[linux-morello-distros] [meta-morello-distro][PATCH 07/27] zabbix-morello: initial commit

10 May 2024

Co-authored-by: Harrison Carter hcarter@thegoodpenguin.co.uk
Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
---
 .../0000-net-fix-provenance-error.patch       |   35 +
 ...000-sysinfo-fix-build-with-musl-libc.patch |   32 +
 ...emalloc-align-and-work-with-16-not-8.patch |  168 ++
 ...002-duktape-set-shift-to-5-for-CHERI.patch |   55 +
 .../0003-duktape-add-aling-to-16.patch        |  121 ++
 ...ed-use-padding-of-16-not-8-for-alloc.patch |   85 +
 .../0005-embed-fix-alignment-issues.patch     |   93 ++
 ...6-duk_config-use-debug-and-self-test.patch |   46 +
 .../0007-duktape-fix-stack-reallocation.patch |   64 +
 recipes-connectivity/zabbix/files/COPYING     |  341 ++++
 .../files/zabbix-agentd-morello.service       |   15 +
 .../zabbix/files/zabbix-agentd.conf           |  536 ++++++
 .../zabbix/files/zabbix-proxy.conf            | 1461 +++++++++++++++++
 .../zabbix/files/zabbix-proxy.service         |   15 +
 .../files/zabbix-server-morello.service       |   20 +
 .../zabbix/files/zabbix-server.conf           |  990 +++++++++++
 .../zabbix/files/zabbix.conf.php              |   59 +
 .../zabbix/zabbix-agentd-morello_5.0.38.bb    |   52 +
 .../zabbix/zabbix-frontend_5.0.38.bb          |   24 +
 .../zabbix/zabbix-morello.inc                 |  103 ++
 .../zabbix/zabbix-proxy-morello_5.0.38.bb     |   65 +
 .../zabbix/zabbix-server-morello_5.0.38.bb    |   71 +
 22 files changed, 4451 insertions(+)
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0000-net-fix-provenance-error.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0000-sysinfo-fix-build-with-musl-libc.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0001-memalloc-align-and-work-with-16-not-8.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0002-duktape-set-shift-to-5-for-CHERI.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0003-duktape-add-aling-to-16.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0004-embed-use-padding-of-16-not-8-for-alloc.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0005-embed-fix-alignment-issues.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0006-duk_config-use-debug-and-self-test.patch
 create mode 100644 recipes-connectivity/zabbix/cheri-patches/0007-duktape-fix-stack-reallocation.patch
 create mode 100644 recipes-connectivity/zabbix/files/COPYING
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-agentd-morello.service
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-agentd.conf
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-proxy.conf
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-proxy.service
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-server-morello.service
 create mode 100644 recipes-connectivity/zabbix/files/zabbix-server.conf
 create mode 100644 recipes-connectivity/zabbix/files/zabbix.conf.php
 create mode 100644 recipes-connectivity/zabbix/zabbix-agentd-morello_5.0.38.bb
 create mode 100644 recipes-connectivity/zabbix/zabbix-frontend_5.0.38.bb
 create mode 100644 recipes-connectivity/zabbix/zabbix-morello.inc
 create mode 100644 recipes-connectivity/zabbix/zabbix-proxy-morello_5.0.38.bb
 create mode 100644 recipes-connectivity/zabbix/zabbix-server-morello_5.0.38.bb

diff --git a/recipes-connectivity/zabbix/cheri-patches/0000-net-fix-provenance-error.patch b/recipes-connectivity/zabbix/cheri-patches/0000-net-fix-provenance-error.patch
new file mode 100644
index 0000000..844484a
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0000-net-fix-provenance-error.patch
@@ -0,0 +1,35 @@
+From 79323bc3b45a0fb67168dd91dc1cc72e200e7392 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Fri, 7 Jul 2023 17:10:02 +0100
+Subject: [PATCH 4/4] net: fix provenance error
+
+Socket expects an int, just cast the NULL to an int.
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxsysinfo/linux/net.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libs/zbxsysinfo/linux/net.c b/src/libs/zbxsysinfo/linux/net.c
+index 9e9fe73..55e2986 100644
+--- a/src/libs/zbxsysinfo/linux/net.c
++++ b/src/libs/zbxsysinfo/linux/net.c
+@@ -112,13 +112,13 @@ static int	find_tcp_port_by_state_nl(unsigned short port, int state, int *found)
+ 
+ 	struct sockaddr_nl	s_sa = { AF_NETLINK, 0, 0, 0 };
+ 	struct iovec		s_io[1] = { { &request, sizeof(request) } };
+-	struct msghdr		s_msg = { (void *)&s_sa, sizeof(struct sockaddr_nl), s_io, 1, NULL, 0, 0};
++	struct msghdr		s_msg = { (void *)&s_sa, sizeof(struct sockaddr_nl), s_io, 1, (int)NULL, 0, 0};
+ 
+ 	char			buffer[BUFSIZ] = { 0 };
+ 
+ 	struct sockaddr_nl	r_sa = { AF_NETLINK, 0, 0, 0 };
+ 	struct iovec		r_io[1] = { { buffer, BUFSIZ } };
+-	struct msghdr		r_msg = { (void *)&r_sa, sizeof(struct sockaddr_nl), r_io, 1, NULL, 0, 0};
++	struct msghdr		r_msg = { (void *)&r_sa, sizeof(struct sockaddr_nl), r_io, 1, (int)NULL, 0, 0};
+ 
+ 	struct nlmsghdr		*r_hdr;
+ 
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0000-sysinfo-fix-build-with-musl-libc.patch b/recipes-connectivity/zabbix/cheri-patches/0000-sysinfo-fix-build-with-musl-libc.patch
new file mode 100644
index 0000000..e0ba5e2
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0000-sysinfo-fix-build-with-musl-libc.patch
@@ -0,0 +1,32 @@
+From d35e95600ee80e4c526a7ed1ab6bbda2bc0c8427 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Fri, 7 Jul 2023 15:21:23 +0100
+Subject: [PATCH 1/4] sysinfo: fix build with musl libc
+
+If we use <sys/sysinfo.h> and a musl libc we will get
+redefinition error of the sysinfo struct due to <linux/kernel.h>
+
+Include <linux/const.h> and <linux/types.h> directly instead.
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ include/sysinc.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/sysinc.h b/include/sysinc.h
+index 1400ca8..f34356d 100644
+--- a/include/sysinc.h
++++ b/include/sysinc.h
+@@ -131,7 +131,8 @@
+ #endif
+ 
+ #ifdef HAVE_LINUX_KERNEL_H
+-#	include <linux/kernel.h>
++#	include <linux/const.h>
++#   include <linux/types.h>
+ #endif
+ 
+ #ifdef HAVE_ARPA_NAMESER_H
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0001-memalloc-align-and-work-with-16-not-8.patch b/recipes-connectivity/zabbix/cheri-patches/0001-memalloc-align-and-work-with-16-not-8.patch
new file mode 100644
index 0000000..9740767
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0001-memalloc-align-and-work-with-16-not-8.patch
@@ -0,0 +1,168 @@
+From ff061121e98773c7e144e884bf1f8fa96c5dd0a7 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Mon, 13 Nov 2023 12:11:16 +0000
+Subject: [PATCH 1/7] memalloc: align and work with 16, not 8
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ include/memalloc.h            |  2 +-
+ src/libs/zbxmemory/memalloc.c | 42 ++++++++++++++++++++++-------------
+ 2 files changed, 28 insertions(+), 16 deletions(-)
+
+diff --git a/include/memalloc.h b/include/memalloc.h
+index 858c509..f449cd1 100644
+--- a/include/memalloc.h
++++ b/include/memalloc.h
+@@ -23,7 +23,7 @@
+ #include "common.h"
+ #include "mutexs.h"
+ 
+-#define MEM_MIN_ALLOC	24	/* should be a multiple of 8 and at least (2 * ZBX_PTR_SIZE) */
++#define MEM_MIN_ALLOC	(3*ZBX_PTR_SIZE)	/* should be a multiple of 8 and at least (2 * ZBX_PTR_SIZE) */
+ 
+ #define MEM_MIN_BUCKET_SIZE	MEM_MIN_ALLOC
+ #define MEM_MAX_BUCKET_SIZE	256 /* starting from this size all free chunks are put into the same bucket */
+diff --git a/src/libs/zbxmemory/memalloc.c b/src/libs/zbxmemory/memalloc.c
+index f3d9618..1d88dfd 100644
+--- a/src/libs/zbxmemory/memalloc.c
++++ b/src/libs/zbxmemory/memalloc.c
+@@ -92,6 +92,7 @@
+ 
+ static void	*ALIGN4(void *ptr);
+ static void	*ALIGN8(void *ptr);
++static void	*ALIGN16(void *ptr);
+ static void	*ALIGNPTR(void *ptr);
+ 
+ static zbx_uint64_t	mem_proper_alloc_size(zbx_uint64_t size);
+@@ -114,7 +115,7 @@ static void	*__mem_malloc(zbx_mem_info_t *info, zbx_uint64_t size);
+ static void	*__mem_realloc(zbx_mem_info_t *info, void *old, zbx_uint64_t size);
+ static void	__mem_free(zbx_mem_info_t *info, void *ptr);
+ 
+-#define MEM_SIZE_FIELD		sizeof(zbx_uint64_t)
++#define MEM_SIZE_FIELD		(ZBX_PTR_SIZE)
+ 
+ #define MEM_FLG_USED		((__UINT64_C(1))<<63)
+ 
+@@ -136,19 +137,30 @@ static void	*ALIGN8(void *ptr)
+ 	return (void *)((uintptr_t)((char *)ptr + 7) & (uintptr_t)~7);
+ }
+ 
++static void	*ALIGN16(void *ptr)
++{
++#if __has_builtin(__builtin_align_up)
