agent docker zabbix_关于docker环境运行zabbix时,你可能不知道的事 | 爱生活,爱运维...

关于docker环境运行zabbix时,可以快速的部署一套zabbix环境,不管是学习docker还是学习zabbix,都是可以作为一个实际项目来进行测试和练习,但是如果对docker的网络模式不熟悉,可能会遇到一些坑,本文就一些你可能不知道的事进行了测试,与试水,希望能给与大家帮助

一、Docker四种网络模式

实现原理

Docker使用Linux桥接(参考《Linux虚拟网络技术》),在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。

Docker网桥是宿主机虚拟出来的,并不是真实存在的网络设备,外部网络是无法寻址到的,这也意味着外部网络无法通过直接Container-IP访问到容器。如果容器希望外部访问能够访问到,可以通过映射容器端口到宿主主机(端口映射),即docker run创建容器时候通过 -p 或 -P 参数来启用,访问容器的时候就通过[宿主机IP]:[容器端口]访问容器。

四类网络模式

Docker网络模式 配置 说明

host模式 –net=host 容器和宿主机共享Network namespace。

container模式

–net=container:NAME_or_ID

容器和另外一个容器共享Network namespace。 kubernetes中的pod就是多个容器共享一个Network namespace

none模式 –net=none 容器有独立的Network namespace,但并没有对其进行任何网络设置,如分配veth pair 和网桥连接,配置IP等。

bridge模式 –net=bridge (默认为该模式)

host模式

如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。

使用host模式的容器可以直接使用宿主机的IP地址与外界通信,容器内部的服务端口也可以使用宿主机的端口,不需要进行NAT,host最大的优势就是网络性能比较好,但是docker host上已经使用的端口就不能再用了,网络的隔离性不好。

Host模式如下图所示:

container模式

这个模式指定新创建的容器和已经存在的一个容器共享一个 Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的 IP,而是和一个指定的容器共享 IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过 lo 网卡设备通信。

Container模式示意图:

none模式

使用none模式,Docker容器拥有自己的Network Namespace,但是,并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。

这种网络模式下容器只有lo回环网络,没有其他网卡。none模式可以在容器创建时通过--network=none来指定。这种类型的网络没有办法联网,封闭的网络能很好的保证容器的安全性。

None模式示意图:

bridge模式

当Docker进程启动时,会在主机上创建一个名为docker0的虚拟网桥,此主机上启动的Docker容器会连接到这个虚拟网桥上。虚拟网桥的工作方式和物理交换机类似,这样主机上的所有容器就通过交换机连在了一个二层网络中。

从docker0子网中分配一个IP给容器使用,并设置docker0的IP地址为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备,Docker将veth pair设备的一端放在新创建的容器中,并命名为eth0(容器的网卡),另一端放在主机中,以vethxxx这样类似的名字命名,并将这个网络设备加入到docker0网桥中。可以通过brctl show命令查看。

bridge模式是docker的默认网络模式,不写--net参数,就是bridge模式。使用docker run -p时,docker实际是在iptables做了DNAT规则,实现端口转发功能。可以使用iptables -t nat -vnL查看。

bridge模式如下图所示:

二、创建zabbix测试环境

1 新建网络

下面自定义创建一个新的bridge模式的Docker网络

[root@centos-linux-4 ]# docker network create -d bridge my-net

2d19b1c8d144a6367810998bc5e001404d34ea1a0f51a52a5246aaeeba04e97a

[root@centos-linux-4 ]# docker network ls

NETWORK ID NAME DRIVER SCOPE

1b86c2f5b04b bridge bridge local

36d9d40bf276 cmp_zabbix_agent_default bridge local

9a3d2b9e95d5 cmp_zabbix_server_default bridge local

f0d6e6c30c66 host host local

2d19b1c8d144 my-net bridge local

bfaa333252cf none null local

1

2

3

4

5

6

7

8

9

10

[root@centos-linux-4]# docker network create -d bridge my-net

2d19b1c8d144a6367810998bc5e001404d34ea1a0f51a52a5246aaeeba04e97a

[root@centos-linux-4]# docker network ls

NETWORKIDNAMEDRIVERSCOPE

1b86c2f5b04bbridgebridgelocal

36d9d40bf276cmp_zabbix_agent_defaultbridgelocal

9a3d2b9e95d5cmp_zabbix_server_defaultbridgelocal

f0d6e6c30c66hosthostlocal

2d19b1c8d144my-netbridgelocal

bfaa333252cfnonenulllocal

-d参数指定Docker网络类型,有bridge、overlay类型,overlay类型适用于Swarm mode,这里我们使用bridge

2 启动一个空的Mysql服务器实例

[root@centos-linux-4 cmp_zabbix_agent]# docker run --name mysql-server --network=my-net -it --restart=always -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -d mysql:5.7 --character-set-server=utf8 --collation-server=utf8_bin

