Unable to deploy Zabbix container with static IP using IPVLAN

General
1

Hello everyone,

I’m running into a deployment issue here I’m hoping someone can help me out with.

I have Docker CE running on an Oracle Linux host and I want to deploy Zabbix using containers, but want the web interface container to listen on an IP address that is separate from the Docker host. I successfully created all containers to run a Zabbix instance and verified it all works and is listening on the correct ports, except the web interface runs on the Docker host itself.

[xxxxx@xxxxx ~]$ docker ps
CONTAINER ID   IMAGE                                   COMMAND                  CREATED         STATUS         PORTS                                                                                            NAMES
b9ea89cc0e60   zabbix/zabbix-web-apache-pgsql:latest   "docker-entrypoint.s…"   3 seconds ago   Up 2 seconds   0.0.0.0:80->8080/tcp, [::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp               zabbix-web-apache-pgsql
f478b651cd5f   zabbix/zabbix-server-pgsql:latest       "/usr/bin/docker-ent…"   7 days ago      Up 4 hours     0.0.0.0:10051->10051/tcp, :::10051->10051/tcp                                                    zabbix-server-pgsql
72a7fe9b3241   postgres:latest                         "docker-entrypoint.s…"   7 days ago      Up 4 hours     5432/tcp                                                                                         postgres-server
e3fa517b5ed7   portainer/portainer-ce:latest           "/portainer"             3 months ago    Up 4 hours     0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp   portainer
[xxxxx@xxxxx ~]$

So, I created a ipvlan network using the following command:

docker network create -d ipvlan --subnet=xxx.xxx.xxx.xxx/19 --gateway=xxx.xxx.xxx.xxx -o parent=eno4 ipvlan-network

And then I started the web interface container using the following command, specifying the IP address on the ipvlan network that I want it to use:

docker run --name zabbix-web-apache-pgsql -t -e ZBX_SERVER_HOST="zabbix-server-pgsql" -e DB_SERVER_HOST="postgres-server" -e POSTGRES_USER="xxxxx" -e POSTGRES_PASSWORD="xxxxx" -e POSTGRES_DB="zabbix" --network=ipvlan-network --ip xxx.xxx.xxx.xxx -p 443:8443 -p 80:8080 -v /etc/ssl/apache2:/etc/ssl/apache2:ro --restart unless-stopped -d zabbix/zabbix-web-apache-pgsql:latest

The container starts successfully, but there aren’t any ports listed.

[xxxxx@xxxxx ~]$ docker ps
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS         PORTS                                                                                            NAMES
199cef922cc3   zabbix/zabbix-web-apache-pgsql:latest   "docker-entrypoint.s…"   10 seconds ago   Up 9 seconds                                                                                                    zabbix-web-apache-pgsql
f478b651cd5f   zabbix/zabbix-server-pgsql:latest       "/usr/bin/docker-ent…"   7 days ago       Up 4 hours     0.0.0.0:10051->10051/tcp, :::10051->10051/tcp                                                    zabbix-server-pgsql
72a7fe9b3241   postgres:latest                         "docker-entrypoint.s…"   7 days ago       Up 4 hours     5432/tcp                                                                                         postgres-server
e3fa517b5ed7   portainer/portainer-ce:latest           "/portainer"             3 months ago     Up 4 hours     0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp   portainer
[xxxxx@xxxxx ~]$

Not only that, I can’t access the web interface using the IP address that I assigned to the container. It doesn’t appear to be listening at all.

Can anyone please give me some pointers?

3

In case the issue is not resolved yet

The only network where you can see port numbers in the container list is the bridge network. Either default or custom network. It wouldn’t make sense in other networks as the ipvlan is already available outside of your machine. There is no need for port mappings. And the port numbers in the container list doesn’t mean that there is anything listening on those ports in the container.

And as far as I know, when using the IPVLan network (or macvlan), the host can’t communicate with the container IP by default. It doesn’t mean you could not access it from another machine.

And my last note is that the ipvlan network has to be an existing LAN network to which you can connect this way, so it will not work with every randomly chosen subnet.