++	return __builtin_align_up(ptr, 16);
++#else
++	return (void *)((uintptr_t)((char *)ptr + 15) & (uintptr_t)~15);
++#endif
++}
++
+ static void	*ALIGNPTR(void *ptr)
+ {
+ 	if (4 == ZBX_PTR_SIZE)
+ 		return ALIGN4(ptr);
+ 	if (8 == ZBX_PTR_SIZE)
+ 		return ALIGN8(ptr);
++	if (16 == ZBX_PTR_SIZE)
++		return ALIGN16(ptr);
+ 	assert(0);
+ }
+ 
+ static zbx_uint64_t	mem_proper_alloc_size(zbx_uint64_t size)
+ {
+ 	if (size >= MEM_MIN_ALLOC)
+-		return size + ((8 - (size & 7)) & 7);	/* allocate in multiples of 8... */
++		return size + ((16 - (size & 15)) & 15);	/* allocate in multiples of 16... */
+ 	else
+ 		return MEM_MIN_ALLOC;			/* ...and at least MEM_MIN_ALLOC */
+ }
+@@ -158,7 +170,7 @@ static int	mem_bucket_by_size(zbx_uint64_t size)
+ 	if (size < MEM_MIN_BUCKET_SIZE)
+ 		return 0;
+ 	if (size < MEM_MAX_BUCKET_SIZE)
+-		return (size - MEM_MIN_BUCKET_SIZE) >> 3;
++		return (size - MEM_MIN_BUCKET_SIZE) >> 4;
+ 	return MEM_BUCKET_COUNT - 1;
+ }
+ 
+@@ -196,7 +208,7 @@ static void	mem_set_next_chunk(void *chunk, void *next)
+ 
+ static void	**mem_ptr_to_prev_field(void *chunk)
+ {
+-	return (NULL != chunk ? (void **)((char *)chunk + MEM_SIZE_FIELD) : NULL);
++	return (NULL != chunk ? (void **)((char *)chunk + MEM_SIZE_FIELD) : (uintptr_t)NULL);
+ }
+ 
+ static void	**mem_ptr_to_next_field(void *chunk, void **first_chunk)
+@@ -545,9 +557,9 @@ int	zbx_mem_create(zbx_mem_info_t **info, zbx_uint64_t size, const char *descr,
+ 
+ 	/* allocate shared memory */
+ 
+-	if (4 != ZBX_PTR_SIZE && 8 != ZBX_PTR_SIZE)
++	if (4 != ZBX_PTR_SIZE && 8 != ZBX_PTR_SIZE && 16 != ZBX_PTR_SIZE)
+ 	{
+-		*error = zbx_dsprintf(*error, "failed assumption about pointer size (" ZBX_FS_SIZE_T " not in {4, 8})",
++		*error = zbx_dsprintf(*error, "failed assumption about pointer size (" ZBX_FS_SIZE_T " not in {4, 8, 16})",
+ 				(zbx_fs_size_t)ZBX_PTR_SIZE);
+ 		goto out;
+ 	}
+@@ -579,7 +591,7 @@ int	zbx_mem_create(zbx_mem_info_t **info, zbx_uint64_t size, const char *descr,
+ 
+ 	/* allocate zbx_mem_info_t structure, its buckets, and description inside shared memory */
+ 
+-	*info = (zbx_mem_info_t *)ALIGN8(base);
++	*info = (zbx_mem_info_t *)ALIGN16(base);
+ 	(*info)->shm_id = shm_id;
+ 	(*info)->orig_size = size;
+ 	size -= (char *)(*info + 1) - (char *)base;
+@@ -604,8 +616,8 @@ int	zbx_mem_create(zbx_mem_info_t **info, zbx_uint64_t size, const char *descr,
+ 	(*info)->allow_oom = allow_oom;
+ 
+ 	/* prepare shared memory for further allocation by creating one big chunk */
+-	(*info)->lo_bound = ALIGN8(base);
+-	(*info)->hi_bound = ALIGN8((char *)base + size - 8);
++	(*info)->lo_bound = ALIGN16(base);
++	(*info)->hi_bound = ALIGN16((char *)base + size - 16);
+ 
+ 	(*info)->total_size = (zbx_uint64_t)((char *)((*info)->hi_bound) - (char *)((*info)->lo_bound) -
+ 			2 * MEM_SIZE_FIELD);
+@@ -613,8 +625,8 @@ int	zbx_mem_create(zbx_mem_info_t **info, zbx_uint64_t size, const char *descr,
+ 	index = mem_bucket_by_size((*info)->total_size);
+ 	(*info)->buckets[index] = (*info)->lo_bound;
+ 	mem_set_chunk_size((*info)->buckets[index], (*info)->total_size);
+-	mem_set_prev_chunk((*info)->buckets[index], NULL);
+-	mem_set_next_chunk((*info)->buckets[index], NULL);
++	mem_set_prev_chunk((*info)->buckets[index], (void*)(uintptr_t)NULL);
++	mem_set_next_chunk((*info)->buckets[index], (void*)(uintptr_t)NULL);
+ 
+ 	(*info)->used_size = 0;
+ 	(*info)->free_size = (*info)->total_size;
+@@ -776,7 +788,7 @@ void	zbx_mem_dump_stats(int level, zbx_mem_info_t *info)
+ 			continue;
+ 
+ 		zabbix_log(level, "free chunks of size %2s %3d bytes: %8u", i == MEM_BUCKET_COUNT - 1 ? ">=" : "",
+-			MEM_MIN_BUCKET_SIZE + 8 * i, stats.chunks_num[i]);
++			MEM_MIN_BUCKET_SIZE + 16 * i, stats.chunks_num[i]);
+ 	}
+ 
+ 	zabbix_log(level, "min chunk size: %10llu bytes", (unsigned long long)stats.min_chunk_size);
+@@ -806,14 +818,14 @@ size_t	zbx_mem_required_size(int chunks_num, const char *descr, const char *para
+ 	/* that we will be able to get ourselves 'chunks_num' pieces of memory with a */
+ 	/* total size of 'size', given that we also have to store 'descr' and 'param'? */
+ 
+-	size += 7;					/* ensure we allocate enough to 8-align zbx_mem_info_t */
++	size += 15;					/* ensure we allocate enough to 16-align zbx_mem_info_t */
+ 	size += sizeof(zbx_mem_info_t);
+ 	size += ZBX_PTR_SIZE - 1;			/* ensure we allocate enough to align bucket pointers */
+ 	size += ZBX_PTR_SIZE * MEM_BUCKET_COUNT;
+ 	size += strlen(descr) + 1;
+ 	size += strlen(param) + 1;
+-	size += (MEM_SIZE_FIELD - 1) + 8;		/* ensure we allocate enough to align the first chunk */
+-	size += (MEM_SIZE_FIELD - 1) + 8;		/* ensure we allocate enough to align right size field */
++	size += (MEM_SIZE_FIELD - 1) + 16;		/* ensure we allocate enough to align the first chunk */
++	size += (MEM_SIZE_FIELD - 1) + 16;		/* ensure we allocate enough to align right size field */
+ 
+ 	size += (chunks_num - 1) * MEM_SIZE_FIELD * 2;	/* each additional chunk requires 16 bytes of overhead */
+ 	size += chunks_num * (MEM_MIN_ALLOC - 1);	/* each chunk has size of at least MEM_MIN_ALLOC bytes */
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0002-duktape-set-shift-to-5-for-CHERI.patch b/recipes-connectivity/zabbix/cheri-patches/0002-duktape-set-shift-to-5-for-CHERI.patch
new file mode 100644
index 0000000..8e479aa
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0002-duktape-set-shift-to-5-for-CHERI.patch
@@ -0,0 +1,55 @@
+From 564a236360252558b2ac360e30d5d141b8c8ed1a Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Tue, 28 Nov 2023 10:43:58 +0000
+Subject: [PATCH 2/7] duktape: set shift to 5 for CHERI
+
+The duk_tval struct is of size 5 now
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/duktape.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libs/zbxembed/duktape.c b/src/libs/zbxembed/duktape.c
+index da87cb0..e3b439f 100644
+--- a/src/libs/zbxembed/duktape.c
++++ b/src/libs/zbxembed/duktape.c
+@@ -51113,6 +51113,11 @@ duk_heap *duk_heap_alloc(duk_alloc_function alloc_func,
+ 	 * This will be optimized away in practice; unfortunately a
+ 	 * warning is generated on some compilers as a result.
+ 	 */
++#ifdef __CHERI_PURE_CAPABILITY__
++	if (sizeof(duk_tval) != 32) {
++		fatal_func(heap_udata, "sizeof(duk_tval) not 32, cannot use DUK_USE_EXEC_REGCONST_OPTIMIZE option");
++	}
++#else
+ #if defined(DUK_USE_PACKED_TVAL)
+ 	if (sizeof(duk_tval) != 8) {
+ #else
+@@ -51120,6 +51125,7 @@ duk_heap *duk_heap_alloc(duk_alloc_function alloc_func,
+ #endif
+ 		fatal_func(heap_udata, "sizeof(duk_tval) not 8 or 16, cannot use DUK_USE_EXEC_REGCONST_OPTIMIZE option");
+ 	}
++#endif
+ #endif /* DUK_USE_EXEC_REGCONST_OPTIMIZE */
+ 
+ 	/*
+@@ -79960,11 +79966,15 @@ DUK_LOCAL duk_bool_t duk__executor_handle_call(duk_hthread *thr, duk_idx_t idx,
+ #define DUK__RCBIT_B DUK_BC_REGCONST_B
+ #define DUK__RCBIT_C DUK_BC_REGCONST_C
+ #if defined(DUK_USE_EXEC_REGCONST_OPTIMIZE)
++#ifdef __CHERI_PURE_CAPABILITY__
++#define DUK__TVAL_SHIFT 5 /* sizeof(duk_tval) == 32 */
++#else
+ #if defined(DUK_USE_PACKED_TVAL)
+ #define DUK__TVAL_SHIFT 3 /* sizeof(duk_tval) == 8 */
+ #else
+ #define DUK__TVAL_SHIFT 4 /* sizeof(duk_tval) == 16; not always the case so also asserted for */
+ #endif
++#endif
+ #define DUK__SHIFT_A         (DUK_BC_SHIFT_A - DUK__TVAL_SHIFT)
+ #define DUK__SHIFT_B         (DUK_BC_SHIFT_B - DUK__TVAL_SHIFT)
+ #define DUK__SHIFT_C         (DUK_BC_SHIFT_C - DUK__TVAL_SHIFT)
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0003-duktape-add-aling-to-16.patch b/recipes-connectivity/zabbix/cheri-patches/0003-duktape-add-aling-to-16.patch
new file mode 100644
index 0000000..0a2169a
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0003-duktape-add-aling-to-16.patch
@@ -0,0 +1,121 @@
+From de0a642da6f8fe57f0174c6e11d3c75152869041 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Tue, 28 Nov 2023 14:02:26 +0000
+Subject: [PATCH 3/7] duktape: add aling to 16
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/duk_config.h |  4 +++-
+ src/libs/zbxembed/duktape.c    | 25 +++++++++++++++++++++++++
+ 2 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/src/libs/zbxembed/duk_config.h b/src/libs/zbxembed/duk_config.h
+index e172f6a..e336fa7 100644
+--- a/src/libs/zbxembed/duk_config.h
++++ b/src/libs/zbxembed/duk_config.h
+@@ -2590,6 +2590,8 @@ typedef struct duk_hthread duk_context;
+  *  compiler/architecture specific.
+  */
+ 
++#define DUK_USE_ALIGN_BY 16
++
+ /* If not forced, use safe default for alignment. */
+ #if !defined(DUK_USE_ALIGN_BY)
+ #define DUK_USE_ALIGN_BY 8
+@@ -2969,7 +2971,7 @@ typedef struct duk_hthread duk_context;
+ #undef DUK_USE_EXEC_PREFER_SIZE
+ #define DUK_USE_EXEC_REGCONST_OPTIMIZE
+ #undef DUK_USE_EXEC_TIMEOUT_CHECK
+-#undef DUK_USE_EXPLICIT_NULL_INIT
++#define DUK_USE_EXPLICIT_NULL_INIT
+ #undef DUK_USE_EXTSTR_FREE
+ #undef DUK_USE_EXTSTR_INTERN_CHECK
+ #undef DUK_USE_FASTINT
+diff --git a/src/libs/zbxembed/duktape.c b/src/libs/zbxembed/duktape.c
+index e3b439f..6611a6e 100644
+--- a/src/libs/zbxembed/duktape.c
++++ b/src/libs/zbxembed/duktape.c
+@@ -6933,6 +6933,8 @@ DUK_INTERNAL_DECL void duk_hobject_assert_valid(duk_hobject *h);
+ #define DUK_HOBJECT_E_FLAG_PADDING(e_sz) ((8 - (e_sz)) & 0x07)
+ #elif (DUK_USE_ALIGN_BY == 1)
+ #define DUK_HOBJECT_E_FLAG_PADDING(e_sz) 0
++#elif (DUK_USE_ALIGN_BY == 16)
++#define DUK_HOBJECT_E_FLAG_PADDING(e_sz) ((16 - (e_sz)) & 0xF)
+ #else
+ #error invalid DUK_USE_ALIGN_BY
+ #endif
+@@ -7242,6 +7244,8 @@ DUK_INTERNAL_DECL void duk_hobject_assert_valid(duk_hobject *h);
+ #define DUK_HOBJECT_ALIGN_TARGET 8
+ #elif (DUK_USE_ALIGN_BY == 1)
+ #define DUK_HOBJECT_ALIGN_TARGET 1
++#elif (DUK_USE_ALIGN_BY == 16)
++#define DUK_HOBJECT_ALIGN_TARGET 16
+ #else
+ #error invalid DUK_USE_ALIGN_BY
+ #endif
+@@ -8793,6 +8797,9 @@ struct duk_hbuffer {
+ #if (DUK_USE_ALIGN_BY == 8) && defined(DUK_USE_PACK_MSVC_PRAGMA)
+ #pragma pack(push, 8)
+ #endif
++#if (DUK_USE_ALIGN_BY == 16) && defined(DUK_USE_PACK_MSVC_PRAGMA)
++#pragma pack(push, 16)
++#endif
+ struct duk_hbuffer_fixed {
+ 	/* A union is used here as a portable struct size / alignment trick:
+ 	 * by adding a 32-bit or a 64-bit (unused) union member, the size of
+@@ -8813,9 +8820,15 @@ struct duk_hbuffer_fixed {
+ 		duk_uint32_t dummy_for_align4;
+ #elif (DUK_USE_ALIGN_BY == 8)
+ 		duk_double_t dummy_for_align8_1;
++#elif (DUK_USE_ALIGN_BY == 16)
++		duk_uint8_t dummy_for_align16_1[16];
+ #if defined(DUK_USE_64BIT_OPS)
++#if (DUK_USE_ALIGN_BY == 16)
++		duk_uint64_t dummy_for_align16_2[2];
++#else
+ 		duk_uint64_t dummy_for_align8_2;
+ #endif
++#endif
+ #elif (DUK_USE_ALIGN_BY == 1)
+ 		/* no extra padding */
+ #else
+@@ -8840,10 +8853,16 @@ struct duk_hbuffer_fixed {
+ __attribute__((aligned(8)))
+ #elif (DUK_USE_ALIGN_BY == 8) && defined(DUK_USE_PACK_CLANG_ATTR)
+ __attribute__((aligned(8)))
++#elif (DUK_USE_ALIGN_BY == 16) && defined(DUK_USE_PACK_GCC_ATTR)
++__attribute__((aligned(16)))
++#elif (DUK_USE_ALIGN_BY == 16) && defined(DUK_USE_PACK_CLANG_ATTR)
++__attribute__((aligned(16)))
+ #endif
+ ;
+ #if (DUK_USE_ALIGN_BY == 8) && defined(DUK_USE_PACK_MSVC_PRAGMA)
+ #pragma pack(pop)
++#elif (DUK_USE_ALIGN_BY == 16) && defined(DUK_USE_PACK_MSVC_PRAGMA)
++#pragma pack(pop)
+ #endif
+ 
+ /* Dynamic buffer with 'curr_alloc' pointing to a dynamic area allocated using
+@@ -65392,6 +65411,8 @@ DUK_INTERNAL void duk_hthread_create_builtin_objects(duk_hthread *thr) {
+ 	                "a8"
+ #elif (DUK_USE_ALIGN_BY == 1)
+ 	                "a1"
++#elif (DUK_USE_ALIGN_BY == 16)
++	                "a16"
+ #else
+ #error invalid DUK_USE_ALIGN_BY
+ #endif
+@@ -93466,6 +93487,10 @@ DUK_LOCAL duk_uint_t duk__selftest_struct_align(void) {
+ 	if ((sizeof(duk_hbuffer_fixed) % 8) != 0) {
+ 		DUK__FAILED("sizeof(duk_hbuffer_fixed) not aligned to 8");
+ 	}
++#elif (DUK_USE_ALIGN_BY == 16)
++	if ((sizeof(duk_hbuffer_fixed) % 16) != 0) {
++		DUK__FAILED("sizeof(duk_hbuffer_fixed) not aligned to 16");
++	}
+ #elif (DUK_USE_ALIGN_BY == 1)
+ 	/* no check */
+ #else
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0004-embed-use-padding-of-16-not-8-for-alloc.patch b/recipes-connectivity/zabbix/cheri-patches/0004-embed-use-padding-of-16-not-8-for-alloc.patch
new file mode 100644
index 0000000..873aa1e
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0004-embed-use-padding-of-16-not-8-for-alloc.patch
@@ -0,0 +1,85 @@
+From 309955f76bf0252ee73ca234d94d0419371d7e83 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Mon, 27 Nov 2023 10:32:37 +0000
+Subject: [PATCH 4/7] embed: use padding of 16 not 8 for allocators
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/embed.c | 22 ++++++++++++----------
+ 1 file changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c
+index 0e1b349..23b0d47 100644
+--- a/src/libs/zbxembed/embed.c
++++ b/src/libs/zbxembed/embed.c
+@@ -28,8 +28,10 @@
+ 
+ #include "duktape.h"
+ 
+-#define ZBX_ES_MEMORY_LIMIT	(1024 * 1024 * 64)
+-#define ZBX_ES_STACK_LIMIT	1000
++#define ZBX_ES_MEMORY_LIMIT	(1024 * 1024 * 128)
++#define ZBX_ES_STACK_LIMIT	(1000*2)
++
++#define ZBX_ES_PAD			(16)
+ 
+ /* maximum number of consequent runtime errors after which it's treated as fatal error */
+ #define ZBX_ES_MAX_CONSEQUENT_RT_ERROR	3
+@@ -64,7 +66,7 @@ static void	*es_malloc(void *udata, duk_size_t size)
+ 	zbx_es_env_t	*env = (zbx_es_env_t *)udata;
+ 	uint64_t	*uptr;
+ 
+-	if (env->total_alloc + size + 8 > ZBX_ES_MEMORY_LIMIT)
++	if (env->total_alloc + size + ZBX_ES_PAD > ZBX_ES_MEMORY_LIMIT)
+ 	{
+ 		if (NULL == env->ctx)
+ 			env->error = zbx_strdup(env->error, "cannot allocate memory");
+@@ -72,8 +74,8 @@ static void	*es_malloc(void *udata, duk_size_t size)
+ 		return NULL;
+ 	}
+ 
+-	env->total_alloc += (size + 8);
+-	uptr = zbx_malloc(NULL, size + 8);
++	env->total_alloc += (size + ZBX_ES_PAD);
++	uptr = zbx_malloc(NULL, size + ZBX_ES_PAD);
+ 	*uptr++ = size;
+ 
+ 	return uptr;
+@@ -88,12 +90,12 @@ static void	*es_realloc(void *udata, void *ptr, duk_size_t size)
+ 	if (NULL != uptr)
+ 	{
+ 		--uptr;
+-		old_size = *uptr + 8;
++		old_size = *uptr + ZBX_ES_PAD;
+ 	}
+ 	else
+ 		old_size = 0;
+ 
+-	if (env->total_alloc + size + 8 - old_size > ZBX_ES_MEMORY_LIMIT)
++	if (env->total_alloc + size + ZBX_ES_PAD - old_size > ZBX_ES_MEMORY_LIMIT)
+ 	{
+ 		if (NULL == env->ctx)
+ 			env->error = zbx_strdup(env->error, "cannot allocate memory");
+@@ -101,8 +103,8 @@ static void	*es_realloc(void *udata, void *ptr, duk_size_t size)
+ 		return NULL;
+ 	}
+ 
+-	env->total_alloc += size + 8 - old_size;
+-	uptr = zbx_realloc(uptr, size + 8);
++	env->total_alloc += size + ZBX_ES_PAD - old_size;
++	uptr = zbx_realloc(uptr, size + ZBX_ES_PAD);
+ 	*uptr++ = size;
+ 
+ 	return uptr;
+@@ -115,7 +117,7 @@ static void	es_free(void *udata, void *ptr)
+ 
+ 	if (NULL != ptr)
+ 	{
+-		env->total_alloc -= (*(--uptr) + 8);
++		env->total_alloc -= (*(--uptr) + ZBX_ES_PAD);
+ 		zbx_free(uptr);
+ 	}
+ }
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0005-embed-fix-alignment-issues.patch b/recipes-connectivity/zabbix/cheri-patches/0005-embed-fix-alignment-issues.patch
new file mode 100644
index 0000000..36b8638
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0005-embed-fix-alignment-issues.patch
@@ -0,0 +1,93 @@
+From f6c3242099c8ee29ed5e9d9bfb0ee65661f5321f Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Tue, 28 Nov 2023 09:50:06 +0000
+Subject: [PATCH 5/7] embed: fix alignment issues
+
+The zabbix internal embed allocators will take a properly aligned
+pointer, cast it to u64 pointer store the allocated size in its
+first memory chunk and then use u64 pointer aritchmetic to increment the
+pointer. This is then returned as the base address for the allocated heap.
+
+In CHERI this means that the base adress of the memory area which is then
+interpreted as an address of a capability will be misalligned as
+mod 16 will not be zero. This can be fixed by using align/up down but
+preferably a data object should be created here with [.size, .pdata]
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/embed.c | 29 +++++++++++++++++++++++------
+ 1 file changed, 23 insertions(+), 6 deletions(-)
+
+diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c
+index 23b0d47..f4b3a22 100644
+--- a/src/libs/zbxembed/embed.c
++++ b/src/libs/zbxembed/embed.c
+@@ -39,6 +39,22 @@
+ #define ZBX_ES_SCRIPT_HEADER	"function(value){"
+ #define ZBX_ES_SCRIPT_FOOTER	"\n}"
+ 
++#if __has_builtin(__builtin_align_up)
++#define TYPEALIGN(ALIGNVAL,LEN)  \
++	(__builtin_align_up((LEN), ALIGNVAL))
++#else
++#define TYPEALIGN(ALIGNVAL,LEN)  \
++	(((uintptr_t) (LEN) + ((ALIGNVAL) - 1)) & ~((uintptr_t) ((ALIGNVAL) - 1)))
++#endif
++
++#if __has_builtin(__builtin_align_down)
++#define TYPEALIGN_DOWN(ALIGNVAL,LEN)  \
++	(__builtin_align_down((LEN), ALIGNVAL))
++#else
++#define TYPEALIGN_DOWN(ALIGNVAL,LEN) \
++	(((uintptr_t) (LEN)) & ~((uintptr_t) ((ALIGNVAL) - 1)))
++#endif
++
+ /******************************************************************************
+  *                                                                            *
+  * Function: es_handle_error                                                  *
+@@ -78,7 +94,7 @@ static void	*es_malloc(void *udata, duk_size_t size)
+ 	uptr = zbx_malloc(NULL, size + ZBX_ES_PAD);
+ 	*uptr++ = size;
+ 
+-	return uptr;
++	return TYPEALIGN(16,uptr);
+ }
+ 
+ static void	*es_realloc(void *udata, void *ptr, duk_size_t size)
+@@ -90,7 +106,7 @@ static void	*es_realloc(void *udata, void *ptr, duk_size_t size)
+ 	if (NULL != uptr)
+ 	{
+ 		--uptr;
+-		old_size = *uptr + ZBX_ES_PAD;
++		old_size = *TYPEALIGN_DOWN(16,uptr) + ZBX_ES_PAD;
+ 	}
+ 	else
+ 		old_size = 0;
+@@ -104,10 +120,10 @@ static void	*es_realloc(void *udata, void *ptr, duk_size_t size)
+ 	}
+ 
+ 	env->total_alloc += size + ZBX_ES_PAD - old_size;
+-	uptr = zbx_realloc(uptr, size + ZBX_ES_PAD);
++	uptr = zbx_realloc(TYPEALIGN_DOWN(16,uptr), size + ZBX_ES_PAD);
+ 	*uptr++ = size;
+ 
+-	return uptr;
++	return TYPEALIGN(16, uptr);
+ }
+ 
+ static void	es_free(void *udata, void *ptr)
+@@ -117,8 +133,9 @@ static void	es_free(void *udata, void *ptr)
+ 
+ 	if (NULL != ptr)
+ 	{
+-		env->total_alloc -= (*(--uptr) + ZBX_ES_PAD);
+-		zbx_free(uptr);
++		env->total_alloc -= (*(TYPEALIGN_DOWN(16,--uptr)) + ZBX_ES_PAD);
++		void * ptr_aligned = TYPEALIGN_DOWN(16,uptr);
++		zbx_free(ptr_aligned);
+ 	}
+ }
+ 
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0006-duk_config-use-debug-and-self-test.patch b/recipes-connectivity/zabbix/cheri-patches/0006-duk_config-use-debug-and-self-test.patch
new file mode 100644
index 0000000..1e3253e
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0006-duk_config-use-debug-and-self-test.patch
@@ -0,0 +1,46 @@
+From ce62aabf204b39cde2dae5e62a7ff0d5cc3236b8 Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Tue, 28 Nov 2023 08:18:20 +0000
+Subject: [PATCH 6/7] duk_config: use debug and self test
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/duk_config.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/libs/zbxembed/duk_config.h b/src/libs/zbxembed/duk_config.h
+index e336fa7..90e6b7a 100644
+--- a/src/libs/zbxembed/duk_config.h
++++ b/src/libs/zbxembed/duk_config.h
+@@ -2938,7 +2938,7 @@ typedef struct duk_hthread duk_context;
+ #undef DUK_USE_DATE_GET_NOW
+ #undef DUK_USE_DATE_PARSE_STRING
+ #undef DUK_USE_DATE_PRS_GETDATE
+-#undef DUK_USE_DEBUG
++#define DUK_USE_DEBUG
+ #undef DUK_USE_DEBUGGER_DUMPHEAP
+ #undef DUK_USE_DEBUGGER_INSPECT
+ #undef DUK_USE_DEBUGGER_PAUSE_UNCAUGHT
+@@ -2946,8 +2946,8 @@ typedef struct duk_hthread duk_context;
+ #define DUK_USE_DEBUGGER_THROW_NOTIFY
+ #undef DUK_USE_DEBUGGER_TRANSPORT_TORTURE
+ #define DUK_USE_DEBUG_BUFSIZE 65536L
+-#define DUK_USE_DEBUG_LEVEL 0
+-#undef DUK_USE_DEBUG_WRITE
++#define DUK_USE_DEBUG_LEVEL 1
++#define DUK_USE_DEBUG_WRITE
+ #define DUK_USE_DOUBLE_LINKED_HEAP
+ #define DUK_USE_DUKTAPE_BUILTIN
+ #define DUK_USE_ENCODING_BUILTINS
+@@ -3063,7 +3063,7 @@ typedef struct duk_hthread duk_context;
+ #define DUK_USE_ROM_PTRCOMP_FIRST 63488L
+ #undef DUK_USE_ROM_STRINGS
+ #define DUK_USE_SECTION_B
+-#undef DUK_USE_SELF_TESTS
++#define DUK_USE_SELF_TESTS
+ #define DUK_USE_SHEBANG_COMMENTS
+ #undef DUK_USE_SHUFFLE_TORTURE
+ #define DUK_USE_SOURCE_NONBMP
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/cheri-patches/0007-duktape-fix-stack-reallocation.patch b/recipes-connectivity/zabbix/cheri-patches/0007-duktape-fix-stack-reallocation.patch
new file mode 100644
index 0000000..da1d07f
--- /dev/null
+++ b/recipes-connectivity/zabbix/cheri-patches/0007-duktape-fix-stack-reallocation.patch
@@ -0,0 +1,64 @@
+From ca89c8d2ae32f4ecfbcfe5be59acfd6e1ecaf16e Mon Sep 17 00:00:00 2001
+From: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+Date: Tue, 28 Nov 2023 16:37:48 +0000
+Subject: [PATCH 7/7] duk_api_stack: fix stack reallocation
+
+The ptr_diff is taken between the post reallocation new_valstack pointer
+and pre-allocation thr->valstack pointer variables and then added to the
+old base pointer. This will not work in CHERI and is also not officialy
+supported by the C standard.
