puppet-zabbix
puppet-zabbix copied to clipboard
Push scripts for External Scripts
Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 2.8.0-1 Open
- Ruby: 2.0.0.648-30.el7
- Distribution: CentOS 7 w/ foreman and puppet module install
- Module version: 6.1.0
Hiera code can push files into the UserParameter directory. Would like to be able to push scripts into the external script directory
The current version doesn't seem to have a method for specifying the externalscripts directory in Hiera. I'm very much a neophyte with puppet code and have things working with a certain amount of dumb luck.
What modifications would need to be made to be able to push a handful of scripts into the defined external scripts folder for zabbix agents?
Could you create a PR with the code you already got? We already define the parameter ExternalScripts in the server config file, so I guess we really only need to copy files to that directory?
Sure, I can make the PR for it. Not a big change, just a bit beyond my skillset to change on my own.
EDIT: OK, maybe I can't, lol. I'm running from the puppet module install off of forge, should be the current 6.1.0 master branch, AFAIK
The userparameters.pp appears to have a mechanism built-in to deploy a script, but it wants to put them in /usr/bin by default (ugh). I think it would be "a good thing" (tm) to make the script dir something other than /usr/bin (for safety/security if nothing else), and make it a top level parameter that the defined type inherits so that you dont have to put the script dir on every userparameter.
@TJM sounds good. Can you provide a PR for this?
Actually, I am wondering if we should look into using the paths defined by selinux (RHEL at least)
~> semanage fcontext -l | grep zabbix_script_exec
/usr/lib/zabbix/externalscripts(/.*)? all files system_u:object_r:zabbix_script_exec_t:s0
/var/lib/zabbix/externalscripts(/.*)? all files system_u:object_r:zabbix_script_exec_t:s0
If anyone has access to some alternative platforms and can look into the equivalent, maybe list out the package contents or whatever to find out where "scripts" are supposed to go, by default?
~tommy
The default location appears to be: /usr/local/share/zabbix/externalscripts
according to: https://www.zabbix.com/documentation/3.4/manual/appendix/config/zabbix_server
I've had issues trying to use this folder as some of the SE rules aren't geared towards allowing scripts to be executed from that folder. I've shifted it to be /etc/zabbix/externalscripts in most of my deployments and have had good luck there.
OK, so we will need OS level hieradata... of course red hat packages aren't going to be in /usr/local, hence the /var/lib/zabbix (more redhat'y) :)