bb6a9117ffec928971b819a1dacb1e62fb748cd9a2d5c9c5f193e5e1cc32eb4f

[root@centos-linux-4 cmp_zabbix_agent]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 3306/tcp

1

2

3

4

5

[root@centos-linux-4cmp_zabbix_agent]# docker run --name mysql-server --network=my-net -it --restart=always -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456"  -d mysql:5.7 --character-set-server=utf8 --collation-server=utf8_bin

bb6a9117ffec928971b819a1dacb1e62fb748cd9a2d5c9c5f193e5e1cc32eb4f

[root@centos-linux-4cmp_zabbix_agent]# docker ps

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES

bb6a9117ffecmysql:5.6"docker-entrypoint.s…"6secondsagoUp5seconds3306/tcp

3 启动Zabbix server实例,并关联这个实例到已创建的MySQL服务器实例

[root@centos-linux-4 cmp_zabbix_agent]# docker run --name zabbix-server-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro --link mysql-server:mysql -p 10051:10051 -d zabbix/zabbix-server-mysql:latest

2ef64b4ca60aaf4db2d82d0ac77139675c5ef7ab98f71e6f1c27217e9fb54d66

[root@centos-linux-4 cmp_zabbix_agent]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

2ef64b4ca60a zabbix/zabbix-server-mysql:latest "/sbin/tini -- /usr/…" 23 seconds ago Up 22 seconds 0.0.0.0:10051->10051/tcp zabbix-server-mysql

bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp mysql-server

1

2

3

4

5

6

[root@centos-linux-4cmp_zabbix_agent]# docker run --name zabbix-server-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456"  -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro --link mysql-server:mysql -p 10051:10051 -d zabbix/zabbix-server-mysql:latest

2ef64b4ca60aaf4db2d82d0ac77139675c5ef7ab98f71e6f1c27217e9fb54d66

[root@centos-linux-4cmp_zabbix_agent]# docker ps

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES

2ef64b4ca60azabbix/zabbix-server-mysql:latest"/sbin/tini -- /usr/…"23secondsagoUp22seconds0.0.0.0:10051->10051/tcpzabbix-server-mysql

bb6a9117ffecmysql:5.6"docker-entrypoint.s…"2minutesagoUp2minutes3306/tcpmysql-server

4 启动Zabbix web 接口,并将它与MySQL服务器实例和Zabbix server实例关联

[root@centos-linux-4 cmp_zabbix_agent]# docker run --name zabbix-web-nginx-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" --link mysql-server:mysql --link zabbix-server-mysql:zabbix-server -p 8080:80 -d zabbix/zabbix-web-nginx-mysql:latest

effdf23c761b7f4536bf99ef9fea2999a44f6f2eec8b285763708033a3b7ffa7

[root@centos-linux-4 cmp_zabbix_agent]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

effdf23c761b zabbix/zabbix-web-nginx-mysql:latest "docker-entrypoint.sh" 4 seconds ago Up 3 seconds 443/tcp, 0.0.0.0:8088->80/tcp zabbix-web-nginx-mysql

2ef64b4ca60a zabbix/zabbix-server-mysql:latest "/sbin/tini -- /usr/…" 2 minutes ago Up 2 minutes 0.0.0.0:10051->10051/tcp zabbix-server-mysql

bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes 3306/tcp mysql-server

1

2

3

4

5

6

7

[root@centos-linux-4cmp_zabbix_agent]# docker run --name zabbix-web-nginx-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" --link mysql-server:mysql --link zabbix-server-mysql:zabbix-server -p 8080:80 -d zabbix/zabbix-web-nginx-mysql:latest

effdf23c761b7f4536bf99ef9fea2999a44f6f2eec8b285763708033a3b7ffa7

[root@centos-linux-4cmp_zabbix_agent]# docker ps

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES

effdf23c761bzabbix/zabbix-web-nginx-mysql:latest"docker-entrypoint.sh"4secondsagoUp3seconds443/tcp,0.0.0.0:8088->80/tcpzabbix-web-nginx-mysql