+
+Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk
+---
+ src/libs/zbxembed/duktape.c | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/src/libs/zbxembed/duktape.c b/src/libs/zbxembed/duktape.c
+index 6611a6e..425bf43 100644
+--- a/src/libs/zbxembed/duktape.c
++++ b/src/libs/zbxembed/duktape.c
+@@ -19380,7 +19380,10 @@ DUK_LOCAL DUK_COLD DUK_NOINLINE duk_bool_t duk__resize_valstack(duk_hthread *thr
+ 	duk_tval *pre_top;
+ 	duk_tval *pre_end;
+ 	duk_tval *pre_alloc_end;
+-	duk_ptrdiff_t ptr_diff;
++	duk_ptrdiff_t diff_bottom;
++	duk_ptrdiff_t diff_top;
++	duk_ptrdiff_t diff_end;
++	duk_ptrdiff_t diff_alloc_end;
+ 	duk_tval *new_valstack;
+ 	duk_size_t new_alloc_size;
+ 	duk_tval *tv_prev_alloc_end;
+@@ -19476,16 +19479,23 @@ DUK_LOCAL DUK_COLD DUK_NOINLINE duk_bool_t duk__resize_valstack(duk_hthread *thr
+ 	DUK_ASSERT(thr->valstack_alloc_end >= thr->valstack_end);
+ 
+ 	/* Write new pointers.  Most pointers can be handled as a pointer
+-	 * difference.
++	 * difference.
+ 	 */
+-	ptr_diff = (duk_ptrdiff_t) ((duk_uint8_t *) new_valstack - (duk_uint8_t *) thr->valstack);
+-	tv_prev_alloc_end = (duk_tval *) (void *) ((duk_uint8_t *) thr->valstack_alloc_end + ptr_diff);
++
++	diff_bottom = (duk_ptrdiff_t) ((duk_uint8_t *) thr->valstack_bottom - (duk_uint8_t *) thr->valstack);
++	diff_top = (duk_ptrdiff_t) ((duk_uint8_t *) thr->valstack_top - (duk_uint8_t *) thr->valstack);
++	diff_end = (duk_ptrdiff_t) ((duk_uint8_t *) thr->valstack_end - (duk_uint8_t *) thr->valstack);
++	diff_alloc_end = (duk_ptrdiff_t) ((duk_uint8_t *) thr->valstack_alloc_end - (duk_uint8_t *) thr->valstack);
++	tv_prev_alloc_end = (duk_tval *) (void *) ((duk_uint8_t *) new_valstack + diff_alloc_end);
++
+ 	thr->valstack = new_valstack;
+-	thr->valstack_bottom = (duk_tval *) (void *) ((duk_uint8_t *) thr->valstack_bottom + ptr_diff);
+-	thr->valstack_top = (duk_tval *) (void *) ((duk_uint8_t *) thr->valstack_top + ptr_diff);
+-	thr->valstack_end = (duk_tval *) (void *) ((duk_uint8_t *) thr->valstack_end + ptr_diff);
++
++	thr->valstack_bottom = (duk_tval *) (void *) ((duk_uint8_t *) new_valstack + diff_bottom);
++	thr->valstack_top = (duk_tval *) (void *) ((duk_uint8_t *) new_valstack + diff_top);
++	thr->valstack_end = (duk_tval *) (void *) ((duk_uint8_t *) new_valstack + diff_end);
+ 	thr->valstack_alloc_end = (duk_tval *) (void *) ((duk_uint8_t *) new_valstack + new_alloc_size);
+ 
++
+ 	/* Assertions: pointer sanity after pointer updates. */
+ 	DUK_ASSERT(thr->valstack_bottom >= thr->valstack);
+ 	DUK_ASSERT(thr->valstack_top >= thr->valstack_bottom);
+-- 
+2.34.1
+
diff --git a/recipes-connectivity/zabbix/files/COPYING b/recipes-connectivity/zabbix/files/COPYING
new file mode 100644
index 0000000..c1002d5
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/COPYING
@@ -0,0 +1,341 @@
+
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/recipes-connectivity/zabbix/files/zabbix-agentd-morello.service b/recipes-connectivity/zabbix/files/zabbix-agentd-morello.service
new file mode 100644
index 0000000..df38c1a
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-agentd-morello.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Zabbix Agent
+
+[Service]
+Environment="CONFFILE=%SYSCONFDIR%/zabbix/zabbix-agentd.conf"
+EnvironmentFile=-%SYSCONFDIR%/default/zabbix-agent
+Type=forking
+Restart=on-failure
+KillMode=control-group
+ExecStart=/bin/bash -c '%SBINDIR%/zabbix_agentd -c $CONFFILE'
+ExecStop=/bin/sh -c '[ -n "$1" ] && kill -s TERM "$1"' -- "$MAINPID"
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-connectivity/zabbix/files/zabbix-agentd.conf b/recipes-connectivity/zabbix/files/zabbix-agentd.conf
new file mode 100644
index 0000000..52dc1b3
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-agentd.conf
@@ -0,0 +1,536 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/tmp/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=system.run[*]
+#	1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server=127.0.0.1
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	Zabbix server/proxy address or cluster configuration to get active checks from.
+#	Server/proxy address is IP address or DNS name and optional port separated by colon.
+#	Cluster configuration is one or more server addresses separated by semicolon.
+#	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
+#	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
+#	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
+#	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example for Zabbix proxy:
+#		ServerActive=127.0.0.1:10051
+#	Example for multiple servers:
+#		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#	Example for high availability:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
+#	Example for high availability with two clusters and one server:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+# ServerActive=127.0.0.1
+
+### Option: Hostname
+#	List of comma delimited unique, case sensitive hostnames.
+#	Required for active checks and must match hostnames as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+# Hostname=localhost
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+User=%ZABBIX_USER_NAME%
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+### Option: UserParameterDir
+#	Directory to execute UserParameter commands from. Only one entry is allowed.
+#	When executing UserParameter commands the agent will change the working directory to the one
+#	specified in the UserParameterDir option.
+#	This way UserParameter commands can be specified using the relative ./ prefix.
+#
+# Mandatory: no
+# Default:
+# UserParameterDir=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
diff --git a/recipes-connectivity/zabbix/files/zabbix-proxy.conf b/recipes-connectivity/zabbix/files/zabbix-proxy.conf
new file mode 100644
index 0000000..b5bc0d5
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-proxy.conf
@@ -0,0 +1,1461 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.# This is a configuration file for Zabbix proxy daemon
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: ProxyMode
+#	Proxy operating mode.
+#	0 - proxy in the active mode
+#	1 - proxy in the passive mode
+#
+# Mandatory: no
+# Default:
+ProxyMode=0
+
+### Option: Server
+#	If ProxyMode is set to active mode:
+#		IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to.
+#		If port is not specified, default port is used.
+#		Cluster nodes need to be separated by semicolon.
+#	If ProxyMode is set to passive mode:
+#		List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
+#		Incoming connections will be accepted only from the addresses listed here.
+#		If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#		and '::/0' will allow any IPv4 or IPv6 address.
+#		'0.0.0.0/0' can be used to allow any IPv4 address.
+#		Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes
+# Default:
+# Server=
+
+Server=%ZABBIX_SERVER_IPS%
+
+### Option: Hostname
+#	Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined.
+#	Ignored if Hostname is defined.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: ListenPort
+#	Listen port for trapper.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10051
+ListenPort=161
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/tmp/zabbix_proxy.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: EnableRemoteCommands
+#		Whether remote commands from Zabbix server are allowed.
+#		0 - not allowed
+#		1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#		Enable logging of executed shell commands as warnings.
+#		0 - disabled
+#		1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_proxy.pid
+
+### Option: SocketDir
+#	IPC socket directory.
+#		Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+# SocketDir=/tmp
+
+### Option: DBHost
+#	Database host name.
+#	If set to localhost, socket is used for MySQL.
+#	If set to empty string, socket is used for PostgreSQL.
+#	If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
+#	the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
+#
+# Mandatory: no
+# Default:
+
+### Option: DBName
+#	Database name.
+#	For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
+#	If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
+#	the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
+#	empty string.
+#	Warning: do not attempt to use the same database Zabbix server is using.
+#
+# Mandatory: yes
+# Default:
+# DBName=
+
+DBName=%DB_ZABBIX_NAME%_proxy
+
+### Option: DBSchema
+#	Schema name. Used for PostgreSQL.
+#
+# Mandatory: no
+# Default:
+DBSchema=
+
+### Option: DBUser
+#	Database user. Ignored for SQLite.
+#
+# Default:
+# DBUser=
+
+DBUser=%DB_ZABBIX_USER_PROXY%
+
+### Option: DBPassword
+#	Database password. Ignored for SQLite.
+#	Comment this line if no password is used.
+#
+# Mandatory: no
+# Default:
+# DBPassword=
+DBPassword=%DB_ZABBIX_PASSWORD%
+
+### Option: DBSocket
+#	Path to MySQL socket.
+#
+# Mandatory: no
+# Default:
+# DBSocket=
+
+# Option: DBPort
+#	Database port when not using local socket. Ignored for SQLite.
+#	If the Net Service Name connection method is used to connect to Oracle database, the port number from the
+#	tnsnames.ora file will be used. The port number set here will be ignored.
+#
+# Mandatory: no
+# Default:
+# DBPort=
+
+### Option: AllowUnsupportedDBVersions
+#	Allow proxy to work with unsupported database versions.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowUnsupportedDBVersions=0
+
+######### PROXY SPECIFIC PARAMETERS #############
+
+### Option: ProxyLocalBuffer
+#	Proxy will keep data locally for N hours, even if the data have already been synced with the server.
+#	This parameter may be used if local data will be used by third party applications.
+#
+# Mandatory: no
+# Range: 0-720
+# Default:
+# ProxyLocalBuffer=0
+
+### Option: ProxyOfflineBuffer
+#	Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
+#	Older data will be lost.
+#
+# Mandatory: no
+# Range: 1-720
+# Default:
+# ProxyOfflineBuffer=1
+
+### Option: HeartbeatFrequency
+#	Frequency of heartbeat messages in seconds.
+#	Used for monitoring availability of Proxy on server side.
+#	0 - heartbeat messages disabled.
+#	For a proxy in the passive mode this parameter will be ignored.
+#
+# Mandatory: no
+# Range: 0-3600
+# Default:
+# HeartbeatFrequency=60
+
+### Option: ConfigFrequency
+#	How often proxy retrieves configuration data from Zabbix Server in seconds.
+#	For a proxy in the passive mode this parameter will be ignored.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ConfigFrequency=3600
+
+### Option: DataSenderFrequency
+#	Proxy will send collected data to the Server every N seconds.
+#	For a proxy in the passive mode this parameter will be ignored.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# DataSenderFrequency=1
+
+############ ADVANCED PARAMETERS ################
+
+### Option: StartPollers
+#	Number of pre-forked instances of pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollers=5
+
+### Option: StartIPMIPollers
+#	Number of pre-forked instances of IPMI pollers.
