I hope I can find here some help or hints. I am new to docker and zabbix.
I am trying to make a dockerfile and a docker-compose for zabbix monitoring with the zbxwmi plugin.
Somehow I am very stuck to change the permission for the script to have the permission in the container to use it. If I check it on the container I get with exec the permission for
ubuntu:ubuntu but I think I have to change it like my zabbix user with the name zabbix and he needs root permisson to use the zbxwmi script, because my user is zabbix within my zabbix ngix frontend. I hope I can get here some help.
thank you in advance
I have changed the host chmod the Result
root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# chmod 640 /home/zabbix/container-files/etc/zabbix/wmi.pw root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# ls -l /home/zabbix/container-files/etc/zabbix/wmi.pw -rw-r—– 1 zabbix zabbix 96 Apr 9 06:11 /home/zabbix/container-files/etc/zabbix/wmi.pw
root@zabbixwmi:/home/zabbix/container-files/etc/zabbix#
User root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# ls -l /home/zabbix/container-files/usr/lib/zabbix/externalscripts/zbxwmi -rwxr–r– 1 zabbix zabbix 6900 Nov 27 2020 /home/zabbix/container-files/usr/lib/zabbix/externalscripts/zbxwmi root@zabbixwmi:/home/zabbix/container-files/etc/zabbix#
https://github.com/13hakta/zbxwmi
root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# chmod 640 /home/zabbix/container-files/etc/zabbix/wmi.pw root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# ls -l /home/zabbix/container-files/etc/zabbix/wmi.pw -rw-r—– 1 zabbix zabbix 96 Apr 9 06:11 /home/zabbix/container-files/etc/zabbix/wmi.pw
root@zabbixwmi:/home/zabbix/container-files/etc/zabbix#
User root@zabbixwmi:/home/zabbix/container-files/etc/zabbix# ls -l /home/zabbix/container-files/usr/lib/zabbix/externalscripts/zbxwmi -rwxr–r– 1 zabbix zabbix 6900 Nov 27 2020 /home/zabbix/container-files/usr/lib/zabbix/externalscripts/zbxwmi root@zabbixwmi:/home/zabbix/container-files/etc/zabbix#
my folder and file structure:
zabbix
db_dumb.sh
db_restore.sh
docker-compose.yml
dockerfile
entrypoint.sh
zabbix_server.conf
container-files
etc
ssl
apache
grafana
nginx
zabbix
nginx.conf
wmi.pw
usr
lib
zabbix
externalscripts
zbxwmi
local
share
zabbix
externalscripts
zbxwmi
grafana
(not the priority right now)
sh
build.sh
create_user.sh
ssl
dockerfile
# Use the official Ubuntu image as the base image
FROM ubuntu:latest
# Set environment variables to prevent interactive prompts during package installation
ENV DEBIAN_FRONTEND=noninteractive
# Create a user named "zabbix" with root privileges
RUN useradd -m -s /bin/bash zabbix &&
usermod -aG sudo zabbix &&
echo 'zabbix:password' | chpasswd
# Update package lists and install necessary packages for your main application
RUN apt-get update && apt-get install -y
nginx
wget
postgresql-client
python3-six
python3-pycryptodome
python3-pyasn1
python3-pip
openssl
&& apt-get clean
&& rm -rf /var/lib/apt/lists/*
# Generate German locale and update locale settings
RUN locale-gen de_DE.UTF-8 && update-locale LANG=de_DE.UTF-8
# Install Zabbix repository and Zabbix packages
RUN wget https://mirrors.tuna.tsinghua.edu.cn/zabbix/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1%2Bubuntu22.04_all.deb &&
dpkg -i zabbix-release_6.4-1+ubuntu22.04_all.deb &&
apt-get update &&
apt-get install -y
zabbix-server-pgsql
zabbix-frontend-nginx
zabbix-nginx-conf
zabbix-agent
&& apt-get clean
&& rm -rf /var/lib/apt/lists/*
# Install Grafana
RUN wget -q -O - https://packages.grafana.com/gpg.key | apt-key add - &&
echo "deb https://packages.grafana.com/oss/deb stable main" | tee -a /etc/apt/sources.list.d/grafana.list &&
apt-get update &&
apt-get install -y grafana &&
apt-get clean
&& rm -rf /var/lib/apt/lists/*
# Install Impacket for WMI
RUN python3 -m pip install --upgrade pip &&
python3 -m pip install impacket
# Copy Zabbix NGINX configuration file
COPY container-files/etc/zabbix/nginx.conf /etc/nginx/sites-available/default
# Create directory for external scripts
RUN mkdir -p /usr/lib/zabbix/externalscripts/
# Copy external scripts
COPY container-files/usr/lib/zabbix/externalscripts/zbxwmi /usr/lib/zabbix/externalscripts/zbxwmi
COPY container-files/etc/zabbix/wmi.pw /etc/zabbix/wmi.pw
# Set permissions and ownership for scripts
RUN chmod +x /usr/lib/zabbix/externalscripts/zbxwmi &&
chmod 700 /etc/zabbix/wmi.pw &&
chown zabbix:zabbix /usr/lib/zabbix/externalscripts/zbxwmi &&
chown -R zabbix:zabbix /etc/zabbix/wmi.pw
# Expose ports
EXPOSE 10050/tcp 10051/tcp 80/tcp 443/tcp
# Copy entrypoint script
COPY entrypoint.sh /entrypoint.sh
# Set execute permission for the entrypoint script
RUN chmod +x /entrypoint.sh
# Set the entrypoint script as the entry point for the container
ENTRYPOINT ["/entrypoint.sh"]
