|
|
| Subject: | Zenup: MySQL zodb permissions for zenoss are incorrect |
| Author: | [Not Specified] |
| Posted: | 2014-07-02 16:25 |
Since I placed the Zenoss-db on a separate server, ZenUp doesn't work anymore.
Recently I tried it with the newest 4.2.5-SP167, but the message is: "ERROR: MySQL zodb permissions for zenoss are incorrect - aborting"
Conveniently the script also shows the current grants:
Grants for zenoss@192.168.100.%
GRANT SUPER ON *.* TO 'zenoss'@'192.168.100.%' IDENTIFIED BY PASSWORD 'xyz'
GRANT ALL PRIVILEGES ON `zenoss\\_zep`.* TO 'zenoss'@'192.168.100.%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `zodb`.* TO 'zenoss'@'192.168.100.%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `zodb\\_session`.* TO 'zenoss'@'192.168.100.%' WITH GRANT OPTION
Everything works fine otherwise, just applying a zenup updatedoesn't work.
Anyone any ideas about setting the right grants
| Subject: | Did you flushed privileges? |
| Author: | Jan Garaj |
| Posted: | 2014-07-07 07:34 |
Did you flushed privileges Mysql command: FLUSH PRIVILEGES;
Devops Monitoring Expert advice:
Dockerize/automate/monitor all the things.
DevOps stack:
Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform /
Elasticsearch
| Subject: | To be sure, I tried that |
| Author: | [Not Specified] |
| Posted: | 2014-07-07 09:19 |
To be sure, I tried that again.
No change in the result.
| Subject: | Try to add another permission |
| Author: | Jan Garaj |
| Posted: | 2014-07-07 13:11 |
Try to add another permission (it is granted by default in my Zenoss 4.2.5):
GRANT SELECT ON mysql.proc to zenoss;
Devops Monitoring Expert advice:
Dockerize/automate/monitor all the things.
DevOps stack:
Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform /
Elasticsearch
| Subject: | ZenUp recognizes the change, |
| Author: | [Not Specified] |
| Posted: | 2014-07-07 15:35 |
ZenUp recognizes the change, but the situation isn't improved:
Checking database zodb permissions as zenoss...
ERROR: MySQL zodb permissions for zenoss are incorrect - aborting
Grants for zenoss@192.168.1%
GRANT USAGE ON *.* TO 'zenoss'@'192.168.1%' IDENTIFIED BY PASSWORD 'xyz'
GRANT ALL PRIVILEGES ON `zodb`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `zodb\\_session`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `zenoss\\_zep`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION
GRANT SELECT ON `mysql`.`proc` TO 'zenoss'@'192.168.1%'
The suggestion looks promising, though. Any more
| Subject: | No idea. |
| Author: | Jan Garaj |
| Posted: | 2014-07-07 18:03 |
No idea.
You can try:
1.) check source code - what type of check is there - but I'm not able to find any reference to your error in my source code:
[zenoss@device zenup]$ grep -rin 'incorrect' /opt/zenup/*
Binary file /opt/zenup/bin/pyrun2.7 matches
[zenoss@device zenup]$ grep -rin 'database zodb' /opt/zenoss/Products/*
2.) compare db permissions of your old zenoss user (localhost) with your new zenoss user (dedicated db server)
Devops Monitoring Expert advice:
Dockerize/automate/monitor all the things.
DevOps stack:
Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform /
Elasticsearch
| Subject: | I checked both the patch and |
| Author: | [Not Specified] |
| Posted: | 2014-07-08 04:46 |
I checked both the patch and zenup for something related to the error, but couldn't find anything as well.
Also: nowhere I can find the permissions Zenoss expects. Strange this isn't documented.
For now: I compared the 'old' permissions with the new ones and completely mirrored them.
Old:
| GRANT REPLICATION SLAVE ON *.* TO 'zenoss'@'%' IDENTIFIED BY PASSWORD '*xyz' |
| GRANT ALL PRIVILEGES ON `zodb`.* TO 'zenoss'@'%' |
| GRANT ALL PRIVILEGES ON `zenoss_zep`.* TO 'zenoss'@'%' |
| GRANT ALL PRIVILEGES ON `zodb_session`.* TO 'zenoss'@'%' |
| GRANT SELECT ON `mysql`.`proc` TO 'zenoss'@'%' |
New:
| GRANT REPLICATION SLAVE ON *.* TO 'zenoss'@'192.168.1%' IDENTIFIED BY PASSWORD '*xyz' |
| GRANT ALL PRIVILEGES ON `zodb`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `zenoss_zep`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `zodb_session`.* TO 'zenoss'@'192.168.1%' WITH GRANT OPTION |
| GRANT SELECT ON `mysql`.`proc` TO 'zenoss'@'192.168.1%' |
As you can see: identical from a permissions standpoint.
