Page 2 of 3
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Fri Oct 07, 2016 2:44 pm
by gwakem
I logged in as root and see the permissions do exist, but using localhost, not the IP:
Code: Select all
MariaDB [nagiosql]> show grants for 'nagiosql'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for nagiosql@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'nagiosql'@'localhost' IDENTIFIED BY PASSWORD '*244733929909A95DDF1A7F78DD067589B4092EE7' |
| GRANT ALL PRIVILEGES ON `nagiosql`.* TO 'nagiosql'@'localhost' WITH GRANT OPTION |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I'm going to reload this box Monday, reinstall, and import the prod database. My Test Nagios install is showing all kinds of database errors after tinkering around in there. I will attempt this again then and see what happens.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 9:26 am
by dwhitfield
Let us know how it goes. We'll be here until 5pm US Central today.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 10:36 am
by gwakem
Where can I download a copy of the 5.2.9 installer, so I can re-test the upgrade to 5.3.0?
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 10:46 am
by dwhitfield
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 12:52 pm
by gwakem
I reinstalled RHEL7, updated all packages, installed 5.2.9, restored from a backup of my prod server (also running 5.2.9), and immediately attempted to upgrade by re-downloading xi-latest. This failed with the same error as before:
Code: Select all
Updating NagiosQL...
NAGIOSQL-POST
Patching NDOUtils...
NDOUtils already patched at level 103
Installing new PNP templates...
Updating init script...
Enabling large install tweaks...
Fixing config file permissions...
Fixing htpasswd permissions...
Checking group memberships...
Installing new XI templates...
URL: http://localhost/nagiosxi/includes/components/ccm/
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies http://localhost/nagiosxi/includes/components/ccm/ --no-check-certificate --post-data 'submit=Login&hidelog=true&loginSubmitted=true&username=nagiosxi&password=s4kphi' -O nagiosql.login--2016-10-10 13:44:18-- http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2016-10-10 13:44:18 ERROR 500: Internal Server Error.
NAGIOSQL LOGIN FAILED!
Code: Select all
MariaDB [(none)]> show grants for 'nagiosql'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for nagiosql@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'nagiosql'@'localhost' IDENTIFIED BY PASSWORD '*244733929909A95DDF1A7F78DD067589B4092EE7' |
| GRANT ALL PRIVILEGES ON `nagiosql`.* TO 'nagiosql'@'localhost' WITH GRANT OPTION |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
I confirmed that the ugrade script I invoked to kick off the upgrade (from xi-latest.tar.gz ) did use cfg__db_info__nagiosql__pwd on line 828 before I upgraded. I also commented out line 834 before running the upgrade to avoid the issue with limits.conf. I have attached the upgrade.log.
Any ideas?
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 1:14 pm
by lmiltchev
Try the following.
1. Remove the old xi tarball and nagiosxi directory from the "/tmp"
2. Re-download Nagios XI 5.3.0, and re-run the upgrade script:
Code: Select all
wget https://assets.nagios.com/downloads/nagiosxi/5/xi-5.3.0.tar.gz
tar zxvf xi-5.3.0.tar.gz
cd nagiosxi
./upgrade
Let us know if this fixed your issue.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Mon Oct 10, 2016 3:58 pm
by gwakem
I ended up with the exact same issue. I saw that the database had the requested grants upon login.
The nagiosxi web interface was completely blank post upgrade failure. Re-examining the apache error.log led me to checking the permissions on files in /usr/local/nagiosxi/html/includes/, and I noticed that several of the new files were using 0600 for permissions:
Changing /usr/local/nagiosxi/html/includes/utils-time.inc.php from 0600 to 0740 allowed the upgrade to successfully login with the nagiosql login and the upgrade completed successfully.
However, upon login in to the web interface, the frames were completely out of whack, resulting in the page being mostly un-viewable. I traced this back to the following files being 0700 when they apparently needed to be 0640 like the remainder of their counterparts:
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-1.12.1.custom.min.js
/usr/local/nagiosxi/html/includes/js/jquery/css/smoothness/jquery-ui.custom.min.css
Even then, some images haven't rendered correctly, showing a broken image. So at least now we know this is due to file permissions, although I'm unsure how deep this rabbit hole goes.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Tue Oct 11, 2016 10:21 am
by dwhitfield
gwakem wrote: on RHEL7.3
I'm trying to recreate this issue and I just wanted to clarify that this is RHEL 7.2 and not a 7.3 Beta (
https://www.redhat.com/en/about/blog/re ... -available). I doubt that would make a difference, but I just want to be sure. Thanks!
Additionally, could you post the output of
getent group. If you are concerned group membership and users are a security risk, you can PM me the output. I'm not sure a scrubbed list is really going to help us at this point.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Tue Oct 11, 2016 11:13 am
by dwhitfield
PM received.
Re: 5.2.9 > 5.3.0 upgrade - duplicate api_key error
Posted: Tue Oct 11, 2016 11:29 am
by gwakem
Sorry for the delay, I could not post so soon after PMing apparently. RHEL7.2 is what we are using.