Every server configured by us is monitored via Zabbix. If a server is not monitored, for us it does not exist. More often than not, we first add the to-be-created server in Zabbix and set it up afterward.
If possible, we always use our beloved FreeBSD as a base. FreeBSD offers jails, and we use them a lot. A jail can be one service in a minimal environment or a full-fledged host used by multiple users. Often the host gets its own IP (VNET jail), SSH access, and its own Zabbix agent. But what about monitoring a minimalistic jail running a simple service?
In a project described in another post, we have multiple (~20) small jails running. All of them have a minimal set of packages like this:
❯ sudo pkg -j oauth2-proxy-vpn-1 info
oauth2-proxy-7.8.0_2 OAuth 2.0 proxy server
pkg-2.2.1 Package manager
All provided services are monitored with a simple low-level discovery script (LLD). zabbix-lld-service-discovery uses a cvs-file and creates the data:
❯ /opt/bin/zabbix-lld-tcp-services
{
"data": [
{
"{#IP}": "10.20.30.1",
"{#PORT}": "4180",
"{#DISPLAY_NAME}": "oauth2-proxy-1",
"{#IP_PORT_DN}": "10.20.30.1:4180",
"{#TAG}": "oauth2-proxy"
},
...
}
]
}
On the Zabbix server, the matching items and triggers are created.
Another piece of information is the package status: Are there vulnerable packages or updates to install? Here we iterate directly over the running
jails and run
pkg -j <jid> audit --fetch --raw=json --recursive --quiet and pkg -j <jid> update -q.
This is sent to the Zabbix server. You can find all details in the mit.zabbix-agent.check-upgrades ansible module.
If anyone is interested in more details, we’d love to hear from you and share them.