diff --git a/README.md b/README.md index bc9f4d5..58de2be 100644 --- a/README.md +++ b/README.md @@ -24,11 +24,14 @@ Are LDAP auth supported Only Debian - Stretch 64b supported actually. ## Limitations - +Do not change admin password. ## Additional information -* Other information you would add about this application +* Do not change the default admin user password. The user is disabled juste after the install but used to update templates. +* The Zabbix server port is not opened by default for external monitoring (active agent). +* A Yunohost template is imported and linked to the host "Zabbix-server" (127.0.0.1) for basic monitoring for Yunohost. +* If you want more information about Yunohost in the template, please open an issue on git. **More information on the documentation page:** https://yunohost.org/packaging_apps @@ -41,4 +44,4 @@ got to https://framagit.org/Mickael-Martin/zabbix_ynh/blob/master/LICENSE ## Links * Report a bug: https://framagit.org/Mickael-Martin/zabbix_ynh/issues - * YunoHost website: https://yunohost.org/ \ No newline at end of file + * YunoHost website: https://yunohost.org/ diff --git a/manifest.json b/manifest.json index 56ceb13..eedd88d 100644 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,8 @@ "en": "YunoHost port for Zabbix", "fr": "Zabbix pour Yunohost" }, - "version": "1.2.1", - "url": "https://framagit.org/Mickael-Martin/zabbix_ynh", + "version": "2.0", + "url": "https://www.zabbix.com", "license": "free", "maintainer": { "name": "Mickael Martin", @@ -15,12 +15,13 @@ "url": "http://www.librement-votre.fr" }, "requirements": { - "yunohost": ">= 2.7.14" + "yunohost": ">= 3.4.2" }, "multi_instance": false, "services": [ "nginx", "mysql", + "php7.0-fpm", "snmpd" ], "arguments": { @@ -60,10 +61,15 @@ "en": "Is it a public application?", "fr": "Est-ce une application publique ?" }, - "default": true + "help": { + "en": "A public app doesn't need SSO auth : the auth page is opened for everyone", + "fr": "Une application publique ne nécessite pas une authentification SSO : sa page d'authentication est ouverte au monde entier" + }, + "default": false }, { "name": "language", + "type": "string", "ask": { "en": "Choose the application language", "fr": "Choisissez la langue de l'application" diff --git a/scripts/_common.sh b/scripts/_common.sh index bb04a03..fcfa442 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,4 +10,166 @@ ynh_delete_file_checksum () { local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' ynh_app_setting_delete $app $checksum_setting_name +} + +#Zabbix part +#===================GET GUEST DEFAULT USER STATE============== +#return 0 if enable, else 1 +get_state_guest_user(){ + $mysqlconn -BN -e "SELECT count(id) from \`users_groups\` where userid=2 and usrgrpid=9" +} + +#================ DISABLE DEFAULT ZABBIX USER GUEST =================== + +disable_guest_user(){ + if [ $(get_state_guest_user) = "0" ];then + lastid=$($mysqlconn -BN -e "SELECT max(id) from \`users_groups\`") + lastid=$(("$lastid" + 1 )) + $mysqlconn -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" + fi +} + +#===================GET ADMIN DEFAULT USER STATE============== +#return 0 if enable, else 1 +get_state_admin_user(){ + $mysqlconn -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9" +} + +#================ DISABLE DEFAULT ADMIN USER =================== +disable_admin_user(){ + if [ $(get_state_admin_user) = "0" ] ;then + lastid=$($mysqlconn -BN -e "SELECT max(id) from \`users_groups\`") + lastid=$((lastid + 1 )) + $mysqlconn -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);" + ynh_print_info "Default admin disabled" + + else + ynh_print_info "Default admin already disabled" + + fi +} + +enable_admin_user(){ + if [ $(get_state_admin_user) = "1" ] ;then + ynh_print_info "Enable default admin" + #enable default admin temporaly + $mysqlconn -e "DELETE FROM users_groups where usrgrpid=9 and userid=1;" + ynh_print_info "Default admin enabled" + else + ynh_print_info "Default admin already enable" + fi +} + +import_template(){ + ynh_print_info "Import yunohost template" + zabbixFullpath=https://$domain$path_url + localpath=$(find /var/cache/yunohost/ -name "Template_Yunohost.xml") + sudoUserPpath=$(find /var/cache/yunohost/ -name "etc_sudoers.d_zabbix") + confUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_userP_yunohost.conf") + bashUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_yunohost.sh") + + + cp "$sudoUserPpath" /etc/sudoers.d/zabbix + + if [ -d /etc/zabbix/zabbix_agentd.d ];then + mv /etc/zabbix/zabbix_agentd.d /etc/zabbix/zabbix_agentd.conf.d + fi + if [ ! -L /etc/zabbix/zabbix_agentd.d ];then + ln -s /etc/zabbix/zabbix_agentd.conf.d /etc/zabbix/zabbix_agentd.d + fi + + cp "$confUserPpath" /etc/zabbix/zabbix_agentd.d/userP_yunohost.conf + cp "$bashUserPpath" /etc/zabbix/zabbix_agentd.d/yunohost.sh + chmod a+x /etc/zabbix/zabbix_agentd.d/yunohost.sh + + systemctl restart zabbix-agent + curlOptions="--noproxy $domain -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt --resolve $domain:443:127.0.0.1" + + curl -L $curlOptions \ + --form "enter=Sign+in" \ + --form "name=Admin" \ + --form "password=zabbix" \ + "$zabbixFullpath/index.php" + + if [ $? -eq 0 ];then + sid=$(curl $curlOptions \ + "$zabbixFullpath/conf.import.php?rules_preset=template" \ + | grep -Po 'name="sid" value="\K([a-z0-9]{16})(?=")' ) + + importState=$(curl $curlOptions \ + --form "config=1" \ + --form "import_file=@$localpath" \ + --form "rules[groups][createMissing]=1" \ + --form "rules[templates][updateExisting]=1" \ + --form "rules[templates][createMissing]=1" \ + --form "rules[templateScreens][updateExisting]=1" \ + --form "rules[templateScreens][createMissing]=1" \ + --form "rules[templateLinkage][createMissing]=1" \ + --form "rules[applications][createMissing]=1" \ + --form "rules[items][updateExisting]=1" \ + --form "rules[items][createMissing]=1" \ + --form "rules[discoveryRules][updateExisting]=1" \ + --form "rules[discoveryRules][createMissing]=1" \ + --form "rules[triggers][updateExisting]=1" \ + --form "rules[triggers][createMissing]=1" \ + --form "rules[graphs][updateExisting]=1" \ + --form "rules[graphs][createMissing]=1" \ + --form "rules[httptests][updateExisting]=1" \ + --form "rules[httptests][createMissing]=1" \ + --form "rules[valueMaps][createMissing]=1" \ + --form "import=Import" \ + --form "backurl=templates.php" \ + --form "form_refresh=1" \ + --form "sid=${sid}" \ \ + "${zabbixFullpath}/conf.import.php?rules_preset=template" \ + | grep -c "Imported successfully") + + if [ "$importState" -eq "1" ];then + ynh_print_info "Template Yunohost imported !" + else + ynh_print_warn "Template Yunohost not imported !" + fi + else + ynh_print_warn "Admin user cannot connect interface !" + fi +} + +link_template(){ + #apply template to host + tokenapi=$(curl --noproxy $domain -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{ "jsonrpc": "2.0","method": "user.login","params": {"user": "Admin","password": "zabbix"},"id": 1,"auth": null}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result') + zabbixHostID=$(curl --noproxy $domain -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.get","params":{"filter":{"host":["Zabbix server"]}},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result[0].hostid') + zabbixTemplateID=$(curl --noproxy $domain -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"template.get","params":{"filter":{"host":["Template Yunohost"]}},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result[0].templateid') + applyTemplate=$(curl --noproxy $domain -k -s --resolve $domain:443:127.0.0.1 --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.massadd","params":{"hosts":[{"hostid":"'"$zabbixHostID"'"}],"templates":[{"templateid":"'"$zabbixTemplateID"'"}]},"auth":"'"$tokenapi"'","id":1}' "${zabbixFullpath}/api_jsonrpc.php" | jq -r '.result.hostids[]') + if [ "$applyTemplate" -eq "$zabbixHostID" ];then + ynh_print_info "Template Yunohost linked to Zabbix server !" + else + ynh_print_warn "Template Yunohost no linked to Zabbix server !" + fi + +} + +check_proc_zabbixserver(){ + pgrep zabbix_server >/dev/null + if [ $? -eq 0 ];then + ynh_print_info "zabbix server is started !" + else + ynh_print_err "Zabbix Server not started, try to start it with the yunohost interface." + ynh_print_err "If Zabbix Server can't start, please open a issue on https://github.com/YunoHost-Apps/zabbix_ynh/issues" + fi +} + +check_proc_zabbixagent(){ + pgrep zabbix_agentd >/dev/null + if [ $? -eq 0 ];then + ynh_print_info "zabbix agent is started" + else + ynh_print_err "Zabbix agent not started, try to start it with the yunohost interface." + ynh_print_err "If Zabbix agent can't start, please open a issue on https://github.com/YunoHost-Apps/zabbix_ynh/issues" + fi +} + +install_zabbix_repo(){ + ynh_add_extra_apt_repos__3_path=$(find /var/cache/yunohost/ /etc/yunohost/apps/zabbix/ -name "ynh_add_extra_apt_repos__3" | tail -n 1) + source "$ynh_add_extra_apt_repos__3_path" + ynh_install_extra_repo --repo="http://repo.zabbix.com/zabbix/4.2/debian $(lsb_release -sc) main" --key=https://repo.zabbix.com/zabbix-official-repo.key --priority=999 --name=zabbix } \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 0f2ad47..29016eb 100644 --- a/scripts/backup +++ b/scripts/backup @@ -29,6 +29,8 @@ app="zabbix" final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) +nonfree=$(ynh_app_setting_get $app nonfree) + #================================================= # STANDARD BACKUP STEPS @@ -46,6 +48,9 @@ ynh_backup "/etc/zabbix/zabbix_server.conf" ynh_backup "/etc/zabbix/zabbix_agentd.conf" ynh_backup "/etc/zabbix/zabbix_agentd.d" +#backup sudo file +ynh_backup "/etc/sudoers.d/zabbix" + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= @@ -61,9 +66,4 @@ ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" # BACKUP THE MYSQL DATABASE #================================================= -ynh_mysql_dump_db "$db_name" > db.sql - -#================================================= -# SPECIFIC BACKUP -#================================================= - +ynh_mysql_dump_db "$db_name" > db.sql \ No newline at end of file diff --git a/scripts/install b/scripts/install index 2246579..556c1f3 100644 --- a/scripts/install +++ b/scripts/install @@ -1,4 +1,5 @@ -#================================================= +#!/bin/bash +##================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS @@ -18,11 +19,11 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE +export domain="$YNH_APP_ARG_DOMAIN" +export path_url="$YNH_APP_ARG_PATH" +admin="$YNH_APP_ARG_ADMIN" +is_public="$YNH_APP_ARG_IS_PUBLIC" +language="$YNH_APP_ARG_LANGUAGE" ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID @@ -34,7 +35,7 @@ language=$YNH_APP_ARG_LANGUAGE ### The app instance name is probably what interests you most, since this is ### guaranteed to be unique. This is a good unique identifier to define installation path, ### db names, ... -app=$YNH_APP_INSTANCE_NAME +app="$YNH_APP_INSTANCE_NAME" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS @@ -46,22 +47,23 @@ final_path=/var/www/zabbix test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path "$path_url") # Check web path availability -ynh_webpath_available $domain $path_url +ynh_webpath_available "$domain" "$path_url" # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Get infos from manifest" -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app language $language +ynh_app_setting_set "$app" domain "$domain" +ynh_app_setting_set "$app" path "$path_url" +ynh_app_setting_set "$app" admin "$admin" +ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set "$app" language "$language" #================================================= # STANDARD MODIFICATIONS @@ -72,7 +74,10 @@ ynh_app_setting_set $app language $language ### Use these lines if you have to open a port for the application ### `ynh_find_port` will find the first available port starting from the given port. ### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script +### - Remove the section "CLOSE A PORT" in the remove script + +### Zabbix server is not opened by default for external usage. +### if you want use zabbix server with external agent (in active mode), setup the listen address in server configuration and open port on firewall via the cmd yunohost firewall # Find a free port #port=$(ynh_find_port 8095) @@ -87,97 +92,82 @@ ynh_app_setting_set $app language $language ### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. ### Those deb packages will be installed as dependencies of this package. ### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script +### - Remove the section "REMOVE DEPENDENCIES" in the remove script +### - As well as the section "REINSTALL DEPENDENCIES" in the restore script +### - And the section "UPGRADE DEPENDENCIES" in the upgrade script +ynh_print_info "Remove Zabbix if already installed" +apt purge zabbix* -y +rm -fr /var/cache/apt/archives/zabbix-server-mysql* -wget "https://repo.zabbix.com/zabbix/4.0/debian/pool/main/z/zabbix-release/zabbix-release_4.0-2+stretch_all.deb" -dpkg -i zabbix-release_*.deb -rm zabbix-release_*.deb -echo ' -Package: zabbix* -Pin: origin "repo.zabbix.com" -Pin-Priority: 999'>/etc/apt/preferences.d/zabbix-pin-999 +ynh_print_info "Install Zabbix repository" +install_zabbix_repo -echo "deb http://deb.debian.org/debian stretch non-free" >/etc/apt/sources.list.d/non-free.list -ynh_package_update -ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd snmp-mibs-downloader libjs-prototype zabbix-server-mysql zabbix-agent -yunohost service add snmpd -d "Management of SNMP Daemon" -DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php -ar x *.deb -tar xzf control.tar.gz -sed -i 's/apache2 | httpd, //' control -tar --ignore-failed-read -cvzf control.tar.gz {post,pre}rm md5sums control -ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz - -dpkg -i --force-confmiss zabbix-frontend-php+stretch_all-noapache2.deb - -rm -fr zabbix-*.deb +ynh_print_info "Update and install dependencies" +#ynh_package_update no need cause ynh_install_app_dependencies after +ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq zabbix-server-mysql zabbix-agent zabbix-frontend-php +dpkg -i --force-confmiss /var/cache/apt/archives/zabbix-server-mysql* DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php -sed -i "s/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/g" /etc/locale.gen +ynh_replace_string --match_string="# fr_FR.UTF-8 UTF-8" --replace_string="fr_FR.UTF-8 UTF-8" --target_file=/etc/locale.gen locale-gen -ln -s /usr/share/zabbix $final_path +ln -s /usr/share/zabbix "$final_path" +rm "$final_path/conf/zabbix.conf.php" #================================================= # CREATE A MYSQL DATABASE #================================================= +ynh_print_info "Create and add default data in db" ### Use these lines if you need a database for the application. ### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. ### The password will be stored as 'mysqlpwd' into the app settings, ### and will be available as $db_pwd ### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script +### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script +### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script +### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script -db_name=$(ynh_sanitize_dbid $app) -db_user=$db_name -ynh_app_setting_set $app db_name $db_name -ynh_app_setting_set $app db_user $db_user -ynh_mysql_setup_db $db_user $db_name +declare db_pwd +db_name=$(ynh_sanitize_dbid "$app") +db_user="$db_name" +ynh_app_setting_set "$app" db_name "$db_name" +ynh_app_setting_set "$app" db_user "$db_user" +ynh_mysql_setup_db "$db_user" "$db_name" -zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -u$db_user -p$db_pwd $db_name +export mysqlconn="mysql -u$db_user -p$db_pwd $db_name" + +zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | $mysqlconn #sso integration -mysql -u$db_user -p$db_pwd $db_name -e "UPDATE \`config\` SET \`http_auth_enabled\` = '1', \`http_login_form\` = '1' WHERE \`config\`.\`configid\` = 1;" +$mysqlconn -e "UPDATE \`config\` SET \`http_auth_enabled\` = '1', \`http_login_form\` = '1' WHERE \`config\`.\`configid\` = 1;" -if [ $language == "fr" ];then +if [ "$language" == "fr" ];then lang="fr_FR" else lang="en_GB" fi #admin creation -surname=$(ynh_user_get_info $admin lastname) -name=$(ynh_user_get_info $admin firstname) +surname=$(ynh_user_get_info "$admin" lastname) +name=$(ynh_user_get_info "$admin" firstname) -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users\` (\`userid\`,\`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES (3,'"$admin"', '"$admin"', '"$admin"', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '"$lang"', '30s', 3, 'default', 0, '', 0, 50);" -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\`, \`usrgrpid\`, \`userid\`) VALUES (5, 7, 3);" +$mysqlconn -e "INSERT INTO \`users\` (\`userid\`,\`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES (3,'$admin', '$admin', '$admin', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '$lang', '30s', 3, 'default', 0, '', 0, 50);" +$mysqlconn -e "INSERT INTO \`users_groups\` (\`id\`, \`usrgrpid\`, \`userid\`) VALUES (5, 7, 3);" -#users creation +#users creation in zabbix database i=4 -for u in $(ynh_user_list); -do - if [ "$u" != "$admin" ];then - surname=$(ynh_user_get_info $u lastname) - name=$(ynh_user_get_info $u firstname) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users\` (\`userid\`, \`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES ("$i",'"$u"', '"$name"', '"$surname"', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '"$lang"', '30s', 1, 'default', 0, '', 0, 50);" - i=$(($i+1)) +for user in $(ynh_user_list); +do + if [ "$user" != "$admin" ];then + surname=$(ynh_user_get_info "$user" lastname) + name=$(ynh_user_get_info "$user" firstname) + $mysqlconn -e "INSERT INTO \`users\` (\`userid\`, \`alias\`, \`name\`, \`surname\`, \`passwd\`, \`url\`, \`autologin\`, \`autologout\`, \`lang\`, \`refresh\`, \`type\`, \`theme\`, \`attempt_failed\`, \`attempt_ip\`, \`attempt_clock\`, \`rows_per_page\`) VALUES ($i,'$user', '$name', '$surname', '5fce1b3e34b520afeffb37ce08c7cd66', '', 0, '0', '$lang', '30s', 1, 'default', 0, '', 0, 50);" + i=$((i+1)) fi done -#disable default admin -lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") -lastid=$(($lastid + 1 )) -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);" - -#disable default guest -lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") -lastid=$(($lastid + 1 )) -mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" +disable_guest_user #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -187,10 +177,12 @@ mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \ ### downloaded from an upstream source, like a git repository. ### `ynh_setup_source` use the file conf/app.src -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set "$app" final_path "$final_path" # Download, check integrity, uncompress and patch the source from app.src #ynh_setup_source "$final_path" +ynh_print_info "Generate web config" + #================================================= # NGINX CONFIGURATION #================================================= @@ -206,6 +198,8 @@ ynh_add_nginx_config # Create a system user #ynh_system_user_create $app +# +### zabbix user created in zabbix server dpkg install #================================================= # PHP-FPM CONFIGURATION @@ -215,12 +209,12 @@ ynh_add_nginx_config ### You can remove it if your app doesn't use PHP. ### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini ### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### With the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### With the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script # Create a dedicated php-fpm config ynh_add_fpm_config @@ -240,15 +234,17 @@ ynh_add_fpm_config ### Have a look at the app to be sure this app needs a systemd script. ### `ynh_systemd_config` will use the file conf/systemd.service ### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script +### - You can remove those files in conf/. +### - Remove the section "BACKUP SYSTEMD" in the backup script +### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script +### - As well as the section "RESTORE SYSTEMD" in the restore script +### - And the section "SETUP SYSTEMD" in the upgrade script # Create a dedicated systemd config #ynh_add_systemd_config +### Systemd service created when dpkg install + #================================================= # SETUP APPLICATION WITH CURL #================================================= @@ -273,57 +269,29 @@ systemctl reload nginx # Installation with curl #ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris -fi - #================================================= # MODIFY A CONFIG FILE #================================================= ### `ynh_replace_string` is used to replace a string in a file. ### (It's compatible with sed regular expressions syntax) +ynh_print_info "Generate zabbix config files" +confServerPath=$(find /var/cache/yunohost/ -name "usr_share_zabbix_conf_zabbix.conf.php") +cp "$confServerPath" /usr/share/zabbix/conf/zabbix.conf.php +ynh_replace_string --match_string="db_name" --replace_string="$db_name" --target_file=/usr/share/zabbix/conf/zabbix.conf.php +ynh_replace_string --match_string="db_user" --replace_string="$db_user" --target_file=/usr/share/zabbix/conf/zabbix.conf.php +ynh_replace_string --match_string="db_pwd" --replace_string="$db_pwd" --target_file=/usr/share/zabbix/conf/zabbix.conf.php -if [ -L '/var/www/zabbix/conf/zabbix.conf.php' ];then - unlink /var/www/zabbix/conf/zabbix.conf.php - echo "delete link /var/www/zabbix/conf/zabbix.conf.php" -fi - -if [ -e '/etc/zabbix/web/zabbix.conf.php' ];then - rm -f /etc/zabbix/web/zabbix.conf.php - echo "delete file /etc/zabbix/web/zabbix.conf.php" - -fi - -echo "/var/www/zabbix/conf/zabbix.conf.php -chown www-data. /var/www/zabbix/conf/zabbix.conf.php chown -R www-data. /usr/share/zabbix -sed -i "s/DBName=zabbix/DBName=$db_name/g" /etc/zabbix/zabbix_server.conf -sed -i "s/DBUser=zabbix/DBUser=$db_user/g" /etc/zabbix/zabbix_server.conf -sed -i "126a DBPassword=$db_pwd" /etc/zabbix/zabbix_server.conf +ynh_replace_string --match_string="DBName=zabbix" --replace_string="DBName=$db_name" --target_file=/etc/zabbix/zabbix_server.conf +ynh_replace_string --match_string="DBUser=zabbix" --replace_string="DBUser=$db_user" --target_file=/etc/zabbix/zabbix_server.conf +ynh_replace_string --match_string="# DBPassword=" --replace_string="# DBPassword=\nDBPassword=$db_pwd" --target_file=/etc/zabbix/zabbix_server.conf -systemctl enable zabbix-server && systemctl start zabbix-server +ynh_replace_string --match_string="# Timeout=3" --replace_string="# Timeout=3\nTimeout=10" --target_file=/etc/zabbix/zabbix_agentd.conf + +systemctl enable zabbix-agent && systemctl restart zabbix-agent +systemctl enable zabbix-server && systemctl restart zabbix-server #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -356,10 +324,10 @@ systemctl enable zabbix-server && systemctl start zabbix-server ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. ### Use this helper only if there is effectively a log file for this app. ### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script # Use logrotate to manage application logfile(s) #native logrotate because install officials packages. @@ -373,25 +341,65 @@ systemctl enable zabbix-server && systemctl start zabbix-server ### You'll find the service in the 