Add parameter and default for Option SocketDir

wdberry · wdberry · commit e4bdc3458264 · 2020-10-23T17:21:16.000-04:00
Added the parameter socketdir to be able to override Option SocketDir in both zabbix_server.conf and zabbix_proxy.conf via an ENC (such as Foreman).

It was added in zabbix_server.conf for completeness, however, in Zabbix 5.0 the proxy service creates a Unix socket for preprocessing called zabbix_proxy_preprocessing.sock.

In the default location, /tmp, SELinux violations on creating the socket prevented the zabbix-proxy service from starting in my deployment on CentOS 7.

My workaround was to override SocketDir, which was added to zabbix_proxy.conf in 5.0, to change the directory that this socket is created in from the default to /var/run/zabbix.

Because it only exists when the service is running, /var/run seemed the appropriate place, and /var/run/zabbix already existed and had appropriate SELinux labels due to the agent and proxy PID files.

To resolve this issue without explicitly setting the parameter, I set the default for socketdir within zabbix::proxy to be /var/run/zabbix if zabbix_version is &gt;= 5.0.

That seems a safe and sane enough default that works when both SELinux is enabled or disabled so that it's not necessary to do a boolean and comparison against both zabbix_version and facts('os.selinux.enabled').
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -176,6 +176,7 @@
   $include_dir                              = $zabbix::params::server_include,
   $loadmodulepath                           = $zabbix::params::server_loadmodulepath,
   $loadmodule                               = $zabbix::params::server_loadmodule,
+  Stdlib::Absolutepath $socketdir           = $zabbix::params::server_socketdir,
   Boolean $manage_selinux                   = $zabbix::params::manage_selinux,
   String $additional_service_params         = $zabbix::params::additional_service_params,
   Optional[String[1]] $zabbix_user          = $zabbix::params::server_zabbix_user,
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -284,6 +284,7 @@
   $server_vmwarecachesize                   = '8M'
   $server_vmwarefrequency                   = '60'
   $server_vmwaretimeout                     = undef
+  $server_socketdir                         = '/tmp'
 
   # Agent specific params
   $agent_allowroot                          = '0'
@@ -425,6 +426,10 @@
   $proxy_zabbix_server_host                 = undef
   $proxy_zabbix_server_port                 = '10051'
   $proxy_zbx_templates                      = ['Template App Zabbix Proxy']
+  $proxy_socketdir                          = versioncmp($zabbix_version, '5.0') ? {
+    -1      => '/tmp',
+    default => '/var/run/zabbix',
+  }
 
   # Java Gateway specific params
   $javagateway_listenip                     = '0.0.0.0'
diff --git a/manifests/proxy.pp b/manifests/proxy.pp
@@ -264,6 +264,10 @@
 # [*loadmodule*]
 #   Module to load at server startup.
 #
+# [*socketdir*]
+#   IPC socket directory.
+#     Directory to store IPC sockets used by internal Zabbix services.
+#
 # === Example
 #
 #  When you want to run everything on one machine, you can use the following
@@ -423,6 +427,7 @@
   $loadmodulepath                  = $zabbix::params::proxy_loadmodulepath,
   $loadmodule                      = $zabbix::params::proxy_loadmodule,
   Boolean $manage_selinux          = $zabbix::params::manage_selinux,
+  Stdlib::Absolutepath $socketdir  = $zabbix::params::proxy_socketdir,
 ) inherits zabbix::params {
   # check osfamily, Arch is currently not supported for web
   if $facts['os']['family'] == 'Archlinux' {
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -261,6 +261,10 @@
 # [*manage_startup_script*]
 #  If the init script should be managed by this module. Attention: This might cause problems with some config options of this module (e.g server_configfile_path)
 #
+# [*socketdir*]
+#   IPC socket directory.
+#     Directory to store IPC sockets used by internal Zabbix services.
+#
 # === Example
 #
 #   When running everything on a single node, please check
@@ -383,6 +387,7 @@
   String $additional_service_params          = $zabbix::params::additional_service_params,
   Optional[String[1]] $zabbix_user           = $zabbix::params::server_zabbix_user,
   Boolean $manage_startup_script             = $zabbix::params::manage_startup_script,
+  Stdlib::Absolutepath $socketdir            = $zabbix::params::server_socketdir,
 ) inherits zabbix::params {
   # the following codeblock is a bit blargh. The correct default value for
   # $real_additional_service_params changes based on the value of $zabbix_version
diff --git a/spec/classes/proxy_spec.rb b/spec/classes/proxy_spec.rb
@@ -367,6 +367,17 @@
           it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^EnableRemoteCommands=1$} }
           it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^LogRemoteCommands=1$} }
         end
+
+        context 'with zabbix_proxy.conf and version 5.0' do
+          let :params do
+            {
+              socketdir: '/var/run/zabbix',
+              zabbix_version: '5.0'
+            }
+          end
+
+          it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^SocketDir=/var/run/zabbix} }
+        end
       end
     end
   end
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
@@ -385,6 +385,17 @@
         it { is_expected.to contain_file('/etc/zabbix/zabbix_server.conf').with_content %r{^HistoryIndexCacheSize=4M} }
       end
 
+      context 'with zabbix_server.conf and version 5.0' do
+        let :params do
+          {
+            socketdir: '/var/run/zabbix',
+            zabbix_version: '5.0'
+          }
+        end
+
+        it { is_expected.to contain_file('/etc/zabbix/zabbix_server.conf').with_content %r{^SocketDir=/var/run/zabbix} }
+      end
+
       context 'with zabbix_server.conf and system as logtype' do
         let :params do
           {
diff --git a/templates/zabbix_proxy.conf.erb b/templates/zabbix_proxy.conf.erb
@@ -95,6 +95,17 @@ DebugLevel=<%= @debuglevel %>
 #
 PidFile=<%= @pidfile %>
 
+<% if @zabbix_version.to_f >= 5.0 %>
+### Option: SocketDir
+#       IPC socket directory.
+#               Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+
+SocketDir=<%= @socket_dir %>
+<% end %>
+
 ### Option: DBHost
 #	Database host name.
 #	If set to localhost, socket is used for MySQL.
diff --git a/templates/zabbix_server.conf.erb b/templates/zabbix_server.conf.erb
@@ -77,6 +77,17 @@ DebugLevel=<%= @debuglevel %>
 #
 PidFile=<%= @pidfile %>
 
+<% if @zabbix_version.to_f >= 3.4 %>
+### Option: SocketDir
+#       IPC socket directory.
+#               Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+
+SocketDir=<%= @socket_dir %>
+<% end %>
+
 ### Option: DBHost
 #	Database host name.
 #	If set to localhost, socket is used for MySQL.
@@ -516,3 +527,4 @@ LoadModulePath=<%= @loadmodulepath %>
 <% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %>
 
 <% end %>
+
