Fixed minor issues with Windows containers

zabbix · Jan 11, 2025 · 5d9fbca · 5d9fbca
1 parent dc200c3
commit 5d9fbca
Show file tree

Hide file tree

Showing 10 changed files with 266 additions and 331 deletions.
diff --git a/.github/workflows/images_build_windows.yml b/.github/workflows/images_build_windows.yml
@@ -249,15 +249,15 @@ jobs:
             Write-Host @"
             docker build --label org.opencontainers.image.revision=$Env:LABEL_REVISION
                          --label org.opencontainers.image.created=$Env:LABEL_CREATED
-                         --build-arg=BUILD_BASE_IMAGE=$base_os_image
+                         --build-arg=OS_BASE_IMAGE=$base_os_image
                          --file=$dockerfile
                          $tags
                     $context
             "@
 
             docker build --label org.opencontainers.image.revision=$Env:LABEL_REVISION `
                          --label org.opencontainers.image.created=$Env:LABEL_CREATED `
-                         --build-arg=BUILD_BASE_IMAGE=$base_os_image `
+                         --build-arg=OS_BASE_IMAGE=$base_os_image `
                          --file=$dockerfile `
                          $tags `
                     $context
@@ -717,7 +717,7 @@ jobs:
             docker build --label org.opencontainers.image.revision=$Env:LABEL_REVISION
                          --label org.opencontainers.image.created=$Env:LABEL_CREATED
                          --build-arg=BUILD_BASE_IMAGE=$base_build_image
-                         --build-arg=BASE_IMAGE=$base_image
+                         --build-arg=OS_BASE_IMAGE=$base_image
                          --file=$dockerfile
                          $tags
                     $context
@@ -726,7 +726,7 @@ jobs:
             docker build --label org.opencontainers.image.revision=$Env:LABEL_REVISION `
                          --label org.opencontainers.image.created=$Env:LABEL_CREATED `
                          --build-arg=BUILD_BASE_IMAGE=$base_build_image `
-                         --build-arg=BASE_IMAGE=$base_image `
+                         --build-arg=OS_BASE_IMAGE=$base_image `
                          --file=$dockerfile `
                          $tags `
                     $context

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
diff --git a/Dockerfiles/agent/windows/Dockerfile b/Dockerfiles/agent/windows/Dockerfile
@@ -1,19 +1,24 @@
 # syntax=docker/dockerfile:1
 # escape=`
+ARG OS_BASE_IMAGE=mcr.microsoft.com/powershell:lts-nanoserver-ltsc2022
+
 ARG MAJOR_VERSION=6.0
 ARG ZBX_VERSION=${MAJOR_VERSION}.37
-ARG BUILD_BASE_IMAGE=zabbix-build-agent:ltsc2022-agent-${ZBX_VERSION}
 
-ARG BASE_IMAGE=mcr.microsoft.com/powershell:lts-nanoserver-ltsc2022
+ARG BUILD_BASE_IMAGE=zabbix-build-agent:ltsc2022-agent-${ZBX_VERSION}
 
 FROM ${BUILD_BASE_IMAGE} AS builder
-
-FROM ${BASE_IMAGE}
+FROM ${OS_BASE_IMAGE}
 
 ARG MAJOR_VERSION
 ARG ZBX_VERSION
 ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
+ENV ZABBIX_USER_HOME_DIR="C:\zabbix" `
+    ZABBIX_CONF_DIR="C:\zabbix\conf"
+
+ENV ZBX_USERPARAMETERDIR="${ZABBIX_USER_HOME_DIR}\user_scripts"
+
 LABEL org.opencontainers.image.title="Zabbix agent" `
       org.opencontainers.image.authors="Alexey Pustovalov <[email protected]>" `
       org.opencontainers.image.vendor="Zabbix SIA" `
@@ -36,25 +41,25 @@ USER ContainerAdministrator
 RUN $env:PATH = [string]::Format('{0}\zabbix\sbin;{0}\zabbix\bin;', $env:SystemDrive) + $env:PATH; `
     [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine); `
     `
-    $env:ZBX_HOME = [string]::Format('{0}\zabbix', $env:SystemDrive); `
-    [Environment]::SetEnvironmentVariable('ZBX_HOME', $env:ZBX_HOME, [EnvironmentVariableTarget]::Machine); `
+    [Environment]::SetEnvironmentVariable('ZABBIX_USER_HOME_DIR', $env:ZABBIX_USER_HOME_DIR, [EnvironmentVariableTarget]::Machine); `
     `
     Write-Host ('Verifying Zabbix agent {0} ...' -f $env:ZBX_VERSION); `
     zabbix_agentd.exe -V;
 
