AJUDA: Monitoramento de Instâncias AWS RDS com Zabbix Agent 2 e SSL
Bom dia,
Atualmente, preciso monitorar instâncias AWS RDS utilizando o Zabbix Agent 2, conforme diretriz da empresa. No entanto, estou enfrentando dificuldades ao configurar o monitoramento de instâncias que utilizam SSL.
Os plugins do Zabbix Agent 2 exigem os parâmetros TLSCAFile, TLSCertFile e TLSKeyFile, enquanto a AWS fornece apenas o certificado global-bundle.pem.
Existe alguma forma de utilizar o certificado bundle para atender a esses requisitos?
root@**************:~# zabbix_server --version
zabbix_server (Zabbix) 7.0.10
Revision 237358b56b2 24 February 2025, compilation time: Feb 24 2025 08:43:30
Copyright (C) 2025 Zabbix SIA
License AGPLv3: GNU Affero General Public License version 3 <https://www.gnu.org/licenses/>.
This is free software: you are free to change and redistribute it according to
the license. There is NO WARRANTY, to the extent permitted by law.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/).
Compiled with OpenSSL 3.0.9 30 May 2023
Running with OpenSSL 3.0.15 3 Sep 2024
root@**************:~# zabbix_agent2 --version
zabbix_agent2 (Zabbix) 7.0.10
Revision 237358b56b2 24 February 2025, compilation time: Feb 24 2025 11:01:22, built with: go1.23.4
Plugin communication protocol version is 6.4.0
Copyright (C) 2025 Zabbix SIA
License AGPLv3: GNU Affero General Public License version 3 <https://www.gnu.org/licenses/>.
This is free software: you are free to change and redistribute it according to
the license. There is NO WARRANTY, to the extent permitted by law.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/).
Compiled with OpenSSL 3.0.9 30 May 2023
Running with OpenSSL 3.0.15 3 Sep 2024
We use the library Eclipse Paho (eclipse/paho.mqtt.golang), which is
distributed under the terms of the Eclipse Distribution License 1.0 (The 3-Clause BSD License)
available at https://www.eclipse.org/org/documents/edl-v10.php
We use the library go-modbus (goburrow/modbus), which is
distributed under the terms of the 3-Clause BSD License
available at https://github.com/goburrow/modbus/blob/master/LICENSE
root@@**************:~#:~# dpkg -l | grep zabbix
ii zabbix-agent2 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - agent
ii zabbix-agent2-plugin-mongodb 1:7.0.10-1+debian12 amd64 Zabbix Agent2 plugin for monitoring MongoDB installations
ii zabbix-agent2-plugin-postgresql 1:7.0.10-1+debian12 amd64 Zabbix Agent2 plugin for monitoring PostgreSQL installations
ii zabbix-apache-conf 1:7.0.10-1+debian12 all Zabbix network monitoring solution - apache configuration for front-end
ii zabbix-frontend-php 1:7.0.10-1+debian12 all Zabbix network monitoring solution - PHP front-end
ii zabbix-get 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - get
ii zabbix-release 1:7.0-2+debian12 all Zabbix official repository configuration
ii zabbix-server-mysql 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - server (MySQL)
ii zabbix-sql-scripts 1:7.0.10-1+debian12 all Zabbix network monitoring solution - sql-scripts
Ex mongo.conf (plugin zabbix_agent2)
### Option: Plugins.MongoDB.Sessions.*.TLSConnect
#Encryption type for MongoDB connection. "*" should be replaced with a session name.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSConnect=
### Option: Plugins.MongoDB.Sessions.*.TLSCAFile
# Full path-name of a file containing the top-level CA(s) certificates for MongoDB
# peer certificate verification.
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSCAFile=
### Option: Plugins.MongoDB.Sessions.*.TLSCertFile
# Full path-name of a file containing the MongoDB certificate or certificate chain.
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSCertFile=
### Option: Plugins.MongoDB.Sessions.*.TLSKeyFile
# Full path-name of a file containing the MongoDB private key.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSKeyFile=
desde ja agradeco atencao e ajuda de todos.
