Issues after migrating to a new server
Issues after migrating to a new server
We are in the process of vetting out a migration of using our TST instance. We have built our RHEL 8 VM's, installed Nagios XI and offloaded the database. Migrated Nagios XI from the old TST server, migrated the Database from the old DB server and performed the same steps listed when offloading the database for editing the files on the Nagios XI server so they point to the new offloaded database.
We have done all the steps listed from https://support.nagios.com/kb/article/m ... r-892.html.
After doing all this, we see that the built in nagiosadmin user can log in, but the remaining named users get an error "Login token was expired, please try again" when attempting to log in.
Nagios XI 5.8.6 on RHEL 8.5 VM with an offloaded DB.
Any assistance would be appreciated.
We have done all the steps listed from https://support.nagios.com/kb/article/m ... r-892.html.
After doing all this, we see that the built in nagiosadmin user can log in, but the remaining named users get an error "Login token was expired, please try again" when attempting to log in.
Nagios XI 5.8.6 on RHEL 8.5 VM with an offloaded DB.
Any assistance would be appreciated.
Re: Issues after migrating to a new server
We tried an upgrade to Nagios XI 5.8.7, now we are getting an "Invalid username/password" error. We have verified this happens for all our AD integrated users.
Certificates for our AD system are already added into the system.
Certificates for our AD system are already added into the system.
Re: Issues after migrating to a new server
Hello @hbouma
Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.
What do you see from your end:
Next, let's optimize the php-fpm:
Change this specific part (around line 46):
Add this:
So it looks like this:
Then edit this file:
Set:
Then restart apache/php-fpm:
Let me know how things are looking,
Perry
Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.
What do you see from your end:
Code: Select all
echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi
echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql
Code: Select all
/etc/httpd/conf.d/php.conf
Code: Select all
<IfModule !mod_php5.c>
<IfModule !mod_php7.c>
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
</IfModule>
Code: Select all
Timeout 600
RequestReadTimeout header=600,minrate=50
RequestReadTimeout body=600,minrate=50
<Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
ProxySet timeout=600
</Proxy>
Code: Select all
<IfModule !mod_php5.c>
<IfModule !mod_php7.c>
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
Timeout 600
RequestReadTimeout header=600,minrate=50
RequestReadTimeout body=600,minrate=50
<Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
ProxySet timeout=600
</Proxy>
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
</IfModule>
Code: Select all
/etc/php-fpm.d/www.conf
Code: Select all
pm.max_requests = 50
Code: Select all
systemctl restart httpd php-fpm
Perry
Re: Issues after migrating to a new server
I see many users displayed in both commands. I can send you the output if you wish.pbroste wrote:Hello @hbouma
Thanks for following up with the System Profile. We don't see any locally defined users or contacts listed within the database and want to work through this first before we tackle issues with the associated Active Directory.
What do you see from your end:Code: Select all
echo 'select * from xi_users;' | mysql -u root -pnagiosxi nagiosxi echo 'select * from tbl_contact;' | mysql -u root -pnagiosxi nagiosql
This is already present.Next, let's optimize the php-fpm:
Change this specific part (around line 46):Code: Select all
/etc/httpd/conf.d/php.conf
Add this:Code: Select all
<IfModule !mod_php5.c> <IfModule !mod_php7.c> # Enable http authorization headers SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 <FilesMatch \.(php|phar)$> SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" </FilesMatch> </IfModule> </IfModule>
So it looks like this:Code: Select all
Timeout 600 RequestReadTimeout header=600,minrate=50 RequestReadTimeout body=600,minrate=50 <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost"> ProxySet timeout=600 </Proxy>
Code: Select all
<IfModule !mod_php5.c> <IfModule !mod_php7.c> # Enable http authorization headers SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 Timeout 600 RequestReadTimeout header=600,minrate=50 RequestReadTimeout body=600,minrate=50 <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost"> ProxySet timeout=600 </Proxy> <FilesMatch \.(php|phar)$> SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" </FilesMatch> </IfModule> </IfModule>
This was already set at 50.Then edit this file:
Set:Code: Select all
/etc/php-fpm.d/www.conf
Then restart apache/php-fpm:Code: Select all
pm.max_requests = 50
Code: Select all
systemctl restart httpd php-fpm
Since I didn't actually have any changes to make, there is no change in the behavior.
Re: Issues after migrating to a new server
Hello @hbouma
Thanks for following up, want to find out why we see "caught SIGWINCH, shutting down gracefully" in your Apache logs.
Please send over the '/tmp/list.tar.gz' when you get a chance.
Thanks,
Perry
Thanks for following up, want to find out why we see "caught SIGWINCH, shutting down gracefully" in your Apache logs.
Code: Select all
sudo yum list --installed > /tmp/yumlist.txt
Code: Select all
ps -aef > /tmp/ps.txt && tar -czvf /tmp/list.tar.gz /tmp/yumlist.txt /tmp/ps.txt /etc/httpd/ /var/log/httpd/*
Thanks,
Perry
Re: Issues after migrating to a new server
Info sent in a PM
Re: Issues after migrating to a new server
Hello @hbouma
Thanks for sending the info, keep on seeing proxy-related messages throughout the logs and want to find out if you are going through any proxy or anything security-related.
Because of this: "<Proxy "unix/run/php-fpm/www.sock|fcgi//localhost">" Are you able to ping localhost and if so is it an ipv4 standard address?
Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:
Change to:
To restart Apache:
Let us know how things look,
Perry
Thanks for sending the info, keep on seeing proxy-related messages throughout the logs and want to find out if you are going through any proxy or anything security-related.
Because of this: "<Proxy "unix/run/php-fpm/www.sock|fcgi//localhost">" Are you able to ping localhost and if so is it an ipv4 standard address?
Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:
Code: Select all
$cfg['use_https'] = true;
Code: Select all
$cfg['use_https'] = false;
Code: Select all
systemctl restart httpd
Perry
Re: Issues after migrating to a new server
All of my checks say we are not using a proxy. echo $http_proxy and echo $https_proxy are not defined. I see nothing in the configuration files for our RHSM, YUM or any other tools indicating a proxy. A wget of http://google.com does not indicate any proxy either.
However, we are redirected back to the https page based on the security changes that we made from https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Comes back as 127.0.0.1Are you able to ping localhost and if so is it an ipv4 standard address?
Logins still fail after this change. The only working account is the local nagiosadmin account.Please let us know how that looks, and if that looks alright let's toggle this /usr/local/nagiosxi/html/config.inc.php and restart the Apache by bouncing the service:
Find the following line:Change to:Code: Select all
$cfg['use_https'] = true;
To restart Apache:Code: Select all
$cfg['use_https'] = false;
Code: Select all
systemctl restart httpd
However, we are redirected back to the https page based on the security changes that we made from https://assets.nagios.com/downloads/nag ... s%20XI.pdf