I installed Zabbix 3.0.0rc1 from sources on AWS correctly and everything runs okay, but I wanted to run some manual commands to test connectivity with new zabbix agent in network. I used zabbix_get and it worked fine, but I saw something strange. Agent is installed on both machines zabbix.myservers and agent.myservers
I tried to run zabbix_get with DNS name, private and public IP address.
Attempt to get agent version from localhost using DNS name
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s zabbix.myservers -k agent.version
zabbix_get [30903]: Check access restrictions in Zabbix agent configuration
Attempt to get agent version from localhost using private IP address
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s 10.0.0.30 -k agent.version
zabbix_get [30907]: Check access restrictions in Zabbix agent configuration
Attempt to get agent version from localhost using localhost
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s localhost -k agent.version
3.0.0rc1
Attempt to get agent version from server using DNS name
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s agent.myservers -k agent.version
3.0.0rc1
Attempt to get agent version from server using private IP address
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s 10.0.0.31 -k agent.version
3.0.0rc1
Attempt to get agent version from server using public IP address (x.x.x.x is real public IP address)
root#ip-10-0-0-30:/home/ubuntu# zabbix_get -s x.x.x.x -k agent.version
zabbix_get [30913]: Check access restrictions in Zabbix agent configuration
My agentd.conf file is
Server=127.0.0.1
ServerActive=127.0.0.1
Hostname=Zabbix server
and I want to know how to edit configuration file for successfully run zabbix_get. Where is the problem?
Server=127.0.0.1
ServerActive=127.0.0.1
=> only 127.0.0.1 is allowed to ask for any metric from the agent.
Add IP of your connection there and then you will see response. It can be public ip (x.x.x.x), but it can be more complicated as well. Increase log level and check zabbix agent log, which IP is actually used.
Server=127.0.0.1,<ip of your connection>
zabbix-get new version works for me.
root#xxx:/# apt install zabbix-get
root#xxx:/# zabbix_get --version
zabbix_get (Zabbix) 4.4.10
root#xxx:/# zabbix_get -s 127.0.0.1 -k agent.version
4.4.7
Related
I used to have an ssh reverse port forwarding from my local computer to a remote EC2 AWS server on port 9999. (9999 for both machines.)
It used to work, but I created a new instance, and now it doesn't anymore. (Half working.) I'm not sure what I did to make it work back then... (Or something was changed.)
I have a process running on my computer on port 9999 and I want it to listen to the port 9999 of my EC2.
On my computer, curl "127.0.0.1:9999" is working.
But I want the code curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" to work, for now it doesn't, giving me the error curl: (7) Failed to connect to ec2-xx-xx-xx-xx-xx.compute.amazonaws.com port 9999 after 59 ms: Connection refused
EC2 Security group is set to open 9999 on TCP for 0.0.0.0/0.
I create the forwarded port with the command :
ssh -R 9999:localhost:9999 -i "/home/example/XXX.pem" ubuntu#ec2-xx-xx-xx-xx-xx.compute.amazonaws.com
The connection ssh is established without errors.
Inside this ssh session I can even do curl "127.0.0.1:9999" inside and IT IS WORKING. Reaching my local computer.
But the request from the web isn't... (curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" doesn't work...)
The path is good, if I install apache2 on port 80 curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:80" is working. (port 80 is added the same way to the security group)
I did sudo ufw disable, same problem.
Do you have an idea what I'm missing ?
EDIT : On the ssh -R forward session on the EC2 :
ubuntu#awsserver:~$ php -S 0.0.0.0:9999 -t .
[Wed Dec 14 16:35:11 2022] Failed to listen on 0.0.0.0:9999 (reason: Address already in use)
BUT, if I open a normal ssh session, I can run php -S 0.0.0.0:9999 -t ., the code curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" is working everywhere as expected.
So... it is telling me that the port is already used (By the ssh -R command), but is closed when I try to connect to it... I don't get it.
The answer wasn't EC2/AWS related.
It's a security feature from SSH that I had to disable : GatewayPorts yes
This is an odd scenario. Essentially, within a vpc, I am attempting to create an ssh tunnel from server A to server B in which server B hosts the api at port 9000, and server A wants to be able to reverse proxy to port say 5000 which should pass the query to server B's port 9000, and return data. I have been tearing my hair out. I currently have gotten this far:
ssh 3000:localhost3000 -vvv -N -i rsa.pem serverB#serverBIP
after which I have attempted to access the port 22 on server A using a curl request but I got a response -- curl: (1) Received HTTP/0.9 when not allowed
I also tried specifying a port
ssh -vvv -N -i rsa.pem serverB#serverBIP -p3000
which quits on me entirely with the response: ssh: connect to host serverBIp port 3000: No route to host
Finally, I tried
ssh -vvv -N -i workstation_pem.pem 3000:localhost:3000 serverBUser#serverBID
which results in Could not resolve hostname 3000:localhost:3000: Name or service not known
Please advise, I am not sure what I am doing wrong. I feel like this should be simple, but I am struggling to get it to work - a simple tunnel from one instance to another at a port to port on server B where serverB has a gunicorn server running
You would need to login to ServerA and then run this command:
ssh -i key.pem -N -L 5000:serverBIP:9000 serverBUser#serverBIP
This tells the computer on which it is run (which is ServerA) to listen on port 5000 and send any incoming requests to port 9000 on ServerB.
Detailed explanation: explainshell.com - ssh -i key.pem -N -L 5000:serverBIP:9000 serverBUser#serverBIP
See also: SSH/OpenSSH/PortForwarding - Community Help Wiki
I'm trying to run code-server on gcp cloud shell. I downloaded the following version
https://github.com/cdr/code-server/releases/download/v3.9.2/code-server-3.9.2-linux-amd64.tar.gz, which I think is the correct one, extracted the contents and ran
code-server --auth none
This gave the following output
[2021-04-06T00:53:21.728Z] info code-server 3.9.2 109d2ce3247869eaeab67aa7e5423503ec9eb859
[2021-04-06T00:53:21.730Z] info Using user-data-dir ~/.local/share/code-server
[2021-04-06T00:53:21.751Z] info Using config file ~/.config/code-server/config.yaml
[2021-04-06T00:53:21.751Z] info HTTP server listening on http://127.0.0.1:8080
[2021-04-06T00:53:21.751Z] info - Authentication is disabled
[2021-04-06T00:53:21.751Z] info - Not serving HTTPS
Now when I try Web Preview -> preview on port 8080 nothing happens I just get a blank screen and on the code console I see the following error
2021-04-06T00:50:04.470Z] error vscode Handshake timed out {"token":"e9b80ff7-10f9-4089-8497-b98688129452"}
I'm not sure what I need to do here ?
In cloud shell editor, create a file with .sh extension, and install the code-server by using these steps:
export VERSION=`curl -s https://api.github.com/repos/cdr/code-server/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")'`
wget https://github.com/cdr/code-server/releases/download/v3.10.2/code-server-3.10.2-linux-amd64.tar.gz
tar -xvzf code-server-3.10.2-linux-amd64.tar.gz
cd code-server-3.10.2-linux-amd64
To run the vscode.sh file using terminal:
./vscode.sh
If a warning “permission denied” comes, type chmod +x vscode.sh and then again proceed with
running the file.
To navigate to the folder:
cd code-server-3.10.2-linux-amd64/
To navigate to the bin:
cd bin/
To start the server :
./code-server --auth none --port 8080
Now you can see the VSCode IDE in your browser either by using web preview->preview on port 8080 option or the HTTP server link in your terminal.
My gut is saying that one must study this article (Expose code-server) in great detail. I think you will find that Code server is listening on IP address 127.0.0.1 at port 8080. Your thinking then is to access this server using Web Preview on port 8080 .... however ... pay attention to the IP addresses of your virtual machine. The IP address 127.0.0.1 is known as the loopback address. It is ONLY accessible to applications running on the SAME machine. My belief is that when you run Web Preview, you are trying to access the IP address of your Cloud Shell machine which is NOT 127.0.0.1.
If you read the above article, the story goes on to show how to use SSH forwarding to provide a front-end to whatever this application may be.
I'm using boot2docker on OSX 10.10 to try to run the WSO2 governance registry. I cannot reach the app from the host machine (OSX).
Here's my Dockerfile:
FROM dockerfile/java:openjdk-7-jdk
MAINTAINER Andrew Matthews
COPY wso2greg-4.6.0.zip /opt/
RUN unzip /opt/wso2greg-4.6.0.zip -d /opt && \
rm /opt/wso2greg-4.6.0.zip
EXPOSE 9443
CMD ["/opt/wso2greg-4.6.0/bin/wso2server.sh"]
This follows a pattern used by others on docker.io for other wso2 apps.
I built it with:
docker build -t="usmsnp/wso2greg" .
and ran it with
docker run -i -t -P usmsnp/wso2greg
everything seems to proceed nicely - I get as far as the wso2 announcement:
Mgt Console URL : https://172.17.0.27:9443/carbon/
I have the boot2docker vm IP address aliased as dockerhost in my /etc/hosts file, and when I navigate to https://dockerhost:9443/carbon/ using curl I get connection refused.
Any ideas?
UPDATE: 2014-11-28
When I deploy the image to AWS using tutum, it works. So, mission accomplished, I suppose. But I'm still confused about why it doesn't work. I understand that boot2docker requires a different IP address, but I used that.
When you use docker run -P you're telling Docker to allocate a random port on the Docker daemon host - not to use 9443.
So in this case, you'll need to run docker ports <containerid> to find out what port its been mapped to.
alternativly, you need to use docker run -p 9443:9443 ... to tell Docker to map the external 9443 to the container's 9443
For some reason my Vagrant/Puppet instance stopped working out of the blue--I am no longer able to reach the VM from my host machine, despite no configuration or network changes.
Interestingly, the private network must be recognized as the browser is attempting to connect, however the request seems to be timing out when issued from OSX... Also worth noting, I have not installed any system updates at this time. The VM was working previously on 10.9.
Steps I have tried to resolve the issue:
vagrant destroy && vagrant up
Result: Vagrant loads properly, SSH works and apache is running with the proper result returned from ping 127.0.0.1
vagrant reload
Result: Same as above; VM reloads successfully, no change in network accessibility
sudo killall -HUP mDNSResponder
Result: No change in accessibility via the bound IP (10.0.0.100)
Port forwarding (explicit) vs "private_network" in vagrant file
Result: No change in accessibility via the bound IP (10.0.2.15)
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
Result: No change in accessibility via the bound IP, connection still times out
Vagrant File: http://pastebin.com/Hk8drWxF
Puppet File: http://pastebin.com/20Sp1m22
Any thoughts? Thanks!
Could this be an issue with netmask ? You specify 2 ips there : 10.0.0.100 and 10.0.2.15 if you're using default subnet (class C) you would end up on different subnets and be unable to speak directly to each other.