Add and remove Zabbix 6.0 + 6.4 options (HA mode, StatsAllowedIP, ProxyConfigFrequency, HeartbeatFrequency) (#921)

* add StatsAllowedIP for proxy and server

* make value optional

* remove ServerPort for proxy for versions below 6.0 - its deprecated

* Add Zabbix 6.0 and 6.4 changes

* add reference for statsallowedip

* fix proxy--statsallowedip reference

* add statsallowedip to params

* add reference for HA (nodename + nodeaddress)

* run strings:generate:reference

* attempt to rewrite web_spec.rb checks

* adjust web_spec.rb

* fix context

* remove emptyline

---------

Co-authored-by: Geir Råness <[email protected]>

Author: geirra

REFERENCE.md

@@ -2545,6 +2545,7 @@ The following parameters are available in the `zabbix::proxy` class:
 * [`offlinebuffer`](#-zabbix--proxy--offlinebuffer)
 * [`heartbeatfrequency`](#-zabbix--proxy--heartbeatfrequency)
 * [`configfrequency`](#-zabbix--proxy--configfrequency)
+* [`proxyconfigfrequency`](#-zabbix--proxy--proxyconfigfrequency)
 * [`datasenderfrequency`](#-zabbix--proxy--datasenderfrequency)
 * [`startpollers`](#-zabbix--proxy--startpollers)
 * [`startpreprocessors`](#-zabbix--proxy--startpreprocessors)
@@ -2600,6 +2601,7 @@ The following parameters are available in the `zabbix::proxy` class:
 * [`fpinglocation`](#-zabbix--proxy--fpinglocation)
 * [`fping6location`](#-zabbix--proxy--fping6location)
 * [`sshkeylocation`](#-zabbix--proxy--sshkeylocation)
+* [`statsallowedip`](#-zabbix--proxy--statsallowedip)
 * [`sslcalocation_dir`](#-zabbix--proxy--sslcalocation_dir)
 * [`sslcertlocation_dir`](#-zabbix--proxy--sslcertlocation_dir)
 * [`sslkeylocation_dir`](#-zabbix--proxy--sslkeylocation_dir)
@@ -3004,6 +3006,14 @@ How often proxy retrieves configuration data from Zabbix Server in seconds.
 
 Default value: `$zabbix::params::proxy_configfrequency`
 
+##### <a name="-zabbix--proxy--proxyconfigfrequency"></a>`proxyconfigfrequency`
+
+Data type: `Optional[Integer[1,604800]]`
+
+How often proxy retrieves configuration data from Zabbix Server in seconds (Zabbix 6.4).
+
+Default value: `$zabbix::params::proxy_proxyconfigfrequency`
+
 ##### <a name="-zabbix--proxy--datasenderfrequency"></a>`datasenderfrequency`
 
 Data type: `Any`
@@ -3452,6 +3462,14 @@ Location of public and private keys for ssh checks and actions.
 
 Default value: `$zabbix::params::proxy_sshkeylocation`
 
+##### <a name="-zabbix--proxy--statsallowedip"></a>`statsallowedip`
+
+Data type: `Optional[String[1]]`
+
+list of allowed ipadresses that can access the internal stats of zabbix proxy over network
+
+Default value: `$zabbix::params::proxy_statsallowedip`
+
 ##### <a name="-zabbix--proxy--sslcalocation_dir"></a>`sslcalocation_dir`
 
 Data type: `Optional[Stdlib::Absolutepath]`
@@ -4009,6 +4027,7 @@ The following parameters are available in the `zabbix::server` class:
 * [`proxydatafrequency`](#-zabbix--server--proxydatafrequency)
 * [`allowroot`](#-zabbix--server--allowroot)
 * [`include_dir`](#-zabbix--server--include_dir)
+* [`statsallowedip`](#-zabbix--server--statsallowedip)
 * [`loadmodulepath`](#-zabbix--server--loadmodulepath)
 * [`loadmodule`](#-zabbix--server--loadmodule)
 * [`sslcertlocation_dir`](#-zabbix--server--sslcertlocation_dir)
@@ -4018,6 +4037,8 @@ The following parameters are available in the `zabbix::server` class:
 * [`zabbix_user`](#-zabbix--server--zabbix_user)
 * [`manage_startup_script`](#-zabbix--server--manage_startup_script)
 * [`socketdir`](#-zabbix--server--socketdir)
+* [`hanodename`](#-zabbix--server--hanodename)
+* [`nodeaddress`](#-zabbix--server--nodeaddress)
 
 ##### <a name="-zabbix--server--database_type"></a>`database_type`
 
@@ -4832,6 +4853,14 @@ You may include individual files or all files in a directory in the configuratio
 
