puppet-zabbix icon indicating copy to clipboard operation
puppet-zabbix copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Push scripts for External Scripts

Open aeva-assured opened this issue 6 years ago • 7 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 2.8.0-1 Open
  • Ruby: 2.0.0.648-30.el7
  • Distribution: CentOS 7 w/ foreman and puppet module install
  • Module version: 6.1.0

Hiera code can push files into the UserParameter directory. Would like to be able to push scripts into the external script directory

The current version doesn't seem to have a method for specifying the externalscripts directory in Hiera. I'm very much a neophyte with puppet code and have things working with a certain amount of dumb luck.

What modifications would need to be made to be able to push a handful of scripts into the defined external scripts folder for zabbix agents?

aeva-assured avatar Jan 07 '18 01:01 aeva-assured

Could you create a PR with the code you already got? We already define the parameter ExternalScripts in the server config file, so I guess we really only need to copy files to that directory?

bastelfreak avatar Jan 07 '18 08:01 bastelfreak

Sure, I can make the PR for it. Not a big change, just a bit beyond my skillset to change on my own.

EDIT: OK, maybe I can't, lol. I'm running from the puppet module install off of forge, should be the current 6.1.0 master branch, AFAIK

aeva-assured avatar Jan 07 '18 17:01 aeva-assured

The userparameters.pp appears to have a mechanism built-in to deploy a script, but it wants to put them in /usr/bin by default (ugh). I think it would be "a good thing" (tm) to make the script dir something other than /usr/bin (for safety/security if nothing else), and make it a top level parameter that the defined type inherits so that you dont have to put the script dir on every userparameter.

TJM avatar Aug 10 '18 13:08 TJM

@TJM sounds good. Can you provide a PR for this?

bastelfreak avatar Aug 11 '18 20:08 bastelfreak

Actually, I am wondering if we should look into using the paths defined by selinux (RHEL at least)

~> semanage fcontext -l | grep zabbix_script_exec
/usr/lib/zabbix/externalscripts(/.*)?              all files          system_u:object_r:zabbix_script_exec_t:s0
/var/lib/zabbix/externalscripts(/.*)?              all files          system_u:object_r:zabbix_script_exec_t:s0

If anyone has access to some alternative platforms and can look into the equivalent, maybe list out the package contents or whatever to find out where "scripts" are supposed to go, by default?

~tommy

TJM avatar Aug 23 '18 14:08 TJM

The default location appears to be: /usr/local/share/zabbix/externalscripts

according to: https://www.zabbix.com/documentation/3.4/manual/appendix/config/zabbix_server

I've had issues trying to use this folder as some of the SE rules aren't geared towards allowing scripts to be executed from that folder. I've shifted it to be /etc/zabbix/externalscripts in most of my deployments and have had good luck there.

aeva-assured avatar Aug 23 '18 18:08 aeva-assured

OK, so we will need OS level hieradata... of course red hat packages aren't going to be in /usr/local, hence the /var/lib/zabbix (more redhat'y) :)

TJM avatar Aug 23 '18 20:08 TJM