Most monitoring is typically driven over a management network, which is usually bound to a VRF, which for some reason is missing in the current implementation. Proposing to add it :)
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Improvement (missing useful functionality)
Related Objects
Related Objects
Event Timeline
Comment Actions
Yep looks fine @Viacheslav
I've been using it like this for a while now but figure it may be useful as part of making 'VRFs' complete...
$ sudo ip vrf exec RCS3 mtr 192.168.222.11
Comment Actions
Good point @Viacheslav apologies I was distracted at the time.
I can make it work by starting manually ( # ip vrf exec RCS3 zabbix_agent2 -c /run/zabbix/zabbix-agent2.conf )so I guess updating the systemd units file (/lib/systemd/system/zabbix-agent2.service) should make this work.
Comment Actions
There are issues with cgroups when enabling VRF
$ git diff diff --git a/data/templates/zabbix-agent/10-override.conf.j2 b/data/templates/zabbix-agent/10-override.conf.j2 index 7c296e8fd..0acf775be 100644 --- a/data/templates/zabbix-agent/10-override.conf.j2 +++ b/data/templates/zabbix-agent/10-override.conf.j2 @@ -1,3 +1,4 @@ +{% set zabbix_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} [Unit] After= After=vyos-router.service @@ -7,7 +8,9 @@ ConditionPathExists=/run/zabbix/zabbix-agent2.conf [Service] EnvironmentFile= ExecStart= -ExecStart=/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground +ExecStart={{ zabbix_command }}/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground +CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER +AmbientCapabilities=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER WorkingDirectory= WorkingDirectory=/run/zabbix Restart=always diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in index 3754e9145..e44b31312 100644 --- a/interface-definitions/service_monitoring_zabbix-agent.xml.in +++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in @@ -185,6 +185,7 @@ </properties> <defaultValue>3</defaultValue> </leafNode> + #include <include/interface/vrf.xml.i> </children> </node> </children>
config:
set service monitoring zabbix-agent host-name 'r4' set service monitoring zabbix-agent server '192.168.122.1' set service monitoring zabbix-agent vrf 'mgmt'
log:
Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Scheduled restart job, restart counter is at 282. Jul 31 16:47:30 r4 systemd[1]: Stopped zabbix-agent2.service - Zabbix Agent 2. Jul 31 16:47:30 r4 systemd[1]: Started zabbix-agent2.service - Zabbix Agent 2. Jul 31 16:47:30 r4 ip[9020]: mkdir failed for /sys/fs/cgroup/system.slice/zabbix-agent2.service/vrf: Permission denied Jul 31 16:47:30 r4 ip[9020]: Failed to setup vrf cgroup2 directory Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Main process exited, code=exited, status=255/EXCEPTION Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Failed with result 'exit-code'.
The only solution that I found is starting the unit from the User=root