'services' section of YunoHost admin panel. ### This CLI command would be useless if the app does not have any services (systemd or sysvinit) ### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script -### - As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script +### - As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script -#yunohost service add NAME_INIT.D --log "/var/log/FILE.log" +yunohost service add snmpd -d "Management of SNMP Daemon" +yunohost service add zabbix-server -d "Management Zabbix server daemon : Collect, agregate, compute and notify" +yunohost service add zabbix-agent -d "Management Zabbix agent daemon : send informations about this host to the server" + +# Make app public if for importing template +# unprotected_uris allows SSO credentials to be passed anyway +ynh_app_setting_set "$app" unprotected_uris "/" + +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload nginx +systemctl reload php7.0-fpm + +# Reload SSOwat config +yunohost app ssowatconf + +#================================================= +# Import Yunohost template +#================================================= +import_template + +#================================================= +# Link Yunohost template to the ZAbbix Server Host +#================================================= +link_template + +#================================================= +# disable default admin +#================================================= +disable_admin_user #================================================= # SETUP SSOWAT #================================================= -# Make app public if necessary -if [ $is_public -eq 1 ] +# Make app private if necessary +if [ "$is_public" -eq 0 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set $app unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_delete "$app" unprotected_uris fi - #================================================= -# RELOAD NGINX +# RELOAD NGINX AND PHP-FPM #================================================= -systemctl reload nginx \ No newline at end of file +systemctl reload nginx +systemctl reload php7.0-fpm + +# Reload SSOwat config +yunohost app ssowatconf + +#test if zabbix server is started +check_proc_zabbixagent + +#test if zabbix agent is started +check_proc_zabbixserver diff --git a/scripts/remove b/scripts/remove index e0b99b8..d66e7de 100644 --- a/scripts/remove +++ b/scripts/remove @@ -15,33 +15,20 @@ source /usr/share/yunohost/helpers app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -port=$(ynh_app_setting_get $app port) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get "$app" domain) +port=$(ynh_app_setting_get "$app" port) +db_name=$(ynh_app_setting_get "$app" db_name) db_user=$db_name -final_path=$(ynh_app_setting_get $app final_path) - -#================================================= -# STANDARD REMOVE -#================================================= -# STOP AND REMOVE SERVICE -#================================================= - -# Remove the dedicated systemd config -ynh_remove_systemd_config - -yunohost service remove snmpd +#final_path=$(ynh_app_setting_get "$app" final_path) #not used #================================================= # REMOVE SERVICE FROM ADMIN PANEL #================================================= - # Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status | grep -q $app -then - echo "Remove $app service" - yunohost service remove $app -fi + +yunohost service remove snmpd +yunohost service remove zabbix-server +yunohost service remove zabbix-agent #================================================= # REMOVE PHP-FPM CONFIGURATION @@ -54,27 +41,29 @@ ynh_remove_fpm_config # REMOVE DEPENDENCIES #================================================= -# Remove metapackage and its dependencies -#ynh_remove_app_dependencies - timeout 5 systemctl stop zabbix-server || killall zabbix_server systemctl disable zabbix-server killall zabbix_server timeout 5 systemctl stop zabbix-agent || killall zabbix_agentd systemctl disable zabbix-agent +killall zabbix_agentd +DEBIAN_FRONTEND=noninteractive apt purge zabbix-release -y +ynh_remove_app_dependencies -ynh_package_autopurge --allow-change-held-packages zabbix-server-mysql zabbix-frontend-php zabbix-release zabbix-ynh-deps zabbix-agent -#remove symlink -rm /var/www/zabbix +#force removing if ynh_remove_app_dependencies not work (old zabbix version) +for zabbix_pkg in $(apt list --installed | grep -Po "\K(zabbix-.*)(?=/)") +do + DEBIAN_FRONTEND=noninteractive apt purge --allow-change-held-packages "$zabbix_pkg" -y +done #================================================= # REMOVE THE MYSQL DATABASE #================================================= # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_user $db_name +ynh_mysql_remove_db "$db_user" "$db_name" #================================================= # REMOVE NGINX CONFIGURATION @@ -97,7 +86,7 @@ ynh_remove_logrotate if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" >&2 - yunohost firewall disallow TCP $port 2>&1 + yunohost firewall disallow TCP "$port" 2>&1 fi #================================================= @@ -106,6 +95,9 @@ fi # REMOVE THE CRON FILE #================================================= +#remove symlink +rm /var/www/zabbix + # Remove a directory securely ynh_secure_remove "/etc/zabbix" @@ -115,6 +107,22 @@ ynh_secure_remove "/var/log/zabbix" # Remove the pid/socket files ynh_secure_remove "/run/zabbix" +# Remove the sudoers file +ynh_secure_remove "/etc/sudoers.d/zabbix" + +#REMOVE NONFREE PART PATCH IF NEEDED (snmp-mibs-downloader (non-free) installed in version 1) +nonfreepackagelist=$(dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free) +if [ $(echo $nonfreepackagelist | wc -l) -eq 1 ] && [ $(echo $nonfreepackagelist | grep -c "snmp-mibs-downloader") -eq 1 ] ;then + ynh_print_info "Removing snmp-mibs-downloader (non-free package)" + cp /var/lib/dpkg/status{,.$(date "+%m%d%y")} + ynh_replace_string --match_string=" snmp-mibs-downloader," --replace_string="" --target_file=/var/lib/dpkg/status + DEBIAN_FRONTEND=noninteractive apt purge snmp-mibs-downloader -y + if [ -f /etc/apt/sources.list.d/non-free.list ];then + ynh_secure_remove /etc/apt/sources.list.d/non-free.list + fi +fi + + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 5bfcb92..d72d507 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,10 +1,11 @@ +#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -#source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -39,35 +40,27 @@ rm -fr $final_path #================================================= domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) +#path_url=$(ynh_app_setting_get $app path) #not used +#admin=$(ynh_app_setting_get $app admin) #not used is_public=$(ynh_app_setting_get $app is_public) -language=$(ynh_app_setting_get $app language) +#language=$(ynh_app_setting_get $app language) #not used +nonfree=$(ynh_app_setting_get $app nonfree) + #================================================= # INSTALL DEPENDENCIES #================================================= -wget "https://repo.zabbix.com/zabbix/4.0/debian/pool/main/z/zabbix-release/zabbix-release_4.0-2+stretch_all.deb" -dpkg -i zabbix-release_*.deb -rm zabbix-release_*.deb -echo "deb http://deb.debian.org/debian stretch non-free" >/etc/apt/sources.list.d/non-free.list +ynh_print_info "Install Zabbix repository" +install_zabbix_repo + +ynh_print_info "Update and install dependencies" ynh_package_update -ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd snmp-mibs-downloader libjs-prototype zabbix-server-mysql zabbix-agent -yunohost service add snmpd -d "Management of SNMP Daemon" -DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php -ar x *.deb -tar xzf control.tar.gz -sed -i 's/apache2 | httpd, //' control -tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control -ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz +ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq zabbix-server-mysql zabbix-agent zabbix-frontend-php -dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb - -rm -fr zabbix-*.deb DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php -sed -i "s/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/g" /etc/locale.gen +ynh_replace_string --match_string="# fr_FR.UTF-8 UTF-8" --replace_string="fr_FR.UTF-8 UTF-8" --target_file=/etc/locale.gen locale-gen ln -s /usr/share/zabbix /var/www/zabbix @@ -91,18 +84,8 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" - -# Reload SSOwat config -yunohost app ssowatconf - -# Reload Nginx -systemctl reload nginx - -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_app_setting_delete $app skipped_uris -fi +# Restore sudo file +ynh_restore_file "/etc/sudoers.d/zabbix" #================================================= # Restore db @@ -112,8 +95,8 @@ db_name=$(ynh_app_setting_get $app db_name) db_user=$(ynh_app_setting_get $app db_user) db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_setup_db $db_user $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +ynh_mysql_setup_db "$db_user" "$db_name" "$db_pwd" +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < ./db.sql #================================================= # Restore configs files @@ -128,10 +111,12 @@ chown -R www-data. /usr/share/zabbix ynh_restore_file "/etc/zabbix" +# systemd and yunohost service management systemctl enable zabbix-server && systemctl start zabbix-server - - +yunohost service add snmpd -d "Management of SNMP Daemon" +yunohost service add zabbix-server -d "Management Zabbix server daemon : Collect, agregate, compute and notify" +yunohost service add zabbix-client -d "Management Zabbix client daemon : send informations about this host to the server" #================================================= # SETUP LOGROTATE @@ -154,7 +139,7 @@ systemctl enable zabbix-server && systemctl start zabbix-server #================================================= # Make app public if necessary -if [ $is_public -eq 1 ] +if [ "$is_public" -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set $app unprotected_uris "/" @@ -167,4 +152,11 @@ fi systemctl reload nginx systemctl reload php7.0-fpm +# Reload SSOwat config +yunohost app ssowatconf +#test if zabbix server is started +check_proc_zabbixagent + +#test if zabbix agent is started +check_proc_zabbixserver diff --git a/scripts/upgrade b/scripts/upgrade index 7c1cce4..3535742 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -14,17 +14,16 @@ source /usr/share/yunohost/helpers #================================================= app=$YNH_APP_INSTANCE_NAME -trustedversion="1:4.0.4-1+stretch" -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) -language=$(ynh_app_setting_get $app language) -db_name=$(ynh_app_setting_get $app db_name) -db_user=$(ynh_app_setting_get $app db_user) -db_pwd=$(ynh_app_setting_get $app mysqlpwd) - +trustedversion="1:4.2.4-1+stretch" +export domain=$(ynh_app_setting_get "$app" domain) +export path_url=$(ynh_app_setting_get "$app" path) +#admin=$(ynh_app_setting_get "$app" admin) #not used +is_public=$(ynh_app_setting_get "$app" is_public) +final_path=$(ynh_app_setting_get "$app" final_path) +#language=$(ynh_app_setting_get "$app" language) #not used +db_name=$(ynh_app_setting_get "$app" db_name) +db_user=$(ynh_app_setting_get "$app" db_user) +db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -32,84 +31,115 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 + ynh_app_setting_set "$app" is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then - ynh_app_setting_set $app is_public 0 + ynh_app_setting_set "$app" is_public 0 is_public=0 fi # If db_name doesn't exist, create it -if [ -z $db_name ]; then - db_name=$(ynh_sanitize_dbid $app) - ynh_app_setting_set $app db_name $db_name +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid "$app") + ynh_app_setting_set "$app" db_name "$db_name" fi # If final_path doesn't exist, create it -if [ -z $final_path ]; then +if [ -z "$final_path" ]; then final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path + ynh_app_setting_set "$app" final_path "$final_path" fi +export mysqlconn="mysql -u$db_user -p$db_pwd $db_name" + +#================================================= +# DISABLED SSOWAT +#================================================= +ynh_print_info "disable SSOWAT temporaly" +ynh_app_setting_set "$app" unprotected_uris "/" +systemctl reload nginx +yunohost app ssowatconf + +#================================================= +# Enable default admin temporaly +#================================================= +enable_admin_user + +#================================================= +# Import Yunohost template +#================================================= +import_template + +#================================================= +# Link Yunohost template to the ZAbbix Server Host +#================================================= +link_template + #================================================= # Disable default admin for security issue #================================================= -haveDefaultAdminDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9") - -if [ "$haveDefaultAdminDisabled" -eq 0 ] ;then - echo "Disable default admin" - #disable default admin - lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") - lastid=$(($lastid + 1 )) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);" -else - echo "default admin already disabled" -fi +disable_admin_user #================================================= # Disable default guest for security issue #================================================= -haveDefaultGuestDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=2 and usrgrpid=9") - -if [ "$haveDefaultGuestDisabled" -eq 0 ] ;then - echo "Disable default guest" - #disable default guest - lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`") - lastid=$(($lastid + 1 )) - mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);" -else - echo "default guest already disabled" -fi +disable_guest_user #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path "$path_url") + +#REMOVE NONFREE PART PATCH IF NEEDED (snmp-mibs-downloader (non-free) installed in version 1) +nonfreepackagelist=$(dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free) +if [ $(echo $nonfreepackagelist | wc -l) -eq 1 ] && [ $(echo $nonfreepackagelist | grep -c "snmp-mibs-downloader") -eq 1 ] ;then + ynh_print_info "Removing snmp-mibs-downloader (non-free package)" + #want backup file , cannot use ynh_replace_string + cp /var/lib/dpkg/status{,.$(date "+%m%d%y")} + ynh_replace_string --match_string=" snmp-mibs-downloader," --replace_string="" --target_file=/var/lib/dpkg/status + DEBIAN_FRONTEND=noninteractive apt purge snmp-mibs-downloader -y + if [ -f /etc/apt/sources.list.d/non-free.list ];then + ynh_secure_remove /etc/apt/sources.list.d/non-free.list + fi +fi + +#Patch timeout too short for zabbix agent if needed +timeout_ok=$(grep -c "^Timeout" /etc/zabbix/zabbix_agentd.conf 2>/dev/null) +if [ $timeout_ok -ne 1 ] ;then + ynh_replace_string --match_string="# Timeout=3" --replace_string="# Timeout=3\nTimeout=10" --target_file=/etc/zabbix/zabbix_agentd.conf + systemctl enable zabbix-agent && systemctl restart zabbix-agent +fi + +#patch if zabbix-release installed +if [ "$(dpkg -l zabbix-release 2>/dev/null | wc -l)" -ne 0 ];then + DEBIAN_FRONTEND=noninteractive apt purge zabbix-release -y + install_zabbix_repo +fi #================================================= # STANDARD UPGRADE STEPS #================================================= - -ynh_package_update - #REMOVE DUPLICATE LOG ENTRY IN LOGROTATE PATCH IF NEEDED ynh_remove_logrotate -zabbixServerInstalledVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Installed: \K(.