I am trying to setup zabbix proxy. My network is as below
Zabbix server IP: 192.168.101.11 (internal network)
Zabbix proxy server: 192.168.102.109 (internal network)
Zabbix agent: 172.1.16.2 (outside network but pingable from 102.109)
I can ping the zabbix agent IP from my proxy machine.
[root#102_109 ~]# ping 172.1.16.2
PING 172.1.16.2 (172.1.16.2) 56(84) bytes of data.
64 bytes from 172.1.16.2: icmp_seq=1 ttl=64 time=215 ms
64 bytes from 172.1.16.2: icmp_seq=2 ttl=64 time=214 ms
64 bytes from 172.1.16.2: icmp_seq=3 ttl=64 time=214 ms
64 bytes from 172.1.16.2: icmp_seq=4 ttl=64 time=214 ms
I can connect to the zabbix proxy from my zabbix server -
zabbix_get -k agent.ping -s 192.168.102.109
1
My zabbix_proxy.conf file (on 102.109) is as below
ProxyMode=0
Server=192.168.101.11
Hostname=CME_Proxy
LogFile=/tmp/zabbix_proxy.log
DBName=zabbix
DBUser=root
DBPassword=password
And on the zabbix agent machine (172.1.16.2) the configuration is as below.
EnableRemoteCommands=1
LogFile=/tmp/zabbix_agentd.log
Server=192.168.101.11,192.168.102.109
ServerActive=192.168.101.11,192.168.102.109
Hostname=172.1.16.2
AllowRoot=1
On my zabbix front end, I have configured the host as monitored by proxy (CME_Proxy) and there is only 1 item (agent.ping).
I am not able to get any data from the zabbix agent. From my proxy machine, when I run the following command, it returns a blank value.
zabbix_get -k agent.ping -s 172.1.16.2
<this is blank response>
Due to this, in the host configuration, zabbix shows error -
"Received empty response from Zabbix Agent at [172.1.16.2]. Assuming
that agent dropped connection because of access permissions."
Can someone please guide me if the way I have configured is correct? If not how to do this correctly. If you need additional data please let me know.
Thank you
Mukul
Figured it out:
In the agent config file, the following parameters
Server=192.168.101.11,192.168.102.109
ServerActive=192.168.101.11,192.168.102.109
should have been
Server=192.168.101.11,172.1.16.1
ServerActive=192.168.101.11,172.1.16.1
> server 172.1.16.2, some changes in zabbix_agentd.conf
you need specified who will have permission to request the data to agent (passive checks).
Server=192.168.102.109 # it will allow connections from proxy ip
# ServerActive=192.168.102.109 # comment ServerActive if you won't use active checks
at the web interface (set monitored by: CME_Proxy, or the same you defined in Hostname at zabbix_proxy.conf on 192.168.102.109)
> check communication: as you did before!
at the proxy terminal (192.168.102.109):
enter code here
zabbix_get -k agent.ping -s 172.1.16.2 # It should return 1.
PS: check Hostname in the zabbix_proxy.conf, it should be CME_Proxy, or the same you defined at web interface.
# FOR step-by-step guide of running latest zabbix version 5.0 follow these links
# https://blog.zabbix.com/zabbix-docker-containers/7150/
# https://techexpert.tips/zabbix/monitoring-docker-using-zabbix/
#it's simple just add all zabbix server IPs in zabbix host agent conf #file like below
Server=192.168.101.11,172.1.16.1
ServerActive=192.168.101.11,172.1.16.1
if you ur using zabbix server-agent model using docker containers then while deploying containers specify zabbix server Host/Container IPs which wants to connect to zabbix agent container
Assuming if you wanna deploy zabbix server and agent in the same server running docker containers just run below docker deploy commands
#Zabbix Server Container
sudo docker run --name zabbix-appliance -p 8080:80 -p 10051:10051 -d -h zabbix-server zabbix/zabbix-appliance
#Zabbix Agent container
sudo docker run --name=dockbix-agent-xxl --privileged -v /:/rootfs -v /var/run:/var/run -p 10050:10050 -e "ZA_Server=192.168.0.3,172.17.0.1" -e "ZA_ServerActive=192.168.0.3,172.17.0.1" -d monitoringartist/dockbix-agent-xxl-limited:latest
#Default username and password of zabbix server
#username: Admin password: zabbix
# For monitoring docker containers resources import a template from this cloned repository https://github.com/monitoringartist/zabbix-docker-monitoring
Related
I have a home server on my Raspberry Pi with a registered domain (say: mysite.com). I would like to use a subdomain to point to my MQTT broker running on the Pi so that I can use mqtt.mysite.com from outside my house.
In order to do that I have added a CNAME record to my DNS and verified that I can ping it.
However, I am not able to use the domain with MQTT. I am using mosquitto, the daemon is running on the Pi on the default port 1883. The port is open on the firewall via ufw allow 1883.
If I use the private IP address everything works fine:
mosquitto_pub -h 192.168.1.80 -p 1883 -t home/bedroom/temp -m 23.4
However if I use the subdomain
mosquitto_pub -h mqtt.mysite.com -p 1883 -t home/bedroom/temp -m 23.4
I get a Connection refused error.
Am I missing something?
Running the openshift cluster using minishift in ubuntu OS. minishift IP is "192.168.42.48". I am following the URL to access the internal docker registry.
After the minishift has started successfully, logged in as administrator using "oc login -u system:admin" then added the cluster-role to user "chak".
~/github/cheatsheets$ oc adm policy add-cluster-role-to-user cluster-admin chak
cluster role "cluster-admin" added: "chak"
Then copied the token for user "chak" and trying to login to docker registry but it has failed with below error. The minishift ip and ip in the error output is different. In the terminal, already logged in as administrator and added a cluster-admin role.
