diff --git a/README.md b/README.md index 73a03d13..8668c591 100644 --- a/README.md +++ b/README.md @@ -433,7 +433,7 @@ Take a look at the [REFERENCE.md](https://github.com/voxpupuli/puppet-zabbix/blo ## Limitations -This module supports Zabbix 4.0, 5.0, and 6.0. The upstream supported versions are documented [here](https://www.zabbix.com/life_cycle_and_release_policy) +This module supports Zabbix 5.0, 6.0 and 7.0. The upstream supported versions are documented [here](https://www.zabbix.com/life_cycle_and_release_policy) Please have a look into the metadata.json for all supported operating systems. This module is supported on both the community and the Enterprise version of Puppet. @@ -441,65 +441,10 @@ This module is supported on both the community and the Enterprise version of Pup Please be aware, that when manage_resources is enabled, it can increase an puppet run on the zabbix-server a lot when you have a lot of hosts. ## Contributors +Take a look at the [CONTRIBUTING.md](https://github.com/voxpupuli/puppet-zabbix/blob/master/.github/CONTRIBUTING.md) -**ericsysmin** will be helping and maintaining this puppet module. In Github terms he is an Collaborator. So don't be suprised if he acceps/rejects Pull Requests and comment in issues. - -The following have contributed to this puppet module: - - * Suff - * gattebury - * sq4ind - * nburtsev - * actionjack - * karolisc - * lucas42 - * f0 - * mmerfort - * genebean - * meganuke19 - * fredprod - * ericsysmin - * JvdW - * rleemorlang - * genebean - * exptom - * sbaryakov - * roidelapluie - * andresvia - * ju5t - * elricsfate - * IceBear2k - * altvnk - * rnelson0 - * hkumarmk - * Wprosdocimo - * 1n - * szemlyanoy - * Wprosdocimo - * sgnl05 - * hmn - * BcTpe4HbIu - * mschuett - * claflico - * bastelfreak - * Oyabi - * akostetskiy - * DjxDeaf - * tcatut - * inspired-geek - * ekohl - * z3rogate - * mkrakowitzer - * eander210 - * hkumarmk - * ITler - * slashr00t - * channone-arif-nbcuni - * BcTpe4HbIu - * vide - -Many thanks for this! -(If I have forgotten you, please let me know and put you in the list of fame. :-)) +Contributors List: +* https://github.com/voxpupuli/puppet-zabbix/graphs/contributors ## Note ### Standard usage diff --git a/templates/zabbix_agentd.conf.erb b/templates/zabbix_agentd.conf.erb index e2e7361b..d4d509db 100644 --- a/templates/zabbix_agentd.conf.erb +++ b/templates/zabbix_agentd.conf.erb @@ -9,6 +9,7 @@ ### Option: PidFile # Name of PID file. # +# Mandatory: no PidFile=<%= @pidfile %><% end %> <% if @logtype %> @@ -18,68 +19,74 @@ PidFile=<%= @pidfile %><% end %> # file - file specified with LogFile parameter # console - standard output # +# Mandatory: no LogType=<%= @logtype %><% end %> <% if @logtype == 'file' -%> ### Option: LogFile # Log file name for LogType 'file' parameter. # +# Mandatory: yes, if LogType is set to file, otherwise no LogFile=<%= @logfile %> ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # +# Mandatory: no +# Range: 0-1024 LogFileSize=<%= @logfilesize %><% end -%> ### Option: DebugLevel -# Specifies debug level +# Specifies debug level: # 0 - basic information about starting and stopping of Zabbix processes # 1 - critical information # 2 - error information # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 DebugLevel=<%= @debuglevel %> ### Option: SourceIP # Source IP address for outgoing connections. # +# Mandatory: no <% if @sourceip %>SourceIP=<%= @sourceip %><% end %> <% if @zabbix_version.to_f >= 5.0 %> ### Option: AllowKey -# Allow execution of item keys matching pattern. -# Multiple keys matching rules may be defined in combination with DenyKey. -# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. -# It might be used in both key name and key arguments. -# Parameters are processed one by one according their appearance order. -# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. # # Mandatory: no <% if @allowkey %>AllowKey=<%= @allowkey -%><% end %> ### Option: DenyKey -# Deny execution of items keys matching pattern. -# Multiple keys matching rules may be defined in combination with AllowKey. -# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. -# It might be used in both key name and key arguments. -# Parameters are processed one by one according their appearance order. -# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. # Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. # # Mandatory: no -# Default: <% if @denykey %>DenyKey=<%= @denykey -%><% end %> <% end %> <% unless @agent2 %> -### Option: EnableRemoteCommands -# Whether remote commands from Zabbix server are allowed. -# 0 - not allowed -# 1 - allowed +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead +# Internal alias for AllowKey/DenyKey parameters depending on value: +# 0 - DenyKey=system.run[*] +# 1 - AllowKey=system.run[*] # +# Mandatory: no EnableRemoteCommands=<%= @enableremotecommands %> ### Option: LogRemoteCommands @@ -87,6 +94,7 @@ EnableRemoteCommands=<%= @enableremotecommands %> # 0 - disabled # 1 - enabled # +# Mandatory: no LogRemoteCommands=<%= @logremotecommands %> <% end %> @@ -94,21 +102,28 @@ LogRemoteCommands=<%= @logremotecommands %> ##### Passive checks related ### Option: Server -# List of comma delimited IP addresses (or hostnames) of Zabbix servers. +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. # Incoming connections will be accepted only from the hosts listed here. -# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com # +# Mandatory: yes, if StartAgents is not explicitly set to 0 Server=<%= @server %> ### Option: ListenPort # Agent will listen on this port for connections from the server. # +# Mandatory: no +# Range: 1024-32767 ListenPort=<%= @listenport %> ### Option: ListenIP # List of comma delimited IP addresses that the agent should listen on. # First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. # +# Mandatory: no <% if @listen_ip %>ListenIP=<%= @listen_ip %><% end %> <% unless @agent2 %> @@ -116,19 +131,35 @@ ListenPort=<%= @listenport %> # Number of pre-forked instances of zabbix_agentd that process passive checks. # If set to 0, disables passive checks and the agent will not listen on any TCP port. # +# Mandatory: no +# Range: 0-100 StartAgents=<%= @startagents %> <% end %> ##### Active checks related ### Option: ServerActive -# List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks. +# Zabbix server/proxy address or cluster configuration to get active checks from. +# Server/proxy address is IP address or DNS name and optional port separated by colon. +# Cluster configuration is one or more server addresses separated by semicolon. +# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma. +# More than one Zabbix proxy should not be specified from each Zabbix server/cluster. +# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified. +# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed. # If port is not specified, default port is used. # IPv6 addresses must be enclosed in square brackets if port for that host is specified. # If port is not specified, square brackets for IPv6 addresses are optional. # If this parameter is not specified, active checks are disabled. -# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# Example for Zabbix proxy: +# ServerActive=127.0.0.1:10051 +# Example for multiple servers: +# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] +# Example for high availability: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3 +# Example for high availability with two clusters and one server: +# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain # +# Mandatory: no <% if @serveractive %>ServerActive=<%= @serveractive %><% end %> ### Option: Hostname @@ -142,56 +173,72 @@ StartAgents=<%= @startagents %> # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. # Does not support UserParameters or aliases. # +# Mandatory: no <% if !@hostname %>HostnameItem=<%= @hostnameitem %><% end %> ### Option: HostMetadata # Optional parameter that defines host metadata. # Host metadata is used at host auto-registration process. -# An agent will issue an error and not start if the value is over limit of 255 characters. +# An agent will issue an error and not start if the value is over limit of 2034 bytes. # If not defined, value will be acquired from HostMetadataItem. # +# Mandatory: no +# Range: 0-2034 bytes <% if @hostmetadata %>HostMetadata=<%= @hostmetadata %><% end %> ### Option: HostMetadataItem # Optional parameter that defines an item used for getting host metadata. # Host metadata is used at host auto-registration process. # During an auto-registration request an agent will log a warning message if -# the value returned by specified item is over limit of 255 characters. +# the value returned by specified item is over limit of 65535 characters. # This option is only used when HostMetadata is not defined. # +# Mandatory: no <% if @hostmetadataitem %>HostMetadataItem=<%= @hostmetadataitem %><% end %> ### Option: HostInterface -# Optional parameter that defines host interface. -# Host interface is used at host auto-registration process. -# An agent will issue an error and not start if the value is over limit of 255 characters. -# If not defined, value will be acquired from HostInterfaceItem. +# Optional parameter that defines host interface. +# Host interface is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostInterfaceItem. # +# Mandatory: no +# Range: 0-255 characters <% if @hostinterface %>HostInterface=<%= @hostinterface %><% end %> ### Option: HostInterfaceItem -# Optional parameter that defines an item used for getting host interface. -# Host interface is used at host auto-registration process. -# During an auto-registration request an agent will log a warning message if -# the value returned by specified item is over limit of 255 characters. -# This option is only used when HostInterface is not defined. +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. # +# Mandatory: no <% if @hostinterfaceitem %>HostInterfaceItem=<%= @hostinterfaceitem %><% end %> -### Option: RefreshActiveChecks -# How often list of active checks is refreshed, in seconds. +### Option: HostInterfaceItem +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. # +# Mandatory: no RefreshActiveChecks=<%= @refreshactivechecks %> ### Option: BufferSend # Do not keep data longer than N seconds in buffer. # +# Mandatory: no +# Range: 1-3600 BufferSend=<%= @buffersend %> ### Option: BufferSize # Maximum number of values in a memory buffer. The agent will send # all collected data to Zabbix Server or Proxy if the buffer is full. # +# Mandatory: no +# Range: 2-65535 BufferSize=<%= @buffersize %> <% unless @agent2 %> @@ -201,6 +248,8 @@ BufferSize=<%= @buffersize %> # The provided value will be overridden by the parameter 'maxlines', # provided in 'log' or 'logrt' item keys. # +# Mandatory: no +# Range: 1-1000 MaxLinesPerSecond=<%= @maxlinespersecond %> <% end %> @@ -215,6 +264,7 @@ MaxLinesPerSecond=<%= @maxlinespersecond %> # Now shorthand key zabbix.userid may be used to retrieve data. # Aliases can be used in HostMetadataItem but not in HostnameItem parameters. # +# Mandatory: no <% if @zabbix_alias %> <%- @zabbix_alias.each do |zalias| -%>Alias=<%= zalias %> <%- end -%> @@ -222,8 +272,10 @@ MaxLinesPerSecond=<%= @maxlinespersecond %> ### Option: Timeout -# Spend no more than Timeout seconds on processing +# Specifies timeout for communications (in seconds). # +# Mandatory: no +# Range: 1-30 Timeout=<%= @timeout %> <% if @kernel != 'windows' and !@agent2 %> @@ -234,12 +286,14 @@ Timeout=<%= @timeout %> # 0 - do not allow # 1 - allow # +# Mandatory: no AllowRoot=<%= @allowroot %> ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. # +# Mandatory: no <% if @zabbix_user %>User=<%= @zabbix_user %><% end %> <% end %> @@ -247,6 +301,7 @@ AllowRoot=<%= @allowroot %> # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # +# Mandatory: no Include=<%= @include_dir %> @@ -260,6 +315,8 @@ Include=<%= @include_dir %> # 0 - do not allow # 1 - allow # +# Mandatory: no +# Range: 0-1 UnsafeUserParameters=<%= @unsafeuserparameters %> ### Option: UserParameter @@ -274,16 +331,23 @@ UnsafeUserParameters=<%= @unsafeuserparameters %> ### Option: LoadModulePath # Full path to location of agent modules. # Default depends on compilation options. +# To see the default path run command "zabbix_agentd --help". # +# Mandatory: no LoadModulePath=<%= @loadmodulepath %> <% end %> ### Option: LoadModule # Module to load at agent startup. Modules are used to extend functionality of the agent. -# Format: LoadModule= -# The modules must be located in directory specified by LoadModulePath. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. # It is allowed to include multiple LoadModule parameters. # +# Mandatory: no <% if @loadmodule %>LoadModule=<%= @loadmodule %><% end %> ####### TLS-RELATED PARAMETERS ####### @@ -296,8 +360,6 @@ LoadModulePath=<%= @loadmodulepath %> # cert - connect using TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSConnect=unencrypted <% if @tlsconnect %>TLSConnect=<%= @tlsconnect %><% end %> ### Option: TLSAccept @@ -308,8 +370,6 @@ LoadModulePath=<%= @loadmodulepath %> # cert - accept connections secured with TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSAccept=unencrypted <% if @tlsaccept %>TLSAccept=<%= [@tlsaccept].flatten.join(',') %><% end %> ### Option: TLSCAFile @@ -317,72 +377,57 @@ LoadModulePath=<%= @loadmodulepath %> # peer certificate verification. # # Mandatory: no -# Default: -# TLSCAFile= <% if @tlscafile %>TLSCAFile=<%= @tlscafile %><% end %> ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # # Mandatory: no -# Default: -# TLSCRLFile= <% if @tlscrlfile %>TLSCRLFile=<%= @tlscrlfile %><% end %> ### Option: TLSServerCertIssuer # Allowed server certificate issuer. # # Mandatory: no -# Default: -# TLSServerCertIssuer= <% if @tlsservercertissuer %>TLSServerCertIssuer=<%= @tlsservercertissuer %><% end %> ### Option: TLSServerCertSubject # Allowed server certificate subject. # # Mandatory: no -# Default: -# TLSServerCertSubject= <% if @tlsservercertsubject %>TLSServerCertSubject=<%= @tlsservercertsubject %><% end %> ### Option: TLSCertFile # Full pathname of a file containing the proxy certificate or certificate chain. # # Mandatory: no -# Default: -# TLSCertFile= <% if @tlscertfile %>TLSCertFile=<%= @tlscertfile %><% end %> ### Option: TLSKeyFile # Full pathname of a file containing the proxy private key. # # Mandatory: no -# Default: -# TLSKeyFile= <% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %> ### Option: TLSPSKIdentity # Unique, case sensitive string used to identify the pre-shared key. # # Mandatory: no -# Default: -# TLSPSKIdentity= <% if @tlspskidentity %>TLSPSKIdentity=<%= @tlspskidentity %><% end %> ### Option: TLSPSKFile # Full pathname of a file containing the pre-shared key. # # Mandatory: no -# Default: -# TLSPSKFile= <% if @tlspskfile %>TLSPSKFile=<%= @tlspskfile %><% end %> +####### For advanced users - TLS ciphersuite selection criteria ####### + ### Option: TLSCipherCert13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate-based encryption. # # Mandatory: no -# Default: <% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> ### Option: TLSCipherCert @@ -394,7 +439,6 @@ LoadModulePath=<%= @loadmodulepath %> # EECDH+aRSA+AES128:RSA+aRSA+AES128 # # Mandatory: no -# Default: <% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> ### Option: TLSCipherPSK13 @@ -404,7 +448,6 @@ LoadModulePath=<%= @loadmodulepath %> # TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # # Mandatory: no -# Default: <% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> ### Option: TLSCipherPSK @@ -416,7 +459,6 @@ LoadModulePath=<%= @loadmodulepath %> # kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no -# Default: <% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> ### Option: TLSCipherAll13 @@ -426,7 +468,6 @@ LoadModulePath=<%= @loadmodulepath %> # TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # # Mandatory: no -# Default: <% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> ### Option: TLSCipherAll @@ -438,5 +479,4 @@ LoadModulePath=<%= @loadmodulepath %> # EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no -# Default: <% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> diff --git a/templates/zabbix_proxy.conf.erb b/templates/zabbix_proxy.conf.erb index f70e06a0..03c044cb 100755 --- a/templates/zabbix_proxy.conf.erb +++ b/templates/zabbix_proxy.conf.erb @@ -4,17 +4,27 @@ ############ GENERAL PARAMETERS ################# ### Option: ProxyMode -# Proxy operating mode +# Proxy operating mode. # 0 - proxy in the active mode # 1 - proxy in the passive mode # +# Mandatory: no ProxyMode=<%= @mode %> ### Option: Server -# IP address (or hostname) of Zabbix server. -# Active proxy will get configuration data from the server. -# For a proxy in the passive mode this parameter will be ignored. -# +# If ProxyMode is set to active mode: +# IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to. +# If port is not specified, default port is used. +# Cluster nodes need to be separated by semicolon. +# If ProxyMode is set to passive mode: +# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server. +# Incoming connections will be accepted only from the addresses listed here. +# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally +# and '::/0' will allow any IPv4 or IPv6 address. +# '0.0.0.0/0' can be used to allow any IPv4 address. +# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com +# +# Mandatory: yes Server=<%= @zabbix_server_host %> <% if @zabbix_version.to_f < 6.0 %> @@ -29,6 +39,7 @@ ServerPort=<%= @zabbix_server_port %> # Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! # Value is acquired from HostnameItem if undefined. # +# Mandatory: no Hostname=<%= @hostname %> ### Option: HostnameItem @@ -42,14 +53,14 @@ Hostname=<%= @hostname %> ### Option: ListenPort # Listen port for trapper. # +# Mandatory: no +# Range: 1024-32767 ListenPort=<%= @listenport %> ### Option: SourceIP # Source IP address for outgoing connections. # # Mandatory: no -# Default: -# SourceIP= <% if @sourceip %>SourceIP=<%= @sourceip %><% end %> ### Option: LogType @@ -58,61 +69,94 @@ ListenPort=<%= @listenport %> # file - file specified with LogFile parameter # console - standard output # +# Mandatory: no <% if @logtype %>LogType=<%= @logtype %><% end %> <% if @logtype == 'file' -%> ### Option: LogFile # Log file name for LogType 'file' parameter. # +# Mandatory: yes, if LogType is set to file, otherwise no LogFile=<%= @logfile %> ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # +# Mandatory: no +# Range: 0-1024 LogFileSize=<%= @logfilesize %><% end -%> ### Option: DebugLevel -# Specifies debug level +# Specifies debug level: # 0 - basic information about starting and stopping of Zabbix processes # 1 - critical information # 2 - error information # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 DebugLevel=<%= @debuglevel %> +### Option: EnableRemoteCommands +# Whether remote commands from Zabbix server are allowed. +# 0 - not allowed +# 1 - allowed +# +# Mandatory: no +EnableRemoteCommands=<%= @enableremotecommands %> + +### Option: LogRemoteCommands +# Enable logging of executed shell commands as warnings. +# 0 - disabled +# 1 - enabled +# +# Mandatory: no +# Default: +LogRemoteCommands=<%= @logremotecommands %> + ### Option: PidFile # Name of PID file. # +# Mandatory: no PidFile=<%= @pidfile %> ### Option: SocketDir -# IPC socket directory. -# Directory to store IPC sockets used by internal Zabbix services. +# IPC socket directory. +# Directory to store IPC sockets used by internal Zabbix services. # # Mandatory: no -# Default: - <% if @socketdir %>SocketDir=<%= @socketdir %><% end %> +### NOTE: Support for Oracle DB is deprecated since Zabbix 7.0 and will be removed in future versions. + ### Option: DBHost # Database host name. # If set to localhost, socket is used for MySQL. # If set to empty string, socket is used for PostgreSQL. +# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see +# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located. # +# Mandatory: no DBHost=<%= @database_host %> ### Option: DBName # Database name. # For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from +# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to +# empty string. # Warning: do not attempt to use the same database Zabbix server is using. # +# Mandatory: yes DBName=<%= @database_name %> ### Option: DBSchema -# Schema name. Used for IBM DB2 and PostgreSQL. +# Schema name. Used for PostgreSQL. # +# Mandatory: no <% if @database_schema %>DBSchema=<%= @database_schema %><% end %> ### Option: DBUser @@ -124,31 +168,31 @@ DBUser=<%= @database_user %> # Database password. Ignored for SQLite. # Comment this line if no password is used. # +# Mandatory: no DBPassword=<%= @database_password %> ### Option: DBSocket # Path to MySQL socket. # +# Mandatory: no <% if @database_socket %>DBSocket=<%= @database_socket %><% end %> # Option: DBPort # Database port when not using local socket. Ignored for SQLite. +# If the Net Service Name connection method is used to connect to Oracle database, the port number from the +# tnsnames.ora file will be used. The port number set here will be ignored. # +# Mandatory: no <% if @database_port %>DBPort=<%= @database_port %><% end %> -### Option: EnableRemoteCommands -# Whether remote commands from Zabbix server are allowed. -# 0 - not allowed -# 1 - allowed +### Option: AllowUnsupportedDBVersions +# Allow proxy to work with unsupported database versions. +# 0 - do not allow +# 1 - allow # -EnableRemoteCommands=<%= @enableremotecommands %> - -### Option: LogRemoteCommands -# Enable logging of executed shell commands as warnings. -# 0 - disabled -# 1 - enabled -# -LogRemoteCommands=<%= @logremotecommands %> +# Mandatory: no +# Default: +# AllowUnsupportedDBVersions=0 ######### PROXY SPECIFIC PARAMETERS ############# @@ -156,14 +200,57 @@ LogRemoteCommands=<%= @logremotecommands %> # Proxy will keep data locally for N hours, even if the data have already been synced with the server. # This parameter may be used if local data will be used by third party applications. # +# Mandatory: no +# Range: 0-720 ProxyLocalBuffer=<%= @localbuffer %> ### Option: ProxyOfflineBuffer # Proxy will keep data for N hours in case if no connectivity with Zabbix Server. # Older data will be lost. # +# Mandatory: no +# Range: 1-720 ProxyOfflineBuffer=<%= @offlinebuffer %> +### Option: ProxyBufferMode +# Specifies history, discovery and auto registration data storage mechanism: +# disk - data are stored in database and uploaded from database +# memory - data are stored in memory and uploaded from memory. +# If buffer runs out of memory the old data will be discarded. +# On shutdown the buffer is discarded. +# hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or +# the oldest record exceeds the configured age. If that happens the buffer is flushed +# to database and it works like in disk mode until all data have been uploaded and +# it starts working with memory again. On shutdown the memory buffer is flushed +# to database. +# +# Mandatory: no +# Values: disk, memory, hybrid +# Default: +# ProxyBufferMode=disk + +### Option: ProxyMemoryBufferSize +# Size of shared memory cache for collected history, discovery and auto registration data, in bytes. +# If enabled (not zero) proxy will keep history discovery and auto registration data in memory unless +# cache is full or stored records are older than defined ProxyMemoryBufferAge. +# This parameter cannot be used together with ProxyLocalBuffer parameter. +# +# Mandatory: no +# Range: 0,128K-2G +# Default: +# ProxyMemoryBufferSize=0 + +### Option: ProxyMemoryBufferAge +# Maximum age of data in proxy memory buffer, in seconds. +# When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer +# to switch to database mode until all records are uploaded to server. +# This parameter must be less or equal to ProxyOfflineBuffer parameter (note different units). +# +# Mandatory: no +# Range: 0,600-864000 +# Default: +# ProxyMemoryBufferAge=0 + <% if @zabbix_version.to_f < 6.4 %> ### Option: HeartbeatFrequency # Frequency of heartbeat messages in seconds. @@ -187,8 +274,6 @@ ConfigFrequency=<%= @configfrequency %> # # Mandatory: no # Range: 1-3600*24*7 -# Default: -# ProxyConfigFrequency=10 <% if @proxyconfigfrequency %>ProxyConfigFrequency=<%= @proxyconfigfrequency %><% end %> <% end %> @@ -196,6 +281,8 @@ ConfigFrequency=<%= @configfrequency %> # Proxy will send collected data to the Server every N seconds. # For a proxy in the passive mode this parameter will be ignored. # +# Mandatory: no +# Range: 1-3600 DataSenderFrequency=<%= @datasenderfrequency %> ############ ADVANCED PARAMETERS ################ @@ -203,82 +290,140 @@ DataSenderFrequency=<%= @datasenderfrequency %> ### Option: StartPollers # Number of pre-forked instances of pollers. # +# Mandatory: no +# Range: 0-1000 StartPollers=<%= @startpollers %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: StartAgentPollers +# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartAgentPollers=1 + +### Option: StartHTTPAgentPollers +# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPAgentPollers=1 + +### Option: StartSNMPPollers +# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartSNMPPollers=1 + +### Option: MaxConcurrentChecksPerPoller +# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxConcurrentChecksPerPoller=1000 + +<% end %> ### Option: StartIPMIPollers # Number of pre-forked instances of IPMI pollers. +# The IPMI manager process is automatically started when at least one IPMI poller is started. # +# Mandatory: no +# Range: 0-1000 StartIPMIPollers=<%= @startipmipollers %> -### Option: StartPollersUnreachable -# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). -# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers -# are started. -# -StartPollersUnreachable=<%= @startpollersunreachable %> - ### Option: StartPreprocessors # Number of pre-forked instances of preprocessing workers. # The preprocessing manager process is automatically started when preprocessor worker is started. # # Mandatory: no # Range: 1-1000 -# Default: -# StartPreprocessors=3 <% if @startpreprocessors %>StartPreprocessors=<%= @startpreprocessors -%><% end %> +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). +# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers +# are started. +# +# Mandatory: no +# Range: 0-1000 +StartPollersUnreachable=<%= @startpollersunreachable %> + ### Option: StartTrappers # Number of pre-forked instances of trappers. # Trappers accept incoming connections from Zabbix sender and active agents. # +# Mandatory: no +# Range: 0-1000 StartTrappers=<%= @starttrappers %> ### Option: StartPingers # Number of pre-forked instances of ICMP pingers. # +# Mandatory: no +# Range: 0-1000 StartPingers=<%= @startpingers %> ### Option: StartDiscoverers -# Number of pre-forked instances of discoverers. +# Number of pre-started instances of discovery workers. # +# Mandatory: no +# Range: 0-1000 StartDiscoverers=<%= @startdiscoverers %> ### Option: StartHTTPPollers # Number of pre-forked instances of HTTP pollers. # +# Mandatory: no +# Range: 0-1000 StartHTTPPollers=<%= @starthttppollers %> +<% if @javagateway and @javagateway != '' %> ### Option: JavaGateway # IP address (or hostname) of Zabbix Java gateway. # Only required if Java pollers are started. # -<% if @javagateway and @javagateway != '' %> +# Mandatory: no JavaGateway=<%= @javagateway %> ### Option: JavaGatewayPort # Port that Zabbix Java gateway listens on. # +# Mandatory: no +# Range: 1024-32767 JavaGatewayPort=<%= @javagatewayport %> ### Option: StartJavaPollers # Number of pre-forked instances of Java pollers. # +# Mandatory: no +# Range: 0-1000 StartJavaPollers=<%= @startjavapollers %> <% end %> ### Option: StartVMwareCollectors # Number of pre-forked vmware collector instances. # +# Mandatory: no +# Range: 0-250 StartVMwareCollectors=<%= @startvmwarecollectors %> ### Option: VMwareFrequency # How often Zabbix will connect to VMware service to obtain a new data. # +# Mandatory: no +# Range: 10-86400 VMwareFrequency=<%= @vmwarefrequency %> ### Option: VMwarePerfFrequency # How often Zabbix will connect to VMware service to obtain performance data. # +# Mandatory: no +# Range: 10-86400 <% if @vmwareperffrequency %>VMwarePerfFrequency=<%= @vmwareperffrequency %><% end %> ### Option: VMwareCacheSize @@ -286,28 +431,36 @@ VMwareFrequency=<%= @vmwarefrequency %> # Shared memory size for storing VMware data. # Only used if VMware collectors are started. # +# Mandatory: no +# Range: 256K-2G VMwareCacheSize=<%= @vmwarecachesize %> ### Option: VMwareTimeout # Specifies how many seconds vmware collector waits for response from VMware service. # +# Mandatory: no +# Range: 1-300 <% if @vmwaretimeout %>VMwareTimeout=<%= @vmwaretimeout %><% end %> ### Option: SNMPTrapperFile # Temporary file used for passing data from SNMP trap daemon to the proxy. # Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. # +# Mandatory: no SNMPTrapperFile=<%= @snmptrapperfile %> ### Option: StartSNMPTrapper # If 1, SNMP trapper process is started. # +# Mandatory: no +# Range: 0-1 StartSNMPTrapper=<%= @snmptrapper %> ### Option: ListenIP # List of comma delimited IP addresses that the trapper should listen on. # Trapper will listen on all network interfaces if this parameter is missing. # +# Mandatory: no <% if @listenip %>ListenIP=<%= @listenip %><% end %> ### Option: HousekeepingFrequency @@ -320,77 +473,98 @@ StartSNMPTrapper=<%= @snmptrapper %> # In this case the period of outdated information deleted in one housekeeping cycle is 4 times the # period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. # +# Mandatory: no +# Range: 0-24 HousekeepingFrequency=<%= @housekeepingfrequency %> ### Option: CacheSize # Size of configuration cache, in bytes. # Shared memory size, for storing hosts