*)") -zabbixServerCandidateVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Candidate: \K(.*)") +ynh_print_info "Check if new zabbix version is available on repo" +ynh_package_update -zabbixFrontendInstalledVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Installed: \K(.*)") -zabbixFrontendCandidateVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Candidate: \K(.*)") +zabbixServerInstalledVersion=$(apt-cache policy zabbix-server-mysql | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixServerCandidateVersion=$(apt-cache policy zabbix-server-mysql | sed -n '3p' | grep -Po ".*: \K(.*)") -zabbixagentInstalledVersion=$(apt-cache policy zabbix-agent | grep -Po "Installed: \K(.*)") -zabbixagentCandidateVersion=$(apt-cache policy zabbix-agent | grep -Po "Candidate: \K(.*)") +zabbixFrontendInstalledVersion=$(apt-cache policy zabbix-frontend-php | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixFrontendCandidateVersion=$(apt-cache policy zabbix-frontend-php | sed -n '3p' | grep -Po ".*: \K(.*)") + +zabbixagentInstalledVersion=$(apt-cache policy zabbix-agent | sed -n '2p' | grep -Po ".*: \K(.*)") +zabbixagentCandidateVersion=$(apt-cache policy zabbix-agent | sed -n '3p' | grep -Po ".*: \K(.*)") if [ "$trustedversion" == "$zabbixServerCandidateVersion" ] then - if [ "$zabbixServerInstalledVersion" != "$zabbixServerCandidateVersion" -o "$zabbixFrontendInstalledVersion" != "$zabbixFrontendCandidateVersion" -o "$zabbixagentInstalledVersion" != "$zabbixagentCandidateVersion" ] + if [ "$zabbixServerInstalledVersion" != "$zabbixServerCandidateVersion" ] || [ "$zabbixFrontendInstalledVersion" != "$zabbixFrontendCandidateVersion" ] || [ "$zabbixagentInstalledVersion" != "$zabbixagentCandidateVersion" ] then #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP @@ -128,27 +158,49 @@ then cp -p /usr/share/zabbix/conf/zabbix.conf.php /tmp/ DEBIAN_FRONTEND=noninteractive apt-mark unhold zabbix-server-mysql zabbix-frontend-php - DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php - ar x *.deb - tar xzf control.tar.gz - sed -i 's/apache2 | httpd, //' control - tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control - ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz - dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb - rm -fr zabbix-*.deb - apt-get -y --only-upgrade install zabbix-server-mysql zabbix-agent - DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php + + ynh_print_info "Update and install dependencies" + ynh_package_update + ynh_install_app_dependencies libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 php7.0 php-bcmath php7.0-bcmath ttf-dejavu-core php7.0-bcmath patch smistrip unzip wget fping libcap2-bin libiksemel3 libopenipmi0 libpam-cap libsnmp-base libsnmp30 snmptrapd snmpd libjs-prototype jq zabbix-server-mysql zabbix-agent zabbix-frontend-php + DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php + rm /usr/share/zabbix/conf/zabbix.conf.php cp -rpf /tmp/zabbix /etc/ cp -pf /tmp/zabbix.conf.php /usr/share/zabbix/conf/ rm -fr /tmp/zabbix* - - systemctl reload nginx + + #If needed. + yunohost service add snmpd -d "Management of SNMP Daemon" + yunohost service add zabbix-server -d "Management Zabbix server daemon : Collect, agregate, compute and notify" + yunohost service add zabbix-agent -d "Management Zabbix agent daemon : send informations about this host to the server" + + #test if zabbix server is started + check_proc_zabbixagent + + #test if zabbix agent is started + check_proc_zabbixserver + else - ynh_print_info "Nothing to update ! (Already up to date)" + ynh_print_info "No update from repo ! (Already up to date)" fi else - ynh_print_info "Nothing to update ! (Trusted version)" + ynh_print_info "No update from repo ! (Trusted version)" fi + +#================================================= +# RE-ENABLE SSOWAT +#================================================= +ynh_print_info "re-enable SSOWAT" +# Make app private if necessary +if [ $is_public -eq 0 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_delete "$app" unprotected_uris +else + ynh_app_setting_set "$app" unprotected_uris "/" +fi + +systemctl reload nginx +yunohost app ssowatconf diff --git a/scripts/ynh_add_extra_apt_repos__3 b/scripts/ynh_add_extra_apt_repos__3 new file mode 100644 index 0000000..3276f00 --- /dev/null +++ b/scripts/ynh_add_extra_apt_repos__3 @@ -0,0 +1,294 @@ +#!/bin/bash + +# Pin a repository. +# +# usage: ynh_pin_repo --package=packages --pin=pin_filter [--priority=priority_value] [--name=name] [--append] +# | arg: -p, --package - Packages concerned by the pin. Or all, *. +# | arg: -i, --pin - Filter for the pin. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning. +# +ynh_pin_repo () { + # Declare an array to define the options of this helper. + local legacy_args=pirna + declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append ) + local package + local pin + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + package="${package:-*}" + priority=${priority:-50} + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/preferences.d" + echo "Package: $package +Pin: $pin +Pin-Priority: $priority" \ + | $append "/etc/apt/preferences.d/$name" +} + +# Add a repository. +# +# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append] +# | arg: -u, --uri - Uri of the repository. +# | arg: -s, --suite - Suite of the repository. +# | arg: -c, --component - Component of the repository. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable +# uri suite component +# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable +# +ynh_add_repo () { + # Declare an array to define the options of this helper. + local legacy_args=uscna + declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append ) + local uri + local suite + local component + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/sources.list.d" + # Add the new repo in sources.list.d + echo "deb $uri $suite $component" \ + | $append "/etc/apt/sources.list.d/$name.list" +} + +# Add an extra repository correctly, pin it and get the key. +# +# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--priority=priority_value] [--name=name] [--append] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -k, --key - url to get the public key. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +ynh_install_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=rkpna + declare -Ar args_array=( [r]=repo= [k]=key= [p]=priority= [n]=name= [a]=append ) + local repo + local key + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + key=${key:-0} + priority=${priority:-} + + if [ $append -eq 1 ] + then + append="--append" + wget_append="tee -a" + else + append="" + wget_append="tee" + fi + + # Split the repository into uri, suite and components. + # Remove "deb " at the beginning of the repo. + repo="${repo#deb }" + + # Get the uri + local uri="$(echo "$repo" | awk '{ print $1 }')" + + # Get the suite + local suite="$(echo "$repo" | awk '{ print $2 }')" + + # Get the components + local component="${repo##$uri $suite }" + + # Add the repository into sources.list.d + ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append + + # Pin the new repo with the default priority, so it won't be used for upgrades. + # Build $pin from the uri without http and any sub path + local pin="${uri#*://}" + pin="${pin%%/*}" + # Set a priority only if asked + if [ -n "$priority" ] + then + priority="--priority=$priority" + fi + ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append + + # Get the public key for the repo + if [ -n "$key" ] + then + mkdir -p "/etc/apt/trusted.gpg.d" + wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg > /dev/null + fi + + # Update the list of package with the new repo + ynh_package_update +} + +# Remove an extra repository and the assiociated configuration. +# +# usage: ynh_remove_extra_repo [--name=name] +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_remove_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=n + declare -Ar args_array=( [n]=name= ) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + + ynh_secure_remove "/etc/apt/sources.list.d/$name.list" + ynh_secure_remove "/etc/apt/preferences.d/$name" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.asc" + + # Update the list of package to exclude the old repo + ynh_package_update +} + +# Install packages from an extra repository properly. +# +# usage: ynh_install_extra_app_dependencies --repo="repo" --package="dep1 dep2" [--key=key_url] [--name=name] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -p, --package - The packages to install from this extra repository +# | arg: -k, --key - url to get the public key. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_install_extra_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=rpkn + declare -Ar args_array=( [r]=repo= [p]=package= [k]=key= [n]=name= ) + local repo + local package + local key + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + key=${key:-0} + + # Set a key only if asked + if [ -n "$key" ] + then + key="--key=$key" + fi + # Add an extra repository for those packages + ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name + + # Install requested dependencies from this extra repository. + ynh_add_app_dependencies --package="$package" + + # Remove this extra repository after packages are installed + ynh_remove_extra_repo --name=$app +} + +#================================================= + +# patched version of ynh_install_app_dependencies to be used with ynh_add_app_dependencies + +# Define and install dependencies with a equivs control file +# This helper can/should only be called once per app +# +# usage: ynh_install_app_dependencies dep [dep [...]] +# | arg: dep - the package name to install in dependence +# You can give a choice between some package with this syntax : "dep1|dep2" +# Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5" +# This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5) +# +# Requires YunoHost version 2.6.4 or higher. +ynh_install_app_dependencies () { + local dependencies=$@ + dependencies="$(echo "$dependencies" | sed 's/\([^\<=\>]\)\ \([^(]\)/\1, \2/g')" + dependencies=${dependencies//|/ | } + local manifest_path="../manifest.json" + if [ ! -e "$manifest_path" ]; then + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + fi + + local version=$(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file. + if [ ${#version} -eq 0 ]; then + version="1.0" + fi + local dep_app=${app//_/-} # Replace all '_' by '-' + + # Handle specific versions + if [[ "$dependencies" =~ [\<=\>] ]] + then + # Replace version specifications by relationships syntax + # https://www.debian.org/doc/debian-policy/ch-relationships.html + # Sed clarification + # [^(\<=\>] ignore if it begins by ( or < = >. To not apply twice. + # [\<=\>] matches < = or > + # \+ matches one or more occurence of the previous characters, for >= or >>. + # [^,]\+ matches all characters except ',' + # Ex: package>=1.0 will be replaced by package (>= 1.0) + dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')" + fi + + cat > /tmp/${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build +Section: misc +Priority: optional +Package: ${dep_app}-ynh-deps +Version: ${version} +Depends: ${dependencies} +Architecture: all +Description: Fake package for $app (YunoHost app) dependencies + This meta-package is only responsible of installing its dependencies. +EOF + ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \ + || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies + rm /tmp/${dep_app}-ynh-deps.control + ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" +} + +ynh_add_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=pr + declare -Ar args_array=( [p]=package= [r]=replace) + local package + local replace + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + replace=${replace:-0} + + local current_dependencies="" + if [ $replace -eq 0 ] + then + local dep_app=${app//_/-} # Replace all '_' by '-' + if ynh_package_is_installed --package="${dep_app}-ynh-deps" + then + current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + fi + + current_dependencies=${current_dependencies// | /|} + fi + + ynh_install_app_dependencies "${current_dependencies}${package}" +} diff --git a/sources/extra_files/app/Template_Yunohost.xml b/sources/extra_files/app/Template_Yunohost.xml index f7121a0..ddd4f30 100644 --- a/sources/extra_files/app/Template_Yunohost.xml +++ b/sources/extra_files/app/Template_Yunohost.xml @@ -1,7 +1,7 @@ 4.0 - 2019-01-15T12:48:48Z + 2019-03-07T14:08:51Z Templates/Applications @@ -12,7 +12,7 @@ Template Yunohost cat /etc/sudoers.d/zabbix -zabbix ALL=(root) NOPASSWD: /etc/zabbix/zabbix_agentd.d/yunohost.sh +zabbix ALL=(ALL) NOPASSWD: /etc/zabbix/zabbix_agentd.d/yunohost.sh cat /etc/zabbix/zabbix_agentd.d/userP_yunohost.conf UserParameter=yunohost.users.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.users.discover @@ -23,8 +23,8 @@ UserParameter=yunohost.services.discover,sudo /etc/zabbix/zabbix_agentd.d/yunoho UserParameter=yunohost.service.status[*],sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.service.status "$1" UserParameter=yunohost.backups.number,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.backups.number UserParameter=yunohost.backups.ageoflastbackup,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.backups.ageoflastbackup -UserParameter=yunohost.ports.tcp.discovery,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.tcp.discovery -UserParameter=yunohost.ports.udp.discovery,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.udp.discovery +UserParameter=yunohost.ports.tcp.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.tcp.discovery +UserParameter=yunohost.ports.udp.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.udp.discovery UserParameter=yunohost.migrations.lastinstalled,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.migrations.lastinstalled UserParameter=yunohost.migrations.lastavailable,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.migrations.lastavailable @@ -32,7 +32,6 @@ cat /etc/zabbix/zabbix_agentd.d/yunohost.sh #!/bin/bash yunobin=$(which yunohost) - if [ "$1" == "yunohost.users.discover" ];then users=$($yunobin user list --fields 'uid' | awk -F ': ' '/username: / {print $2}');echo -n "{\"data\":[";for user in $users;do echo -n "{\"{#USERNAME}\":\"$user\"},";done | sed 's/,$//' ;echo "]}" fi @@ -42,37 +41,45 @@ if [ "$1" == "yunohost.user.quota" ] ;then fi if [ "$1" == "yunohost.domains.discover" ] ;then - domains=$($yunobin domain list --plain);echo -n "{\"data\":[";for domain in $domains;do echo -n "{\"{#DOMAIN}\":\"$domain\"},";done | sed 's/,$//' ;echo "]}" + domains=$($yunobin domain list --output-as plain);echo -n "{\"data\":[";for domain in $domains;do echo -n "{\"{#DOMAIN}\":\"$domain\"},";done | sed 's/,$//' ;echo "]}" fi if [ "$1" == "yunohost.domain.cert" ] ;then - $yunobin domain cert-status "$2" --plain | awk '/#/{ next;} {printf "%s;",$0} END {print ""}' + $yunobin domain cert-status "$2" --output-as plain --full| awk '/#/{ next;} {printf "%s;",$0} END {print ""}' fi if [ "$1" == "yunohost.services.discover" ] ;then - services=$($yunobin service status | grep -Po '^([A-Za-z]+)(?=(:))');echo -n "{\"data\":[";for service in $services;do echo -n "{\"{#SERVICE}\":\"$service\"},";done | sed 's/,$//' ;echo "]}" + services=$($yunobin service status 2>/dev/null| grep -Po '^([A-Za-z]+)(?