Fedora

Zabbix Podman Fedora 33 fping

aptupdate

Nov 2, 2020 • 2 min read

I have struggle with my config the last 3 days after I upgraded to Fedora 33. The issue is obviously related to changes from Fedora 32 to Fedora 33. I have not yet found out exactly what change break my system.

My Fedora 33 working config is as follow:

I run mysql server on my host, I find it more easy to share, configure, backup, restore etc. as long as it is single node.

zabbix.service

[Unit]
Description=Zabbix Pod
Wants=network.target

[Service]
Type=simple
Restart=on-failure
ExecStartPre=-/usr/bin/podman pod rm -f "zabbix"
ExecStart=/usr/bin/podman pod create --name zabbix -p 127.0.0.1:1080:8080 -p 10051:10051
ExecReload=-/usr/bin/podman pod stop "zabbix"
ExecReload=-/usr/bin/podman pod rm "zabbix"
ExecStop=/usr/bin/podman pod stop "zabbix"
KillMode=none
RestartSec=30

[Install]
WantedBy=multi-user.target

zabbix-server.service

[Unit]
Description=Zabbix-server Podman container
Wants=network.target mariadb.service
After=zabbix.service

[Service]
Type=simple
User=root
Group=root
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm -f "zabbix-server"

ExecStart=/usr/bin/podman run --pod zabbix --name zabbix-server --cap-add net_raw --cap-add net_admin -v /etc/localtime:/etc/localtime -e DB_SERVER_HOST="10.88.0.1" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix" --pull=always -e ZBX_STARTPINGERS=10 -e ZBX_STARTDISCOVERERS=10 -e ZBX_TIMEOUT=30 -e ZBX_VALUECACHESIZE=16M docker.io/zabbix/zabbix-server-mysql:latest

ExecReload=-/usr/bin/podman stop "zabbix-server"
ExecReload=-/usr/bin/podman rm "zabbix-server"
ExecStop=/usr/bin/podman stop "zabbix-server"
Restart=always
RestartSec=30

[Install]
WantedBy=multi-user.target

zabbix-web.service

[Unit]
Description=Zabbix Web Podman container
Wants=network.target
After=zabbix.service zabbix-server.service

[Service]
Type=simple
User=root
Group=root
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm -f "zabbix-web"

ExecStart=/usr/bin/podman run --pod zabbix --name zabbix-web -e DB_SERVER_HOST="10.88.0.1" -e MYSQL_USER="zabbix" -e MYSQL_PASSWORD="zabbix" -e ZBX_SERVER_HOST="localhost" -e PHP_TZ="Europe/Oslo" --pull=always docker.io/zabbix/zabbix-web-nginx-mysql:latest

ExecReload=-/usr/bin/podman stop "zabbix-web"
ExecReload=-/usr/bin/podman rm "zabbix-web"
ExecStop=/usr/bin/podman stop "zabbix-web"
Restart=always
RestartSec=30

[Install]
WantedBy=multi-user.target

The big change I had to do in Fedora 33 is add --cap-add net_raw --cap-add net_admin to zabbix-server. It took me a while, because ping work fine from inside container, but not fping. I did some tcpdump on the network and I can see ping go out of container and come back on the network, but is not accepted on the container. I found a blog post about ping from a container, and looks like this was the solution for fping to not work.