search

zabbix / zabbix-docker

Official Zabbix Dockerfiles
https://www.zabbix.com
GNU Affero General Public License v3.0
2.33k stars 1.36k forks source link

zabbix-agent reject connection from zabbix-server #71

Closed laoshancun closed 7 years ago

laoshancun commented 7 years ago

zabbix-agent:log

zabbix-server_zabbix-agent_1 | 2016-12-01T05:38:14.639350807Z  29807:20161201:133814.638 failed to accept an incoming connection: connection from "172.18.1.5" rejected, allowed hosts: "zabbix-server"
zabbix-server_zabbix-agent_1 | 2016-12-01T05:39:14.654746331Z  29809:20161201:133914.654 failed to accept an incoming connection: connection from "172.18.1.5" rejected, allowed hosts: "zabbix-server"

docker-compose.yml

zabbix-server:
  image: zabbix/zabbix-server-mysql:alpine-3.2-latest
  ports:
   - "10051:10051"
  volumes:
   - /etc/localtime:/etc/localtime:ro
   - /etc/timezone:/etc/timezone:ro
   - /data/docker/zabbix/server/alertscripts:/usr/lib/zabbix/alertscripts
   - /data/docker/zabbix/server/externalscripts:/usr/lib/zabbix/externalscripts:ro
   - /data/docker/zabbix/server/modules:/var/lib/zabbix/modules:ro
   - /data/docker/zabbix/server/enc:/var/lib/zabbix/enc:ro
   - /data/docker/zabbix/server/ssh_keys:/var/lib/zabbix/ssh_keys:ro
   - /data/docker/zabbix/server/mibs:/var/lib/zabbix/mibs:ro
  links:
   - mysql-server:mysql-server
   - zabbix-agent:zabbix-agent
  ulimits:
   nproc: 65535
   nofile:
    soft: 20000
    hard: 40000
   mem_limit: 512m
  environment:
    #- .env_db_mysql
    #- .env_srv

