Ad Widget

Collapse

Zabbix+ external MySql + no "root" admin

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • olegus
    Member
    • Dec 2023
    • 68
    #1

    Zabbix+ external MySql + no "root" admin

    We are trying to use MySql instance running on RDS and DB admins created a special user for us with granted all possible privileges. But it is not "root". Is it possible to tell zabbix to use this user instead of "root" for administrative purposes( create/update DB etc)?
    So initially Zabbix will try to connect by
    mysql -h mysql.example.com -u admin -p
    Tags: None
    • Answer selected by olegus at 15-02-2024, 20:07.
      MRedbourne
      Senior Member
      • Feb 2023
      • 103
      1 Database creation (zabbix.com)

      Zabbix documentation natively demonstrates on a non-root user (eg: user being zabbix, but it's customizable what username you use.) So, of course this is possible. Sounds like your DB admins have already done what they're supposed to (granted all permissions to the Zabbix DB to the account they provisioned). Just make sure they set the global variable for log_bin_trust_function_creators to 1. After you import the schema (assuming your DB admins haven't already), they can set it back to 0.

      Note: The documentation uses "localhost" as the authenticating source. If the DB is separate from the front end and server, you need to replace the localhost declaration with the IPs of zabbix server(s). For example, we have two servers deployed + the DB. So our setup command would've looked like this:

      create user 'zabbix'@'10.0.0.170/31' identified by 'P@$$w0rd1!';

      Which would've whitelisted 10.0.0.170 and 10.0.0.171 as safe sources,
        • Selected Answer

        Comment

        • MRedbourne
          Senior Member
          • Feb 2023
          • 103
          #2
          1 Database creation (zabbix.com)

          Zabbix documentation natively demonstrates on a non-root user (eg: user being zabbix, but it's customizable what username you use.) So, of course this is possible. Sounds like your DB admins have already done what they're supposed to (granted all permissions to the Zabbix DB to the account they provisioned). Just make sure they set the global variable for log_bin_trust_function_creators to 1. After you import the schema (assuming your DB admins haven't already), they can set it back to 0.

          Note: The documentation uses "localhost" as the authenticating source. If the DB is separate from the front end and server, you need to replace the localhost declaration with the IPs of zabbix server(s). For example, we have two servers deployed + the DB. So our setup command would've looked like this:

          create user 'zabbix'@'10.0.0.170/31' identified by 'P@$$w0rd1!';

          Which would've whitelisted 10.0.0.170 and 10.0.0.171 as safe sources,
            • Selected Answer

            Comment

            • olegus
              Member
              • Dec 2023
              • 68
              #3
              Thanks, MRedbourne, great tip, after setting og_bin_trust_function_creators to 1 everything started to spin finally. Do I need this var set to 1 when upgrading zabbix server in the future?

                Comment

              Previous template Next
              Working...