Ad Widget

Collapse

running zabbix agent with user other than zabbix

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • multazim
    Junior Member
    • May 2018
    • 18
    #1

    running zabbix agent with user other than zabbix

    Hi,

    I was trying to implement best practices given here.
    https://www.zabbix.com/documentation...best_practices

    1) On Ubuntu 18, I tried to run zabbix agent with a different user namely zabbix-agent using 3 steps given in the url but couldn't succeed.

    Then i tried steps given by JayC at https://www.zabbix.com/forum/zabbix-...t-user-account

    But no success. zabbix agent couldn't start with error.

    /etc/init.d/zabbix-agent script is not able to create /var/run/zabbix-agent directory, when i manually created it. agent did start but fully. stuck at activating (start) and still looking for /run/zabbix/ directory. strange.
    -----------------------------------------
    root@capz-zabbix03:~# systemctl status zabbix-agent.service
    ● zabbix-agent.service - Zabbix Agent
    Loaded: loaded (/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: enabled)
    Active: activating (start) since Thu 2018-12-13 07:41:56 CST; 1min 28s ago
    Process: 3102 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 4915)
    CGroup: /system.slice/zabbix-agent.service
    ├─3113 /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf
    ├─3114 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
    ├─3115 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
    ├─3116 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
    ├─3117 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
    └─3118 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]

    Dec 13 07:41:56 capz-zabbix03 systemd[1]: Starting Zabbix Agent...
    Dec 13 07:41:56 capz-zabbix03 systemd[1]: zabbix-agent.service: Can't open PID file /run/zabbix/zabbix_agentd.pid (yet?) after start: No

    -----------------------------------------

    has anyone successfully implemented this ?

    2) If i keep "Server=127.0.0.1" in zabbix_agentd.conf and block inbound 10050 port from internet to my zabbix server then will it still be necessary to run agent as a different user?
    Last edited by multazim; 13-12-2018, 16:03.
    Tags: None
    • Jarne St
      Member
      • Sep 2019
      • 63
      #2
      I have also this issue.

      Did anyone find a solution/workaround for this?

        Comment

        • Jarne St
          Member
          • Sep 2019
          • 63
          #3
          After some research on my environment I found a solution.

          I had to modify the service file located in (/lib/systemd/system/zabbix-agent.service) to point to the new PIDFile.
          I had to change it to form
          Code:
          PIDFile=/run/zabbix/zabbix_agentd.pid
          to
          Code:
          PIDFile=/run/zabbix-agent/zabbix_agentd.pid
          After this modification it worked properly for my system.
          But I recommend to make a backup of this file before you change anything.

            Comment

            • tim.mooney
              Senior Member
              • Dec 2012
              • 1427
              #4
              Originally posted by Jarne St
              I had to modify the service file located in (/lib/systemd/system/zabbix-agent.service) to point to the new PIDFile.
              I had to change it to form
              Code:
              PIDFile=/run/zabbix/zabbix_agentd.pid
              to
              Code:
              PIDFile=/run/zabbix-agent/zabbix_agentd.pid
              You shouldn't modify systemd service files installed in /lib/systemd by vendor packages. Your modifications will be lost any time the vendor package is updated.

              I don't love systemd, but here's one area where it really shines: you can keep the "base" zabbix-agent.service file unmodified, but place local customizations in a separate file in /etc/systemd. See the two options outlined in this post: https://serverfault.com/questions/84...ream-unit-file . The 2nd option (the .conf file) is probably closer to what you need, since you only need to alter one or two things (PIDFile and User, probably).

              Also, keep in mind that /run is a dynamic, memory-based filesystem. You manually created /run/zabbix-agent and set permissions on it for your custom zabbix-agent user, but that directory will go away the next time your system is rebooted. There's a mechanism to deal with that: man tmpfiles.d(5) . Since the vendor package for Zabbix should be installing a /usr/lib/tmpfiles.d/zabbix.conf file, you can probably just copy that to /etc/tmpfiles.d/zabbix-agent.conf and change the path (arg 2 in the file) and user and potentially group. If you do that, systemd will automatically recreate /run/zabbix-agent for you.

                Comment

                • Jarne St
                  Member
                  • Sep 2019
                  • 63
                  #5
                  yes

                  I maked a file in /etc/tmpfiles.d/zabbix-agent.conf to include the path to the pid file
                  And reloaded the configuration and it worked!

                    Comment

                    Previous template Next
                    Working...