关于docker环境运行zabbix时,可以快速的部署一套zabbix环境,不管是学习docker还是学习zabbix,都是可以作为一个实际项目来进行测试和练习,但是如果对docker的网络模式不熟悉,可能会遇到一些坑,本文就一些你可能不知道的事进行了测试,与试水,希望能给与大家帮助
一、Docker四种网络模式
实现原理
Docker使用Linux桥接(参考《Linux虚拟网络技术》),在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。
Docker网桥是宿主机虚拟出来的,并不是真实存在的网络设备,外部网络是无法寻址到的,这也意味着外部网络无法通过直接Container-IP访问到容器。如果容器希望外部访问能够访问到,可以通过映射容器端口到宿主主机(端口映射),即docker run创建容器时候通过 -p 或 -P 参数来启用,访问容器的时候就通过[宿主机IP]:[容器端口]访问容器。
四类网络模式
Docker网络模式 配置 说明
host模式 –net=host 容器和宿主机共享Network namespace。
container模式
–net=container:NAME_or_ID
容器和另外一个容器共享Network namespace。 kubernetes中的pod就是多个容器共享一个Network namespace
none模式 –net=none 容器有独立的Network namespace,但并没有对其进行任何网络设置,如分配veth pair 和网桥连接,配置IP等。
bridge模式 –net=bridge (默认为该模式)
host模式
如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。
使用host模式的容器可以直接使用宿主机的IP地址与外界通信,容器内部的服务端口也可以使用宿主机的端口,不需要进行NAT,host最大的优势就是网络性能比较好,但是docker host上已经使用的端口就不能再用了,网络的隔离性不好。
Host模式如下图所示:
container模式
这个模式指定新创建的容器和已经存在的一个容器共享一个 Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的 IP,而是和一个指定的容器共享 IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过 lo 网卡设备通信。
Container模式示意图:
none模式
使用none模式,Docker容器拥有自己的Network Namespace,但是,并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。
这种网络模式下容器只有lo回环网络,没有其他网卡。none模式可以在容器创建时通过--network=none来指定。这种类型的网络没有办法联网,封闭的网络能很好的保证容器的安全性。
None模式示意图:
bridge模式
当Docker进程启动时,会在主机上创建一个名为docker0的虚拟网桥,此主机上启动的Docker容器会连接到这个虚拟网桥上。虚拟网桥的工作方式和物理交换机类似,这样主机上的所有容器就通过交换机连在了一个二层网络中。
从docker0子网中分配一个IP给容器使用,并设置docker0的IP地址为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备,Docker将veth pair设备的一端放在新创建的容器中,并命名为eth0(容器的网卡),另一端放在主机中,以vethxxx这样类似的名字命名,并将这个网络设备加入到docker0网桥中。可以通过brctl show命令查看。
bridge模式是docker的默认网络模式,不写--net参数,就是bridge模式。使用docker run -p时,docker实际是在iptables做了DNAT规则,实现端口转发功能。可以使用iptables -t nat -vnL查看。
bridge模式如下图所示:
二、创建zabbix测试环境
1 新建网络
下面自定义创建一个新的bridge模式的Docker网络
[root@centos-linux-4 ]# docker network create -d bridge my-net
2d19b1c8d144a6367810998bc5e001404d34ea1a0f51a52a5246aaeeba04e97a
[root@centos-linux-4 ]# docker network ls
NETWORK ID NAME DRIVER SCOPE
1b86c2f5b04b bridge bridge local
36d9d40bf276 cmp_zabbix_agent_default bridge local
9a3d2b9e95d5 cmp_zabbix_server_default bridge local
f0d6e6c30c66 host host local
2d19b1c8d144 my-net bridge local
bfaa333252cf none null local
1
2
3
4
5
6
7
8
9
10
[root@centos-linux-4]# docker network create -d bridge my-net
2d19b1c8d144a6367810998bc5e001404d34ea1a0f51a52a5246aaeeba04e97a
[root@centos-linux-4]# docker network ls
NETWORKIDNAMEDRIVERSCOPE
1b86c2f5b04bbridgebridgelocal
36d9d40bf276cmp_zabbix_agent_defaultbridgelocal
9a3d2b9e95d5cmp_zabbix_server_defaultbridgelocal
f0d6e6c30c66hosthostlocal
2d19b1c8d144my-netbridgelocal
bfaa333252cfnonenulllocal
-d参数指定Docker网络类型,有bridge、overlay类型,overlay类型适用于Swarm mode,这里我们使用bridge
2 启动一个空的Mysql服务器实例
[root@centos-linux-4 cmp_zabbix_agent]# docker run --name mysql-server --network=my-net -it --restart=always -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -d mysql:5.7 --character-set-server=utf8 --collation-server=utf8_bin
bb6a9117ffec928971b819a1dacb1e62fb748cd9a2d5c9c5f193e5e1cc32eb4f
[root@centos-linux-4 cmp_zabbix_agent]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 3306/tcp
