Dockbix agent XXL - enable TLS configuration #45
Comments
chrismcna
changed the title
|
How did you mount files from "ZA_TLSPSKIdentity and ZA_TLSPSKFile"? |
|
ZA_TLSPSKIdentity isnt a file path its the value, please see documentation https://www.zabbix.com/documentation/3.2/manual/appendix/config/zabbix_agentd ZA_TLSPSKFile is the path to the file containing the TLS PSK, i tried a few ways, 1: i used volume to mount the file in the container. 2: also tired "docker cp" command and coping the file to docker container. I have a windows agent that i have setup with TLS and is working fine, so I understand how the TLS settings work in the conf file. from what i can tell the environment variables are not passed to/picked up by zabbix agent, |
|
i using docker-compose v2, file location on docker host /data/docker/stacks/zabbix/zabbix-agentd.psk, then used environment section environment to set the environment variables e.g. |
|
Please follow https://github.com/monitoringartist/dockbix-agent-xxl#support and provide all logs. Agent doesn't have TLS support compiled, so I'm curious why it is not failing. |
|
the agent does have tls support,
|
|
i will enabled debug and get you that information soon |
|
here is the log |
|
There is no problem on Zabbix agent side. There is "wrapper" code, which prepares environment for Zabbix and it ignores any variables with prefix Currently, you can't configure any TLS settings for this docker image. You need to use another image or agent with docker module in the host OS. Let me keep this issue open for now as my own reminder. |
jangaraj
changed the title
|
thanks for the help, it answers my question. By the way thanks for this project and all your/your team's hard work, |
|
Just a quick question, Any ideas? ------Docker compose snippet Zabbix Agent Log
|
|
Module doesn't read metrics from |
|
solved it now using. So ive taken the zabbix_module_docker.so from your docker image as I noticed your version in the image is 0.6.8 and your prebuilt is 0.6.7. i then used this docker compose below, Ive had to mount over configuration files i cant change from the zabbix/zabbix-agent docker image. /etc/zabbix/zabbix_agentd.conf is mounted over as i cannot specify AllowRoot via zabbix/zabbix-agent /etc/supervisor/conf.d/supervisord_zabbix.conf is mounted over as i cannot change the Zabbix agent user to run as as root any other way. now I have the zabbix/zabbix-agent image, loading in your module, working with docker and using encryption version: "2" |
|
isn't there any shortcut as for now? My first idea is to use nginx reverse proxy that redirects a url into local container, so it would end with proxying I will try to do this using nginx-proxy container, this would encrypt all data between nginx reverse proxy and zabbix server (which is also running under HTTPS) As for swarm, I have very limited knowledge how its load balancer would handle it but a wildcard certificate should do the work |
|
No, there is no shortcut for that. But https://github.com/monitoringartist/dockbix-xxl/ uses nginx, so you can create custom nginx config and used it instead of default nginx configuration. |
Hi,
I want to enabled TLSConnect=psk and TLSAccept=psk, so I have tried setting environment variable ZA_TLSConnect=psk, ZA_TLSAccept=psk, ZA_TLSPSKIdentity and ZA_TLSPSKFile but this has no effect.
The agent log contains a messaging saying "failed to accept an incoming connection: from ...: TLS connections are not allowed"
I used the above environment variables as "https://hub.docker.com/r/monitoringartist/dockbix-agent-xxl-limited/" states "You can use almost any agent config parameter, just add prefix ZA_ " with a link to agent configuration page.
The text was updated successfully, but these errors were encountered: