【发布时间】:2020-12-23 19:12:43
【问题描述】:
我相信这个话题不止一次被提出。但我找不到任何合理的解决方案。所以这里...
我已经在容器中部署了 Zabbix。我只有一台运行 3 个容器的主机:zabbix-server、zabbix-web-nginx-mysql、zabbix-agent。所有 3 个都在一个 docker-compose.yaml 中定义:
我运行 Ubuntu 20.04 和 Docker 版本 20.10.1,构建 831ebea
version: '3.5'
networks:
zbx_net:
driver: bridge
services:
zabbix-server:
image: zabbix/zabbix-server-mysql:alpine-5.2-latest
ports:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
env_file:
- .env_db_mysql
- .env_srv
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
networks:
zbx_net:
aliases:
- zabbix-server
- zabbix-server-mysql
- zabbix-server-alpine-mysql
- zabbix-server-mysql-alpine
stop_grace_period: 30s
sysctls:
- net.ipv4.ip_local_port_range=1024 65000
- net.ipv4.conf.all.accept_redirects=0
- net.ipv4.conf.all.secure_redirects=0
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-web-nginx-mysql:
image: zabbix/zabbix-web-nginx-mysql:alpine-5.2-latest
ports:
- "8081:8080"
- "8443:8443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
env_file:
- .env_db_mysql
- .env_web
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
depends_on:
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
networks:
zbx_net:
aliases:
- zabbix-web-nginx-mysql
- zabbix-web-nginx-alpine-mysql
- zabbix-web-nginx-mysql-alpine
stop_grace_period: 10s
sysctls:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "nginx"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-agent:
image: zabbix/zabbix-agent:alpine-5.2-latest
ports:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
env_file:
- .env_agent
privileged: true
pid: "host"
networks:
zbx_net:
aliases:
- zabbix-agent
- zabbix-agent-passive
- zabbix-agent-alpine
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "alpine"
secrets:
MYSQL_USER:
file: ./.MYSQL_USER
MYSQL_PASSWORD:
file: ./.MYSQL_PASSWORD
所有 3 个容器都在同一个用户定义的网络中。因此,根据 Docker Compose 文档,它们能够通信就足够了。但是,如果尝试从 zabbix-agent 容器到 nc zabbix-server 10051,则连接失败,并且我在 zabbix-server 上看不到任何连接尝试。
我检查了它是否可能是由防火墙引起的。我使用nftables 并创建了一个规则,允许172.0.0.0/8 和172.0.0.0/8 之间的所有流量。它在某种程度上有所帮助,我可以连接到<host IP>:10051(如 172.26.0.1:10051)。虽然zabbix-agent 日志仍然显示连接被拒绝的错误,所以我认为它仍然无法正常工作。
无论如何,我主要关心的是容器之间直接通信的能力,因为它应该是。我也尝试从zabbix-agent 连接到zabbix-web-nginx-mysql:8081,但它也没有连接。所以我的理解是容器间通信根本不起作用。
如果我查看zabbix_zbx_net 网络,我可以看到所有 3 个容器都在那里:
[
{
"Name": "zabbix_zbx_net",
"Id": "def0d254c1077d3874c74ebd6f93a9a9895683a2cc97ffe53a0fa2524649f790",
"Created": "2020-12-22T10:02:59.55942359+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.27.0.0/16",
"Gateway": "172.27.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"95ed96686a7607b5c8aa22bc86f69916dcc117ae118859a5254d3e001df70de9": {
"Name": "zabbix_zabbix-server_1",
"EndpointID": "98e7c97886308716b5bf85bf5c8a4bb9655df9e3d79d34a05c8b9d6bca10ae15",
"MacAddress": "02:42:ac:1b:00:03",
"IPv4Address": "172.27.0.3/16",
"IPv6Address": ""
},
"ab9216585795561226e608dc5f8a074de3d551f4e09f4caba48a111ec2d89c2b": {
"Name": "zabbix_zabbix-web-nginx-mysql_1",
"EndpointID": "0159042e1b64b7ac7f5ca3d675b7a855fa7d22aa42b4765877f4f09723f73307",
"MacAddress": "02:42:ac:1b:00:04",
"IPv4Address": "172.27.0.4/16",
"IPv6Address": ""
},
"d17b6314e3f0ade5af7f7bf770fa72f82677e3d6fe82b62bea3ae05567ceb836": {
"Name": "zabbix_zabbix-agent_1",
"EndpointID": "8799fe8af03e945fb020d39e66912a20501c08d7b715b3f4aeed531f57392c65",
"MacAddress": "02:42:ac:1b:00:02",
"IPv4Address": "172.27.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "zbx_net",
"com.docker.compose.project": "zabbix",
"com.docker.compose.version": "1.25.0"
}
}
]
所以我不知道还有什么可以检查的。
【问题讨论】:
-
容器中的主进程是否监听特殊的“所有接口”地址 0.0.0.0 和端口 10051?如果进程正在侦听不同的端口,或者它绑定到容器私有 localhost 地址 127.0.0.1,您将看到此症状。
-
是的,它监听 0.0.0.0:10051。我可以通过主机上的公开端口连接到它。但是不能直接从另一个容器连接(zabbix-server:10051)
标签: docker docker-compose docker-networking