 Default value: `$zabbix::params::server_include`
 
+##### <a name="-zabbix--server--statsallowedip"></a>`statsallowedip`
+
+Data type: `Optional[String[1]]`
+
+list of allowed ipadresses that can access the internal stats of zabbix server over network
+
+Default value: `$zabbix::params::server_statsallowedip`
+
 ##### <a name="-zabbix--server--loadmodulepath"></a>`loadmodulepath`
 
 Data type: `Any`
@@ -4900,10 +4929,27 @@ Default value: `$zabbix::params::manage_startup_script`
 
 Data type: `Optional[Stdlib::Absolutepath]`
 
+
+
+Default value: `$zabbix::params::server_socketdir`
+
+##### <a name="-zabbix--server--hanodename"></a>`hanodename`
+
+Data type: `Optional[String[1]]`
+
+Node name identifier in HA setup
+
+Default value: `$zabbix::params::server_hanodename`
+
+##### <a name="-zabbix--server--nodeaddress"></a>`nodeaddress`
+
+Data type: `Optional[String[1]]`
+
+Connection details to the HA node, used to check if zabbix-web can talk to zabbix server
 IPC socket directory.
 Directory to store IPC sockets used by internal Zabbix services.
 
-Default value: `$zabbix::params::server_socketdir`
+Default value: `$zabbix::params::server_nodeaddress`
 
 ### <a name="zabbix--userparameter"></a>`zabbix::userparameter`
 

manifests/params.pp

@@ -260,6 +260,7 @@
   $server_starttimers                       = '1'
   $server_starttrappers                     = '5'
   $server_startvmwarecollectors             = '0'
+  $server_statsallowedip                    = undef
   $server_timeout                           = '3'
   $server_database_tlsconnect               = undef
   $server_database_tlscafile                = undef
@@ -291,6 +292,8 @@
   $server_vmwarefrequency                   = '60'
   $server_vmwaretimeout                     = undef
   $server_socketdir                         = undef
+  $server_hanodename                        = undef
+  $server_nodeaddress                       = undef
 
   # Agent specific params
   $agent_allowroot                          = '0'
@@ -367,6 +370,7 @@
   $proxy_cachesize                          = '32M'
   $proxy_configfile_path                    = '/etc/zabbix/zabbix_proxy.conf'
   $proxy_configfrequency                    = '3600'
+  $proxy_proxyconfigfrequency               = undef
   $proxy_database_host                      = 'localhost'
   $proxy_database_name                      = 'zabbix_proxy'
   $proxy_database_password                  = 'zabbix-proxy'
@@ -425,6 +429,7 @@
   $proxy_startpreprocessors                 = 3
   $proxy_starttrappers                      = '5'
   $proxy_startvmwarecollectors              = '0'
+  $proxy_statsallowedip                     = undef
   $proxy_timeout                            = '3'
   $proxy_database_tlsconnect                = undef
   $proxy_database_tlscafile                 = undef

manifests/proxy.pp

@@ -59,6 +59,7 @@
 # @param offlinebuffer Proxy will keep data for N hours in case if no connectivity with Zabbix Server
 # @param heartbeatfrequency Unique nodeid in distributed setup.
 # @param configfrequency How often proxy retrieves configuration data from Zabbix Server in seconds.
+# @param proxyconfigfrequency How often proxy retrieves configuration data from Zabbix Server in seconds (Zabbix 6.4).
 # @param datasenderfrequency Proxy will send collected data to the Server every N seconds.
 # @param startpollers Number of pre-forked instances of pollers.
 # @param startpreprocessors Number of pre-forked instances of preprocessing workers
@@ -130,6 +131,7 @@
 # @param fpinglocation Location of fping.
 # @param fping6location Location of fping6.
 # @param sshkeylocation Location of public and private keys for ssh checks and actions.
+# @param statsallowedip list of allowed ipadresses that can access the internal stats of zabbix proxy over network
 # @param sslcalocation_dir Location of certificate authority (CA) files for SSL server certificate verification.
 # @param sslcertlocation_dir Location of SSL client certificate files for client authentication.
 # @param sslkeylocation_dir Location of SSL private key files for client authentication.
@@ -235,6 +237,7 @@
   $offlinebuffer                                                              = $zabbix::params::proxy_offlinebuffer,
   $heartbeatfrequency                                                         = $zabbix::params::proxy_heartbeatfrequency,
   $configfrequency                                                            = $zabbix::params::proxy_configfrequency,
+  Optional[Integer[1,604800]] $proxyconfigfrequency                           = $zabbix::params::proxy_proxyconfigfrequency,
   $datasenderfrequency                                                        = $zabbix::params::proxy_datasenderfrequency,
   $startpollers                                                               = $zabbix::params::proxy_startpollers,
   $startipmipollers                                                           = $zabbix::params::proxy_startipmipollers,
@@ -290,6 +293,7 @@
   $fpinglocation                                                              = $zabbix::params::proxy_fpinglocation,
   $fping6location                                                             = $zabbix::params::proxy_fping6location,
   $sshkeylocation                                                             = $zabbix::params::proxy_sshkeylocation,
+  Optional[String[1]] $statsallowedip                                         = $zabbix::params::proxy_statsallowedip,
   $logslowqueries                                                             = $zabbix::params::proxy_logslowqueries,
   $tmpdir                                                                     = $zabbix::params::proxy_tmpdir,
   $allowroot                                                                  = $zabbix::params::proxy_allowroot,

manifests/server.pp

@@ -131,6 +131,7 @@
 # @param proxydatafrequency How often zabbix server requests history data from a zabbix proxy in seconds.
 # @param allowroot Allow the server to run as 'root'.
 # @param include_dir You may include individual files or all files in a directory in the configuration file.
+# @param statsallowedip list of allowed ipadresses that can access the internal stats of zabbix server over network
 # @param loadmodulepath Full path to location of server modules.
 # @param loadmodule Module to load at server startup.
 # @param sslcertlocation_dir Location of SSL client certificate files for client authentication.
@@ -140,6 +141,8 @@
 # @param zabbix_user User the zabbix service will run as.
 # @param manage_startup_script If the init script should be managed by this module. Attention: This might cause problems with some config options of this module (e.g server_configfile_path)
 # @param socketdir
+# @param hanodename Node name identifier in HA setup
+# @param nodeaddress Connection details to the HA node, used to check if zabbix-web can talk to zabbix server
 #   IPC socket directory.
 #   Directory to store IPC sockets used by internal Zabbix services.
 # @example
@@ -268,12 +271,15 @@
   $loadmodule                                                                 = $zabbix::params::server_loadmodule,
   $sslcertlocation_dir                                                        = $zabbix::params::server_sslcertlocation,
   $sslkeylocation_dir                                                         = $zabbix::params::server_sslkeylocation,
+  Optional[String[1]] $statsallowedip                                         = $zabbix::params::server_statsallowedip,
   Boolean $manage_selinux                                                     = $zabbix::params::manage_selinux,
   String $additional_service_params                                           = $zabbix::params::additional_service_params,
   Optional[String[1]] $zabbix_user                                            = $zabbix::params::server_zabbix_user,
   Boolean $manage_startup_script                                              = $zabbix::params::manage_startup_script,
   Optional[Stdlib::Absolutepath] $socketdir                                   = $zabbix::params::server_socketdir,
   Optional[Stdlib::HTTPUrl] $webserviceurl                                    = undef,
+  Optional[String[1]] $hanodename                                             = $zabbix::params::server_hanodename,
+  Optional[String[1]] $nodeaddress                                            = $zabbix::params::server_nodeaddress,
 ) inherits zabbix::params {
   # zabbix server 5.2, 5.4 and 6.0 is not supported on RHEL 7.
   # https://www.zabbix.com/documentation/current/manual/installation/install_from_packages/rhel_centos

spec/classes/web_spec.rb

@@ -195,7 +195,7 @@ class { 'apache':
 
         it { is_expected.to contain_apache__vhost('zabbix.example.com').with_name('zabbix.example.com') }
 
-        context 'with database_* settings' do
+        context 'with database_* settings and zabbix_version 6.0' do
           let :params do
             super().merge(
               database_host: 'localhost',
@@ -209,6 +209,27 @@ class { 'apache':
             )
           end
 
+          it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['SERVER'\]   = 'localhost'}) }
+          it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['DATABASE'\] = 'zabbix-server'}) }
+          it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['USER'\]     = 'zabbix-server'}) }
+          it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['PASSWORD'\] = 'zabbix-server'}) }
+          it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$ZBX_SERVER_NAME = 'localhost'}) }
+        end
+
+        context 'with database_* settings and zabbix_version 5.0' do
+          let :params do
+            super().merge(
+              database_host: 'localhost',
+              database_name: 'zabbix-server',
+              database_user: 'zabbix-server',
+              database_password: 'zabbix-server',
+              zabbix_server: 'localhost',
+              zabbix_listenport: '3306',
+              zabbix_server_name: 'localhost',
+              zabbix_version: '5.0'
+            )
+          end
+
           it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['SERVER'\]   = 'localhost'}) }
           it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['DATABASE'\] = 'zabbix-server'}) }
           it { is_expected.to contain_file('/etc/zabbix/web/zabbix.conf.php').with_content(%r{^\$DB\['USER'\]     = 'zabbix-server'}) }

templates/web/zabbix.conf.php.erb

@@ -26,8 +26,10 @@ $DB['SCHEMA'] = '';
 $DB['DOUBLE_IEEE754'] = 'true';
 <% end -%>
 
+<% if @zabbix_version.to_f < 6.0 -%>
 $ZBX_SERVER      = '<%= @zabbix_server %>';
 $ZBX_SERVER_PORT = '<%= @zabbix_listenport %>';
+<% end -%>
 $ZBX_SERVER_NAME = '<%= @zabbix_server_name %>';
 
 $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;

templates/zabbix_proxy.conf.erb

@@ -17,11 +17,13 @@ ProxyMode=<%= @mode %>
 #
 Server=<%= @zabbix_server_host %>
 
+<% if @zabbix_version.to_f < 6.0 %>
 ### Option: ServerPort
 #	Port of Zabbix trapper on Zabbix server.
 #	For a proxy in the passive mode this parameter will be ignored.
 #
 ServerPort=<%= @zabbix_server_port %>
+<% end %>
 
 ### Option: Hostname
 #	Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
@@ -162,6 +164,7 @@ ProxyLocalBuffer=<%= @localbuffer %>
 #
 ProxyOfflineBuffer=<%= @offlinebuffer %>
 
+<% if @zabbix_version.to_f < 6.4 %>
 ### Option: HeartbeatFrequency
 #	Frequency of heartbeat messages in seconds.
 #	Used for monitoring availability of Proxy on server side.
@@ -175,6 +178,19 @@ HeartbeatFrequency=<%= @heartbeatfrequency %>
 #	For a proxy in the passive mode this parameter will be ignored.
 #
 ConfigFrequency=<%= @configfrequency %>
+<% end %>
+
+<% if @zabbix_version.to_f >= 6.4 %>
+### Option: ProxyConfigFrequency
+#	How often proxy retrieves configuration data from Zabbix Server in seconds.
+#	For a proxy in the passive mode this parameter will be ignored.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ProxyConfigFrequency=10
+<% if @proxyconfigfrequency %>ProxyConfigFrequency=<%= @proxyconfigfrequency %><% end %>
+<% end %>
 
 ### Option: DataSenderFrequency
 #	Proxy will send collected data to the Server every N seconds.
@@ -457,6 +473,20 @@ LoadModulePath=<%= @loadmodulepath %>
 #
 <% if @loadmodule %>LoadModule=<%= @loadmodule %><% end %>
 
+### Option: StatsAllowedIP
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
+#	Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
+#	will be accepted.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: no
+# Default:
+# StatsAllowedIP=
+<% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %>
+
 ####### TLS-RELATED PARAMETERS #######
 
 ### Option: TLSConnect

templates/zabbix_server.conf.erb

@@ -447,6 +447,20 @@ SSLKeyLocation=<%= @sslkeylocation_dir %>
 #
 <% if @sslcalocation_dir %>SSLCALocation=<%= @sslcalocation_dir %><% end %>
 
+### Option: StatsAllowedIP
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
+#	Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
+#	will be accepted.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: no
+# Default:
+# StatsAllowedIP=
+<% if @statsallowedip %>StatsAllowedIP=<%= @statsallowedip %><% end %>
+
 ####### LOADABLE MODULES #######
 
 ### Option: LoadModulePath
@@ -676,3 +690,29 @@ LoadModulePath=<%= @loadmodulepath %>
 # WebServiceURL=
 <% if @webserviceurl %>WebServiceURL=<%= @webserviceurl -%><% end %>
 <% end %>
+
+<% if @zabbix_version.to_f >= 6.0 %>
+####### High availability cluster parameters #######
+
+## Option: HANodeName
+#	The high availability cluster node name.
+#	When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to.
+#
+# Mandatory: no
+# Default: 
+# HANodeName=
+<% if @hanodename %>HANodeName=<%= @hanodename -%><% end %>
+
+## Option: NodeAddress
+#	IP or hostname with optional port to specify how frontend should connect to the server.
+#	Format: <address>[:<port>]
+#
+#	If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used.
+#	If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used.
+#	This option can be overridden by address specified in frontend configuration.
+#
+# Mandatory: no
+# Default: 
+# NodeAddress=localhost:10051
+<% if @nodeaddress %>NodeAddress=<%= @nodeaddress -%><% end %>
+<% end %>