+#		The IPMI manager process is automatically started when at least one IPMI poller is started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartIPMIPollers=0
+
+### Option: StartPreprocessors
+#	Number of pre-forked instances of preprocessing workers.
+#		The preprocessing manager process is automatically started when preprocessor worker is started.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartPreprocessors=3
+
+### Option: StartPollersUnreachable
+#	Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
+#	At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
+#	are started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollersUnreachable=1
+
+### Option: StartHistoryPollers
+#	Number of pre-forked instances of history pollers.
+#	Only required for internal checks.
+#	A database connection is required for each history poller instance.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHistoryPollers=1
+
+### Option: StartTrappers
+#	Number of pre-forked instances of trappers.
+#	Trappers accept incoming connections from Zabbix sender and active agents.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartTrappers=5
+
+### Option: StartPingers
+#	Number of pre-forked instances of ICMP pingers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPingers=1
+
+### Option: StartDiscoverers
+#	Number of pre-forked instances of discoverers.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartDiscoverers=1
+
+### Option: StartHTTPPollers
+#	Number of pre-forked instances of HTTP pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPPollers=1
+
+### Option: JavaGateway
+#	IP address (or hostname) of Zabbix Java gateway.
+#	Only required if Java pollers are started.
+#
+# Mandatory: no
+# Default:
+# JavaGateway=
+
+### Option: JavaGatewayPort
+#	Port that Zabbix Java gateway listens on.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# JavaGatewayPort=10052
+
+### Option: StartJavaPollers
+#	Number of pre-forked instances of Java pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartJavaPollers=0
+
+### Option: StartVMwareCollectors
+#	Number of pre-forked vmware collector instances.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartVMwareCollectors=0
+
+### Option: VMwareFrequency
+#	How often Zabbix will connect to VMware service to obtain a new data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwareFrequency=60
+
+### Option: VMwarePerfFrequency
+#	How often Zabbix will connect to VMware service to obtain performance data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwarePerfFrequency=60
+
+### Option: VMwareCacheSize
+#	Size of VMware cache, in bytes.
+#	Shared memory size for storing VMware data.
+#	Only used if VMware collectors are started.
+#
+# Mandatory: no
+# Range: 256K-2G
+# Default:
+# VMwareCacheSize=8M
+
+### Option: VMwareTimeout
+#	Specifies how many seconds vmware collector waits for response from VMware service.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# VMwareTimeout=10
+
+### Option: SNMPTrapperFile
+#	Temporary file used for passing data from SNMP trap daemon to the proxy.
+#	Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
+#
+# Mandatory: no
+# Default:
+SNMPTrapperFile=/tmp/zabbix_traps.tmp
+
+### Option: StartSNMPTrapper
+#	If 1, SNMP trapper process is started.
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+StartSNMPTrapper=1
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the trapper should listen on.
+#	Trapper will listen on all network interfaces if this parameter is missing.
+#
+# Mandatory: no
+# Default:
+
+### Option: HousekeepingFrequency
+#	How often Zabbix will perform housekeeping procedure (in hours).
+#	Housekeeping is removing outdated information from the database.
+#	To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
+#	hours of outdated information are deleted in one housekeeping cycle.
+#	To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
+#	With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
+#	In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
+#	period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
+#
+# Mandatory: no
+# Range: 0-24
+# Default:
+# HousekeepingFrequency=1
+
+### Option: CacheSize
+#	Size of configuration cache, in bytes.
+#	Shared memory size, for storing hosts and items data.
+#
+# Mandatory: no
+# Range: 128K-64G
+# Default:
+# CacheSize=8M
+
+### Option: StartDBSyncers
+#	Number of pre-forked instances of DB Syncers.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartDBSyncers=4
+
+### Option: HistoryCacheSize
+#	Size of history cache, in bytes.
+#	Shared memory size for storing history data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryCacheSize=16M
+
+### Option: HistoryIndexCacheSize
+#	Size of history index cache, in bytes.
+#	Shared memory size for indexing history cache.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryIndexCacheSize=4M
+
+### Option: Timeout
+#	Specifies how long we wait for agent, SNMP device or external check (in seconds).
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+Timeout=4
+
+### Option: TrapperTimeout
+#	Specifies how many seconds trapper may spend processing new data.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# TrapperTimeout=300
+
+### Option: UnreachablePeriod
+#	After how many seconds of unreachability treat a host as unavailable.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachablePeriod=45
+
+### Option: UnavailableDelay
+#	How often host is checked for availability during the unavailability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnavailableDelay=60
+
+### Option: UnreachableDelay
+#	How often host is checked for availability during the unreachability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachableDelay=15
+
+## Option: StartODBCPollers
+#	Number of pre-forked ODBC poller instances.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartODBCPollers=1
+
+### Option: ExternalScripts
+#	Full path to location of external scripts.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_proxy --help".
+#
+# Mandatory: no
+# Default:
+# ExternalScripts=${datadir}/zabbix/externalscripts
+
+### Option: FpingLocation
+#	Location of fping.
+#	Make sure that fping binary has root ownership and SUID flag set.
+#
+# Mandatory: no
+# Default:
+# FpingLocation=/usr/sbin/fping
+
+### Option: Fping6Location
+#	Location of fping6.
+#	Make sure that fping6 binary has root ownership and SUID flag set.
+#	Make empty if your fping utility is capable to process IPv6 addresses.
+#
+# Mandatory: no
+# Default:
+# Fping6Location=/usr/sbin/fping6
+
+### Option: SSHKeyLocation
+#	Location of public and private keys for SSH checks and actions.
+#
+# Mandatory: no
+# Default:
+# SSHKeyLocation=
+
+### Option: LogSlowQueries
+#	How long a database query may take before being logged (in milliseconds).
+#	Only works if DebugLevel set to 3 or 4.
+#	0 - don't log slow queries.
+#
+# Mandatory: no
+# Range: 1-3600000
+# Default:
+# LogSlowQueries=0
+
+LogSlowQueries=3000
+
+### Option: TmpDir
+#	Temporary directory.
+#
+# Mandatory: no
+# Default:
+TmpDir=/tmp
+
+### Option: AllowRoot
+#	Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_proxy.general.conf
+# Include=/usr/local/etc/zabbix_proxy.conf.d/
+# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
+
+### Option: SSLCertLocation
+#	Location of SSL client certificates.
+#	This parameter is used only in web monitoring.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_proxy --help".
+#
+# Mandatory: no
+# Default:
+# SSLCertLocation=${datadir}/zabbix/ssl/certs
+
+### Option: SSLKeyLocation
+#	Location of private keys for SSL client certificates.
+#	This parameter is used only in web monitoring.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_proxy --help".
+#
+# Mandatory: no
+# Default:
+# SSLKeyLocation=${datadir}/zabbix/ssl/keys
+
+### Option: SSLCALocation
+#	Location of certificate authority (CA) files for SSL server certificate verification.
+#	If not set, system-wide directory will be used.
+#	This parameter is used in web monitoring, HTTP agent items and for communication with Vault.
+#
+# Mandatory: no
+# Default:
+# SSLCALocation=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of proxy modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_proxy --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at proxy startup. Modules are used to extend functionality of the proxy.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+### Option: StatsAllowedIP
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
+#	Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
+#	will be accepted.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: no
+# Default:
+# StatsAllowedIP=
+StatsAllowedIP=%STATS_ALLOWED_IPS%
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the proxy certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the proxy private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+### Option: DBTLSConnect
+#	Setting this option enforces to use TLS connection to database.
+#	required    - connect using TLS
+#	verify_ca   - connect using TLS and verify certificate
+#	verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
+#	              matches its certificate
+#	On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
+#	"verify_full".
+#	On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
+#	Default is not to set any option and behavior depends on database configuration
+#
+# Mandatory: no
+# Default:
+# DBTLSConnect=
+
+### Option: DBTLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
+# Default:
+# DBTLSCAFile=
+
+### Option: DBTLSCertFile
+#	Full pathname of file containing Zabbix proxy certificate for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSCertFile=
+
+### Option: DBTLSKeyFile
+#	Full pathname of file containing the private key for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSKeyFile=
+
+### Option: DBTLSCipher
+#	The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
+#	Supported only for MySQL
+#
+# Mandatory no
+# Default:
+# DBTLSCipher=
+
+### Option: DBTLSCipher13
+#	The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
+#	Supported only for MySQL, starting from version 8.0.16
+#
+# Mandatory no
+# Default:
+# DBTLSCipher13=
+
+### Option: VaultToken
+#	Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
+#	specified in optional VaultDBPath configuration parameter.
+#	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
+#
+# Mandatory: no
+# Default:
+# VaultToken=
+
+### Option: VaultURL
+#	Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
+#
+# Mandatory: no
+# Default:
+# VaultURL=https://127.0.0.1:8200
+
+### Option: VaultDBPath
+#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
+#	Example: secret/zabbix/database
+#	This option can only be used if DBUser and DBPassword are not specified.
+#
+# Mandatory: no
+# Default:
+# VaultDBPath=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
+
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+PidFile=/tmp/zabbix_proxy.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/tmp/zabbix_proxy.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match any 
+#   number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match any 
+#   number of any characters in certain position. It might be used in both key name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
+#
+# Mandatory: no
+# Default:
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=system.run[*]
+#	1 - AllowKey=system.run[*]
+#
+# Mandatory: no
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+
+##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related ##### Passive checks related 
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: yes, if StartAgents is not explicitly set to 0
+# Default:
+# Server=
+
+Server=%ZABBIX_SERVER_IPS%
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+##### Active checks related
+
+### Option: ServerActive
+#	Zabbix server/proxy address or cluster configuration to get active checks from.
+#	Server/proxy address is IP address or DNS name and optional port separated by colon.
+#	Cluster configuration is one or more server addresses separated by semicolon.
+#	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
+#	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
+#	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
+#	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example for Zabbix proxy:
+#		ServerActive=127.0.0.1:10051
+#	Example for multiple servers:
+#		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#	Example for high availability:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
+#	Example for high availability with two clusters and one server:
+#		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+# ServerActive=127.0.0.1
+
+### Option: Hostname
+#	List of comma delimited unique, case sensitive hostnames.
+#	Required for active checks and must match hostnames as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+# Hostname=localhost
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+User=%ZABBIX_USER_NAME%
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+### Option: UserParameterDir
+#	Directory to execute UserParameter commands from. Only one entry is allowed.
+#	When executing UserParameter commands the agent will change the working directory to the one
+#	specified in the UserParameterDir option.
+#	This way UserParameter commands can be specified using the relative ./ prefix.
+#
+# Mandatory: no
+# Default:
+# UserParameterDir=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_agentd --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#		Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#		Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
diff --git a/recipes-connectivity/zabbix/files/zabbix-proxy.service b/recipes-connectivity/zabbix/files/zabbix-proxy.service
new file mode 100644
index 0000000..7dd77b6
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-proxy.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Zabbix Proxy
+
+[Service]
+Environment="CONFFILE=%ZABBIX_PROXY_CONF%"
+EnvironmentFile=-%SYSCONFDIR%/default/zabbix-proxy
+Type=forking
+Restart=on-failure
+KillMode=control-group
+ExecStart=%SBINDIR%/zabbix_proxy -c $CONFFILE
+ExecStop=/bin/sh -c '[ -n "$1" ] && kill -s TERM "$1"' -- "$MAINPID"
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-connectivity/zabbix/files/zabbix-server-morello.service b/recipes-connectivity/zabbix/files/zabbix-server-morello.service
new file mode 100644
index 0000000..3327b4b
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-server-morello.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Zabbix Server
+Wants=postgresql.service
+After=postgresql.service
+After=postgresql-init.service
+After=php-fpm.service
+
+[Service]
+Environment="CONFFILE=%SYSCONFDIR%/zabbix/zabbix-server.conf"
+Environment="DB_ZABBIX_USER_SERVER=%DB_ZABBIX_USER_SERVER%"
+Environment="DB_ZABBIX_PASSWORD=%DB_ZABBIX_PASSWORD%"
+EnvironmentFile=-%SYSCONFDIR%/default/zabbix-server
+Type=forking
+KillMode=control-group
+ExecStart=/bin/bash -c '%SBINDIR%/zabbix_server -c ${CONFFILE}'
+ExecStop=/bin/sh -c '[ -n "$1" ] && kill -s TERM "$1"' -- "$MAINPID"
+RestartSec=10s
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/recipes-connectivity/zabbix/files/zabbix-server.conf b/recipes-connectivity/zabbix/files/zabbix-server.conf
new file mode 100644
index 0000000..390fe6f
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix-server.conf
@@ -0,0 +1,990 @@
+# This is a configuration file for Zabbix server daemon
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: ListenPort
+#	Listen port for trapper.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10051
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: yes, if LogType is set to file, otherwise no
+# Default:
+# LogFile=
+
+LogFile=/tmp/zabbix_server.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+DebugLevel=5
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_server.pid
+
+### Option: SocketDir
+#	IPC socket directory.