    - MYSQL_USER=zabbix
    # MYSQL_PASSWORD=zabbix
    - MYSQL_PASSWORD=password
    # MYSQL_ROOT_PASSWORD=
    - MYSQL_ROOT_PASSWORD=password
    # MYSQL_ALLOW_EMPTY_PASSWORD=false
    # MYSQL_DATABASE=zabbix
    - MYSQL_DATABASE=zabbix
  user: root
  # networks:
  #   zbx_net:
  #     aliases:
  #      - zabbix-server
  #      - zabbix-server-mysql
  #      - zabbix-server-alpine-mysql
  #      - zabbix-server-mysql-alpine
zabbix-web-nginx-mysql:
  image: 'zabbix/zabbix-web-nginx-mysql:alpine-3.2-latest'
  ports:
   - "8081:80"
   #- "8443:443"
  links:
   - mysql-server:mysql-server
   - zabbix-server:zabbix-server
  mem_limit: 512m
  volumes:
   - /etc/localtime:/etc/localtime:ro
   - /etc/timezone:/etc/timezone:ro
   - /data/docker/zabbix/web/ssl/nginx:/etc/ssl/nginx:ro
   - /data/docker/zabbix/web/simhei.ttf:/usr/share/fonts/ttf-dejavu/DejaVuSans.ttf:ro
  environment:
  #  - .env_db_mysql
  #  - .env_web
    - TZ=Asia/Shanghai
    - MYSQL_USER=zabbix
    # MYSQL_PASSWORD=zabbix
    - MYSQL_PASSWORD=password
    # MYSQL_ROOT_PASSWORD=
    - MYSQL_ROOT_PASSWORD=password
    # MYSQL_ALLOW_EMPTY_PASSWORD=false
    # MYSQL_DATABASE=zabbix
    - MYSQL_DATABASE=zabbix
  user: root
  # networks:
  #   zbx_net:
  #     aliases:
  #      - zabbix-web-nginx-mysql
  #      - zabbix-web-nginx-alpine-mysql
  #      - zabbix-web-nginx-mysql-alpine 
mysql-server:
  image: mysql:5.7
  volumes:
    - /data/docker/zabbix/mysql/data:/var/lib/mysql
    - /data/docker/zabbix/mysql/docker.cnf:/etc/mysql/conf.d/docker.cnf
  ports:
    - "6033:3306"
  environment:
  #  - .env_db_mysql
    - MYSQL_USER=zabbix
    # MYSQL_PASSWORD=zabbix
    - MYSQL_PASSWORD=password
    # MYSQL_ROOT_PASSWORD=
    - MYSQL_ROOT_PASSWORD=password
    # MYSQL_ALLOW_EMPTY_PASSWORD=false
    # MYSQL_DATABASE=zabbix
    - MYSQL_DATABASE=zabbix
  user: root
#   networks:
#     zbx_net:
#       aliases:
#        - mysql-server
#        - zabbix-database
#        - mysql-database
zabbix-agent:
  image: zabbix/zabbix-agent:alpine-3.2-latest
  environment:
   #- ZBX_HOSTNAME=zabbix-server
   #- ZBX_SERVER_HOST=192.168.0.11
  ports:
   - "10050:10050"
  volumes:
   - /etc/localtime:/etc/localtime:ro
   - /etc/timezone:/etc/timezone:ro
   - /data/docker/zabbix/agent/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
   - /data/docker/zabbix/agent/modules:/var/lib/zabbix/modules:ro
   - /data/docker/zabbix/agent/enc:/var/lib/zabbix/enc:ro
   - /data/docker/zabbix/agent/ssh_keys:/var/lib/zabbix/ssh_keys:ro
  links:
   #- zabbix-server:zabbix-server
  user: root
  privileged: true
  pid: "host"
  # networks:
  #   zbx_net:
  #     aliases:
  #      - zabbix-agent
  #      - zabbix-agent-passive
  #      - zabbix-agent-alpine
brainsam commented 7 years ago

You have to uncomment ZBX_SERVER_HOST and specify server's ip or domain name. For example, you can link zabbix-server to zabbix-agent and set ZBX_SERVER_HOST=127.0.0.1

laoshancun commented 7 years ago

ok,thanks! :-D

arnydo commented 6 years ago

@laoshancun Were you able to get this working? Would you be able to share your compose file as I cannot get this to work. I thought I had it correct but now it is saying that it cannot accept connections from 172.18.0.1.

rake5k commented 6 years ago

@arnydo just set ZBX_SERVER_HOST=172.18.0.1, then zabbix server should be able to connect to the agent container.

dherykw commented 3 years ago

Is there any way of resolving the connection throught dns? and avoid 

failed to accept an incoming connection: connection from "X.X.X.X" rejected, allowed hosts: "zabbix-server"
relgames commented 2 years ago

Hi @dherykw, did you figure out how to specify DNS for zabbix agent by any chance?

We are having the same issue, agent is failing to accept a connection from zabbix proxy, but DNS is specified in ZBX_SERVER_HOST.

But by some reason, IP is rejected:

2021/11/29 19:34:57.397445 cannot accept incoming connection for peer: 10.81.4.85

UPDATE: Figured it out, DNS name is actually resolving into a different IP, because of k8s.

guilhermechgas commented 2 years ago

Hi @relgames we are having the same issue in Kubernetes (EKS), how did you solve this?

