Ad Widget

Collapse

Zabbix-agent2 MongoDB Plugin Not working with SCRAM-SHA-256 authentication

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • BalaC
    Junior Member
    • Sep 2021
    • 22
    #1

    Zabbix-agent2 MongoDB Plugin Not working with SCRAM-SHA-256 authentication

    Dear Zabbix support, we are facing the following situation :

    - we have a MongoDB replica-set configured with TLS but the authentication mechanism is SCRAM-SHA-256
    - we want to monitor the MongoDB nodes using the zabbix-agent2 MongoDB plugin
    - the plugin is not taking the URI parameters in account when setting up the SSL context
    - when configuring the plugin with the following configuration file :
    ================================================== ================================================== ====================
    Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
    Plugins.MongoDB.Sessions.mongodbI.Uri=tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2
    Plugins.MongoDB.Sessions.mongodbI.TLSConnect=verif y_full
    Plugins.MongoDB.Sessions.mongodbI.TLSCAFile=/var/lib/tls/ca.pem
    ================================================== ================================================== ====================

    we get the following error :
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    failed to execute direct exporter task for key 'mongodb.ping["REDACTED","zabbix_mon","REDACTED"]'
    error: 'Invalid configuration: missing TLS certificate file uri tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2, with session REDACTED
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Hence the questions:
    - are we doing something wrong or is it not possible to use SCRAM-SHA-256 authentication when requiring TLS ?
    - shouldn't the plugin respect the parameters passed in the URI and give them precedence over the settings in the configuration file ?
    Tags: database, mongodb, monitoring, plugin, templates
    • BalaC
      Junior Member
      • Sep 2021
      • 22
      #2
      Dear Zabbix support,

      after digging deeper into the MongoDB plugin's code, it appears that it is using the standard Zabbix URI library instead of parsing the connection-string to handle the MongoDB options passed in the connection-string (c.f. https://www.mongodb.com/docs/manual/...ection-options)

      Attached is an example enhanced copy of your original /git.zabbix.com/ap/plugin-support/uri/uri.go that would handle all URI parameters required for MongoDB monitoring. Then the plugin logic should be adapted to give precedence to those options, then look at the macro params and finally use the values from the config.

      Regarding the scheme, this change would be needed in mongodb/plugin/metrics.go for handling the standard schemes mongodb:// and mongodb+srv:// supported by go.mongodb.org/mongo-driver :

      ================================================== ================================================
      diff --git a/plugin/metrics.go b/plugin/metrics.go
      index 9da777b..6d31191 100644
      --- a/plugin/metrics.go
      +++ b/plugin/metrics.go
      @@ -71,7 +71,7 @@ const (
      var (
      paramURI = metric.NewConnParam("URI", "URI to connect or session name.").
      WithDefault(handlers.UriDefaults.Scheme + "://localhost:" + handlers.UriDefaults.Port).WithSession().
      - WithValidator(uri.URIValidator{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp"}})
      + WithValidator(uri.URIValidator{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp", "mongodb", "mongodb+srv"}})
      paramUser = metric.NewConnParam("User", "MongoDB user.")
      paramPassword = metric.NewConnParam("Password", "User's password.")
      paramDatabase = metric.NewParam("Database", "Database name.").WithDefault("admin")​
      ================================================== ================================================== ===

      Attaching mongodburi.go file with .txt extension as not able to upload directly as .go .
      Attached Files

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4806
          #3
          Originally posted by BalaC
          Dear Zabbix support,
          Well.... This is Zabbix forum. To contact support, you should turn to https://support.zabbix.com/ And no, you don't have to be paying customer.. bug reports can still be submitted..

            Comment

            • BalaC
              Junior Member
              • Sep 2021
              • 22
              #4
              Thanks for the reply! Will contact support with bug.

                Comment

                Previous template Next
                Working...