So, I expect docker daemon to login to the openshift cluster ip that is started by the minishift. why is docker daemon trying to login to ip in the error rather than than minishift ip?
I also have http_proxy, https_proxy and no_proxy set, since i am connected to corporate network.
~/github/cheatsheets$ docker login -u chak -p C5u5F1iwA6gl4va1K8OZ01DaRPdMYMnDQklErn2FzjY docker-registry-default.127.0.0.1.nip.io
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
error during connect: Post https://192.168.42.253:2376/v1.39/auth: Gateway Timeout
Edit 1:
~/github/hashitvault$ docker login -u chak -p Naqp6NScYF7zOcKN41SuYQ045qR9zBN6lfGVnvxhrU docker-registry-default.192.168.42.186.nip.io
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get http://docker-registry-default.192.168.42.186.nip.io/v2/: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
oc internal docker registry route is exposed.
when hit in browser,reaching the 502 server error.
what am i doing wrong here?
For demo purpose, I wanted to start at least 5 MySQL-client connection to only one server. Mysql-server is running on a fixed IP.
In my script, I have added many IP's as following.
eth0 inet addr:1.2.3.4
eth0:1 inet addr:1.2.3.5
I am the mysql client request as follows:
mysql -u test -h mysql.domain.com -p
This request always goes with 1.2.3.4? Can I start the mysql-client request with the IP I wanted?
I'm not sure it can be defined in the mysql client.
However good'ol networking should be your friend here.
The idea here is to make sure that IP traffic from your machine to the server machine goes through the desired NIC as its gateway.
The command on *nix is 'route add' and the syntax should be something in the spirit of:
route add -host <YOUR DB SERVER IP> gw 1.2.3.5 dev <YOUR NIC DEVICE NAME>
I've a docker installed in a VM in VirtualBox and I'm attempting to run a container with a dot Net Core application that connects to a MySQL database on the hosts machine. So I've configured the forwarding port for both mysql and my application on Virtual Box. I'm able to access my service through "http://localhost:3131/api/users/login" in the host machine but it throws an error saying that couldn't connect with the MySQL data base. I'm also able to run the app in the host machine when I'm not using docker. I've looked in other threads on the internet but nothing that enlightened me exactly except the last command shown below but I can't run since the MySQL authentication are configured is hard coded in the application not with a config file. The general configuration is as follows:
Program.cs
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.UseApplicationInsights()
.UseUrls("http://*:80")
.Build();
Dockerfile
FROM microsoft/aspnetcore
WORKDIR /app
COPY bin/Release/PublishOutput/ .
EXPOSE 80
ENTRYPOINT ["dotnet", "UsersApi.dll"]
Docker Run Command
docker run -d -p 3000:80 user_api
// and also tried
docker run -d -p 3000:80 user_api --net=host
// and also tried
docker run -d -p 3000:80 user_api --add-host localhost:127.0.0.1
VirtualBox fowarding ports:
NAT 3131 -> 3000 tcp
NAT 3306 -> 3306 tcp
NAT 2415 -> 22
localhost (that I thought it would appear the port 3131, but it calls the service anyway.)
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-22 11:23 E. South America Standard Time
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0013s latency).
Other addresses for localhost (not scanned): ::1
rDNS record for 127.0.0.1: rinaldipc.com
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
135/tcp open msrpc
445/tcp open microsoft-ds
2179/tcp open vmrdp
3306/tcp open mysql
5357/tcp open wsdapi
RUN command in Dockfile that I think I need to add but I'm not sure of the proceedings.
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
https://stackoverflow.com/questions/33827342/how-to-connect-mysql-workbench-to-running-mysql-inside-docker/33827463#33827463
Since you're running inside VirtualBox, there's another layer between the VirtualBox host machine and docker. You have a machine hosting VirtualBox (1) -> Linux in VirtualBox (2) -> docker (3).
"localhost" for docker (3) means (2) so it expects mysql to be on (2). In your case, you have mysql on (1).
The only way to access (1) from (3) is by explicitly using the IP of (1) and not the "localhost" alias.
On my AWS ec2 server I have docker 1.9.1 installed.
In an image test_image based from ubuntu:trusty official docker image, I have tried to setup the LEMP(Linux, Nginx, MySQL, PHP) architecture.
Following is the docker command i have used to start my container:
docker run --name test_1 -d -p 80:80 -p 3306:3306 test_image /bin/sh -c "while true; do echo daemonized docker container; sleep 5000; done"
I have exposed port 80 and 3306 to the host's network interface and have also allowed AWS's security group to allow inbound connections to these ports. Connection type in security group is: MYSQL/Aurora and protocol is: TCP (I know its not very secure, its only for initial implementation. Production setup will be different)
I followed this DigitalOcean tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-14-04
After installing Nginx and starting it I am able to test it in the browser via ec2's pubic ip i.e. http://xxx.xxx.xxx.xxx shows the default nginx welcome page.
While installing MySQL, I followed the following commands in the docker container:
apt-get install mysql-server
mysql_install_db
/etc/init.d/mysql start
mysql_secure_installation
I have given a password to my root user and during mysql_secure_installation i had allowed remote access to root user.
mysql -u root -p command from inside the container connects me to the mysql db but not from outside the container.
Also from my local machine:
I tried with mysql-client:
mysql -h xxx.xxx.xxx.xxx -u root -p
I got the following error: ERROR 2003 (HY000): Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (111)
and also through mysql workbench but I still can't connect to the mysql db.
What am I doing wrong?
In your host mysql's my.cnf set the bind address to 0.0.0.0 so that mysql listens on all network interfaces
bind-address = 0.0.0.0
The default config is:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1