users\` (\`userid\`,\`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES (3,'$admin', '$admin', '$admin', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '$lang', '30s', 3, 'default', 0, '', 0, 50);" +$mysqlconn -e "INSERT INTO \`users_groups\` (\`id\`, \`usrgrpid\`, \`userid\`) VALUES (5, 7, 3);" #users creation in zabbix database i=4 -for u in $(ynh_user_list); +for user in $(ynh_user_list); do - if [ "$u" != "$admin" ];then - surname=$(ynh_user_get_info $u lastname) - name=$(ynh_user_get_info $u firstname) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users\` (\`userid\`, \`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES ("$i",'"$u"', '"$name"', '"$surname"', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '"$lang"', '30s', 1, 'default', 0, '', 0, 50);" - i=$(($i+1)) + if [ "$user" != "$admin" ];then + surname=$(ynh_user_get_info "$user" lastname) + name=$(ynh_user_get_info "$user" firstname) + $mysqlconn -e "INSERT INTO \`users\` (\`userid\`, \`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES ($i,'$user', '$name', '$surname', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '$lang', '30s', 1, 'default', 0, '', 0, 50);" + i=$((i+1)) fi done -#disable default guest -lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") -lastid=$(($lastid + 1 )) -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" +disable_guest_user #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -181,10 +177,12 @@ mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \ ### downloaded from an upstream source, like a git repository. ### `ynh_setup_source` use the file conf/app.src -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set "$app" final_path "$final_path" # Download, check integrity, uncompress and patch the source from app.src #ynh_setup_source "$final_path" +ynh_print_info "Generate web config" + #================================================= # NGINX CONFIGURATION #================================================= @@ -271,18 +269,13 @@ systemctl reload nginx # Installation with curl #ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris -fi - #================================================= # MODIFY A CONFIG FILE #================================================= ### `ynh_replace_string` is used to replace a string in a file. ### (It's compatible with sed regular expressions syntax) +ynh_print_info "Generate zabbix config files" echo "&2 - yunohost firewall disallow TCP $port 2>&1 + yunohost firewall disallow TCP "$port" 2>&1 fi #================================================= diff --git a/scripts/restore b/scripts/restore index 2bc111d..db08fa9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,10 +1,11 @@ +#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -#source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -39,37 +40,46 @@ rm -fr $final_path #================================================= domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) +#path_url=$(ynh_app_setting_get $app path) #not used +#admin=$(ynh_app_setting_get $app admin) #not used is_public=$(ynh_app_setting_get $app is_public) -language=$(ynh_app_setting_get $app language) +#language=$(ynh_app_setting_get $app language) #not used +nonfree=$(ynh_app_setting_get $app nonfree) + #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Install Zabbix repository" + wget "https://repo.zabbix.com/zabbix/4.0/debian/pool/main/z/zabbix-release/zabbix-release_4.0-2+stretch_all.deb" dpkg -i zabbix-release_*.deb rm zabbix-release_*.deb -echo "deb http://deb.debian.org/debian stretch non-free" >/etc/apt/sources.list.d/non-free.list + +ynh_print_info "Install non-free repository with pinning" +if [ $nonfree ];then + ynh_restore_file "/etc/apt/sources.list.d/non-free.list" + ynh_restore_file "/etc/apt/preferences.d" + +fi + +ynh_print_info "Update and install dependencies" ynh_package_update -ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd snmp-mibs-downloader libjs-prototype zabbix-server-mysql zabbix-agent -yunohost service add snmpd -d "Management of SNMP Daemon" -DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php -ar x *.deb -tar xzf control.tar.gz -sed -i 's/apache2 | httpd, //' control -tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control -ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz +if [ $nonfree ];then + ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd snmp-mibs-downloader libjs-prototype jq +else + ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq -dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb +fi -rm -fr zabbix-*.deb +ynh_package_install zabbix-server-mysql zabbix-agent zabbix-frontend-php DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php sed -i "s/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/g" /etc/locale.gen locale-gen + ln -s /usr/share/zabbix /var/www/zabbix rm $final_path/conf/zabbix.conf.php @@ -104,7 +114,7 @@ yunohost app ssowatconf systemctl reload nginx # Remove the public access -if [ $is_public -eq 0 ] +if [ "$is_public" -eq 0 ] then ynh_app_setting_delete $app skipped_uris fi @@ -117,8 +127,8 @@ db_name=$(ynh_app_setting_get $app db_name) db_user=$(ynh_app_setting_get $app db_user) db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_setup_db $db_user $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +ynh_mysql_setup_db "$db_user" "$db_name" "$db_pwd" +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < ./db.sql #================================================= # Restore configs files @@ -135,9 +145,6 @@ ynh_restore_file "/etc/zabbix" systemctl enable zabbix-server && systemctl start zabbix-server - - - #================================================= # SETUP LOGROTATE #================================================= @@ -159,7 +166,7 @@ systemctl enable zabbix-server && systemctl start zabbix-server #================================================= # Make app public if necessary -if [ $is_public -eq 1 ] +if [ "$is_public" -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set $app unprotected_uris "/" diff --git a/scripts/upgrade b/scripts/upgrade index 02173a4..666b60a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -14,17 +14,16 @@ source /usr/share/yunohost/helpers #================================================= app=$YNH_APP_INSTANCE_NAME -trustedversion="1:4.0.4-1+stretch" -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) -language=$(ynh_app_setting_get $app language) -db_name=$(ynh_app_setting_get $app db_name) -db_user=$(ynh_app_setting_get $app db_user) -db_pwd=$(ynh_app_setting_get $app mysqlpwd) - +trustedversion="1:4.0.5-1+stretch" +export domain=$(ynh_app_setting_get "$app" domain) +export path_url=$(ynh_app_setting_get "$app" path) +#admin=$(ynh_app_setting_get "$app" admin) #not used +is_public=$(ynh_app_setting_get "$app" is_public) +final_path=$(ynh_app_setting_get "$app" final_path) +#language=$(ynh_app_setting_get "$app" language) #not used +db_name=$(ynh_app_setting_get "$app" db_name) +db_user=$(ynh_app_setting_get "$app" db_user) +db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -32,153 +31,69 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 + ynh_app_setting_set "$app" is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then - ynh_app_setting_set $app is_public 0 + ynh_app_setting_set "$app" is_public 0 is_public=0 fi # If db_name doesn't exist, create it -if [ -z $db_name ]; then - db_name=$(ynh_sanitize_dbid $app) - ynh_app_setting_set $app db_name $db_name +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid "$app") + ynh_app_setting_set "$app" db_name "$db_name" fi # If final_path doesn't exist, create it -if [ -z $final_path ]; then +if [ -z "$final_path" ]; then final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path + ynh_app_setting_set "$app" final_path "$final_path" fi +export mysqlconn="mysql -u$db_user -p$db_pwd $db_name" + #================================================= # Enable default admin temporaly #================================================= -haveDefaultAdminDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9") - -if [ "$haveDefaultAdminDisabled" -eq 1 ] ;then - ynh_print_info "Enable default admin" - #enable default admin temporaly - mysql -u$db_user -p$db_pwd $db_name -e "DELETE FROM users_groups where usrgrpid=9 and userid=1;" -else - ynh_print_info "default admin already enabled" -fi +enable_admin_user #================================================= # Import Yunohost template #================================================= -ynh_print_info "Import Yunohost template" -#disable sso temporaly -ynh_app_setting_set $app unprotected_uris "/" -systemctl reload nginx -yunohost app ssowatconf - -zabbixFullpath=https://$domain$path_url -localpath=$(find /var/cache/yunohost/ -name "Template_Yunohost.xml") -sudoUserPpath=$(find /var/cache/yunohost/ -name "etc_sudoers.d_zabbix") -confUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_userP_yunohost.conf") -bashUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_yunohost.sh") - -cp $sudoUserPpath /etc/sudoers.d/zabbix -cp $confUserPpath /etc/zabbix/zabbix_agentd.d/userP_yunohost.conf -cp $bashUserPpath /etc/zabbix/zabbix_agentd.d/yunohost.sh -chmod a+x /etc/zabbix/zabbix_agentd.d/yunohost.sh - -systemctl restart zabbix-agent - -curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \ - --form enter=Sign+in \ - --form name=Admin \ - --form password=zabbix \ - "$zabbixFullpath/index.php" - -sid=$(curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \ - "$zabbixFullpath/conf.import.php?rules_preset=template" \ - | grep -Po 'name="sid" value="\K([a-z0-9]{16})(?=")' ) - -importState=$(curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \ - --form "config=1" \ - --form "import_file=@$localpath" \ - --form rules[groups][createMissing]=1 \ - --form rules[templates][updateExisting]=1 \ - --form rules[templates][createMissing]=1 \ - --form rules[templateScreens][updateExisting]=1 \ - --form rules[templateScreens][createMissing]=1 \ - --form rules[templateLinkage][createMissing]=1 \ - --form rules[applications][createMissing]=1 \ - --form rules[items][updateExisting]=1 \ - --form rules[items][createMissing]=1 \ - --form rules[discoveryRules][updateExisting]=1 \ - --form rules[discoveryRules][createMissing]=1 \ - --form rules[triggers][updateExisting]=1 \ - --form rules[triggers][createMissing]=1 \ - --form rules[graphs][updateExisting]=1 \ - --form rules[graphs][createMissing]=1 \ - --form rules[httptests][updateExisting]=1 \ - --form rules[httptests][createMissing]=1 \ - --form rules[valueMaps][createMissing]=1 \ - --form "import=Import" \ - --form "backurl=templates.php" \ - --form "form_refresh=1" \ - --form "sid=${sid}" \ \ - "${zabbixFullpath}/conf.import.php?rules_preset=template" \ - | grep -c "Imported successfully") - -if [ "$importState" -eq "1" ];then - ynh_print_info "Template Yunohost imported !" -else - ynh_print_warn "Template Yunohost not imported !" -fi - -#apply template to host -tokenapi=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{ "jsonrpc": "2.0","method": "user.login","params": {"user": "Admin","password": "zabbix"},"id": 1,"auth": null}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result') -zabbixHostID=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.get","params":{"filter":{"host":["Zabbix server"]}},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result[0].hostid') -zabbixTemplateID=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"template.get","params":{"filter":{"host":["Template Yunohost"]}},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result[0].templateid') -applyTemplate=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.massadd","params":{"hosts":[{"hostid":"'$zabbixHostID'"}],"templates":[{"templateid":"'$zabbixTemplateID'"}]},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result.hostids[]') -if [ "$applyTemplate" -eq "$zabbixHostID" ];then - ynh_print_info "Template Yunohost linked to Zabbix server !" -else - ynh_print_warn "Template Yunohost no linked to Zabbix server !" -fi +import_template +#================================================= +# Link Yunohost template to the ZAbbix Server Host +#================================================= +link_template #================================================= # Disable default admin for security issue #================================================= -haveDefaultAdminDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9") - -if [ "$haveDefaultAdminDisabled" -eq 0 ] ;then - ynh_print_info "Disable default admin" - #disable default admin - lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") - lastid=$(($lastid + 1 )) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);" -else - ynh_print_info "default admin already disabled" -fi - +disable_admin_user #================================================= # Disable default guest for security issue #================================================= -haveDefaultGuestDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=2 and usrgrpid=9") - -if [ "$haveDefaultGuestDisabled" -eq 0 ] ;then - echo "Disable default guest" - #disable default guest - lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") - lastid=$(($lastid + 1 )) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" -else - echo "default guest already disabled" -fi +disable_guest_user #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path "$path_url") + +#REMOVE NONFREE PART PATCH IF NEEDED (snmp-mibs-downloader (non-free) installed in version 1) +nonfreepackagelist=$(dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free) +if [ $(echo $nonfreepackagelist | wc -l) -eq 1 ] && [ $(echo $nonfreepackagelist | grep -c "snmp-mibs-downloader") -eq 1 ] ;then + ynh_print_info "Removing snmp-mibs-downloader (non-free package)" + sed -i.$(date "+%m%d%y") 's/ snmp-mibs-downloader,//g' /var/lib/dpkg/status + DEBIAN_FRONTEND=noninteractive apt purge snmp-mibs-downloader -y + if [ -f /etc/apt/sources.list.d/non-free.list ];then + ynh_secure_remove /etc/apt/sources.list.d/non-free.list + fi +fi #================================================= # STANDARD UPGRADE STEPS @@ -189,19 +104,19 @@ ynh_package_update #REMOVE DUPLICATE LOG ENTRY IN LOGROTATE PATCH IF NEEDED ynh_remove_logrotate -zabbixServerInstalledVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Installed: \K(.*)") -zabbixServerCandidateVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Candidate: \K(.*)") +zabbixServerInstalledVersion=$(apt-cache policy zabbix-server-mysql | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixServerCandidateVersion=$(apt-cache policy zabbix-server-mysql | sed -n '3p' | grep -Po ".*: \K(.*)") -zabbixFrontendInstalledVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Installed: \K(.*)") -zabbixFrontendCandidateVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Candidate: \K(.*)") +zabbixFrontendInstalledVersion=$(apt-cache policy zabbix-frontend-php | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixFrontendCandidateVersion=$(apt-cache policy zabbix-frontend-php | sed -n '3p' | grep -Po ".*: \K(.*)") -zabbixagentInstalledVersion=$(apt-cache policy zabbix-agent | grep -Po "Installed: \K(.*)") -zabbixagentCandidateVersion=$(apt-cache policy zabbix-agent | grep -Po "Candidate: \K(.*)") +zabbixagentInstalledVersion=$(apt-cache policy zabbix-agent | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixagentCandidateVersion=$(apt-cache policy zabbix-agent | sed -n '3p' | grep -Po ".*: \K(.*)") if [ "$trustedversion" == "$zabbixServerCandidateVersion" ] then - if [ "$zabbixServerInstalledVersion" != "$zabbixServerCandidateVersion" -o "$zabbixFrontendInstalledVersion" != "$zabbixFrontendCandidateVersion" -o "$zabbixagentInstalledVersion" != "$zabbixagentCandidateVersion" ] + if [ "$zabbixServerInstalledVersion" != "$zabbixServerCandidateVersion" ] || [ "$zabbixFrontendInstalledVersion" != "$zabbixFrontendCandidateVersion" ] || [ "$zabbixagentInstalledVersion" != "$zabbixagentCandidateVersion" ] then #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP @@ -220,16 +135,13 @@ then cp -p /usr/share/zabbix/conf/zabbix.conf.php /tmp/ DEBIAN_FRONTEND=noninteractive apt-mark unhold zabbix-server-mysql zabbix-frontend-php - DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php - ar x *.deb - tar xzf control.tar.gz - sed -i 's/apache2 | httpd, //' control - tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control - ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz - dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb - rm -fr zabbix-*.deb - apt-get -y --only-upgrade install zabbix-server-mysql zabbix-agent - DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php + + ynh_print_info "Update and install dependencies" + ynh_package_update + ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq + ynh_package_install zabbix-server-mysql zabbix-agent zabbix-frontend-php + DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php + rm /usr/share/zabbix/conf/zabbix.conf.php cp -rpf /tmp/zabbix /etc/ @@ -248,13 +160,13 @@ fi # RE-ENABLE SSOWAT #================================================= ynh_print_info "re-enable SSOWAT" -# Make app public if necessary -if [ $is_public -eq 1 ] +# Make app private if necessary +if [ $is_public -eq 0 ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set $app unprotected_uris "/" + ynh_app_setting_delete "$app" unprotected_uris else - ynh_app_setting_set $app unprotected_uris "" + ynh_app_setting_set "$app" unprotected_uris "/" fi systemctl reload nginx