-
Incident report
-
Resolution: Unresolved
-
Trivial
-
None
-
None
-
None
-
None
Steps to reproduce:
- mongod.conf
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
tls:
mode: requireTLS
certificateKeyFile: /etc/ssl/mongodb/mongodb.pem
CAFile: /etc/ssl/mongodb/ca.pem
allowConnectionsWithoutCertificates: true
disabledProtocols: TLS1_0,TLS1_1
- cat /etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf
### Option:Plugins.MongoDB.System.Path # Path to external plugin executable. # # Mandatory: yes # Default: # Plugins.MongoDB.System.Path=Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb ### Option: Plugins.MongoDB.Sessions.*.TLSConnect #Encryption type for MongoDB connection. "*" should be replaced with a session name. # tls connection required - required # verifies certificates - verify_ca # verify certificates and ip - verify_full ## Mandatory: no # Default: # Plugins.MongoDB.Sessions.*.TLSConnect= Plugins.MongoDB.Sessions.local.TLSConnect=verify_ca ### Option: Plugins.MongoDB.Sessions.*.TLSCAFile # Full path-name of a file containing the top-level CA(s) certificates for MongoDB # peer certificate verification. ## Mandatory: no # Default: # Plugins.MongoDB.Sessions.*.TLSCAFile= Plugins.MongoDB.Sessions.local.TLSCAFile=/etc/ssl/mongodb/ca.pem
- packages versions
zabbix-agent2.aarch64 6.0.22-release1.el9 @zabbix zabbix-agent2-plugin-mongodb.aarch64 6.0.22-release1.el9 @zabbix
Result:
- When connecting to mongodb with the certificate, it works
mongosh --tls --host mongodb.mycompany.internal --tlsCAFile /etc/ssl/mongodb/ca.pem --username zabbix_mon --password 'zabbix_mon' Current Mongosh Log ID: 652cf951623b5d47afd82f0f Connecting to: mongodb://<credentials>@mongodb.mycompany.internal:27017/?directConnection=true&tls=true&tlsCAFile=%2Fetc%2Fssl%2Fmongodb%2Fca.pem&appName=mongosh+2.0.1 Using MongoDB: 7.0.2 Using Mongosh: 2.0.1For mongosh info see: https://docs.mongodb.com/mongodb-shell/
- zabbix_get command
# zabbix_get -s mongodb.mycompany.internal -k 'mongodb.server.status["tcp://mongodb.mycompany.internal:27017","zabbix_mon","zabbix_mon"]' ZBX_NOTSUPPORTED: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb.mycompany.internal:27017, Type: Unknown, Last error: connection() error occured during connection handshake: connection(mongodb.mycompany.internal:27017[-26015889]) socket was unexpectedly closed: EOF }, ] }
- zabbix-agent log when I try to do zabbix_get
tail -f /var/log/zabbix/zabbix_agent2.log
2023/10/16 08:43:43.867134 [MongoDB] server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb.mycompany.internal:27017, Type: Unknown, Last error: connection() error occured during connection handshake: connection(mongodb.mycompany.internal:27017[-26015889]) socket was unexpectedly closed: EOF }, ] }
Am I doing some wrong configuration regarding TLS?