2ef64b4ca60azabbix/zabbix-server-mysql:latest"/sbin/tini -- /usr/…"2minutesagoUp2minutes0.0.0.0:10051->10051/tcpzabbix-server-mysql

bb6a9117ffecmysql:5.6"docker-entrypoint.s…"4minutesagoUp4minutes3306/tcpmysql-server

三、测试场景

前面的zabbix的数据库、server、web都是使用自定义的网桥分配ip地址,正式环境切记需要对一些关键数据进行持久化,同时网络模式也可以不需要指定,使用默认的即可,可以使用如下命令查看自定义的网桥下的容器ip

[root@elk-master ~]# docker network ls

NETWORK ID NAME DRIVER SCOPE

39cad5014ee8 bridge bridge local

e7aa5925d508 host host local

f8d5b552a9e8 my-net bridge local

f4ea566b5201 none null local

[root@elk-master ~]# docker network inspect f8d5b552a9e8

[

{

"Name": "my-net",

"Id": "f8d5b552a9e879a8b973393fff52892c12f9f31a12412cb70b5a16e5bed606b6",

"Created": "2020-01-19T10:51:01.317838046+08:00",

"Scope": "local",

"Driver": "bridge",

"EnableIPv6": false,

"IPAM": {

"Driver": "default",

"Options": {},

"Config": [

{

"Subnet": "172.20.0.0/16",

"Gateway": "172.20.0.1"

}

]

},

"Internal": false,

"Attachable": false,

"Ingress": false,

"ConfigFrom": {

"Network": ""

},

"ConfigOnly": false,

"Containers": {

"033bc75eae7d20ec1940a9588bf150eff52575076ea53abe5db7a67e663621bc": {

"Name": "zabbix-web-nginx-mysql",

"EndpointID": "bcb44b716858b5b2bd5c4431bf37367771aaade7df5de6fc388f76890d3c64dd",

"MacAddress": "02:42:ac:14:00:04",

"IPv4Address": "172.20.0.4/16",

"IPv6Address": ""

},

"b8177b394cac1676e945019d7d6b7252ee6fec88fb6072a197ead2096610aa66": {

"Name": "zabbix-server-mysql",

"EndpointID": "78f77f1bc9ad066f2173147c5e342b80ec46f9cc3c93b63be7e0e3d2897c5c93",

"MacAddress": "02:42:ac:14:00:03",

"IPv4Address": "172.20.0.3/16",

"IPv6Address": ""

},

"fb7d8240a307f184e5458f54f5a1b2b0e58aba1668af6eefb6a416176b5f9b19": {

"Name": "mysql-server",

"EndpointID": "a271a5ca6e58003650169a644558ec68c31ae76f56d0898368c63961209a5f06",

"MacAddress": "02:42:ac:14:00:02",

"IPv4Address": "172.20.0.2/16",

"IPv6Address": ""

}

},

"Options": {},

"Labels": {}

}

]

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

[root@elk-master~]# docker network ls

NETWORKIDNAMEDRIVERSCOPE

39cad5014ee8bridgebridgelocal

e7aa5925d508hosthostlocal

f8d5b552a9e8my-netbridgelocal

f4ea566b5201nonenulllocal

[root@elk-master~]# docker network inspect f8d5b552a9e8

[

{

"Name":"my-net",

"Id":"f8d5b552a9e879a8b973393fff52892c12f9f31a12412cb70b5a16e5bed606b6",

"Created":"2020-01-19T10:51:01.317838046+08:00",

"Scope":"local",

"Driver":"bridge",

"EnableIPv6":false,

"IPAM":{

"Driver":"default",

"Options":{},

"Config":[

{

"Subnet":"172.20.0.0/16",

"Gateway":"172.20.0.1"

}

]

},

"Internal":false,

"Attachable":false,

"Ingress":false,

"ConfigFrom":{

"Network":""

},

"ConfigOnly":false,

"Containers":{

"033bc75eae7d20ec1940a9588bf150eff52575076ea53abe5db7a67e663621bc":{

"Name":"zabbix-web-nginx-mysql",

"EndpointID":"bcb44b716858b5b2bd5c4431bf37367771aaade7df5de6fc388f76890d3c64dd",

"MacAddress":"02:42:ac:14:00:04",

"IPv4Address":"172.20.0.4/16",

"IPv6Address":""

},

"b8177b394cac1676e945019d7d6b7252ee6fec88fb6072a197ead2096610aa66":{

"Name":"zabbix-server-mysql",

"EndpointID":"78f77f1bc9ad066f2173147c5e342b80ec46f9cc3c93b63be7e0e3d2897c5c93",

"MacAddress":"02:42:ac:14:00:03",

"IPv4Address":"172.20.0.3/16",

"IPv6Address":""

},

"fb7d8240a307f184e5458f54f5a1b2b0e58aba1668af6eefb6a416176b5f9b19":{

"Name":"mysql-server",

"EndpointID":"a271a5ca6e58003650169a644558ec68c31ae76f56d0898368c63961209a5f06",

"MacAddress":"02:42:ac:14:00:02",

"IPv4Address":"172.20.0.2/16",

"IPv6Address":""

}

},

"Options":{},

"Labels":{}

}

]

当我们想采集zabbix server上的数据的时候,分别进行了如下几个场景的,可以根据自己的需求选择合适的方式

场景1:

当server服务器上的agent也用docker安装的时候,如果网络模式选择bridge,并且agent和server如果是在同一个网桥时,agent的配置文件中server需要填写成zabbix-server容器名或者ip地址,web端需要配置成agent容器的ip地址,最终发现采集到的将会是agent容器自己的数据,具体操作如下:

选择跟server一样的网桥my-net启动agent

docker run --name zabbix-agent --network=my-net -p 10051:10050 -e ZBX_HOSTNAME="zabbix-server" -e ZBX_SERVER_HOST="zabbix-server-mysql" --link zabbix-server-mysql:zabbix-server-mysql -d zabbix/zabbix-agent:latest

1

dockerrun--namezabbix-agent--network=my-net-p10051:10050-eZBX_HOSTNAME="zabbix-server"-eZBX_SERVER_HOST="zabbix-server-mysql"--linkzabbix-server-mysql:zabbix-server-mysql-dzabbix/zabbix-agent:latest

首先我们看一下web端的server端的agent配置地址为容器ip

[root@elk-master ~]# docker exec -it b8177b394cac bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:14:00:03 brd ff:ff:ff:ff:ff:ff

inet 172.20.0.3/16 brd 172.20.255.255 scope global eth0

valid_lft forever preferred_lft forever

bash-5.0$ zabbix_get -s 172.20.0.5 -p 10050 -k "system.uptime"

1858

bash-5.0$ zabbix_get -s zabbix-agent -p 10050 -k "system.uptime"

1878

1

2

3

4

5

6

7

8

9

10

11

12

13

14

[root@elk-master~]# docker exec -it b8177b394cac bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

15:eth0@if16:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:14:00:03brdff:ff:ff:ff:ff:ff

inet172.20.0.3/16brd172.20.255.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

bash-5.0$zabbix_get-s172.20.0.5-p10050-k"system.uptime"

1858

bash-5.0$zabbix_get-szabbix-agent-p10050-k"system.uptime"

1878

然后进入容器查看agent中的server地址

[root@elk-master ~]# docker exec -it zabbix-agent bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:14:00:05 brd ff:ff:ff:ff:ff:ff

inet 172.20.0.5/16 brd 172.20.255.255 scope global eth0

valid_lft forever preferred_lft forever

bash-5.0$ cat /etc/zabbix/zabbix_agentd.conf|grep -Ev '#|^$'

LogType=console

Server=zabbix-server-mysql

ServerActive=zabbix-server-mysql:10051

Hostname=zabbix-server

User=zabbix

Include=/etc/zabbix/zabbix_agentd.d/

LoadModulePath=/var/lib/zabbix/modules/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

[root@elk-master~]# docker exec -it zabbix-agent bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

19:eth0@if20:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:14:00:05brdff:ff:ff:ff:ff:ff

inet172.20.0.5/16brd172.20.255.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

bash-5.0$cat/etc/zabbix/zabbix_agentd.conf|grep-Ev'#|^$'

