Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-9490

Zabbix-Agent2 MongoDB Plugin error when using SCRAM-SHA-256 authentication while requiring TLS

XMLWordPrintable

    • Icon: New Feature Request New Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 6.0.34rc1, 7.0.4rc1, 7.2.0alpha1
    • Agent2 plugin (N)
    • None
    • Kubernetes Cluster

      Steps to reproduce:

      Dear Zabbix support, we are facing the following situation :

      • we have a MongoDB replica-set configured with TLS but the authentication mechanism is SCRAM-SHA-256
      • we want to monitor the MongoDB nodes using the zabbix-agent2 MongoDB plugin
      • the plugin is not taking the URI parameters in account when setting up the SSL context
      • when configuring the plugin with the following configuration file :
        ================================================== 
        Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
        Plugins.MongoDB.Sessions.mongodbI.Uri=tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2
        Plugins.MongoDB.Sessions.mongodbI.TLSConnect=verif y_full
        Plugins.MongoDB.Sessions.mongodbI.TLSCAFile=/var/lib/tls/ca.pem
        ================================================== 
        

        we get the following error :

        -----------------------------------------------------------------------------------------
        failed to execute direct exporter task for key 'mongodb.ping["REDACTED","zabbix_mon","REDACTED"]'
        error: 'Invalid configuration: missing TLS certificate file uri tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2, with session REDACTED
        -----------------------------------------------------------------------------------------
        

         

      After digging deeper into the MongoDB plugin's code, it appears that it is using the standard Zabbix URI library instead of parsing the connection-string to handle the MongoDB options passed in the connection-string (c.f. https://www.mongodb.com/docs/manual/...ection-options)

      Attached is an example enhanced copy of your original /git.zabbix.com/ap/plugin-support/uri/uri.go that would handle all URI parameters required for MongoDB monitoring. Then the plugin logic should be adapted to give precedence to those options, then look at the macro params and finally use the values from the config.

      Regarding the scheme, this change would be needed in mongodb/plugin/metrics.go for handling the standard schemes mongodb:// and mongodb+srv:// supported by go.mongodb.org/mongo-driver :

      ================================================== 
      diff --git a/plugin/metrics.go b/plugin/metrics.go
      index 9da777b..6d31191 100644
      --- a/plugin/metrics.go
      +++ b/plugin/metrics.go
      @@ -71,7 +71,7 @@ const (
      var (
      paramURI = metric.NewConnParam("URI", "URI to connect or session name.").
      WithDefault(handlers.UriDefaults.Scheme + "://localhost:" + handlers.UriDefaults.Port).WithSession().
      - WithValidator(uri.URIValidator\{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp"}})
      + WithValidator(uri.URIValidator\{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp", "mongodb", "mongodb+srv"}})
      paramUser = metric.NewConnParam("User", "MongoDB user.")
      paramPassword = metric.NewConnParam("Password", "User's password.")
      paramDatabase = metric.NewParam("Database", "Database name.").WithDefault("admin")​
      ================================================== 
      

            rzvejs Rudolfs Zvejs
            sysadmin@targomo.com Patrick Voland
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: