Ad Widget

Collapse

Agent2 5.0 - Mysql plugin SSL support?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mvandegaer
    Junior Member
    • Jan 2021
    • 1
    #1

    Agent2 5.0 - Mysql plugin SSL support?

    I'm trying to monitor some MySQL instances (SAAS from a cloud provider) which only accept SSL connections.
    I wanted to employ Template DB MySQL by Zabbix agent 2 (on a host running agent 2) for this and connectivity was manually verified, but the agent is hitting the following error:

    Code:
    Error 9002: SSL connection is required. Please specify SSL options and retry.
    I have checked the documentation for the template, agent2 item keys and the code for the Agent2 MySQL plugin (at https://git.zabbix.com/projects/ZBX/.../plugins/mysql ) to no avail. Most of what I found through googling seemed to concern SSL connections between server/proxy and their DB. (which was added following feature request ZBXNEXT-3313 )

    Is monitoring of MySQL-instances that only allow SSL-connections currently unsupported? Should I file a feature request for it?
    Tags: None
    • Korhm
      Junior Member
      • Feb 2021
      • 1
      #2
      Hello,

      I have exactly the same problem. I do not find any information on the documentation if zabbix agent2 can monitoring mysql connection.
      On my side the error message is:
      Code:
      Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.

        Comment

        • Ritz
          Junior Member
          • Jan 2023
          • 2
          #3
          Hi,

          Please refer below link with the solutions, you have to configure MySQL plugin configuration that will help to set up the TLSconnect value as required to fix this issue.

          Source of README.md - Zabbix - ZABBIX GIT
          https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/src/go/plugins/mysql/README.md


          Notes:
          • You can leave any connection parameter empty, a default hard-coded value will be used in the such case.
          • TLS information can be passed only with sessions.
          • Embedded URI credentials (userinfo) are forbidden and will be ignored. So, you can't pass the credentials by this:
            mysql.ping[tcp://user[email protected]] — WRONG


            The correct way is:
            mysql.ping[tcp://127.0.0.1,user,password]
          • The only supported network schemas for a URI are "tcp" and "unix".
            Examples of valid URIs:
          Using keys' parameters


          The common parameters for all keys are: [ConnString][,User][,Password]
          Where ConnString can be either a URI or a session name.
          ConnString will be treated as a URI if no session with the given name is found.
          If you use ConnString as a session name, just skip the rest of the connection parameters. Using named sessions


          Named sessions allow you to define specific parameters for each Mysql instance. Currently, these are the supported parameters: Uri, User, Password, TLSConnect, TLSCAFile, TLSCertFile and TLSKeyFile. It's a bit more secure way to store credentials compared to item keys or macros.

          E.g: suppose you have two Mysql instances: "Prod" and "Test". You should add the following options to the agent configuration file:
          HTML Code:
          Plugins.Mysql.Sessions.Prod.Uri=tcp://192.168.1.1:3306
Plugins.Mysql.Sessions.Prod.User=<UserForProd>
Plugins.Mysql.Sessions.Prod.Password=<PasswordForP rod>
Plugins.Mysql.Sessions.Prod.TLSConnect=verify_full
Plugins.Mysql.Sessions.Prod.TLSCAFile=/path/to/ca_file
Plugins.Mysql.Sessions.Prod.TLSCertFile=/path/to/cert_file
Plugins.Mysql.Sessions.Prod.TLSKeyFile=/path/to/key_file

Plugins.Mysql.Sessions.Test.Uri=tcp://192.168.0.1:3306
Plugins.Mysql.Sessions.Test.User=<UserForTest>
Plugins.Mysql.Sessions.Test.Password=<PasswordForT est>
Plugins.Mysql.Sessions.Test.TLSConnect=verify_ca
Plugins.Mysql.Sessions.Test.TLSCAFile=/path/to/test/ca_file
Plugins.Mysql.Sessions.Test.TLSCertFile=/path/to/test/cert_file
Plugins.Mysql.Sessions.Test.TLSKeyFile=/path/to/test/key_file

          Then you will be able to use these names as the 1st parameter (ConnString) in keys instead of URIs, e.g:
          HTML Code:
          mysql.ping[Prod]
mysql.ping[Test]
          Note: Session names are case-sensitive.


          This works perfectly fine, with Zabbix Agent2, and allow you to monitor multiple Mysql Instances.

            Comment

            Previous template Next
            Working...