LogType=console

Server=zabbix-server-mysql

ServerActive=zabbix-server-mysql:10051

Hostname=zabbix-server

User=zabbix

Include=/etc/zabbix/zabbix_agentd.d/

LoadModulePath=/var/lib/zabbix/modules/

进入agent容器验证数据和web端采集的数据

1 查看磁盘工具agent中的数据于web采集的是一致

2 查看进程数量

发现web的数据也是和agent容器是一致的

宿主机进程

server容器进程

结论:这种方式是可行的,但是采集的是agent的容器数据,不能完全代表server服务器的数据

场景2

当server服务器上的agent用安装的时候,使用的网桥模式,但是agent和server如果不是在同一个网桥,相当于两个容器的ip地址将是两个网段

,那么这种同主机两个网段的容器,是否可以使用宿主机ip+容器暴露的端口来采集呢,采集是否也是agent容器自己的数据?

首先使用默认网桥bridge启动agent,但是配置文件中的server ip使用的是宿主机ip,没有测试出来结果,不知道同主机,不能网桥的容器如何通信,当另外找一台主机使用如下命令,则可以通信

[root@elk-master ~]# docker rm -f zabbix-agent

zabbix-agent

[root@elk-master ~]#docker run --name zabbix-agent --network=bridge -p 10050:10050 -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="192.168.73.133" -e ZBX_SERVER_PORT=10054 -d zabbix/zabbix-agent:latest

[root@elk-master ~]# docker exec -it zabbix-server-mysql bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:14:00:03 brd ff:ff:ff:ff:ff:ff

inet 172.20.0.3/16 brd 172.20.255.255 scope global eth0

valid_lft forever preferred_lft forever

bash-5.0$ exit

exit

[root@elk-master ~]# docker exec -it zabbix-agent bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0

valid_lft forever preferred_lft forever

bash-5.0$ ping 172.20.0.3

PING 172.20.0.3 (172.20.0.3) 56(84) bytes of data.

^C

--- 172.20.0.3 ping statistics ---

41 packets transmitted, 0 received, 100% packet loss, time 44ms

bash-5.0$ cat /etc/zabbix/zabbix_agentd.conf |grep -Ev '#|^$'

LogType=console

Server=192.168.73.133

ServerActive=192.168.73.133:10051

Hostname=Zabbix server

User=zabbix

Include=/etc/zabbix/zabbix_agentd.d/

LoadModulePath=/var/lib/zabbix/modules/

bash-5.0$

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

[root@elk-master~]# docker rm -f zabbix-agent

zabbix-agent

[root@elk-master~]#docker run --name zabbix-agent --network=bridge -p 10050:10050 -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="192.168.73.133" -e ZBX_SERVER_PORT=10054  -d zabbix/zabbix-agent:latest

[root@elk-master~]# docker exec -it zabbix-server-mysql bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

21:eth0@if22:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:14:00:03brdff:ff:ff:ff:ff:ff

inet172.20.0.3/16brd172.20.255.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

bash-5.0$exit

exit

[root@elk-master~]# docker exec -it zabbix-agent bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

23:eth0@if24:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:11:00:02brdff:ff:ff:ff:ff:ff

inet172.17.0.2/16brd172.17.255.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

bash-5.0$ping172.20.0.3

PING172.20.0.3(172.20.0.3)56(84)bytesofdata.

^C

---172.20.0.3pingstatistics---

41packetstransmitted,0received,100%packetloss,time44ms

bash-5.0$cat/etc/zabbix/zabbix_agentd.conf|grep-Ev'#|^$'

LogType=console

Server=192.168.73.133

ServerActive=192.168.73.133:10051

Hostname=Zabbixserver

User=zabbix

Include=/etc/zabbix/zabbix_agentd.d/

LoadModulePath=/var/lib/zabbix/modules/

bash-5.0$

可以看到容器和zabbix-agent的ip地址和zabbix-server的ip地址是不一致,不能互相通信,因为我在启动容器的时候指定环境变量了,因此此时的server ip为宿主机ip

然后我们看一下web端的server端的agent配置地址为宿主机地址,端口配置为agent映射出来的端口,在server端使用zabbix_get看能否通过宿主机ip地址+映射端口进行数据采集