Obg
Atualmente, preciso monitorar instâncias AWS RDS utilizando o Zabbix Agent 2, conforme diretriz da empresa. No entanto, estou enfrentando dificuldades ao configurar o monitoramento de instâncias que utilizam SSL.
Os plugins do Zabbix Agent 2 exigem os parâmetros TLSCAFile, TLSCertFile e TLSKeyFile, enquanto a AWS fornece apenas o certificado global-bundle.pem.
Existe alguma forma de utilizar o certificado bundle para atender a esses requisitos?
root@**************:~# zabbix_server --version
zabbix_server (Zabbix) 7.0.10
Revision 237358b56b2 24 February 2025, compilation time: Feb 24 2025 08:43:30
Copyright (C) 2025 Zabbix SIA
License AGPLv3: GNU Affero General Public License version 3 <https://www.gnu.org/licenses/>.
This is free software: you are free to change and redistribute it according to
the license. There is NO WARRANTY, to the extent permitted by law.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/).
Compiled with OpenSSL 3.0.9 30 May 2023
Running with OpenSSL 3.0.15 3 Sep 2024
root@**************:~# zabbix_agent2 --version
zabbix_agent2 (Zabbix) 7.0.10
Revision 237358b56b2 24 February 2025, compilation time: Feb 24 2025 11:01:22, built with: go1.23.4
Plugin communication protocol version is 6.4.0
Copyright (C) 2025 Zabbix SIA
License AGPLv3: GNU Affero General Public License version 3 <https://www.gnu.org/licenses/>.
This is free software: you are free to change and redistribute it according to
the license. There is NO WARRANTY, to the extent permitted by law.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/).
Compiled with OpenSSL 3.0.9 30 May 2023
Running with OpenSSL 3.0.15 3 Sep 2024
We use the library Eclipse Paho (eclipse/paho.mqtt.golang), which is
distributed under the terms of the Eclipse Distribution License 1.0 (The 3-Clause BSD License)
available at https://www.eclipse.org/org/documents/edl-v10.php
We use the library go-modbus (goburrow/modbus), which is
distributed under the terms of the 3-Clause BSD License
available at https://github.com/goburrow/modbus/blob/master/LICENSE
root@@**************:~#:~# dpkg -l | grep zabbix
ii zabbix-agent2 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - agent
ii zabbix-agent2-plugin-mongodb 1:7.0.10-1+debian12 amd64 Zabbix Agent2 plugin for monitoring MongoDB installations
ii zabbix-agent2-plugin-postgresql 1:7.0.10-1+debian12 amd64 Zabbix Agent2 plugin for monitoring PostgreSQL installations
ii zabbix-apache-conf 1:7.0.10-1+debian12 all Zabbix network monitoring solution - apache configuration for front-end
ii zabbix-frontend-php 1:7.0.10-1+debian12 all Zabbix network monitoring solution - PHP front-end
ii zabbix-get 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - get
ii zabbix-release 1:7.0-2+debian12 all Zabbix official repository configuration
ii zabbix-server-mysql 1:7.0.10-1+debian12 amd64 Zabbix network monitoring solution - server (MySQL)
ii zabbix-sql-scripts 1:7.0.10-1+debian12 all Zabbix network monitoring solution - sql-scripts
Ex mongo.conf (plugin zabbix_agent2)
### Option: Plugins.MongoDB.Sessions.*.TLSConnect
#Encryption type for MongoDB connection. "*" should be replaced with a session name.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSConnect=
### Option: Plugins.MongoDB.Sessions.*.TLSCAFile
# Full path-name of a file containing the top-level CA(s) certificates for MongoDB
# peer certificate verification.
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSCAFile=
### Option: Plugins.MongoDB.Sessions.*.TLSCertFile
# Full path-name of a file containing the MongoDB certificate or certificate chain.
## Mandatory: no
# Default:
#Plugins.MongoDB.Sessions.*.TLSCertFile=
### Option: Plugins.MongoDB.Sessions.*.TLSKeyFile
# Full path-name of a file containing the MongoDB private key.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSKeyFile=
desde ja agradeco atencao e ajuda de todos.
Obg
Comment