+#		Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+# SocketDir=/tmp
+SocketDir=%ZABBIX_SOCKET_DIR%
+
+### Option: DBHost
+#	Database host name.
+#	If set to localhost, socket is used for MySQL.
+#	If set to empty string, socket is used for PostgreSQL.
+#	If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
+#	the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
+#
+# Mandatory: no
+# Default:
+# DBHost=localhost
+
+### Option: DBName
+#	Database name.
+#	If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
+#	the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
+#	empty string.
+#
+# Mandatory: yes
+# Default:
+# DBName=
+
+DBName=%DB_ZABBIX_NAME%
+
+### Option: DBSchema
+#	Schema name. Used for PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBSchema=
+
+### Option: DBUser
+#	Database user.
+#
+# Mandatory: no
+# Default:
+# DBUser=
+
+DBUser=%DB_ZABBIX_USER_SERVER%
+
+### Option: DBPassword
+#	Database password.
+#	Comment this line if no password is used.
+#
+# Mandatory: no
+# Default:
+# DBPassword=
+
+DBPassword=%DB_ZABBIX_PASSWORD%
+
+### Option: DBSocket
+#	Path to MySQL socket.
+#
+# Mandatory: no
+# Default:
+# DBSocket=
+
+### Option: DBPort
+#	Database port when not using local socket.
+#	If the Net Service Name connection method is used to connect to Oracle database, the port number from the
+#	tnsnames.ora file will be used. The port number set here will be ignored.
+#
+# Mandatory: no
+# Range: 1024-65535
+# Default:
+# DBPort=
+
+### Option: AllowUnsupportedDBVersions
+#	Allow server to work with unsupported database versions.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowUnsupportedDBVersions=0
+
+### Option: HistoryStorageURL
+#	History storage HTTP[S] URL.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageURL=
+
+### Option: HistoryStorageTypes
+#	Comma separated list of value types to be sent to the history storage.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageTypes=uint,dbl,str,log,text
+
+### Option: HistoryStorageDateIndex
+#	Enable preprocessing of history values in history storage to store values in different indices based on date.
+#	0 - disable
+#	1 - enable
+#
+# Mandatory: no
+# Default:
+# HistoryStorageDateIndex=0
+
+### Option: ExportDir
+#	Directory for real time export of events, history and trends in newline delimited JSON format.
+#	If set, enables real time export.
+#
+# Mandatory: no
+# Default:
+# ExportDir=
+
+### Option: ExportFileSize
+#	Maximum size per export file in bytes.
+#	Only used for rotation if ExportDir is set.
+#
+# Mandatory: no
+# Range: 1M-1G
+# Default:
+# ExportFileSize=1G
+
+### Option: ExportType
+#	List of comma delimited types of real time export - allows to control export entities by their
+#	type (events, history, trends) individually.
+#	Valid only if ExportDir is set.
+#
+# Mandatory: no
+# Default:
+# ExportType=events,history,trends
+
+############ ADVANCED PARAMETERS ################
+
+### Option: StartPollers
+#	Number of pre-forked instances of pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollers=5
+
+### Option: StartIPMIPollers
+#	Number of pre-forked instances of IPMI pollers.
+#		The IPMI manager process is automatically started when at least one IPMI poller is started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartIPMIPollers=0
+
+### Option: StartPreprocessors
+#	Number of pre-forked instances of preprocessing workers.
+#		The preprocessing manager process is automatically started when preprocessor worker is started.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartPreprocessors=3
+
+### Option: StartPollersUnreachable
+#	Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
+#	At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
+#	are started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollersUnreachable=1
+
+### Option: StartHistoryPollers
+#	Number of pre-forked instances of history pollers.
+#	Only required for calculated and internal checks.
+#	A database connection is required for each history poller instance.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHistoryPollers=5
+
+### Option: StartTrappers
+#	Number of pre-forked instances of trappers.
+#	Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
+#	At least one trapper process must be running to display server availability and view queue
+#	in the frontend.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartTrappers=5
+
+### Option: StartPingers
+#	Number of pre-forked instances of ICMP pingers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPingers=1
+
+### Option: StartDiscoverers
+#	Number of pre-forked instances of discoverers.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartDiscoverers=1
+
+### Option: StartHTTPPollers
+#	Number of pre-forked instances of HTTP pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPPollers=1
+
+### Option: StartTimers
+#	Number of pre-forked instances of timers.
+#	Timers process maintenance periods.
+#	Only the first timer process handles host maintenance updates. Problem suppression updates are shared
+#	between all timers.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartTimers=1
+
+### Option: StartEscalators
+#	Number of pre-forked instances of escalators.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartEscalators=1
+
+### Option: StartAlerters
+#	Number of pre-forked instances of alerters.
+#	Alerters send the notifications created by action operations.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartAlerters=3
+
+### Option: JavaGateway
+#	IP address (or hostname) of Zabbix Java gateway.
+#	Only required if Java pollers are started.
+#
+# Mandatory: no
+# Default:
+# JavaGateway=
+
+### Option: JavaGatewayPort
+#	Port that Zabbix Java gateway listens on.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# JavaGatewayPort=10052
+
+### Option: StartJavaPollers
+#	Number of pre-forked instances of Java pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartJavaPollers=0
+
+### Option: StartVMwareCollectors
+#	Number of pre-forked vmware collector instances.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartVMwareCollectors=0
+
+### Option: VMwareFrequency
+#	How often Zabbix will connect to VMware service to obtain a new data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwareFrequency=60
+
+### Option: VMwarePerfFrequency
+#	How often Zabbix will connect to VMware service to obtain performance data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwarePerfFrequency=60
+
+### Option: VMwareCacheSize
+#	Size of VMware cache, in bytes.
+#	Shared memory size for storing VMware data.
+#	Only used if VMware collectors are started.
+#
+# Mandatory: no
+# Range: 256K-2G
+# Default:
+# VMwareCacheSize=8M
+
+### Option: VMwareTimeout
+#	Specifies how many seconds vmware collector waits for response from VMware service.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# VMwareTimeout=10
+
+### Option: SNMPTrapperFile
+#	Temporary file used for passing data from SNMP trap daemon to the server.
+#	Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
+#
+# Mandatory: no
+# Default:
+# SNMPTrapperFile=/tmp/zabbix_traps.tmp
+SNMPTrapperFile=/tmp/zabbix_traps.tmp
+
+### Option: StartSNMPTrapper
+#	If 1, SNMP trapper process is started.
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+StartSNMPTrapper=0
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the trapper should listen on.
+#	Trapper will listen on all network interfaces if this parameter is missing.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: HousekeepingFrequency
+#	How often Zabbix will perform housekeeping procedure (in hours).
+#	Housekeeping is removing outdated information from the database.
+#	To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
+#	hours of outdated information are deleted in one housekeeping cycle, for each item.
+#	To lower load on server startup housekeeping is postponed for 30 minutes after server start.
+#	With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
+#	In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
+#	period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
+#
+# Mandatory: no
+# Range: 0-24
+# Default:
+# HousekeepingFrequency=1
+
+### Option: MaxHousekeeperDelete
+#	The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
+#	[housekeeperid], [tablename], [field], [value].
+#	No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
+#	will be deleted per one task in one housekeeping cycle.
+#	If set to 0 then no limit is used at all. In this case you must know what you are doing!
+#
+# Mandatory: no
+# Range: 0-1000000
+# Default:
+# MaxHousekeeperDelete=5000
+
+### Option: CacheSize
+#	Size of configuration cache, in bytes.
+#	Shared memory size for storing host, item and trigger data.
+#
+# Mandatory: no
+# Range: 128K-64G
+# Default:
+# CacheSize=32M
+
+### Option: CacheUpdateFrequency
+#	How often Zabbix will perform update of configuration cache, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# CacheUpdateFrequency=60
+
+### Option: StartDBSyncers
+#	Number of pre-forked instances of DB Syncers.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartDBSyncers=4
+
+### Option: HistoryCacheSize
+#	Size of history cache, in bytes.
+#	Shared memory size for storing history data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryCacheSize=16M
+
+### Option: HistoryIndexCacheSize
+#	Size of history index cache, in bytes.
+#	Shared memory size for indexing history cache.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryIndexCacheSize=4M
+
+### Option: TrendCacheSize
+#	Size of trend write cache, in bytes.
+#	Shared memory size for storing trends data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendCacheSize=4M
+
+### Option: TrendFunctionCacheSize
+#	Size of trend function cache, in bytes.
+#	Shared memory size for caching calculated trend function data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendFunctionCacheSize=4M
+
+### Option: ValueCacheSize
+#	Size of history value cache, in bytes.
+#	Shared memory size for caching item history data requests.
+#	Setting to 0 disables value cache.
+#
+# Mandatory: no
+# Range: 0,128K-64G
+# Default:
+# ValueCacheSize=8M
+
+### Option: Timeout
+#	Specifies how long we wait for agent, SNMP device or external check (in seconds).
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+Timeout=4
+
+### Option: TrapperTimeout
+#	Specifies how many seconds trapper may spend processing new data.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# TrapperTimeout=300
+
+### Option: UnreachablePeriod
+#	After how many seconds of unreachability treat a host as unavailable.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachablePeriod=45
+
+### Option: UnavailableDelay
+#	How often host is checked for availability during the unavailability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnavailableDelay=60
+
+### Option: UnreachableDelay
+#	How often host is checked for availability during the unreachability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachableDelay=15
+
+### Option: AlertScriptsPath
+#	Full path to location of custom alert scripts.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# AlertScriptsPath=${datadir}/zabbix/alertscripts
+
+### Option: ExternalScripts
+#	Full path to location of external scripts.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# ExternalScripts=${datadir}/zabbix/externalscripts
+
+### Option: FpingLocation
+#	Location of fping.
+#	Make sure that fping binary has root ownership and SUID flag set.
+#
+# Mandatory: no
+# Default:
+# FpingLocation=/usr/sbin/fping
+
+### Option: Fping6Location
+#	Location of fping6.
+#	Make sure that fping6 binary has root ownership and SUID flag set.
+#	Make empty if your fping utility is capable to process IPv6 addresses.
+#
+# Mandatory: no
+# Default:
+# Fping6Location=/usr/sbin/fping6
+
+### Option: SSHKeyLocation
+#	Location of public and private keys for SSH checks and actions.
+#
+# Mandatory: no
+# Default:
+# SSHKeyLocation=
+
+### Option: LogSlowQueries
+#	How long a database query may take before being logged (in milliseconds).
+#	Only works if DebugLevel set to 3, 4 or 5.
+#	0 - don't log slow queries.
+#
+# Mandatory: no
+# Range: 1-3600000
+# Default:
+# LogSlowQueries=0
+
+LogSlowQueries=3000
+
+### Option: TmpDir
+#	Temporary directory.
+#
+# Mandatory: no
+# Default:
+# TmpDir=/tmp
+
+### Option: StartProxyPollers
+#	Number of pre-forked instances of pollers for passive proxies.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartProxyPollers=1
+
+### Option: ProxyConfigFrequency
+#	How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ProxyConfigFrequency=3600
+
+### Option: ProxyDataFrequency
+#	How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProxyDataFrequency=1
+
+### Option: StartLLDProcessors
+#	Number of pre-forked instances of low level discovery processors.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartLLDProcessors=2
+
+### Option: AllowRoot
+#	Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_server.general.conf
+# Include=/usr/local/etc/zabbix_server.conf.d/
+# Include=/usr/local/etc/zabbix_server.conf.d/*.conf
+
+### Option: SSLCertLocation
+#	Location of SSL client certificates.
+#	This parameter is used only in web monitoring.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# SSLCertLocation=${datadir}/zabbix/ssl/certs
+
+### Option: SSLKeyLocation
+#	Location of private keys for SSL client certificates.
+#	This parameter is used only in web monitoring.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# SSLKeyLocation=${datadir}/zabbix/ssl/keys
+
+### Option: SSLCALocation
+#	Override the location of certificate authority (CA) files for SSL server certificate verification.
