Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-24375

MongoDB Plugin and replicaSet with TLS only

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • 6.4.13
    • Agent2 plugin (N)
    • None

      I have a mongodb replicaset with TLS authentication using x509 method. For such authentication, users are not given passwords and they are created in the $external database.
      Currently we have 3 problems:
      1) Connection only via tcp:// - which allows you to connect only to one server, and not to the entire replica, as the connection string mognodb:// allows (see examples https://www.mongodb.com/docs/manual /reference/connection-string/#read-preference-options) - several hosts are specified here and if one of the hosts is unavailable, this does not lead to loss of connection to mongodb. In simple words, the current capabilities of the plugin do not allow receiving metrics in case of failure of the host specified in the connection settings
      2) Connecting via tcp:// does not support connecting to the $external database. No matter how I tried to do this, I either received an error, or it still tried to connect to the admin database (this is clearly visible in the server logs). In the admin database it is necessary to set a password for the user, but we have high security standards and we do not use passwords, only certificates are used
      3) Connecting via tcp:// does not support X509 mode, which is used in the cluster. No matter how I set the authMechanism parameter, it did not apply it and used either SCRAM-SHA-256 or SCRAM-SHA-1.

      I would like to ask you to correct these shortcomings and add the ability to set a full connection string via mongodb://, which allows you to specify all the necessary parameters, including all replica hosts, so that if one fails, this will not affect monitoring, setting authMechanism parameters and other features of mongodb connection string.

      At the moment, I cannot organize monitoring of my cluster with TLS required=yes and X509, since there is no possibility of authentication in the $external database, it always comes

      Конфигурация кластера на примере одной ноды

            azyla Arkadiusz Zyla
            elijahwood Ilya S
            Votes:
            5 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: