The bottom line is, there is a server on CentOS, it has nrpe on it. I switch to a new feature from mysql --login-path to refuse passwords on the command line. There is a plugin from off site latest version / usr / lib64 / nagios / plugins / pmp-check-mysql-status

It starts like this

command[check_pmysql]=/usr/lib64/nagios/plugins/pmp-check-mysql-status -L nagios -x Threads_running -w 20 -c 40

The key file is created for and under the user nagios and successfully lies in his hamster. Mysql_config_editor mysql_config_editor set --login-path=nagios --host=localhost --user=root --password --port=3306 --socket=/var/lib/mysql/mysql.sock

And it works successfully from the console.

If nrpe runs the script itself in response to a Nagios request, it receives an answer ERROR 1045 (28000): Access denied for user 'nagios'@'localhost' (using password: NO)

Why is this user trying to substitute incomprehensible. But debugging shows that mysql is pulling it from the file / proc / self / loginuid

Also, after much torment and debugging, I found out that when starting from the console or if in nrpe I allow command_prefix = / usr / bin / sudo

 stat("/etc/my.cnf", {st_mode=S_IFREG|0644, st_size=2455, ...}) = 0 open("/etc/my.cnf", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2455, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3ce0b03000 read(3, "# Example MySQL config file for "..., 4096) = 2455 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f3ce0b03000, 4096) = 0 stat("/etc/mysql/my.cnf", 0x7fffc5744aa0) = -1 ENOENT (No such file or directory) stat("/usr/etc/my.cnf", 0x7fffc5744aa0) = -1 ENOENT (No such file or directory) stat("/var/spool/nagios/.my.cnf", 0x7fffc5744aa0) = -1 ENOENT (No such file or directory) stat("/var/spool/nagios/.mylogin.cnf", {st_mode=S_IFREG|0600, st_size=208, ...}) = 0 open("/var/spool/nagios/.mylogin.cnf", O_RDONLY) = 3

We see that the key file is successfully read (running the script in the console) In the case if you enable sudo, it is also read successfully, but from the root hamster

And if without sudo, at the request of the remote Nagios, we get that he is not even looking for him as if he ignores the option --login-path and begs to connect with the current user without a password

 stat("/etc/my.cnf", {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0 open("/etc/my.cnf", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47e37b000 read(3, "", 4096) = 2512 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7ff47e37b000, 4096) = 0 stat("/etc/mysql/my.cnf", 0x7fff3c0e9c00) = -1 ENOENT (No such file or directory) stat("/usr/etc/my.cnf", 0x7fff3c0e9c00) = -1 ENOENT (No such file or directory) stat("~/.my.cnf", 0x7fff3c0e9c00) = -1 ENOENT (No such file or directory) socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3

Ideas run out, need help from the community

  • stat("~/.my.cnf", 0x7fff3c0e9c00) = -1 ENOENT (No such file or directory) is this normal? - zb '
  • No, just not normal. I found the problem, but it was launched from cron. Export HOME Solution = / var / spool / nagios / - Alex Jakai

1 answer 1

I found the problem, but it was launched from cron. Solution: export HOME=/var/spool/nagios/