KingOfSpades commented 2 years ago

@guilhermechgas having the same issue in Openshift and it's driving me crazy. Acoarding to the Zabbix documentation (and our Zabbix agents in our current infa) you should be able to use CIDR adresses with the zabbix host paramater. So you should be able to say:

ZBX_SERVER_HOST=Server.Host, 0.0.0.0/0

And it should accept all connections. But because the Zabbix container uses the ENV variable ZBX_SERVER_HOST to set both the ZBX_SERVER_HOST and the ACTIVE_SERVER it keeps on failing with a invalid server name adres. It's honestley driving me crazy. I'm trying to run a Zabbix Proxy in cluster and let that do active checks back to the pod's but because you have to expose the Ports by hostPort or Service + nodePort the incoming adress is different than the proxy adres. Been 8 hours at this, why does this have to be so hard.

relgames commented 2 years ago

@guilhermechgas Yes, I had to make a service and specify clusterIP: None:

---
apiVersion: v1
kind: Service
metadata:
  name: "k8-agent"
spec:
  selector:
    app.kubernetes.io/component: zabbix-agent
  clusterIP: None
  ports:
    - name: zabbix-agent
      protocol: TCP
      port: 10050
      targetPort: 10050

For the agent, specified service name as a host name:

      containers:
        - name: zabbix-agent
          image: "{{ .Values.image.repository }}/zabbix-agent2:{{ .Chart.AppVersion }}"
          env:
            - name: ZBX_HOSTNAME
              value: "k8-agent"
            - name: ZBX_SERVER_HOST
              value: "k8-proxy"

Same for proxy:

---
apiVersion: v1
kind: Service
metadata:
  name: "k8-proxy"
spec:
  selector:
    app.kubernetes.io/component: zabbix-proxy
  clusterIP: None
  ports:
    - name: zabbix
      protocol: TCP
      port: 10051
      targetPort: 10051

And proxy container env vars:

      containers:
      - name: zabbix-proxy
        image: "{{ .Values.image.repository }}/zabbix-proxy-sqlite3:{{ .Chart.AppVersion }}"
        env:
        - name: ZBX_HOSTNAME
          value: "k8-proxy"
        - name: ZBX_SERVER_HOST
          value: support-z
        - name: ZBX_PROXYMODE
          value: "0"

In case of clusterIP: None, Kubernetes will resolve DNS names k8-proxy and k8-agent to actual pod IP addresses, so the agent and proxy can connect to each other.

KingOfSpades commented 2 years ago

I fixed this eveuantly with the following settings:

- name: ZBX_SERVER_HOST
          value: "zabbix-proxy.zabbix-monitoring.svc.cluster.local"
- name: ZBX_PASSIVESERVERS
          value: "0.0.0.0/0"

By using the 0.0.0.0/0 adres in the ZBX_PASSIVESERVERS it allows all IP's to connect

clembIsEnder commented 6 months ago

Heyy, I have the same problem.. (I think) I want to run a strings store on my Zabbix agent. And the trigger is directly on Zabbix web.

72103:20240307:144604.200 agent #5 started [active checks #1] 72103:20240307:144604.203 Unable to connect to [.21]:10051 [cannot connect to [[.21]:10051]: [113] No route to host] 72103:20240307:144604.204 Unable to send heartbeat message to [.21]:10051 [cannot connect to [[.21]:10051]: [113] No route to host] 72103:20240307:144604.206 Unable to connect to [.21]:10051 [cannot connect to [[.21]:10051]: [113] No route to host] 72103:20240307:144604.207 Active check configuration update started to fail 72102:20240307:145045.799 failed to accept an incoming connection: connection from ".90" rejected, allowed hosts: "10.129.102.21" 72102:20240307:145344.605 Executing command 'sudo -u lmtest /etc/zabbix/zabbix_shells/start_all_lmxt.ksh'

.90 = This is my old Zabbix server (which I no longer use and I have in no case put its IP address in my new configurations) .21 = This is my new Zabbix server The logs come from my Zabbix agent (.27)

In the last line, we see that he is launching himself. But in fact, it is like "blocked" and cannot launch this and therefore cannot restart my tasks

72102:20240307:145344.605 Executing command 'sudo -u lmtest /etc/zabbix/zabbix_shells/start_all_lmxt.ksh'

If someone has an idea ty