and items data. # +# Mandatory: no +# Range: 128K-64G CacheSize=<%= @cachesize %> ### Option: StartDBSyncers -# Number of pre-forked instances of DB Syncers +# Number of pre-forked instances of DB Syncers. # +# Mandatory: no +# Range: 1-100 StartDBSyncers=<%= @startdbsyncers %> ### Option: HistoryCacheSize # Size of history cache, in bytes. # Shared memory size for storing history data. # +# Mandatory: no +# Range: 128K-2G HistoryCacheSize=<%= @historycachesize %> ### Option: HistoryIndexCacheSize -# Size of history index cache, in bytes. -# Shared memory size for indexing history cache. +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. # +# Mandatory: no +# Range: 128K-2G <% if @historyindexcachesize %>HistoryIndexCacheSize=<%= @historyindexcachesize %><% end %> ### Option: Timeout -# Specifies how long we wait for agent, SNMP device or external check (in seconds). +# Specifies timeout for communications (in seconds). # +# Mandatory: no +# Range: 1-30 Timeout=<%= @timeout %> ### Option: TrapperTimeout # Specifies how many seconds trapper may spend processing new data. # +# Mandatory: no +# Range: 1-300 TrapperTimeout=<%= @trappertimeout %> ### Option: UnreachablePeriod # After how many seconds of unreachability treat a host as unavailable. # +# Mandatory: no +# Range: 1-3600 UnreachablePeriod=<%= @unreachableperiod %> ### Option: UnavailableDelay # How often host is checked for availability during the unavailability period, in seconds. # +# Mandatory: no +# Range: 1-3600 UnavailableDelay=<%= @unavaliabledelay %> ### Option: UnreachableDelay # How often host is checked for availability during the unreachability period, in seconds. # +# Mandatory: no +# Range: 1-3600 UnreachableDelay=<%= @unreachabedelay %> <% if @zabbix_version.to_f >= 6.0 %> ## Option: StartODBCPollers -# Number of pre-forked ODBC poller instances. +# Number of pre-forked ODBC poller instances. # # Mandatory: no # Range: 0-1000 -# Default: -# StartODBCPollers=1 StartODBCPollers=<%= @startodbcpollers %> <% end %> ### Option: ExternalScripts # Full path to location of external scripts. # Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". # +# Mandatory: no ExternalScripts=<%= @externalscripts %> ### Option: FpingLocation # Location of fping. # Make sure that fping binary has root ownership and SUID flag set. # +# Mandatory: no FpingLocation=<%= @fpinglocation %> ### Option: Fping6Location @@ -398,11 +572,15 @@ FpingLocation=<%= @fpinglocation %> # Make sure that fping6 binary has root ownership and SUID flag set. # Make empty if your fping utility is capable to process IPv6 addresses. # +# Mandatory: no Fping6Location=<%= @fping6location %> -### Option: SSHKeyLocation -# Location of public and private keys for SSH checks and actions. +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. # +# Mandatory: no <% if @sshkeylocation %>SSHKeyLocation=<%= @sshkeylocation %><% end %> ### Option: LogSlowQueries @@ -410,11 +588,14 @@ Fping6Location=<%= @fping6location %> # Only works if DebugLevel set to 3 or 4. # 0 - don't log slow queries. # +# Mandatory: no +# Range: 1-3600000 LogSlowQueries=<%= @logslowqueries %> ### Option: TmpDir # Temporary directory. # +# Mandatory: no TmpDir=<%= @tmpdir %> ### Option: AllowRoot @@ -424,37 +605,47 @@ TmpDir=<%= @tmpdir %> # 0 - do not allow # 1 - allow # +# Mandatory: no AllowRoot=<%= @allowroot %> ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. # +# Mandatory: no <% if @zabbix_user %>User=<%= @zabbix_user %><% end %> ### Option: Include # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # +# Mandatory: no Include=<%= @include_dir %> ### Option: SSLCertLocation # Location of SSL client certificates. -# This parameter is used only in web monitoring. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". # +# Mandatory: no <% if @sslcertlocation_dir %>SSLCertLocation=<%= @sslcertlocation_dir %><% end %> ### Option: SSLKeyLocation # Location of private keys for SSL client certificates. -# This parameter is used only in web monitoring. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". # +# Mandatory: no <% if @sslkeylocation_dir %>SSLKeyLocation=<%= @sslkeylocation_dir %><% end %> ### Option: SSLCALocation # Location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. -# This parameter is used only in web monitoring. +# This parameter is used in web monitoring, HTTP agent items and for communication with Vault. # +# Mandatory: no <% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %> ####### LOADABLE MODULES ####### @@ -462,15 +653,22 @@ Include=<%= @include_dir %> ### Option: LoadModulePath # Full path to location of proxy modules. # Default depends on compilation options. +# To see the default path run command "zabbix_proxy --help". # +# Mandatory: no LoadModulePath=<%= @loadmodulepath %> ### Option: LoadModule # Module to load at proxy startup. Modules are used to extend functionality of the proxy. -# Format: LoadModule= -# The modules must be located in directory specified by LoadModulePath. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. # It is allowed to include multiple LoadModule parameters. # +# Mandatory: no <% if @loadmodule %>LoadModule=<%= @loadmodule %><% end %> ### Option: StatsAllowedIP @@ -483,8 +681,6 @@ LoadModulePath=<%= @loadmodulepath %> # Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com # # Mandatory: no -# Default: -# StatsAllowedIP= <% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %> ####### TLS-RELATED PARAMETERS ####### @@ -497,8 +693,6 @@ LoadModulePath=<%= @loadmodulepath %> # cert - connect using TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSConnect=unencrypted <% if @tlsconnect %>TLSConnect=<%= @tlsconnect %><% end %> ### Option: TLSAccept @@ -509,205 +703,270 @@ LoadModulePath=<%= @loadmodulepath %> # cert - accept connections secured with TLS and a certificate # # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSAccept=unencrypted <% if @tlsaccept %>TLSAccept=<%= [@tlsaccept].flatten.join(',') %><% end %> ### Option: TLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # peer certificate verification. # +# Mandatory: no <% if @tlscafile %>TLSCAFile=<%= @tlscafile %><% end %> -### Option: TLSCRLFile +## Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # +# Mandatory: no <% if @tlscrlfile %>TLSCRLFile=<%= @tlscrlfile %><% end %> ### Option: TLSServerCertIssuer -# Allowed server certificate issuer. +# Allowed server certificate issuer. # +# Mandatory: no <% if @tlsservercertissuer %>TLSServerCertIssuer=<%= @tlsservercertissuer %><% end %> ### Option: TLSServerCertSubject -# Allowed server certificate subject. +# Allowed server certificate subject. # +# Mandatory: no <% if @tlsservercertsubject %>TLSServerCertSubject=<%= @tlsservercertsubject %><% end %> ### Option: TLSCertFile # Full pathname of a file containing the proxy certificate or certificate chain. # +# Mandatory: no <% if @tlscertfile %>TLSCertFile=<%= @tlscertfile %><% end %> ### Option: TLSKeyFile # Full pathname of a file containing the proxy private key. # +# Mandatory: no <% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %> ### Option: TLSPSKIdentity # Unique, case sensitive string used to identify the pre-shared key. # +# Mandatory: no <% if @tlspskidentity %>TLSPSKIdentity=<%= @tlspskidentity %><% end %> ### Option: TLSPSKFile # Full pathname of a file containing the pre-shared key. # +# Mandatory: no <% if @tlspskfile %>TLSPSKFile=<%= @tlspskfile %><% end %> ####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> + ### Option: DBTLSConnect -# Setting this option enforces to use TLS connection to database. -# required - connect using TLS -# verify_ca - connect using TLS and verify certificate -# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost -# matches its certificate -# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and -# "verify_full". -# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. -# Default is not to set any option and behavior depends on database configuration +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate +# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and +# "verify_full". +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration # # Mandatory: no -# Default: <% if @database_tlsconnect %>DBTLSConnect=<%= @database_tlsconnect %><% end %> ### Option: DBTLSCAFile -# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. -# Supported only for MySQL and PostgreSQL +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) -# Default: +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) <% if @database_tlscafile %>DBTLSCAFile=<%= @database_tlscafile %><% end %> ### Option: DBTLSCertFile -# Full pathname of file containing Zabbix server certificate for authenticating to database. -# Supported only for MySQL and PostgreSQL +# Full pathname of file containing Zabbix proxy certificate for authenticating to database. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# Default: <% if @database_tlscertfile %>DBTLSCertFile=<%= @database_tlscertfile %><% end %> ### Option: DBTLSKeyFile -# Full pathname of file containing the private key for authenticating to database. -# Supported only for MySQL and PostgreSQL +# Full pathname of file containing the private key for authenticating to database. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# Default: <% if @database_tlskeyfile %>DBTLSKeyFile=<%= @database_tlskeyfile %><% end %> ### Option: DBTLSCipher -# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 -# Supported only for MySQL +# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2 +# Supported only for MySQL # # Mandatory no -# Default: <% if @database_tlscipher %>DBTLSCipher=<%= @database_tlscipher %><% end %> ### Option: DBTLSCipher13 -# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol -# Supported only for MySQL, starting from version 8.0.16 +# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol +# Supported only for MySQL, starting from version 8.0.16 # # Mandatory no -# Default: <% if @database_tlscipher13 %>DBTLSCipher13=<%= @database_tlscipher13 %><% end %> -### Option: TLSCipherCert13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for certificate-based encryption. +<% if @zabbix_version.to_f >= 6.2 %> +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider # # Mandatory: no # Default: -# TLSCipherCert13= -<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> +# Vault=HashiCorp +<% end %> -### Option: TLSCipherCert -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for certificate-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 -# Example for OpenSSL: -# EECDH+aRSA+AES128:RSA+aRSA+AES128 +<% if @zabbix_version.to_f >= 5.2 %> +### Option: VaultToken +# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path +# specified in optional VaultDBPath configuration parameter. +# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no -# Default: -# TLSCipherCert= -<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> +# (yes, if Vault is explicitly set to HashiCorp) +<% if @vaulttoken %>VaultToken=<%= @vaulttoken -%><% end %> -### Option: TLSCipherPSK13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for PSK-based encryption. -# Example: -# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +### Option: VaultURL +# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. # # Mandatory: no +<% if @vaulturl %>VaultURL=<%= @vaulturl -%><% end %> + +<% if @zabbix_version.to_f >= 7.0 %> +### Option: VaultPrefix +# Custom prefix for Vault path or query depending on the Vault. +# Most suitable defaults will be used if not specified. +# Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified. +# Example prefix for HashiCorp: +# /v1/secret/data/ +# Example prefix for CyberArk: +# /AIMWebService/api/Accounts? +# Mandatory: no # Default: -# TLSCipherPSK13= -<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> +# VaultPrefix= +<% end %> -### Option: TLSCipherPSK -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for PSK-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL -# Example for OpenSSL: -# kECDHEPSK+AES128:kPSK+AES128 +### Option: VaultDBPath +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database +# This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no -# Default: -# TLSCipherPSK= -<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> +<% if @vaultdbpath %>VaultDBPath=<%= @vaultdbpath -%><% end %> -### Option: TLSCipherAll13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. -# Example: -# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +<% end %> +<% if @zabbix_version.to_f >= 6.2 %> +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. # # Mandatory: no # Default: -# TLSCipherAll13= -<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> +# VaultTLSCertFile= -### Option: TLSCipherAll -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 -# Example for OpenSSL: -# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. # # Mandatory: no # Default: -# TLSCipherAll13= -<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> +# VaultTLSKeyFile= -<% if @zabbix_version.to_f >= 5.2 %> -### Option: VaultToken -# Vault authentication token that should have been generated exclusively for Zabbix server with read only permission -# to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath -# configuration parameter. -# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. +<% end %> +<% if @zabbix_version.to_f >= 5.4 %> +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). # # Mandatory: no -# Default: -# VaultToken= -<% if @vaulttoken %>VaultToken=<%= @vaulttoken -%><% end %> +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= -### Option: VaultURL -# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. +<% end %> +<% if @zabbix_version.to_f >= 7.0 %> +####### Browser monitoring ####### + +### Option: WebDriverURL +# WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server. # # Mandatory: no # Default: -# VaultURL=https://127.0.0.1:8200 -<% if @vaulturl %>VaultURL=<%= @vaulturl -%><% end %> +# WebDriverURL= -### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database -# This option can only be used if DBUser and DBPassword are not specified. +### Option: StartBrowserPollers +# Number of pre-forked instances of browser item pollers. # # Mandatory: no +# Range: 0-1000 # Default: -# VaultDBPath= -<% if @vaultdbpath %>VaultDBPath=<%= @vaultdbpath -%><% end %> -<% end %> +# StartBrowserPollers=1 + +<% end %> \ No newline at end of file diff --git a/templates/zabbix_server.conf.erb b/templates/zabbix_server.conf.erb index 55de220c..9aaba7fd 100755 --- a/templates/zabbix_server.conf.erb +++ b/templates/zabbix_server.conf.erb @@ -9,16 +9,12 @@ # # Mandatory: no # Range: 1024-32767 -# Default: -# ListenPort=10051 ListenPort=<%= @listenport %> ### Option: SourceIP # Source IP address for outgoing connections. # # Mandatory: no -# Default: -# SourceIP= <% if @sourceip %>SourceIP=<%= @sourceip %><% end %> <% if @logtype %> @@ -28,18 +24,22 @@ ListenPort=<%= @listenport %> # file - file specified with LogFile parameter # console - standard output # +# Mandatory: no LogType=<%= @logtype %><% end %> <% if @logtype == 'file' -%> ### Option: LogFile # Log file name for LogType 'file' parameter. # +# Mandatory: yes, if LogType is set to file, otherwise no LogFile=<%= @logfile %> ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # +# Mandatory: no +# Range: 0-1024 LogFileSize=<%= @logfilesize %><% end -%> ### Option: DebugLevel @@ -50,80 +50,186 @@ LogFileSize=<%= @logfilesize %><% end -%> # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) +# +# Mandatory: no +# Range: 0-5 DebugLevel=<%= @debuglevel %> ### Option: PidFile # Name of PID file. # +# Mandatory: no PidFile=<%= @pidfile %> ### Option: SocketDir -# IPC socket directory. -# Directory to store IPC sockets used by internal Zabbix services. +# IPC socket directory. +# Directory to store IPC sockets used by internal Zabbix services. # # Mandatory: no -# Default: <% if @socketdir %>SocketDir=<%= @socketdir %><% end %> +### NOTE: Support for Oracle DB is deprecated since Zabbix 7.0 and will be removed in future versions. + ### Option: DBHost # Database host name. # If set to localhost, socket is used for MySQL. # If set to empty string, socket is used for PostgreSQL. +# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see +# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located. # +# Mandatory: no DBHost=<%= @database_host %> ### Option: DBName # Database name. -# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from +# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to +# empty string. # +# Mandatory: yes DBName=<%= @database_name %> ### Option: DBSchema -# Schema name. Used for IBM DB2 and PostgreSQL. +# Schema name. Used for PostgreSQL. # +# Mandatory: no <% if @database_schema %>DBSchema=<%= @database_schema %><% end %> ### Option: DBUser -# Database user. Ignored for SQLite. +# Database user. # +# Mandatory: no DBUser=<%= @database_user %> ### Option: DBPassword -# Database password. Ignored for SQLite. +# Database password. # Comment this line if no password is used. # +# Mandatory: no DBPassword=<%= @database_password %> ### Option: DBSocket # Path to MySQL socket. # +# Mandatory: no <% if @database_socket %>DBSocket=<%= @database_socket %><% end %> ### Option: DBPort -# Database port when not using local socket. Ignored for SQLite. +# Database port when not using local socket. +# If the Net Service Name connection method is used to connect to Oracle database, the port number from the +# tnsnames.ora file will be used. The port number set here will be ignored. # +# Mandatory: no +# Range: 1024-65535 <% if @database_port %>DBPort=<%= @database_port %><% end %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: HistoryStorageURL +# History storage HTTP[S] URL. +# +# Mandatory: no +# Default: +# HistoryStorageURL= + +### Option: HistoryStorageTypes +# Comma separated list of value types to be sent to the history storage. +# +# Mandatory: no +# Default: +# HistoryStorageTypes=uint,dbl,str,log,text + +### Option: HistoryStorageDateIndex +# Enable preprocessing of history values in history storage to store values in different indices based on date. +# 0 - disable +# 1 - enable +# +# Mandatory: no +# Default: +# HistoryStorageDateIndex=0 + +### Option: ExportDir +# Directory for real time export of events, history and trends in newline delimited JSON format. +# If set, enables real time export. +# +# Mandatory: no +# Default: +# ExportDir= + +### Option: ExportFileSize +# Maximum size per export file in bytes. +# Only used for rotation if ExportDir is set. +# +# Mandatory: no +# Range: 1M-1G +# Default: +# ExportFileSize=1G + +### Option: ExportType +# List of comma delimited types of real time export - allows to control export entities by their +# type (events, history, trends) individually. +# Valid only if ExportDir is set. +# +# Mandatory: no +# Default: +# ExportType=events,history,trends + +<% end %> ############ ADVANCED PARAMETERS ################ ### Option: StartPollers # Number of pre-forked instances of pollers. # +# Mandatory: no +# Range: 0-1000 StartPollers=<%= @startpollers %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: StartAgentPollers +# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartAgentPollers=1 + +### Option: StartHTTPAgentPollers +# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPAgentPollers=1 + +### Option: StartSNMPPollers +# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartSNMPPollers=1 + +### Option: MaxConcurrentChecksPerPoller +# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller. +# +# Mandatory: no +# Range: 1-1000 +# Default: +# MaxConcurrentChecksPerPoller=1000 +<% end %> + ### Option: StartIPMIPollers # Number of pre-forked instances of IPMI pollers. +# The IPMI manager process is automatically started when at least one IPMI poller is started. # +# Mandatory: no +# Range: 0-1000 StartIPMIPollers=<%= @startipmipollers %> ### Option: StartPreprocessors -# Number of pre-forked instances of preprocessing workers. -# The preprocessing manager process is automatically started when preprocessor worker is started. +# Number of pre-started instances of preprocessing workers. # # Mandatory: no # Range: 1-1000 -# Default: -# StartPreprocessors=3 <% if @startpreprocessors %>StartPreprocessors=<%= @startpreprocessors -%><% end %> ### Option: StartPollersUnreachable @@ -131,8 +237,22 @@ StartIPMIPollers=<%= @startipmipollers %> # At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers # are started. # +# Mandatory: no +# Range: 0-1000 StartPollersUnreachable=<%= @startpollersunreachable %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: StartHistoryPollers +# Number of pre-forked instances of history pollers. +# Only required for calculated checks. +# A database connection is required for each history poller instance. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHistoryPollers=5 + +<% end %> <% if @zabbix_version.to_f >= 6.0 %> ## Option: StartODBCPollers # Number of pre-forked ODBC poller instances. @@ -150,43 +270,54 @@ StartODBCPollers=<%= @startodbcpollers %> # At least one trapper process must be running to display server availability and view queue # in the frontend. # +# Mandatory: no +# Range: 0-1000 StartTrappers=<%= @starttrappers %> ### Option: StartPingers # Number of pre-forked instances of ICMP pingers. # +# Mandatory: no +# Range: 0-1000 StartPingers=<%= @startpingers %> ### Option: StartDiscoverers -# Number of pre-forked instances of discoverers. +# Number of pre-started instances of discovery workers. # +# Mandatory: no +# Range: 0-1000 StartDiscoverers=<%= @startdiscoverers %> ### Option: StartHTTPPollers # Number of pre-forked instances of HTTP pollers. # +# Mandatory: no +# Range: 0-1000 StartHTTPPollers=<%= @starthttppollers %> ### Option: StartTimers # Number of pre-forked instances of timers. -# Timers process time-based trigger functions and maintenance periods. -# Only the first timer process handles the maintenance periods. +# Timers process maintenance periods. +# Only the first timer process handles host maintenance updates. Problem suppression updates are shared +# between all timers. # +# Mandatory: no +# Range: 1-1000 StartTimers=<%= @starttimers %> ### Option: StartEscalators -# Number of pre-forked instances of escalators. +# Number of pre-forked instances of escalators. # +# Mandatory: no +# Range: 1-100 <% if @startescalators %>StartEscalators=<%= @startescalators %><% end %> ### Option: StartAlerters -# Number of pre-forked instances of alerters. -# Alerters send the notifications created by action operations. +# Number of pre-forked instances of alerters. +# Alerters send the notifications created by action operations. # # Mandatory: no -# Range: 0-100 -# Default: -# StartAlerters=3 +# Range: 1-100 <% if @startalerters %>StartAlerters=<%= @startalerters %><% end %> <% if @javagateway %> @@ -194,193 +325,254 @@ StartTimers=<%= @starttimers %> # IP address (or hostname) of Zabbix Java gateway. # Only required if Java pollers are started. # +# Mandatory: no JavaGateway=<%= @javagateway %> ### Option: JavaGatewayPort # Port that Zabbix Java gateway listens on. # +# Mandatory: no +# Range: 1024-32767 JavaGatewayPort=<%= @javagatewayport %> ### Option: StartJavaPollers # Number of pre-forked instances of Java pollers. # +# Mandatory: no +# Range: 0-1000 StartJavaPollers=<%= @startjavapollers %> <% end %> ### Option: StartVMwareCollectors # Number of pre-forked vmware collector instances. # +# Mandatory: no +# Range: 0-250 StartVMwareCollectors=<%= @startvmwarecollectors %> ### Option: VMwareFrequency # How often Zabbix will connect to VMware service to obtain a new data. # +# Mandatory: no +# Range: 10-86400 VMwareFrequency=<%= @vmwarefrequency %> ### Option: VMwarePerfFrequency -# How often Zabbix will connect to VMware service to obtain performance data. +# How often Zabbix will connect to VMware service to obtain performance data. # +# Mandatory: no +# Range: 10-86400 <% if @vmwareperffrequency %>VMwarePerfFrequency=<%= @vmwareperffrequency %><% end %> ### Option: VMwareCacheSize -# Size of VMware cache, in bytes. -# Shared memory size for storing VMware data. -# Only used if VMware collectors are started. +# Size of VMware cache, in bytes. +# Shared memory size for storing VMware data. +# Only used if VMware collectors are started. # +# Mandatory: no +# Range: 256K-2G VMwareCacheSize=<%= @vmwarecachesize %> ### Option: VMwareTimeout -# Specifies how many seconds vmware collector waits for response from VMware service. +# Specifies how many seconds vmware collector waits for response from VMware service. # +# Mandatory: no +# Range: 1-300 <% if @vmwaretimeout %>VMwareTimeout=<%= @vmwaretimeout %><% end %> ### Option: SNMPTrapperFile -# Temporary file used for passing data from SNMP trap daemon to the server. -# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. +# Temporary file used for passing data from SNMP trap daemon to the server. +# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. # +# Mandatory: no SNMPTrapperFile=<%= @snmptrapperfile %> ### Option: StartSNMPTrapper -# If 1, SNMP trapper process is started. +# If 1, SNMP trapper process is started. # +# Mandatory: no +# Range: 0-1 StartSNMPTrapper=<%= @startsnmptrapper %> ### Option: ListenIP -# List of comma delimited IP addresses that the trapper should listen on. -# Trapper will listen on all network interfaces if this parameter is missing. +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. # +# Mandatory: no <% if @listenip %>ListenIP=<%= @listenip %><% end %> ### Option: HousekeepingFrequency -# How often Zabbix will perform housekeeping procedure (in hours). -# Housekeeping is removing outdated information from the database. -# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency -# hours of outdated information are deleted in one housekeeping cycle, for each item. -# To lower load on server startup housekeeping is postponed for 30 minutes after server start. +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing outdated information from the database. +# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency +# hours of outdated information are deleted in one housekeeping cycle, for each item. +# To lower load on server startup housekeeping is postponed for 30 minutes after server start. +# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option. +# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the +# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. # +# Mandatory: no +# Range: 0-24 HousekeepingFrequency=<%= @housekeepingfrequency %> ### Option: MaxHousekeeperDelete -# The table "housekeeper" contains "tasks" for housekeeping procedure in the format: -# [housekeeperid], [tablename], [field], [value]. -# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) -# will be deleted per one task in one housekeeping cycle. -# SQLite3 does not use this parameter, deletes all corresponding rows without a limit. -# If set to 0 then no limit is used at all. In this case you must know what you are doing! +# The table "housekeeper" contains "tasks" for housekeeping procedure in the format: +# [housekeeperid], [tablename], [field], [value]. +# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) +# will be deleted per one task in one housekeeping cycle. +# If set to 0 then no limit is used at all. In this case you must know what you are doing! # +# Mandatory: no +# Range: 0-1000000 MaxHousekeeperDelete=<%= @maxhousekeeperdelete %> ### Option: CacheSize -# Size of configuration cache, in bytes. -# Shared memory size for storing host, item and trigger data. +# Size of configuration cache, in bytes. +# Shared memory size for storing host, item and trigger data. # +# Mandatory: no +# Range: 128K-64G CacheSize=<%= @cachesize %> ### Option: CacheUpdateFrequency -# How often Zabbix will perform update of configuration cache, in seconds. +# How often Zabbix will perform update of configuration cache, in seconds. # +# Mandatory: no +# Range: 1-3600 CacheUpdateFrequency=<%= @cacheupdatefrequency %> ### Option: StartDBSyncers -# Number of pre-forked instances of DB Syncers +# Number of pre-forked instances of DB Syncers. # +# Mandatory: no +# Range: 1-100 StartDBSyncers=<%= @startdbsyncers %> ### Option: HistoryCacheSize -# Size of history cache, in bytes. -# Shared memory size for storing history data. +# Size of history cache, in bytes. +# Shared memory size for storing history data. # +# Mandatory: no +# Range: 128K-2G HistoryCacheSize=<%= @historycachesize %> ### Option: HistoryIndexCacheSize -# Size of history index cache, in bytes. -# Shared memory size for indexing history cache. +# Size of history index cache, in bytes. +# Shared memory size for indexing history cache. # +# Mandatory: no +# Range: 128K-2G <% if @historyindexcachesize %>HistoryIndexCacheSize=<%= @historyindexcachesize %><% end %> ### Option: TrendCacheSize -# Size of trend cache, in bytes. -# Shared memory size for storing trends data. +# Size of trend write cache, in bytes. +# Shared memory size for storing trends data. # +# Mandatory: no +# Range: 128K-2G TrendCacheSize=<%= @trendcachesize %> ### Option: ValueCacheSize -# Size of history value cache, in bytes. -# Shared memory size for caching item history data requests. -# Setting to 0 disables value cache. +# Size of history value cache, in bytes. +# Shared memory size for caching item history data requests. +# Setting to 0 disables value cache. # +# Mandatory: no +# Range: 0,128K-64G ValueCacheSize=<%= @valuecachesize %> ### Option: Timeout -# Specifies how long we wait for agent, SNMP device or external check (in seconds). +# Specifies timeout for communications (in seconds). # +# Mandatory: no +# Range: 1-30 Timeout=<%= @timeout %> ### Option: TrapperTimeout -# Specifies how many seconds trapper may spend processing new data. +# Specifies how many seconds trapper may spend processing new data. # +# Mandatory: no +# Range: 1-300 TrapperTimeout=<%= @trappertimeout %> ### Option: UnreachablePeriod -# After how many seconds of unreachability treat a host as unavailable. +# After how many seconds of unreachability treat a host as unavailable. # +# Mandatory: no +# Range: 1-3600 UnreachablePeriod=<%= @unreachableperiod %> ### Option: UnavailableDelay -# How often host is checked for availability during the unavailability period, in seconds. +# How often host is checked for availability during the unavailability period, in seconds. # +# Mandatory: no +# Range: 1-3600 UnavailableDelay=<%= @unavailabledelay %> ### Option: UnreachableDelay -# How often host is checked for availability during the unreachability period, in seconds. +# How often host is checked for availability during the unreachability period, in seconds. # +# Mandatory: no +# Range: 1-3600 UnreachableDelay=<%= @unreachabledelay %> ### Option: AlertScriptsPath -# Full path to location of custom alert scripts. -# Default depends on compilation options. +# Full path to location of custom alert scripts. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". # +# Mandatory: no AlertScriptsPath=<%= @alertscriptspath %> ### Option: ExternalScripts -# Full path to location of external scripts. -# Default depends on compilation options. +# Full path to location of external scripts. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". # +# Mandatory: no ExternalScripts=<%= @externalscripts %> ### Option: FpingLocation -# Location of fping. -# Make sure that fping binary has root ownership and SUID flag set. +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. # +# Mandatory: no FpingLocation=<%= @fpinglocation %> ### Option: Fping6Location -# Location of fping6. -# Make sure that fping6 binary has root ownership and SUID flag set. -# Make empty if your fping utility is capable to process IPv6 addresses. +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. # +# Mandatory: no Fping6Location=<%= @fping6location %> ### Option: SSHKeyLocation -# Location of public and private keys for SSH checks and actions. +# Location of public and private keys for SSH checks and actions. # +# Mandatory: no <% if @sshkeylocation %>SSHKeyLocation=<%= @sshkeylocation %><% end %> ### Option: LogSlowQueries -# How long a database query may take before being logged (in milliseconds). -# Only works if DebugLevel set to 3 or 4 or 5. -# 0 - don't log slow queries. +# How long a database query may take before being logged (in milliseconds). +# Only works if DebugLevel set to 3, 4 or 5. +# 0 - don't log slow queries. # +# Mandatory: no +# Range: 1-3600000 LogSlowQueries=<%= @logslowqueries %> ### Option: TmpDir -# Temporary directory. +# Temporary directory. # +# Mandatory: no TmpDir=<%= @tmpdir %> ### Option: StartProxyPollers -# Number of pre-forked instances of pollers for passive proxies. +# Number of pre-forked instances of pollers for passive proxies. # +# Mandatory: no +# Range: 0-250 StartProxyPollers=<%= @startproxypollers %> ### Option: ProxyConfigFrequency @@ -389,62 +581,69 @@ StartProxyPollers=<%= @startproxypollers %> # ProxyConfigFrequency=<%= @proxyconfigfrequency %> -### Option: ProxyDataFrequency -# How often Zabbix Server requests history data from a Zabbix Proxy in seconds. -# This parameter is used only for proxies in the passive mode. +### Option: ProxyConfigFrequency +# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. # +# Mandatory: no +# Range: 1-3600*24*7 ProxyDataFrequency=<%= @proxydatafrequency %> ### Option: StartLLDProcessors -# Number of pre-forked instances of low level discovery processors. +# Number of pre-forked instances of low level discovery processors. # # Mandatory: no # Range: 1-100 -# Default: -# StartLLDProcessors=2 <% if @startlldprocessors %>StartLLDProcessors=<%= @startlldprocessors -%><% end %> ### Option: AllowRoot -# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server -# will try to switch to the user specified by the User configuration option instead. -# Has no effect if started under a regular user. -# 0 - do not allow -# 1 - allow +# Allow the server to run as 'root'. If disabled and the server is started by 'root', the server +# will try to switch to the user specified by the User configuration option instead. +# Has no effect if started under a regular user. +# 0 - do not allow +# 1 - allow # +# Mandatory: no AllowRoot=<%= @allowroot %> ### Option: User -# Drop privileges to a specific, existing user on the system. -# Only has effect if run as 'root' and AllowRoot is disabled. +# Drop privileges to a specific, existing user on the system. +# Only has effect if run as 'root' and AllowRoot is disabled. # # Mandatory: no -# Default: -# User=zabbix <% if @zabbix_user %>User=<%= @zabbix_user %><% end %> ### Option: Include -# You may include individual files or all files in a directory in the configuration file. -# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. +# You may include individual files or all files in a directory in the configuration file. +# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. # +# Mandatory: no Include=<%= @include_dir %> ### Option: SSLCertLocation -# Location of SSL client certificates. -# This parameter is used only in web monitoring. +# Location of SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". # +# Mandatory: no SSLCertLocation=<%= @sslcertlocation_dir %> ### Option: SSLKeyLocation -# Location of private keys for SSL client certificates. -# This parameter is used only in web monitoring. +# Location of private keys for SSL client certificates. +# This parameter is used in web monitoring and for communication with Vault. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". # +# Mandatory: no SSLKeyLocation=<%= @sslkeylocation_dir %> ### Option: SSLCALocation -# Override the location of certificate authority (CA) files for SSL server certificate verification. -# If not set, system-wide directory will be used. -# This parameter is used only in web monitoring. +# Override the location of certificate authority (CA) files for SSL server certificate verification. +# If not set, system-wide directory will be used. +# This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault. # +# Mandatory: no <% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %> ### Option: StatsAllowedIP @@ -457,24 +656,29 @@ SSLKeyLocation=<%= @sslkeylocation_dir %> # Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com # # Mandatory: no -# Default: -# StatsAllowedIP= <% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %> ####### LOADABLE MODULES ####### ### Option: LoadModulePath -# Full path to location of server modules. -# Default depends on compilation options. +# Full path to location of server modules. +# Default depends on compilation options. +# To see the default path run command "zabbix_server --help". # +# Mandatory: no LoadModulePath=<%= @loadmodulepath %> ### Option: LoadModule -# Module to load at server startup. Modules are used to extend functionality of the server. -# Format: LoadModule= -# The modules must be located in directory specified by LoadModulePath. -# It is allowed to include multiple LoadModule parameters. +# Module to load at server startup. Modules are used to extend functionality of the server. +# Formats: +# LoadModule= +# LoadModule= +# LoadModule= +# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. +# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. +# It is allowed to include multiple LoadModule parameters. # +# Mandatory: no <% if @loadmodule %>LoadModule = <%= @loadmodule %><% end %> ####### TLS-RELATED PARAMETERS ####### @@ -484,161 +688,147 @@ LoadModulePath=<%= @loadmodulepath %> # peer certificate verification. # # Mandatory: no -# Default: -# TLSCAFile= <% if @tlscafile %>TLSCAFile=<%= @tlscafile %><% end %> ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # # Mandatory: no -# Default: -# TLSCRLFile= <% if @tlscrlfile %>TLSCRLFile=<%= @tlscrlfile %><% end %> ### Option: TLSCertFile # Full pathname of a file containing the server certificate or certificate chain. # # Mandatory: no -# Default: -# TLSCertFile= <% if @tlscertfile %>TLSCertFile=<%= @tlscertfile %><% end %> ### Option: TLSKeyFile # Full pathname of a file containing the server private key. # # Mandatory: no -# Default: -# TLSKeyFile= <% if @tlskeyfile %>TLSKeyFile=<%= @tlskeyfile %><% end %> ####### For advanced users - TLS ciphersuite selection criteria ####### -### Option: DBTLSConnect -# Setting this option enforces to use TLS connection to database. -# required - connect using TLS -# verify_ca - connect using TLS and verify certificate -# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost -# matches its certificate -# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and -# "verify_full". -# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. -# Default is not to set any option and behavior depends on database configuration + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. # # Mandatory: no -# Default: -<% if @database_tlsconnect %>DBTLSConnect=<%= @database_tlsconnect %><% end %> +<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> -### Option: DBTLSCAFile -# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. -# Supported only for MySQL and PostgreSQL +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 # # Mandatory: no -# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) -# Default: -<% if @database_tlscafile %>DBTLSCAFile=<%= @database_tlscafile %><% end %> +<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> -### Option: DBTLSCertFile -# Full pathname of file containing Zabbix server certificate for authenticating to database. -# Supported only for MySQL and PostgreSQL +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # # Mandatory: no -# Default: -<% if @database_tlscertfile %>DBTLSCertFile=<%= @database_tlscertfile %><% end %> +<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> -### Option: DBTLSKeyFile -# Full pathname of file containing the private key for authenticating to database. -# Supported only for MySQL and PostgreSQL +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no -# Default: -<% if @database_tlskeyfile %>DBTLSKeyFile=<%= @database_tlskeyfile %><% end %> +<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> -### Option: DBTLSCipher -# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 -# Supported only for MySQL +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 # -# Mandatory no -# Default: -<% if @database_tlscipher %>DBTLSCipher=<%= @database_tlscipher %><% end %> +# Mandatory: no +<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> -### Option: DBTLSCipher13 -# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol -# Supported only for MySQL, starting from version 8.0.16 +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 # -# Mandatory no -# Default: -<% if @database_tlscipher13 %>DBTLSCipher13=<%= @database_tlscipher13 %><% end %> +# Mandatory: no +<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> -### Option: TLSCipherCert13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for certificate-based encryption. +### Option: DBTLSConnect +# Setting this option enforces to use TLS connection to database. +# required - connect using TLS +# verify_ca - connect using TLS and verify certificate +# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost +# matches its certificate +# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and +# "verify_full". +# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. +# Default is not to set any option and behavior depends on database configuration # # Mandatory: no -# Default: -# TLSCipherCert13= -<% if @tlsciphercert13 %>TLSCipherCert13=<%= @tlsciphercert13 %><% end %> +<% if @database_tlsconnect %>DBTLSConnect=<%= @database_tlsconnect %><% end %> -### Option: TLSCipherCert -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for certificate-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 -# Example for OpenSSL: -# EECDH+aRSA+AES128:RSA+aRSA+AES128 +### Option: DBTLSCAFile +# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# Default: -# TLSCipherCert= -<% if @tlsciphercert %>TLSCipherCert=<%= @tlsciphercert %><% end %> +# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) +<% if @database_tlscafile %>DBTLSCAFile=<%= @database_tlscafile %><% end %> -### Option: TLSCipherPSK13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for PSK-based encryption. -# Example: -# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +### Option: DBTLSCertFile +# Full pathname of file containing Zabbix server certificate for authenticating to database. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# Default: -# TLSCipherPSK13= -<% if @tlscipherpsk13 %>TLSCipherPSK13=<%= @tlscipherpsk13 %><% end %> +<% if @database_tlscertfile %>DBTLSCertFile=<%= @database_tlscertfile %><% end %> -### Option: TLSCipherPSK -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for PSK-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL -# Example for OpenSSL: -# kECDHEPSK+AES128:kPSK+AES128 +### Option: DBTLSKeyFile +# Full pathname of file containing the private key for authenticating to database. +# Supported only for MySQL and PostgreSQL # # Mandatory: no -# Default: -# TLSCipherPSK= -<% if @tlscipherpsk %>TLSCipherPSK=<%= @tlscipherpsk %><% end %> +<% if @database_tlskeyfile %>DBTLSKeyFile=<%= @database_tlskeyfile %><% end %> -### Option: TLSCipherAll13 -# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. -# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. -# Example: -# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +### Option: DBTLSCipher +# The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 +# Supported only for MySQL # -# Mandatory: no -# Default: -# TLSCipherAll13= -<% if @tlscipherall13 %>TLSCipherAll13=<%= @tlscipherall13 %><% end %> +# Mandatory no +<% if @database_tlscipher %>DBTLSCipher=<%= @database_tlscipher %><% end %> -### Option: TLSCipherAll -# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. -# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. -# Example for GnuTLS: -# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 -# Example for OpenSSL: -# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +### Option: DBTLSCipher13 +# The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol +# Supported only for MySQL, starting from version 8.0.16 +# +# Mandatory no +<% if @database_tlscipher13 %>DBTLSCipher13=<%= @database_tlscipher13 %><% end %> + +<% if @zabbix_version.to_f >= 6.2 %> +### Option: Vault +# Specifies vault: +# HashiCorp - HashiCorp KV Secrets Engine - Version 2 +# CyberArk - CyberArk Central Credential Provider # # Mandatory: no # Default: -# TLSCipherAll13= -<% if @tlscipherall %>TLSCipherAll=<%= @tlscipherall %><% end %> +# Vault=HashiCorp +<% end %> <% if @zabbix_version.to_f >= 5.2 %> ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission @@ -647,29 +837,63 @@ LoadModulePath=<%= @loadmodulepath %> # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no -# Default: -# VaultToken= +# (yes, if Vault is explicitly set to HashiCorp) <% if @vaulttoken %>VaultToken=<%= @vaulttoken -%><% end %> ### Option: VaultURL # Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. # # Mandatory: no -# Default: -# VaultURL=https://127.0.0.1:8200 <% if @vaulturl %>VaultURL=<%= @vaulturl -%><% end %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: VaultPrefix +# Custom prefix for Vault path or query depending on the Vault. +# Most suitable defaults will be used if not specified. +# Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified. +# Example prefix for HashiCorp: +# /v1/secret/data/ +# Example prefix for CyberArk: +# /AIMWebService/api/Accounts? +# Mandatory: no +# Default: +# VaultPrefix= + +<% end %> + ### Option: VaultDBPath -# Vault path from where credentials for database will be retrieved by keys 'password' and 'username'. -# Example: secret/zabbix/database +# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. +# Keys used for HashiCorp are 'password' and 'username'. +# Example path: +# secret/zabbix/database +# Keys used for CyberArk are 'Content' and 'UserName'. +# Example query: +# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_server_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no -# Default: -# VaultDBPath= <% if @vaultdbpath %>VaultDBPath=<%= @vaultdbpath -%><% end %> + <% end %> +<% if @zabbix_version.to_f >= 6.2 %> +### Option: VaultTLSCertFile +# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. +# If the certificate file contains also the private key, leave the SSL key file field empty. The directory +# containing this file is specified by configuration parameter SSLCertLocation. +# +# Mandatory: no +# Default: +# VaultTLSCertFile= +### Option: VaultTLSKeyFile +# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. +# The directory containing this file is specified by configuration parameter SSLKeyLocation. +# +# Mandatory: no +# Default: +# VaultTLSKeyFile= + +<% end %> <% if @zabbix_version.to_f >= 5.4 %> ### Option: StartReportWriters @@ -677,8 +901,6 @@ LoadModulePath=<%= @loadmodulepath %> # # Mandatory: no # Range: 0-100 -# Default: -# StartReportWriters=0 <% if @startreportwriters %>StartReportWriters=<%= @startreportwriters -%><% end %> ### Option: WebServiceURL @@ -686,11 +908,75 @@ LoadModulePath=<%= @loadmodulepath %> # Example: http://localhost:10053/report # # Mandatory: no -# Default: -# WebServiceURL= <% if @webserviceurl %>WebServiceURL=<%= @webserviceurl -%><% end %> <% end %> +<% if @zabbix_version.to_f >= 7.0 %> +### Option: ServiceManagerSyncFrequency +# How often Zabbix will synchronize configuration of a service manager (in seconds). +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ServiceManagerSyncFrequency=60 + +### Option: ProblemHousekeepingFrequency +# How often Zabbix will delete problems for deleted triggers (in seconds). +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ProblemHousekeepingFrequency=60 + +## Option: StartODBCPollers +# Number of pre-forked ODBC poller instances. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartODBCPollers=1 + +### Option: EnableGlobalScripts +# Enable global scripts on Zabbix server. +# 0 - disable +# 1 - enable +# +# Mandatory: no +# Default: +# EnableGlobalScripts=1 + +# Option: AllowSoftwareUpdateCheck +# Allow Zabbix UI to receive information about software updates from zabbix.com +# 0 - disable software update checks +# 1 - enable software update checks +# +# Mandatory: no +# Default: +# AllowSoftwareUpdateCheck=1 + +### Option: SMSDevices +# List of comma delimited modem files allowed to use Zabbix server +# SMS sending not possible if this parameter is not set +# Example: SMSDevices=/dev/ttyUSB0,/dev/ttyUSB1 +# +# Mandatory: no +# Default: +# SMSDevices= + +<% end %> +<% if @zabbix_version.to_f >= 5.4 %> +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= + +<% end %> <% if @zabbix_version.to_f >= 6.0 %> ####### High availability cluster parameters ####### @@ -699,8 +985,6 @@ LoadModulePath=<%= @loadmodulepath %> # When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. # # Mandatory: no -# Default: -# HANodeName= <% if @hanodename %>HANodeName=<%= @hanodename -%><% end %> ## Option: NodeAddress @@ -712,7 +996,25 @@ LoadModulePath=<%= @loadmodulepath %> # This option can be overridden by address specified in frontend configuration. # # Mandatory: no -# Default: -# NodeAddress=localhost:10051 <% if @nodeaddress %>NodeAddress=<%= @nodeaddress -%><% end %> + +<% end %> +<% if @zabbix_version.to_f >= 7.0 %> +####### Browser monitoring ####### + +### Option: WebDriverURL +# WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server. +# +# Mandatory: no +# Default: +# WebDriverURL= + +### Option: StartBrowserPollers +# Number of pre-forked instances of browser item pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartBrowserPollers=1 + <% end %> \ No newline at end of file