I’m using CheckMK Raw version 2.1.0. I’m trying to run a custom query on a MySQL database using the Setup > Services > HTTP, TCP, Email, ... > Check SQL Database check. I configure a new rule, input all the database information, along with the custom query I’d like to run, and then save the configuration.
After doing that, I’m getting back the error “Access denied for user monitoruser@‘ip-address-of-checkmk-server’”. What’s interesting though is that from the command line of the CheckMK server, I can run the command mysql -u monitoruser -p -h database-server-ip database-name and it will successfully connect to the database and I can run the query I want without any issue.
So, I know that manually connecting to the database from the CheckMK server works; however, through the CheckMK GUI, it doesn’t appear to have the option to connect to the database via TLS. The database server requires all connections to be TLS-enabled; otherwise, the user will not be able to connect. Is there an option to do this in the CheckMK GUI? Or, is there some other way that I should be trying to configure this?
The older check_mysql plugin for nagios has the ability to connection via SSL/TLS using the -l flag in the connection string. For example, in the /omd/sites/<site_name>/lib/nagios/plugins directory, I can run the following:
Just following up on this topic since I haven’t heard anything (yet ). Hoping someone out there has tried to run a custom query on a MySQL database using a secure database connection from CheckMK.
Wondering if this may need to be added to the CheckMK GUI for the Check SQL Database check; the ability to enable SSL/TLS connections to the database from the CheckMK server so that the connection is encrypted.
Again, I know this works from command-line and I can connect using the mysql client installed on the CheckMK server. That just verifies that the user I using has correct permissions to run my custom query on the database; however, it’s only when I attempt to connect using the Check SQL Database check that the error I posted above is thrown. I know why (because it’s attempting to connect insecurely to the database which isn’t allowed). I just can’t figure out the how to get it working, or some kind of work-around.
Any suggestions/comments are appreciated! Or, if the answer is I’ll have to wait until this issue gets updated in the GUI (as in a future feature request), that’s understandable too, but I’d like that confirmed if that’s the answer.
I was able to accomplish what I wanted using a Local Check.
I ended up writing a simple bash script that would connect to the database, run the query I needed, and then output the result to a variable in the script called “count”. Once that was done, I then just needed to output the result using the properly formatted “echo” statement which I found in the Local Checks documentation. In my case, the echo statement looked like this in my script:
echo "P \"Service Name\" count=$count;150;170"
As I understand it, this performs a dynamic check, with values I set for WARN (150) and CRIT (170). Once the script was finished, you just put it in the /usr/lib/check_mk_agent/local directory on the host I want it to monitor (in my case, my database server) and viola! Now the script is being executed locally on the database server, and the results get reported back to the CheckMK server as a new service discovered on the database server!
For a workaround to the Check_SQL_Database check, this was pretty simple to setup. I would prefer to use the built-in Check_SQL_Database check; however, it appears that it doesn’t currently support logins using TLS. The Local Check ability was very nice to learn about and ultimately use in this case to accomplish what I needed.
). Hoping someone out there has tried to run a custom query on a MySQL database using a secure database connection from CheckMK.