 RUN Set-Location -Path $env:SystemDrive\.; `
     `
-    New-Item -Force -ItemType directory -Path $env:ZBX_HOME\conf\zabbix_agentd.d | Out-Null; `
-    New-Item -Force -ItemType directory -Path $env:ZBX_HOME\enc | Out-Null; `
-    New-Item -Force -ItemType directory -Path $env:ZBX_HOME\modules | Out-Null; `
-    New-Item -Force -ItemType directory -Path $env:ZBX_HOME\buffer | Out-Null; `
+    New-Item -Force -ItemType directory -Path $env:ZABBIX_CONF_DIR | Out-Null; `
+    New-Item -Force -ItemType directory -Path $env:ZABBIX_CONF_DIR\zabbix_agentd.d | Out-Null; `
+    New-Item -Force -ItemType directory -Path $env:ZABBIX_USER_HOME_DIR\enc | Out-Null; `
+    New-Item -Force -ItemType directory -Path $env:ZABBIX_USER_HOME_DIR\enc_internal | Out-Null; `
+    New-Item -Force -ItemType directory -Path $env:ZBX_USERPARAMETERDIR | Out-Null; `
     `
     net accounts /MaxPWAge:unlimited; `
     net user /add zabbix /expire:never /passwordreq:no; `
-    $acl = Get-Acl -Path $env:ZBX_HOME; `
+    $acl = Get-Acl -Path $env:ZABBIX_USER_HOME_DIR; `
     $ace = New-Object Security.AccessControl.FileSystemAccessRule ('zabbix', 'Modify', 'ContainerInherit, ObjectInherit', 'InheritOnly', 'Allow'); `
     $acl.AddAccessRule($ace); `
-    Set-Acl -AclObject $acl -Path $env:ZBX_HOME;
+    Set-Acl -AclObject $acl -Path $env:ZABBIX_USER_HOME_DIR;
 
 USER zabbix
 

diff --git a/Dockerfiles/agent/windows/docker-entrypoint.ps1 b/Dockerfiles/agent/windows/docker-entrypoint.ps1
@@ -4,7 +4,6 @@ if ($env:DEBUG_MODE -eq "true") {
     Set-PSDebug -trace 1
 }
 
-# Default Zabbix installation name
 # Default Zabbix server host
 if ([string]::IsNullOrWhitespace($env:ZBX_SERVER_HOST)) {
     $env:ZBX_SERVER_HOST="zabbix-server"
@@ -14,12 +13,9 @@ if ([string]::IsNullOrWhitespace($env:ZBX_SERVER_PORT)) {
     $env:ZBX_SERVER_PORT="10051"
 }
 
-
 # Default directories
-# User 'zabbix' home directory
-$ZabbixUserHomeDir="C:\zabbix"
-# Configuration files directory
-$ZabbixConfigDir="C:\zabbix\conf"
+# Internal directory for TLS related files, used when TLS*File specified as plain text values
+$ZabbixInternalEncDir="$env:ZABBIX_USER_HOME_DIR/enc_internal"
 
 function Update-Config-Var {
     Param (
@@ -66,7 +62,7 @@ function Update-Config-Var {
     }
 
     if ($VarName -match '^TLS.*File$') {
-        $VarValue="$ZabbixUserHomeDir\enc\$VarValue"
+        $VarValue="$env:ZABBIX_USER_HOME_DIR\enc\$VarValue"
     }
 
     if ((Get-Content $ConfigPath | %{$_ -match "^$VarName="}) -contains $true -And $IsMultiple -ne $true) {
@@ -119,35 +115,59 @@ function Update-Config-Multiple-Var {
     }
 }
 