+#	If not set, system-wide directory will be used.
+#	This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault.
+#
+# Mandatory: no
+# Default:
+# SSLCALocation=
+
+### Option: StatsAllowedIP
+#	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
+#	Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
+#	will be accepted.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
+#	and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
+#
+# Mandatory: no
+# Default:
+# StatsAllowedIP=
+StatsAllowedIP=127.0.0.1
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of server modules.
+#	Default depends on compilation options.
+#	To see the default path run command "zabbix_server --help".
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at server startup. Modules are used to extend functionality of the server.
+#	Formats:
+#		LoadModule=<module.so>
+#		LoadModule=<path/module.so>
+#		LoadModule=</abs_path/module.so>
+#	Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
+#	If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the server certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the server private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+### Option: DBTLSConnect
+#	Setting this option enforces to use TLS connection to database.
+#	required    - connect using TLS
+#	verify_ca   - connect using TLS and verify certificate
+#	verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
+#	              matches its certificate
+#	On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
+#	"verify_full".
+#	On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
+#	Default is not to set any option and behavior depends on database configuration
+#
+# Mandatory: no
+# Default:
+# DBTLSConnect=
+
+### Option: DBTLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+#	(yes, if DBTLSConnect set to one of: verify_ca, verify_full)
+# Default:
+# DBTLSCAFile=
+
+### Option: DBTLSCertFile
+#	Full pathname of file containing Zabbix server certificate for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSCertFile=
+
+### Option: DBTLSKeyFile
+#	Full pathname of file containing the private key for authenticating to database.
+#	Supported only for MySQL and PostgreSQL
+#
+# Mandatory: no
+# Default:
+# DBTLSKeyFile=
+
+### Option: DBTLSCipher
+#	The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2
+#	Supported only for MySQL
+#
+# Mandatory no
+# Default:
+# DBTLSCipher=
+
+### Option: DBTLSCipher13
+#	The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol
+#	Supported only for MySQL, starting from version 8.0.16
+#
+# Mandatory no
+# Default:
+# DBTLSCipher13=
+
+### Option: VaultToken
+#	Vault authentication token that should have been generated exclusively for Zabbix server with read only permission
+#	to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath
+#	configuration parameter.
+#	It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
+#
+# Mandatory: no
+# Default:
+# VaultToken=
+
+### Option: VaultURL
+#	Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
+#
+# Mandatory: no
+# Default:
+# VaultURL=https://127.0.0.1:8200
+
+### Option: VaultDBPath
+#	Vault path from where credentials for database will be retrieved by keys 'password' and 'username'.
+#	Example: secret/zabbix/database
+#	This option can only be used if DBUser and DBPassword are not specified.
+#
+# Mandatory: no
+# Default:
+# VaultDBPath=
+
+### Option: StartReportWriters
+#	Number of pre-forked report writer instances.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartReportWriters=0
+
+### Option: WebServiceURL
+#	URL to Zabbix web service, used to perform web related tasks.
+#	Example: http://localhost:10053/report
+#
+# Mandatory: no
+# Default:
+# WebServiceURL=
+
+### Option: ServiceManagerSyncFrequency
+#	How often Zabbix will synchronize configuration of a service manager (in seconds).
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ServiceManagerSyncFrequency=60
+
+### Option: ProblemHousekeepingFrequency
+#	How often Zabbix will delete problems for deleted triggers (in seconds).
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProblemHousekeepingFrequency=60
+
+## Option: StartODBCPollers
+#	Number of pre-forked ODBC poller instances.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartODBCPollers=1
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This parameter is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
+
+
+####### High availability cluster parameters #######
+
+## Option: HANodeName
+#	The high availability cluster node name.
+#	When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to.
+#
+# Mandatory: no
+# Default: 
+# HANodeName=
+
+## Option: NodeAddress
+#	IP or hostname with optional port to specify how frontend should connect to the server.
+#	Format: <address>[:<port>]
+#
+#	If IP or hostname is not set, then ListenIP value will be used. In case ListenIP is not set, localhost will be used.
+#	If port is not set, then ListenPort value will be used. In case ListenPort is not set, 10051 will be used.
+#	This option can be overridden by address specified in frontend configuration.
+#
+# Mandatory: no
+# Default: 
+# NodeAddress=localhost:10051
diff --git a/recipes-connectivity/zabbix/files/zabbix.conf.php b/recipes-connectivity/zabbix/files/zabbix.conf.php
new file mode 100644
index 0000000..4442d3f
--- /dev/null
+++ b/recipes-connectivity/zabbix/files/zabbix.conf.php
@@ -0,0 +1,59 @@
+<?php
+// Zabbix GUI configuration file.
+
+$DB['TYPE']			= 'POSTGRESQL';
+$DB['SERVER']			= 'localhost';
+$DB['PORT']			= '0';
+$DB['DATABASE']			= 'zabbix';
+$DB['USER']			= 'zabbix';
+$DB['PASSWORD']			= 'zabbix';
+
+// Schema name. Used for PostgreSQL.
+$DB['SCHEMA']			= '';
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= true;
+$DB['KEY_FILE']			= '';
+$DB['CERT_FILE']		= '';
+$DB['CA_FILE']			= '';
+$DB['VERIFY_HOST']		= false;
+$DB['CIPHER_LIST']		= '';
+
+// Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT']			= '';
+$DB['VAULT_URL']		= '';
+$DB['VAULT_DB_PATH']		= '';
+$DB['VAULT_TOKEN']		= '';
+$DB['VAULT_CERT_FILE']		= '';
+$DB['VAULT_KEY_FILE']		= '';
+// Uncomment to bypass local caching of credentials.
+// $DB['VAULT_CACHE']		= true;
+
+// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
+// This option is enabled by default for new Zabbix installations.
+// For upgraded installations, please read database upgrade notes before enabling this option.
+$DB['DOUBLE_IEEE754']		= true;
+
+// Uncomment and set to desired values to override Zabbix hostname/IP and port.
+// $ZBX_SERVER			= '';
+// $ZBX_SERVER_PORT		= '';
+
+$ZBX_SERVER_NAME		= 'myzabbix';
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Uncomment this block only if you are using Elasticsearch.
+// Elasticsearch url (can be string if same url is used for all types).
+//$HISTORY['url'] = [
+//	'uint' => 'http://localhost:9200',
+//	'text' => 'http://localhost:9200'
+//];
+// Value types stored in Elasticsearch.
+//$HISTORY['types'] = ['uint', 'text'];
+
+// Used for SAML authentication.
+// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
+//$SSO['SP_KEY']			= 'conf/certs/sp.key';
+//$SSO['SP_CERT']			= 'conf/certs/sp.crt';
+//$SSO['IDP_CERT']		= 'conf/certs/idp.crt';
+//$SSO['SETTINGS']		= [];
diff --git a/recipes-connectivity/zabbix/zabbix-agentd-morello_5.0.38.bb b/recipes-connectivity/zabbix/zabbix-agentd-morello_5.0.38.bb
new file mode 100644
index 0000000..b7084e2
--- /dev/null
+++ b/recipes-connectivity/zabbix/zabbix-agentd-morello_5.0.38.bb
@@ -0,0 +1,52 @@
+inherit perlnative autotools-brokensep pure-cap-kheaders pkgconfig systemd useradd
+inherit purecap-sysroot purecap-useradd
+
+require zabbix-morello.inc
+
+SRC_URI += " \
+            file://zabbix-agentd-morello.service \
+            file://zabbix-agentd.conf \
+            "
+
+# Seperate user for agent for security reasons. If the user is shared the agent
+# will have full access to the server's DB.
+USERADD_PACKAGES += " \
+                    ${PN} \
+"
+
+EXTRA_OECONF += "--enable-agent"
+
+GROUPADD_PARAM:${PN} = "-r ${DB_ZABBIX_USER_AGENT} "
+USERADD_PARAM:${PN} = "-r -g ${DB_ZABBIX_USER_AGENT} -d /var/lib/${DB_ZABBIX_USER_AGENT} \
+    -s /sbin/nologin -c "Zabbix Monitoring System" ${DB_ZABBIX_USER_AGENT} \
+"
+RPROVIDES:${PN} += "zabbix-agentd"
+
+BPN_ZABBIX = "zabbix-agentd"
+
+do_install:append() {
+
+    install -d ${D}${systemd_system_unitdir} ${D}${sysconfdir}
+    install -m 0644 ${WORKDIR}/${BPN}.service ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+
+    sed -i -e 's#%SBINDIR%#${sbindir}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+    sed -i -e 's#%SYSCONFDIR%#${sysconfdir}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+
+    install -d ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf.d/
+    install -m 0644 ${WORKDIR}/${BPN_ZABBIX}.conf ${D}${sysconfdir}/zabbix/
+
+    sed -i -e 's#%DB_ZABBIX_USER_AGENT%#${DB_ZABBIX_USER_AGENT}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+    sed -i -e 's#%DB_ZABBIX_USER_AGENT%#${DB_ZABBIX_USER_AGENT}#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+    sed -i -e 's#%ZABBIX_USER_NAME%#${DB_ZABBIX_USER_AGENT}#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+
+}
+
+do_install:append() {
+	${OBJDUMP} -D ${D}${sbindir}/zabbix_agentd >  ${D}${PURECAP_DEBUGDIR}/zabbix_agentd.dump
+	${READELF} -a ${D}${sbindir}/zabbix_agentd >  ${D}${PURECAP_DEBUGDIR}/zabbix_agentd.readelf
+}
+
+FILES:${PN} += " ${libdir} \
+                 ${systemd_system_unitdir}/${BPN_ZABBIX}.service \
+                 "
+FILES:${PN}-dbg += "${datadir}"
\ No newline at end of file
diff --git a/recipes-connectivity/zabbix/zabbix-frontend_5.0.38.bb b/recipes-connectivity/zabbix/zabbix-frontend_5.0.38.bb
new file mode 100644
index 0000000..7395799
--- /dev/null
+++ b/recipes-connectivity/zabbix/zabbix-frontend_5.0.38.bb
@@ -0,0 +1,24 @@
+require zabbix-morello.inc
+
+SRC_URI:append = " \
+        file://zabbix.conf.php \
+"
+
+SYSTEMD_SERVICE:${PN} = ""
+
+DEPENDS = ""
+RDEPENDS:${PN} += "bash"
+
+do_compile[noexec] = "1"
+do_configure[noexec] = "1"
+
+do_install() {
+
+    ZABBIX_WWW_LOC=${D}${datadir}/zabbix
+    install -d ${ZABBIX_WWW_LOC}
+    cp -r ${S}/ui/* ${ZABBIX_WWW_LOC}/
+
+    install -m 0644 ${WORKDIR}/zabbix.conf.php ${ZABBIX_WWW_LOC}/conf/
+}
+
+FILES:${PN} += "${datadir}/zabbix"
\ No newline at end of file
diff --git a/recipes-connectivity/zabbix/zabbix-morello.inc b/recipes-connectivity/zabbix/zabbix-morello.inc
new file mode 100644
index 0000000..71fa5e3
--- /dev/null
+++ b/recipes-connectivity/zabbix/zabbix-morello.inc
@@ -0,0 +1,103 @@
+SUMMARY = "Open-source monitoring solution for your IT infrastructure"
+
+MORELLO_SRC = "meta-openembedded/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb"
+
+DESCRIPTION = "\
+ZABBIX is software that monitors numerous parameters of a network and the \
+health and integrity of servers. ZABBIX uses a flexible notification \
+mechanism that allows users to configure e-mail based alerts for virtually \
+any event. This allows a fast reaction to server problems. ZABBIX offers \
+excellent reporting and data visualisation features based on the stored \
+data. This makes ZABBIX ideal for capacity planning. \
+\
+ZABBIX supports both polling and trapping. All ZABBIX reports and \
+statistics, as well as configuration parameters are accessed through a \
+web-based front end. A web-based front end ensures that the status of \
+your network and the health of your servers can be assessed from any \
+location. Properly configured, ZABBIX can play an important role in \
+monitoring IT infrastructure. This is equally true for small \
+organisations with a few servers and for large companies with a \
+multitude of servers."
