-
New Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
6.0.34rc1, 7.0.4rc1, 7.2.0alpha1
-
None
-
Kubernetes Cluster
Steps to reproduce:
Dear Zabbix support, we are facing the following situation :
- we have a MongoDB replica-set configured with TLS but the authentication mechanism is SCRAM-SHA-256
- we want to monitor the MongoDB nodes using the zabbix-agent2 MongoDB plugin
- the plugin is not taking the URI parameters in account when setting up the SSL context
- when configuring the plugin with the following configuration file :
================================================== Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb Plugins.MongoDB.Sessions.mongodbI.Uri=tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2 Plugins.MongoDB.Sessions.mongodbI.TLSConnect=verif y_full Plugins.MongoDB.Sessions.mongodbI.TLSCAFile=/var/lib/tls/ca.pem ==================================================
we get the following error :
----------------------------------------------------------------------------------------- failed to execute direct exporter task for key 'mongodb.ping["REDACTED","zabbix_mon","REDACTED"]' error: 'Invalid configuration: missing TLS certificate file uri tcp://REDACTED:27017/admin?authMechanism=SCRAM-SHA-256&authSource=admin&appName=zabbix-agent2, with session REDACTED -----------------------------------------------------------------------------------------
After digging deeper into the MongoDB plugin's code, it appears that it is using the standard Zabbix URI library instead of parsing the connection-string to handle the MongoDB options passed in the connection-string (c.f. https://www.mongodb.com/docs/manual/...ection-options)
Attached is an example enhanced copy of your original /git.zabbix.com/ap/plugin-support/uri/uri.go that would handle all URI parameters required for MongoDB monitoring. Then the plugin logic should be adapted to give precedence to those options, then look at the macro params and finally use the values from the config.
Regarding the scheme, this change would be needed in mongodb/plugin/metrics.go for handling the standard schemes mongodb:// and mongodb+srv:// supported by go.mongodb.org/mongo-driver :
================================================== diff --git a/plugin/metrics.go b/plugin/metrics.go index 9da777b..6d31191 100644 --- a/plugin/metrics.go +++ b/plugin/metrics.go @@ -71,7 +71,7 @@ const ( var ( paramURI = metric.NewConnParam("URI", "URI to connect or session name."). WithDefault(handlers.UriDefaults.Scheme + "://localhost:" + handlers.UriDefaults.Port).WithSession(). - WithValidator(uri.URIValidator\{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp"}}) + WithValidator(uri.URIValidator\{Defaults: handlers.UriDefaults, AllowedSchemes: []string{"tcp", "mongodb", "mongodb+srv"}}) paramUser = metric.NewConnParam("User", "MongoDB user.") paramPassword = metric.NewConnParam("Password", "User's password.") paramDatabase = metric.NewParam("Database", "Database name.").WithDefault("admin") ==================================================