Page MenuHomeVyOS Platform

Add VRF support for zabbix-agent
In progress, LowPublicFEATURE REQUEST

Description

Most monitoring is typically driven over a management network, which is usually bound to a VRF, which for some reason is missing in the current implementation. Proposing to add it :)

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

bbabich created this object in space S1 VyOS Public.

Did you test it in vrf? Is it really works as expected?

Yep looks fine @Viacheslav
I've been using it like this for a while now but figure it may be useful as part of making 'VRFs' complete...

$ sudo ip vrf exec RCS3 mtr 192.168.222.11

image.png (282×1 px, 120 KB)

Yep looks fine @Viacheslav
I've been using it like this for a while now but figure it may be useful as part of making 'VRFs' complete...

$ sudo ip vrf exec RCS3 mtr 192.168.222.11

image.png (282×1 px, 120 KB)

How does MTR related to Zabbix?

Good point @Viacheslav apologies I was distracted at the time.
I can make it work by starting manually ( # ip vrf exec RCS3 zabbix_agent2 -c /run/zabbix/zabbix-agent2.conf )so I guess updating the systemd units file (/lib/systemd/system/zabbix-agent2.service) should make this work.

bbabich changed the task status from Open to In progress.Nov 6 2023, 4:52 AM
bbabich claimed this task.
Viacheslav changed the subtype of this task from "Task" to "Feature Request".Apr 12 2024, 3:23 PM

There are issues with cgroups when enabling VRF

$ git diff
diff --git a/data/templates/zabbix-agent/10-override.conf.j2 b/data/templates/zabbix-agent/10-override.conf.j2
index 7c296e8fd..0acf775be 100644
--- a/data/templates/zabbix-agent/10-override.conf.j2
+++ b/data/templates/zabbix-agent/10-override.conf.j2
@@ -1,3 +1,4 @@
+{% set zabbix_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
 [Unit]
 After=
 After=vyos-router.service
@@ -7,7 +8,9 @@ ConditionPathExists=/run/zabbix/zabbix-agent2.conf
 [Service]
 EnvironmentFile=
 ExecStart=
-ExecStart=/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground
+ExecStart={{ zabbix_command }}/usr/sbin/zabbix_agent2 --config /run/zabbix/zabbix-agent2.conf --foreground
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER
+AmbientCapabilities=CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BPF CAP_DAC_OVERRIDE CAP_FOWNER
 WorkingDirectory=
 WorkingDirectory=/run/zabbix
 Restart=always
diff --git a/interface-definitions/service_monitoring_zabbix-agent.xml.in b/interface-definitions/service_monitoring_zabbix-agent.xml.in
index 3754e9145..e44b31312 100644
--- a/interface-definitions/service_monitoring_zabbix-agent.xml.in
+++ b/interface-definitions/service_monitoring_zabbix-agent.xml.in
@@ -185,6 +185,7 @@
                 </properties>
                 <defaultValue>3</defaultValue>
               </leafNode>
+              #include <include/interface/vrf.xml.i>
             </children>
           </node>
         </children>

config:

set service monitoring zabbix-agent host-name 'r4'
set service monitoring zabbix-agent server '192.168.122.1'
set service monitoring zabbix-agent vrf 'mgmt'

log:

Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Scheduled restart job, restart counter is at 282.
Jul 31 16:47:30 r4 systemd[1]: Stopped zabbix-agent2.service - Zabbix Agent 2.
Jul 31 16:47:30 r4 systemd[1]: Started zabbix-agent2.service - Zabbix Agent 2.
Jul 31 16:47:30 r4 ip[9020]: mkdir failed for /sys/fs/cgroup/system.slice/zabbix-agent2.service/vrf: Permission denied
Jul 31 16:47:30 r4 ip[9020]: Failed to setup vrf cgroup2 directory
Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Main process exited, code=exited, status=255/EXCEPTION
Jul 31 16:47:30 r4 systemd[1]: zabbix-agent2.service: Failed with result 'exit-code'.

The only solution that I found is starting the unit from the User=root