z

Commercial Support Clients: Clients with support contracts can get escalated support assistance by visiting Nagios Answer Hub. These forums are for community support services. Although we at Nagios try our best to help out on the forums here, we always give priority support to our support clients.

Issues after migrating to a new server

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.

Issues after migrating to a new server

Postby hbouma » Tue Feb 01, 2022 3:55 pm

We are in the process of vetting out a migration of using our TST instance. We have built our RHEL 8 VM's, installed Nagios XI and offloaded the database. Migrated Nagios XI from the old TST server, migrated the Database from the old DB server and performed the same steps listed when offloading the database for editing the files on the Nagios XI server so they point to the new offloaded database.

We have done all the steps listed from https://support.nagios.com/kb/article/m ... r-892.html.

After doing all this, we see that the built in nagiosadmin user can log in, but the remaining named users get an error "Login token was expired, please try again" when attempting to log in.

Nagios XI 5.8.6 on RHEL 8.5 VM with an offloaded DB.

Any assistance would be appreciated.
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Postby hbouma » Wed Feb 02, 2022 8:24 am

We tried an upgrade to Nagios XI 5.8.7, now we are getting an "Invalid username/password" error. We have verified this happens for all our AD integrated users.

Certificates for our AD system are already added into the system.
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Postby pbroste » Wed Feb 02, 2022 1:55 pm

Hello @hbouma

Please PM over the System Profile when you get a chance.

Thanks,
Perry
User avatar
pbroste
 
Posts: 1287
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Postby hbouma » Wed Feb 02, 2022 2:08 pm

PM sent.
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Postby pbroste » Thu Feb 03, 2022 12:43 pm

Hello @hbouma

Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.

What do you see from your end:
Code: Select all
echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi

echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql


Next, let's optimize the php-fpm:

Code: Select all
/etc/httpd/conf.d/php.conf


Change this specific part (around line 46):

Code: Select all
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>


Add this:

Code: Select all
    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>


So it looks like this:

Code: Select all
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>


Then edit this file:

Code: Select all
/etc/php-fpm.d/www.conf


Set:

Code: Select all
pm.max_requests = 50


Then restart apache/php-fpm:

Code: Select all
systemctl restart httpd php-fpm


Let me know how things are looking,
Perry
User avatar
pbroste
 
Posts: 1287
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Postby hbouma » Thu Feb 03, 2022 12:53 pm

pbroste wrote:Hello @hbouma

Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.

What do you see from your end:
Code: Select all
echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi

echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql

I see many users displayed in both commands. I can send you the output if you wish.

Next, let's optimize the php-fpm:

Code: Select all
/etc/httpd/conf.d/php.conf


Change this specific part (around line 46):

Code: Select all
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>


Add this:

Code: Select all
    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>


So it looks like this:

Code: Select all
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>


This is already present.

Then edit this file:

Code: Select all
/etc/php-fpm.d/www.conf


Set:

Code: Select all
pm.max_requests = 50


Then restart apache/php-fpm:

Code: Select all
systemctl restart httpd php-fpm


This was already set at 50.

Since I didn't actually have any changes to make, there is no change in the behavior.
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Postby pbroste » Fri Feb 04, 2022 11:51 am

Hello @hbouma

Thanks for following up, want to find out why we see "caught SIGWINCH, shutting down gracefully" in your Apache logs.

Code: Select all
sudo yum list --installed > /tmp/yumlist.txt


Code: Select all
ps -aef > /tmp/ps.txt && tar -czvf /tmp/list.tar.gz /tmp/yumlist.txt /tmp/ps.txt /etc/httpd/ /var/log/httpd/*


Please send over the '/tmp/list.tar.gz' when you get a chance.

Thanks,
Perry
User avatar
pbroste
 
Posts: 1287
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Postby hbouma » Mon Feb 07, 2022 9:17 am

Info sent in a PM
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Postby pbroste » Mon Feb 07, 2022 5:58 pm

Hello @hbouma

Thanks for sending the info, keep on seeing proxy-related messages throughout the logs and want to find out if you are going through any proxy or anything security-related.

Because of this: "<Proxy "unix/run/php-fpm/www.sock|fcgi//localhost">" Are you able to ping localhost and if so is it an ipv4 standard address?

Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:
Code: Select all
$cfg['use_https'] = true;

Change to:
Code: Select all
$cfg['use_https'] = false;

To restart Apache:
Code: Select all
systemctl restart httpd


Let us know how things look,
Perry
User avatar
pbroste
 
Posts: 1287
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Postby hbouma » Tue Feb 08, 2022 12:56 pm

All of my checks say we are not using a proxy. echo $http_proxy and echo $https_proxy are not defined. I see nothing in the configuration files for our RHSM, YUM or any other tools indicating a proxy. A wget of http://google.com does not indicate any proxy either.

Are you able to ping localhost and if so is it an ipv4 standard address?

Comes back as 127.0.0.1

Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:
Code: Select all
$cfg['use_https'] = true;

Change to:
Code: Select all
$cfg['use_https'] = false;

To restart Apache:
Code: Select all
systemctl restart httpd


Logins still fail after this change. The only working account is the local nagiosadmin account.

However, we are redirected back to the https page based on the security changes that we made from https://assets.nagios.com/downloads/nag ... s%20XI.pdf
hbouma
 
Posts: 481
Joined: Tue Feb 27, 2018 9:31 am

Next

Return to Nagios XI

Who is online

Users browsing this forum: No registered users and 27 guests