[root@elk-master ~]# docker exec -it zabbix-server-mysql bash

bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"

zabbix_get [185]: Check access restrictions in Zabbix agent configuration

bash-5.0$

1

2

3

4

[root@elk-master~]# docker exec -it zabbix-server-mysql bash

bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"

zabbix_get[185]:CheckaccessrestrictionsinZabbixagentconfiguration

bash-5.0$

同主机这种配置方式四没法获取到值,当另外找一台主机使用默认网桥模式,使用宿主机ip+暴露的端口,是可以进行通信的

bash-5.0$ zabbix_get -s 192.168.73.135 -p 10050 -k "system.uptime"

1988

1

2

bash-5.0$zabbix_get-s192.168.73.135-p10050-k"system.uptime"

1988

基于docker网络的配置,可以添加iptables的链规则,让两个网桥上的容器可以互相通信

[root@elk-master ~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.20.0.0/16 -d 172.17.0.0/16

[root@elk-master ~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.17.0.0/16 -d 172.20.0.0/16

[root@elk-master ~]# docker exec -it zabbix-server-mysql

bash-5.0$ zabbix_get -s 172.17.0.2 -p 10050 -k "system.uptime"

zabbix_get [196]: Check access restrictions in Zabbix agent configuration

bash-5.0$ ping 172.17.0.2

PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.

64 bytes from 172.17.0.2: icmp_seq=1 ttl=63 time=0.068 ms

64 bytes from 172.17.0.2: icmp_seq=2 ttl=63 time=0.096 ms

^C

--- 172.17.0.2 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1ms

rtt min/avg/max/mdev = 0.068/0.082/0.096/0.014 ms

bash-5.0$

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

[root@elk-master~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT   -s  172.20.0.0/16 -d 172.17.0.0/16

[root@elk-master~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT   -s  172.17.0.0/16 -d 172.20.0.0/16

[root@elk-master~]# docker exec -it zabbix-server-mysql

bash-5.0$zabbix_get-s172.17.0.2-p10050-k"system.uptime"

zabbix_get[196]:CheckaccessrestrictionsinZabbixagentconfiguration

bash-5.0$ping172.17.0.2

PING172.17.0.2(172.17.0.2)56(84)bytesofdata.

64bytesfrom172.17.0.2:icmp_seq=1ttl=63time=0.068ms

64bytesfrom172.17.0.2:icmp_seq=2ttl=63time=0.096ms

^C

---172.17.0.2pingstatistics---

2packetstransmitted,2received,0%packetloss,time1ms

rttmin/avg/max/mdev=0.068/0.082/0.096/0.014ms

bash-5.0$

结果发现就算两个容器互相通信了,但不是在一个网桥,所以还是不能够采集到数据(我删除了容器,从新配置server的ip启动)

最终可以使用一个容器多网桥的概念,把zabbix-agent也加入到zabbix-server所使用的my-net网桥

[root@elk-master ~]# docker network connect my-net zabbix-agent

[root@elk-master ~]# docker exec -it zabbix-agent bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0

valid_lft forever preferred_lft forever

27: eth1@if28: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP

link/ether 02:42:ac:14:00:05 brd ff:ff:ff:ff:ff:ff

inet 172.20.0.5/16 brd 172.20.255.255 scope global eth1

valid_lft forever preferred_lft forever

bash-5.0$ exit

exit

[root@elk-master ~]# docker exec -it zabbix-server-mysql bash

bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"

zabbix_get [203]: Check access restrictions in Zabbix agent configuration

bash-5.0$ zabbix_get -s 172.20.0.5 -p 10050 -k "system.uptime"

6748

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

[root@elk-master~]# docker network connect my-net zabbix-agent

[root@elk-master~]# docker exec -it zabbix-agent bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

25:eth0@if26:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:11:00:02brdff:ff:ff:ff:ff:ff

inet172.17.0.2/16brd172.17.255.255scopeglobaleth0

valid_lftforeverpreferred_lftforever

27:eth1@if28:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP

link/ether02:42:ac:14:00:05brdff:ff:ff:ff:ff:ff

inet172.20.0.5/16brd172.20.255.255scopeglobaleth1

valid_lftforeverpreferred_lftforever

bash-5.0$exit

exit

[root@elk-master~]# docker exec -it zabbix-server-mysql bash

bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"

zabbix_get[203]:CheckaccessrestrictionsinZabbixagentconfiguration

bash-5.0$zabbix_get-s172.20.0.5-p10050-k"system.uptime"

6748

场景3

当server服务器上的agent用安装的时候,使用的host模式,server使用的是网桥模式,采集的是否将会是agent容器自己的数据?

首先,使用网络模式host启动agent,并且server配置成容器ip,这样agent将会与宿主机一样公用一个网络

[root@elk-master ~]# docker rm -f zabbix-agent

zabbix-agent

[root@elk-master ~]# docker run --name zabbix-agent --network=host -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="172.20.0.3" -e ZBX_SERVER_PORT=10051 -d zabbix/zabbix-agent:latest

05f9576a0e8384ea509d47dd974d410886556aecee391beb6ed96269ce3642d2

[root@elk-master ~]# docker exec -it zabbix-agent bash

bash-5.0$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:0b:95:34 brd ff:ff:ff:ff:ff:ff

inet 192.168.73.133/24 brd 192.168.73.255 scope global ens33

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe0b:9534/64 scope link

valid_lft forever preferred_lft forever

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN

link/ether 02:42:64:f5:ce:26 brd ff:ff:ff:ff:ff:ff

inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

valid_lft forever preferred_lft forever

inet6 fe80::42:64ff:fef5:ce26/64 scope link

valid_lft forever preferred_lft forever

6: br-f8d5b552a9e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

link/ether 02:42:bf:8c:b4:5a brd ff:ff:ff:ff:ff:ff

inet 172.20.0.1/16 brd 172.20.255.255 scope global br-f8d5b552a9e8

valid_lft forever preferred_lft forever

inet6 fe80::42:bfff:fe8c:b45a/64 scope link

valid_lft forever preferred_lft forever

14: veth7292b59@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP

link/ether 56:9f:c2:70:eb:36 brd ff:ff:ff:ff:ff:ff

inet6 fe80::549f:c2ff:fe70:eb36/64 scope link

valid_lft forever preferred_lft forever

18: vetha3f4946@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP

link/ether 86:71:f9:d9:83:93 brd ff:ff:ff:ff:ff:ff

inet6 fe80::8471:f9ff:fed9:8393/64 scope link

valid_lft forever preferred_lft forever

22: veth36efc5f@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP

link/ether fe:62:61:ad:8a:de brd ff:ff:ff:ff:ff:ff

inet6 fe80::fc62:61ff:fead:8ade/64 scope link

valid_lft forever preferred_lft forever

bash-5.0$ exit

exit

[root@elk-master ~]# docker exec -it zabbix-server-mysql bash

bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"

6946

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

[root@elk-master~]# docker rm -f zabbix-agent

zabbix-agent

[root@elk-master~]# docker run --name zabbix-agent --network=host  -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="172.20.0.3" -e ZBX_SERVER_PORT=10051  -d zabbix/zabbix-agent:latest