+function File-Process-From-Env {
+    Param (
+        [Parameter(Mandatory=$true, Position=0)]
+        [ValidateNotNullOrEmpty()]
+        [string] $ZbxAgentConfig,
+        [Parameter(Mandatory=$true, Position=1)]
+        [ValidateNotNullOrEmpty()]
+        [string] $VarName,
+        [Parameter(Mandatory=$false, Position=2)]
+        [string]$FileName = $null,
+        [Parameter(Mandatory=$false, Position=3)]
+        [string]$VarValue = $null
+    )
+
+    if (![string]::IsNullOrEmpty($VarValue)) {
+        $VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
+        $FileName="$ZabbixInternalEncDir\$VarName"
+    }
+
+    Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName"
+}
+
+
 function Prepare-Zbx-Agent-Config {
     Write-Host "** Preparing Zabbix agent configuration file"
 
-    $ZbxAgentConfig="$ZabbixConfigDir\zabbix_agentd.conf"
+    $ZbxAgentConfig="$env:ZABBIX_CONF_DIR\zabbix_agentd.conf"
 
-    if ([string]::IsNullOrWhitespace($env:ZBX_PASSIVESERVERS)) {
+    if ($env:ZBX_PASSIVESERVERS -eq $null) {
         $env:ZBX_PASSIVESERVERS=""
     }
-    else {
-        $env:ZBX_PASSIVESERVERS=",$env:ZBX_PASSIVESERVERS"
+    if ($env:ZBX_ACTIVESERVERS -eq $null) {
+        $env:ZBX_ACTIVESERVERS=""
     }
 
-    $env:ZBX_PASSIVESERVERS=$env:ZBX_SERVER_HOST + $env:ZBX_PASSIVESERVERS
-
-    if ([string]::IsNullOrWhitespace($env:ZBX_ACTIVESERVERS)) {
-        $env:ZBX_ACTIVESERVERS=""
+    if (![string]::IsNullOrEmpty($env:ZBX_SERVER_HOST) -And ![string]::IsNullOrEmpty($env:ZBX_PASSIVESERVERS)) {
+        $env:ZBX_PASSIVESERVERS="$env:ZBX_SERVER_HOST,$env:ZBX_PASSIVESERVERS"
     }
-    else {
-        $env:ZBX_ACTIVESERVERS=",$env:ZBX_ACTIVESERVERS"
+    elseif (![string]::IsNullOrEmpty($env:ZBX_SERVER_HOST)) {
+        $env:ZBX_PASSIVESERVERS=$env:ZBX_SERVER_HOST
     }
 
-    $env:ZBX_ACTIVESERVERS=$env:ZBX_SERVER_HOST + ":" + $env:ZBX_SERVER_PORT + $env:ZBX_ACTIVESERVERS
-
-    Update-Config-Var $ZbxAgentConfig "LogType" "console"
-    Update-Config-Var $ZbxAgentConfig "LogFile"
-    Update-Config-Var $ZbxAgentConfig "LogFileSize"
-    Update-Config-Var $ZbxAgentConfig "DebugLevel" "$env:ZBX_DEBUGLEVEL"
-    Update-Config-Var $ZbxAgentConfig "SourceIP"
-    Update-Config-Var $ZbxAgentConfig "LogRemoteCommands" "$env:ZBX_LOGREMOTECOMMANDS"
+    if (![string]::IsNullOrEmpty($env:ZBX_SERVER_HOST)) {
+        if (![string]::IsNullOrEmpty($env:ZBX_SERVER_PORT) -And $env:ZBX_SERVER_PORT -ne "10051") {
+            $env:ZBX_SERVER_HOST="$env:ZBX_SERVER_HOST:$env:ZBX_SERVER_PORT"
+        }
+        if (![string]::IsNullOrEmpty($env:ZBX_ACTIVESERVERS)) {
+            $env:ZBX_ACTIVESERVERS="$env:ZBX_SERVER_HOST,$env:ZBX_ACTIVESERVERS"
+        }
+        else {
+            $env:ZBX_ACTIVESERVERS=$env:ZBX_SERVER_HOST
+        }
+    }
 
     if ([string]::IsNullOrWhitespace($env:ZBX_PASSIVE_ALLOW)) {
         $env:ZBX_PASSIVE_ALLOW="true"
@@ -161,10 +181,6 @@ function Prepare-Zbx-Agent-Config {
         Update-Config-Var $ZbxAgentConfig "Server"
     }
 
-    Update-Config-Var $ZbxAgentConfig "ListenPort" "$env:ZBX_LISTENPORT"
-    Update-Config-Var $ZbxAgentConfig "ListenIP" "$env:ZBX_LISTENIP"
-    Update-Config-Var $ZbxAgentConfig "StartAgents" "$env:ZBX_STARTAGENTS"
-
     if ([string]::IsNullOrWhitespace($env:ZBX_ACTIVE_ALLOW)) {
         $env:ZBX_ACTIVE_ALLOW="true"
     }
@@ -177,6 +193,19 @@ function Prepare-Zbx-Agent-Config {
         Update-Config-Var $ZbxAgentConfig "ServerActive"
     }
 
+    Update-Config-Var $ZbxAgentConfig "LogType" "console"
+    Update-Config-Var $ZbxAgentConfig "LogFile"
+    Update-Config-Var $ZbxAgentConfig "LogFileSize"
+    Update-Config-Var $ZbxAgentConfig "DebugLevel" "$env:ZBX_DEBUGLEVEL"
+    Update-Config-Var $ZbxAgentConfig "SourceIP"
+    Update-Config-Var $ZbxAgentConfig "LogRemoteCommands" "$env:ZBX_LOGREMOTECOMMANDS"
+
+    Update-Config-Var $ZbxAgentConfig "ListenPort" "$env:ZBX_LISTENPORT"
+    Update-Config-Var $ZbxAgentConfig "ListenIP" "$env:ZBX_LISTENIP"
+    Update-Config-Var $ZbxAgentConfig "StartAgents" "$env:ZBX_STARTAGENTS"
+
+    Update-Config-Var $ZbxAgentConfig "HeartbeatFrequency" "$env:ZBX_HEARTBEAT_FREQUENCY"
+
     Update-Config-Var $ZbxAgentConfig "HostInterface" "$env:ZBX_HOSTINTERFACE"
     Update-Config-Var $ZbxAgentConfig "HostInterfaceItem" "$env:ZBX_HOSTINTERFACEITEM"
 