I also 'fixed' the escaping that was going on with the underscores, but all to no avail.
Still the same error message.
Maybe this is something Zenoss could step in It seems to me that I'm not the only one using a separate MySql-server (MariaDB 5.5 in this case).
| Subject: | Hi, |
| Author: | Andrew Kirch |
| Posted: | 2014-07-08 12:27 |
Hi,
Officially we don't support MariaDB, it should be similar but there are differences. I would strongly recommend following the Installation Guide, and ZenUp guides. We have extensively tested against 5.5.37, for 4.2.5 and know that this works.
Andrew Kirch
akirch@gvit.com
Need Zenoss support, consulting or custom development Look no further. Email or PM me!
Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard
| Subject: | That's too bad. I'm sure |
| Author: | [Not Specified] |
| Posted: | 2014-07-15 07:23 |
That's too bad. I'm sure everything works fine and all privileges are there. So is there maybe a way to disable this check in ZenUP I'll make sure to do a db-dump + snapshot of the vm beforehand.
On an unrelated note:
Is it just me, or is there something wrong with saving passwords in this forum software I literally always have to reset my pw before logging in, as I always get the message that the password I filled in is incorrect (while I'm 100% sure it is correct).
Also, when resetting the pw, the layout of the user profile is all messed up.
| Subject: | Found the issue - the script |
| Author: | [Not Specified] |
| Posted: | 2014-11-18 13:53 |
Found the issue - the script inside of the RPS has the values hard coded
# For every needed variable, call getConfValue with the variable and a valid default
local GLOBAL_CONF="$ZENHOME/etc/global.conf"
# zodb connection settings
local ZODB_HOST="$(getConfValue "$GLOBAL_CONF" "zodb-host" "localhost")"
local ZODB_PORT="$(getConfValue "$GLOBAL_CONF" "zodb-port" "13306")"
local ZODB_DB="$(getConfValue "$GLOBAL_CONF" "zodb-db" "zodb")"
local ZODB_USER="$(getConfValue "$GLOBAL_CONF" "zodb-user" "zenoss")"
local ZODB_PASSWORD="$(getConfValue "$GLOBAL_CONF" "zodb-password" "zenoss")"
local ZODB_ADMIN_USER="$(getConfValue "$GLOBAL_CONF" "zodb-admin-user" "root")"
local ZODB_ADMIN_PASSWORD="$(getConfValue "$GLOBAL_CONF" "zodb-admin-password" "")"
# zenoss_zep connection settings
local ZEP_HOST="$(getConfValue "$GLOBAL_CONF" "zep-host" "localhost")"
local ZEP_PORT="$(getConfValue "$GLOBAL_CONF" "zep-port" "13306")"
local ZEP_DB="$(getConfValue "$GLOBAL_CONF" "zep-db" "zenoss_zep")"
local ZEP_USER="$(getConfValue "$GLOBAL_CONF" "zep-user" "zenoss")"
local ZEP_PASSWORD="$(getConfValue "$GLOBAL_CONF" "zep-password" "zenoss")"
local ZEP_ADMIN_USER="$(getConfValue "$GLOBAL_CONF" "zep-admin-user" "root")"
local ZEP_ADMIN_PASSWORD="$(getConfValue "$GLOBAL_CONF" "zep-admin-password" "")"
Any work arounds other than installing the RPS step by step
Thanks
Ed
| Subject: | The solution |
| Author: | [Not Specified] |
| Posted: | 2014-11-18 16:14 |
I haven't looked at this for a while. Good of you to point out where to find the code that makes our lives difficult ;-)
The problem isn't in the code you cite: that only shows some default values if there aren;t ant in de gloal.conf, but in the greps that checks for the permissions.
From that I learned that you have to give the zodb_admin and zep_admin (the ridiculously high) root all permissions on *.*. Basically making it 'root'.
For the other users are different permissions.
After I changed those: I can install zenups again.
| < |
Previous FIX PosKeyError! |
Next Http monitor using Regex: How to graph the matching Regex? |
> |