Page 1 of 1
Recomendation for allowing access to the DB for checks?
Posted: Fri Jan 29, 2016 9:03 pm
by gormank
I have multiple Nagios servers monitoring each other but the various mysql checks fail when not pointed at localhost. That is running the command on nag001 fails. Ideally, I'd like nag001 to run the command on nag002 since nag002 is a failover and my license doesn't allow me to enable monitoring on it. Actually, the license says I shouldn't but nothing actually stops me from enabling checks. :)
# /usr/local/nagios/libexec/check_mysql_health --hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5
OK - 0.04 seconds to connect as root | connection_time=0.0399s;3;5
[root@txslm2mlnag001 nagios_install]# /usr/local/nagios/libexec/check_mysql_health --hostname=nag001 --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5
CRITICAL - cannot connect to nagios. Host 'txslm2mlnag001' is not allowed to connect to this MySQL server
I have 3 check_mysql_health checks running that this would impact.
A bit of web searching tells me what needs to be done, but I'm hoping there's a somewhat official answer.
Thanks
kev
Re: Recomendation for allowing access to the DB for checks?
Posted: Sat Jan 30, 2016 3:00 am
by WillemDH
So did you try with check_nrpe?
Check of you can connect to the other Nagios servers with
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H <remote_linux_ip_address>
If that works define a command to /usr/local/nagios/libexec/check_mysql_health in common.cfg
And test again with
/usr/local/nagios/libexec/check_nrpe -H <remote_linux_ip_address> -C check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode connection-time --warning 3 --critical 5'
Grtz
Re: Recomendation for allowing access to the DB for checks?
Posted: Mon Feb 01, 2016 10:09 am
by lmiltchev
Thanks Willem!
@gormank
WillemDH is correct - yo could (and probably should) use check_nrpe to accomplish your goal.
You could also allow root to connect to the DB remotely by running the following commands on the remote box:
Code: Select all
mysql -u root -p'password'
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
\q
Comment our the "bind-address" line (if you have it) in the "/etc/my.cnf" file, i.e.
and restart mysqld:
This approach is NOT secure! I am just mentioning it as an alternative. I would recommend using check_nrpe instead as allowing remote root access to the DB could be dangerous.
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 12:35 pm
by gormank
Sorry, I should have looked more closely at the command and run it out or nrpe.
For testing, this is running from and on the same host.
I'm not seeing what's wrong though... I've set up commands before but its been a while. Duh...
Code: Select all
[root@mysqlhost~]# /usr/local/nagios/libexec/check_nrpe -H mysqlhost
NRPE v2.15
Code: Select all
[root@mysqlhost~]# /usr/local/nagios/libexec/check_nrpe -H mysqlhost -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode slow-queries --warning 2'
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
Code: Select all
[root@mysqlhost~]# grep mysql /usr/local/nagios/etc/nrpe.cfg
command[check_mysql_health]=/usr/local/nagios/libexec/check_mysql_health $ARG1$
And the command in commands.cfg
Code: Select all
define command {
command_name check_mysql_health
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_mysql_health -a $ARG1$
}
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 3:03 pm
by tgriep
Did you restart xinetd after adding the mysql command to the nrpe.cfg file?
Try running this and retesting your command to see if that helps.
Try running the command while the timeout is increased like below and see if that helps..
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H mysqlhost -t 45 -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password="nagiosxi" --database=nagios --mode slow-queries --warning 2'
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 3:25 pm
by gormank
I've restarted xinetd several times.
There's no delay between entering the command, and the output, and the added timeout had no effect. I get the same output when I define the command and service in the GUI as well... Strange.
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 3:52 pm
by lmiltchev
Make sure arguments are allowed in the nrpe.cfg. Change this:
to:
and restart xinetd.
Also, try running your command like this (remove double quotes around the password):
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H mysqlhost -t 45 -c check_mysql_health -a '--hostname=localhost --port=3306 --username=root --password=nagiosxi --database=nagios --mode slow-queries --warning 2'
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 3:57 pm
by gormank
Sorry, don't blame nrpe has been set forever.
Removing the quotes made it work!
OK - 0 slow queries in 68 seconds (0.00/sec) | slow_queries_rate=0.00%;2;1
You can close this one.
Thanks a bunch!
Re: Recomendation for allowing access to the DB for checks?
Posted: Tue Feb 02, 2016 4:42 pm
by lmiltchev
I am glad I could help!
