Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23550

mongodb TLS handshake error

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • None
    • None

      Steps to reproduce:

      1. mongod.conf
      # network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0
  tls:
    mode: requireTLS
    certificateKeyFile: /etc/ssl/mongodb/mongodb.pem
    CAFile: /etc/ssl/mongodb/ca.pem
    allowConnectionsWithoutCertificates: true
    disabledProtocols: TLS1_0,TLS1_1
      1. cat /etc/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf
      ### Option:Plugins.MongoDB.System.Path
#    Path to external plugin executable.
#
# Mandatory: yes
# Default:
# Plugins.MongoDB.System.Path=Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb

### Option: Plugins.MongoDB.Sessions.*.TLSConnect
#Encryption type for MongoDB connection. "*" should be replaced with a session name.
#       tls connection required     - required
#       verifies certificates       - verify_ca
#       verify certificates and ip  - verify_full
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSConnect=
 Plugins.MongoDB.Sessions.local.TLSConnect=verify_ca

### Option: Plugins.MongoDB.Sessions.*.TLSCAFile
#   Full path-name of a file containing the top-level CA(s) certificates for MongoDB
#   peer certificate verification.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSCAFile=
 Plugins.MongoDB.Sessions.local.TLSCAFile=/etc/ssl/mongodb/ca.pem
      1. packages versions
      zabbix-agent2.aarch64                    6.0.22-release1.el9                @zabbix
zabbix-agent2-plugin-mongodb.aarch64     6.0.22-release1.el9                @zabbix

      Result:

      • When connecting to mongodb with the certificate, it works
      mongosh --tls --host mongodb.mycompany.internal --tlsCAFile /etc/ssl/mongodb/ca.pem --username zabbix_mon --password 'zabbix_mon'
Current Mongosh Log ID:    652cf951623b5d47afd82f0f
Connecting to:        mongodb://<credentials>@mongodb.mycompany.internal:27017/?directConnection=true&tls=true&tlsCAFile=%2Fetc%2Fssl%2Fmongodb%2Fca.pem&appName=mongosh+2.0.1
Using MongoDB:        7.0.2
Using Mongosh:        2.0.1For mongosh info see: https://docs.mongodb.com/mongodb-shell/
      • zabbix_get command 
      # zabbix_get -s mongodb.mycompany.internal -k 'mongodb.server.status["tcp://mongodb.mycompany.internal:27017","zabbix_mon","zabbix_mon"]' ZBX_NOTSUPPORTED: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb.mycompany.internal:27017, Type: Unknown, Last error: connection() error occured during connection handshake: connection(mongodb.mycompany.internal:27017[-26015889]) socket was unexpectedly closed: EOF }, ] }
      • zabbix-agent log when I try to do zabbix_get
      tail -f /var/log/zabbix/zabbix_agent2.log
2023/10/16 08:43:43.867134 [MongoDB] server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb.mycompany.internal:27017, Type: Unknown, Last error: connection() error occured during connection handshake: connection(mongodb.mycompany.internal:27017[-26015889]) socket was unexpectedly closed: EOF }, ] }

      Am I doing some wrong configuration regarding TLS?

       

            mbuz Maksym Buz
            aloisiobilck Aloisio Bilck
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: