Browse Source

zabbix: add proper ubus acl for zabbix-extra-wifi

This allow to run zabbix as non root
Thanks to Adrian Kirchner (@adriankirchner)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
lilik-openwrt-22.03
Etienne Champetier 6 years ago
parent
commit
1afcc61601
3 changed files with 18 additions and 2 deletions
  1. +10
    -1
      admin/zabbix/Makefile
  2. +0
    -1
      admin/zabbix/files/wifi
  3. +8
    -0
      admin/zabbix/files/zabbix-wifi-ubus-acl.json

+ 10
- 1
admin/zabbix/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix PKG_NAME:=zabbix
PKG_VERSION:=3.4.14 PKG_VERSION:=3.4.14
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=7443873cc970672d3c884230d3aeb082f2d8afcc2b757506c2d684ffdd12d77e PKG_HASH:=7443873cc970672d3c884230d3aeb082f2d8afcc2b757506c2d684ffdd12d77e
@ -233,6 +233,15 @@ endef
define Package/zabbix-extra-wifi/install define Package/zabbix-extra-wifi/install
$(call Package/zabbix/install/zabbix.conf.d,$(1),wifi) $(call Package/zabbix/install/zabbix.conf.d,$(1),wifi)
$(INSTALL_DIR) $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/zabbix-wifi-ubus-acl.json $(1)/usr/share/acl.d/zabbix-wifi.json
endef
define Package/zabbix-extra-wifi/postinst
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
killall -HUP ubusd
fi
endef endef
define Package/zabbix-sender/install define Package/zabbix-sender/install


+ 0
- 1
admin/zabbix/files/wifi View File

@ -2,7 +2,6 @@
# wifi interface discovery # wifi interface discovery
# example: {"data":[{"{#IF}":"wlan0", "{#MODE}":"ap", "{#SSID}":"Openwrt", "{#NET}":"lan", "{#DEV}":"radio0", "{#ENC}":"psk2+ccmp", "{#TYPE}":"mac80211", "{#HWMODE}":"11ng", "{#CHANNEL}":"11", "{#BSSID}":"xx:xx:xx:xx:xx:xx"}]} # example: {"data":[{"{#IF}":"wlan0", "{#MODE}":"ap", "{#SSID}":"Openwrt", "{#NET}":"lan", "{#DEV}":"radio0", "{#ENC}":"psk2+ccmp", "{#TYPE}":"mac80211", "{#HWMODE}":"11ng", "{#CHANNEL}":"11", "{#BSSID}":"xx:xx:xx:xx:xx:xx"}]}
# ubus call only work as root so you need to run zabbix as root to use wifi.ifdiscovery
UserParameter=wifi.ifdiscovery, lua -l ubus -l iwinfo -e 'u=ubus.connect();list="{\"data\":[";stat=u:call("network.wireless", "status", {});for dev, dev_table in pairs(stat) do for i, iface in pairs(dev_table["interfaces"]) do c=iface["config"];i=iface["ifname"];t=iwinfo.type(i);iw=iwinfo[t];e = iw.encryption(i);e = e and e.description or "None";n = table.concat(c["network"]," ");list=list.."{\"{#IF}\":\""..i.."\", \"{#MODE}\":\""..iw.mode(i).."\", \"{#SSID}\":\""..c["ssid"].."\", \"{#NET}\":\""..n.."\", \"{#DEV}\":\""..dev.."\", \"{#ENC}\":\""..e.."\", \"{#TYPE}\":\""..t.."\", \"{#HWMODE}\":\"".."?".."\", \"{#CHANNEL}\":\""..iw.channel(i).."\", \"{#BSSID}\":\""..iw.bssid(i).."\"},";end;end;list=string.gsub(list,",$","");print(list.."]}")' UserParameter=wifi.ifdiscovery, lua -l ubus -l iwinfo -e 'u=ubus.connect();list="{\"data\":[";stat=u:call("network.wireless", "status", {});for dev, dev_table in pairs(stat) do for i, iface in pairs(dev_table["interfaces"]) do c=iface["config"];i=iface["ifname"];t=iwinfo.type(i);iw=iwinfo[t];e = iw.encryption(i);e = e and e.description or "None";n = table.concat(c["network"]," ");list=list.."{\"{#IF}\":\""..i.."\", \"{#MODE}\":\""..iw.mode(i).."\", \"{#SSID}\":\""..c["ssid"].."\", \"{#NET}\":\""..n.."\", \"{#DEV}\":\""..dev.."\", \"{#ENC}\":\""..e.."\", \"{#TYPE}\":\""..t.."\", \"{#HWMODE}\":\"".."?".."\", \"{#CHANNEL}\":\""..iw.channel(i).."\", \"{#BSSID}\":\""..iw.bssid(i).."\"},";end;end;list=string.gsub(list,",$","");print(list.."]}")'


+ 8
- 0
admin/zabbix/files/zabbix-wifi-ubus-acl.json View File

@ -0,0 +1,8 @@
{
"user": "zabbix",
"access": {
"network.wireless": {
"methods": [ "status" ]
}
}
}

Loading…
Cancel
Save