Issues after migrating to a new server

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Issues after migrating to a new server

Post by hbouma »

We are in the process of vetting out a migration of using our TST instance. We have built our RHEL 8 VM's, installed Nagios XI and offloaded the database. Migrated Nagios XI from the old TST server, migrated the Database from the old DB server and performed the same steps listed when offloading the database for editing the files on the Nagios XI server so they point to the new offloaded database.

We have done all the steps listed from https://support.nagios.com/kb/article/m ... r-892.html.

After doing all this, we see that the built in nagiosadmin user can log in, but the remaining named users get an error "Login token was expired, please try again" when attempting to log in.

Nagios XI 5.8.6 on RHEL 8.5 VM with an offloaded DB.

Any assistance would be appreciated.
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Post by hbouma »

We tried an upgrade to Nagios XI 5.8.7, now we are getting an "Invalid username/password" error. We have verified this happens for all our AD integrated users.

Certificates for our AD system are already added into the system.
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Post by pbroste »

Hello @hbouma

Please PM over the System Profile when you get a chance.

Thanks,
Perry
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Post by hbouma »

PM sent.
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Post by pbroste »

Hello @hbouma

Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.

What do you see from your end:

Code: Select all

echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi

echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql
Next, let's optimize the php-fpm:

Code: Select all

/etc/httpd/conf.d/php.conf
Change this specific part (around line 46):

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
Add this:

Code: Select all

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>
So it looks like this:

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
Then edit this file:

Code: Select all

/etc/php-fpm.d/www.conf
Set:

Code: Select all

pm.max_requests = 50
Then restart apache/php-fpm:

Code: Select all

systemctl restart httpd php-fpm
Let me know how things are looking,
Perry
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Post by hbouma »

pbroste wrote:Hello @hbouma

Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.

What do you see from your end:

Code: Select all

echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi

echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql
I see many users displayed in both commands. I can send you the output if you wish.
Next, let's optimize the php-fpm:

Code: Select all

/etc/httpd/conf.d/php.conf
Change this specific part (around line 46):

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
Add this:

Code: Select all

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>
So it looks like this:

Code: Select all

<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    Timeout 600
    RequestReadTimeout header=600,minrate=50
    RequestReadTimeout body=600,minrate=50
    <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=600
    </Proxy>

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
  </IfModule>
</IfModule>
This is already present.
Then edit this file:

Code: Select all

/etc/php-fpm.d/www.conf
Set:

Code: Select all

pm.max_requests = 50
Then restart apache/php-fpm:

Code: Select all

systemctl restart httpd php-fpm
This was already set at 50.

Since I didn't actually have any changes to make, there is no change in the behavior.
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Post by pbroste »

Hello @hbouma

Thanks for following up, want to find out why we see "caught SIGWINCH, shutting down gracefully" in your Apache logs.

Code: Select all

sudo yum list --installed > /tmp/yumlist.txt

Code: Select all

ps -aef > /tmp/ps.txt && tar -czvf /tmp/list.tar.gz /tmp/yumlist.txt /tmp/ps.txt /etc/httpd/ /var/log/httpd/*
Please send over the '/tmp/list.tar.gz' when you get a chance.

Thanks,
Perry
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Post by hbouma »

Info sent in a PM
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: Issues after migrating to a new server

Post by pbroste »

Hello @hbouma

Thanks for sending the info, keep on seeing proxy-related messages throughout the logs and want to find out if you are going through any proxy or anything security-related.

Because of this: "<Proxy "unix/run/php-fpm/www.sock|fcgi//localhost">" Are you able to ping localhost and if so is it an ipv4 standard address?

Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:

Code: Select all

$cfg['use_https'] = true;
Change to:

Code: Select all

$cfg['use_https'] = false;
To restart Apache:

Code: Select all

systemctl restart httpd
Let us know how things look,
Perry
hbouma
Posts: 483
Joined: Tue Feb 27, 2018 9:31 am

Re: Issues after migrating to a new server

Post by hbouma »

All of my checks say we are not using a proxy. echo $http_proxy and echo $https_proxy are not defined. I see nothing in the configuration files for our RHSM, YUM or any other tools indicating a proxy. A wget of http://google.com does not indicate any proxy either.
Are you able to ping localhost and if so is it an ipv4 standard address?
Comes back as 127.0.0.1
Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:

Code: Select all

$cfg['use_https'] = true;
Change to:

Code: Select all

$cfg['use_https'] = false;
To restart Apache:

Code: Select all

systemctl restart httpd
Logins still fail after this change. The only working account is the local nagiosadmin account.

However, we are redirected back to the https page based on the security changes that we made from https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Locked