yunoadmin
/
zabbix_ynh


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
							#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# LOAD SETTINGS
#=================================================

app=$YNH_APP_INSTANCE_NAME
trustedversion="1:4.0.4-1+stretch"
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app admin)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
language=$(ynh_app_setting_get $app language)
db_name=$(ynh_app_setting_get $app db_name)
db_user=$(ynh_app_setting_get $app db_user)
db_pwd=$(ynh_app_setting_get $app mysqlpwd)


#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================

# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
	ynh_app_setting_set $app is_public 1
	is_public=1
elif [ "$is_public" = "No" ]; then
	ynh_app_setting_set $app is_public 0
	is_public=0
fi

# If db_name doesn't exist, create it
if [ -z $db_name ]; then
	db_name=$(ynh_sanitize_dbid $app)
	ynh_app_setting_set $app db_name $db_name
fi

# If final_path doesn't exist, create it
if [ -z $final_path ]; then
	final_path=/var/www/$app
	ynh_app_setting_set $app final_path $final_path
fi

#=================================================
# Enable default admin temporaly
#=================================================
haveDefaultAdminDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9")

if [ "$haveDefaultAdminDisabled" -eq 1 ] ;then
    ynh_print_info "Enable default admin"
    #enable default admin temporaly
    mysql -u$db_user -p$db_pwd $db_name -e "DELETE FROM users_groups where usrgrpid=9 and userid=1;"
else
    ynh_print_info "default admin already enabled"
fi

#=================================================
# Import Yunohost template
#=================================================
ynh_print_info "Import Yunohost template"
#disable sso temporaly
ynh_app_setting_set $app unprotected_uris "/"
systemctl reload nginx
yunohost app ssowatconf

zabbixFullpath=https://$domain$path_url
localpath=$(find /var/cache/yunohost/ -name "Template_Yunohost.xml")
sudoUserPpath=$(find /var/cache/yunohost/ -name "etc_sudoers.d_zabbix")
confUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_userP_yunohost.conf")
bashUserPpath=$(find /var/cache/yunohost/ -name "etc_zabbix_zabbix_agentd.d_yunohost.sh")

cp $sudoUserPpath /etc/sudoers.d/zabbix
cp $confUserPpath /etc/zabbix/zabbix_agentd.d/userP_yunohost.conf
cp $bashUserPpath /etc/zabbix/zabbix_agentd.d/yunohost.sh
chmod a+x /etc/zabbix/zabbix_agentd.d/yunohost.sh

systemctl restart zabbix-agent

curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \
                --form enter=Sign+in \
                --form name=Admin \
                --form password=zabbix \
                "$zabbixFullpath/index.php"

sid=$(curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \
                "$zabbixFullpath/conf.import.php?rules_preset=template" \
                | grep -Po 'name="sid" value="\K([a-z0-9]{16})(?=")' ) 

importState=$(curl -k -s --cookie cookiejar.txt --cookie-jar cookiejar.txt \
                --form "config=1" \
                --form "import_file=@$localpath"  \
                --form rules[groups][createMissing]=1 \
                --form rules[templates][updateExisting]=1 \
                --form rules[templates][createMissing]=1 \
                --form rules[templateScreens][updateExisting]=1 \
                --form rules[templateScreens][createMissing]=1 \
                --form rules[templateLinkage][createMissing]=1 \
                --form rules[applications][createMissing]=1 \
                --form rules[items][updateExisting]=1 \
                --form rules[items][createMissing]=1 \
                --form rules[discoveryRules][updateExisting]=1 \
                --form rules[discoveryRules][createMissing]=1 \
                --form rules[triggers][updateExisting]=1 \
                --form rules[triggers][createMissing]=1 \
                --form rules[graphs][updateExisting]=1 \
                --form rules[graphs][createMissing]=1 \
                --form rules[httptests][updateExisting]=1 \
                --form rules[httptests][createMissing]=1 \
                --form rules[valueMaps][createMissing]=1 \
                --form "import=Import"  \
                --form "backurl=templates.php"  \
                --form "form_refresh=1"  \
                --form "sid=${sid}" \  \
                "${zabbixFullpath}/conf.import.php?rules_preset=template" \
                | grep -c "Imported successfully")

if [ "$importState" -eq "1" ];then
    ynh_print_info "Template Yunohost imported !"
else
    ynh_print_warn "Template Yunohost not imported !"
fi

#apply template to host
tokenapi=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{ "jsonrpc": "2.0","method": "user.login","params": {"user": "Admin","password": "zabbix"},"id": 1,"auth": null}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result')
zabbixHostID=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.get","params":{"filter":{"host":["Zabbix server"]}},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result[0].hostid')
zabbixTemplateID=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"template.get","params":{"filter":{"host":["Template Yunohost"]}},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result[0].templateid')
applyTemplate=$(curl -k -s --header "Content-Type: application/json" --request POST --data '{"jsonrpc":"2.0","method":"host.massadd","params":{"hosts":[{"hostid":"'$zabbixHostID'"}],"templates":[{"templateid":"'$zabbixTemplateID'"}]},"auth":"'$tokenapi'","id":1}' ${zabbixFullpath}/api_jsonrpc.php | jq -r '.result.hostids[]')
if [ "$applyTemplate" -eq "$zabbixHostID" ];then
    ynh_print_info "Template Yunohost linked to Zabbix server !"
else
    ynh_print_warn "Template Yunohost no linked to Zabbix server !"
fi


#=================================================
# Disable default admin for security issue
#=================================================
haveDefaultAdminDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=1 and usrgrpid=9")

if [ "$haveDefaultAdminDisabled" -eq 0 ] ;then
    ynh_print_info "Disable default admin"
    #disable default admin 
    lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`")
    lastid=$(($lastid + 1 ))
    mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 1);"
else
    ynh_print_info "default admin already disabled"
fi


#=================================================
# Disable default guest for security issue
#=================================================
haveDefaultGuestDisabled=$(mysql -BN -u$db_user -p$db_pwd $db_name -BN -e "SELECT count(id) from \`users_groups\` where userid=2 and usrgrpid=9")

if [ "$haveDefaultGuestDisabled" -eq 0 ] ;then
    echo "Disable default guest"
    #disable default guest 
    lastid=$(mysql -u$db_user -p$db_pwd $db_name -BN -e "SELECT max(id) from \`users_groups\`")
    lastid=$(($lastid + 1 ))
    mysql -u$db_user -p$db_pwd $db_name -e "INSERT INTO \`users_groups\` (\`id\` , \`usrgrpid\`, \`userid\`) VALUES ($lastid ,9, 2);"
else
    echo "default guest already disabled"
fi

#=================================================
# CHECK THE PATH
#=================================================

# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)

#=================================================
# STANDARD UPGRADE STEPS
#=================================================
ynh_print_info "Check if new zabbix version is available on repo"
ynh_package_update

#REMOVE DUPLICATE LOG ENTRY IN LOGROTATE PATCH IF NEEDED
ynh_remove_logrotate

zabbixServerInstalledVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Installed: \K(.*)")
zabbixServerCandidateVersion=$(apt-cache policy zabbix-server-mysql | grep -Po "Candidate: \K(.*)")

zabbixFrontendInstalledVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Installed: \K(.*)")
zabbixFrontendCandidateVersion=$(apt-cache policy zabbix-frontend-php | grep -Po "Candidate: \K(.*)")

zabbixagentInstalledVersion=$(apt-cache policy zabbix-agent | grep -Po "Installed: \K(.*)")
zabbixagentCandidateVersion=$(apt-cache policy zabbix-agent | grep -Po "Candidate: \K(.*)")

if [ "$trustedversion" == "$zabbixServerCandidateVersion" ]
then

	if [ "$zabbixServerInstalledVersion" != "$zabbixServerCandidateVersion" -o "$zabbixFrontendInstalledVersion" != "$zabbixFrontendCandidateVersion" -o "$zabbixagentInstalledVersion" != "$zabbixagentCandidateVersion" ] 
	then
	    #=================================================
	    # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
	    #=================================================
	    
	    # Backup the current version of the app
	    ynh_backup_before_upgrade
	    ynh_clean_setup () {
		# restore it if the upgrade fails
		ynh_restore_upgradebackup
	    }
	    # Exit if an error occurs during the execution of the script
	    ynh_abort_if_errors
	    
	    cp -rp /etc/zabbix /tmp/
	    cp -p /usr/share/zabbix/conf/zabbix.conf.php /tmp/
	    
	    DEBIAN_FRONTEND=noninteractive apt-mark unhold zabbix-server-mysql zabbix-frontend-php
	    DEBIAN_FRONTEND=noninteractive apt-get -y download zabbix-frontend-php
	    ar x *.deb
	    tar xzf control.tar.gz
	    sed -i 's/apache2 | httpd, //' control
	    tar --ignore-failed-read -cvzf control.tar.gz {post,pre}{inst,rm} md5sums control
	    ar rcs zabbix-frontend-php+stretch_all-noapache2.deb debian-binary control.tar.gz data.tar.xz
	    dpkg -i zabbix-frontend-php+stretch_all-noapache2.deb
	    rm -fr zabbix-*.deb
	    apt-get -y --only-upgrade install zabbix-server-mysql zabbix-agent
	    DEBIAN_FRONTEND=noninteractive apt-mark hold zabbix-server-mysql zabbix-frontend-php
	    
	    rm /usr/share/zabbix/conf/zabbix.conf.php
	    cp -rpf /tmp/zabbix /etc/
	    cp -pf /tmp/zabbix.conf.php /usr/share/zabbix/conf/
	    
	    rm -fr /tmp/zabbix*
	   
	else
		ynh_print_info "No update from repo ! (Already up to date)"
	fi
else
	ynh_print_info "No update from repo ! (Trusted version)"
fi

#=================================================
# RE-ENABLE SSOWAT
#=================================================
ynh_print_info "re-enable SSOWAT"
# Make app public if necessary
if [ $is_public -eq 1 ]
then
    # unprotected_uris allows SSO credentials to be passed anyway.
    ynh_app_setting_set $app unprotected_uris "/"
else
    ynh_app_setting_set $app unprotected_uris ""
fi

systemctl reload nginx
yunohost app ssowatconf