05f9576a0e8384ea509d47dd974d410886556aecee391beb6ed96269ce3642d2

[root@elk-master~]# docker exec -it zabbix-agent bash

bash-5.0$ipaddr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000

link/loopback00:00:00:00:00:00brd00:00:00:00:00:00

inet127.0.0.1/8scopehostlo

valid_lftforeverpreferred_lftforever

inet6::1/128scopehost

valid_lftforeverpreferred_lftforever

2:ens33:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000

link/ether00:0c:29:0b:95:34brdff:ff:ff:ff:ff:ff

inet192.168.73.133/24brd192.168.73.255scopeglobalens33

valid_lftforeverpreferred_lftforever

inet6fe80::20c:29ff:fe0b:9534/64scopelink

valid_lftforeverpreferred_lftforever

3:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWN

link/ether02:42:64:f5:ce:26brdff:ff:ff:ff:ff:ff

inet172.17.0.1/16brd172.17.255.255scopeglobaldocker0

valid_lftforeverpreferred_lftforever

inet6fe80::42:64ff:fef5:ce26/64scopelink

valid_lftforeverpreferred_lftforever

6:br-f8d5b552a9e8:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUP

link/ether02:42:bf:8c:b4:5abrdff:ff:ff:ff:ff:ff

inet172.20.0.1/16brd172.20.255.255scopeglobalbr-f8d5b552a9e8

valid_lftforeverpreferred_lftforever

inet6fe80::42:bfff:fe8c:b45a/64scopelink

valid_lftforeverpreferred_lftforever

14:veth7292b59@if13:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP

link/ether56:9f:c2:70:eb:36brdff:ff:ff:ff:ff:ff

inet6fe80::549f:c2ff:fe70:eb36/64scopelink

valid_lftforeverpreferred_lftforever

18:vetha3f4946@if17:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP

link/ether86:71:f9:d9:83:93brdff:ff:ff:ff:ff:ff

inet6fe80::8471:f9ff:fed9:8393/64scopelink

valid_lftforeverpreferred_lftforever

22:veth36efc5f@if21:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP

link/etherfe:62:61:ad:8a:debrdff:ff:ff:ff:ff:ff

inet6fe80::fc62:61ff:fead:8ade/64scopelink

valid_lftforeverpreferred_lftforever

bash-5.0$exit

exit

[root@elk-master~]# docker exec -it zabbix-server-mysql bash

bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"

6946

然后,我们需要把web端的server端的agent配置地址为宿主机地址,端口为默认端口

这样是可以采集到数据,但是采集的也是容器的数据,不是宿主机的数据

如果想让zabbix-agent启动的时候注入的ip地址为宿主机ip地址的话,需要把zabbix-server启动的网络模式也改成host,这样才采集到数据

四、结论

1 当使用docker环境部署zabbix的时候,对于zabbix-server和zabbix-agent容器的网络模式需要注意,如果设置的不对会导致采集不到agent的数据

2 只有当zabbix-server和zabbix-agent启动的时候在一个网桥下,或者zabbix-agent使用宿主机网络的时候才可以采集到数据

3 如果是容器启动的agent,那么server端采集到的数据是agent容器的数据,不能全部代表宿主机的指标

4 如果想准确的采集宿主机的指标,应该是用rpm源码包进行安装agent服务

CentOS 7.x 下安装Zabbix Agent 4.4 操作指引

=====

第一步:安装rpm包

rpm -ivh https://repo.zabbix.com/zabbix/4.4/rhel/7/x86_64/zabbix-agent-4.4.4-1.el7.x86_64.rpm

注:此处的RPM安装包可以根据URL查找更多版本的RPM包

第二步:安装agent

yum install zabbix-agent

第三步:启动agent并检查是否成功

systemctl start zabbix-agent

systemctl status zabbix-agent

第四步:配置Zabbix Agent

vim /etc/zabbix/zabbix_agentd.conf

更改Server的地址为zabbix server的ip地址或域名

第五步:重启zabbix并将Zabbix Agent加入开机启动项

systemctl restart zabbix-agent

systemctl enable zabbix-agent

第六步:配置防火墙允许被访问10050端口

firewall-cmd --zone=public --add-port=10050/tcp --permanent

firewall-cmd --reload

firewall-cmd --zone=public --list-ports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

CentOS7.x下安装ZabbixAgent4.4操作指引

=====

第一步:安装rpm包

rpm-ivhhttps://repo.zabbix.com/zabbix/4.4/rhel/7/x86_64/zabbix-agent-4.4.4-1.el7.x86_64.rpm

注:此处的RPM安装包可以根据URL查找更多版本的RPM包

第二步:安装agent

yuminstallzabbix-agent

第三步:启动agent并检查是否成功

systemctlstartzabbix-agent

systemctlstatuszabbix-agent

第四步:配置ZabbixAgent

vim/etc/zabbix/zabbix_agentd.conf

更改Server的地址为zabbixserver的ip地址或域名

第五步:重启zabbix并将ZabbixAgent加入开机启动项

systemctlrestartzabbix-agent

systemctlenablezabbix-agent

第六步:配置防火墙允许被访问10050端口

firewall-cmd--zone=public--add-port=10050/tcp--permanent

firewall-cmd--reload

firewall-cmd--zone=public--list-ports

bb18d9ef716158d25ce7e649ffe3c505.png

表情包
插入表情
评论将由博主筛选后显示,对所有人可见 | 还能输入1000个字符
相关推荐
©️2020 CSDN 皮肤主题: 深蓝海洋 设计师:CSDN官方博客 返回首页