1
2
3
4
5
[root@centos-linux-4cmp_zabbix_agent]# docker run --name mysql-server --network=my-net -it --restart=always -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -d mysql:5.7 --character-set-server=utf8 --collation-server=utf8_bin
bb6a9117ffec928971b819a1dacb1e62fb748cd9a2d5c9c5f193e5e1cc32eb4f
[root@centos-linux-4cmp_zabbix_agent]# docker ps
CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
bb6a9117ffecmysql:5.6"docker-entrypoint.s…"6secondsagoUp5seconds3306/tcp
3 启动Zabbix server实例,并关联这个实例到已创建的MySQL服务器实例
[root@centos-linux-4 cmp_zabbix_agent]# docker run --name zabbix-server-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro --link mysql-server:mysql -p 10051:10051 -d zabbix/zabbix-server-mysql:latest
2ef64b4ca60aaf4db2d82d0ac77139675c5ef7ab98f71e6f1c27217e9fb54d66
[root@centos-linux-4 cmp_zabbix_agent]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ef64b4ca60a zabbix/zabbix-server-mysql:latest "/sbin/tini -- /usr/…" 23 seconds ago Up 22 seconds 0.0.0.0:10051->10051/tcp zabbix-server-mysql
bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp mysql-server
1
2
3
4
5
6
[root@centos-linux-4cmp_zabbix_agent]# docker run --name zabbix-server-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro --link mysql-server:mysql -p 10051:10051 -d zabbix/zabbix-server-mysql:latest
2ef64b4ca60aaf4db2d82d0ac77139675c5ef7ab98f71e6f1c27217e9fb54d66
[root@centos-linux-4cmp_zabbix_agent]# docker ps
CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
2ef64b4ca60azabbix/zabbix-server-mysql:latest"/sbin/tini -- /usr/…"23secondsagoUp22seconds0.0.0.0:10051->10051/tcpzabbix-server-mysql
bb6a9117ffecmysql:5.6"docker-entrypoint.s…"2minutesagoUp2minutes3306/tcpmysql-server
4 启动Zabbix web 接口,并将它与MySQL服务器实例和Zabbix server实例关联
[root@centos-linux-4 cmp_zabbix_agent]# docker run --name zabbix-web-nginx-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" --link mysql-server:mysql --link zabbix-server-mysql:zabbix-server -p 8080:80 -d zabbix/zabbix-web-nginx-mysql:latest
effdf23c761b7f4536bf99ef9fea2999a44f6f2eec8b285763708033a3b7ffa7
[root@centos-linux-4 cmp_zabbix_agent]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
effdf23c761b zabbix/zabbix-web-nginx-mysql:latest "docker-entrypoint.sh" 4 seconds ago Up 3 seconds 443/tcp, 0.0.0.0:8088->80/tcp zabbix-web-nginx-mysql
2ef64b4ca60a zabbix/zabbix-server-mysql:latest "/sbin/tini -- /usr/…" 2 minutes ago Up 2 minutes 0.0.0.0:10051->10051/tcp zabbix-server-mysql
bb6a9117ffec mysql:5.6 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes 3306/tcp mysql-server
1
2
3
4
5
6
7
[root@centos-linux-4cmp_zabbix_agent]# docker run --name zabbix-web-nginx-mysql --network=my-net -it --restart=always -e DB_SERVER_HOST="mysql-server" -e MYSQL_DATABASE="zabbix" -e MYSQL_USER="root" -e MYSQL_PASSWORD="123456" -e MYSQL_ROOT_PASSWORD="123456" --link mysql-server:mysql --link zabbix-server-mysql:zabbix-server -p 8080:80 -d zabbix/zabbix-web-nginx-mysql:latest
effdf23c761b7f4536bf99ef9fea2999a44f6f2eec8b285763708033a3b7ffa7
[root@centos-linux-4cmp_zabbix_agent]# docker ps
CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
effdf23c761bzabbix/zabbix-web-nginx-mysql:latest"docker-entrypoint.sh"4secondsagoUp3seconds443/tcp,0.0.0.0:8088->80/tcpzabbix-web-nginx-mysql
2ef64b4ca60azabbix/zabbix-server-mysql:latest"/sbin/tini -- /usr/…"2minutesagoUp2minutes0.0.0.0:10051->10051/tcpzabbix-server-mysql
bb6a9117ffecmysql:5.6"docker-entrypoint.s…"4minutesagoUp4minutes3306/tcpmysql-server
三、测试场景
前面的zabbix的数据库、server、web都是使用自定义的网桥分配ip地址,正式环境切记需要对一些关键数据进行持久化,同时网络模式也可以不需要指定,使用默认的即可,可以使用如下命令查看自定义的网桥下的容器ip
[root@elk-master ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
39cad5014ee8 bridge bridge local
e7aa5925d508 host host local
f8d5b552a9e8 my-net bridge local
f4ea566b5201 none null local
[root@elk-master ~]# docker network inspect f8d5b552a9e8
[
{
"Name": "my-net",
"Id": "f8d5b552a9e879a8b973393fff52892c12f9f31a12412cb70b5a16e5bed606b6",
"Created": "2020-01-19T10:51:01.317838046+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.20.0.0/16",
"Gateway": "172.20.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"033bc75eae7d20ec1940a9588bf150eff52575076ea53abe5db7a67e663621bc": {
"Name": "zabbix-web-nginx-mysql",
"EndpointID": "bcb44b716858b5b2bd5c4431bf37367771aaade7df5de6fc388f76890d3c64dd",
"MacAddress": "02:42:ac:14:00:04",
"IPv4Address": "172.20.0.4/16",
"IPv6Address": ""
},
"b8177b394cac1676e945019d7d6b7252ee6fec88fb6072a197ead2096610aa66": {
"Name": "zabbix-server-mysql",
"EndpointID": "78f77f1bc9ad066f2173147c5e342b80ec46f9cc3c93b63be7e0e3d2897c5c93",
"MacAddress": "02:42:ac:14:00:03",
"IPv4Address": "172.20.0.3/16",
"IPv6Address": ""
},
"fb7d8240a307f184e5458f54f5a1b2b0e58aba1668af6eefb6a416176b5f9b19": {
"Name": "mysql-server",
"EndpointID": "a271a5ca6e58003650169a644558ec68c31ae76f56d0898368c63961209a5f06",
"MacAddress": "02:42:ac:14:00:02",
"IPv4Address": "172.20.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
[root@elk-master~]# docker network ls
NETWORKIDNAMEDRIVERSCOPE
39cad5014ee8bridgebridgelocal
e7aa5925d508hosthostlocal
f8d5b552a9e8my-netbridgelocal
f4ea566b5201nonenulllocal
[root@elk-master~]# docker network inspect f8d5b552a9e8
[
{
"Name":"my-net",
"Id":"f8d5b552a9e879a8b973393fff52892c12f9f31a12412cb70b5a16e5bed606b6",
"Created":"2020-01-19T10:51:01.317838046+08:00",
"Scope":"local",
"Driver":"bridge",
"EnableIPv6":false,
"IPAM":{
"Driver":"default",
"Options":{},
"Config":[
{
"Subnet":"172.20.0.0/16",
"Gateway":"172.20.0.1"
}
]
},
"Internal":false,
"Attachable":false,
"Ingress":false,
"ConfigFrom":{
"Network":""
},
"ConfigOnly":false,
"Containers":{
"033bc75eae7d20ec1940a9588bf150eff52575076ea53abe5db7a67e663621bc":{
"Name":"zabbix-web-nginx-mysql",
"EndpointID":"bcb44b716858b5b2bd5c4431bf37367771aaade7df5de6fc388f76890d3c64dd",
"MacAddress":"02:42:ac:14:00:04",
"IPv4Address":"172.20.0.4/16",
"IPv6Address":""
},
"b8177b394cac1676e945019d7d6b7252ee6fec88fb6072a197ead2096610aa66":{
"Name":"zabbix-server-mysql",
"EndpointID":"78f77f1bc9ad066f2173147c5e342b80ec46f9cc3c93b63be7e0e3d2897c5c93",
"MacAddress":"02:42:ac:14:00:03",
"IPv4Address":"172.20.0.3/16",
"IPv6Address":""
},
"fb7d8240a307f184e5458f54f5a1b2b0e58aba1668af6eefb6a416176b5f9b19":{
"Name":"mysql-server",
"EndpointID":"a271a5ca6e58003650169a644558ec68c31ae76f56d0898368c63961209a5f06",
"MacAddress":"02:42:ac:14:00:02",
"IPv4Address":"172.20.0.2/16",
"IPv6Address":""
}
},
"Options":{},
"Labels":{}
}
]
当我们想采集zabbix server上的数据的时候,分别进行了如下几个场景的,可以根据自己的需求选择合适的方式
场景1:
当server服务器上的agent也用docker安装的时候,如果网络模式选择bridge,并且agent和server如果是在同一个网桥时,agent的配置文件中server需要填写成zabbix-server容器名或者ip地址,web端需要配置成agent容器的ip地址,最终发现采集到的将会是agent容器自己的数据,具体操作如下:
选择跟server一样的网桥my-net启动agent
docker run --name zabbix-agent --network=my-net -p 10051:10050 -e ZBX_HOSTNAME="zabbix-server" -e ZBX_SERVER_HOST="zabbix-server-mysql" --link zabbix-server-mysql:zabbix-server-mysql -d zabbix/zabbix-agent:latest
1
dockerrun--namezabbix-agent--network=my-net-p10051:10050-eZBX_HOSTNAME="zabbix-server"-eZBX_SERVER_HOST="zabbix-server-mysql"--linkzabbix-server-mysql:zabbix-server-mysql-dzabbix/zabbix-agent:latest
首先我们看一下web端的server端的agent配置地址为容器ip
[root@elk-master ~]# docker exec -it b8177b394cac bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:14:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.3/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
bash-5.0$ zabbix_get -s 172.20.0.5 -p 10050 -k "system.uptime"
1858
bash-5.0$ zabbix_get -s zabbix-agent -p 10050 -k "system.uptime"
1878
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@elk-master~]# docker exec -it b8177b394cac bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
15:eth0@if16:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:14:00:03brdff:ff:ff:ff:ff:ff
inet172.20.0.3/16brd172.20.255.255scopeglobaleth0
valid_lftforeverpreferred_lftforever
bash-5.0$zabbix_get-s172.20.0.5-p10050-k"system.uptime"
1858
bash-5.0$zabbix_get-szabbix-agent-p10050-k"system.uptime"
1878
然后进入容器查看agent中的server地址
[root@elk-master ~]# docker exec -it zabbix-agent bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:14:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.5/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
bash-5.0$ cat /etc/zabbix/zabbix_agentd.conf|grep -Ev '#|^$'
LogType=console
Server=zabbix-server-mysql
ServerActive=zabbix-server-mysql:10051
Hostname=zabbix-server
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/
LoadModulePath=/var/lib/zabbix/modules/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@elk-master~]# docker exec -it zabbix-agent bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
19:eth0@if20:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:14:00:05brdff:ff:ff:ff:ff:ff
inet172.20.0.5/16brd172.20.255.255scopeglobaleth0
valid_lftforeverpreferred_lftforever
bash-5.0$cat/etc/zabbix/zabbix_agentd.conf|grep-Ev'#|^$'
LogType=console
Server=zabbix-server-mysql
ServerActive=zabbix-server-mysql:10051
Hostname=zabbix-server
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/
LoadModulePath=/var/lib/zabbix/modules/
进入agent容器验证数据和web端采集的数据
1 查看磁盘工具agent中的数据于web采集的是一致
2 查看进程数量
发现web的数据也是和agent容器是一致的
宿主机进程
server容器进程
结论:这种方式是可行的,但是采集的是agent的容器数据,不能完全代表server服务器的数据
场景2
当server服务器上的agent用安装的时候,使用的网桥模式,但是agent和server如果不是在同一个网桥,相当于两个容器的ip地址将是两个网段
,那么这种同主机两个网段的容器,是否可以使用宿主机ip+容器暴露的端口来采集呢,采集是否也是agent容器自己的数据?
