Mysql 5.7 using TLS connections

Edmunds, Grant (Contractor) Grant_Edmunds at comcast.com
Tue Feb 20 22:23:39 CET 2018

Previous message: Need help in check_http plugin!
Next message: Checking if one of two processes is runing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, I'm trying to use this plugin 'check_mysql_avs' with a mysql server (vdecmdb-as-01.sys.comcast.net) that is using TLS connections.  With newer versions of mysql (I'm using Percona 5.7.19-log) there's a setting called 'require_secure_transport' when set, prevents users to login unless they can connect using TLS.  The user I'm testing with nagios@'op5%sys.comcast.net' has 'require ssl' in its configuration.   I've been trying to get this check working (see below).  I think that the certificate files need to be on the OP5 servers for it to work.  Is there a way to register them with the OP5 servers?  The mysql server does have the certificate registered.

Here's something that is odd and you'll find blogs on this out there that discuss this (see link https://www.percona.com/blog/2017/06/27/ssl-connections-in-mysql-5-7/).  I can connect from another host with this command without providing the certificate information and a connection will be created and will be encrypted. I'm wondering if you were to update the mysql client software on the OP5 servers that might solve the issue?  I'm guessing that the script is written in Perl or Python so perhaps updating those RPM(s) may solve it too?  I'd be willing to test with you if you'd like.
-sh-4.2$ hostname
vdecmdbwst-ho-a2p.sys.comcast.net
-sh-4.2$ mysql -h vdecmdb-as-01.sys.comcast.net -u nagios -pN3gi0spswd\)

OP5 check definition
nagios!N3gi0spswd\)!streamer -l --ca-cert=/db/data/CA_NSO_2010.crt --cert=/db/data/vde_cmdb_east.crt --key=/db/data/vde_cmdb_east.key

output
  on
_USER1_/check_mysql -H 10.146.0.137 -u nagios -p N3gi0spswd\) -d streamer -l --ca-cert=/db/data/CA_NSO_2010.crt --cert=/db/data/vde_cmdb_east.crt --key=/db/data/vde_cmdb_east.key
Result code: CRITICAL
SSL connection error

Mysql server
mysql> show global variables like "%ssl%";
+---------------+----------------------------+
| Variable_name | Value                      |
+---------------+----------------------------+
| have_openssl  | YES                        |
| have_ssl      | YES                        |
| ssl_ca        | /db/data/CA_NSO_2010.crt   |
| ssl_capath    |                            |
| ssl_cert      | /db/data/vde_cmdb_east.crt |
| ssl_cipher    |                            |
| ssl_crl       |                            |
| ssl_crlpath   |                            |
| ssl_key       | /db/data/vde_cmdb_east.key |
+---------------+----------------------------+
9 rows in set (0.00 sec)

Grant Edmunds
MySQL DBA
CVPI - Core Video Platform Integration
303 712-3239
grant_edmunds at comcast.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/help/attachments/20180220/fa50bc4c/attachment.html>

Previous message: Need help in check_http plugin!
Next message: Checking if one of two processes is runing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list