+HOMEPAGE         = "http://www.zabbix.com/"
+SECTION          = "Applications/Internet"
+LICENSE          = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=300e938ad303147fede2294ed78fe02e"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/cheri-patches:"
+TOOLCHAIN                = "${MORELLO_TOOLCHAIN}"
+
+PV   = "5.0.38"
+PNPV = "zabbix-${PV}"
+SRC_URI = " \
+    https://cdn.zabbix.com/zabbix/sources/stable/5.0/%24%7BPNPV%7D.tar.gz \
+    "
+
+SRC_URI += "file://0000-sysinfo-fix-build-with-musl-libc.patch \
+            file://0000-net-fix-provenance-error.patch \
+            file://0001-memalloc-align-and-work-with-16-not-8.patch \
+            file://0002-duktape-set-shift-to-5-for-CHERI.patch \
+            file://0003-duktape-add-aling-to-16.patch \
+            file://0004-embed-use-padding-of-16-not-8-for-alloc.patch \
+            file://0005-embed-fix-alignment-issues.patch \
+            file://0006-duk_config-use-debug-and-self-test.patch \
+            file://0007-duktape-fix-stack-reallocation.patch \
+            "
+
+S = "${WORKDIR}/zabbix-${PV}"
+
+SRC_URI[md5sum]    = "0d314f8626cf5e914204c7e0c4f9ca78"
+SRC_URI[sha256sum] = "765c36aa0fc9dbf27f9eab06ccfe4e71023264d398d361b1dae0a3c1fe4c1a26"
+
+DEPENDS += "postgresql-morello zlib-morello net-snmp-morello openldap-morello libpcre-morello libevent-morello"
+DEPENDS += "curl-morello"
+
+RDEPENDS:${PN} = " \
+            logrotate \
+            "
+
+
+PACKAGECONFIG:append = " net-snmp libevent ldap zlib libpthread iconv curl libpcre openssl"
+
+PACKAGECONFIG[openssl]    = "--with-openssl=${STAGING_EXECPREFIXDIR},--without-openssl,openssl-morello"
+PACKAGECONFIG[net-snmp]   = "--with-net-snmp=${STAGING_BINDIR}/net-snmp-config,--without-net-snmp,net-snmp-morello"
+PACKAGECONFIG[libevent]   = "--with-libevent=${STAGING_EXECPREFIXDIR},--without-libevent,libevent-morello"
+PACKAGECONFIG[ldap]       = "--with-ldap=${STAGING_EXECPREFIXDIR},--without-ldap,openldap-morello"
+PACKAGECONFIG[zlib]       = "--with-zlib=${STAGING_EXECPREFIXDIR},--without-zlib,zlib-morello"
+PACKAGECONFIG[libpthread] = "--with-libpthread=${STAGING_EXECPREFIXDIR},--without-libpthread,"
+PACKAGECONFIG[libpcre]    = "--with-libpcre=${STAGING_EXECPREFIXDIR},--without-libpcre,libpcre-morello"
+PACKAGECONFIG[curl]       = "--with-libcurl=${STAGING_BINDIR}/curl-config, --without-libcurl, curl-morello"
+PACKAGECONFIG[iconv]      = "--with-iconv=${STAGING_EXECPREFIXDIR},--without-iconv,virtual/libiconv"
+
+EXTRA_OECONF = " \
+    --disable-option-checking \
+    --enable-dependency-tracking \
+    --enable-ipv6 \
+    --disable-static \
+    --with-postgresql=${STAGING_BINDIR}/pgconfig/pg_config \
+    --prefix=${prefix} \
+    --libdir=${libdir} \
+"
+
+CFLAGS:append = " -I${S}/include"
+LDFLAGS      += "-pthread -lnetsnmp"
+
+# Lost interest in these errors for now, too many to handle
+CC:remove:toolchain-llvm-morello:class-target = "-Werror=format"
+
+KERNEL_VERSION = "6.5"
+
+ZABBIX_IP_ADDR = "127.0.0.1"
+
+do_configure:prepend() {
+    export KERNEL_VERSION="${KERNEL_VERSION}"
+}
+
+do_install:append() {
+    rm -f ${D}${bindir}/.debug
+    rm -f ${D}${bindir}/.debug/zabbix_sender
+    rm -f ${D}${bindir}/.debug/zabbix_get
+    rm -f ${D}${sbindir}/.debug
+    rm -f ${D}${sbindir}/.debug/zabbix_agentd
+}
+
+SYSROOT_DIRS:remove = "${datadir}"
\ No newline at end of file
diff --git a/recipes-connectivity/zabbix/zabbix-proxy-morello_5.0.38.bb b/recipes-connectivity/zabbix/zabbix-proxy-morello_5.0.38.bb
new file mode 100644
index 0000000..a5867e0
--- /dev/null
+++ b/recipes-connectivity/zabbix/zabbix-proxy-morello_5.0.38.bb
@@ -0,0 +1,65 @@
+inherit perlnative autotools-brokensep pure-cap-kheaders pkgconfig systemd useradd
+inherit purecap-sysroot purecap-useradd
+
+require zabbix-morello.inc
+
+SRC_URI:append = " \
+        file://zabbix-proxy.conf \
+        file://zabbix-proxy.service \
+"
+
+# Seperate user for agent for security reasons. If the user is shared the agent 
+# will have full access to the server's DB.
+USERADD_PACKAGES += " \
+                    ${PN} \
+"
+
+EXTRA_OECONF += "--enable-proxy"
+
+USERADD_PARAM:${PN} = "-r -g ${DB_ZABBIX_USER_SERVER} -d ${localstatedir}/lib/${DB_ZABBIX_USER_SERVER} \
+    -s /sbin/nologin -c 'Zabbix Monitoring System' ${DB_ZABBIX_USER_SERVER} \
+"
+GROUPADD_PARAM:${PN} = "-r ${DB_ZABBIX_USER_SERVER}"
+
+RPROVIDES:${PN} += "zabbix-proxy"
+
+BPN_ZABBIX = "zabbix-proxy"
+
+SYSTEMD_AUTO_ENABLE:${PN} = "enable"
+SYSTEMD_SERVICE:${PN}     = "zabbix-proxy.service"
+
+do_install:append() {
+
+    install -d ${D}${systemd_system_unitdir}
+    install -d ${D}${sbindir}
+    install -d ${D}${sysconfdir}
+
+    SERVICE_FILE="${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service"
+    install -m 0644 ${WORKDIR}/${BPN_ZABBIX}.service                      ${SERVICE_FILE}
+    sed -i -e 's#%SBINDIR%#${sbindir}#g'                                  ${SERVICE_FILE}
+    sed -i -e 's#%SYSCONFDIR%#${sbindir}#g'                               ${SERVICE_FILE}
+    sed -i -e 's#%ZABBIX_PROXY_CONF%#${sysconfdir}/zabbix-proxy.conf#g'   ${SERVICE_FILE}
+
+    # N.B. For release use Access Tokens or similiar
+    sed -i -e 's#%DB_ZABBIX_USER_SERVER%#Admin#g'                         ${SERVICE_FILE}
+    sed -i -e 's#%DB_ZABBIX_PASSWORD%#${DB_ZABBIX_PASSWORD}#g'            ${SERVICE_FILE}
+
+    ZABBIX_CONF_DIR="${D}${sysconfdir}/zabbix/"
+    install -d ${ZABBIX_CONF_DIR}
+    install -m 0644 ${WORKDIR}/${BPN_ZABBIX}.conf ${ZABBIX_CONF_DIR}
+
+    sed -i -e 's#%DB_ZABBIX_NAME%#${DB_ZABBIX_NAME}#g'                  ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+    sed -i -e 's#%DB_ZABBIX_USER_PROXY%#${DB_ZABBIX_USER_PROXY}#g'      ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+    sed -i -e 's#%DB_ZABBIX_PASSWORD%#${DB_ZABBIX_PASSWORD}#g'          ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+    sed -i -e 's#%ZABBIX_SERVER_IPS%#${ZABBIX_IP_ADDR}#g'               ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+    sed -i -e 's#%STATS_ALLOWED_IPS%#${ZABBIX_IP_ADDR}#g'               ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+
+    sed -i -e 's#%ZABBIX_SOCKET_DIR%#/tmp/#g'                           ${ZABBIX_CONF_DIR}/${BPN_ZABBIX}.conf
+
+}
+
+
+FILES:${PN} += "${libdir} \
+                ${systemd_system_unitdir}/${BPN_ZABBIX}.service \
+                 "
+FILES:${PN}-dbg += "${datadir}"
\ No newline at end of file
diff --git a/recipes-connectivity/zabbix/zabbix-server-morello_5.0.38.bb b/recipes-connectivity/zabbix/zabbix-server-morello_5.0.38.bb
new file mode 100644
index 0000000..941fad6
--- /dev/null
+++ b/recipes-connectivity/zabbix/zabbix-server-morello_5.0.38.bb
@@ -0,0 +1,71 @@
+inherit perlnative autotools-brokensep pure-cap-kheaders pkgconfig systemd useradd
+inherit purecap-sysroot purecap-useradd
+
+require zabbix-morello.inc
+
+SRC_URI:append = " \
+        file://zabbix-server.conf \
+        file://zabbix-server-morello.service \
+"
+
+# Seperate user for agent for security reasons. If the user is shared the agent 
+# will have full access to the server's DB.
+USERADD_PACKAGES += " \
+                    ${PN} \
+"
+
+EXTRA_OECONF += "--enable-server"
+
+USERADD_PARAM:${PN} = "-r -g ${DB_ZABBIX_USER_SERVER} -d ${localstatedir}/lib/${DB_ZABBIX_USER_SERVER} \
+    -s /sbin/nologin -c 'Zabbix Monitoring System' ${DB_ZABBIX_USER_SERVER} \
+"
+GROUPADD_PARAM:${PN} = "-r ${DB_ZABBIX_USER_SERVER}"
+
+RPROVIDES:${PN} += "zabbix-server"
+RDEPENDS:${PN}  += " busybox bash "
+
+BPN_ZABBIX = "zabbix-server"
+
+SYSTEMD_AUTO_ENABLE:${PN} = "enable"
+SYSTEMD_SERVICE:${PN}     = "zabbix-server.service"
+
+
+do_install:append() {
+
+    install -d ${D}${systemd_system_unitdir} ${D}${sysconfdir}
+    install -m 0644 ${WORKDIR}/${BPN}.service ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+
+    sed -i -e 's#%SBINDIR%#${sbindir}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+    sed -i -e 's#%SYSCONFDIR%#${sysconfdir}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+
+    sed -i -e 's#%DB_ZABBIX_USER_SERVER%#Admin#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+    sed -i -e 's#%DB_ZABBIX_PASSWORD%#${DB_ZABBIX_PASSWORD}#g' ${D}${systemd_system_unitdir}/${BPN_ZABBIX}.service
+
+    install -d ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf.d/
+    install -m 0644 ${WORKDIR}/${BPN_ZABBIX}.conf ${D}${sysconfdir}/zabbix/
+
+    install -d ${D}${sysconfdir}/zabbix/schema
+
+    sed -i -e 's#%DB_ZABBIX_NAME%#${DB_ZABBIX_NAME}#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+    sed -i -e 's#%DB_ZABBIX_USER_SERVER%#${DB_ZABBIX_USER_SERVER}#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+    sed -i -e 's#%DB_ZABBIX_PASSWORD%#${DB_ZABBIX_PASSWORD}#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+
+    sed -i -e 's#%ZABBIX_SOCKET_DIR%#/tmp/#g' ${D}${sysconfdir}/zabbix/${BPN_ZABBIX}.conf
+
+    ZABBIX_SCHEMA_LOC=${D}${sysconfdir}/zabbix/schema
+
+    install -d ${ZABBIX_SCHEMA_LOC}
+    install -m 0644 ${S}/database/postgresql/schema.sql  ${ZABBIX_SCHEMA_LOC}
+    install -m 0644 ${S}/database/postgresql/images.sql  ${ZABBIX_SCHEMA_LOC}
+    install -m 0644 ${S}/database/postgresql/data.sql    ${ZABBIX_SCHEMA_LOC}
+}
+
+do_install:append() {
+    ${OBJDUMP} -D ${D}${sbindir}/zabbix_server >  ${D}${PURECAP_DEBUGDIR}/zabbix_server.dump
+    ${READELF} -a ${D}${sbindir}/zabbix_server >  ${D}${PURECAP_DEBUGDIR}/zabbix_server.readelf
+}
+
+FILES:${PN} += " ${libdir} \
+                 ${systemd_system_unitdir}/${BPN_ZABBIX}.service \
+                 "
+FILES:${PN}-dbg += "${datadir}"
\ No newline at end of file
-- 
2.34.1


    

2024

2023

2022

[linux-morello-distros] [meta-morello-distro][PATCH 07/27] zabbix-morello: initial commit