首先使用默认网桥bridge启动agent,但是配置文件中的server ip使用的是宿主机ip,没有测试出来结果,不知道同主机,不能网桥的容器如何通信,当另外找一台主机使用如下命令,则可以通信
[root@elk-master ~]# docker rm -f zabbix-agent
zabbix-agent
[root@elk-master ~]#docker run --name zabbix-agent --network=bridge -p 10050:10050 -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="192.168.73.133" -e ZBX_SERVER_PORT=10054 -d zabbix/zabbix-agent:latest
[root@elk-master ~]# docker exec -it zabbix-server-mysql bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:14:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.3/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
bash-5.0$ exit
exit
[root@elk-master ~]# docker exec -it zabbix-agent bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
bash-5.0$ ping 172.20.0.3
PING 172.20.0.3 (172.20.0.3) 56(84) bytes of data.
^C
--- 172.20.0.3 ping statistics ---
41 packets transmitted, 0 received, 100% packet loss, time 44ms
bash-5.0$ cat /etc/zabbix/zabbix_agentd.conf |grep -Ev '#|^$'
LogType=console
Server=192.168.73.133
ServerActive=192.168.73.133:10051
Hostname=Zabbix server
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/
LoadModulePath=/var/lib/zabbix/modules/
bash-5.0$
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[root@elk-master~]# docker rm -f zabbix-agent
zabbix-agent
[root@elk-master~]#docker run --name zabbix-agent --network=bridge -p 10050:10050 -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="192.168.73.133" -e ZBX_SERVER_PORT=10054 -d zabbix/zabbix-agent:latest
[root@elk-master~]# docker exec -it zabbix-server-mysql bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
21:eth0@if22:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:14:00:03brdff:ff:ff:ff:ff:ff
inet172.20.0.3/16brd172.20.255.255scopeglobaleth0
valid_lftforeverpreferred_lftforever
bash-5.0$exit
exit
[root@elk-master~]# docker exec -it zabbix-agent bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
23:eth0@if24:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:11:00:02brdff:ff:ff:ff:ff:ff
inet172.17.0.2/16brd172.17.255.255scopeglobaleth0
valid_lftforeverpreferred_lftforever
bash-5.0$ping172.20.0.3
PING172.20.0.3(172.20.0.3)56(84)bytesofdata.
^C
---172.20.0.3pingstatistics---
41packetstransmitted,0received,100%packetloss,time44ms
bash-5.0$cat/etc/zabbix/zabbix_agentd.conf|grep-Ev'#|^$'
LogType=console
Server=192.168.73.133
ServerActive=192.168.73.133:10051
Hostname=Zabbixserver
User=zabbix
Include=/etc/zabbix/zabbix_agentd.d/
LoadModulePath=/var/lib/zabbix/modules/
bash-5.0$
可以看到容器和zabbix-agent的ip地址和zabbix-server的ip地址是不一致,不能互相通信,因为我在启动容器的时候指定环境变量了,因此此时的server ip为宿主机ip
然后我们看一下web端的server端的agent配置地址为宿主机地址,端口配置为agent映射出来的端口,在server端使用zabbix_get看能否通过宿主机ip地址+映射端口进行数据采集
[root@elk-master ~]# docker exec -it zabbix-server-mysql bash
bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"
zabbix_get [185]: Check access restrictions in Zabbix agent configuration
bash-5.0$
1
2
3
4
[root@elk-master~]# docker exec -it zabbix-server-mysql bash
bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"
zabbix_get[185]:CheckaccessrestrictionsinZabbixagentconfiguration
bash-5.0$
同主机这种配置方式四没法获取到值,当另外找一台主机使用默认网桥模式,使用宿主机ip+暴露的端口,是可以进行通信的
bash-5.0$ zabbix_get -s 192.168.73.135 -p 10050 -k "system.uptime"
1988
1
2
bash-5.0$zabbix_get-s192.168.73.135-p10050-k"system.uptime"
1988
基于docker网络的配置,可以添加iptables的链规则,让两个网桥上的容器可以互相通信
[root@elk-master ~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.20.0.0/16 -d 172.17.0.0/16
[root@elk-master ~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.17.0.0/16 -d 172.20.0.0/16
[root@elk-master ~]# docker exec -it zabbix-server-mysql
bash-5.0$ zabbix_get -s 172.17.0.2 -p 10050 -k "system.uptime"
zabbix_get [196]: Check access restrictions in Zabbix agent configuration
bash-5.0$ ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=63 time=0.068 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=63 time=0.096 ms
^C
--- 172.17.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.068/0.082/0.096/0.014 ms
bash-5.0$
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@elk-master~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.20.0.0/16 -d 172.17.0.0/16
[root@elk-master~]# iptables -t filter -I DOCKER-ISOLATION-STAGE-2 1 -j ACCEPT -s 172.17.0.0/16 -d 172.20.0.0/16
[root@elk-master~]# docker exec -it zabbix-server-mysql
bash-5.0$zabbix_get-s172.17.0.2-p10050-k"system.uptime"
zabbix_get[196]:CheckaccessrestrictionsinZabbixagentconfiguration
bash-5.0$ping172.17.0.2
PING172.17.0.2(172.17.0.2)56(84)bytesofdata.
64bytesfrom172.17.0.2:icmp_seq=1ttl=63time=0.068ms
64bytesfrom172.17.0.2:icmp_seq=2ttl=63time=0.096ms
^C
---172.17.0.2pingstatistics---
2packetstransmitted,2received,0%packetloss,time1ms
rttmin/avg/max/mdev=0.068/0.082/0.096/0.014ms
bash-5.0$
结果发现就算两个容器互相通信了,但不是在一个网桥,所以还是不能够采集到数据(我删除了容器,从新配置server的ip启动)
最终可以使用一个容器多网桥的概念,把zabbix-agent也加入到zabbix-server所使用的my-net网桥
[root@elk-master ~]# docker network connect my-net zabbix-agent
[root@elk-master ~]# docker exec -it zabbix-agent bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
25: eth0@if26: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
27: eth1@if28: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:14:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.5/16 brd 172.20.255.255 scope global eth1
valid_lft forever preferred_lft forever
bash-5.0$ exit
exit
[root@elk-master ~]# docker exec -it zabbix-server-mysql bash
bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"
zabbix_get [203]: Check access restrictions in Zabbix agent configuration
bash-5.0$ zabbix_get -s 172.20.0.5 -p 10050 -k "system.uptime"
6748
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@elk-master~]# docker network connect my-net zabbix-agent
[root@elk-master~]# docker exec -it zabbix-agent bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
25:eth0@if26:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:11:00:02brdff:ff:ff:ff:ff:ff
inet172.17.0.2/16brd172.17.255.255scopeglobaleth0
valid_lftforeverpreferred_lftforever
27:eth1@if28:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:14:00:05brdff:ff:ff:ff:ff:ff
inet172.20.0.5/16brd172.20.255.255scopeglobaleth1
valid_lftforeverpreferred_lftforever
bash-5.0$exit
exit
[root@elk-master~]# docker exec -it zabbix-server-mysql bash
bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"
zabbix_get[203]:CheckaccessrestrictionsinZabbixagentconfiguration
bash-5.0$zabbix_get-s172.20.0.5-p10050-k"system.uptime"
6748
场景3
当server服务器上的agent用安装的时候,使用的host模式,server使用的是网桥模式,采集的是否将会是agent容器自己的数据?
首先,使用网络模式host启动agent,并且server配置成容器ip,这样agent将会与宿主机一样公用一个网络
[root@elk-master ~]# docker rm -f zabbix-agent
zabbix-agent
[root@elk-master ~]# docker run --name zabbix-agent --network=host -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="172.20.0.3" -e ZBX_SERVER_PORT=10051 -d zabbix/zabbix-agent:latest
05f9576a0e8384ea509d47dd974d410886556aecee391beb6ed96269ce3642d2
[root@elk-master ~]# docker exec -it zabbix-agent bash
bash-5.0$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:0b:95:34 brd ff:ff:ff:ff:ff:ff
inet 192.168.73.133/24 brd 192.168.73.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe0b:9534/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:64:f5:ce:26 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:64ff:fef5:ce26/64 scope link
valid_lft forever preferred_lft forever
6: br-f8d5b552a9e8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:bf:8c:b4:5a brd ff:ff:ff:ff:ff:ff
inet 172.20.0.1/16 brd 172.20.255.255 scope global br-f8d5b552a9e8
valid_lft forever preferred_lft forever
inet6 fe80::42:bfff:fe8c:b45a/64 scope link
valid_lft forever preferred_lft forever
14: veth7292b59@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP
link/ether 56:9f:c2:70:eb:36 brd ff:ff:ff:ff:ff:ff
inet6 fe80::549f:c2ff:fe70:eb36/64 scope link
valid_lft forever preferred_lft forever
18: vetha3f4946@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP
link/ether 86:71:f9:d9:83:93 brd ff:ff:ff:ff:ff:ff
inet6 fe80::8471:f9ff:fed9:8393/64 scope link
valid_lft forever preferred_lft forever
22: veth36efc5f@if21: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue master br-f8d5b552a9e8 state UP
link/ether fe:62:61:ad:8a:de brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc62:61ff:fead:8ade/64 scope link
valid_lft forever preferred_lft forever
bash-5.0$ exit
exit
[root@elk-master ~]# docker exec -it zabbix-server-mysql bash
bash-5.0$ zabbix_get -s 192.168.73.133 -p 10050 -k "system.uptime"
6946
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[root@elk-master~]# docker rm -f zabbix-agent
zabbix-agent
[root@elk-master~]# docker run --name zabbix-agent --network=host -e ZBX_HOSTNAME="Zabbix server" -e ZBX_SERVER_HOST="172.20.0.3" -e ZBX_SERVER_PORT=10051 -d zabbix/zabbix-agent:latest
05f9576a0e8384ea509d47dd974d410886556aecee391beb6ed96269ce3642d2
[root@elk-master~]# docker exec -it zabbix-agent bash
bash-5.0$ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1000
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
inet6::1/128scopehost
valid_lftforeverpreferred_lftforever
2:ens33:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000
link/ether00:0c:29:0b:95:34brdff:ff:ff:ff:ff:ff
inet192.168.73.133/24brd192.168.73.255scopeglobalens33
valid_lftforeverpreferred_lftforever
inet6fe80::20c:29ff:fe0b:9534/64scopelink
valid_lftforeverpreferred_lftforever
3:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWN
link/ether02:42:64:f5:ce:26brdff:ff:ff:ff:ff:ff
inet172.17.0.1/16brd172.17.255.255scopeglobaldocker0
valid_lftforeverpreferred_lftforever
inet6fe80::42:64ff:fef5:ce26/64scopelink
valid_lftforeverpreferred_lftforever
6:br-f8d5b552a9e8:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUP
link/ether02:42:bf:8c:b4:5abrdff:ff:ff:ff:ff:ff
inet172.20.0.1/16brd172.20.255.255scopeglobalbr-f8d5b552a9e8
valid_lftforeverpreferred_lftforever
inet6fe80::42:bfff:fe8c:b45a/64scopelink
valid_lftforeverpreferred_lftforever
14:veth7292b59@if13:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP
link/ether56:9f:c2:70:eb:36brdff:ff:ff:ff:ff:ff
inet6fe80::549f:c2ff:fe70:eb36/64scopelink
valid_lftforeverpreferred_lftforever
18:vetha3f4946@if17:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP
link/ether86:71:f9:d9:83:93brdff:ff:ff:ff:ff:ff
inet6fe80::8471:f9ff:fed9:8393/64scopelink
valid_lftforeverpreferred_lftforever
22:veth36efc5f@if21:<BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN>mtu1500qdiscnoqueuemasterbr-f8d5b552a9e8stateUP
link/etherfe:62:61:ad:8a:debrdff:ff:ff:ff:ff:ff
inet6fe80::fc62:61ff:fead:8ade/64scopelink
valid_lftforeverpreferred_lftforever
bash-5.0$exit
exit
[root@elk-master~]# docker exec -it zabbix-server-mysql bash
bash-5.0$zabbix_get-s192.168.73.133-p10050-k"system.uptime"
6946
然后,我们需要把web端的server端的agent配置地址为宿主机地址,端口为默认端口
这样是可以采集到数据,但是采集的也是容器的数据,不是宿主机的数据
如果想让zabbix-agent启动的时候注入的ip地址为宿主机ip地址的话,需要把zabbix-server启动的网络模式也改成host,这样才采集到数据
四、结论
1 当使用docker环境部署zabbix的时候,对于zabbix-server和zabbix-agent容器的网络模式需要注意,如果设置的不对会导致采集不到agent的数据
2 只有当zabbix-server和zabbix-agent启动的时候在一个网桥下,或者zabbix-agent使用宿主机网络的时候才可以采集到数据
3 如果是容器启动的agent,那么server端采集到的数据是agent容器的数据,不能全部代表宿主机的指标
4 如果想准确的采集宿主机的指标,应该是用rpm源码包进行安装agent服务
CentOS 7.x 下安装Zabbix Agent 4.4 操作指引
=====
第一步:安装rpm包
rpm -ivh https://repo.zabbix.com/zabbix/4.4/rhel/7/x86_64/zabbix-agent-4.4.4-1.el7.x86_64.rpm
注:此处的RPM安装包可以根据URL查找更多版本的RPM包
第二步:安装agent
yum install zabbix-agent
第三步:启动agent并检查是否成功
systemctl start zabbix-agent
systemctl status zabbix-agent
第四步:配置Zabbix Agent
vim /etc/zabbix/zabbix_agentd.conf
更改Server的地址为zabbix server的ip地址或域名
第五步:重启zabbix并将Zabbix Agent加入开机启动项
systemctl restart zabbix-agent
systemctl enable zabbix-agent
第六步:配置防火墙允许被访问10050端口
firewall-cmd --zone=public --add-port=10050/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
CentOS7.x下安装ZabbixAgent4.4操作指引
=====
第一步:安装rpm包
rpm-ivhhttps://repo.zabbix.com/zabbix/4.4/rhel/7/x86_64/zabbix-agent-4.4.4-1.el7.x86_64.rpm
注:此处的RPM安装包可以根据URL查找更多版本的RPM包
第二步:安装agent
yuminstallzabbix-agent
第三步:启动agent并检查是否成功
systemctlstartzabbix-agent
systemctlstatuszabbix-agent
第四步:配置ZabbixAgent
vim/etc/zabbix/zabbix_agentd.conf
更改Server的地址为zabbixserver的ip地址或域名
第五步:重启zabbix并将ZabbixAgent加入开机启动项
systemctlrestartzabbix-agent
systemctlenablezabbix-agent
第六步:配置防火墙允许被访问10050端口
firewall-cmd--zone=public--add-port=10050/tcp--permanent
firewall-cmd--reload
firewall-cmd--zone=public--list-ports
884
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