@@ -193,34 +222,45 @@ function Prepare-Zbx-Agent-Config {
     # Please use include to enable Perfcounter feature
 #    update_config_multiple_var $ZBX_AGENT_CONFIG "PerfCounter" $env:ZBX_PERFCOUNTER
     Update-Config-Var $ZbxAgentConfig "Timeout" "$env:ZBX_TIMEOUT"
-    Update-Config-Var $ZbxAgentConfig "Include" "$ZabbixConfigDir\zabbix_agentd.d\*.conf"
+    Update-Config-Var $ZbxAgentConfig "Include" "$env:ZABBIX_CONF_DIR\zabbix_agentd.d\*.conf"
     Update-Config-Var $ZbxAgentConfig "UnsafeUserParameters" "$env:ZBX_UNSAFEUSERPARAMETERS"
-    Update-Config-Var $ZbxAgentConfig "UserParameterDir" "$ZabbixUserHomeDir\user_scripts\"
+    Update-Config-Var $ZbxAgentConfig "UserParameterDir" "$env:ZBX_USERPARAMETERDIR"
     Update-Config-Var $ZbxAgentConfig "TLSConnect" "$env:ZBX_TLSCONNECT"
     Update-Config-Var $ZbxAgentConfig "TLSAccept" "$env:ZBX_TLSACCEPT"
-    Update-Config-Var $ZbxAgentConfig "TLSCAFile" "$env:ZBX_TLSCAFILE"
-    Update-Config-Var $ZbxAgentConfig "TLSCRLFile" "$env:ZBX_TLSCRLFILE"
+    File-Process-From-Env $ZbxAgentConfig "TLSCAFile" "$env:ZBX_TLSCAFILE" "$env:ZBX_TLSCA"
+    File-Process-From-Env $ZbxAgentConfig "TLSCRLFile" "$env:ZBX_TLSCRLFILE" "$env:ZBX_TLSCRL"
     Update-Config-Var $ZbxAgentConfig "TLSServerCertIssuer" "$env:ZBX_TLSSERVERCERTISSUER"
     Update-Config-Var $ZbxAgentConfig "TLSServerCertSubject" "$env:ZBX_TLSSERVERCERTSUBJECT"
-    Update-Config-Var $ZbxAgentConfig "TLSCertFile" "$env:ZBX_TLSCERTFILE"
+    File-Process-From-Env $ZbxAgentConfig "TLSCertFile" "$env:ZBX_TLSCERTFILE" "$env:ZBX_TLSCERT"
     Update-Config-Var $ZbxAgentConfig "TLSCipherAll" "$env:ZBX_TLSCIPHERALL"
     Update-Config-Var $ZbxAgentConfig "TLSCipherAll13" "$env:ZBX_TLSCIPHERALL13"
     Update-Config-Var $ZbxAgentConfig "TLSCipherCert" "$env:ZBX_TLSCIPHERCERT"
     Update-Config-Var $ZbxAgentConfig "TLSCipherCert13" "$env:ZBX_TLSCIPHERCERT13"
     Update-Config-Var $ZbxAgentConfig "TLSCipherPSK" "$env:ZBX_TLSCIPHERPSK"
     Update-Config-Var $ZbxAgentConfig "TLSCipherPSK13" "$env:ZBX_TLSCIPHERPSK13"
-    Update-Config-Var $ZbxAgentConfig "TLSKeyFile" "$env:ZBX_TLSKEYFILE"
+    File-Process-From-Env $ZbxAgentConfig "TLSKeyFile" "$env:ZBX_TLSKEYFILE" "$env:ZBX_TLSKEY"
     Update-Config-Var $ZbxAgentConfig "TLSPSKIdentity" "$env:ZBX_TLSPSKIDENTITY"
-    Update-Config-Var $ZbxAgentConfig "TLSPSKFile" "$env:ZBX_TLSPSKFILE"
+    File-Process-From-Env $ZbxAgentConfig "TLSPSKFile" "$env:ZBX_TLSPSKFILE" "$env:ZBX_TLSPSK"
 
     Update-Config-Multiple-Var $ZbxAgentConfig "DenyKey" "$env:ZBX_DENYKEY"
     Update-Config-Multiple-Var $ZbxAgentConfig "AllowKey" "$env:ZBX_ALLOWKEY"
+}
+
+function ClearZbxEnv() {
+    if ([string]::IsNullOrWhitespace($env:ZBX_CLEAR_ENV)) {
+        return
+    }
 
+    $env_vars=Get-ChildItem env:* | Where-Object {$_.Name -match "^ZBX_.*" } | foreach { $_.Name }
+    foreach ($env_var in $env_vars) {
+        Set-Item env:$env_var -Value $null
+    }
 }
 
 function PrepareAgent {
     Write-Host "** Preparing Zabbix agent"
     Prepare-Zbx-Agent-Config
+    ClearZbxEnv
 }
 
 $commandArgs=$args