Recomendation for allowing access to the DB for checks?

[gormank]

I have multiple Nagios servers monitoring each other but the various mysql checks fail when not pointed at localhost. That is running the command on nag001 fails. Ideally, I'd like nag001 to run the command on nag002 since nag002 is a failover and my license doesn't allow me to enable monitoring on it. Actually, the license says I shouldn't but nothing actually stops me from enabling checks. :)

# /usr/local/nagios/libexec/check_mysql_health --hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5
OK - 0.04 seconds to connect as root | connection_time=0.0399s;3;5

[root@txslm2mlnag001 nagios_install]# /usr/local/nagios/libexec/check_mysql_health --hostname=nag001 --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5
CRITICAL - cannot connect to nagios. Host 'txslm2mlnag001' is not allowed to connect to this MySQL server

I have 3 check_mysql_health checks running that this would impact.

A bit of web searching tells me what needs to be done, but I'm hoping there's a somewhat official answer.

Thanks
kev

[WillemDH]

So did you try with check_nrpe?

Check of you can connect to the other Nagios servers with

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <remote_linux_ip_address>

If that works define a command to /usr/local/nagios/libexec/check_mysql_health in common.cfg

And test again with

/usr/local/nagios/libexec/check_nrpe -H <remote_linux_ip_address> -C check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5'

Grtz

[lmiltchev]

Thanks Willem!

@gormank

WillemDH is correct - yo could (and probably should) use check_nrpe to accomplish your goal.

You could also allow root to connect to the DB remotely by running the following commands on the remote box:

Code: Select all

mysql -u root -p'password'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
\q

Comment our the "bind-address" line (if you have it) in the "/etc/my.cnf" file, i.e.

Code: Select all

#bind-address = x.x.x.x 

and restart mysqld:

Code: Select all

service mysqld restart

This approach is NOT secure! I am just mentioning it as an alternative. I would recommend using check_nrpe instead as allowing remote root access to the DB could be dangerous.

[gormank]

Sorry, I should have looked more closely at the command and run it out or nrpe.
For testing, this is running from and on the same host.

I'm not seeing what's wrong though... I've set up commands before but its been a while. Duh...

Code: Select all

[root@mysqlhost~]# /usr/local/nagios/libexec/check_nrpe -H mysqlhost
NRPE v2.15

Code: Select all

[root@mysqlhost~]# /usr/local/nagios/libexec/check_nrpe -H mysqlhost -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode slow-queries --warning 2'

CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.

Code: Select all

[root@mysqlhost~]# grep mysql /usr/local/nagios/etc/nrpe.cfg

command[check_mysql_health]=/usr/local/nagios/libexec/check_mysql_health $ARG1$

And the command in commands.cfg

Code: Select all

define command {
       command_name                             check_mysql_health
       command_line                             $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_mysql_health -a $ARG1$
}

[tgriep]

Did you restart xinetd after adding the mysql command to the nrpe.cfg file?
Try running this and retesting your command to see if that helps.

Code: Select all

service xinetd restart

Try running the command while the timeout is increased like below and see if that helps..

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H mysqlhost -t 45 -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode slow-queries --warning 2'

[gormank]

I've restarted xinetd several times.
There's no delay between entering the command, and the output, and the added timeout had no effect. I get the same output when I define the command and service in the GUI as well... Strange.

[lmiltchev]

Make sure arguments are allowed in the nrpe.cfg. Change this:

Code: Select all

dont_blame_nrpe=0

to:

Code: Select all

dont_blame_nrpe=1

and restart xinetd.

Code: Select all

service xinetd restart

Also, try running your command like this (remove double quotes around the password):

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H mysqlhost -t 45 -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password=nagiosxi --database=nagios --mode slow-queries --warning 2'

[gormank]

Sorry, don't blame nrpe has been set forever.
Removing the quotes made it work!

OK - 0 slow queries in 68 seconds (0.00/sec) | slow_queries_rate=0.00%;2;1

You can close this one.
Thanks a bunch!

[lmiltchev]

I am glad I could help!