=(:))');echo -n "{\"data\":[";for service in $services;do echo -n "{\"{#SERVICE}\":\"$service\"},";done | sed 's/,$//' ;echo "]}" fi if [ "$1" == "yunohost.service.status" ] ;then - $yunobin service status "$2" --plain | awk '/#/{ next;} {printf "%s;",$0} END {print ""}' + service=$($yunobin service status "$2" --output-as json 2>/dev/null) + if [[ "$(echo $service | jq -r '.description')" == *"doesn't exists for systemd"* ]] ;then + echo "$service" | jq -c '.active = "disabled"' + else + echo "$service" + fi fi if [ "$1" == "yunohost.backups.number" ] ;then - $yunobin backup list --plain | wc -l + $yunobin backup list --output-as plain | wc -l fi if [ "$1" == "yunohost.backups.ageoflastbackup" ] ;then - timestamp=$(date +"%d/%m/%Y %H:%M" -d"$($yunobin backup list -i | tail -n 4 | head -n 1 | grep -Po 'created_at: \K(.*)')") - echo $(( ($(date +%s) - $(date -d"$timestamp" +%s))/(60*60*24) )) + if [ $($yunobin backup list --output-as plain | wc -l) -ne 0 ] ;then + timestamp=$(date +"%d/%m/%Y %H:%M" -d"$($yunobin backup list -i | tail -n 4 | head -n 1 | grep -Po 'created_at: \K(.*)')") + echo $(( ($(date +%s) - $(date -d"$timestamp" +%s))/(60*60*24) )) + else + echo "No backup detected" + fi fi - if [ "$1" == "yunohost.ports.tcp.discovery" ] ;then - ports=$($yunobin firewall list -r --plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##TCP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" + ports=$($yunobin firewall list -r --output-as plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##TCP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" fi if [ "$1" == "yunohost.ports.udp.discovery" ] ;then - ports=$($yunobin firewall list -r --plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##UDP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" + ports=$($yunobin firewall list -r --output-as plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##UDP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" fi if [ "$1" == "yunohost.migrations.lastinstalled" ] ;then @@ -123,7 +130,7 @@ fi yunohost.backups.ageoflastbackup - 1d + 1d;h10m45 90d 365d 0 @@ -182,7 +189,7 @@ fi yunohost.backups.number - 1d + 1d;h11 90d 365d 0 @@ -241,7 +248,7 @@ fi yunohost.migrations.lastavailable - 1d + 1d;h10m50 90d 365d 0 @@ -300,7 +307,7 @@ fi yunohost.migrations.lastinstalled - 1d + 1d;h10m55 90d 365d 0 @@ -361,7 +368,7 @@ fi yunohost.domains.discover - 1d + 1d;h10 0 @@ -625,7 +632,7 @@ fi yunohost.ports.tcp.discover - 1d + 1d;h9m30 0 @@ -759,7 +766,7 @@ fi yunohost.ports.udp.discover - 1d + 1d;h9m45 0 @@ -893,7 +900,7 @@ fi yunohost.services.discover - 1d + 1d;h10m15 0 @@ -962,10 +969,14 @@ fi + + 12 + $.active + 5 - (.*);(.*);(.*);(.*);(.*);(.*);(.*); -\6:inactive=0:active=1:unknown=2;disabled=3 + (.*) +\1:inactive=0:active=1:unknown=2;disabled=3 5 @@ -1135,7 +1146,7 @@ fi yunohost.users.discover - 1d + 1d;h10m30 0 @@ -1399,4 +1410,4 @@ fi - + \ No newline at end of file diff --git a/sources/extra_files/app/etc_sudoers.d_zabbix b/sources/extra_files/app/etc_sudoers.d_zabbix new file mode 100644 index 0000000..ce70ecb --- /dev/null +++ b/sources/extra_files/app/etc_sudoers.d_zabbix @@ -0,0 +1 @@ +zabbix ALL=(ALL) NOPASSWD: /etc/zabbix/zabbix_agentd.d/yunohost.sh diff --git a/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_userP_yunohost.conf b/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_userP_yunohost.conf new file mode 100644 index 0000000..3070897 --- /dev/null +++ b/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_userP_yunohost.conf @@ -0,0 +1,12 @@ +UserParameter=yunohost.users.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.users.discover +UserParameter=yunohost.user.quota[*],sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.user.quota "$1" +UserParameter=yunohost.domains.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.domains.discover +UserParameter=yunohost.domain.cert[*],sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.domain.cert "$1" +UserParameter=yunohost.services.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.services.discover +UserParameter=yunohost.service.status[*],sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.service.status "$1" +UserParameter=yunohost.backups.number,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.backups.number +UserParameter=yunohost.backups.ageoflastbackup,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.backups.ageoflastbackup +UserParameter=yunohost.ports.tcp.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.tcp.discovery +UserParameter=yunohost.ports.udp.discover,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.ports.udp.discovery +UserParameter=yunohost.migrations.lastinstalled,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.migrations.lastinstalled +UserParameter=yunohost.migrations.lastavailable,sudo /etc/zabbix/zabbix_agentd.d/yunohost.sh yunohost.migrations.lastavailable \ No newline at end of file diff --git a/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_yunohost.sh b/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_yunohost.sh new file mode 100644 index 0000000..c6859d3 --- /dev/null +++ b/sources/extra_files/app/etc_zabbix_zabbix_agentd.d_yunohost.sh @@ -0,0 +1,60 @@ +#!/bin/bash +yunobin=$(which yunohost) + +if [ "$1" == "yunohost.users.discover" ];then + users=$($yunobin user list --fields 'uid' | awk -F ': ' '/username: / {print $2}');echo -n "{\"data\":[";for user in $users;do echo -n "{\"{#USERNAME}\":\"$user\"},";done | sed 's/,$//' ;echo "]}" +fi + +if [ "$1" == "yunohost.user.quota" ] ;then + quota=$($yunobin user info "$2" | grep -Po "use:.*\(\K([0-9]{1,3})");if [ -z "$quota" ];then echo 0 ; else echo "$quota" ;fi +fi + +if [ "$1" == "yunohost.domains.discover" ] ;then + domains=$($yunobin domain list --output-as plain);echo -n "{\"data\":[";for domain in $domains;do echo -n "{\"{#DOMAIN}\":\"$domain\"},";done | sed 's/,$//' ;echo "]}" +fi + +if [ "$1" == "yunohost.domain.cert" ] ;then + $yunobin domain cert-status "$2" --output-as plain --full| awk '/#/{ next;} {printf "%s;",$0} END {print ""}' +fi + +if [ "$1" == "yunohost.services.discover" ] ;then + services=$($yunobin service status 2>/dev/null| grep -Po '^([A-Za-z]+)(?=(:))');echo -n "{\"data\":[";for service in $services;do echo -n "{\"{#SERVICE}\":\"$service\"},";done | sed 's/,$//' ;echo "]}" +fi + +if [ "$1" == "yunohost.service.status" ] ;then + service=$($yunobin service status "$2" --output-as json 2>/dev/null) + if [[ "$(echo $service | jq -r '.description')" == *"doesn't exists for systemd"* ]] ;then + echo "$service" | jq -c '.active = "disabled"' + else + echo "$service" + fi +fi + +if [ "$1" == "yunohost.backups.number" ] ;then + $yunobin backup list --output-as plain | wc -l +fi + +if [ "$1" == "yunohost.backups.ageoflastbackup" ] ;then + if [ $($yunobin backup list --output-as plain | wc -l) -ne 0 ] ;then + timestamp=$(date +"%d/%m/%Y %H:%M" -d"$($yunobin backup list -i | tail -n 4 | head -n 1 | grep -Po 'created_at: \K(.*)')") + echo $(( ($(date +%s) - $(date -d"$timestamp" +%s))/(60*60*24) )) + else + echo "No backup detected" + fi +fi + +if [ "$1" == "yunohost.ports.tcp.discovery" ] ;then + ports=$($yunobin firewall list -r --output-as plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##TCP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" +fi + +if [ "$1" == "yunohost.ports.udp.discovery" ] ;then + ports=$($yunobin firewall list -r --output-as plain | awk '/#ipv4/{flag=1;next}/#uPnP/{flag=0}flag' | awk '/##UDP/{flag=1;next}/##TCP/{flag=0}flag');echo -n "{\"data\":[";for port in $ports;do echo -n "{\"{#PORT}\":\"$port\"},";done | sed 's/,$//' ;echo "]}" +fi + +if [ "$1" == "yunohost.migrations.lastinstalled" ] ;then + $yunobin tools migrations state | grep -Po " number: \K(.*)" +fi + +if [ "$1" == "yunohost.migrations.lastavailable" ] ;then + $yunobin tools migrations list | tail -n 1 | grep -Po " number: \K(.*)" +fi \ No newline at end of file diff --git a/sources/extra_files/app/usr_share_zabbix_conf_zabbix.conf.php b/sources/extra_files/app/usr_share_zabbix_conf_zabbix.conf.php new file mode 100644 index 0000000..67b13e6 --- /dev/null +++ b/sources/extra_files/app/usr_share_zabbix_conf_zabbix.conf.php @@ -0,0 +1,19 @@ +