Ad Widget

Collapse

web scenario "Couldn't connect to server: Failed to connect to x: Permission denied"

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • glaw
    Junior Member
    • Aug 2020
    • 4
    #1

    web scenario "Couldn't connect to server: Failed to connect to x: Permission denied"

    I am trying to create web monitors for a number of internal servers. I was able to set up for two without any issue, but the rest of I have been unable, getting the error "Couldn't connect to server: Failed to connect to x.x.x.x: Permission denied".

    I've tried increasing the log output to debug (not useful, just gives the same information)
    I've tried copying the host config and changing hostname and port for the url being called
    I've tried a number of different web servers (including a tomcat splash page)
    I've looked to make sure curl request to those servers work from the zabbix server.
    I've tried a number of different agent types (which work on the first two servers but nowhere else)
    I've tried using a static url in the web scenario step
    I've tried enabling redirect and changing urls around
    I've looked at iptables
    I tried monitoring www.google.com (successful)

    I've just about run out of ideas. If anyone has any new ones for me to try I'd be really appreciative.

    Thanks in advance!
    Tags: None
    • ripperSK
      Member
      • Jul 2019
      • 42
      #2
      the permission denied is really baffling /confusing to me.
      please post a full output of:
      Code:
       curl -v https://yourFullURL
      to see what's going on. I assume you may have allow+deny rules set up in apache vhost config.

        Comment

        • glaw
          Junior Member
          • Aug 2020
          • 4
          #3
          It's really baffling/confusing to me also.

          * About to connect() to devmachine port 8080 (#0)
          * Trying 10.10.99.111...
          * Connected to devmachine (10.10.99.111) port 8080 (#0)
          > GET / HTTP/1.1
          > User-Agent: curl/7.29.0
          > Host: devmachine:8080
          > Accept: */*
          >
          < HTTP/1.1 200 OK
          < Server: Apache-Coyote/1.1
          < Content-Type: text/html;charset=ISO-8859-1
          < Transfer-Encoding: chunked
          < Date: Wed, 19 Aug 2020 18:08:17 GMT
          <

          <!DOCTYPE html>


          <html lang="en">
          (html results)
          </html>

          * Connection #0 to host devmachine left intact


          The only commonality I could find in the machines that said permission denied was that the ports were in the 8080/8081 range, whereas the machines were successful were 9000 range. I asked IT about it also, for lack of any better ideas.

          Thanks!
          Gabe
          Last edited by glaw; 19-08-2020, 20:40.

            Comment

            • ripperSK
              Member
              • Jul 2019
              • 42
              #4
              well from the curl output you posted the web check should definitely work.

              If however for whatever reason it does not - you can still use workaround with UserParameter item with curl as such:

              Code:
              cat /etc/zabbix/zabbix_agentd.d/userparameter_curl_URL.conf
UserParameter=curl.URL[*],curl -s -L -I $1|grep ^HTTP|tail -n1|awk '{print $$2}'
              this one for example gets the HTTP status code with follow redirects option. If you get
              Code:
               curl.URL[[URL="http://10.10.99.111:8080%5D"]http://10.10.99.111:8080][/URL] != 200
              you can fire a trigger.

                Comment

                • glaw
                  Junior Member
                  • Aug 2020
                  • 4
                  #5
                  Thank you! I'm trying to implement the item/trigger as you're outlining above, but I keep getting PROBLEM. I'm very new to zabbix, so there's a good chance it's user error.

                  On a potentially related note I tried to implement an ssh item and it failed "Cannot access public key file /home/zabbix/.ssh/id_rsa.pub"
                  The entire path is owned/grouped or readable by zabbix. zabbix is the user running server (though not apache - does that matter?)

                  I tried running a script on the zabbix server
                  ls -l /home

                  ls: cannot open directory /home: Permission denied
                  Cannot execute script

                  Having the script run the following does return what is expected
                  s -l /

                  It's strange that I can do ls -l /home from shell but not through zabbix.

                    Comment

                    • ripperSK
                      Member
                      • Jul 2019
                      • 42
                      #6
                      I think that your follow up post is completely unrelated to the original question.

                        Comment

                        • glaw
                          Junior Member
                          • Aug 2020
                          • 4
                          #7
                          So as it turns out they were related. SELinux was causing issues throughout. I've disabled SELinux and everything is working fine now. Thanks for the help!

                            Comment

                            • ingus.vilnis
                              Senior Member
                              Zabbix Certified Trainer
                              Zabbix Certified SpecialistZabbix Certified Professional
                              • Mar 2014
                              • 908
                              #8
                              For anyone bumping into this post - disabling SELinux entirely can expose your system to risks.

                              This is the SELinux variable that blocks Zabbix from accessing web resources.
                              Code:
                              setsebool -P zabbix_can_network=1

                                Comment

                                Previous template Next
                                Working...