# Set the zabbix user as the default user for subsequent commands
USER zabbix
docker-compose
version: '3.8'
services:
zabbix-server:
image: ${ZABBIX_SERVER_IMAGE:-zabbix/zabbix-server-pgsql:ubuntu-6.4-latest}
restart: unless-stopped
ports:
- "10051:10051"
environment:
DB_SERVER_HOST: postgres
DB_SERVER_PORT: 5432
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
depends_on:
- postgres
networks:
- network-zabbix
volumes:
- ./container-files/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts
- ./container-files/etc/zabbix/wmi.pw:/etc/zabbix/wmi.pw
zabbix-frontend:
image: ${ZABBIX_FRONTEND_IMAGE:-zabbix/zabbix-web-nginx-pgsql:6.4-ubuntu-latest}
restart: unless-stopped
ports:
- "8080:8080"
- "8443:8443"
environment:
DB_SERVER_HOST: postgres
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
PHP_TZ: ${TZ}
ZBX_SERVER_HOST: zabbix-server
ZBX_SERVER_PORT: 10051
depends_on:
- zabbix-server
networks:
- network-zabbix
zabbix-agent:
image: ${ZABBIX_AGENT_IMAGE:-zabbix/zabbix-agent:6.4-ubuntu-latest}
restart: unless-stopped
ports:
- "10050:10050"
environment:
ZBX_ACTIVE_ALLOW: "" # or null, depending on your preference
TZ: ${TZ}
ZBX_SERVER_HOST: zabbix-server
ZBX_SERVER_PORT: 10051
ZBX_HOSTNAME: zabbix-agent
ZBX_HOSTNAMEITEM: system.hostname
depends_on:
- zabbix-server
networks:
- network-zabbix
volumes:
- ./container-files/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts
- ./container-files/etc/zabbix/wmi.pw:/etc/zabbix/wmi.pw
postgres:
image: ${POSTGRES_IMAGE:-postgres:latest}
restart: unless-stopped
ports:
- "5432:5432"
volumes:
- postgres:/var/lib/postgresql/data
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
PG_DATA: /var/lib/postgresql/data/pgdata
networks:
- network-zabbix
grafana:
image: ${GRAFANA_IMAGE:-grafana/grafana}
restart: unless-stopped
ports:
- "3000:3000"
environment:
GF_SECURITY_ADMIN_USER: ${GRAFANA_USER:-admin}
GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_SECRET:-12345}
GF_INSTALL_PLUGINS: alexanderzobnin-zabbix-app
TZ: ${TZ}
user: "472"
volumes:
- grafana:/var/lib/grafana
- ./grafana/grafana.ini:/etc/grafana/grafana.ini
- ./grafana/provisioning:/etc/grafana/provisioning
depends_on:
- zabbix-frontend
networks:
- network-zabbix
nginx:
image: nginx:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./ssl/nginx:/etc/nginx/ssl
- ./ssl/apache:/etc/apache2/ssl
- ./ssl/grafana:/etc/grafana/ssl
networks:
- network-zabbix
volumes:
postgres: {}
grafana: {}
networks:
network-zabbix:
driver: bridge
entrypoint.sh
#!/bin/bash
set -e
# Set permissions and ownership for external scripts
chown -R zabbix:zabbix /usr/lib/zabbix/externalscripts
chown zabbix:zabbix /etc/zabbix/wmi.pw
# Start PostgreSQL service
service postgresql start
# Start Nginx service
service nginx start
# Start Zabbix server
service zabbix-server start
# Start Zabbix agent
service zabbix-agent start
# Tail the Nginx error log to keep the container running
tail -f /var/log/nginx/error.log
wmi.pw
USER root
RUN echo -e "zabbixpasswordlocalhost" > /etc/zabbix/wmi.pw
USER non-root-user
build.sh
#!/bin/bash
docker build --pull --rm -f "DockerBuildDockerfile" -t docker:latest "DockerBuild"
create_user.sh
#!/bin/sh
if ! id -u zabbix > /dev/null 2>&1; then
useradd -ms /bin/bash zabbix
fi
zabbix_server.conf (not in use)
### Option: ListenPort
# Listen port for trapper.
# No default.
# Mandatory: no
# Range: 1024-32767
# ListenPort=
### Option: ListenIP
# List of comma delimited IP addresses that the trapper should listen on.
# Default:
# ListenIP=0.0.0.0
### Option: HousekeepingFrequency
# How often Zabbix server should perform housekeeping procedure in
# seconds.
# No default, -1 - disable housekeeping.
# Mandatory: no
# Range: -1-86400
# HousekeepingFrequency=1
### Option: StartPollers
# Number of pre-forked instances of pollers.
# Default:
# StartPollers=5
db_dumb.sh (perheaps it has to be zabbix not zabbixadmin)
#!/bin/sh
# RUN BEFORE UPGRADING POSTGRES IMAGE.
docker compose down
docker compose up -d db
docker compose exec postgres pg_dumpall -U zabbixadmin > pgdump.sql
docker compose down
db_restore.sh (perheaps it has to be zabbix not zabbixadmin)
#!/bin/sh
# RUN AFTER UPGRADING POSTGRES IMAGE.
docker compose up -d db
cat pgdump.sql | docker compos postgres zabbix_db_1 psql -U zabbixadmin -d zabbix
docker compose down
nginx.conf
server {
listen 80;
server_name example.com;
root /usr/share/zabbix;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock; # Adjust version as needed
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location ~ /.ht {
deny all;
}
}
I am trying to use the plugin within zabbix but somehow I have no permisson to use it.
New contributor
warcolour is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.